From sle-updates at lists.suse.com Sat Oct 1 07:28:20 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 1 Oct 2022 09:28:20 +0200 (CEST) Subject: SUSE-CU-2022:2425-1: Security update of suse/sles12sp4 Message-ID: <20221001072820.2A35CF799@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp4 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2425-1 Container Tags : suse/sles12sp4:26.510 , suse/sles12sp4:latest Container Release : 26.510 Severity : important Type : security References : 1200095 1203438 CVE-2022-40674 ----------------------------------------------------------------- The container suse/sles12sp4 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3389-1 Released: Mon Sep 26 12:52:13 2022 Summary: Recommended update for libgcrypt Type: recommended Severity: moderate References: 1200095 This update for libgcrypt fixes the following issues: - FIPS: Auto-initialize drbg if needed. (bsc#1200095) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3466-1 Released: Thu Sep 29 11:43:25 2022 Summary: Security update for expat Type: security Severity: important References: 1203438,CVE-2022-40674 This update for expat fixes the following issues: - CVE-2022-40674: Fixed use-after-free in the doContent function in xmlparse.c (bsc#1203438). The following package changes have been done: - base-container-licenses-3.0-1.317 updated - container-suseconnect-2.0.0-1.203 updated - libexpat1-2.1.0-21.25.1 updated - libgcrypt20-1.6.1-16.83.1 updated From sle-updates at lists.suse.com Sat Oct 1 13:20:32 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 1 Oct 2022 15:20:32 +0200 (CEST) Subject: SUSE-SU-2022:3485-1: important: Security update for python39 Message-ID: <20221001132032.CDCD3FD98@maintenance.suse.de> SUSE Security Update: Security update for python39 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3485-1 Rating: important References: #1202624 #1203125 Cross-References: CVE-2020-10735 CVE-2021-28861 CVSS scores: CVE-2020-10735 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2020-10735 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-28861 (NVD) : 7.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N CVE-2021-28861 (SUSE): 6.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Development Tools 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for python39 fixes the following issues: python39 was updated to version 3.9.14: - CVE-2020-10735: Fixed DoS due to int() type in PyLong_FromString() not limiting amount of digits when converting text to int (bsc#1203125). - CVE-2021-28861: Fixed an open redirection vulnerability in the HTTP server when an URI path starts with // (bsc#1202624). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3485=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-3485=1 - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2022-3485=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-3485=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): libpython3_9-1_0-3.9.14-150300.4.16.1 libpython3_9-1_0-debuginfo-3.9.14-150300.4.16.1 python39-3.9.14-150300.4.16.1 python39-base-3.9.14-150300.4.16.1 python39-base-debuginfo-3.9.14-150300.4.16.1 python39-core-debugsource-3.9.14-150300.4.16.1 python39-curses-3.9.14-150300.4.16.1 python39-curses-debuginfo-3.9.14-150300.4.16.1 python39-dbm-3.9.14-150300.4.16.1 python39-dbm-debuginfo-3.9.14-150300.4.16.1 python39-debuginfo-3.9.14-150300.4.16.1 python39-debugsource-3.9.14-150300.4.16.1 python39-devel-3.9.14-150300.4.16.1 python39-doc-3.9.14-150300.4.16.1 python39-doc-devhelp-3.9.14-150300.4.16.1 python39-idle-3.9.14-150300.4.16.1 python39-testsuite-3.9.14-150300.4.16.1 python39-testsuite-debuginfo-3.9.14-150300.4.16.1 python39-tk-3.9.14-150300.4.16.1 python39-tk-debuginfo-3.9.14-150300.4.16.1 python39-tools-3.9.14-150300.4.16.1 - openSUSE Leap 15.4 (x86_64): libpython3_9-1_0-32bit-3.9.14-150300.4.16.1 libpython3_9-1_0-32bit-debuginfo-3.9.14-150300.4.16.1 python39-32bit-3.9.14-150300.4.16.1 python39-32bit-debuginfo-3.9.14-150300.4.16.1 python39-base-32bit-3.9.14-150300.4.16.1 python39-base-32bit-debuginfo-3.9.14-150300.4.16.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): libpython3_9-1_0-3.9.14-150300.4.16.1 libpython3_9-1_0-debuginfo-3.9.14-150300.4.16.1 python39-3.9.14-150300.4.16.1 python39-base-3.9.14-150300.4.16.1 python39-base-debuginfo-3.9.14-150300.4.16.1 python39-core-debugsource-3.9.14-150300.4.16.1 python39-curses-3.9.14-150300.4.16.1 python39-curses-debuginfo-3.9.14-150300.4.16.1 python39-dbm-3.9.14-150300.4.16.1 python39-dbm-debuginfo-3.9.14-150300.4.16.1 python39-debuginfo-3.9.14-150300.4.16.1 python39-debugsource-3.9.14-150300.4.16.1 python39-devel-3.9.14-150300.4.16.1 python39-doc-3.9.14-150300.4.16.1 python39-doc-devhelp-3.9.14-150300.4.16.1 python39-idle-3.9.14-150300.4.16.1 python39-testsuite-3.9.14-150300.4.16.1 python39-testsuite-debuginfo-3.9.14-150300.4.16.1 python39-tk-3.9.14-150300.4.16.1 python39-tk-debuginfo-3.9.14-150300.4.16.1 python39-tools-3.9.14-150300.4.16.1 - openSUSE Leap 15.3 (x86_64): libpython3_9-1_0-32bit-3.9.14-150300.4.16.1 libpython3_9-1_0-32bit-debuginfo-3.9.14-150300.4.16.1 python39-32bit-3.9.14-150300.4.16.1 python39-32bit-debuginfo-3.9.14-150300.4.16.1 python39-base-32bit-3.9.14-150300.4.16.1 python39-base-32bit-debuginfo-3.9.14-150300.4.16.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le s390x x86_64): python39-core-debugsource-3.9.14-150300.4.16.1 python39-tools-3.9.14-150300.4.16.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): libpython3_9-1_0-3.9.14-150300.4.16.1 libpython3_9-1_0-debuginfo-3.9.14-150300.4.16.1 python39-3.9.14-150300.4.16.1 python39-base-3.9.14-150300.4.16.1 python39-base-debuginfo-3.9.14-150300.4.16.1 python39-core-debugsource-3.9.14-150300.4.16.1 python39-curses-3.9.14-150300.4.16.1 python39-curses-debuginfo-3.9.14-150300.4.16.1 python39-dbm-3.9.14-150300.4.16.1 python39-dbm-debuginfo-3.9.14-150300.4.16.1 python39-debuginfo-3.9.14-150300.4.16.1 python39-debugsource-3.9.14-150300.4.16.1 python39-devel-3.9.14-150300.4.16.1 python39-idle-3.9.14-150300.4.16.1 python39-tk-3.9.14-150300.4.16.1 python39-tk-debuginfo-3.9.14-150300.4.16.1 References: https://www.suse.com/security/cve/CVE-2020-10735.html https://www.suse.com/security/cve/CVE-2021-28861.html https://bugzilla.suse.com/1202624 https://bugzilla.suse.com/1203125 From sle-updates at lists.suse.com Sat Oct 1 16:18:52 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 1 Oct 2022 18:18:52 +0200 (CEST) Subject: SUSE-SU-2022:3487-1: moderate: Security update for ImageMagick Message-ID: <20221001161852.7B5D6FD57@maintenance.suse.de> SUSE Security Update: Security update for ImageMagick ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3487-1 Rating: moderate References: #1203450 Cross-References: CVE-2022-3213 CVSS scores: CVE-2022-3213 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2022-3213 (SUSE): 5.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Desktop Applications 15-SP4 SUSE Linux Enterprise Module for Development Tools 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for ImageMagick fixes the following issues: - CVE-2022-3213: Fixed heap buffer overflow when processing a malformed TIFF file (bsc#1203450). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3487=1 - SUSE Linux Enterprise Module for Development Tools 15-SP4: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2022-3487=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2022-3487=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): ImageMagick-7.1.0.9-150400.6.9.1 ImageMagick-config-7-SUSE-7.1.0.9-150400.6.9.1 ImageMagick-config-7-upstream-7.1.0.9-150400.6.9.1 ImageMagick-debuginfo-7.1.0.9-150400.6.9.1 ImageMagick-debugsource-7.1.0.9-150400.6.9.1 ImageMagick-devel-7.1.0.9-150400.6.9.1 ImageMagick-extra-7.1.0.9-150400.6.9.1 ImageMagick-extra-debuginfo-7.1.0.9-150400.6.9.1 libMagick++-7_Q16HDRI5-7.1.0.9-150400.6.9.1 libMagick++-7_Q16HDRI5-debuginfo-7.1.0.9-150400.6.9.1 libMagick++-devel-7.1.0.9-150400.6.9.1 libMagickCore-7_Q16HDRI10-7.1.0.9-150400.6.9.1 libMagickCore-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.9.1 libMagickWand-7_Q16HDRI10-7.1.0.9-150400.6.9.1 libMagickWand-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.9.1 perl-PerlMagick-7.1.0.9-150400.6.9.1 perl-PerlMagick-debuginfo-7.1.0.9-150400.6.9.1 - openSUSE Leap 15.4 (x86_64): ImageMagick-devel-32bit-7.1.0.9-150400.6.9.1 libMagick++-7_Q16HDRI5-32bit-7.1.0.9-150400.6.9.1 libMagick++-7_Q16HDRI5-32bit-debuginfo-7.1.0.9-150400.6.9.1 libMagick++-devel-32bit-7.1.0.9-150400.6.9.1 libMagickCore-7_Q16HDRI10-32bit-7.1.0.9-150400.6.9.1 libMagickCore-7_Q16HDRI10-32bit-debuginfo-7.1.0.9-150400.6.9.1 libMagickWand-7_Q16HDRI10-32bit-7.1.0.9-150400.6.9.1 libMagickWand-7_Q16HDRI10-32bit-debuginfo-7.1.0.9-150400.6.9.1 - openSUSE Leap 15.4 (noarch): ImageMagick-doc-7.1.0.9-150400.6.9.1 - SUSE Linux Enterprise Module for Development Tools 15-SP4 (aarch64 ppc64le s390x x86_64): ImageMagick-debuginfo-7.1.0.9-150400.6.9.1 ImageMagick-debugsource-7.1.0.9-150400.6.9.1 perl-PerlMagick-7.1.0.9-150400.6.9.1 perl-PerlMagick-debuginfo-7.1.0.9-150400.6.9.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4 (aarch64 ppc64le s390x x86_64): ImageMagick-7.1.0.9-150400.6.9.1 ImageMagick-config-7-SUSE-7.1.0.9-150400.6.9.1 ImageMagick-config-7-upstream-7.1.0.9-150400.6.9.1 ImageMagick-debuginfo-7.1.0.9-150400.6.9.1 ImageMagick-debugsource-7.1.0.9-150400.6.9.1 ImageMagick-devel-7.1.0.9-150400.6.9.1 libMagick++-7_Q16HDRI5-7.1.0.9-150400.6.9.1 libMagick++-7_Q16HDRI5-debuginfo-7.1.0.9-150400.6.9.1 libMagick++-devel-7.1.0.9-150400.6.9.1 libMagickCore-7_Q16HDRI10-7.1.0.9-150400.6.9.1 libMagickCore-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.9.1 libMagickWand-7_Q16HDRI10-7.1.0.9-150400.6.9.1 libMagickWand-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.9.1 References: https://www.suse.com/security/cve/CVE-2022-3213.html https://bugzilla.suse.com/1203450 From sle-updates at lists.suse.com Sat Oct 1 16:19:30 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 1 Oct 2022 18:19:30 +0200 (CEST) Subject: SUSE-SU-2022:3486-1: important: Security update for cosign Message-ID: <20221001161930.A5D85FD57@maintenance.suse.de> SUSE Security Update: Security update for cosign ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3486-1 Rating: important References: #1203430 SLE-23879 Cross-References: CVE-2022-36056 CVSS scores: CVE-2022-36056 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes one vulnerability, contains one feature is now available. Description: This update for cosign fixes the following issues: Updated to version 1.12.0 (jsc#SLE-23879): - CVE-2022-36056: Fixed verify-blob could successfully verify an artifact when verification should have failed (bsc#1203430). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3486=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-3486=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): cosign-1.12.0-150400.3.6.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): cosign-1.12.0-150400.3.6.1 References: https://www.suse.com/security/cve/CVE-2022-36056.html https://bugzilla.suse.com/1203430 From sle-updates at lists.suse.com Sat Oct 1 16:20:11 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 1 Oct 2022 18:20:11 +0200 (CEST) Subject: SUSE-SU-2022:3489-1: important: Security update for expat Message-ID: <20221001162011.B9257FD57@maintenance.suse.de> SUSE Security Update: Security update for expat ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3489-1 Rating: important References: #1203438 Cross-References: CVE-2022-40674 CVSS scores: CVE-2022-40674 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-40674 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for expat fixes the following issues: - CVE-2022-40674: Fixed use-after-free in the doContent function in xmlparse.c (bsc#1203438). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3489=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-3489=1 - SUSE Linux Enterprise Micro 5.3: zypper in -t patch SUSE-SLE-Micro-5.3-2022-3489=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): expat-2.4.4-150400.3.9.1 expat-debuginfo-2.4.4-150400.3.9.1 expat-debugsource-2.4.4-150400.3.9.1 libexpat-devel-2.4.4-150400.3.9.1 libexpat1-2.4.4-150400.3.9.1 libexpat1-debuginfo-2.4.4-150400.3.9.1 - openSUSE Leap 15.4 (x86_64): expat-32bit-debuginfo-2.4.4-150400.3.9.1 libexpat-devel-32bit-2.4.4-150400.3.9.1 libexpat1-32bit-2.4.4-150400.3.9.1 libexpat1-32bit-debuginfo-2.4.4-150400.3.9.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): expat-2.4.4-150400.3.9.1 expat-debuginfo-2.4.4-150400.3.9.1 expat-debugsource-2.4.4-150400.3.9.1 libexpat-devel-2.4.4-150400.3.9.1 libexpat1-2.4.4-150400.3.9.1 libexpat1-debuginfo-2.4.4-150400.3.9.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (x86_64): expat-32bit-debuginfo-2.4.4-150400.3.9.1 libexpat1-32bit-2.4.4-150400.3.9.1 libexpat1-32bit-debuginfo-2.4.4-150400.3.9.1 - SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64): expat-debuginfo-2.4.4-150400.3.9.1 expat-debugsource-2.4.4-150400.3.9.1 libexpat1-2.4.4-150400.3.9.1 libexpat1-debuginfo-2.4.4-150400.3.9.1 References: https://www.suse.com/security/cve/CVE-2022-40674.html https://bugzilla.suse.com/1203438 From sle-updates at lists.suse.com Sat Oct 1 16:21:02 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 1 Oct 2022 18:21:02 +0200 (CEST) Subject: SUSE-SU-2022:3488-1: important: Security update for webkit2gtk3 Message-ID: <20221001162102.0939FFD57@maintenance.suse.de> SUSE Security Update: Security update for webkit2gtk3 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3488-1 Rating: important References: #1203530 Cross-References: CVE-2022-32886 CVE-2022-32912 CVSS scores: CVE-2022-32886 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-32886 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-32912 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-32912 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Module for Desktop Applications 15-SP4 SUSE Linux Enterprise Module for Development Tools 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for webkit2gtk3 fixes the following issues: Updated to version 2.36.8 (bsc#1203530): - CVE-2022-32886: Fixed a buffer overflow issue that could potentially lead to code execution. - CVE-2022-32912: Fixed an out-of-bounds read that could potentially lead to code execution. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3488=1 - SUSE Linux Enterprise Module for Development Tools 15-SP4: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2022-3488=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2022-3488=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-3488=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): libjavascriptcoregtk-4_0-18-2.36.8-150400.4.15.1 libjavascriptcoregtk-4_0-18-debuginfo-2.36.8-150400.4.15.1 libjavascriptcoregtk-4_1-0-2.36.8-150400.4.15.1 libjavascriptcoregtk-4_1-0-debuginfo-2.36.8-150400.4.15.1 libjavascriptcoregtk-5_0-0-2.36.8-150400.4.15.1 libjavascriptcoregtk-5_0-0-debuginfo-2.36.8-150400.4.15.1 libwebkit2gtk-4_0-37-2.36.8-150400.4.15.1 libwebkit2gtk-4_0-37-debuginfo-2.36.8-150400.4.15.1 libwebkit2gtk-4_1-0-2.36.8-150400.4.15.1 libwebkit2gtk-4_1-0-debuginfo-2.36.8-150400.4.15.1 libwebkit2gtk-5_0-0-2.36.8-150400.4.15.1 libwebkit2gtk-5_0-0-debuginfo-2.36.8-150400.4.15.1 typelib-1_0-JavaScriptCore-4_0-2.36.8-150400.4.15.1 typelib-1_0-JavaScriptCore-4_1-2.36.8-150400.4.15.1 typelib-1_0-JavaScriptCore-5_0-2.36.8-150400.4.15.1 typelib-1_0-WebKit2-4_0-2.36.8-150400.4.15.1 typelib-1_0-WebKit2-4_1-2.36.8-150400.4.15.1 typelib-1_0-WebKit2-5_0-2.36.8-150400.4.15.1 typelib-1_0-WebKit2WebExtension-4_0-2.36.8-150400.4.15.1 typelib-1_0-WebKit2WebExtension-4_1-2.36.8-150400.4.15.1 typelib-1_0-WebKit2WebExtension-5_0-2.36.8-150400.4.15.1 webkit-jsc-4-2.36.8-150400.4.15.1 webkit-jsc-4-debuginfo-2.36.8-150400.4.15.1 webkit-jsc-4.1-2.36.8-150400.4.15.1 webkit-jsc-4.1-debuginfo-2.36.8-150400.4.15.1 webkit-jsc-5.0-2.36.8-150400.4.15.1 webkit-jsc-5.0-debuginfo-2.36.8-150400.4.15.1 webkit2gtk-4_0-injected-bundles-2.36.8-150400.4.15.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.36.8-150400.4.15.1 webkit2gtk-4_1-injected-bundles-2.36.8-150400.4.15.1 webkit2gtk-4_1-injected-bundles-debuginfo-2.36.8-150400.4.15.1 webkit2gtk-5_0-injected-bundles-2.36.8-150400.4.15.1 webkit2gtk-5_0-injected-bundles-debuginfo-2.36.8-150400.4.15.1 webkit2gtk3-debugsource-2.36.8-150400.4.15.1 webkit2gtk3-devel-2.36.8-150400.4.15.1 webkit2gtk3-minibrowser-2.36.8-150400.4.15.1 webkit2gtk3-minibrowser-debuginfo-2.36.8-150400.4.15.1 webkit2gtk3-soup2-debugsource-2.36.8-150400.4.15.1 webkit2gtk3-soup2-devel-2.36.8-150400.4.15.1 webkit2gtk3-soup2-minibrowser-2.36.8-150400.4.15.1 webkit2gtk3-soup2-minibrowser-debuginfo-2.36.8-150400.4.15.1 webkit2gtk4-debugsource-2.36.8-150400.4.15.1 webkit2gtk4-devel-2.36.8-150400.4.15.1 webkit2gtk4-minibrowser-2.36.8-150400.4.15.1 webkit2gtk4-minibrowser-debuginfo-2.36.8-150400.4.15.1 - openSUSE Leap 15.4 (noarch): WebKit2GTK-4.0-lang-2.36.8-150400.4.15.1 WebKit2GTK-4.1-lang-2.36.8-150400.4.15.1 WebKit2GTK-5.0-lang-2.36.8-150400.4.15.1 - openSUSE Leap 15.4 (x86_64): libjavascriptcoregtk-4_0-18-32bit-2.36.8-150400.4.15.1 libjavascriptcoregtk-4_0-18-32bit-debuginfo-2.36.8-150400.4.15.1 libjavascriptcoregtk-4_1-0-32bit-2.36.8-150400.4.15.1 libjavascriptcoregtk-4_1-0-32bit-debuginfo-2.36.8-150400.4.15.1 libwebkit2gtk-4_0-37-32bit-2.36.8-150400.4.15.1 libwebkit2gtk-4_0-37-32bit-debuginfo-2.36.8-150400.4.15.1 libwebkit2gtk-4_1-0-32bit-2.36.8-150400.4.15.1 libwebkit2gtk-4_1-0-32bit-debuginfo-2.36.8-150400.4.15.1 - SUSE Linux Enterprise Module for Development Tools 15-SP4 (aarch64 ppc64le s390x x86_64): libjavascriptcoregtk-5_0-0-2.36.8-150400.4.15.1 libjavascriptcoregtk-5_0-0-debuginfo-2.36.8-150400.4.15.1 libwebkit2gtk-5_0-0-2.36.8-150400.4.15.1 libwebkit2gtk-5_0-0-debuginfo-2.36.8-150400.4.15.1 typelib-1_0-JavaScriptCore-5_0-2.36.8-150400.4.15.1 typelib-1_0-WebKit2-5_0-2.36.8-150400.4.15.1 webkit2gtk-5_0-injected-bundles-2.36.8-150400.4.15.1 webkit2gtk-5_0-injected-bundles-debuginfo-2.36.8-150400.4.15.1 webkit2gtk4-debugsource-2.36.8-150400.4.15.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4 (aarch64 ppc64le s390x x86_64): libjavascriptcoregtk-4_1-0-2.36.8-150400.4.15.1 libjavascriptcoregtk-4_1-0-debuginfo-2.36.8-150400.4.15.1 libwebkit2gtk-4_1-0-2.36.8-150400.4.15.1 libwebkit2gtk-4_1-0-debuginfo-2.36.8-150400.4.15.1 typelib-1_0-JavaScriptCore-4_1-2.36.8-150400.4.15.1 typelib-1_0-WebKit2-4_1-2.36.8-150400.4.15.1 typelib-1_0-WebKit2WebExtension-4_1-2.36.8-150400.4.15.1 webkit2gtk-4_1-injected-bundles-2.36.8-150400.4.15.1 webkit2gtk-4_1-injected-bundles-debuginfo-2.36.8-150400.4.15.1 webkit2gtk3-debugsource-2.36.8-150400.4.15.1 webkit2gtk3-devel-2.36.8-150400.4.15.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): libjavascriptcoregtk-4_0-18-2.36.8-150400.4.15.1 libjavascriptcoregtk-4_0-18-debuginfo-2.36.8-150400.4.15.1 libwebkit2gtk-4_0-37-2.36.8-150400.4.15.1 libwebkit2gtk-4_0-37-debuginfo-2.36.8-150400.4.15.1 typelib-1_0-JavaScriptCore-4_0-2.36.8-150400.4.15.1 typelib-1_0-WebKit2-4_0-2.36.8-150400.4.15.1 typelib-1_0-WebKit2WebExtension-4_0-2.36.8-150400.4.15.1 webkit2gtk-4_0-injected-bundles-2.36.8-150400.4.15.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.36.8-150400.4.15.1 webkit2gtk3-soup2-debugsource-2.36.8-150400.4.15.1 webkit2gtk3-soup2-devel-2.36.8-150400.4.15.1 References: https://www.suse.com/security/cve/CVE-2022-32886.html https://www.suse.com/security/cve/CVE-2022-32912.html https://bugzilla.suse.com/1203530 From sle-updates at lists.suse.com Sun Oct 2 07:33:22 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 2 Oct 2022 09:33:22 +0200 (CEST) Subject: SUSE-CU-2022:2434-1: Security update of bci/golang Message-ID: <20221002073322.99912F799@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2434-1 Container Tags : bci/golang:1.16 , bci/golang:1.16-30.46 Container Release : 30.46 Severity : important Type : security References : 1203438 CVE-2022-40674 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3489-1 Released: Sat Oct 1 13:35:24 2022 Summary: Security update for expat Type: security Severity: important References: 1203438,CVE-2022-40674 This update for expat fixes the following issues: - CVE-2022-40674: Fixed use-after-free in the doContent function in xmlparse.c (bsc#1203438). The following package changes have been done: - libexpat1-2.4.4-150400.3.9.1 updated - aaa_base-84.87+git20180409.04c9dae-3.57.1 removed - bash-4.4-150400.25.22 removed - bash-sh-4.4-150400.25.22 removed - coreutils-8.32-150400.7.5 removed - cpio-2.13-150400.1.98 removed - cracklib-2.9.7-11.6.1 removed - cracklib-dict-small-2.9.7-11.6.1 removed - diffutils-3.6-4.3.1 removed - file-magic-5.32-7.14.1 removed - filesystem-15.0-11.8.1 removed - fillup-1.42-2.18 removed - findutils-4.8.0-1.20 removed - glibc-2.31-150300.41.1 removed - grep-3.1-150000.4.6.1 removed - info-6.5-4.17 removed - krb5-1.19.2-150400.1.9 removed - libacl1-2.2.52-4.3.1 removed - libattr1-2.4.47-2.19 removed - libaudit1-3.0.6-150400.2.13 removed - libblkid1-2.37.2-150400.8.3.1 removed - libbrotlicommon1-1.0.7-3.3.1 removed - libbrotlidec1-1.0.7-3.3.1 removed - libbz2-1-1.0.8-150400.1.122 removed - libcap-ng0-0.7.9-4.37 removed - libcap2-2.63-150400.1.7 removed - libcom_err2-1.46.4-150400.3.3.1 removed - libcrack2-2.9.7-11.6.1 removed - libcrypt1-4.4.15-150300.4.4.3 removed - libcurl4-7.79.1-150400.5.6.1 removed - libdw1-0.185-150400.5.3.1 removed - libeconf0-0.4.4+git20220104.962774f-150400.1.38 removed - libelf1-0.185-150400.5.3.1 removed - libfdisk1-2.37.2-150400.8.3.1 removed - libgcc_s1-11.3.0+git1637-150000.1.11.2 removed - libgcrypt20-1.9.4-150400.4.6 removed - libgcrypt20-hmac-1.9.4-150400.4.6 removed - libgmp10-6.1.2-4.9.1 removed - libgpg-error0-1.42-150400.1.101 removed - libidn2-0-2.2.0-3.6.1 removed - libkeyutils1-1.6.3-5.6.1 removed - libldap-2_4-2-2.4.46-150200.14.11.2 removed - libldap-data-2.4.46-150200.14.11.2 removed - liblua5_3-5-5.3.6-3.6.1 removed - liblz4-1-1.9.3-150400.1.7 removed - liblzma5-5.2.3-150000.4.7.1 removed - libmagic1-5.32-7.14.1 removed - libmount1-2.37.2-150400.8.3.1 removed - libncurses6-6.1-150000.5.12.1 removed - libnghttp2-14-1.40.0-6.1 removed - libnsl2-1.2.0-2.44 removed - libopenssl1_1-1.1.1l-150400.7.7.1 removed - libopenssl1_1-hmac-1.1.1l-150400.7.7.1 removed - libpcre1-8.45-150000.20.13.1 removed - libpopt0-1.16-3.22 removed - libpsl5-0.20.1-150000.3.3.1 removed - libreadline7-7.0-150400.25.22 removed - libsasl2-3-2.1.27-150300.4.6.1 removed - libselinux1-3.1-150400.1.69 removed - libsemanage1-3.1-150400.1.65 removed - libsepol1-3.1-150400.1.70 removed - libsmartcols1-2.37.2-150400.8.3.1 removed - libssh-config-0.9.6-150400.1.5 removed - libssh4-0.9.6-150400.1.5 removed - libstdc++6-11.3.0+git1637-150000.1.11.2 removed - libsystemd0-249.12-150400.8.10.1 removed - libtirpc-netconfig-1.2.6-150300.3.14.1 removed - libtirpc3-1.2.6-150300.3.14.1 removed - libudev1-249.12-150400.8.10.1 removed - libunistring2-0.9.10-1.1 removed - libutempter0-1.1.6-3.42 removed - libuuid1-2.37.2-150400.8.3.1 removed - libverto1-0.2.6-3.20 removed - libxml2-2-2.9.14-150400.5.7.1 removed - libz1-1.2.11-150000.3.33.1 removed - libzio1-1.06-2.20 removed - libzstd1-1.5.0-150400.1.71 removed - login_defs-4.8.1-150400.8.57 removed - ncurses-utils-6.1-150000.5.12.1 removed - pam-1.3.0-150000.6.58.3 removed - patterns-base-fips-20200124-150400.18.4 removed - perl-base-5.26.1-150300.17.11.1 removed - permissions-20201225-150400.5.11.1 removed - rpm-config-SUSE-1-150400.14.3.1 removed - rpm-ndb-4.14.3-150300.49.1 removed - sed-4.4-11.6 removed - shadow-4.8.1-150400.8.57 removed - sles-release-15.4-150400.55.1 removed - system-group-hardware-20170617-150400.22.33 removed - system-user-root-20190513-3.3.1 removed - sysuser-shadow-3.1-150400.1.35 removed - terminfo-base-6.1-150000.5.12.1 removed - timezone-2022a-150000.75.10.1 removed - util-linux-2.37.2-150400.8.3.1 removed From sle-updates at lists.suse.com Sun Oct 2 07:35:46 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 2 Oct 2022 09:35:46 +0200 (CEST) Subject: SUSE-CU-2022:2435-1: Security update of bci/golang Message-ID: <20221002073546.AB2A9F799@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2435-1 Container Tags : bci/golang:1.17 , bci/golang:1.17-29.46 Container Release : 29.46 Severity : important Type : security References : 1203438 CVE-2022-40674 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3489-1 Released: Sat Oct 1 13:35:24 2022 Summary: Security update for expat Type: security Severity: important References: 1203438,CVE-2022-40674 This update for expat fixes the following issues: - CVE-2022-40674: Fixed use-after-free in the doContent function in xmlparse.c (bsc#1203438). The following package changes have been done: - libexpat1-2.4.4-150400.3.9.1 updated - aaa_base-84.87+git20180409.04c9dae-3.57.1 removed - bash-4.4-150400.25.22 removed - bash-sh-4.4-150400.25.22 removed - coreutils-8.32-150400.7.5 removed - cpio-2.13-150400.1.98 removed - cracklib-2.9.7-11.6.1 removed - cracklib-dict-small-2.9.7-11.6.1 removed - diffutils-3.6-4.3.1 removed - file-magic-5.32-7.14.1 removed - filesystem-15.0-11.8.1 removed - fillup-1.42-2.18 removed - findutils-4.8.0-1.20 removed - glibc-2.31-150300.41.1 removed - grep-3.1-150000.4.6.1 removed - info-6.5-4.17 removed - krb5-1.19.2-150400.1.9 removed - libacl1-2.2.52-4.3.1 removed - libattr1-2.4.47-2.19 removed - libaudit1-3.0.6-150400.2.13 removed - libblkid1-2.37.2-150400.8.3.1 removed - libbrotlicommon1-1.0.7-3.3.1 removed - libbrotlidec1-1.0.7-3.3.1 removed - libbz2-1-1.0.8-150400.1.122 removed - libcap-ng0-0.7.9-4.37 removed - libcap2-2.63-150400.1.7 removed - libcom_err2-1.46.4-150400.3.3.1 removed - libcrack2-2.9.7-11.6.1 removed - libcrypt1-4.4.15-150300.4.4.3 removed - libcurl4-7.79.1-150400.5.6.1 removed - libdw1-0.185-150400.5.3.1 removed - libeconf0-0.4.4+git20220104.962774f-150400.1.38 removed - libelf1-0.185-150400.5.3.1 removed - libfdisk1-2.37.2-150400.8.3.1 removed - libgcc_s1-11.3.0+git1637-150000.1.11.2 removed - libgcrypt20-1.9.4-150400.4.6 removed - libgcrypt20-hmac-1.9.4-150400.4.6 removed - libgmp10-6.1.2-4.9.1 removed - libgpg-error0-1.42-150400.1.101 removed - libidn2-0-2.2.0-3.6.1 removed - libkeyutils1-1.6.3-5.6.1 removed - libldap-2_4-2-2.4.46-150200.14.11.2 removed - libldap-data-2.4.46-150200.14.11.2 removed - liblua5_3-5-5.3.6-3.6.1 removed - liblz4-1-1.9.3-150400.1.7 removed - liblzma5-5.2.3-150000.4.7.1 removed - libmagic1-5.32-7.14.1 removed - libmount1-2.37.2-150400.8.3.1 removed - libncurses6-6.1-150000.5.12.1 removed - libnghttp2-14-1.40.0-6.1 removed - libnsl2-1.2.0-2.44 removed - libopenssl1_1-1.1.1l-150400.7.7.1 removed - libopenssl1_1-hmac-1.1.1l-150400.7.7.1 removed - libpcre1-8.45-150000.20.13.1 removed - libpopt0-1.16-3.22 removed - libpsl5-0.20.1-150000.3.3.1 removed - libreadline7-7.0-150400.25.22 removed - libsasl2-3-2.1.27-150300.4.6.1 removed - libselinux1-3.1-150400.1.69 removed - libsemanage1-3.1-150400.1.65 removed - libsepol1-3.1-150400.1.70 removed - libsmartcols1-2.37.2-150400.8.3.1 removed - libssh-config-0.9.6-150400.1.5 removed - libssh4-0.9.6-150400.1.5 removed - libstdc++6-11.3.0+git1637-150000.1.11.2 removed - libsystemd0-249.12-150400.8.10.1 removed - libtirpc-netconfig-1.2.6-150300.3.14.1 removed - libtirpc3-1.2.6-150300.3.14.1 removed - libudev1-249.12-150400.8.10.1 removed - libunistring2-0.9.10-1.1 removed - libutempter0-1.1.6-3.42 removed - libuuid1-2.37.2-150400.8.3.1 removed - libverto1-0.2.6-3.20 removed - libxml2-2-2.9.14-150400.5.7.1 removed - libz1-1.2.11-150000.3.33.1 removed - libzio1-1.06-2.20 removed - libzstd1-1.5.0-150400.1.71 removed - login_defs-4.8.1-150400.8.57 removed - ncurses-utils-6.1-150000.5.12.1 removed - pam-1.3.0-150000.6.58.3 removed - patterns-base-fips-20200124-150400.18.4 removed - perl-base-5.26.1-150300.17.11.1 removed - permissions-20201225-150400.5.11.1 removed - rpm-config-SUSE-1-150400.14.3.1 removed - rpm-ndb-4.14.3-150300.49.1 removed - sed-4.4-11.6 removed - shadow-4.8.1-150400.8.57 removed - sles-release-15.4-150400.55.1 removed - system-group-hardware-20170617-150400.22.33 removed - system-user-root-20190513-3.3.1 removed - sysuser-shadow-3.1-150400.1.35 removed - terminfo-base-6.1-150000.5.12.1 removed - timezone-2022a-150000.75.10.1 removed - util-linux-2.37.2-150400.8.3.1 removed From sle-updates at lists.suse.com Sun Oct 2 07:37:36 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 2 Oct 2022 09:37:36 +0200 (CEST) Subject: SUSE-CU-2022:2436-1: Security update of bci/golang Message-ID: <20221002073736.ABBFFF799@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2436-1 Container Tags : bci/golang:1.18 , bci/golang:1.18-16.43 Container Release : 16.43 Severity : important Type : security References : 1203438 CVE-2022-40674 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3489-1 Released: Sat Oct 1 13:35:24 2022 Summary: Security update for expat Type: security Severity: important References: 1203438,CVE-2022-40674 This update for expat fixes the following issues: - CVE-2022-40674: Fixed use-after-free in the doContent function in xmlparse.c (bsc#1203438). The following package changes have been done: - libexpat1-2.4.4-150400.3.9.1 updated - aaa_base-84.87+git20180409.04c9dae-3.57.1 removed - bash-4.4-150400.25.22 removed - bash-sh-4.4-150400.25.22 removed - coreutils-8.32-150400.7.5 removed - cpio-2.13-150400.1.98 removed - cracklib-2.9.7-11.6.1 removed - cracklib-dict-small-2.9.7-11.6.1 removed - diffutils-3.6-4.3.1 removed - file-magic-5.32-7.14.1 removed - filesystem-15.0-11.8.1 removed - fillup-1.42-2.18 removed - findutils-4.8.0-1.20 removed - glibc-2.31-150300.41.1 removed - grep-3.1-150000.4.6.1 removed - info-6.5-4.17 removed - krb5-1.19.2-150400.1.9 removed - libacl1-2.2.52-4.3.1 removed - libattr1-2.4.47-2.19 removed - libaudit1-3.0.6-150400.2.13 removed - libblkid1-2.37.2-150400.8.3.1 removed - libbrotlicommon1-1.0.7-3.3.1 removed - libbrotlidec1-1.0.7-3.3.1 removed - libbz2-1-1.0.8-150400.1.122 removed - libcap-ng0-0.7.9-4.37 removed - libcap2-2.63-150400.1.7 removed - libcom_err2-1.46.4-150400.3.3.1 removed - libcrack2-2.9.7-11.6.1 removed - libcrypt1-4.4.15-150300.4.4.3 removed - libcurl4-7.79.1-150400.5.6.1 removed - libdw1-0.185-150400.5.3.1 removed - libeconf0-0.4.4+git20220104.962774f-150400.1.38 removed - libelf1-0.185-150400.5.3.1 removed - libfdisk1-2.37.2-150400.8.3.1 removed - libgcc_s1-11.3.0+git1637-150000.1.11.2 removed - libgcrypt20-1.9.4-150400.4.6 removed - libgcrypt20-hmac-1.9.4-150400.4.6 removed - libgmp10-6.1.2-4.9.1 removed - libgpg-error0-1.42-150400.1.101 removed - libidn2-0-2.2.0-3.6.1 removed - libkeyutils1-1.6.3-5.6.1 removed - libldap-2_4-2-2.4.46-150200.14.11.2 removed - libldap-data-2.4.46-150200.14.11.2 removed - liblua5_3-5-5.3.6-3.6.1 removed - liblz4-1-1.9.3-150400.1.7 removed - liblzma5-5.2.3-150000.4.7.1 removed - libmagic1-5.32-7.14.1 removed - libmount1-2.37.2-150400.8.3.1 removed - libncurses6-6.1-150000.5.12.1 removed - libnghttp2-14-1.40.0-6.1 removed - libnsl2-1.2.0-2.44 removed - libopenssl1_1-1.1.1l-150400.7.7.1 removed - libopenssl1_1-hmac-1.1.1l-150400.7.7.1 removed - libpcre1-8.45-150000.20.13.1 removed - libpopt0-1.16-3.22 removed - libpsl5-0.20.1-150000.3.3.1 removed - libreadline7-7.0-150400.25.22 removed - libsasl2-3-2.1.27-150300.4.6.1 removed - libselinux1-3.1-150400.1.69 removed - libsemanage1-3.1-150400.1.65 removed - libsepol1-3.1-150400.1.70 removed - libsmartcols1-2.37.2-150400.8.3.1 removed - libssh-config-0.9.6-150400.1.5 removed - libssh4-0.9.6-150400.1.5 removed - libstdc++6-11.3.0+git1637-150000.1.11.2 removed - libsystemd0-249.12-150400.8.10.1 removed - libtirpc-netconfig-1.2.6-150300.3.14.1 removed - libtirpc3-1.2.6-150300.3.14.1 removed - libudev1-249.12-150400.8.10.1 removed - libunistring2-0.9.10-1.1 removed - libutempter0-1.1.6-3.42 removed - libuuid1-2.37.2-150400.8.3.1 removed - libverto1-0.2.6-3.20 removed - libxml2-2-2.9.14-150400.5.7.1 removed - libz1-1.2.11-150000.3.33.1 removed - libzio1-1.06-2.20 removed - libzstd1-1.5.0-150400.1.71 removed - login_defs-4.8.1-150400.8.57 removed - ncurses-utils-6.1-150000.5.12.1 removed - pam-1.3.0-150000.6.58.3 removed - patterns-base-fips-20200124-150400.18.4 removed - perl-base-5.26.1-150300.17.11.1 removed - permissions-20201225-150400.5.11.1 removed - rpm-config-SUSE-1-150400.14.3.1 removed - rpm-ndb-4.14.3-150300.49.1 removed - sed-4.4-11.6 removed - shadow-4.8.1-150400.8.57 removed - sles-release-15.4-150400.55.1 removed - system-group-hardware-20170617-150400.22.33 removed - system-user-root-20190513-3.3.1 removed - sysuser-shadow-3.1-150400.1.35 removed - terminfo-base-6.1-150000.5.12.1 removed - timezone-2022a-150000.75.10.1 removed - util-linux-2.37.2-150400.8.3.1 removed From sle-updates at lists.suse.com Sun Oct 2 07:38:58 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 2 Oct 2022 09:38:58 +0200 (CEST) Subject: SUSE-CU-2022:2437-1: Security update of bci/bci-init Message-ID: <20221002073858.936A4F799@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2437-1 Container Tags : bci/bci-init:15.4 , bci/bci-init:15.4.22.30 , bci/bci-init:latest Container Release : 22.30 Severity : important Type : security References : 1203438 CVE-2022-40674 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3489-1 Released: Sat Oct 1 13:35:24 2022 Summary: Security update for expat Type: security Severity: important References: 1203438,CVE-2022-40674 This update for expat fixes the following issues: - CVE-2022-40674: Fixed use-after-free in the doContent function in xmlparse.c (bsc#1203438). The following package changes have been done: - libexpat1-2.4.4-150400.3.9.1 updated - aaa_base-84.87+git20180409.04c9dae-3.57.1 removed - bash-4.4-150400.25.22 removed - bash-sh-4.4-150400.25.22 removed - coreutils-8.32-150400.7.5 removed - cpio-2.13-150400.1.98 removed - cracklib-2.9.7-11.6.1 removed - cracklib-dict-small-2.9.7-11.6.1 removed - diffutils-3.6-4.3.1 removed - file-magic-5.32-7.14.1 removed - filesystem-15.0-11.8.1 removed - fillup-1.42-2.18 removed - findutils-4.8.0-1.20 removed - glibc-2.31-150300.41.1 removed - grep-3.1-150000.4.6.1 removed - info-6.5-4.17 removed - krb5-1.19.2-150400.1.9 removed - libacl1-2.2.52-4.3.1 removed - libattr1-2.4.47-2.19 removed - libaudit1-3.0.6-150400.2.13 removed - libblkid1-2.37.2-150400.8.3.1 removed - libbrotlicommon1-1.0.7-3.3.1 removed - libbrotlidec1-1.0.7-3.3.1 removed - libbz2-1-1.0.8-150400.1.122 removed - libcap-ng0-0.7.9-4.37 removed - libcap2-2.63-150400.1.7 removed - libcom_err2-1.46.4-150400.3.3.1 removed - libcrack2-2.9.7-11.6.1 removed - libcrypt1-4.4.15-150300.4.4.3 removed - libcurl4-7.79.1-150400.5.6.1 removed - libdw1-0.185-150400.5.3.1 removed - libeconf0-0.4.4+git20220104.962774f-150400.1.38 removed - libelf1-0.185-150400.5.3.1 removed - libfdisk1-2.37.2-150400.8.3.1 removed - libffi7-3.2.1.git259-10.8 removed - libgcc_s1-11.3.0+git1637-150000.1.11.2 removed - libgcrypt20-1.9.4-150400.4.6 removed - libgcrypt20-hmac-1.9.4-150400.4.6 removed - libgmp10-6.1.2-4.9.1 removed - libgpg-error0-1.42-150400.1.101 removed - libidn2-0-2.2.0-3.6.1 removed - libkeyutils1-1.6.3-5.6.1 removed - libldap-2_4-2-2.4.46-150200.14.11.2 removed - libldap-data-2.4.46-150200.14.11.2 removed - liblua5_3-5-5.3.6-3.6.1 removed - liblz4-1-1.9.3-150400.1.7 removed - liblzma5-5.2.3-150000.4.7.1 removed - libmagic1-5.32-7.14.1 removed - libmount1-2.37.2-150400.8.3.1 removed - libncurses6-6.1-150000.5.12.1 removed - libnghttp2-14-1.40.0-6.1 removed - libnsl2-1.2.0-2.44 removed - libopenssl1_1-1.1.1l-150400.7.7.1 removed - libopenssl1_1-hmac-1.1.1l-150400.7.7.1 removed - libp11-kit0-0.23.22-150400.1.10 removed - libpcre1-8.45-150000.20.13.1 removed - libpopt0-1.16-3.22 removed - libpsl5-0.20.1-150000.3.3.1 removed - libreadline7-7.0-150400.25.22 removed - libsasl2-3-2.1.27-150300.4.6.1 removed - libselinux1-3.1-150400.1.69 removed - libsemanage1-3.1-150400.1.65 removed - libsepol1-3.1-150400.1.70 removed - libsmartcols1-2.37.2-150400.8.3.1 removed - libssh-config-0.9.6-150400.1.5 removed - libssh4-0.9.6-150400.1.5 removed - libstdc++6-11.3.0+git1637-150000.1.11.2 removed - libsystemd0-249.12-150400.8.10.1 removed - libtirpc-netconfig-1.2.6-150300.3.14.1 removed - libtirpc3-1.2.6-150300.3.14.1 removed - libudev1-249.12-150400.8.10.1 removed - libunistring2-0.9.10-1.1 removed - libutempter0-1.1.6-3.42 removed - libuuid1-2.37.2-150400.8.3.1 removed - libverto1-0.2.6-3.20 removed - libxml2-2-2.9.14-150400.5.7.1 removed - libz1-1.2.11-150000.3.33.1 removed - libzio1-1.06-2.20 removed - libzstd1-1.5.0-150400.1.71 removed - login_defs-4.8.1-150400.8.57 removed - ncurses-utils-6.1-150000.5.12.1 removed - netcfg-11.6-3.3.1 removed - pam-1.3.0-150000.6.58.3 removed - patterns-base-fips-20200124-150400.18.4 removed - perl-base-5.26.1-150300.17.11.1 removed - permissions-20201225-150400.5.11.1 removed - rpm-config-SUSE-1-150400.14.3.1 removed - rpm-ndb-4.14.3-150300.49.1 removed - sed-4.4-11.6 removed - shadow-4.8.1-150400.8.57 removed - sles-release-15.4-150400.55.1 removed - system-group-hardware-20170617-150400.22.33 removed - system-user-root-20190513-3.3.1 removed - sysuser-shadow-3.1-150400.1.35 removed - terminfo-base-6.1-150000.5.12.1 removed - timezone-2022a-150000.75.10.1 removed - util-linux-2.37.2-150400.8.3.1 removed From sle-updates at lists.suse.com Sun Oct 2 07:40:07 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 2 Oct 2022 09:40:07 +0200 (CEST) Subject: SUSE-CU-2022:2438-1: Security update of bci/nodejs Message-ID: <20221002074007.957C9F799@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2438-1 Container Tags : bci/node:16 , bci/node:16-9.44 , bci/node:latest , bci/nodejs:16 , bci/nodejs:16-9.44 , bci/nodejs:latest Container Release : 9.44 Severity : important Type : security References : 1203438 CVE-2022-40674 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3489-1 Released: Sat Oct 1 13:35:24 2022 Summary: Security update for expat Type: security Severity: important References: 1203438,CVE-2022-40674 This update for expat fixes the following issues: - CVE-2022-40674: Fixed use-after-free in the doContent function in xmlparse.c (bsc#1203438). The following package changes have been done: - libexpat1-2.4.4-150400.3.9.1 updated - aaa_base-84.87+git20180409.04c9dae-3.57.1 removed - bash-4.4-150400.25.22 removed - bash-sh-4.4-150400.25.22 removed - coreutils-8.32-150400.7.5 removed - cpio-2.13-150400.1.98 removed - cracklib-2.9.7-11.6.1 removed - cracklib-dict-small-2.9.7-11.6.1 removed - diffutils-3.6-4.3.1 removed - file-magic-5.32-7.14.1 removed - filesystem-15.0-11.8.1 removed - fillup-1.42-2.18 removed - findutils-4.8.0-1.20 removed - glibc-2.31-150300.41.1 removed - grep-3.1-150000.4.6.1 removed - info-6.5-4.17 removed - krb5-1.19.2-150400.1.9 removed - libacl1-2.2.52-4.3.1 removed - libattr1-2.4.47-2.19 removed - libaudit1-3.0.6-150400.2.13 removed - libblkid1-2.37.2-150400.8.3.1 removed - libbrotlicommon1-1.0.7-3.3.1 removed - libbrotlidec1-1.0.7-3.3.1 removed - libbz2-1-1.0.8-150400.1.122 removed - libcap-ng0-0.7.9-4.37 removed - libcap2-2.63-150400.1.7 removed - libcom_err2-1.46.4-150400.3.3.1 removed - libcrack2-2.9.7-11.6.1 removed - libcrypt1-4.4.15-150300.4.4.3 removed - libcurl4-7.79.1-150400.5.6.1 removed - libdw1-0.185-150400.5.3.1 removed - libeconf0-0.4.4+git20220104.962774f-150400.1.38 removed - libelf1-0.185-150400.5.3.1 removed - libfdisk1-2.37.2-150400.8.3.1 removed - libgcc_s1-11.3.0+git1637-150000.1.11.2 removed - libgcrypt20-1.9.4-150400.4.6 removed - libgcrypt20-hmac-1.9.4-150400.4.6 removed - libgmp10-6.1.2-4.9.1 removed - libgpg-error0-1.42-150400.1.101 removed - libidn2-0-2.2.0-3.6.1 removed - libkeyutils1-1.6.3-5.6.1 removed - libldap-2_4-2-2.4.46-150200.14.11.2 removed - libldap-data-2.4.46-150200.14.11.2 removed - liblua5_3-5-5.3.6-3.6.1 removed - liblz4-1-1.9.3-150400.1.7 removed - liblzma5-5.2.3-150000.4.7.1 removed - libmagic1-5.32-7.14.1 removed - libmount1-2.37.2-150400.8.3.1 removed - libncurses6-6.1-150000.5.12.1 removed - libnghttp2-14-1.40.0-6.1 removed - libnsl2-1.2.0-2.44 removed - libopenssl1_1-1.1.1l-150400.7.7.1 removed - libopenssl1_1-hmac-1.1.1l-150400.7.7.1 removed - libpcre1-8.45-150000.20.13.1 removed - libpopt0-1.16-3.22 removed - libpsl5-0.20.1-150000.3.3.1 removed - libreadline7-7.0-150400.25.22 removed - libsasl2-3-2.1.27-150300.4.6.1 removed - libselinux1-3.1-150400.1.69 removed - libsemanage1-3.1-150400.1.65 removed - libsepol1-3.1-150400.1.70 removed - libsmartcols1-2.37.2-150400.8.3.1 removed - libssh-config-0.9.6-150400.1.5 removed - libssh4-0.9.6-150400.1.5 removed - libstdc++6-11.3.0+git1637-150000.1.11.2 removed - libsystemd0-249.12-150400.8.10.1 removed - libtirpc-netconfig-1.2.6-150300.3.14.1 removed - libtirpc3-1.2.6-150300.3.14.1 removed - libudev1-249.12-150400.8.10.1 removed - libunistring2-0.9.10-1.1 removed - libutempter0-1.1.6-3.42 removed - libuuid1-2.37.2-150400.8.3.1 removed - libverto1-0.2.6-3.20 removed - libxml2-2-2.9.14-150400.5.7.1 removed - libz1-1.2.11-150000.3.33.1 removed - libzio1-1.06-2.20 removed - libzstd1-1.5.0-150400.1.71 removed - login_defs-4.8.1-150400.8.57 removed - ncurses-utils-6.1-150000.5.12.1 removed - netcfg-11.6-3.3.1 removed - pam-1.3.0-150000.6.58.3 removed - patterns-base-fips-20200124-150400.18.4 removed - perl-base-5.26.1-150300.17.11.1 removed - permissions-20201225-150400.5.11.1 removed - rpm-config-SUSE-1-150400.14.3.1 removed - rpm-ndb-4.14.3-150300.49.1 removed - sed-4.4-11.6 removed - shadow-4.8.1-150400.8.57 removed - sles-release-15.4-150400.55.1 removed - system-group-hardware-20170617-150400.22.33 removed - system-user-root-20190513-3.3.1 removed - sysuser-shadow-3.1-150400.1.35 removed - terminfo-base-6.1-150000.5.12.1 removed - timezone-2022a-150000.75.10.1 removed - util-linux-2.37.2-150400.8.3.1 removed From sle-updates at lists.suse.com Sun Oct 2 07:45:54 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 2 Oct 2022 09:45:54 +0200 (CEST) Subject: SUSE-CU-2022:2441-1: Security update of bci/python Message-ID: <20221002074554.1AE2FF799@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2441-1 Container Tags : bci/python:3 , bci/python:3.6 , bci/python:3.6-28.40 Container Release : 28.40 Severity : important Type : security References : 1203438 CVE-2022-40674 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3489-1 Released: Sat Oct 1 13:35:24 2022 Summary: Security update for expat Type: security Severity: important References: 1203438,CVE-2022-40674 This update for expat fixes the following issues: - CVE-2022-40674: Fixed use-after-free in the doContent function in xmlparse.c (bsc#1203438). The following package changes have been done: - libexpat1-2.4.4-150400.3.9.1 updated - aaa_base-84.87+git20180409.04c9dae-3.57.1 removed - bash-4.4-150400.25.22 removed - bash-sh-4.4-150400.25.22 removed - ca-certificates-2+git20210309.21162a6-2.1 removed - coreutils-8.32-150400.7.5 removed - cpio-2.13-150400.1.98 removed - cracklib-2.9.7-11.6.1 removed - cracklib-dict-small-2.9.7-11.6.1 removed - crypto-policies-20210917.c9d86d1-150400.1.7 removed - curl-7.79.1-150400.5.6.1 removed - diffutils-3.6-4.3.1 removed - file-magic-5.32-7.14.1 removed - filesystem-15.0-11.8.1 removed - fillup-1.42-2.18 removed - findutils-4.8.0-1.20 removed - glibc-2.31-150300.41.1 removed - grep-3.1-150000.4.6.1 removed - info-6.5-4.17 removed - krb5-1.19.2-150400.1.9 removed - libacl1-2.2.52-4.3.1 removed - libattr1-2.4.47-2.19 removed - libaudit1-3.0.6-150400.2.13 removed - libblkid1-2.37.2-150400.8.3.1 removed - libbrotlicommon1-1.0.7-3.3.1 removed - libbrotlidec1-1.0.7-3.3.1 removed - libbz2-1-1.0.8-150400.1.122 removed - libcap-ng0-0.7.9-4.37 removed - libcap2-2.63-150400.1.7 removed - libcom_err2-1.46.4-150400.3.3.1 removed - libcrack2-2.9.7-11.6.1 removed - libcrypt1-4.4.15-150300.4.4.3 removed - libcurl4-7.79.1-150400.5.6.1 removed - libdw1-0.185-150400.5.3.1 removed - libeconf0-0.4.4+git20220104.962774f-150400.1.38 removed - libelf1-0.185-150400.5.3.1 removed - libfdisk1-2.37.2-150400.8.3.1 removed - libffi7-3.2.1.git259-10.8 removed - libgcc_s1-11.3.0+git1637-150000.1.11.2 removed - libgcrypt20-1.9.4-150400.4.6 removed - libgcrypt20-hmac-1.9.4-150400.4.6 removed - libgmp10-6.1.2-4.9.1 removed - libgpg-error0-1.42-150400.1.101 removed - libidn2-0-2.2.0-3.6.1 removed - libkeyutils1-1.6.3-5.6.1 removed - libldap-2_4-2-2.4.46-150200.14.11.2 removed - libldap-data-2.4.46-150200.14.11.2 removed - liblua5_3-5-5.3.6-3.6.1 removed - liblz4-1-1.9.3-150400.1.7 removed - liblzma5-5.2.3-150000.4.7.1 removed - libmagic1-5.32-7.14.1 removed - libmount1-2.37.2-150400.8.3.1 removed - libncurses6-6.1-150000.5.12.1 removed - libnghttp2-14-1.40.0-6.1 removed - libnsl2-1.2.0-2.44 removed - libopenssl1_1-1.1.1l-150400.7.7.1 removed - libopenssl1_1-hmac-1.1.1l-150400.7.7.1 removed - libp11-kit0-0.23.22-150400.1.10 removed - libpcre1-8.45-150000.20.13.1 removed - libpopt0-1.16-3.22 removed - libpsl5-0.20.1-150000.3.3.1 removed - libreadline7-7.0-150400.25.22 removed - libsasl2-3-2.1.27-150300.4.6.1 removed - libselinux1-3.1-150400.1.69 removed - libsemanage1-3.1-150400.1.65 removed - libsepol1-3.1-150400.1.70 removed - libsmartcols1-2.37.2-150400.8.3.1 removed - libsqlite3-0-3.39.3-150000.3.17.1 removed - libssh-config-0.9.6-150400.1.5 removed - libssh4-0.9.6-150400.1.5 removed - libstdc++6-11.3.0+git1637-150000.1.11.2 removed - libsystemd0-249.12-150400.8.10.1 removed - libtasn1-4.13-4.5.1 removed - libtasn1-6-4.13-4.5.1 removed - libtirpc-netconfig-1.2.6-150300.3.14.1 removed - libtirpc3-1.2.6-150300.3.14.1 removed - libudev1-249.12-150400.8.10.1 removed - libunistring2-0.9.10-1.1 removed - libutempter0-1.1.6-3.42 removed - libuuid1-2.37.2-150400.8.3.1 removed - libverto1-0.2.6-3.20 removed - libxml2-2-2.9.14-150400.5.7.1 removed - libz1-1.2.11-150000.3.33.1 removed - libzio1-1.06-2.20 removed - libzstd1-1.5.0-150400.1.71 removed - login_defs-4.8.1-150400.8.57 removed - ncurses-utils-6.1-150000.5.12.1 removed - openssl-1_1-1.1.1l-150400.7.7.1 removed - p11-kit-0.23.22-150400.1.10 removed - p11-kit-tools-0.23.22-150400.1.10 removed - pam-1.3.0-150000.6.58.3 removed - patterns-base-fips-20200124-150400.18.4 removed - perl-base-5.26.1-150300.17.11.1 removed - permissions-20201225-150400.5.11.1 removed - rpm-config-SUSE-1-150400.14.3.1 removed - rpm-ndb-4.14.3-150300.49.1 removed - sed-4.4-11.6 removed - shadow-4.8.1-150400.8.57 removed - sles-release-15.4-150400.55.1 removed - system-group-hardware-20170617-150400.22.33 removed - system-user-root-20190513-3.3.1 removed - sysuser-shadow-3.1-150400.1.35 removed - terminfo-base-6.1-150000.5.12.1 removed - timezone-2022a-150000.75.10.1 removed - util-linux-2.37.2-150400.8.3.1 removed From sle-updates at lists.suse.com Mon Oct 3 10:18:52 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 3 Oct 2022 12:18:52 +0200 (CEST) Subject: SUSE-SU-2022:3490-1: important: Security update for slurm Message-ID: <20221003101852.2DE5FFD57@maintenance.suse.de> SUSE Security Update: Security update for slurm ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3490-1 Rating: important References: #1199278 #1199279 #1201674 Cross-References: CVE-2022-29500 CVE-2022-29501 CVE-2022-31251 CVSS scores: CVE-2022-29500 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-29500 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-29501 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-29501 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-31251 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for slurm fixes the following issues: - CVE-2022-31251: Fixed a potential security vulnerability in the test package (bsc#1201674). - CVE-2022-29500: Fixed an architectural flaw can be exploited to allow an unprivileged user to execute arbitrary processes as root (bsc#1199278). - CVE-2022-29501: Fixed a vulnerability where an unprivileged user can send data to arbitrary unix socket as root (bsc#1199279). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3490=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-3490=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-3490=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-3490=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): libslurm35-20.02.7-150200.3.14.2 libslurm35-debuginfo-20.02.7-150200.3.14.2 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): libslurm35-20.02.7-150200.3.14.2 libslurm35-debuginfo-20.02.7-150200.3.14.2 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): libnss_slurm2-20.02.7-150200.3.14.2 libnss_slurm2-debuginfo-20.02.7-150200.3.14.2 libpmi0-20.02.7-150200.3.14.2 libpmi0-debuginfo-20.02.7-150200.3.14.2 libslurm35-20.02.7-150200.3.14.2 libslurm35-debuginfo-20.02.7-150200.3.14.2 perl-slurm-20.02.7-150200.3.14.2 perl-slurm-debuginfo-20.02.7-150200.3.14.2 slurm-20.02.7-150200.3.14.2 slurm-auth-none-20.02.7-150200.3.14.2 slurm-auth-none-debuginfo-20.02.7-150200.3.14.2 slurm-config-20.02.7-150200.3.14.2 slurm-config-man-20.02.7-150200.3.14.2 slurm-debuginfo-20.02.7-150200.3.14.2 slurm-debugsource-20.02.7-150200.3.14.2 slurm-devel-20.02.7-150200.3.14.2 slurm-doc-20.02.7-150200.3.14.2 slurm-lua-20.02.7-150200.3.14.2 slurm-lua-debuginfo-20.02.7-150200.3.14.2 slurm-munge-20.02.7-150200.3.14.2 slurm-munge-debuginfo-20.02.7-150200.3.14.2 slurm-node-20.02.7-150200.3.14.2 slurm-node-debuginfo-20.02.7-150200.3.14.2 slurm-pam_slurm-20.02.7-150200.3.14.2 slurm-pam_slurm-debuginfo-20.02.7-150200.3.14.2 slurm-plugins-20.02.7-150200.3.14.2 slurm-plugins-debuginfo-20.02.7-150200.3.14.2 slurm-slurmdbd-20.02.7-150200.3.14.2 slurm-slurmdbd-debuginfo-20.02.7-150200.3.14.2 slurm-sql-20.02.7-150200.3.14.2 slurm-sql-debuginfo-20.02.7-150200.3.14.2 slurm-sview-20.02.7-150200.3.14.2 slurm-sview-debuginfo-20.02.7-150200.3.14.2 slurm-torque-20.02.7-150200.3.14.2 slurm-torque-debuginfo-20.02.7-150200.3.14.2 slurm-webdoc-20.02.7-150200.3.14.2 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): libnss_slurm2-20.02.7-150200.3.14.2 libnss_slurm2-debuginfo-20.02.7-150200.3.14.2 libpmi0-20.02.7-150200.3.14.2 libpmi0-debuginfo-20.02.7-150200.3.14.2 libslurm35-20.02.7-150200.3.14.2 libslurm35-debuginfo-20.02.7-150200.3.14.2 perl-slurm-20.02.7-150200.3.14.2 perl-slurm-debuginfo-20.02.7-150200.3.14.2 slurm-20.02.7-150200.3.14.2 slurm-auth-none-20.02.7-150200.3.14.2 slurm-auth-none-debuginfo-20.02.7-150200.3.14.2 slurm-config-20.02.7-150200.3.14.2 slurm-config-man-20.02.7-150200.3.14.2 slurm-debuginfo-20.02.7-150200.3.14.2 slurm-debugsource-20.02.7-150200.3.14.2 slurm-devel-20.02.7-150200.3.14.2 slurm-doc-20.02.7-150200.3.14.2 slurm-lua-20.02.7-150200.3.14.2 slurm-lua-debuginfo-20.02.7-150200.3.14.2 slurm-munge-20.02.7-150200.3.14.2 slurm-munge-debuginfo-20.02.7-150200.3.14.2 slurm-node-20.02.7-150200.3.14.2 slurm-node-debuginfo-20.02.7-150200.3.14.2 slurm-pam_slurm-20.02.7-150200.3.14.2 slurm-pam_slurm-debuginfo-20.02.7-150200.3.14.2 slurm-plugins-20.02.7-150200.3.14.2 slurm-plugins-debuginfo-20.02.7-150200.3.14.2 slurm-slurmdbd-20.02.7-150200.3.14.2 slurm-slurmdbd-debuginfo-20.02.7-150200.3.14.2 slurm-sql-20.02.7-150200.3.14.2 slurm-sql-debuginfo-20.02.7-150200.3.14.2 slurm-sview-20.02.7-150200.3.14.2 slurm-sview-debuginfo-20.02.7-150200.3.14.2 slurm-torque-20.02.7-150200.3.14.2 slurm-torque-debuginfo-20.02.7-150200.3.14.2 slurm-webdoc-20.02.7-150200.3.14.2 References: https://www.suse.com/security/cve/CVE-2022-29500.html https://www.suse.com/security/cve/CVE-2022-29501.html https://www.suse.com/security/cve/CVE-2022-31251.html https://bugzilla.suse.com/1199278 https://bugzilla.suse.com/1199279 https://bugzilla.suse.com/1201674 From sle-updates at lists.suse.com Mon Oct 3 16:19:42 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 3 Oct 2022 18:19:42 +0200 (CEST) Subject: SUSE-SU-2022:3492-1: important: Security update for webkit2gtk3 Message-ID: <20221003161942.72844FD57@maintenance.suse.de> SUSE Security Update: Security update for webkit2gtk3 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3492-1 Rating: important References: #1203530 Cross-References: CVE-2022-32886 CVE-2022-32912 CVSS scores: CVE-2022-32886 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-32886 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-32912 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-32912 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for webkit2gtk3 fixes the following issues: Updated to version 2.36.8 (bsc#1203530): - CVE-2022-32886: Fixed a buffer overflow issue that could potentially lead to code execution. - CVE-2022-32912: Fixed an out-of-bounds read that could potentially lead to code execution. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-3492=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2022-3492=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-3492=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-3492=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-3492=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-3492=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2022-3492=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2022-3492=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (noarch): libwebkit2gtk3-lang-2.36.8-2.113.1 - SUSE OpenStack Cloud Crowbar 9 (x86_64): libjavascriptcoregtk-4_0-18-2.36.8-2.113.1 libjavascriptcoregtk-4_0-18-debuginfo-2.36.8-2.113.1 libwebkit2gtk-4_0-37-2.36.8-2.113.1 libwebkit2gtk-4_0-37-debuginfo-2.36.8-2.113.1 typelib-1_0-JavaScriptCore-4_0-2.36.8-2.113.1 typelib-1_0-WebKit2-4_0-2.36.8-2.113.1 typelib-1_0-WebKit2WebExtension-4_0-2.36.8-2.113.1 webkit2gtk-4_0-injected-bundles-2.36.8-2.113.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.36.8-2.113.1 webkit2gtk3-debugsource-2.36.8-2.113.1 - SUSE OpenStack Cloud 9 (x86_64): libjavascriptcoregtk-4_0-18-2.36.8-2.113.1 libjavascriptcoregtk-4_0-18-debuginfo-2.36.8-2.113.1 libwebkit2gtk-4_0-37-2.36.8-2.113.1 libwebkit2gtk-4_0-37-debuginfo-2.36.8-2.113.1 typelib-1_0-JavaScriptCore-4_0-2.36.8-2.113.1 typelib-1_0-WebKit2-4_0-2.36.8-2.113.1 typelib-1_0-WebKit2WebExtension-4_0-2.36.8-2.113.1 webkit2gtk-4_0-injected-bundles-2.36.8-2.113.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.36.8-2.113.1 webkit2gtk3-debugsource-2.36.8-2.113.1 - SUSE OpenStack Cloud 9 (noarch): libwebkit2gtk3-lang-2.36.8-2.113.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): typelib-1_0-WebKit2WebExtension-4_0-2.36.8-2.113.1 webkit2gtk3-debugsource-2.36.8-2.113.1 webkit2gtk3-devel-2.36.8-2.113.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): libjavascriptcoregtk-4_0-18-2.36.8-2.113.1 libjavascriptcoregtk-4_0-18-debuginfo-2.36.8-2.113.1 libwebkit2gtk-4_0-37-2.36.8-2.113.1 libwebkit2gtk-4_0-37-debuginfo-2.36.8-2.113.1 typelib-1_0-JavaScriptCore-4_0-2.36.8-2.113.1 typelib-1_0-WebKit2-4_0-2.36.8-2.113.1 typelib-1_0-WebKit2WebExtension-4_0-2.36.8-2.113.1 webkit2gtk-4_0-injected-bundles-2.36.8-2.113.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.36.8-2.113.1 webkit2gtk3-debugsource-2.36.8-2.113.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (noarch): libwebkit2gtk3-lang-2.36.8-2.113.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libjavascriptcoregtk-4_0-18-2.36.8-2.113.1 libjavascriptcoregtk-4_0-18-debuginfo-2.36.8-2.113.1 libwebkit2gtk-4_0-37-2.36.8-2.113.1 libwebkit2gtk-4_0-37-debuginfo-2.36.8-2.113.1 typelib-1_0-JavaScriptCore-4_0-2.36.8-2.113.1 typelib-1_0-WebKit2-4_0-2.36.8-2.113.1 typelib-1_0-WebKit2WebExtension-4_0-2.36.8-2.113.1 webkit2gtk-4_0-injected-bundles-2.36.8-2.113.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.36.8-2.113.1 webkit2gtk3-debugsource-2.36.8-2.113.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): libwebkit2gtk3-lang-2.36.8-2.113.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): libjavascriptcoregtk-4_0-18-2.36.8-2.113.1 libjavascriptcoregtk-4_0-18-debuginfo-2.36.8-2.113.1 libwebkit2gtk-4_0-37-2.36.8-2.113.1 libwebkit2gtk-4_0-37-debuginfo-2.36.8-2.113.1 typelib-1_0-JavaScriptCore-4_0-2.36.8-2.113.1 typelib-1_0-WebKit2-4_0-2.36.8-2.113.1 typelib-1_0-WebKit2WebExtension-4_0-2.36.8-2.113.1 webkit2gtk-4_0-injected-bundles-2.36.8-2.113.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.36.8-2.113.1 webkit2gtk3-debugsource-2.36.8-2.113.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (noarch): libwebkit2gtk3-lang-2.36.8-2.113.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): libjavascriptcoregtk-4_0-18-2.36.8-2.113.1 libjavascriptcoregtk-4_0-18-debuginfo-2.36.8-2.113.1 libwebkit2gtk-4_0-37-2.36.8-2.113.1 libwebkit2gtk-4_0-37-debuginfo-2.36.8-2.113.1 typelib-1_0-JavaScriptCore-4_0-2.36.8-2.113.1 typelib-1_0-WebKit2-4_0-2.36.8-2.113.1 webkit2gtk-4_0-injected-bundles-2.36.8-2.113.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.36.8-2.113.1 webkit2gtk3-debugsource-2.36.8-2.113.1 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): libwebkit2gtk3-lang-2.36.8-2.113.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): libjavascriptcoregtk-4_0-18-2.36.8-2.113.1 libjavascriptcoregtk-4_0-18-debuginfo-2.36.8-2.113.1 libwebkit2gtk-4_0-37-2.36.8-2.113.1 libwebkit2gtk-4_0-37-debuginfo-2.36.8-2.113.1 typelib-1_0-JavaScriptCore-4_0-2.36.8-2.113.1 typelib-1_0-WebKit2-4_0-2.36.8-2.113.1 typelib-1_0-WebKit2WebExtension-4_0-2.36.8-2.113.1 webkit2gtk-4_0-injected-bundles-2.36.8-2.113.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.36.8-2.113.1 webkit2gtk3-debugsource-2.36.8-2.113.1 webkit2gtk3-devel-2.36.8-2.113.1 References: https://www.suse.com/security/cve/CVE-2022-32886.html https://www.suse.com/security/cve/CVE-2022-32912.html https://bugzilla.suse.com/1203530 From sle-updates at lists.suse.com Mon Oct 3 16:21:49 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 3 Oct 2022 18:21:49 +0200 (CEST) Subject: SUSE-SU-2022:3491-1: important: Security update for slurm_20_02 Message-ID: <20221003162149.99A81FD57@maintenance.suse.de> SUSE Security Update: Security update for slurm_20_02 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3491-1 Rating: important References: #1186646 #1199278 #1199279 #1201674 Cross-References: CVE-2022-29500 CVE-2022-29501 CVE-2022-31251 CVSS scores: CVE-2022-29500 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-29500 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-29501 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-29501 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-31251 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that solves three vulnerabilities and has one errata is now available. Description: This update for slurm_20_02 fixes the following issues: - CVE-2022-31251: Fixed security vulnerability in the test package (bsc#1201674). - CVE-2022-29500: Fixed architectural flaw that can be exploited to allow an unprivileged user to execute arbitrary processes as root (bsc#1199278). - CVE-2022-29501: Fixed vulnerability where an unprivileged user can send data to arbitrary unix socket as root (bsc#1199279). Bugfixes: - Fixed qstat error message (torque wrapper) (bsc#1186646). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3491=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-3491=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-3491=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-3491=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): libnss_slurm2_20_02-20.02.7-150100.3.24.1 libnss_slurm2_20_02-debuginfo-20.02.7-150100.3.24.1 libpmi0_20_02-20.02.7-150100.3.24.1 libpmi0_20_02-debuginfo-20.02.7-150100.3.24.1 perl-slurm_20_02-20.02.7-150100.3.24.1 perl-slurm_20_02-debuginfo-20.02.7-150100.3.24.1 slurm_20_02-20.02.7-150100.3.24.1 slurm_20_02-auth-none-20.02.7-150100.3.24.1 slurm_20_02-auth-none-debuginfo-20.02.7-150100.3.24.1 slurm_20_02-config-20.02.7-150100.3.24.1 slurm_20_02-config-man-20.02.7-150100.3.24.1 slurm_20_02-cray-20.02.7-150100.3.24.1 slurm_20_02-cray-debuginfo-20.02.7-150100.3.24.1 slurm_20_02-debuginfo-20.02.7-150100.3.24.1 slurm_20_02-debugsource-20.02.7-150100.3.24.1 slurm_20_02-devel-20.02.7-150100.3.24.1 slurm_20_02-doc-20.02.7-150100.3.24.1 slurm_20_02-hdf5-20.02.7-150100.3.24.1 slurm_20_02-hdf5-debuginfo-20.02.7-150100.3.24.1 slurm_20_02-lua-20.02.7-150100.3.24.1 slurm_20_02-lua-debuginfo-20.02.7-150100.3.24.1 slurm_20_02-munge-20.02.7-150100.3.24.1 slurm_20_02-munge-debuginfo-20.02.7-150100.3.24.1 slurm_20_02-node-20.02.7-150100.3.24.1 slurm_20_02-node-debuginfo-20.02.7-150100.3.24.1 slurm_20_02-openlava-20.02.7-150100.3.24.1 slurm_20_02-pam_slurm-20.02.7-150100.3.24.1 slurm_20_02-pam_slurm-debuginfo-20.02.7-150100.3.24.1 slurm_20_02-plugins-20.02.7-150100.3.24.1 slurm_20_02-plugins-debuginfo-20.02.7-150100.3.24.1 slurm_20_02-rest-20.02.7-150100.3.24.1 slurm_20_02-rest-debuginfo-20.02.7-150100.3.24.1 slurm_20_02-seff-20.02.7-150100.3.24.1 slurm_20_02-sjstat-20.02.7-150100.3.24.1 slurm_20_02-slurmdbd-20.02.7-150100.3.24.1 slurm_20_02-slurmdbd-debuginfo-20.02.7-150100.3.24.1 slurm_20_02-sql-20.02.7-150100.3.24.1 slurm_20_02-sql-debuginfo-20.02.7-150100.3.24.1 slurm_20_02-sview-20.02.7-150100.3.24.1 slurm_20_02-sview-debuginfo-20.02.7-150100.3.24.1 slurm_20_02-torque-20.02.7-150100.3.24.1 slurm_20_02-torque-debuginfo-20.02.7-150100.3.24.1 slurm_20_02-webdoc-20.02.7-150100.3.24.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): libnss_slurm2_20_02-20.02.7-150100.3.24.1 libnss_slurm2_20_02-debuginfo-20.02.7-150100.3.24.1 libpmi0_20_02-20.02.7-150100.3.24.1 libpmi0_20_02-debuginfo-20.02.7-150100.3.24.1 perl-slurm_20_02-20.02.7-150100.3.24.1 perl-slurm_20_02-debuginfo-20.02.7-150100.3.24.1 slurm_20_02-20.02.7-150100.3.24.1 slurm_20_02-auth-none-20.02.7-150100.3.24.1 slurm_20_02-auth-none-debuginfo-20.02.7-150100.3.24.1 slurm_20_02-config-20.02.7-150100.3.24.1 slurm_20_02-config-man-20.02.7-150100.3.24.1 slurm_20_02-cray-20.02.7-150100.3.24.1 slurm_20_02-cray-debuginfo-20.02.7-150100.3.24.1 slurm_20_02-debuginfo-20.02.7-150100.3.24.1 slurm_20_02-debugsource-20.02.7-150100.3.24.1 slurm_20_02-devel-20.02.7-150100.3.24.1 slurm_20_02-doc-20.02.7-150100.3.24.1 slurm_20_02-hdf5-20.02.7-150100.3.24.1 slurm_20_02-hdf5-debuginfo-20.02.7-150100.3.24.1 slurm_20_02-lua-20.02.7-150100.3.24.1 slurm_20_02-lua-debuginfo-20.02.7-150100.3.24.1 slurm_20_02-munge-20.02.7-150100.3.24.1 slurm_20_02-munge-debuginfo-20.02.7-150100.3.24.1 slurm_20_02-node-20.02.7-150100.3.24.1 slurm_20_02-node-debuginfo-20.02.7-150100.3.24.1 slurm_20_02-openlava-20.02.7-150100.3.24.1 slurm_20_02-pam_slurm-20.02.7-150100.3.24.1 slurm_20_02-pam_slurm-debuginfo-20.02.7-150100.3.24.1 slurm_20_02-plugins-20.02.7-150100.3.24.1 slurm_20_02-plugins-debuginfo-20.02.7-150100.3.24.1 slurm_20_02-rest-20.02.7-150100.3.24.1 slurm_20_02-rest-debuginfo-20.02.7-150100.3.24.1 slurm_20_02-seff-20.02.7-150100.3.24.1 slurm_20_02-sjstat-20.02.7-150100.3.24.1 slurm_20_02-slurmdbd-20.02.7-150100.3.24.1 slurm_20_02-slurmdbd-debuginfo-20.02.7-150100.3.24.1 slurm_20_02-sql-20.02.7-150100.3.24.1 slurm_20_02-sql-debuginfo-20.02.7-150100.3.24.1 slurm_20_02-sview-20.02.7-150100.3.24.1 slurm_20_02-sview-debuginfo-20.02.7-150100.3.24.1 slurm_20_02-torque-20.02.7-150100.3.24.1 slurm_20_02-torque-debuginfo-20.02.7-150100.3.24.1 slurm_20_02-webdoc-20.02.7-150100.3.24.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): libnss_slurm2_20_02-20.02.7-150100.3.24.1 libnss_slurm2_20_02-debuginfo-20.02.7-150100.3.24.1 libpmi0_20_02-20.02.7-150100.3.24.1 libpmi0_20_02-debuginfo-20.02.7-150100.3.24.1 libslurm35-20.02.7-150100.3.24.1 libslurm35-debuginfo-20.02.7-150100.3.24.1 perl-slurm_20_02-20.02.7-150100.3.24.1 perl-slurm_20_02-debuginfo-20.02.7-150100.3.24.1 slurm_20_02-20.02.7-150100.3.24.1 slurm_20_02-auth-none-20.02.7-150100.3.24.1 slurm_20_02-auth-none-debuginfo-20.02.7-150100.3.24.1 slurm_20_02-config-20.02.7-150100.3.24.1 slurm_20_02-config-man-20.02.7-150100.3.24.1 slurm_20_02-debuginfo-20.02.7-150100.3.24.1 slurm_20_02-debugsource-20.02.7-150100.3.24.1 slurm_20_02-devel-20.02.7-150100.3.24.1 slurm_20_02-doc-20.02.7-150100.3.24.1 slurm_20_02-lua-20.02.7-150100.3.24.1 slurm_20_02-lua-debuginfo-20.02.7-150100.3.24.1 slurm_20_02-munge-20.02.7-150100.3.24.1 slurm_20_02-munge-debuginfo-20.02.7-150100.3.24.1 slurm_20_02-node-20.02.7-150100.3.24.1 slurm_20_02-node-debuginfo-20.02.7-150100.3.24.1 slurm_20_02-pam_slurm-20.02.7-150100.3.24.1 slurm_20_02-pam_slurm-debuginfo-20.02.7-150100.3.24.1 slurm_20_02-plugins-20.02.7-150100.3.24.1 slurm_20_02-plugins-debuginfo-20.02.7-150100.3.24.1 slurm_20_02-slurmdbd-20.02.7-150100.3.24.1 slurm_20_02-slurmdbd-debuginfo-20.02.7-150100.3.24.1 slurm_20_02-sql-20.02.7-150100.3.24.1 slurm_20_02-sql-debuginfo-20.02.7-150100.3.24.1 slurm_20_02-sview-20.02.7-150100.3.24.1 slurm_20_02-sview-debuginfo-20.02.7-150100.3.24.1 slurm_20_02-torque-20.02.7-150100.3.24.1 slurm_20_02-torque-debuginfo-20.02.7-150100.3.24.1 slurm_20_02-webdoc-20.02.7-150100.3.24.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): libnss_slurm2_20_02-20.02.7-150100.3.24.1 libnss_slurm2_20_02-debuginfo-20.02.7-150100.3.24.1 libpmi0_20_02-20.02.7-150100.3.24.1 libpmi0_20_02-debuginfo-20.02.7-150100.3.24.1 libslurm35-20.02.7-150100.3.24.1 libslurm35-debuginfo-20.02.7-150100.3.24.1 perl-slurm_20_02-20.02.7-150100.3.24.1 perl-slurm_20_02-debuginfo-20.02.7-150100.3.24.1 slurm_20_02-20.02.7-150100.3.24.1 slurm_20_02-auth-none-20.02.7-150100.3.24.1 slurm_20_02-auth-none-debuginfo-20.02.7-150100.3.24.1 slurm_20_02-config-20.02.7-150100.3.24.1 slurm_20_02-config-man-20.02.7-150100.3.24.1 slurm_20_02-debuginfo-20.02.7-150100.3.24.1 slurm_20_02-debugsource-20.02.7-150100.3.24.1 slurm_20_02-devel-20.02.7-150100.3.24.1 slurm_20_02-doc-20.02.7-150100.3.24.1 slurm_20_02-lua-20.02.7-150100.3.24.1 slurm_20_02-lua-debuginfo-20.02.7-150100.3.24.1 slurm_20_02-munge-20.02.7-150100.3.24.1 slurm_20_02-munge-debuginfo-20.02.7-150100.3.24.1 slurm_20_02-node-20.02.7-150100.3.24.1 slurm_20_02-node-debuginfo-20.02.7-150100.3.24.1 slurm_20_02-pam_slurm-20.02.7-150100.3.24.1 slurm_20_02-pam_slurm-debuginfo-20.02.7-150100.3.24.1 slurm_20_02-plugins-20.02.7-150100.3.24.1 slurm_20_02-plugins-debuginfo-20.02.7-150100.3.24.1 slurm_20_02-slurmdbd-20.02.7-150100.3.24.1 slurm_20_02-slurmdbd-debuginfo-20.02.7-150100.3.24.1 slurm_20_02-sql-20.02.7-150100.3.24.1 slurm_20_02-sql-debuginfo-20.02.7-150100.3.24.1 slurm_20_02-sview-20.02.7-150100.3.24.1 slurm_20_02-sview-debuginfo-20.02.7-150100.3.24.1 slurm_20_02-torque-20.02.7-150100.3.24.1 slurm_20_02-torque-debuginfo-20.02.7-150100.3.24.1 slurm_20_02-webdoc-20.02.7-150100.3.24.1 References: https://www.suse.com/security/cve/CVE-2022-29500.html https://www.suse.com/security/cve/CVE-2022-29501.html https://www.suse.com/security/cve/CVE-2022-31251.html https://bugzilla.suse.com/1186646 https://bugzilla.suse.com/1199278 https://bugzilla.suse.com/1199279 https://bugzilla.suse.com/1201674 From sle-updates at lists.suse.com Tue Oct 4 07:23:37 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 4 Oct 2022 09:23:37 +0200 (CEST) Subject: SUSE-CU-2022:2445-1: Security update of bci/openjdk Message-ID: <20221004072337.D8B22F799@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2445-1 Container Tags : bci/openjdk:11 , bci/openjdk:11-30.42 , bci/openjdk:latest Container Release : 30.42 Severity : important Type : security References : 1203438 CVE-2022-40674 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3489-1 Released: Sat Oct 1 13:35:24 2022 Summary: Security update for expat Type: security Severity: important References: 1203438,CVE-2022-40674 This update for expat fixes the following issues: - CVE-2022-40674: Fixed use-after-free in the doContent function in xmlparse.c (bsc#1203438). The following package changes have been done: - libexpat1-2.4.4-150400.3.9.1 updated - aaa_base-84.87+git20180409.04c9dae-3.57.1 removed - bash-4.4-150400.25.22 removed - bash-sh-4.4-150400.25.22 removed - ca-certificates-2+git20210309.21162a6-2.1 removed - coreutils-8.32-150400.7.5 removed - cpio-2.13-150400.1.98 removed - cracklib-2.9.7-11.6.1 removed - cracklib-dict-small-2.9.7-11.6.1 removed - crypto-policies-20210917.c9d86d1-150400.1.7 removed - diffutils-3.6-4.3.1 removed - file-magic-5.32-7.14.1 removed - filesystem-15.0-11.8.1 removed - fillup-1.42-2.18 removed - findutils-4.8.0-1.20 removed - glibc-2.31-150300.41.1 removed - grep-3.1-150000.4.6.1 removed - info-6.5-4.17 removed - krb5-1.19.2-150400.1.9 removed - libacl1-2.2.52-4.3.1 removed - libattr1-2.4.47-2.19 removed - libaudit1-3.0.6-150400.2.13 removed - libblkid1-2.37.2-150400.8.3.1 removed - libbrotlicommon1-1.0.7-3.3.1 removed - libbrotlidec1-1.0.7-3.3.1 removed - libbz2-1-1.0.8-150400.1.122 removed - libcap-ng0-0.7.9-4.37 removed - libcap2-2.63-150400.1.7 removed - libcom_err2-1.46.4-150400.3.3.1 removed - libcrack2-2.9.7-11.6.1 removed - libcrypt1-4.4.15-150300.4.4.3 removed - libcurl4-7.79.1-150400.5.6.1 removed - libdw1-0.185-150400.5.3.1 removed - libeconf0-0.4.4+git20220104.962774f-150400.1.38 removed - libelf1-0.185-150400.5.3.1 removed - libfdisk1-2.37.2-150400.8.3.1 removed - libffi7-3.2.1.git259-10.8 removed - libgcc_s1-11.3.0+git1637-150000.1.11.2 removed - libgcrypt20-1.9.4-150400.4.6 removed - libgcrypt20-hmac-1.9.4-150400.4.6 removed - libglib-2_0-0-2.70.4-150400.1.5 removed - libgmp10-6.1.2-4.9.1 removed - libgpg-error0-1.42-150400.1.101 removed - libidn2-0-2.2.0-3.6.1 removed - libkeyutils1-1.6.3-5.6.1 removed - libldap-2_4-2-2.4.46-150200.14.11.2 removed - libldap-data-2.4.46-150200.14.11.2 removed - liblua5_3-5-5.3.6-3.6.1 removed - liblz4-1-1.9.3-150400.1.7 removed - liblzma5-5.2.3-150000.4.7.1 removed - libmagic1-5.32-7.14.1 removed - libmount1-2.37.2-150400.8.3.1 removed - libncurses6-6.1-150000.5.12.1 removed - libnghttp2-14-1.40.0-6.1 removed - libnsl2-1.2.0-2.44 removed - libopenssl1_1-1.1.1l-150400.7.7.1 removed - libopenssl1_1-hmac-1.1.1l-150400.7.7.1 removed - libp11-kit0-0.23.22-150400.1.10 removed - libpcre1-8.45-150000.20.13.1 removed - libpopt0-1.16-3.22 removed - libpsl5-0.20.1-150000.3.3.1 removed - libreadline7-7.0-150400.25.22 removed - libsasl2-3-2.1.27-150300.4.6.1 removed - libselinux1-3.1-150400.1.69 removed - libsemanage1-3.1-150400.1.65 removed - libsepol1-3.1-150400.1.70 removed - libsmartcols1-2.37.2-150400.8.3.1 removed - libsqlite3-0-3.39.3-150000.3.17.1 removed - libssh-config-0.9.6-150400.1.5 removed - libssh4-0.9.6-150400.1.5 removed - libstdc++6-11.3.0+git1637-150000.1.11.2 removed - libsystemd0-249.12-150400.8.10.1 removed - libtasn1-4.13-4.5.1 removed - libtasn1-6-4.13-4.5.1 removed - libtirpc-netconfig-1.2.6-150300.3.14.1 removed - libtirpc3-1.2.6-150300.3.14.1 removed - libunistring2-0.9.10-1.1 removed - libutempter0-1.1.6-3.42 removed - libuuid1-2.37.2-150400.8.3.1 removed - libverto1-0.2.6-3.20 removed - libxml2-2-2.9.14-150400.5.7.1 removed - libz1-1.2.11-150000.3.33.1 removed - libzio1-1.06-2.20 removed - libzstd1-1.5.0-150400.1.71 removed - login_defs-4.8.1-150400.8.57 removed - ncurses-utils-6.1-150000.5.12.1 removed - openssl-1_1-1.1.1l-150400.7.7.1 removed - p11-kit-0.23.22-150400.1.10 removed - p11-kit-tools-0.23.22-150400.1.10 removed - pam-1.3.0-150000.6.58.3 removed - patterns-base-fips-20200124-150400.18.4 removed - perl-base-5.26.1-150300.17.11.1 removed - permissions-20201225-150400.5.11.1 removed - rpm-config-SUSE-1-150400.14.3.1 removed - rpm-ndb-4.14.3-150300.49.1 removed - sed-4.4-11.6 removed - shadow-4.8.1-150400.8.57 removed - sles-release-15.4-150400.55.1 removed - system-group-hardware-20170617-150400.22.33 removed - system-user-root-20190513-3.3.1 removed - sysuser-shadow-3.1-150400.1.35 removed - terminfo-base-6.1-150000.5.12.1 removed - timezone-2022a-150000.75.10.1 removed - util-linux-2.37.2-150400.8.3.1 removed From sle-updates at lists.suse.com Tue Oct 4 07:25:43 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 4 Oct 2022 09:25:43 +0200 (CEST) Subject: SUSE-CU-2022:2446-1: Security update of bci/ruby Message-ID: <20221004072543.47275F799@maintenance.suse.de> SUSE Container Update Advisory: bci/ruby ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2446-1 Container Tags : bci/ruby:2 , bci/ruby:2.5 , bci/ruby:2.5-29.41 , bci/ruby:latest Container Release : 29.41 Severity : important Type : security References : 1203438 CVE-2022-40674 ----------------------------------------------------------------- The container bci/ruby was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3489-1 Released: Sat Oct 1 13:35:24 2022 Summary: Security update for expat Type: security Severity: important References: 1203438,CVE-2022-40674 This update for expat fixes the following issues: - CVE-2022-40674: Fixed use-after-free in the doContent function in xmlparse.c (bsc#1203438). The following package changes have been done: - libexpat1-2.4.4-150400.3.9.1 updated - aaa_base-84.87+git20180409.04c9dae-3.57.1 removed - bash-4.4-150400.25.22 removed - bash-sh-4.4-150400.25.22 removed - coreutils-8.32-150400.7.5 removed - cpio-2.13-150400.1.98 removed - cracklib-2.9.7-11.6.1 removed - cracklib-dict-small-2.9.7-11.6.1 removed - curl-7.79.1-150400.5.6.1 removed - diffutils-3.6-4.3.1 removed - file-magic-5.32-7.14.1 removed - filesystem-15.0-11.8.1 removed - fillup-1.42-2.18 removed - findutils-4.8.0-1.20 removed - glibc-2.31-150300.41.1 removed - grep-3.1-150000.4.6.1 removed - info-6.5-4.17 removed - krb5-1.19.2-150400.1.9 removed - libacl1-2.2.52-4.3.1 removed - libattr1-2.4.47-2.19 removed - libaudit1-3.0.6-150400.2.13 removed - libblkid1-2.37.2-150400.8.3.1 removed - libbrotlicommon1-1.0.7-3.3.1 removed - libbrotlidec1-1.0.7-3.3.1 removed - libbz2-1-1.0.8-150400.1.122 removed - libcap-ng0-0.7.9-4.37 removed - libcap2-2.63-150400.1.7 removed - libcom_err2-1.46.4-150400.3.3.1 removed - libcrack2-2.9.7-11.6.1 removed - libcrypt1-4.4.15-150300.4.4.3 removed - libcurl4-7.79.1-150400.5.6.1 removed - libdw1-0.185-150400.5.3.1 removed - libeconf0-0.4.4+git20220104.962774f-150400.1.38 removed - libelf1-0.185-150400.5.3.1 removed - libfdisk1-2.37.2-150400.8.3.1 removed - libffi7-3.2.1.git259-10.8 removed - libgcc_s1-11.3.0+git1637-150000.1.11.2 removed - libgcrypt20-1.9.4-150400.4.6 removed - libgcrypt20-hmac-1.9.4-150400.4.6 removed - libgmp10-6.1.2-4.9.1 removed - libgpg-error0-1.42-150400.1.101 removed - libidn2-0-2.2.0-3.6.1 removed - libkeyutils1-1.6.3-5.6.1 removed - libldap-2_4-2-2.4.46-150200.14.11.2 removed - libldap-data-2.4.46-150200.14.11.2 removed - liblua5_3-5-5.3.6-3.6.1 removed - liblz4-1-1.9.3-150400.1.7 removed - liblzma5-5.2.3-150000.4.7.1 removed - libmagic1-5.32-7.14.1 removed - libmount1-2.37.2-150400.8.3.1 removed - libncurses6-6.1-150000.5.12.1 removed - libnghttp2-14-1.40.0-6.1 removed - libnsl2-1.2.0-2.44 removed - libopenssl1_1-1.1.1l-150400.7.7.1 removed - libopenssl1_1-hmac-1.1.1l-150400.7.7.1 removed - libpcre1-8.45-150000.20.13.1 removed - libpopt0-1.16-3.22 removed - libpsl5-0.20.1-150000.3.3.1 removed - libreadline7-7.0-150400.25.22 removed - libsasl2-3-2.1.27-150300.4.6.1 removed - libselinux1-3.1-150400.1.69 removed - libsemanage1-3.1-150400.1.65 removed - libsepol1-3.1-150400.1.70 removed - libsmartcols1-2.37.2-150400.8.3.1 removed - libsqlite3-0-3.39.3-150000.3.17.1 removed - libssh-config-0.9.6-150400.1.5 removed - libssh4-0.9.6-150400.1.5 removed - libstdc++6-11.3.0+git1637-150000.1.11.2 removed - libsystemd0-249.12-150400.8.10.1 removed - libtirpc-netconfig-1.2.6-150300.3.14.1 removed - libtirpc3-1.2.6-150300.3.14.1 removed - libudev1-249.12-150400.8.10.1 removed - libunistring2-0.9.10-1.1 removed - libutempter0-1.1.6-3.42 removed - libuuid1-2.37.2-150400.8.3.1 removed - libverto1-0.2.6-3.20 removed - libxml2-2-2.9.14-150400.5.7.1 removed - libz1-1.2.11-150000.3.33.1 removed - libzio1-1.06-2.20 removed - libzstd1-1.5.0-150400.1.71 removed - login_defs-4.8.1-150400.8.57 removed - ncurses-utils-6.1-150000.5.12.1 removed - pam-1.3.0-150000.6.58.3 removed - patterns-base-fips-20200124-150400.18.4 removed - perl-base-5.26.1-150300.17.11.1 removed - permissions-20201225-150400.5.11.1 removed - rpm-config-SUSE-1-150400.14.3.1 removed - rpm-ndb-4.14.3-150300.49.1 removed - sed-4.4-11.6 removed - shadow-4.8.1-150400.8.57 removed - sles-release-15.4-150400.55.1 removed - system-group-hardware-20170617-150400.22.33 removed - system-user-root-20190513-3.3.1 removed - sysuser-shadow-3.1-150400.1.35 removed - terminfo-base-6.1-150000.5.12.1 removed - timezone-2022a-150000.75.10.1 removed - util-linux-2.37.2-150400.8.3.1 removed From sle-updates at lists.suse.com Tue Oct 4 13:23:20 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 4 Oct 2022 15:23:20 +0200 (CEST) Subject: SUSE-SU-2022:3493-1: important: Security update for libcroco Message-ID: <20221004132320.494E1FD57@maintenance.suse.de> SUSE Security Update: Security update for libcroco ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3493-1 Rating: important References: #1171685 Cross-References: CVE-2020-12825 CVSS scores: CVE-2020-12825 (NVD) : 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H CVE-2020-12825 (SUSE): 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server for SAP 15-SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for libcroco fixes the following issues: - CVE-2020-12825: Fixed recursion issue in block and any productions (bsc#1171685). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-3493=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-3493=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-3493=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-3493=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-3493=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-3493=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-3493=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-3493=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-3493=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-3493=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): libcroco-0.6.12-150000.4.6.2 libcroco-0_6-3-0.6.12-150000.4.6.2 libcroco-0_6-3-debuginfo-0.6.12-150000.4.6.2 libcroco-debuginfo-0.6.12-150000.4.6.2 libcroco-debugsource-0.6.12-150000.4.6.2 libcroco-devel-0.6.12-150000.4.6.2 - SUSE Linux Enterprise Server for SAP 15-SP1 (x86_64): libcroco-0_6-3-32bit-0.6.12-150000.4.6.2 libcroco-0_6-3-32bit-debuginfo-0.6.12-150000.4.6.2 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): libcroco-0.6.12-150000.4.6.2 libcroco-0_6-3-0.6.12-150000.4.6.2 libcroco-0_6-3-debuginfo-0.6.12-150000.4.6.2 libcroco-debuginfo-0.6.12-150000.4.6.2 libcroco-debugsource-0.6.12-150000.4.6.2 libcroco-devel-0.6.12-150000.4.6.2 - SUSE Linux Enterprise Server for SAP 15 (x86_64): libcroco-0_6-3-32bit-0.6.12-150000.4.6.2 libcroco-0_6-3-32bit-debuginfo-0.6.12-150000.4.6.2 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): libcroco-0.6.12-150000.4.6.2 libcroco-0_6-3-0.6.12-150000.4.6.2 libcroco-0_6-3-debuginfo-0.6.12-150000.4.6.2 libcroco-debuginfo-0.6.12-150000.4.6.2 libcroco-debugsource-0.6.12-150000.4.6.2 libcroco-devel-0.6.12-150000.4.6.2 - SUSE Linux Enterprise Server 15-SP1-LTSS (x86_64): libcroco-0_6-3-32bit-0.6.12-150000.4.6.2 libcroco-0_6-3-32bit-debuginfo-0.6.12-150000.4.6.2 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): libcroco-0.6.12-150000.4.6.2 libcroco-0_6-3-0.6.12-150000.4.6.2 libcroco-0_6-3-32bit-0.6.12-150000.4.6.2 libcroco-0_6-3-32bit-debuginfo-0.6.12-150000.4.6.2 libcroco-0_6-3-debuginfo-0.6.12-150000.4.6.2 libcroco-debuginfo-0.6.12-150000.4.6.2 libcroco-debugsource-0.6.12-150000.4.6.2 libcroco-devel-0.6.12-150000.4.6.2 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): libcroco-0.6.12-150000.4.6.2 libcroco-0_6-3-0.6.12-150000.4.6.2 libcroco-0_6-3-debuginfo-0.6.12-150000.4.6.2 libcroco-debuginfo-0.6.12-150000.4.6.2 libcroco-debugsource-0.6.12-150000.4.6.2 libcroco-devel-0.6.12-150000.4.6.2 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): libcroco-0.6.12-150000.4.6.2 libcroco-0_6-3-0.6.12-150000.4.6.2 libcroco-0_6-3-debuginfo-0.6.12-150000.4.6.2 libcroco-debuginfo-0.6.12-150000.4.6.2 libcroco-debugsource-0.6.12-150000.4.6.2 libcroco-devel-0.6.12-150000.4.6.2 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (x86_64): libcroco-0_6-3-32bit-0.6.12-150000.4.6.2 libcroco-0_6-3-32bit-debuginfo-0.6.12-150000.4.6.2 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): libcroco-0.6.12-150000.4.6.2 libcroco-0_6-3-0.6.12-150000.4.6.2 libcroco-0_6-3-debuginfo-0.6.12-150000.4.6.2 libcroco-debuginfo-0.6.12-150000.4.6.2 libcroco-debugsource-0.6.12-150000.4.6.2 libcroco-devel-0.6.12-150000.4.6.2 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (x86_64): libcroco-0_6-3-32bit-0.6.12-150000.4.6.2 libcroco-0_6-3-32bit-debuginfo-0.6.12-150000.4.6.2 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): libcroco-0.6.12-150000.4.6.2 libcroco-0_6-3-0.6.12-150000.4.6.2 libcroco-0_6-3-debuginfo-0.6.12-150000.4.6.2 libcroco-debuginfo-0.6.12-150000.4.6.2 libcroco-debugsource-0.6.12-150000.4.6.2 libcroco-devel-0.6.12-150000.4.6.2 - SUSE Linux Enterprise High Performance Computing 15-LTSS (x86_64): libcroco-0_6-3-32bit-0.6.12-150000.4.6.2 libcroco-0_6-3-32bit-debuginfo-0.6.12-150000.4.6.2 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): libcroco-0.6.12-150000.4.6.2 libcroco-0_6-3-0.6.12-150000.4.6.2 libcroco-0_6-3-debuginfo-0.6.12-150000.4.6.2 libcroco-debuginfo-0.6.12-150000.4.6.2 libcroco-debugsource-0.6.12-150000.4.6.2 libcroco-devel-0.6.12-150000.4.6.2 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (x86_64): libcroco-0_6-3-32bit-0.6.12-150000.4.6.2 libcroco-0_6-3-32bit-debuginfo-0.6.12-150000.4.6.2 - SUSE Enterprise Storage 6 (aarch64 x86_64): libcroco-0.6.12-150000.4.6.2 libcroco-0_6-3-0.6.12-150000.4.6.2 libcroco-0_6-3-debuginfo-0.6.12-150000.4.6.2 libcroco-debuginfo-0.6.12-150000.4.6.2 libcroco-debugsource-0.6.12-150000.4.6.2 libcroco-devel-0.6.12-150000.4.6.2 - SUSE Enterprise Storage 6 (x86_64): libcroco-0_6-3-32bit-0.6.12-150000.4.6.2 libcroco-0_6-3-32bit-debuginfo-0.6.12-150000.4.6.2 - SUSE CaaS Platform 4.0 (x86_64): libcroco-0.6.12-150000.4.6.2 libcroco-0_6-3-0.6.12-150000.4.6.2 libcroco-0_6-3-32bit-0.6.12-150000.4.6.2 libcroco-0_6-3-32bit-debuginfo-0.6.12-150000.4.6.2 libcroco-0_6-3-debuginfo-0.6.12-150000.4.6.2 libcroco-debuginfo-0.6.12-150000.4.6.2 libcroco-debugsource-0.6.12-150000.4.6.2 libcroco-devel-0.6.12-150000.4.6.2 References: https://www.suse.com/security/cve/CVE-2020-12825.html https://bugzilla.suse.com/1171685 From sle-updates at lists.suse.com Tue Oct 4 13:24:20 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 4 Oct 2022 15:24:20 +0200 (CEST) Subject: SUSE-SU-2022:3512-1: moderate: Security update for python Message-ID: <20221004132420.3C051FD57@maintenance.suse.de> SUSE Security Update: Security update for python ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3512-1 Rating: moderate References: #1202624 Cross-References: CVE-2021-28861 CVSS scores: CVE-2021-28861 (NVD) : 7.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N CVE-2021-28861 (SUSE): 7.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Desktop Applications 15-SP3 SUSE Linux Enterprise Module for Python2 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python fixes the following issues: - CVE-2021-28861: Fixed an open redirection vulnerability in the HTTP server when an URI path starts with // (bsc#1202624). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3512=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-3512=1 - SUSE Linux Enterprise Module for Python2 15-SP3: zypper in -t patch SUSE-SLE-Module-Python2-15-SP3-2022-3512=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP3-2022-3512=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-3512=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): libpython2_7-1_0-2.7.18-150000.44.1 libpython2_7-1_0-debuginfo-2.7.18-150000.44.1 python-2.7.18-150000.44.1 python-base-2.7.18-150000.44.1 python-base-debuginfo-2.7.18-150000.44.1 python-base-debugsource-2.7.18-150000.44.1 python-curses-2.7.18-150000.44.1 python-curses-debuginfo-2.7.18-150000.44.1 python-debuginfo-2.7.18-150000.44.1 python-debugsource-2.7.18-150000.44.1 python-demo-2.7.18-150000.44.1 python-devel-2.7.18-150000.44.1 python-gdbm-2.7.18-150000.44.1 python-gdbm-debuginfo-2.7.18-150000.44.1 python-idle-2.7.18-150000.44.1 python-tk-2.7.18-150000.44.1 python-tk-debuginfo-2.7.18-150000.44.1 python-xml-2.7.18-150000.44.1 python-xml-debuginfo-2.7.18-150000.44.1 - openSUSE Leap 15.4 (noarch): python-doc-2.7.18-150000.44.1 python-doc-pdf-2.7.18-150000.44.1 - openSUSE Leap 15.4 (x86_64): libpython2_7-1_0-32bit-2.7.18-150000.44.1 libpython2_7-1_0-32bit-debuginfo-2.7.18-150000.44.1 python-32bit-2.7.18-150000.44.1 python-32bit-debuginfo-2.7.18-150000.44.1 python-base-32bit-2.7.18-150000.44.1 python-base-32bit-debuginfo-2.7.18-150000.44.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): libpython2_7-1_0-2.7.18-150000.44.1 libpython2_7-1_0-debuginfo-2.7.18-150000.44.1 python-2.7.18-150000.44.1 python-base-2.7.18-150000.44.1 python-base-debuginfo-2.7.18-150000.44.1 python-base-debugsource-2.7.18-150000.44.1 python-curses-2.7.18-150000.44.1 python-curses-debuginfo-2.7.18-150000.44.1 python-debuginfo-2.7.18-150000.44.1 python-debugsource-2.7.18-150000.44.1 python-demo-2.7.18-150000.44.1 python-devel-2.7.18-150000.44.1 python-gdbm-2.7.18-150000.44.1 python-gdbm-debuginfo-2.7.18-150000.44.1 python-idle-2.7.18-150000.44.1 python-tk-2.7.18-150000.44.1 python-tk-debuginfo-2.7.18-150000.44.1 python-xml-2.7.18-150000.44.1 python-xml-debuginfo-2.7.18-150000.44.1 - openSUSE Leap 15.3 (noarch): python-doc-2.7.18-150000.44.1 python-doc-pdf-2.7.18-150000.44.1 - openSUSE Leap 15.3 (x86_64): libpython2_7-1_0-32bit-2.7.18-150000.44.1 libpython2_7-1_0-32bit-debuginfo-2.7.18-150000.44.1 python-32bit-2.7.18-150000.44.1 python-32bit-debuginfo-2.7.18-150000.44.1 python-base-32bit-2.7.18-150000.44.1 python-base-32bit-debuginfo-2.7.18-150000.44.1 - SUSE Linux Enterprise Module for Python2 15-SP3 (aarch64 ppc64le s390x x86_64): python-base-debuginfo-2.7.18-150000.44.1 python-base-debugsource-2.7.18-150000.44.1 python-curses-2.7.18-150000.44.1 python-curses-debuginfo-2.7.18-150000.44.1 python-debuginfo-2.7.18-150000.44.1 python-debugsource-2.7.18-150000.44.1 python-devel-2.7.18-150000.44.1 python-gdbm-2.7.18-150000.44.1 python-gdbm-debuginfo-2.7.18-150000.44.1 python-xml-2.7.18-150000.44.1 python-xml-debuginfo-2.7.18-150000.44.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (aarch64 ppc64le s390x x86_64): python-debuginfo-2.7.18-150000.44.1 python-debugsource-2.7.18-150000.44.1 python-tk-2.7.18-150000.44.1 python-tk-debuginfo-2.7.18-150000.44.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): libpython2_7-1_0-2.7.18-150000.44.1 libpython2_7-1_0-debuginfo-2.7.18-150000.44.1 python-2.7.18-150000.44.1 python-base-2.7.18-150000.44.1 python-base-debuginfo-2.7.18-150000.44.1 python-base-debugsource-2.7.18-150000.44.1 python-debuginfo-2.7.18-150000.44.1 python-debugsource-2.7.18-150000.44.1 References: https://www.suse.com/security/cve/CVE-2021-28861.html https://bugzilla.suse.com/1202624 From sle-updates at lists.suse.com Tue Oct 4 13:25:02 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 4 Oct 2022 15:25:02 +0200 (CEST) Subject: SUSE-RU-2022:3504-1: moderate: Recommended update for pacemaker Message-ID: <20221004132502.A05F9FD57@maintenance.suse.de> SUSE Recommended Update: Recommended update for pacemaker ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:3504-1 Rating: moderate References: #1129707 #1196340 Affected Products: SUSE Linux Enterprise High Availability 12-SP4 SUSE Linux Enterprise High Performance Computing 12-SP4 SUSE Linux Enterprise Server 12-SP4 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for pacemaker fixes the following issues: - scheduler: do not enforce resource stop if any new probe/monitor indicates the resource was not running on the target (bsc#1196340) - OCF: controld: Give warning when no-quorum-policy not set as freeze while using DLM (bsc#1129707) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 12-SP4: zypper in -t patch SUSE-SLE-HA-12-SP4-2022-3504=1 Package List: - SUSE Linux Enterprise High Availability 12-SP4 (ppc64le s390x x86_64): libpacemaker3-1.1.19+20181105.ccd6b5b10-3.34.3 libpacemaker3-debuginfo-1.1.19+20181105.ccd6b5b10-3.34.3 pacemaker-1.1.19+20181105.ccd6b5b10-3.34.3 pacemaker-cli-1.1.19+20181105.ccd6b5b10-3.34.3 pacemaker-cli-debuginfo-1.1.19+20181105.ccd6b5b10-3.34.3 pacemaker-cts-1.1.19+20181105.ccd6b5b10-3.34.3 pacemaker-cts-debuginfo-1.1.19+20181105.ccd6b5b10-3.34.3 pacemaker-debuginfo-1.1.19+20181105.ccd6b5b10-3.34.3 pacemaker-debugsource-1.1.19+20181105.ccd6b5b10-3.34.3 pacemaker-remote-1.1.19+20181105.ccd6b5b10-3.34.3 pacemaker-remote-debuginfo-1.1.19+20181105.ccd6b5b10-3.34.3 References: https://bugzilla.suse.com/1129707 https://bugzilla.suse.com/1196340 From sle-updates at lists.suse.com Tue Oct 4 13:25:42 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 4 Oct 2022 15:25:42 +0200 (CEST) Subject: SUSE-SU-2022:3500-1: important: Security update for bind Message-ID: <20221004132542.8D42DFD57@maintenance.suse.de> SUSE Security Update: Security update for bind ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3500-1 Rating: important References: #1203614 #1203619 Cross-References: CVE-2022-2795 CVE-2022-38177 CVSS scores: CVE-2022-2795 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-2795 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-38177 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-38177 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP3-BCL ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for bind fixes the following issues: - CVE-2022-2795: Fixed potential performance degredation due to missing database lookup limits when processing large delegations (bsc#1203614). - CVE-2022-38177: Fixed a memory leak that could be externally triggered in the DNSSEC verification code for the ECDSA algorithm (bsc#1203619). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2022-3500=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2022-3500=1 Package List: - SUSE Linux Enterprise Server 12-SP3-BCL (noarch): bind-doc-9.9.9P1-63.37.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): bind-9.9.9P1-63.37.1 bind-chrootenv-9.9.9P1-63.37.1 bind-debuginfo-9.9.9P1-63.37.1 bind-debugsource-9.9.9P1-63.37.1 bind-libs-32bit-9.9.9P1-63.37.1 bind-libs-9.9.9P1-63.37.1 bind-libs-debuginfo-32bit-9.9.9P1-63.37.1 bind-libs-debuginfo-9.9.9P1-63.37.1 bind-utils-9.9.9P1-63.37.1 bind-utils-debuginfo-9.9.9P1-63.37.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): bind-9.9.9P1-63.37.1 bind-chrootenv-9.9.9P1-63.37.1 bind-debuginfo-9.9.9P1-63.37.1 bind-debugsource-9.9.9P1-63.37.1 bind-libs-32bit-9.9.9P1-63.37.1 bind-libs-9.9.9P1-63.37.1 bind-libs-debuginfo-32bit-9.9.9P1-63.37.1 bind-libs-debuginfo-9.9.9P1-63.37.1 bind-utils-9.9.9P1-63.37.1 bind-utils-debuginfo-9.9.9P1-63.37.1 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): bind-doc-9.9.9P1-63.37.1 References: https://www.suse.com/security/cve/CVE-2022-2795.html https://www.suse.com/security/cve/CVE-2022-38177.html https://bugzilla.suse.com/1203614 https://bugzilla.suse.com/1203619 From sle-updates at lists.suse.com Tue Oct 4 13:26:25 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 4 Oct 2022 15:26:25 +0200 (CEST) Subject: SUSE-RU-2022:3508-1: Recommended update for clamsap Message-ID: <20221004132625.D387BFD57@maintenance.suse.de> SUSE Recommended Update: Recommended update for clamsap ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:3508-1 Rating: low References: #1200699 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for clamsap fixes the following issues: - Add reference to bsc#1200699 in the changelog (bsc#1200699). Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP5: zypper in -t patch SUSE-SLE-SAP-12-SP5-2022-3508=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-3508=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP5 (ppc64le x86_64): clamsap-0.104.3-3.12.1 clamsap-debuginfo-0.104.3-3.12.1 clamsap-debugsource-0.104.3-3.12.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): clamsap-0.104.3-3.12.1 clamsap-debuginfo-0.104.3-3.12.1 clamsap-debugsource-0.104.3-3.12.1 References: https://bugzilla.suse.com/1200699 From sle-updates at lists.suse.com Tue Oct 4 13:27:02 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 4 Oct 2022 15:27:02 +0200 (CEST) Subject: SUSE-SU-2022:3497-1: important: Security update for slurm Message-ID: <20221004132702.19126FD98@maintenance.suse.de> SUSE Security Update: Security update for slurm ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3497-1 Rating: important References: #1199278 #1199279 #1201674 Cross-References: CVE-2022-29500 CVE-2022-29501 CVE-2022-31251 CVSS scores: CVE-2022-29500 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-29500 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-29501 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-29501 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-31251 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Module for HPC 12 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for slurm fixes the following issues: - CVE-2022-31251: Fixed a potential security vulnerability in the test package (bsc#1201674). - CVE-2022-29500: Fixed architectural flaw that could have been exploited to allow an unprivileged user to execute arbitrary processes as root (bsc#1199278). - CVE-2022-29501: Fixed a problem that an unprivileged user could have sent data to arbitrary unix socket as root (bsc#1199279). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for HPC 12: zypper in -t patch SUSE-SLE-Module-HPC-12-2022-3497=1 Package List: - SUSE Linux Enterprise Module for HPC 12 (aarch64 x86_64): libpmi0-17.02.11-6.53.1 libpmi0-debuginfo-17.02.11-6.53.1 libslurm31-17.02.11-6.53.1 libslurm31-debuginfo-17.02.11-6.53.1 perl-slurm-17.02.11-6.53.1 perl-slurm-debuginfo-17.02.11-6.53.1 slurm-17.02.11-6.53.1 slurm-auth-none-17.02.11-6.53.1 slurm-auth-none-debuginfo-17.02.11-6.53.1 slurm-config-17.02.11-6.53.1 slurm-debuginfo-17.02.11-6.53.1 slurm-debugsource-17.02.11-6.53.1 slurm-devel-17.02.11-6.53.1 slurm-doc-17.02.11-6.53.1 slurm-lua-17.02.11-6.53.1 slurm-lua-debuginfo-17.02.11-6.53.1 slurm-munge-17.02.11-6.53.1 slurm-munge-debuginfo-17.02.11-6.53.1 slurm-pam_slurm-17.02.11-6.53.1 slurm-pam_slurm-debuginfo-17.02.11-6.53.1 slurm-plugins-17.02.11-6.53.1 slurm-plugins-debuginfo-17.02.11-6.53.1 slurm-sched-wiki-17.02.11-6.53.1 slurm-slurmdb-direct-17.02.11-6.53.1 slurm-slurmdbd-17.02.11-6.53.1 slurm-slurmdbd-debuginfo-17.02.11-6.53.1 slurm-sql-17.02.11-6.53.1 slurm-sql-debuginfo-17.02.11-6.53.1 slurm-torque-17.02.11-6.53.1 slurm-torque-debuginfo-17.02.11-6.53.1 References: https://www.suse.com/security/cve/CVE-2022-29500.html https://www.suse.com/security/cve/CVE-2022-29501.html https://www.suse.com/security/cve/CVE-2022-31251.html https://bugzilla.suse.com/1199278 https://bugzilla.suse.com/1199279 https://bugzilla.suse.com/1201674 From sle-updates at lists.suse.com Tue Oct 4 13:28:16 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 4 Oct 2022 15:28:16 +0200 (CEST) Subject: SUSE-SU-2022:3494-1: important: Security update for libgit2 Message-ID: <20221004132816.A50E0FD98@maintenance.suse.de> SUSE Security Update: Security update for libgit2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3494-1 Rating: important References: #1198234 #1201431 Cross-References: CVE-2022-24765 CVE-2022-29187 CVSS scores: CVE-2022-24765 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-24765 (SUSE): 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H CVE-2022-29187 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-29187 (SUSE): 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H Affected Products: SUSE Enterprise Storage 7 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for Development Tools 15-SP3 SUSE Linux Enterprise Module for SUSE Manager Server 4.1 SUSE Linux Enterprise Module for SUSE Manager Server 4.2 SUSE Linux Enterprise Module for SUSE Manager Server 4.3 SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.1 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.1 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for libgit2 fixes the following issues: - CVE-2022-24765: Fixed potential command injection via git worktree (bsc#1198234). - CVE-2022-29187: Fixed incomplete fix for CVE-2022-24765 (bsc#1201431). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3494=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-3494=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-3494=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-3494=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-3494=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-3494=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-3494=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-3494=1 - SUSE Linux Enterprise Module for SUSE Manager Server 4.3: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.3-2022-3494=1 - SUSE Linux Enterprise Module for SUSE Manager Server 4.2: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.2-2022-3494=1 - SUSE Linux Enterprise Module for SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.1-2022-3494=1 - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2022-3494=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-3494=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-3494=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-3494=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): libgit2-28-0.28.4-150200.3.3.1 libgit2-28-debuginfo-0.28.4-150200.3.3.1 - openSUSE Leap 15.4 (x86_64): libgit2-28-32bit-0.28.4-150200.3.3.1 libgit2-28-32bit-debuginfo-0.28.4-150200.3.3.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): libgit2-28-0.28.4-150200.3.3.1 libgit2-28-debuginfo-0.28.4-150200.3.3.1 libgit2-debugsource-0.28.4-150200.3.3.1 libgit2-devel-0.28.4-150200.3.3.1 - openSUSE Leap 15.3 (x86_64): libgit2-28-32bit-0.28.4-150200.3.3.1 libgit2-28-32bit-debuginfo-0.28.4-150200.3.3.1 - SUSE Manager Server 4.1 (ppc64le s390x x86_64): libgit2-28-0.28.4-150200.3.3.1 libgit2-28-debuginfo-0.28.4-150200.3.3.1 libgit2-debugsource-0.28.4-150200.3.3.1 libgit2-devel-0.28.4-150200.3.3.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): libgit2-28-0.28.4-150200.3.3.1 libgit2-28-debuginfo-0.28.4-150200.3.3.1 libgit2-debugsource-0.28.4-150200.3.3.1 libgit2-devel-0.28.4-150200.3.3.1 - SUSE Manager Proxy 4.1 (x86_64): libgit2-28-0.28.4-150200.3.3.1 libgit2-28-debuginfo-0.28.4-150200.3.3.1 libgit2-debugsource-0.28.4-150200.3.3.1 libgit2-devel-0.28.4-150200.3.3.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): libgit2-28-0.28.4-150200.3.3.1 libgit2-28-debuginfo-0.28.4-150200.3.3.1 libgit2-debugsource-0.28.4-150200.3.3.1 libgit2-devel-0.28.4-150200.3.3.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): libgit2-28-0.28.4-150200.3.3.1 libgit2-28-debuginfo-0.28.4-150200.3.3.1 libgit2-debugsource-0.28.4-150200.3.3.1 libgit2-devel-0.28.4-150200.3.3.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): libgit2-28-0.28.4-150200.3.3.1 libgit2-28-debuginfo-0.28.4-150200.3.3.1 libgit2-debugsource-0.28.4-150200.3.3.1 libgit2-devel-0.28.4-150200.3.3.1 - SUSE Linux Enterprise Module for SUSE Manager Server 4.3 (aarch64 ppc64le s390x x86_64): libgit2-28-0.28.4-150200.3.3.1 libgit2-28-debuginfo-0.28.4-150200.3.3.1 libgit2-debugsource-0.28.4-150200.3.3.1 - SUSE Linux Enterprise Module for SUSE Manager Server 4.2 (aarch64 ppc64le s390x x86_64): libgit2-28-0.28.4-150200.3.3.1 libgit2-28-debuginfo-0.28.4-150200.3.3.1 libgit2-debugsource-0.28.4-150200.3.3.1 - SUSE Linux Enterprise Module for SUSE Manager Server 4.1 (aarch64 ppc64le s390x x86_64): libgit2-28-0.28.4-150200.3.3.1 libgit2-28-debuginfo-0.28.4-150200.3.3.1 libgit2-debugsource-0.28.4-150200.3.3.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le s390x x86_64): libgit2-28-0.28.4-150200.3.3.1 libgit2-28-debuginfo-0.28.4-150200.3.3.1 libgit2-debugsource-0.28.4-150200.3.3.1 libgit2-devel-0.28.4-150200.3.3.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): libgit2-28-0.28.4-150200.3.3.1 libgit2-28-debuginfo-0.28.4-150200.3.3.1 libgit2-debugsource-0.28.4-150200.3.3.1 libgit2-devel-0.28.4-150200.3.3.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): libgit2-28-0.28.4-150200.3.3.1 libgit2-28-debuginfo-0.28.4-150200.3.3.1 libgit2-debugsource-0.28.4-150200.3.3.1 libgit2-devel-0.28.4-150200.3.3.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): libgit2-28-0.28.4-150200.3.3.1 libgit2-28-debuginfo-0.28.4-150200.3.3.1 libgit2-debugsource-0.28.4-150200.3.3.1 libgit2-devel-0.28.4-150200.3.3.1 References: https://www.suse.com/security/cve/CVE-2022-24765.html https://www.suse.com/security/cve/CVE-2022-29187.html https://bugzilla.suse.com/1198234 https://bugzilla.suse.com/1201431 From sle-updates at lists.suse.com Tue Oct 4 13:29:26 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 4 Oct 2022 15:29:26 +0200 (CEST) Subject: SUSE-RU-2022:3505-1: moderate: Recommended update for pacemaker Message-ID: <20221004132926.1C3EDFD98@maintenance.suse.de> SUSE Recommended Update: Recommended update for pacemaker ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:3505-1 Rating: moderate References: #1129707 #1196340 #1198409 Affected Products: SUSE Linux Enterprise High Availability 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for pacemaker fixes the following issues: - OCF: controld: Give warning when no-quorum-policy not set as freeze while using DLM (bsc#1129707) - scheduler: do not enforce resource stop if any new probe/monitor indicates the resource was not running on the target (bsc#1196340) - tools: set commands in crm_resource before changing any options (bsc#1198409) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-3505=1 - SUSE Linux Enterprise High Availability 15-SP3: zypper in -t patch SUSE-SLE-Product-HA-15-SP3-2022-3505=1 Package List: - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): libpacemaker-devel-2.0.5+20201202.ba59be712-150300.4.24.1 libpacemaker3-2.0.5+20201202.ba59be712-150300.4.24.1 libpacemaker3-debuginfo-2.0.5+20201202.ba59be712-150300.4.24.1 pacemaker-2.0.5+20201202.ba59be712-150300.4.24.1 pacemaker-cli-2.0.5+20201202.ba59be712-150300.4.24.1 pacemaker-cli-debuginfo-2.0.5+20201202.ba59be712-150300.4.24.1 pacemaker-debuginfo-2.0.5+20201202.ba59be712-150300.4.24.1 pacemaker-debugsource-2.0.5+20201202.ba59be712-150300.4.24.1 pacemaker-remote-2.0.5+20201202.ba59be712-150300.4.24.1 pacemaker-remote-debuginfo-2.0.5+20201202.ba59be712-150300.4.24.1 - openSUSE Leap 15.3 (noarch): pacemaker-cts-2.0.5+20201202.ba59be712-150300.4.24.1 - SUSE Linux Enterprise High Availability 15-SP3 (aarch64 ppc64le s390x x86_64): libpacemaker-devel-2.0.5+20201202.ba59be712-150300.4.24.1 libpacemaker3-2.0.5+20201202.ba59be712-150300.4.24.1 libpacemaker3-debuginfo-2.0.5+20201202.ba59be712-150300.4.24.1 pacemaker-2.0.5+20201202.ba59be712-150300.4.24.1 pacemaker-cli-2.0.5+20201202.ba59be712-150300.4.24.1 pacemaker-cli-debuginfo-2.0.5+20201202.ba59be712-150300.4.24.1 pacemaker-debuginfo-2.0.5+20201202.ba59be712-150300.4.24.1 pacemaker-debugsource-2.0.5+20201202.ba59be712-150300.4.24.1 pacemaker-remote-2.0.5+20201202.ba59be712-150300.4.24.1 pacemaker-remote-debuginfo-2.0.5+20201202.ba59be712-150300.4.24.1 - SUSE Linux Enterprise High Availability 15-SP3 (noarch): pacemaker-cts-2.0.5+20201202.ba59be712-150300.4.24.1 References: https://bugzilla.suse.com/1129707 https://bugzilla.suse.com/1196340 https://bugzilla.suse.com/1198409 From sle-updates at lists.suse.com Tue Oct 4 13:30:13 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 4 Oct 2022 15:30:13 +0200 (CEST) Subject: SUSE-RU-2022:3506-1: moderate: Recommended update for pacemaker Message-ID: <20221004133013.AC2C9FD98@maintenance.suse.de> SUSE Recommended Update: Recommended update for pacemaker ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:3506-1 Rating: moderate References: #1129707 #1196340 #1197668 Affected Products: SUSE Linux Enterprise High Availability 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP2 SUSE Linux Enterprise Server 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP2 SUSE Linux Enterprise Storage 7 SUSE Manager Proxy 4.1 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for pacemaker fixes the following issues: - OCF: controld: Give warning when no-quorum-policy not set as freeze while using DLM (bsc#1129707) - scheduler: do not enforce resource stop if any new probe/monitor indicates the resource was not running on the target (bsc#1196340) - Pacemaker high resolution timestamps (bsc#1197668) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 15-SP2: zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2022-3506=1 Package List: - SUSE Linux Enterprise High Availability 15-SP2 (aarch64 ppc64le s390x x86_64): libpacemaker-devel-2.0.4+20200616.2deceaa3a-150200.3.18.1 libpacemaker3-2.0.4+20200616.2deceaa3a-150200.3.18.1 libpacemaker3-debuginfo-2.0.4+20200616.2deceaa3a-150200.3.18.1 pacemaker-2.0.4+20200616.2deceaa3a-150200.3.18.1 pacemaker-cli-2.0.4+20200616.2deceaa3a-150200.3.18.1 pacemaker-cli-debuginfo-2.0.4+20200616.2deceaa3a-150200.3.18.1 pacemaker-debuginfo-2.0.4+20200616.2deceaa3a-150200.3.18.1 pacemaker-debugsource-2.0.4+20200616.2deceaa3a-150200.3.18.1 pacemaker-remote-2.0.4+20200616.2deceaa3a-150200.3.18.1 pacemaker-remote-debuginfo-2.0.4+20200616.2deceaa3a-150200.3.18.1 - SUSE Linux Enterprise High Availability 15-SP2 (noarch): pacemaker-cts-2.0.4+20200616.2deceaa3a-150200.3.18.1 References: https://bugzilla.suse.com/1129707 https://bugzilla.suse.com/1196340 https://bugzilla.suse.com/1197668 From sle-updates at lists.suse.com Tue Oct 4 13:31:00 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 4 Oct 2022 15:31:00 +0200 (CEST) Subject: SUSE-SU-2022:3503-1: moderate: Security update for nodejs12 Message-ID: <20221004133100.DCD6CFD57@maintenance.suse.de> SUSE Security Update: Security update for nodejs12 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3503-1 Rating: moderate References: #1201325 #1203832 Cross-References: CVE-2022-32213 CVE-2022-35256 CVSS scores: CVE-2022-32213 (NVD) : 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVE-2022-32213 (SUSE): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H CVE-2022-35256 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N Affected Products: SUSE Linux Enterprise High Performance Computing 12 SUSE Linux Enterprise Module for Web Scripting 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12 SUSE Linux Enterprise Server for SAP Applications 12-SP3 SUSE Linux Enterprise Server for SAP Applications 12-SP4 SUSE Linux Enterprise Server for SAP Applications 12-SP5 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for nodejs12 fixes the following issues: - CVE-2022-35256: Fixed incorrect parsing of header fields (bsc#1203832). - CVE-2022-32213: Fixed bypass via obs-fold mechanic (bsc#1201325). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Web Scripting 12: zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2022-3503=1 Package List: - SUSE Linux Enterprise Module for Web Scripting 12 (aarch64 ppc64le s390x x86_64): nodejs12-12.22.12-1.54.1 nodejs12-debuginfo-12.22.12-1.54.1 nodejs12-debugsource-12.22.12-1.54.1 nodejs12-devel-12.22.12-1.54.1 npm12-12.22.12-1.54.1 - SUSE Linux Enterprise Module for Web Scripting 12 (noarch): nodejs12-docs-12.22.12-1.54.1 References: https://www.suse.com/security/cve/CVE-2022-32213.html https://www.suse.com/security/cve/CVE-2022-35256.html https://bugzilla.suse.com/1201325 https://bugzilla.suse.com/1203832 From sle-updates at lists.suse.com Tue Oct 4 13:31:53 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 4 Oct 2022 15:31:53 +0200 (CEST) Subject: SUSE-SU-2022:3511-1: moderate: Security update for python3 Message-ID: <20221004133153.0AB5AFD57@maintenance.suse.de> SUSE Security Update: Security update for python3 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3511-1 Rating: moderate References: #1202624 Cross-References: CVE-2021-28861 CVSS scores: CVE-2021-28861 (NVD) : 7.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N CVE-2021-28861 (SUSE): 7.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N Affected Products: SUSE Linux Enterprise High Performance Computing 12 SUSE Linux Enterprise Module for Web Scripting 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12 SUSE Linux Enterprise Server for SAP Applications 12-SP3 SUSE Linux Enterprise Server for SAP Applications 12-SP4 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python3 fixes the following issues: - CVE-2021-28861: Fixed an open redirection vulnerability in the HTTP server when an URI path starts with // (bsc#1202624). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-3511=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-3511=1 - SUSE Linux Enterprise Module for Web Scripting 12: zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2022-3511=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): python3-base-debuginfo-3.4.10-25.96.1 python3-base-debugsource-3.4.10-25.96.1 python3-dbm-3.4.10-25.96.1 python3-dbm-debuginfo-3.4.10-25.96.1 python3-debuginfo-3.4.10-25.96.1 python3-debugsource-3.4.10-25.96.1 python3-devel-3.4.10-25.96.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (ppc64le s390x x86_64): python3-devel-debuginfo-3.4.10-25.96.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libpython3_4m1_0-3.4.10-25.96.1 libpython3_4m1_0-debuginfo-3.4.10-25.96.1 python3-3.4.10-25.96.1 python3-base-3.4.10-25.96.1 python3-base-debuginfo-3.4.10-25.96.1 python3-base-debugsource-3.4.10-25.96.1 python3-curses-3.4.10-25.96.1 python3-curses-debuginfo-3.4.10-25.96.1 python3-debuginfo-3.4.10-25.96.1 python3-debugsource-3.4.10-25.96.1 python3-devel-3.4.10-25.96.1 python3-tk-3.4.10-25.96.1 python3-tk-debuginfo-3.4.10-25.96.1 - SUSE Linux Enterprise Server 12-SP5 (ppc64le s390x x86_64): python3-devel-debuginfo-3.4.10-25.96.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): libpython3_4m1_0-32bit-3.4.10-25.96.1 libpython3_4m1_0-debuginfo-32bit-3.4.10-25.96.1 python3-base-debuginfo-32bit-3.4.10-25.96.1 - SUSE Linux Enterprise Module for Web Scripting 12 (aarch64 ppc64le s390x x86_64): libpython3_4m1_0-3.4.10-25.96.1 libpython3_4m1_0-debuginfo-3.4.10-25.96.1 python3-3.4.10-25.96.1 python3-base-3.4.10-25.96.1 python3-base-debuginfo-3.4.10-25.96.1 python3-base-debugsource-3.4.10-25.96.1 python3-curses-3.4.10-25.96.1 python3-debuginfo-3.4.10-25.96.1 python3-debugsource-3.4.10-25.96.1 References: https://www.suse.com/security/cve/CVE-2021-28861.html https://bugzilla.suse.com/1202624 From sle-updates at lists.suse.com Tue Oct 4 13:33:11 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 4 Oct 2022 15:33:11 +0200 (CEST) Subject: SUSE-FU-2022:3501-1: important: Feature update for aws-cli, python-boto3, python-botocore Message-ID: <20221004133311.BF7F7FD57@maintenance.suse.de> SUSE Feature Update: Feature update for aws-cli, python-boto3, python-botocore ______________________________________________________________________________ Announcement ID: SUSE-FU-2022:3501-1 Rating: important References: #1199716 PED-1851 Affected Products: SUSE Enterprise Storage 7 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Module for Public Cloud 15-SP2 SUSE Linux Enterprise Module for Public Cloud 15-SP3 SUSE Linux Enterprise Module for Public Cloud 15-SP4 SUSE Linux Enterprise Server 15-SP2 SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Linux Enterprise Storage 7 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.1 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.1 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 openSUSE Leap Micro 5.2 ______________________________________________________________________________ An update that has one feature fix and contains one feature can now be installed. Description: This update for aws-cli, python-boto3, python-botocore fixes the following issues: Update AWS SDK and CLI in SUSE Linux Enterprise 15 (bsc#1199716, jsc#PED-1851) aws-cli: - Update from version 1.20.7 to version 1.24.4 (bsc#1199716, jsc#PED-1851) - For detailed changes see packaged CHANGELOG.rst or https://raw.githubusercontent.com/aws/aws-cli/1.24.4/CHANGELOG.rst - Updated required dependencies python-boto3: - Update from version 1.18.7 to version 1.23.4 (bsc#1199716, jsc#PED-1851) - For detailed changes see https://github.com/boto/boto3/blob/develop/CHANGELOG.rst#1234 - Updated required dependencies python-botocore: - Update from version 1.21.7 to version 1.26.4 (bsc#1199716, jsc#PED-1851) - For detailed changes see https://github.com/boto/botocore/blob/develop/CHANGELOG.rst#1264 - Updated required dependencies Patch Instructions: To install this SUSE Feature Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap Micro 5.2: zypper in -t patch openSUSE-Leap-Micro-5.2-2022-3501=1 - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3501=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-3501=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-3501=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-3501=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-3501=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-3501=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-3501=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-3501=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP4: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2022-3501=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP3: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP3-2022-3501=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP2: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP2-2022-3501=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-3501=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-3501=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-3501=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-3501=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-3501=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-3501=1 Package List: - openSUSE Leap Micro 5.2 (noarch): aws-cli-1.24.4-150200.30.8.1 python3-botocore-1.26.4-150200.37.9.1 - openSUSE Leap 15.4 (noarch): aws-cli-1.24.4-150200.30.8.1 python3-boto3-1.23.4-150200.23.9.1 python3-botocore-1.26.4-150200.37.9.1 - openSUSE Leap 15.3 (noarch): aws-cli-1.24.4-150200.30.8.1 python3-boto3-1.23.4-150200.23.9.1 python3-botocore-1.26.4-150200.37.9.1 - SUSE Manager Server 4.1 (noarch): python3-boto3-1.23.4-150200.23.9.1 python3-botocore-1.26.4-150200.37.9.1 - SUSE Manager Retail Branch Server 4.1 (noarch): python3-boto3-1.23.4-150200.23.9.1 python3-botocore-1.26.4-150200.37.9.1 - SUSE Manager Proxy 4.1 (noarch): python3-boto3-1.23.4-150200.23.9.1 python3-botocore-1.26.4-150200.37.9.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (noarch): python3-boto3-1.23.4-150200.23.9.1 python3-botocore-1.26.4-150200.37.9.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (noarch): python3-boto3-1.23.4-150200.23.9.1 python3-botocore-1.26.4-150200.37.9.1 - SUSE Linux Enterprise Server 15-SP2-BCL (noarch): python3-boto3-1.23.4-150200.23.9.1 python3-botocore-1.26.4-150200.37.9.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP4 (noarch): aws-cli-1.24.4-150200.30.8.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP3 (noarch): aws-cli-1.24.4-150200.30.8.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP2 (noarch): aws-cli-1.24.4-150200.30.8.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (noarch): python3-boto3-1.23.4-150200.23.9.1 python3-botocore-1.26.4-150200.37.9.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): python3-boto3-1.23.4-150200.23.9.1 python3-botocore-1.26.4-150200.37.9.1 - SUSE Linux Enterprise Micro 5.2 (noarch): aws-cli-1.24.4-150200.30.8.1 python3-botocore-1.26.4-150200.37.9.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (noarch): python3-boto3-1.23.4-150200.23.9.1 python3-botocore-1.26.4-150200.37.9.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (noarch): python3-boto3-1.23.4-150200.23.9.1 python3-botocore-1.26.4-150200.37.9.1 - SUSE Enterprise Storage 7 (noarch): python3-boto3-1.23.4-150200.23.9.1 python3-botocore-1.26.4-150200.37.9.1 References: https://bugzilla.suse.com/1199716 From sle-updates at lists.suse.com Tue Oct 4 13:34:51 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 4 Oct 2022 15:34:51 +0200 (CEST) Subject: SUSE-SU-2022:3496-1: moderate: Security update for colord Message-ID: <20221004133451.40389FD57@maintenance.suse.de> SUSE Security Update: Security update for colord ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3496-1 Rating: moderate References: #1202802 Cross-References: CVE-2021-42523 CVSS scores: CVE-2021-42523 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2021-42523 (SUSE): 4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Module for Desktop Applications 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Linux Enterprise Workstation Extension 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for colord fixes the following issues: - CVE-2021-42523: Fixed a small memory leak in sqlite3_exec (bsc#1202802). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3496=1 - SUSE Linux Enterprise Workstation Extension 15-SP4: zypper in -t patch SUSE-SLE-Product-WE-15-SP4-2022-3496=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2022-3496=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-3496=1 - SUSE Linux Enterprise Micro 5.3: zypper in -t patch SUSE-SLE-Micro-5.3-2022-3496=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): colord-1.4.5-150400.4.3.1 colord-color-profiles-1.4.5-150400.4.3.1 colord-debuginfo-1.4.5-150400.4.3.1 colord-debugsource-1.4.5-150400.4.3.1 libcolord-devel-1.4.5-150400.4.3.1 libcolord2-1.4.5-150400.4.3.1 libcolord2-debuginfo-1.4.5-150400.4.3.1 libcolorhug2-1.4.5-150400.4.3.1 libcolorhug2-debuginfo-1.4.5-150400.4.3.1 typelib-1_0-Colord-1_0-1.4.5-150400.4.3.1 typelib-1_0-Colorhug-1_0-1.4.5-150400.4.3.1 - openSUSE Leap 15.4 (noarch): colord-lang-1.4.5-150400.4.3.1 - openSUSE Leap 15.4 (x86_64): libcolord2-32bit-1.4.5-150400.4.3.1 libcolord2-32bit-debuginfo-1.4.5-150400.4.3.1 - SUSE Linux Enterprise Workstation Extension 15-SP4 (noarch): colord-lang-1.4.5-150400.4.3.1 - SUSE Linux Enterprise Workstation Extension 15-SP4 (x86_64): colord-1.4.5-150400.4.3.1 colord-debuginfo-1.4.5-150400.4.3.1 colord-debugsource-1.4.5-150400.4.3.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4 (aarch64 ppc64le s390x x86_64): colord-color-profiles-1.4.5-150400.4.3.1 colord-debuginfo-1.4.5-150400.4.3.1 colord-debugsource-1.4.5-150400.4.3.1 libcolord-devel-1.4.5-150400.4.3.1 libcolorhug2-1.4.5-150400.4.3.1 libcolorhug2-debuginfo-1.4.5-150400.4.3.1 typelib-1_0-Colord-1_0-1.4.5-150400.4.3.1 typelib-1_0-Colorhug-1_0-1.4.5-150400.4.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): colord-debuginfo-1.4.5-150400.4.3.1 colord-debugsource-1.4.5-150400.4.3.1 libcolord2-1.4.5-150400.4.3.1 libcolord2-debuginfo-1.4.5-150400.4.3.1 - SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64): colord-debuginfo-1.4.5-150400.4.3.1 colord-debugsource-1.4.5-150400.4.3.1 libcolord2-1.4.5-150400.4.3.1 libcolord2-debuginfo-1.4.5-150400.4.3.1 References: https://www.suse.com/security/cve/CVE-2021-42523.html https://bugzilla.suse.com/1202802 From sle-updates at lists.suse.com Tue Oct 4 13:35:32 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 4 Oct 2022 15:35:32 +0200 (CEST) Subject: SUSE-RU-2022:3507-1: moderate: Recommended update for pacemaker Message-ID: <20221004133532.F4129FD57@maintenance.suse.de> SUSE Recommended Update: Recommended update for pacemaker ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:3507-1 Rating: moderate References: #1196340 #1197668 #1198409 Affected Products: SUSE Linux Enterprise High Availability 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for pacemaker fixes the following issues: - scheduler: do not enforce resource stop if any new probe/monitor indicates the resource was not running on the target (bsc#1196340) - tools: set commands in crm_resource before changing any options (bsc#1198409) - Pacemaker high resolution timestamps (bsc#1197668) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3507=1 - SUSE Linux Enterprise High Availability 15-SP4: zypper in -t patch SUSE-SLE-Product-HA-15-SP4-2022-3507=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): libpacemaker-devel-2.1.2+20211124.ada5c3b36-150400.4.3.1 libpacemaker3-2.1.2+20211124.ada5c3b36-150400.4.3.1 libpacemaker3-debuginfo-2.1.2+20211124.ada5c3b36-150400.4.3.1 pacemaker-2.1.2+20211124.ada5c3b36-150400.4.3.1 pacemaker-cli-2.1.2+20211124.ada5c3b36-150400.4.3.1 pacemaker-cli-debuginfo-2.1.2+20211124.ada5c3b36-150400.4.3.1 pacemaker-debuginfo-2.1.2+20211124.ada5c3b36-150400.4.3.1 pacemaker-debugsource-2.1.2+20211124.ada5c3b36-150400.4.3.1 pacemaker-remote-2.1.2+20211124.ada5c3b36-150400.4.3.1 pacemaker-remote-debuginfo-2.1.2+20211124.ada5c3b36-150400.4.3.1 - openSUSE Leap 15.4 (noarch): pacemaker-cts-2.1.2+20211124.ada5c3b36-150400.4.3.1 - SUSE Linux Enterprise High Availability 15-SP4 (aarch64 ppc64le s390x x86_64): libpacemaker-devel-2.1.2+20211124.ada5c3b36-150400.4.3.1 libpacemaker3-2.1.2+20211124.ada5c3b36-150400.4.3.1 libpacemaker3-debuginfo-2.1.2+20211124.ada5c3b36-150400.4.3.1 pacemaker-2.1.2+20211124.ada5c3b36-150400.4.3.1 pacemaker-cli-2.1.2+20211124.ada5c3b36-150400.4.3.1 pacemaker-cli-debuginfo-2.1.2+20211124.ada5c3b36-150400.4.3.1 pacemaker-debuginfo-2.1.2+20211124.ada5c3b36-150400.4.3.1 pacemaker-debugsource-2.1.2+20211124.ada5c3b36-150400.4.3.1 pacemaker-remote-2.1.2+20211124.ada5c3b36-150400.4.3.1 pacemaker-remote-debuginfo-2.1.2+20211124.ada5c3b36-150400.4.3.1 - SUSE Linux Enterprise High Availability 15-SP4 (noarch): pacemaker-cts-2.1.2+20211124.ada5c3b36-150400.4.3.1 References: https://bugzilla.suse.com/1196340 https://bugzilla.suse.com/1197668 https://bugzilla.suse.com/1198409 From sle-updates at lists.suse.com Tue Oct 4 13:36:53 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 4 Oct 2022 15:36:53 +0200 (CEST) Subject: SUSE-SU-2022:3495-1: important: Security update for libgit2 Message-ID: <20221004133653.50872FD57@maintenance.suse.de> SUSE Security Update: Security update for libgit2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3495-1 Rating: important References: #1158790 #1158981 #1198234 #1201431 Cross-References: CVE-2019-1352 CVE-2022-24765 CVE-2022-29187 CVSS scores: CVE-2019-1352 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-24765 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-24765 (SUSE): 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H CVE-2022-29187 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-29187 (SUSE): 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Enterprise Storage 7 SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Manager Proxy 4.1 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that solves three vulnerabilities and has one errata is now available. Description: This update for libgit2 fixes the following issues: - Fixed DoS by oob write in constructed commit object with a very large number of parents (bsc#1158981). - CVE-2019-1352: Fixed git on Windows being unaware of NTFS Alternate Data Streams (bnc#1158790). - CVE-2022-24765: Fixed potential command injection via git worktree (bsc#1198234). - CVE-2022-29187: Fixed incomplete fix for CVE-2022-24765 (bsc#1201431). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3495=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-3495=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-3495=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-3495=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-3495=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-3495=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-3495=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-3495=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-3495=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-3495=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-3495=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-3495=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-3495=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-3495=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-3495=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-3495=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-3495=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-3495=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-3495=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-3495=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-3495=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): libgit2-26-0.26.8-150000.3.15.1 libgit2-26-debuginfo-0.26.8-150000.3.15.1 - openSUSE Leap 15.4 (x86_64): libgit2-26-32bit-0.26.8-150000.3.15.1 libgit2-26-32bit-debuginfo-0.26.8-150000.3.15.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): libgit2-26-0.26.8-150000.3.15.1 libgit2-26-debuginfo-0.26.8-150000.3.15.1 - openSUSE Leap 15.3 (x86_64): libgit2-26-32bit-0.26.8-150000.3.15.1 libgit2-26-32bit-debuginfo-0.26.8-150000.3.15.1 - SUSE Manager Server 4.1 (ppc64le s390x x86_64): libgit2-26-0.26.8-150000.3.15.1 libgit2-26-debuginfo-0.26.8-150000.3.15.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): libgit2-26-0.26.8-150000.3.15.1 libgit2-26-debuginfo-0.26.8-150000.3.15.1 - SUSE Manager Proxy 4.1 (x86_64): libgit2-26-0.26.8-150000.3.15.1 libgit2-26-debuginfo-0.26.8-150000.3.15.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): libgit2-26-0.26.8-150000.3.15.1 libgit2-26-debuginfo-0.26.8-150000.3.15.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): libgit2-26-0.26.8-150000.3.15.1 libgit2-26-debuginfo-0.26.8-150000.3.15.1 libgit2-debugsource-0.26.8-150000.3.15.1 libgit2-devel-0.26.8-150000.3.15.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): libgit2-26-0.26.8-150000.3.15.1 libgit2-26-debuginfo-0.26.8-150000.3.15.1 libgit2-debugsource-0.26.8-150000.3.15.1 libgit2-devel-0.26.8-150000.3.15.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): libgit2-26-0.26.8-150000.3.15.1 libgit2-26-debuginfo-0.26.8-150000.3.15.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): libgit2-26-0.26.8-150000.3.15.1 libgit2-26-debuginfo-0.26.8-150000.3.15.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): libgit2-26-0.26.8-150000.3.15.1 libgit2-26-debuginfo-0.26.8-150000.3.15.1 libgit2-debugsource-0.26.8-150000.3.15.1 libgit2-devel-0.26.8-150000.3.15.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): libgit2-26-0.26.8-150000.3.15.1 libgit2-26-debuginfo-0.26.8-150000.3.15.1 libgit2-debugsource-0.26.8-150000.3.15.1 libgit2-devel-0.26.8-150000.3.15.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): libgit2-26-0.26.8-150000.3.15.1 libgit2-26-debuginfo-0.26.8-150000.3.15.1 libgit2-debugsource-0.26.8-150000.3.15.1 libgit2-devel-0.26.8-150000.3.15.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): libgit2-26-0.26.8-150000.3.15.1 libgit2-26-debuginfo-0.26.8-150000.3.15.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): libgit2-26-0.26.8-150000.3.15.1 libgit2-26-debuginfo-0.26.8-150000.3.15.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): libgit2-26-0.26.8-150000.3.15.1 libgit2-26-debuginfo-0.26.8-150000.3.15.1 libgit2-debugsource-0.26.8-150000.3.15.1 libgit2-devel-0.26.8-150000.3.15.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): libgit2-26-0.26.8-150000.3.15.1 libgit2-26-debuginfo-0.26.8-150000.3.15.1 libgit2-debugsource-0.26.8-150000.3.15.1 libgit2-devel-0.26.8-150000.3.15.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): libgit2-26-0.26.8-150000.3.15.1 libgit2-26-debuginfo-0.26.8-150000.3.15.1 libgit2-debugsource-0.26.8-150000.3.15.1 libgit2-devel-0.26.8-150000.3.15.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): libgit2-26-0.26.8-150000.3.15.1 libgit2-26-debuginfo-0.26.8-150000.3.15.1 libgit2-debugsource-0.26.8-150000.3.15.1 libgit2-devel-0.26.8-150000.3.15.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): libgit2-26-0.26.8-150000.3.15.1 libgit2-26-debuginfo-0.26.8-150000.3.15.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): libgit2-26-0.26.8-150000.3.15.1 libgit2-26-debuginfo-0.26.8-150000.3.15.1 libgit2-debugsource-0.26.8-150000.3.15.1 libgit2-devel-0.26.8-150000.3.15.1 - SUSE CaaS Platform 4.0 (x86_64): libgit2-26-0.26.8-150000.3.15.1 libgit2-26-debuginfo-0.26.8-150000.3.15.1 libgit2-debugsource-0.26.8-150000.3.15.1 libgit2-devel-0.26.8-150000.3.15.1 References: https://www.suse.com/security/cve/CVE-2019-1352.html https://www.suse.com/security/cve/CVE-2022-24765.html https://www.suse.com/security/cve/CVE-2022-29187.html https://bugzilla.suse.com/1158790 https://bugzilla.suse.com/1158981 https://bugzilla.suse.com/1198234 https://bugzilla.suse.com/1201431 From sle-updates at lists.suse.com Tue Oct 4 13:38:28 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 4 Oct 2022 15:38:28 +0200 (CEST) Subject: SUSE-SU-2022:3502-1: important: Security update for webkit2gtk3 Message-ID: <20221004133828.34101FD57@maintenance.suse.de> SUSE Security Update: Security update for webkit2gtk3 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3502-1 Rating: important References: #1203530 Cross-References: CVE-2022-32886 CVE-2022-32912 CVSS scores: CVE-2022-32886 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-32886 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-32912 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-32912 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server for SAP 15-SP1 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for webkit2gtk3 fixes the following issues: Updated to version 2.36.8 (bsc#1203530): - CVE-2022-32886: Fixed a buffer overflow issue that could potentially lead to code execution. - CVE-2022-32912: Fixed an out-of-bounds read that could potentially lead to code execution. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-3502=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-3502=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-3502=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-3502=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-3502=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-3502=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-3502=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-3502=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-3502=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-3502=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): libjavascriptcoregtk-4_0-18-2.36.8-150000.3.115.1 libjavascriptcoregtk-4_0-18-debuginfo-2.36.8-150000.3.115.1 libwebkit2gtk-4_0-37-2.36.8-150000.3.115.1 libwebkit2gtk-4_0-37-debuginfo-2.36.8-150000.3.115.1 typelib-1_0-JavaScriptCore-4_0-2.36.8-150000.3.115.1 typelib-1_0-WebKit2-4_0-2.36.8-150000.3.115.1 typelib-1_0-WebKit2WebExtension-4_0-2.36.8-150000.3.115.1 webkit2gtk-4_0-injected-bundles-2.36.8-150000.3.115.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.36.8-150000.3.115.1 webkit2gtk3-debugsource-2.36.8-150000.3.115.1 webkit2gtk3-devel-2.36.8-150000.3.115.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (noarch): libwebkit2gtk3-lang-2.36.8-150000.3.115.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): libjavascriptcoregtk-4_0-18-2.36.8-150000.3.115.1 libjavascriptcoregtk-4_0-18-debuginfo-2.36.8-150000.3.115.1 libwebkit2gtk-4_0-37-2.36.8-150000.3.115.1 libwebkit2gtk-4_0-37-debuginfo-2.36.8-150000.3.115.1 typelib-1_0-JavaScriptCore-4_0-2.36.8-150000.3.115.1 typelib-1_0-WebKit2-4_0-2.36.8-150000.3.115.1 typelib-1_0-WebKit2WebExtension-4_0-2.36.8-150000.3.115.1 webkit2gtk-4_0-injected-bundles-2.36.8-150000.3.115.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.36.8-150000.3.115.1 webkit2gtk3-debugsource-2.36.8-150000.3.115.1 webkit2gtk3-devel-2.36.8-150000.3.115.1 - SUSE Linux Enterprise Server for SAP 15 (noarch): libwebkit2gtk3-lang-2.36.8-150000.3.115.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): libjavascriptcoregtk-4_0-18-2.36.8-150000.3.115.1 libjavascriptcoregtk-4_0-18-debuginfo-2.36.8-150000.3.115.1 libwebkit2gtk-4_0-37-2.36.8-150000.3.115.1 libwebkit2gtk-4_0-37-debuginfo-2.36.8-150000.3.115.1 typelib-1_0-JavaScriptCore-4_0-2.36.8-150000.3.115.1 typelib-1_0-WebKit2-4_0-2.36.8-150000.3.115.1 typelib-1_0-WebKit2WebExtension-4_0-2.36.8-150000.3.115.1 webkit2gtk-4_0-injected-bundles-2.36.8-150000.3.115.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.36.8-150000.3.115.1 webkit2gtk3-debugsource-2.36.8-150000.3.115.1 webkit2gtk3-devel-2.36.8-150000.3.115.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (noarch): libwebkit2gtk3-lang-2.36.8-150000.3.115.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): libjavascriptcoregtk-4_0-18-2.36.8-150000.3.115.1 libjavascriptcoregtk-4_0-18-debuginfo-2.36.8-150000.3.115.1 libwebkit2gtk-4_0-37-2.36.8-150000.3.115.1 libwebkit2gtk-4_0-37-debuginfo-2.36.8-150000.3.115.1 typelib-1_0-JavaScriptCore-4_0-2.36.8-150000.3.115.1 typelib-1_0-WebKit2-4_0-2.36.8-150000.3.115.1 typelib-1_0-WebKit2WebExtension-4_0-2.36.8-150000.3.115.1 webkit2gtk-4_0-injected-bundles-2.36.8-150000.3.115.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.36.8-150000.3.115.1 webkit2gtk3-debugsource-2.36.8-150000.3.115.1 webkit2gtk3-devel-2.36.8-150000.3.115.1 - SUSE Linux Enterprise Server 15-SP1-BCL (noarch): libwebkit2gtk3-lang-2.36.8-150000.3.115.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): libjavascriptcoregtk-4_0-18-2.36.8-150000.3.115.1 libjavascriptcoregtk-4_0-18-debuginfo-2.36.8-150000.3.115.1 libwebkit2gtk-4_0-37-2.36.8-150000.3.115.1 libwebkit2gtk-4_0-37-debuginfo-2.36.8-150000.3.115.1 typelib-1_0-JavaScriptCore-4_0-2.36.8-150000.3.115.1 typelib-1_0-WebKit2-4_0-2.36.8-150000.3.115.1 typelib-1_0-WebKit2WebExtension-4_0-2.36.8-150000.3.115.1 webkit2gtk-4_0-injected-bundles-2.36.8-150000.3.115.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.36.8-150000.3.115.1 webkit2gtk3-debugsource-2.36.8-150000.3.115.1 webkit2gtk3-devel-2.36.8-150000.3.115.1 - SUSE Linux Enterprise Server 15-LTSS (noarch): libwebkit2gtk3-lang-2.36.8-150000.3.115.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): libjavascriptcoregtk-4_0-18-2.36.8-150000.3.115.1 libjavascriptcoregtk-4_0-18-debuginfo-2.36.8-150000.3.115.1 libwebkit2gtk-4_0-37-2.36.8-150000.3.115.1 libwebkit2gtk-4_0-37-debuginfo-2.36.8-150000.3.115.1 typelib-1_0-JavaScriptCore-4_0-2.36.8-150000.3.115.1 typelib-1_0-WebKit2-4_0-2.36.8-150000.3.115.1 typelib-1_0-WebKit2WebExtension-4_0-2.36.8-150000.3.115.1 webkit2gtk-4_0-injected-bundles-2.36.8-150000.3.115.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.36.8-150000.3.115.1 webkit2gtk3-debugsource-2.36.8-150000.3.115.1 webkit2gtk3-devel-2.36.8-150000.3.115.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch): libwebkit2gtk3-lang-2.36.8-150000.3.115.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): libjavascriptcoregtk-4_0-18-2.36.8-150000.3.115.1 libjavascriptcoregtk-4_0-18-debuginfo-2.36.8-150000.3.115.1 libwebkit2gtk-4_0-37-2.36.8-150000.3.115.1 libwebkit2gtk-4_0-37-debuginfo-2.36.8-150000.3.115.1 typelib-1_0-JavaScriptCore-4_0-2.36.8-150000.3.115.1 typelib-1_0-WebKit2-4_0-2.36.8-150000.3.115.1 typelib-1_0-WebKit2WebExtension-4_0-2.36.8-150000.3.115.1 webkit2gtk-4_0-injected-bundles-2.36.8-150000.3.115.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.36.8-150000.3.115.1 webkit2gtk3-debugsource-2.36.8-150000.3.115.1 webkit2gtk3-devel-2.36.8-150000.3.115.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (noarch): libwebkit2gtk3-lang-2.36.8-150000.3.115.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): libjavascriptcoregtk-4_0-18-2.36.8-150000.3.115.1 libjavascriptcoregtk-4_0-18-debuginfo-2.36.8-150000.3.115.1 libwebkit2gtk-4_0-37-2.36.8-150000.3.115.1 libwebkit2gtk-4_0-37-debuginfo-2.36.8-150000.3.115.1 typelib-1_0-JavaScriptCore-4_0-2.36.8-150000.3.115.1 typelib-1_0-WebKit2-4_0-2.36.8-150000.3.115.1 typelib-1_0-WebKit2WebExtension-4_0-2.36.8-150000.3.115.1 webkit2gtk-4_0-injected-bundles-2.36.8-150000.3.115.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.36.8-150000.3.115.1 webkit2gtk3-debugsource-2.36.8-150000.3.115.1 webkit2gtk3-devel-2.36.8-150000.3.115.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch): libwebkit2gtk3-lang-2.36.8-150000.3.115.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): libjavascriptcoregtk-4_0-18-2.36.8-150000.3.115.1 libjavascriptcoregtk-4_0-18-debuginfo-2.36.8-150000.3.115.1 libwebkit2gtk-4_0-37-2.36.8-150000.3.115.1 libwebkit2gtk-4_0-37-debuginfo-2.36.8-150000.3.115.1 typelib-1_0-JavaScriptCore-4_0-2.36.8-150000.3.115.1 typelib-1_0-WebKit2-4_0-2.36.8-150000.3.115.1 typelib-1_0-WebKit2WebExtension-4_0-2.36.8-150000.3.115.1 webkit2gtk-4_0-injected-bundles-2.36.8-150000.3.115.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.36.8-150000.3.115.1 webkit2gtk3-debugsource-2.36.8-150000.3.115.1 webkit2gtk3-devel-2.36.8-150000.3.115.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch): libwebkit2gtk3-lang-2.36.8-150000.3.115.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): libjavascriptcoregtk-4_0-18-2.36.8-150000.3.115.1 libjavascriptcoregtk-4_0-18-debuginfo-2.36.8-150000.3.115.1 libwebkit2gtk-4_0-37-2.36.8-150000.3.115.1 libwebkit2gtk-4_0-37-debuginfo-2.36.8-150000.3.115.1 typelib-1_0-JavaScriptCore-4_0-2.36.8-150000.3.115.1 typelib-1_0-WebKit2-4_0-2.36.8-150000.3.115.1 typelib-1_0-WebKit2WebExtension-4_0-2.36.8-150000.3.115.1 webkit2gtk-4_0-injected-bundles-2.36.8-150000.3.115.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.36.8-150000.3.115.1 webkit2gtk3-debugsource-2.36.8-150000.3.115.1 webkit2gtk3-devel-2.36.8-150000.3.115.1 - SUSE Enterprise Storage 6 (noarch): libwebkit2gtk3-lang-2.36.8-150000.3.115.1 - SUSE CaaS Platform 4.0 (x86_64): libjavascriptcoregtk-4_0-18-2.36.8-150000.3.115.1 libjavascriptcoregtk-4_0-18-debuginfo-2.36.8-150000.3.115.1 libwebkit2gtk-4_0-37-2.36.8-150000.3.115.1 libwebkit2gtk-4_0-37-debuginfo-2.36.8-150000.3.115.1 typelib-1_0-JavaScriptCore-4_0-2.36.8-150000.3.115.1 typelib-1_0-WebKit2-4_0-2.36.8-150000.3.115.1 typelib-1_0-WebKit2WebExtension-4_0-2.36.8-150000.3.115.1 webkit2gtk-4_0-injected-bundles-2.36.8-150000.3.115.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.36.8-150000.3.115.1 webkit2gtk3-debugsource-2.36.8-150000.3.115.1 webkit2gtk3-devel-2.36.8-150000.3.115.1 - SUSE CaaS Platform 4.0 (noarch): libwebkit2gtk3-lang-2.36.8-150000.3.115.1 References: https://www.suse.com/security/cve/CVE-2022-32886.html https://www.suse.com/security/cve/CVE-2022-32912.html https://bugzilla.suse.com/1203530 From sle-updates at lists.suse.com Tue Oct 4 13:39:20 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 4 Oct 2022 15:39:20 +0200 (CEST) Subject: SUSE-RU-2022:3510-1: moderate: Recommended update for pacemaker Message-ID: <20221004133920.2E011FD57@maintenance.suse.de> SUSE Recommended Update: Recommended update for pacemaker ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:3510-1 Rating: moderate References: #1129707 #1196340 Affected Products: SUSE Linux Enterprise High Availability 12-SP5 SUSE Linux Enterprise High Performance Computing 12-SP5 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for pacemaker fixes the following issues: - scheduler: do not enforce resource stop if any new probe/monitor indicates the resource was not running on the target (bsc#1196340) - OCF: controld: Give warning when no-quorum-policy not set as freeze while using DLM (bsc#1129707) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-3510=1 - SUSE Linux Enterprise High Availability 12-SP5: zypper in -t patch SUSE-SLE-HA-12-SP5-2022-3510=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): libpacemaker-devel-1.1.24+20210811.f5abda0ee-3.24.3 libpacemaker3-1.1.24+20210811.f5abda0ee-3.24.3 pacemaker-cts-1.1.24+20210811.f5abda0ee-3.24.3 pacemaker-cts-debuginfo-1.1.24+20210811.f5abda0ee-3.24.3 pacemaker-debuginfo-1.1.24+20210811.f5abda0ee-3.24.3 pacemaker-debugsource-1.1.24+20210811.f5abda0ee-3.24.3 - SUSE Linux Enterprise High Availability 12-SP5 (ppc64le s390x x86_64): libpacemaker3-1.1.24+20210811.f5abda0ee-3.24.3 libpacemaker3-debuginfo-1.1.24+20210811.f5abda0ee-3.24.3 pacemaker-1.1.24+20210811.f5abda0ee-3.24.3 pacemaker-cli-1.1.24+20210811.f5abda0ee-3.24.3 pacemaker-cli-debuginfo-1.1.24+20210811.f5abda0ee-3.24.3 pacemaker-cts-1.1.24+20210811.f5abda0ee-3.24.3 pacemaker-cts-debuginfo-1.1.24+20210811.f5abda0ee-3.24.3 pacemaker-debuginfo-1.1.24+20210811.f5abda0ee-3.24.3 pacemaker-debugsource-1.1.24+20210811.f5abda0ee-3.24.3 pacemaker-remote-1.1.24+20210811.f5abda0ee-3.24.3 pacemaker-remote-debuginfo-1.1.24+20210811.f5abda0ee-3.24.3 References: https://bugzilla.suse.com/1129707 https://bugzilla.suse.com/1196340 From sle-updates at lists.suse.com Tue Oct 4 13:40:11 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 4 Oct 2022 15:40:11 +0200 (CEST) Subject: SUSE-SU-2022:3499-1: important: Security update for bind Message-ID: <20221004134011.30705FD57@maintenance.suse.de> SUSE Security Update: Security update for bind ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3499-1 Rating: important References: #1203614 #1203619 #1203620 Cross-References: CVE-2022-2795 CVE-2022-38177 CVE-2022-38178 CVSS scores: CVE-2022-2795 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-2795 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-38177 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-38177 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-38178 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-38178 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for bind fixes the following issues: - CVE-2022-2795: Fixed potential performance degredation due to missing database lookup limits when processing large delegations (bsc#1203614). - CVE-2022-38177: Fixed a memory leak that could be externally triggered in the DNSSEC verification code for the ECDSA algorithm (bsc#1203619). - CVE-2022-38178: Fixed memory leaks that could be externally triggered in the DNSSEC verification code for the EdDSA algorithm (bsc#1203620). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-3499=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2022-3499=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-3499=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-3499=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-3499=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-3499=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (noarch): bind-doc-9.11.22-3.43.1 python-bind-9.11.22-3.43.1 - SUSE OpenStack Cloud Crowbar 9 (x86_64): bind-9.11.22-3.43.1 bind-chrootenv-9.11.22-3.43.1 bind-debuginfo-9.11.22-3.43.1 bind-debugsource-9.11.22-3.43.1 bind-utils-9.11.22-3.43.1 bind-utils-debuginfo-9.11.22-3.43.1 libbind9-161-9.11.22-3.43.1 libbind9-161-debuginfo-9.11.22-3.43.1 libdns1110-9.11.22-3.43.1 libdns1110-debuginfo-9.11.22-3.43.1 libirs161-9.11.22-3.43.1 libirs161-debuginfo-9.11.22-3.43.1 libisc1107-32bit-9.11.22-3.43.1 libisc1107-9.11.22-3.43.1 libisc1107-debuginfo-32bit-9.11.22-3.43.1 libisc1107-debuginfo-9.11.22-3.43.1 libisccc161-9.11.22-3.43.1 libisccc161-debuginfo-9.11.22-3.43.1 libisccfg163-9.11.22-3.43.1 libisccfg163-debuginfo-9.11.22-3.43.1 liblwres161-9.11.22-3.43.1 liblwres161-debuginfo-9.11.22-3.43.1 - SUSE OpenStack Cloud 9 (noarch): bind-doc-9.11.22-3.43.1 python-bind-9.11.22-3.43.1 - SUSE OpenStack Cloud 9 (x86_64): bind-9.11.22-3.43.1 bind-chrootenv-9.11.22-3.43.1 bind-debuginfo-9.11.22-3.43.1 bind-debugsource-9.11.22-3.43.1 bind-utils-9.11.22-3.43.1 bind-utils-debuginfo-9.11.22-3.43.1 libbind9-161-9.11.22-3.43.1 libbind9-161-debuginfo-9.11.22-3.43.1 libdns1110-9.11.22-3.43.1 libdns1110-debuginfo-9.11.22-3.43.1 libirs161-9.11.22-3.43.1 libirs161-debuginfo-9.11.22-3.43.1 libisc1107-32bit-9.11.22-3.43.1 libisc1107-9.11.22-3.43.1 libisc1107-debuginfo-32bit-9.11.22-3.43.1 libisc1107-debuginfo-9.11.22-3.43.1 libisccc161-9.11.22-3.43.1 libisccc161-debuginfo-9.11.22-3.43.1 libisccfg163-9.11.22-3.43.1 libisccfg163-debuginfo-9.11.22-3.43.1 liblwres161-9.11.22-3.43.1 liblwres161-debuginfo-9.11.22-3.43.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): bind-debuginfo-9.11.22-3.43.1 bind-debugsource-9.11.22-3.43.1 bind-devel-9.11.22-3.43.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): bind-9.11.22-3.43.1 bind-chrootenv-9.11.22-3.43.1 bind-debuginfo-9.11.22-3.43.1 bind-debugsource-9.11.22-3.43.1 bind-utils-9.11.22-3.43.1 bind-utils-debuginfo-9.11.22-3.43.1 libbind9-161-9.11.22-3.43.1 libbind9-161-debuginfo-9.11.22-3.43.1 libdns1110-9.11.22-3.43.1 libdns1110-debuginfo-9.11.22-3.43.1 libirs161-9.11.22-3.43.1 libirs161-debuginfo-9.11.22-3.43.1 libisc1107-9.11.22-3.43.1 libisc1107-debuginfo-9.11.22-3.43.1 libisccc161-9.11.22-3.43.1 libisccc161-debuginfo-9.11.22-3.43.1 libisccfg163-9.11.22-3.43.1 libisccfg163-debuginfo-9.11.22-3.43.1 liblwres161-9.11.22-3.43.1 liblwres161-debuginfo-9.11.22-3.43.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (noarch): bind-doc-9.11.22-3.43.1 python-bind-9.11.22-3.43.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64): libisc1107-32bit-9.11.22-3.43.1 libisc1107-debuginfo-32bit-9.11.22-3.43.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): bind-9.11.22-3.43.1 bind-chrootenv-9.11.22-3.43.1 bind-debuginfo-9.11.22-3.43.1 bind-debugsource-9.11.22-3.43.1 bind-utils-9.11.22-3.43.1 bind-utils-debuginfo-9.11.22-3.43.1 libbind9-161-9.11.22-3.43.1 libbind9-161-debuginfo-9.11.22-3.43.1 libdns1110-9.11.22-3.43.1 libdns1110-debuginfo-9.11.22-3.43.1 libirs161-9.11.22-3.43.1 libirs161-debuginfo-9.11.22-3.43.1 libisc1107-9.11.22-3.43.1 libisc1107-debuginfo-9.11.22-3.43.1 libisccc161-9.11.22-3.43.1 libisccc161-debuginfo-9.11.22-3.43.1 libisccfg163-9.11.22-3.43.1 libisccfg163-debuginfo-9.11.22-3.43.1 liblwres161-9.11.22-3.43.1 liblwres161-debuginfo-9.11.22-3.43.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): libisc1107-32bit-9.11.22-3.43.1 libisc1107-debuginfo-32bit-9.11.22-3.43.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): bind-doc-9.11.22-3.43.1 python-bind-9.11.22-3.43.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): bind-9.11.22-3.43.1 bind-chrootenv-9.11.22-3.43.1 bind-debuginfo-9.11.22-3.43.1 bind-debugsource-9.11.22-3.43.1 bind-utils-9.11.22-3.43.1 bind-utils-debuginfo-9.11.22-3.43.1 libbind9-161-9.11.22-3.43.1 libbind9-161-debuginfo-9.11.22-3.43.1 libdns1110-9.11.22-3.43.1 libdns1110-debuginfo-9.11.22-3.43.1 libirs161-9.11.22-3.43.1 libirs161-debuginfo-9.11.22-3.43.1 libisc1107-9.11.22-3.43.1 libisc1107-debuginfo-9.11.22-3.43.1 libisccc161-9.11.22-3.43.1 libisccc161-debuginfo-9.11.22-3.43.1 libisccfg163-9.11.22-3.43.1 libisccfg163-debuginfo-9.11.22-3.43.1 liblwres161-9.11.22-3.43.1 liblwres161-debuginfo-9.11.22-3.43.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (s390x x86_64): libisc1107-32bit-9.11.22-3.43.1 libisc1107-debuginfo-32bit-9.11.22-3.43.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (noarch): bind-doc-9.11.22-3.43.1 python-bind-9.11.22-3.43.1 References: https://www.suse.com/security/cve/CVE-2022-2795.html https://www.suse.com/security/cve/CVE-2022-38177.html https://www.suse.com/security/cve/CVE-2022-38178.html https://bugzilla.suse.com/1203614 https://bugzilla.suse.com/1203619 https://bugzilla.suse.com/1203620 From sle-updates at lists.suse.com Tue Oct 4 13:41:05 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 4 Oct 2022 15:41:05 +0200 (CEST) Subject: SUSE-RU-2022:3509-1: Recommended update for libqb Message-ID: <20221004134105.291BEFD57@maintenance.suse.de> SUSE Recommended Update: Recommended update for libqb ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:3509-1 Rating: low References: #1075418 #1188212 #1192470 Affected Products: SUSE Linux Enterprise High Availability 15 SUSE Linux Enterprise High Performance Computing 15 SUSE Linux Enterprise Server 15 SUSE Linux Enterprise Server for SAP Applications 15 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for libqb fixes the following issues: - Fix linker (bsc#1192470) - log: callsite symbols of main object are also handled in initializer (bsc#1075418) - IPC: server: avoid temporary channel priority loss (bsc#1188212) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3509=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-3509=1 - SUSE Linux Enterprise High Availability 15: zypper in -t patch SUSE-SLE-Product-HA-15-2022-3509=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): libqb0-1.0.3+20171226.6d62b64-150000.3.6.1 libqb0-debuginfo-1.0.3+20171226.6d62b64-150000.3.6.1 - openSUSE Leap 15.4 (x86_64): libqb0-32bit-1.0.3+20171226.6d62b64-150000.3.6.1 libqb0-32bit-debuginfo-1.0.3+20171226.6d62b64-150000.3.6.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): libqb0-1.0.3+20171226.6d62b64-150000.3.6.1 libqb0-debuginfo-1.0.3+20171226.6d62b64-150000.3.6.1 - openSUSE Leap 15.3 (x86_64): libqb0-32bit-1.0.3+20171226.6d62b64-150000.3.6.1 libqb0-32bit-debuginfo-1.0.3+20171226.6d62b64-150000.3.6.1 - SUSE Linux Enterprise High Availability 15 (aarch64 ppc64le s390x x86_64): libqb-debugsource-1.0.3+20171226.6d62b64-150000.3.6.1 libqb-devel-1.0.3+20171226.6d62b64-150000.3.6.1 libqb0-1.0.3+20171226.6d62b64-150000.3.6.1 libqb0-debuginfo-1.0.3+20171226.6d62b64-150000.3.6.1 References: https://bugzilla.suse.com/1075418 https://bugzilla.suse.com/1188212 https://bugzilla.suse.com/1192470 From sle-updates at lists.suse.com Tue Oct 4 16:20:23 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 4 Oct 2022 18:20:23 +0200 (CEST) Subject: SUSE-SU-2022:3516-1: moderate: Security update for nodejs14 Message-ID: <20221004162023.CCB4FFD57@maintenance.suse.de> SUSE Security Update: Security update for nodejs14 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3516-1 Rating: moderate References: #1201325 #1203832 Cross-References: CVE-2022-32213 CVE-2022-35256 CVSS scores: CVE-2022-32213 (NVD) : 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVE-2022-32213 (SUSE): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H CVE-2022-35256 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N Affected Products: SUSE Linux Enterprise High Performance Computing 12 SUSE Linux Enterprise Module for Web Scripting 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12 SUSE Linux Enterprise Server for SAP Applications 12-SP3 SUSE Linux Enterprise Server for SAP Applications 12-SP4 SUSE Linux Enterprise Server for SAP Applications 12-SP5 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for nodejs14 fixes the following issues: Updated to version 14.20.1: - CVE-2022-32213: Fixed bypass via obs-fold mechanic (bsc#1201325). - CVE-2022-35256: Fixed incorrect Parsing of Header Fields (bsc#1203832). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Web Scripting 12: zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2022-3516=1 Package List: - SUSE Linux Enterprise Module for Web Scripting 12 (aarch64 ppc64le s390x x86_64): nodejs14-14.20.1-6.34.1 nodejs14-debuginfo-14.20.1-6.34.1 nodejs14-debugsource-14.20.1-6.34.1 nodejs14-devel-14.20.1-6.34.1 npm14-14.20.1-6.34.1 - SUSE Linux Enterprise Module for Web Scripting 12 (noarch): nodejs14-docs-14.20.1-6.34.1 References: https://www.suse.com/security/cve/CVE-2022-32213.html https://www.suse.com/security/cve/CVE-2022-35256.html https://bugzilla.suse.com/1201325 https://bugzilla.suse.com/1203832 From sle-updates at lists.suse.com Tue Oct 4 16:21:05 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 4 Oct 2022 18:21:05 +0200 (CEST) Subject: SUSE-RU-2022:3518-1: moderate: Recommended update for kiwi-templates-Minimal Message-ID: <20221004162105.5BA7DFD57@maintenance.suse.de> SUSE Recommended Update: Recommended update for kiwi-templates-Minimal ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:3518-1 Rating: moderate References: SLE-7254 Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Development Tools 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has 0 recommended fixes and contains one feature can now be installed. Description: This update for kiwi-templates-Minimal fixes the following issues: - Add cloud-init to VMware image (jsc#SLE-7254) - Change VMware to use lsilogic SCSI controller - Disable firewalld on VMware image - Do not enable jeos-firstboot on OpenStack-Cloud Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3518=1 - SUSE Linux Enterprise Module for Development Tools 15-SP4: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2022-3518=1 Package List: - openSUSE Leap 15.4 (noarch): kiwi-templates-Minimal-15.4-150400.3.4.1 - SUSE Linux Enterprise Module for Development Tools 15-SP4 (noarch): kiwi-templates-Minimal-15.4-150400.3.4.1 References: From sle-updates at lists.suse.com Tue Oct 4 16:21:42 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 4 Oct 2022 18:21:42 +0200 (CEST) Subject: SUSE-RU-2022:3521-1: critical: Recommended update for lvm2 Message-ID: <20221004162142.048AEFD57@maintenance.suse.de> SUSE Recommended Update: Recommended update for lvm2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:3521-1 Rating: critical References: #1198523 Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Availability 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for lvm2 fixes the following issues: - Add additional check in the package to prevent removal of device-mapper library files during install (bsc#1198523) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3521=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-3521=1 - SUSE Linux Enterprise High Availability 15-SP4: zypper in -t patch SUSE-SLE-Product-HA-15-SP4-2022-3521=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): device-mapper-1.02.163-150400.178.1 device-mapper-debuginfo-1.02.163-150400.178.1 device-mapper-devel-1.02.163-150400.178.1 libdevmapper-event1_03-1.02.163-150400.178.1 libdevmapper-event1_03-debuginfo-1.02.163-150400.178.1 libdevmapper1_03-1.02.163-150400.178.1 libdevmapper1_03-debuginfo-1.02.163-150400.178.1 liblvm2cmd2_03-2.03.05-150400.178.1 liblvm2cmd2_03-debuginfo-2.03.05-150400.178.1 lvm2-2.03.05-150400.178.1 lvm2-debuginfo-2.03.05-150400.178.1 lvm2-debugsource-2.03.05-150400.178.1 lvm2-devel-2.03.05-150400.178.1 lvm2-device-mapper-debugsource-2.03.05-150400.178.1 lvm2-lockd-2.03.05-150400.178.1 lvm2-lockd-debuginfo-2.03.05-150400.178.1 lvm2-lvmlockd-debugsource-2.03.05-150400.178.1 lvm2-testsuite-2.03.05-150400.178.1 lvm2-testsuite-debuginfo-2.03.05-150400.178.1 - openSUSE Leap 15.4 (x86_64): device-mapper-devel-32bit-1.02.163-150400.178.1 libdevmapper-event1_03-32bit-1.02.163-150400.178.1 libdevmapper-event1_03-32bit-debuginfo-1.02.163-150400.178.1 libdevmapper1_03-32bit-1.02.163-150400.178.1 libdevmapper1_03-32bit-debuginfo-1.02.163-150400.178.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): device-mapper-1.02.163-150400.178.1 device-mapper-debuginfo-1.02.163-150400.178.1 device-mapper-devel-1.02.163-150400.178.1 libdevmapper-event1_03-1.02.163-150400.178.1 libdevmapper-event1_03-debuginfo-1.02.163-150400.178.1 libdevmapper1_03-1.02.163-150400.178.1 libdevmapper1_03-debuginfo-1.02.163-150400.178.1 liblvm2cmd2_03-2.03.05-150400.178.1 liblvm2cmd2_03-debuginfo-2.03.05-150400.178.1 lvm2-2.03.05-150400.178.1 lvm2-debuginfo-2.03.05-150400.178.1 lvm2-debugsource-2.03.05-150400.178.1 lvm2-devel-2.03.05-150400.178.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (x86_64): libdevmapper1_03-32bit-1.02.163-150400.178.1 libdevmapper1_03-32bit-debuginfo-1.02.163-150400.178.1 - SUSE Linux Enterprise High Availability 15-SP4 (aarch64 ppc64le s390x x86_64): lvm2-lockd-2.03.05-150400.178.1 lvm2-lockd-debuginfo-2.03.05-150400.178.1 lvm2-lvmlockd-debugsource-2.03.05-150400.178.1 References: https://bugzilla.suse.com/1198523 From sle-updates at lists.suse.com Tue Oct 4 16:22:23 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 4 Oct 2022 18:22:23 +0200 (CEST) Subject: SUSE-FU-2022:3520-1: moderate: Feature update for dmidecode Message-ID: <20221004162223.AD464FD57@maintenance.suse.de> SUSE Feature Update: Feature update for dmidecode ______________________________________________________________________________ Announcement ID: SUSE-FU-2022:3520-1 Rating: moderate References: PED-411 SLE-24502 SLE-24591 Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has 0 feature fixes and contains three features can now be installed. Description: This feature update for dmidecode fixes the following issues: Update dmidecode from version 3.2 to version 3.4 (jsc#SLE-24502, jsc#SLE-24591, jsc#PED-411): - Add bios-revision, firmware-revision and system-sku-number to `-s` option - Decode HPE OEM records 194, 199, 203, 236, 237, 238 ans 240 - Decode system slot base bus width and peers - Document how the UUID fields are interpreted - Don't display the raw CPU ID in quiet mode - Don't use memcpy on /dev/mem on arm64 - Fix OEM vendor name matching - Fix small typo in NEWS file - Improve the formatting of the manual pages - Present HPE type 240 attributes as a proper list instead of packing them on a single line. This makes it more readable overall, and will also scale better if the number of attributes increases - Skip details of uninstalled memory modules - Support for SMBIOS 3.4.0. This includes new memory device types, new processor upgrades, new slot types and characteristics, decoding of memor module extended speed, new system slot types, new processor characteristic and new format of Processor ID - Support for SMBIOS 3.5.0. This includes new processor upgrades, BIOS characteristics, new slot characteristics, new on-board device types, new pointing device interface types, and a new record type (type 45 - Firmware Inventory Information) - Use the most appropriate unit for cache size Patch Instructions: To install this SUSE Feature Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3520=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-3520=1 - SUSE Linux Enterprise Micro 5.3: zypper in -t patch SUSE-SLE-Micro-5.3-2022-3520=1 Package List: - openSUSE Leap 15.4 (aarch64 x86_64): dmidecode-3.4-150400.16.3.1 dmidecode-debuginfo-3.4-150400.16.3.1 dmidecode-debugsource-3.4-150400.16.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 x86_64): dmidecode-3.4-150400.16.3.1 dmidecode-debuginfo-3.4-150400.16.3.1 dmidecode-debugsource-3.4-150400.16.3.1 - SUSE Linux Enterprise Micro 5.3 (aarch64 x86_64): dmidecode-3.4-150400.16.3.1 dmidecode-debuginfo-3.4-150400.16.3.1 dmidecode-debugsource-3.4-150400.16.3.1 References: From sle-updates at lists.suse.com Tue Oct 4 16:24:37 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 4 Oct 2022 18:24:37 +0200 (CEST) Subject: SUSE-RU-2022:3517-1: moderate: Recommended update for patterns-sles Message-ID: <20221004162437.C3BE8FD57@maintenance.suse.de> SUSE Recommended Update: Recommended update for patterns-sles ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:3517-1 Rating: moderate References: #1196307 Affected Products: SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server for SAP 12-SP4 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for patterns-sles fixes the following issues: - downgrade requires of libopenssl-1_1-hmac to avoid explicit pulling in perhaps unwanted openssl 1.1.1 (bsc#1196307) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-3517=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2022-3517=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-3517=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-3517=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): patterns-sles-32bit-12-7.6.1 patterns-sles-Basis-Devel-12-7.6.1 patterns-sles-Basis-Devel-32bit-12-7.6.1 patterns-sles-Minimal-12-7.6.1 patterns-sles-Minimal-32bit-12-7.6.1 patterns-sles-WBEM-12-7.6.1 patterns-sles-WBEM-32bit-12-7.6.1 patterns-sles-apparmor-12-7.6.1 patterns-sles-apparmor-32bit-12-7.6.1 patterns-sles-base-12-7.6.1 patterns-sles-base-32bit-12-7.6.1 patterns-sles-dhcp_dns_server-12-7.6.1 patterns-sles-dhcp_dns_server-32bit-12-7.6.1 patterns-sles-directory_server-12-7.6.1 patterns-sles-directory_server-32bit-12-7.6.1 patterns-sles-documentation-12-7.6.1 patterns-sles-documentation-32bit-12-7.6.1 patterns-sles-file_server-12-7.6.1 patterns-sles-file_server-32bit-12-7.6.1 patterns-sles-fips-12-7.6.1 patterns-sles-fips-32bit-12-7.6.1 patterns-sles-gateway_server-12-7.6.1 patterns-sles-gateway_server-32bit-12-7.6.1 patterns-sles-kvm_server-12-7.6.1 patterns-sles-kvm_server-32bit-12-7.6.1 patterns-sles-kvm_tools-12-7.6.1 patterns-sles-kvm_tools-32bit-12-7.6.1 patterns-sles-lamp_server-12-7.6.1 patterns-sles-lamp_server-32bit-12-7.6.1 patterns-sles-laptop-12-7.6.1 patterns-sles-laptop-32bit-12-7.6.1 patterns-sles-mail_server-12-7.6.1 patterns-sles-mail_server-32bit-12-7.6.1 patterns-sles-ofed-12-7.6.1 patterns-sles-ofed-32bit-12-7.6.1 patterns-sles-oracle_server-12-7.6.1 patterns-sles-oracle_server-32bit-12-7.6.1 patterns-sles-printing-12-7.6.1 patterns-sles-printing-32bit-12-7.6.1 patterns-sles-sap_server-12-7.6.1 patterns-sles-sap_server-32bit-12-7.6.1 patterns-sles-x11-12-7.6.1 patterns-sles-x11-32bit-12-7.6.1 patterns-sles-xen_server-12-7.6.1 patterns-sles-xen_server-32bit-12-7.6.1 patterns-sles-xen_tools-12-7.6.1 patterns-sles-xen_tools-32bit-12-7.6.1 patterns-sles-yast2-12-7.6.1 patterns-sles-yast2-32bit-12-7.6.1 - SUSE OpenStack Cloud 9 (x86_64): patterns-sles-32bit-12-7.6.1 patterns-sles-Basis-Devel-12-7.6.1 patterns-sles-Basis-Devel-32bit-12-7.6.1 patterns-sles-Minimal-12-7.6.1 patterns-sles-Minimal-32bit-12-7.6.1 patterns-sles-WBEM-12-7.6.1 patterns-sles-WBEM-32bit-12-7.6.1 patterns-sles-apparmor-12-7.6.1 patterns-sles-apparmor-32bit-12-7.6.1 patterns-sles-base-12-7.6.1 patterns-sles-base-32bit-12-7.6.1 patterns-sles-dhcp_dns_server-12-7.6.1 patterns-sles-dhcp_dns_server-32bit-12-7.6.1 patterns-sles-directory_server-12-7.6.1 patterns-sles-directory_server-32bit-12-7.6.1 patterns-sles-documentation-12-7.6.1 patterns-sles-documentation-32bit-12-7.6.1 patterns-sles-file_server-12-7.6.1 patterns-sles-file_server-32bit-12-7.6.1 patterns-sles-fips-12-7.6.1 patterns-sles-fips-32bit-12-7.6.1 patterns-sles-gateway_server-12-7.6.1 patterns-sles-gateway_server-32bit-12-7.6.1 patterns-sles-kvm_server-12-7.6.1 patterns-sles-kvm_server-32bit-12-7.6.1 patterns-sles-kvm_tools-12-7.6.1 patterns-sles-kvm_tools-32bit-12-7.6.1 patterns-sles-lamp_server-12-7.6.1 patterns-sles-lamp_server-32bit-12-7.6.1 patterns-sles-laptop-12-7.6.1 patterns-sles-laptop-32bit-12-7.6.1 patterns-sles-mail_server-12-7.6.1 patterns-sles-mail_server-32bit-12-7.6.1 patterns-sles-ofed-12-7.6.1 patterns-sles-ofed-32bit-12-7.6.1 patterns-sles-oracle_server-12-7.6.1 patterns-sles-oracle_server-32bit-12-7.6.1 patterns-sles-printing-12-7.6.1 patterns-sles-printing-32bit-12-7.6.1 patterns-sles-sap_server-12-7.6.1 patterns-sles-sap_server-32bit-12-7.6.1 patterns-sles-x11-12-7.6.1 patterns-sles-x11-32bit-12-7.6.1 patterns-sles-xen_server-12-7.6.1 patterns-sles-xen_server-32bit-12-7.6.1 patterns-sles-xen_tools-12-7.6.1 patterns-sles-xen_tools-32bit-12-7.6.1 patterns-sles-yast2-12-7.6.1 patterns-sles-yast2-32bit-12-7.6.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): patterns-sles-Basis-Devel-12-7.6.1 patterns-sles-Minimal-12-7.6.1 patterns-sles-WBEM-12-7.6.1 patterns-sles-apparmor-12-7.6.1 patterns-sles-base-12-7.6.1 patterns-sles-dhcp_dns_server-12-7.6.1 patterns-sles-directory_server-12-7.6.1 patterns-sles-documentation-12-7.6.1 patterns-sles-file_server-12-7.6.1 patterns-sles-fips-12-7.6.1 patterns-sles-gateway_server-12-7.6.1 patterns-sles-lamp_server-12-7.6.1 patterns-sles-mail_server-12-7.6.1 patterns-sles-ofed-12-7.6.1 patterns-sles-printing-12-7.6.1 patterns-sles-sap_server-12-7.6.1 patterns-sles-x11-12-7.6.1 patterns-sles-yast2-12-7.6.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64): patterns-sles-32bit-12-7.6.1 patterns-sles-Basis-Devel-32bit-12-7.6.1 patterns-sles-Minimal-32bit-12-7.6.1 patterns-sles-WBEM-32bit-12-7.6.1 patterns-sles-apparmor-32bit-12-7.6.1 patterns-sles-base-32bit-12-7.6.1 patterns-sles-dhcp_dns_server-32bit-12-7.6.1 patterns-sles-directory_server-32bit-12-7.6.1 patterns-sles-documentation-32bit-12-7.6.1 patterns-sles-file_server-32bit-12-7.6.1 patterns-sles-fips-32bit-12-7.6.1 patterns-sles-gateway_server-32bit-12-7.6.1 patterns-sles-kvm_server-12-7.6.1 patterns-sles-kvm_server-32bit-12-7.6.1 patterns-sles-kvm_tools-12-7.6.1 patterns-sles-kvm_tools-32bit-12-7.6.1 patterns-sles-lamp_server-32bit-12-7.6.1 patterns-sles-laptop-12-7.6.1 patterns-sles-laptop-32bit-12-7.6.1 patterns-sles-mail_server-32bit-12-7.6.1 patterns-sles-ofed-32bit-12-7.6.1 patterns-sles-oracle_server-12-7.6.1 patterns-sles-oracle_server-32bit-12-7.6.1 patterns-sles-printing-32bit-12-7.6.1 patterns-sles-sap_server-32bit-12-7.6.1 patterns-sles-x11-32bit-12-7.6.1 patterns-sles-xen_server-12-7.6.1 patterns-sles-xen_server-32bit-12-7.6.1 patterns-sles-xen_tools-12-7.6.1 patterns-sles-xen_tools-32bit-12-7.6.1 patterns-sles-yast2-32bit-12-7.6.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): patterns-sles-Basis-Devel-12-7.6.1 patterns-sles-Minimal-12-7.6.1 patterns-sles-WBEM-12-7.6.1 patterns-sles-apparmor-12-7.6.1 patterns-sles-base-12-7.6.1 patterns-sles-dhcp_dns_server-12-7.6.1 patterns-sles-directory_server-12-7.6.1 patterns-sles-documentation-12-7.6.1 patterns-sles-file_server-12-7.6.1 patterns-sles-fips-12-7.6.1 patterns-sles-gateway_server-12-7.6.1 patterns-sles-lamp_server-12-7.6.1 patterns-sles-mail_server-12-7.6.1 patterns-sles-ofed-12-7.6.1 patterns-sles-printing-12-7.6.1 patterns-sles-x11-12-7.6.1 patterns-sles-yast2-12-7.6.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 s390x x86_64): patterns-sles-kvm_server-12-7.6.1 patterns-sles-kvm_tools-12-7.6.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (ppc64le s390x x86_64): patterns-sles-sap_server-12-7.6.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (s390x x86_64): patterns-sles-32bit-12-7.6.1 patterns-sles-Basis-Devel-32bit-12-7.6.1 patterns-sles-Minimal-32bit-12-7.6.1 patterns-sles-WBEM-32bit-12-7.6.1 patterns-sles-apparmor-32bit-12-7.6.1 patterns-sles-base-32bit-12-7.6.1 patterns-sles-dhcp_dns_server-32bit-12-7.6.1 patterns-sles-directory_server-32bit-12-7.6.1 patterns-sles-documentation-32bit-12-7.6.1 patterns-sles-file_server-32bit-12-7.6.1 patterns-sles-fips-32bit-12-7.6.1 patterns-sles-gateway_server-32bit-12-7.6.1 patterns-sles-kvm_server-32bit-12-7.6.1 patterns-sles-kvm_tools-32bit-12-7.6.1 patterns-sles-lamp_server-32bit-12-7.6.1 patterns-sles-laptop-32bit-12-7.6.1 patterns-sles-mail_server-32bit-12-7.6.1 patterns-sles-ofed-32bit-12-7.6.1 patterns-sles-oracle_server-12-7.6.1 patterns-sles-oracle_server-32bit-12-7.6.1 patterns-sles-printing-32bit-12-7.6.1 patterns-sles-sap_server-32bit-12-7.6.1 patterns-sles-x11-32bit-12-7.6.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (x86_64): patterns-sles-laptop-12-7.6.1 patterns-sles-xen_server-12-7.6.1 patterns-sles-xen_server-32bit-12-7.6.1 patterns-sles-xen_tools-12-7.6.1 patterns-sles-xen_tools-32bit-12-7.6.1 patterns-sles-yast2-32bit-12-7.6.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (s390x): patterns-sles-hwcrypto-12-7.6.1 patterns-sles-hwcrypto-32bit-12-7.6.1 References: https://bugzilla.suse.com/1196307 From sle-updates at lists.suse.com Tue Oct 4 16:25:24 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 4 Oct 2022 18:25:24 +0200 (CEST) Subject: SUSE-FU-2022:3522-1: moderate: Feature update for python-python-editor Message-ID: <20221004162524.A6EDFFD57@maintenance.suse.de> SUSE Feature Update: Feature update for python-python-editor ______________________________________________________________________________ Announcement ID: SUSE-FU-2022:3522-1 Rating: moderate References: SLE-24984 Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has 0 feature fixes and contains one feature can now be installed. Description: This feature update for python-python-editor fixes the following issues: Version update from 1.0.3 to 1.0.4 (jsc#SLE-24984): - Clarify package summary and description - Remove superfluous devel dependency for noarch package Patch Instructions: To install this SUSE Feature Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3522=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-3522=1 Package List: - openSUSE Leap 15.4 (noarch): python3-python-editor-1.0.4-150400.11.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (noarch): python3-python-editor-1.0.4-150400.11.3.1 References: From sle-updates at lists.suse.com Tue Oct 4 16:23:28 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 4 Oct 2022 18:23:28 +0200 (CEST) Subject: SUSE-RU-2022:3519-1: moderate: Recommended update for pciutils Message-ID: <20221004162328.230CAFD57@maintenance.suse.de> SUSE Recommended Update: Recommended update for pciutils ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:3519-1 Rating: moderate References: #1192862 Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Enterprise Storage 7 SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Manager Proxy 4.1 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for pciutils fixes the following issues: - Fix LnkCap speed recognition in lspci for multi PCIe ports such ad the ML110 Gen11 (bsc#1192862) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-3519=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-3519=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-3519=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-3519=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-3519=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-3519=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-3519=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-3519=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-3519=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-3519=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-3519=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-3519=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-3519=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-3519=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-3519=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-3519=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-3519=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-3519=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-3519=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Manager Server 4.1 (ppc64le s390x x86_64): libpci3-3.5.6-150000.3.6.1 libpci3-debuginfo-3.5.6-150000.3.6.1 pciutils-3.5.6-150000.3.6.1 pciutils-debuginfo-3.5.6-150000.3.6.1 pciutils-debugsource-3.5.6-150000.3.6.1 pciutils-devel-3.5.6-150000.3.6.1 - SUSE Manager Server 4.1 (x86_64): libpci3-32bit-3.5.6-150000.3.6.1 libpci3-32bit-debuginfo-3.5.6-150000.3.6.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): libpci3-3.5.6-150000.3.6.1 libpci3-32bit-3.5.6-150000.3.6.1 libpci3-32bit-debuginfo-3.5.6-150000.3.6.1 libpci3-debuginfo-3.5.6-150000.3.6.1 pciutils-3.5.6-150000.3.6.1 pciutils-debuginfo-3.5.6-150000.3.6.1 pciutils-debugsource-3.5.6-150000.3.6.1 pciutils-devel-3.5.6-150000.3.6.1 - SUSE Manager Proxy 4.1 (x86_64): libpci3-3.5.6-150000.3.6.1 libpci3-32bit-3.5.6-150000.3.6.1 libpci3-32bit-debuginfo-3.5.6-150000.3.6.1 libpci3-debuginfo-3.5.6-150000.3.6.1 pciutils-3.5.6-150000.3.6.1 pciutils-debuginfo-3.5.6-150000.3.6.1 pciutils-debugsource-3.5.6-150000.3.6.1 pciutils-devel-3.5.6-150000.3.6.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): libpci3-3.5.6-150000.3.6.1 libpci3-debuginfo-3.5.6-150000.3.6.1 pciutils-3.5.6-150000.3.6.1 pciutils-debuginfo-3.5.6-150000.3.6.1 pciutils-debugsource-3.5.6-150000.3.6.1 pciutils-devel-3.5.6-150000.3.6.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (x86_64): libpci3-32bit-3.5.6-150000.3.6.1 libpci3-32bit-debuginfo-3.5.6-150000.3.6.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): libpci3-3.5.6-150000.3.6.1 libpci3-debuginfo-3.5.6-150000.3.6.1 pciutils-3.5.6-150000.3.6.1 pciutils-debuginfo-3.5.6-150000.3.6.1 pciutils-debugsource-3.5.6-150000.3.6.1 pciutils-devel-3.5.6-150000.3.6.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (x86_64): libpci3-32bit-3.5.6-150000.3.6.1 libpci3-32bit-debuginfo-3.5.6-150000.3.6.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): libpci3-3.5.6-150000.3.6.1 libpci3-debuginfo-3.5.6-150000.3.6.1 pciutils-3.5.6-150000.3.6.1 pciutils-debuginfo-3.5.6-150000.3.6.1 pciutils-debugsource-3.5.6-150000.3.6.1 pciutils-devel-3.5.6-150000.3.6.1 - SUSE Linux Enterprise Server for SAP 15 (x86_64): libpci3-32bit-3.5.6-150000.3.6.1 libpci3-32bit-debuginfo-3.5.6-150000.3.6.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): libpci3-3.5.6-150000.3.6.1 libpci3-debuginfo-3.5.6-150000.3.6.1 pciutils-3.5.6-150000.3.6.1 pciutils-debuginfo-3.5.6-150000.3.6.1 pciutils-debugsource-3.5.6-150000.3.6.1 pciutils-devel-3.5.6-150000.3.6.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (x86_64): libpci3-32bit-3.5.6-150000.3.6.1 libpci3-32bit-debuginfo-3.5.6-150000.3.6.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): libpci3-3.5.6-150000.3.6.1 libpci3-32bit-3.5.6-150000.3.6.1 libpci3-32bit-debuginfo-3.5.6-150000.3.6.1 libpci3-debuginfo-3.5.6-150000.3.6.1 pciutils-3.5.6-150000.3.6.1 pciutils-debuginfo-3.5.6-150000.3.6.1 pciutils-debugsource-3.5.6-150000.3.6.1 pciutils-devel-3.5.6-150000.3.6.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): libpci3-3.5.6-150000.3.6.1 libpci3-debuginfo-3.5.6-150000.3.6.1 pciutils-3.5.6-150000.3.6.1 pciutils-debuginfo-3.5.6-150000.3.6.1 pciutils-debugsource-3.5.6-150000.3.6.1 pciutils-devel-3.5.6-150000.3.6.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (x86_64): libpci3-32bit-3.5.6-150000.3.6.1 libpci3-32bit-debuginfo-3.5.6-150000.3.6.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): libpci3-3.5.6-150000.3.6.1 libpci3-32bit-3.5.6-150000.3.6.1 libpci3-32bit-debuginfo-3.5.6-150000.3.6.1 libpci3-debuginfo-3.5.6-150000.3.6.1 pciutils-3.5.6-150000.3.6.1 pciutils-debuginfo-3.5.6-150000.3.6.1 pciutils-debugsource-3.5.6-150000.3.6.1 pciutils-devel-3.5.6-150000.3.6.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): libpci3-3.5.6-150000.3.6.1 libpci3-debuginfo-3.5.6-150000.3.6.1 pciutils-3.5.6-150000.3.6.1 pciutils-debuginfo-3.5.6-150000.3.6.1 pciutils-debugsource-3.5.6-150000.3.6.1 pciutils-devel-3.5.6-150000.3.6.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): libpci3-3.5.6-150000.3.6.1 libpci3-debuginfo-3.5.6-150000.3.6.1 pciutils-3.5.6-150000.3.6.1 pciutils-debuginfo-3.5.6-150000.3.6.1 pciutils-debugsource-3.5.6-150000.3.6.1 pciutils-devel-3.5.6-150000.3.6.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (x86_64): libpci3-32bit-3.5.6-150000.3.6.1 libpci3-32bit-debuginfo-3.5.6-150000.3.6.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): libpci3-3.5.6-150000.3.6.1 libpci3-debuginfo-3.5.6-150000.3.6.1 pciutils-3.5.6-150000.3.6.1 pciutils-debuginfo-3.5.6-150000.3.6.1 pciutils-debugsource-3.5.6-150000.3.6.1 pciutils-devel-3.5.6-150000.3.6.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (x86_64): libpci3-32bit-3.5.6-150000.3.6.1 libpci3-32bit-debuginfo-3.5.6-150000.3.6.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): libpci3-3.5.6-150000.3.6.1 libpci3-debuginfo-3.5.6-150000.3.6.1 pciutils-3.5.6-150000.3.6.1 pciutils-debuginfo-3.5.6-150000.3.6.1 pciutils-debugsource-3.5.6-150000.3.6.1 pciutils-devel-3.5.6-150000.3.6.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (x86_64): libpci3-32bit-3.5.6-150000.3.6.1 libpci3-32bit-debuginfo-3.5.6-150000.3.6.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): libpci3-3.5.6-150000.3.6.1 libpci3-debuginfo-3.5.6-150000.3.6.1 pciutils-3.5.6-150000.3.6.1 pciutils-debuginfo-3.5.6-150000.3.6.1 pciutils-debugsource-3.5.6-150000.3.6.1 pciutils-devel-3.5.6-150000.3.6.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (x86_64): libpci3-32bit-3.5.6-150000.3.6.1 libpci3-32bit-debuginfo-3.5.6-150000.3.6.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): libpci3-3.5.6-150000.3.6.1 libpci3-debuginfo-3.5.6-150000.3.6.1 pciutils-3.5.6-150000.3.6.1 pciutils-debuginfo-3.5.6-150000.3.6.1 pciutils-debugsource-3.5.6-150000.3.6.1 pciutils-devel-3.5.6-150000.3.6.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (x86_64): libpci3-32bit-3.5.6-150000.3.6.1 libpci3-32bit-debuginfo-3.5.6-150000.3.6.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): libpci3-3.5.6-150000.3.6.1 libpci3-debuginfo-3.5.6-150000.3.6.1 pciutils-3.5.6-150000.3.6.1 pciutils-debuginfo-3.5.6-150000.3.6.1 pciutils-debugsource-3.5.6-150000.3.6.1 pciutils-devel-3.5.6-150000.3.6.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (x86_64): libpci3-32bit-3.5.6-150000.3.6.1 libpci3-32bit-debuginfo-3.5.6-150000.3.6.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): libpci3-3.5.6-150000.3.6.1 libpci3-debuginfo-3.5.6-150000.3.6.1 pciutils-3.5.6-150000.3.6.1 pciutils-debuginfo-3.5.6-150000.3.6.1 pciutils-debugsource-3.5.6-150000.3.6.1 pciutils-devel-3.5.6-150000.3.6.1 - SUSE Enterprise Storage 7 (x86_64): libpci3-32bit-3.5.6-150000.3.6.1 libpci3-32bit-debuginfo-3.5.6-150000.3.6.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): libpci3-3.5.6-150000.3.6.1 libpci3-debuginfo-3.5.6-150000.3.6.1 pciutils-3.5.6-150000.3.6.1 pciutils-debuginfo-3.5.6-150000.3.6.1 pciutils-debugsource-3.5.6-150000.3.6.1 pciutils-devel-3.5.6-150000.3.6.1 - SUSE Enterprise Storage 6 (x86_64): libpci3-32bit-3.5.6-150000.3.6.1 libpci3-32bit-debuginfo-3.5.6-150000.3.6.1 - SUSE CaaS Platform 4.0 (x86_64): libpci3-3.5.6-150000.3.6.1 libpci3-32bit-3.5.6-150000.3.6.1 libpci3-32bit-debuginfo-3.5.6-150000.3.6.1 libpci3-debuginfo-3.5.6-150000.3.6.1 pciutils-3.5.6-150000.3.6.1 pciutils-debuginfo-3.5.6-150000.3.6.1 pciutils-debugsource-3.5.6-150000.3.6.1 pciutils-devel-3.5.6-150000.3.6.1 References: https://bugzilla.suse.com/1192862 From sle-updates at lists.suse.com Tue Oct 4 19:19:04 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 4 Oct 2022 21:19:04 +0200 (CEST) Subject: SUSE-SU-2022:3523-1: moderate: Security update for libjpeg-turbo Message-ID: <20221004191904.B1592FD57@maintenance.suse.de> SUSE Security Update: Security update for libjpeg-turbo ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3523-1 Rating: moderate References: #1202915 Cross-References: CVE-2020-35538 CVSS scores: CVE-2020-35538 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2020-35538 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Desktop Applications 15-SP3 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 openSUSE Leap Micro 5.2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for libjpeg-turbo fixes the following issues: - CVE-2020-35538: Fixed null pointer dereference in jcopy_sample_rows() function (bsc#1202915). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap Micro 5.2: zypper in -t patch openSUSE-Leap-Micro-5.2-2022-3523=1 - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3523=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-3523=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2022-3523=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP3-2022-3523=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-3523=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-3523=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-3523=1 Package List: - openSUSE Leap Micro 5.2 (aarch64 x86_64): libjpeg8-8.1.2-150000.32.5.1 libjpeg8-debuginfo-8.1.2-150000.32.5.1 - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): libjpeg62-turbo-1.5.3-150000.32.5.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): libjpeg-turbo-1.5.3-150000.32.5.1 libjpeg-turbo-debuginfo-1.5.3-150000.32.5.1 libjpeg-turbo-debugsource-1.5.3-150000.32.5.1 libjpeg62-62.2.0-150000.32.5.1 libjpeg62-debuginfo-62.2.0-150000.32.5.1 libjpeg62-devel-62.2.0-150000.32.5.1 libjpeg62-turbo-1.5.3-150000.32.5.1 libjpeg62-turbo-debugsource-1.5.3-150000.32.5.1 libjpeg8-8.1.2-150000.32.5.1 libjpeg8-debuginfo-8.1.2-150000.32.5.1 libjpeg8-devel-8.1.2-150000.32.5.1 libturbojpeg0-8.1.2-150000.32.5.1 libturbojpeg0-debuginfo-8.1.2-150000.32.5.1 - openSUSE Leap 15.3 (x86_64): libjpeg62-32bit-62.2.0-150000.32.5.1 libjpeg62-32bit-debuginfo-62.2.0-150000.32.5.1 libjpeg62-devel-32bit-62.2.0-150000.32.5.1 libjpeg8-32bit-8.1.2-150000.32.5.1 libjpeg8-32bit-debuginfo-8.1.2-150000.32.5.1 libjpeg8-devel-32bit-8.1.2-150000.32.5.1 libturbojpeg0-32bit-8.1.2-150000.32.5.1 libturbojpeg0-32bit-debuginfo-8.1.2-150000.32.5.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (aarch64 ppc64le s390x x86_64): libjpeg-turbo-1.5.3-150000.32.5.1 libjpeg-turbo-debuginfo-1.5.3-150000.32.5.1 libjpeg-turbo-debugsource-1.5.3-150000.32.5.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (x86_64): libjpeg8-32bit-8.1.2-150000.32.5.1 libjpeg8-32bit-debuginfo-8.1.2-150000.32.5.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (x86_64): libjpeg8-32bit-8.1.2-150000.32.5.1 libjpeg8-32bit-debuginfo-8.1.2-150000.32.5.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): libjpeg62-62.2.0-150000.32.5.1 libjpeg62-debuginfo-62.2.0-150000.32.5.1 libjpeg62-devel-62.2.0-150000.32.5.1 libjpeg8-8.1.2-150000.32.5.1 libjpeg8-debuginfo-8.1.2-150000.32.5.1 libjpeg8-devel-8.1.2-150000.32.5.1 libturbojpeg0-8.1.2-150000.32.5.1 libturbojpeg0-debuginfo-8.1.2-150000.32.5.1 - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): libjpeg8-8.1.2-150000.32.5.1 libjpeg8-debuginfo-8.1.2-150000.32.5.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): libjpeg8-8.1.2-150000.32.5.1 libjpeg8-debuginfo-8.1.2-150000.32.5.1 References: https://www.suse.com/security/cve/CVE-2020-35538.html https://bugzilla.suse.com/1202915 From sle-updates at lists.suse.com Wed Oct 5 07:36:44 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 5 Oct 2022 09:36:44 +0200 (CEST) Subject: SUSE-CU-2022:2457-1: Security update of bci/golang Message-ID: <20221005073644.55D2DFCF8@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2457-1 Container Tags : bci/golang:1.19 , bci/golang:1.19-2.46 , bci/golang:latest Container Release : 2.46 Severity : important Type : security References : 1201942 1203438 CVE-2022-40674 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3452-1 Released: Wed Sep 28 12:13:43 2022 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1201942 This update for glibc fixes the following issues: - Reversing calculation of __x86_shared_non_temporal_threshold (bsc#1201942) - powerpc: Optimized memcmp for power10 (jsc#PED-987) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3489-1 Released: Sat Oct 1 13:35:24 2022 Summary: Security update for expat Type: security Severity: important References: 1203438,CVE-2022-40674 This update for expat fixes the following issues: - CVE-2022-40674: Fixed use-after-free in the doContent function in xmlparse.c (bsc#1203438). The following package changes have been done: - libexpat1-2.4.4-150400.3.9.1 updated - glibc-devel-2.31-150300.41.1 updated - container:sles15-image-15.0.0-27.11.28 updated - aaa_base-84.87+git20180409.04c9dae-3.57.1 removed - bash-4.4-150400.25.22 removed - bash-sh-4.4-150400.25.22 removed - coreutils-8.32-150400.7.5 removed - cpio-2.13-150400.1.98 removed - cracklib-2.9.7-11.6.1 removed - cracklib-dict-small-2.9.7-11.6.1 removed - diffutils-3.6-4.3.1 removed - file-magic-5.32-7.14.1 removed - filesystem-15.0-11.8.1 removed - fillup-1.42-2.18 removed - findutils-4.8.0-1.20 removed - glibc-2.31-150300.37.1 removed - grep-3.1-150000.4.6.1 removed - info-6.5-4.17 removed - krb5-1.19.2-150400.1.9 removed - libacl1-2.2.52-4.3.1 removed - libattr1-2.4.47-2.19 removed - libaudit1-3.0.6-150400.2.13 removed - libblkid1-2.37.2-150400.8.3.1 removed - libbrotlicommon1-1.0.7-3.3.1 removed - libbrotlidec1-1.0.7-3.3.1 removed - libbz2-1-1.0.8-150400.1.122 removed - libcap-ng0-0.7.9-4.37 removed - libcap2-2.63-150400.1.7 removed - libcom_err2-1.46.4-150400.3.3.1 removed - libcrack2-2.9.7-11.6.1 removed - libcrypt1-4.4.15-150300.4.4.3 removed - libcurl4-7.79.1-150400.5.6.1 removed - libdw1-0.185-150400.5.3.1 removed - libeconf0-0.4.4+git20220104.962774f-150400.1.38 removed - libelf1-0.185-150400.5.3.1 removed - libfdisk1-2.37.2-150400.8.3.1 removed - libgcc_s1-11.3.0+git1637-150000.1.11.2 removed - libgcrypt20-1.9.4-150400.4.6 removed - libgcrypt20-hmac-1.9.4-150400.4.6 removed - libgmp10-6.1.2-4.9.1 removed - libgpg-error0-1.42-150400.1.101 removed - libidn2-0-2.2.0-3.6.1 removed - libkeyutils1-1.6.3-5.6.1 removed - libldap-2_4-2-2.4.46-150200.14.11.2 removed - libldap-data-2.4.46-150200.14.11.2 removed - liblua5_3-5-5.3.6-3.6.1 removed - liblz4-1-1.9.3-150400.1.7 removed - liblzma5-5.2.3-150000.4.7.1 removed - libmagic1-5.32-7.14.1 removed - libmount1-2.37.2-150400.8.3.1 removed - libncurses6-6.1-150000.5.12.1 removed - libnghttp2-14-1.40.0-6.1 removed - libnsl2-1.2.0-2.44 removed - libopenssl1_1-1.1.1l-150400.7.7.1 removed - libopenssl1_1-hmac-1.1.1l-150400.7.7.1 removed - libpcre1-8.45-150000.20.13.1 removed - libpopt0-1.16-3.22 removed - libpsl5-0.20.1-150000.3.3.1 removed - libreadline7-7.0-150400.25.22 removed - libsasl2-3-2.1.27-150300.4.6.1 removed - libselinux1-3.1-150400.1.69 removed - libsemanage1-3.1-150400.1.65 removed - libsepol1-3.1-150400.1.70 removed - libsmartcols1-2.37.2-150400.8.3.1 removed - libssh-config-0.9.6-150400.1.5 removed - libssh4-0.9.6-150400.1.5 removed - libstdc++6-11.3.0+git1637-150000.1.11.2 removed - libsystemd0-249.12-150400.8.10.1 removed - libtirpc-netconfig-1.2.6-150300.3.14.1 removed - libtirpc3-1.2.6-150300.3.14.1 removed - libudev1-249.12-150400.8.10.1 removed - libunistring2-0.9.10-1.1 removed - libutempter0-1.1.6-3.42 removed - libuuid1-2.37.2-150400.8.3.1 removed - libverto1-0.2.6-3.20 removed - libxml2-2-2.9.14-150400.5.7.1 removed - libz1-1.2.11-150000.3.33.1 removed - libzio1-1.06-2.20 removed - libzstd1-1.5.0-150400.1.71 removed - login_defs-4.8.1-150400.8.57 removed - ncurses-utils-6.1-150000.5.12.1 removed - pam-1.3.0-150000.6.58.3 removed - patterns-base-fips-20200124-150400.18.4 removed - perl-base-5.26.1-150300.17.11.1 removed - permissions-20201225-150400.5.11.1 removed - rpm-config-SUSE-1-150400.14.3.1 removed - rpm-ndb-4.14.3-150300.49.1 removed - sed-4.4-11.6 removed - shadow-4.8.1-150400.8.57 removed - sles-release-15.4-150400.55.1 removed - system-group-hardware-20170617-150400.22.33 removed - system-user-root-20190513-3.3.1 removed - sysuser-shadow-3.1-150400.1.35 removed - terminfo-base-6.1-150000.5.12.1 removed - timezone-2022a-150000.75.10.1 removed - util-linux-2.37.2-150400.8.3.1 removed From sle-updates at lists.suse.com Wed Oct 5 07:38:19 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 5 Oct 2022 09:38:19 +0200 (CEST) Subject: SUSE-CU-2022:2458-1: Recommended update of bci/bci-init Message-ID: <20221005073819.B22E8FCF8@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2458-1 Container Tags : bci/bci-init:15.4 , bci/bci-init:15.4.22.32 , bci/bci-init:latest Container Release : 22.32 Severity : critical Type : recommended References : 1198523 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3521-1 Released: Tue Oct 4 14:18:56 2022 Summary: Recommended update for lvm2 Type: recommended Severity: critical References: 1198523 This update for lvm2 fixes the following issues: - Add additional check in the package to prevent removal of device-mapper library files during install (bsc#1198523) The following package changes have been done: - libdevmapper1_03-1.02.163-150400.178.1 updated From sle-updates at lists.suse.com Wed Oct 5 07:39:37 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 5 Oct 2022 09:39:37 +0200 (CEST) Subject: SUSE-CU-2022:2459-1: Security update of bci/nodejs Message-ID: <20221005073937.964BEFCF8@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2459-1 Container Tags : bci/node:14 , bci/node:14-33.44 , bci/nodejs:14 , bci/nodejs:14-33.44 Container Release : 33.44 Severity : important Type : security References : 1203438 CVE-2022-40674 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3489-1 Released: Sat Oct 1 13:35:24 2022 Summary: Security update for expat Type: security Severity: important References: 1203438,CVE-2022-40674 This update for expat fixes the following issues: - CVE-2022-40674: Fixed use-after-free in the doContent function in xmlparse.c (bsc#1203438). The following package changes have been done: - libexpat1-2.4.4-150400.3.9.1 updated - aaa_base-84.87+git20180409.04c9dae-3.57.1 removed - bash-4.4-150400.25.22 removed - bash-sh-4.4-150400.25.22 removed - coreutils-8.32-150400.7.5 removed - cpio-2.13-150400.1.98 removed - cracklib-2.9.7-11.6.1 removed - cracklib-dict-small-2.9.7-11.6.1 removed - diffutils-3.6-4.3.1 removed - file-magic-5.32-7.14.1 removed - filesystem-15.0-11.8.1 removed - fillup-1.42-2.18 removed - findutils-4.8.0-1.20 removed - glibc-2.31-150300.41.1 removed - grep-3.1-150000.4.6.1 removed - info-6.5-4.17 removed - krb5-1.19.2-150400.1.9 removed - libacl1-2.2.52-4.3.1 removed - libattr1-2.4.47-2.19 removed - libaudit1-3.0.6-150400.2.13 removed - libblkid1-2.37.2-150400.8.3.1 removed - libbrotlicommon1-1.0.7-3.3.1 removed - libbrotlidec1-1.0.7-3.3.1 removed - libbz2-1-1.0.8-150400.1.122 removed - libcap-ng0-0.7.9-4.37 removed - libcap2-2.63-150400.1.7 removed - libcom_err2-1.46.4-150400.3.3.1 removed - libcrack2-2.9.7-11.6.1 removed - libcrypt1-4.4.15-150300.4.4.3 removed - libcurl4-7.79.1-150400.5.6.1 removed - libdw1-0.185-150400.5.3.1 removed - libeconf0-0.4.4+git20220104.962774f-150400.1.38 removed - libelf1-0.185-150400.5.3.1 removed - libfdisk1-2.37.2-150400.8.3.1 removed - libffi7-3.2.1.git259-10.8 removed - libgcc_s1-11.3.0+git1637-150000.1.11.2 removed - libgcrypt20-1.9.4-150400.4.6 removed - libgcrypt20-hmac-1.9.4-150400.4.6 removed - libgmp10-6.1.2-4.9.1 removed - libgpg-error0-1.42-150400.1.101 removed - libidn2-0-2.2.0-3.6.1 removed - libkeyutils1-1.6.3-5.6.1 removed - libldap-2_4-2-2.4.46-150200.14.11.2 removed - libldap-data-2.4.46-150200.14.11.2 removed - liblua5_3-5-5.3.6-3.6.1 removed - liblz4-1-1.9.3-150400.1.7 removed - liblzma5-5.2.3-150000.4.7.1 removed - libmagic1-5.32-7.14.1 removed - libmount1-2.37.2-150400.8.3.1 removed - libncurses6-6.1-150000.5.12.1 removed - libnghttp2-14-1.40.0-6.1 removed - libnsl2-1.2.0-2.44 removed - libopenssl1_1-1.1.1l-150400.7.7.1 removed - libopenssl1_1-hmac-1.1.1l-150400.7.7.1 removed - libpcre1-8.45-150000.20.13.1 removed - libpopt0-1.16-3.22 removed - libpsl5-0.20.1-150000.3.3.1 removed - libreadline7-7.0-150400.25.22 removed - libsasl2-3-2.1.27-150300.4.6.1 removed - libselinux1-3.1-150400.1.69 removed - libsemanage1-3.1-150400.1.65 removed - libsepol1-3.1-150400.1.70 removed - libsmartcols1-2.37.2-150400.8.3.1 removed - libssh-config-0.9.6-150400.1.5 removed - libssh4-0.9.6-150400.1.5 removed - libstdc++6-11.3.0+git1637-150000.1.11.2 removed - libsystemd0-249.12-150400.8.10.1 removed - libtirpc-netconfig-1.2.6-150300.3.14.1 removed - libtirpc3-1.2.6-150300.3.14.1 removed - libudev1-249.12-150400.8.10.1 removed - libunistring2-0.9.10-1.1 removed - libutempter0-1.1.6-3.42 removed - libuuid1-2.37.2-150400.8.3.1 removed - libverto1-0.2.6-3.20 removed - libxml2-2-2.9.14-150400.5.7.1 removed - libz1-1.2.11-150000.3.33.1 removed - libzio1-1.06-2.20 removed - libzstd1-1.5.0-150400.1.71 removed - login_defs-4.8.1-150400.8.57 removed - ncurses-utils-6.1-150000.5.12.1 removed - netcfg-11.6-3.3.1 removed - pam-1.3.0-150000.6.58.3 removed - patterns-base-fips-20200124-150400.18.4 removed - perl-base-5.26.1-150300.17.11.1 removed - permissions-20201225-150400.5.11.1 removed - rpm-config-SUSE-1-150400.14.3.1 removed - rpm-ndb-4.14.3-150300.49.1 removed - sed-4.4-11.6 removed - shadow-4.8.1-150400.8.57 removed - sles-release-15.4-150400.55.1 removed - system-group-hardware-20170617-150400.22.33 removed - system-user-root-20190513-3.3.1 removed - sysuser-shadow-3.1-150400.1.35 removed - terminfo-base-6.1-150000.5.12.1 removed - timezone-2022a-150000.75.10.1 removed - util-linux-2.37.2-150400.8.3.1 removed From sle-updates at lists.suse.com Wed Oct 5 13:19:14 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 5 Oct 2022 15:19:14 +0200 (CEST) Subject: SUSE-SU-2022:3524-1: important: Security update for nodejs16 Message-ID: <20221005131914.AB37FFD57@maintenance.suse.de> SUSE Security Update: Security update for nodejs16 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3524-1 Rating: important References: #1201325 #1201327 #1203831 #1203832 Cross-References: CVE-2022-32213 CVE-2022-32215 CVE-2022-35255 CVE-2022-35256 CVSS scores: CVE-2022-32213 (NVD) : 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVE-2022-32213 (SUSE): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H CVE-2022-32215 (NVD) : 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVE-2022-32215 (SUSE): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N CVE-2022-35255 (SUSE): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N CVE-2022-35256 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N Affected Products: SUSE Linux Enterprise High Performance Computing 12 SUSE Linux Enterprise Module for Web Scripting 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12 SUSE Linux Enterprise Server for SAP Applications 12-SP3 SUSE Linux Enterprise Server for SAP Applications 12-SP4 SUSE Linux Enterprise Server for SAP Applications 12-SP5 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for nodejs16 fixes the following issues: Updated to version 16.17.1: - CVE-2022-32213: Fixed bypass via obs-fold mechanic (bsc#1201325). - CVE-2022-32215: Fixed incorrect Parsing of Multi-line Transfer-Encoding (bsc#1201327). - CVE-2022-35256: Fixed incorrect Parsing of Header Fields (bsc#1203832). - CVE-2022-35255: FIxed weak randomness in WebCrypto keygen (bsc#1203831). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Web Scripting 12: zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2022-3524=1 Package List: - SUSE Linux Enterprise Module for Web Scripting 12 (aarch64 ppc64le s390x x86_64): nodejs16-16.17.1-8.12.1 nodejs16-debuginfo-16.17.1-8.12.1 nodejs16-debugsource-16.17.1-8.12.1 nodejs16-devel-16.17.1-8.12.1 npm16-16.17.1-8.12.1 - SUSE Linux Enterprise Module for Web Scripting 12 (noarch): nodejs16-docs-16.17.1-8.12.1 References: https://www.suse.com/security/cve/CVE-2022-32213.html https://www.suse.com/security/cve/CVE-2022-32215.html https://www.suse.com/security/cve/CVE-2022-35255.html https://www.suse.com/security/cve/CVE-2022-35256.html https://bugzilla.suse.com/1201325 https://bugzilla.suse.com/1201327 https://bugzilla.suse.com/1203831 https://bugzilla.suse.com/1203832 From sle-updates at lists.suse.com Wed Oct 5 13:20:08 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 5 Oct 2022 15:20:08 +0200 (CEST) Subject: SUSE-SU-2022:3525-1: moderate: Security update for cifs-utils Message-ID: <20221005132008.E3987FD57@maintenance.suse.de> SUSE Security Update: Security update for cifs-utils ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3525-1 Rating: moderate References: #1198976 Cross-References: CVE-2022-29869 CVSS scores: CVE-2022-29869 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2022-29869 (SUSE): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for cifs-utils fixes the following issues: - Fix changelog to include Bugzilla and CVE tracker id numbers missing from previous update Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3525=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-3525=1 - SUSE Linux Enterprise Micro 5.3: zypper in -t patch SUSE-SLE-Micro-5.3-2022-3525=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): cifs-utils-6.15-150400.3.9.1 cifs-utils-debuginfo-6.15-150400.3.9.1 cifs-utils-debugsource-6.15-150400.3.9.1 cifs-utils-devel-6.15-150400.3.9.1 pam_cifscreds-6.15-150400.3.9.1 pam_cifscreds-debuginfo-6.15-150400.3.9.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): cifs-utils-6.15-150400.3.9.1 cifs-utils-debuginfo-6.15-150400.3.9.1 cifs-utils-debugsource-6.15-150400.3.9.1 cifs-utils-devel-6.15-150400.3.9.1 - SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64): cifs-utils-6.15-150400.3.9.1 cifs-utils-debuginfo-6.15-150400.3.9.1 cifs-utils-debugsource-6.15-150400.3.9.1 References: https://www.suse.com/security/cve/CVE-2022-29869.html https://bugzilla.suse.com/1198976 From sle-updates at lists.suse.com Wed Oct 5 16:18:49 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 5 Oct 2022 18:18:49 +0200 (CEST) Subject: SUSE-RU-2022:3526-1: moderate: Recommended update for yast2-storage Message-ID: <20221005161849.DC257FD57@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-storage ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:3526-1 Rating: moderate References: #1197208 Affected Products: SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for yast2-storage fixes the following issues: - Partitioner: PVs are not wrongly removed when resizing a VG (bsc#1197208) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-3526=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-3526=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): yast2-storage-debuginfo-3.2.23-3.3.1 yast2-storage-debugsource-3.2.23-3.3.1 yast2-storage-devel-3.2.23-3.3.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): yast2-storage-3.2.23-3.3.1 yast2-storage-debuginfo-3.2.23-3.3.1 yast2-storage-debugsource-3.2.23-3.3.1 References: https://bugzilla.suse.com/1197208 From sle-updates at lists.suse.com Wed Oct 5 19:18:46 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 5 Oct 2022 21:18:46 +0200 (CEST) Subject: SUSE-SU-2022:3529-1: important: Security update for sendmail Message-ID: <20221005191846.5B7A9FD57@maintenance.suse.de> SUSE Security Update: Security update for sendmail ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3529-1 Rating: important References: #1164084 Affected Products: SUSE Linux Enterprise High Performance Computing SUSE Linux Enterprise Module for Legacy Software 12 SUSE Linux Enterprise Server SUSE Linux Enterprise Server for SAP Applications ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for sendmail fixes the following issues: - Fixed SMTP session reuse leading to STARTTLS not used even if offered (bsc#1164084). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Legacy Software 12: zypper in -t patch SUSE-SLE-Module-Legacy-12-2022-3529=1 Package List: - SUSE Linux Enterprise Module for Legacy Software 12 (aarch64 ppc64le s390x x86_64): sendmail-8.14.9-4.3.1 sendmail-debuginfo-8.14.9-4.3.1 sendmail-debugsource-8.14.9-4.3.1 References: https://bugzilla.suse.com/1164084 From sle-updates at lists.suse.com Wed Oct 5 19:19:19 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 5 Oct 2022 21:19:19 +0200 (CEST) Subject: SUSE-SU-2022:3530-1: important: Security update for helm3 Message-ID: <20221005191919.46F26FD57@maintenance.suse.de> SUSE Security Update: Security update for helm3 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3530-1 Rating: important References: #1203054 Cross-References: CVE-2022-36055 CVSS scores: CVE-2022-36055 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-36055 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE CaaS Platform 4.0 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for helm3 fixes the following issues: - CVE-2022-36055: Fixed denial of service through string value parsing (bsc#1203054). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE CaaS Platform 4.0 (x86_64): helm3-3.3.3-150100.1.7.1 References: https://www.suse.com/security/cve/CVE-2022-36055.html https://bugzilla.suse.com/1203054 From sle-updates at lists.suse.com Thu Oct 6 13:24:42 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 6 Oct 2022 15:24:42 +0200 (CEST) Subject: SUSE-SU-2022:3538-1: important: Security update for webkit2gtk3 Message-ID: <20221006132442.3F9E5FD57@maintenance.suse.de> SUSE Security Update: Security update for webkit2gtk3 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3538-1 Rating: important References: #1203530 Cross-References: CVE-2022-32886 CVE-2022-32912 CVSS scores: CVE-2022-32886 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-32886 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-32912 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-32912 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: SUSE Enterprise Storage 7 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Desktop Applications 15-SP3 SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.1 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.1 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for webkit2gtk3 fixes the following issues: Updated to version 2.36.8 (bsc#1203530): - CVE-2022-32886: Fixed a buffer overflow issue that could potentially lead to code execution. - CVE-2022-32912: Fixed an out-of-bounds read that could potentially lead to code execution. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3538=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-3538=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-3538=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-3538=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-3538=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-3538=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-3538=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-3538=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP3-2022-3538=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-3538=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-3538=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-3538=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-3538=1 Package List: - openSUSE Leap 15.4 (noarch): libwebkit2gtk3-lang-2.36.8-150200.47.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): libjavascriptcoregtk-4_0-18-2.36.8-150200.47.1 libjavascriptcoregtk-4_0-18-debuginfo-2.36.8-150200.47.1 libwebkit2gtk-4_0-37-2.36.8-150200.47.1 libwebkit2gtk-4_0-37-debuginfo-2.36.8-150200.47.1 typelib-1_0-JavaScriptCore-4_0-2.36.8-150200.47.1 typelib-1_0-WebKit2-4_0-2.36.8-150200.47.1 typelib-1_0-WebKit2WebExtension-4_0-2.36.8-150200.47.1 webkit-jsc-4-2.36.8-150200.47.1 webkit-jsc-4-debuginfo-2.36.8-150200.47.1 webkit2gtk-4_0-injected-bundles-2.36.8-150200.47.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.36.8-150200.47.1 webkit2gtk3-debugsource-2.36.8-150200.47.1 webkit2gtk3-devel-2.36.8-150200.47.1 webkit2gtk3-minibrowser-2.36.8-150200.47.1 webkit2gtk3-minibrowser-debuginfo-2.36.8-150200.47.1 - openSUSE Leap 15.3 (noarch): libwebkit2gtk3-lang-2.36.8-150200.47.1 - openSUSE Leap 15.3 (x86_64): libjavascriptcoregtk-4_0-18-32bit-2.36.8-150200.47.1 libjavascriptcoregtk-4_0-18-32bit-debuginfo-2.36.8-150200.47.1 libwebkit2gtk-4_0-37-32bit-2.36.8-150200.47.1 libwebkit2gtk-4_0-37-32bit-debuginfo-2.36.8-150200.47.1 - SUSE Manager Server 4.1 (ppc64le s390x x86_64): libjavascriptcoregtk-4_0-18-2.36.8-150200.47.1 libjavascriptcoregtk-4_0-18-debuginfo-2.36.8-150200.47.1 libwebkit2gtk-4_0-37-2.36.8-150200.47.1 libwebkit2gtk-4_0-37-debuginfo-2.36.8-150200.47.1 typelib-1_0-JavaScriptCore-4_0-2.36.8-150200.47.1 typelib-1_0-WebKit2-4_0-2.36.8-150200.47.1 typelib-1_0-WebKit2WebExtension-4_0-2.36.8-150200.47.1 webkit2gtk-4_0-injected-bundles-2.36.8-150200.47.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.36.8-150200.47.1 webkit2gtk3-debugsource-2.36.8-150200.47.1 webkit2gtk3-devel-2.36.8-150200.47.1 - SUSE Manager Server 4.1 (noarch): libwebkit2gtk3-lang-2.36.8-150200.47.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): libjavascriptcoregtk-4_0-18-2.36.8-150200.47.1 libjavascriptcoregtk-4_0-18-debuginfo-2.36.8-150200.47.1 libwebkit2gtk-4_0-37-2.36.8-150200.47.1 libwebkit2gtk-4_0-37-debuginfo-2.36.8-150200.47.1 typelib-1_0-JavaScriptCore-4_0-2.36.8-150200.47.1 typelib-1_0-WebKit2-4_0-2.36.8-150200.47.1 typelib-1_0-WebKit2WebExtension-4_0-2.36.8-150200.47.1 webkit2gtk-4_0-injected-bundles-2.36.8-150200.47.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.36.8-150200.47.1 webkit2gtk3-debugsource-2.36.8-150200.47.1 webkit2gtk3-devel-2.36.8-150200.47.1 - SUSE Manager Retail Branch Server 4.1 (noarch): libwebkit2gtk3-lang-2.36.8-150200.47.1 - SUSE Manager Proxy 4.1 (x86_64): libjavascriptcoregtk-4_0-18-2.36.8-150200.47.1 libjavascriptcoregtk-4_0-18-debuginfo-2.36.8-150200.47.1 libwebkit2gtk-4_0-37-2.36.8-150200.47.1 libwebkit2gtk-4_0-37-debuginfo-2.36.8-150200.47.1 typelib-1_0-JavaScriptCore-4_0-2.36.8-150200.47.1 typelib-1_0-WebKit2-4_0-2.36.8-150200.47.1 typelib-1_0-WebKit2WebExtension-4_0-2.36.8-150200.47.1 webkit2gtk-4_0-injected-bundles-2.36.8-150200.47.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.36.8-150200.47.1 webkit2gtk3-debugsource-2.36.8-150200.47.1 webkit2gtk3-devel-2.36.8-150200.47.1 - SUSE Manager Proxy 4.1 (noarch): libwebkit2gtk3-lang-2.36.8-150200.47.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): libjavascriptcoregtk-4_0-18-2.36.8-150200.47.1 libjavascriptcoregtk-4_0-18-debuginfo-2.36.8-150200.47.1 libwebkit2gtk-4_0-37-2.36.8-150200.47.1 libwebkit2gtk-4_0-37-debuginfo-2.36.8-150200.47.1 typelib-1_0-JavaScriptCore-4_0-2.36.8-150200.47.1 typelib-1_0-WebKit2-4_0-2.36.8-150200.47.1 typelib-1_0-WebKit2WebExtension-4_0-2.36.8-150200.47.1 webkit2gtk-4_0-injected-bundles-2.36.8-150200.47.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.36.8-150200.47.1 webkit2gtk3-debugsource-2.36.8-150200.47.1 webkit2gtk3-devel-2.36.8-150200.47.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (noarch): libwebkit2gtk3-lang-2.36.8-150200.47.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): libjavascriptcoregtk-4_0-18-2.36.8-150200.47.1 libjavascriptcoregtk-4_0-18-debuginfo-2.36.8-150200.47.1 libwebkit2gtk-4_0-37-2.36.8-150200.47.1 libwebkit2gtk-4_0-37-debuginfo-2.36.8-150200.47.1 typelib-1_0-JavaScriptCore-4_0-2.36.8-150200.47.1 typelib-1_0-WebKit2-4_0-2.36.8-150200.47.1 typelib-1_0-WebKit2WebExtension-4_0-2.36.8-150200.47.1 webkit2gtk-4_0-injected-bundles-2.36.8-150200.47.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.36.8-150200.47.1 webkit2gtk3-debugsource-2.36.8-150200.47.1 webkit2gtk3-devel-2.36.8-150200.47.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (noarch): libwebkit2gtk3-lang-2.36.8-150200.47.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): libjavascriptcoregtk-4_0-18-2.36.8-150200.47.1 libjavascriptcoregtk-4_0-18-debuginfo-2.36.8-150200.47.1 libwebkit2gtk-4_0-37-2.36.8-150200.47.1 libwebkit2gtk-4_0-37-debuginfo-2.36.8-150200.47.1 typelib-1_0-JavaScriptCore-4_0-2.36.8-150200.47.1 typelib-1_0-WebKit2-4_0-2.36.8-150200.47.1 typelib-1_0-WebKit2WebExtension-4_0-2.36.8-150200.47.1 webkit2gtk-4_0-injected-bundles-2.36.8-150200.47.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.36.8-150200.47.1 webkit2gtk3-debugsource-2.36.8-150200.47.1 webkit2gtk3-devel-2.36.8-150200.47.1 - SUSE Linux Enterprise Server 15-SP2-BCL (noarch): libwebkit2gtk3-lang-2.36.8-150200.47.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (aarch64 ppc64le s390x x86_64): typelib-1_0-JavaScriptCore-4_0-2.36.8-150200.47.1 typelib-1_0-WebKit2-4_0-2.36.8-150200.47.1 typelib-1_0-WebKit2WebExtension-4_0-2.36.8-150200.47.1 webkit2gtk3-debugsource-2.36.8-150200.47.1 webkit2gtk3-devel-2.36.8-150200.47.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): libjavascriptcoregtk-4_0-18-2.36.8-150200.47.1 libjavascriptcoregtk-4_0-18-debuginfo-2.36.8-150200.47.1 libwebkit2gtk-4_0-37-2.36.8-150200.47.1 libwebkit2gtk-4_0-37-debuginfo-2.36.8-150200.47.1 webkit2gtk-4_0-injected-bundles-2.36.8-150200.47.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.36.8-150200.47.1 webkit2gtk3-debugsource-2.36.8-150200.47.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): libwebkit2gtk3-lang-2.36.8-150200.47.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): libjavascriptcoregtk-4_0-18-2.36.8-150200.47.1 libjavascriptcoregtk-4_0-18-debuginfo-2.36.8-150200.47.1 libwebkit2gtk-4_0-37-2.36.8-150200.47.1 libwebkit2gtk-4_0-37-debuginfo-2.36.8-150200.47.1 typelib-1_0-JavaScriptCore-4_0-2.36.8-150200.47.1 typelib-1_0-WebKit2-4_0-2.36.8-150200.47.1 typelib-1_0-WebKit2WebExtension-4_0-2.36.8-150200.47.1 webkit2gtk-4_0-injected-bundles-2.36.8-150200.47.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.36.8-150200.47.1 webkit2gtk3-debugsource-2.36.8-150200.47.1 webkit2gtk3-devel-2.36.8-150200.47.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (noarch): libwebkit2gtk3-lang-2.36.8-150200.47.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): libjavascriptcoregtk-4_0-18-2.36.8-150200.47.1 libjavascriptcoregtk-4_0-18-debuginfo-2.36.8-150200.47.1 libwebkit2gtk-4_0-37-2.36.8-150200.47.1 libwebkit2gtk-4_0-37-debuginfo-2.36.8-150200.47.1 typelib-1_0-JavaScriptCore-4_0-2.36.8-150200.47.1 typelib-1_0-WebKit2-4_0-2.36.8-150200.47.1 typelib-1_0-WebKit2WebExtension-4_0-2.36.8-150200.47.1 webkit2gtk-4_0-injected-bundles-2.36.8-150200.47.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.36.8-150200.47.1 webkit2gtk3-debugsource-2.36.8-150200.47.1 webkit2gtk3-devel-2.36.8-150200.47.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (noarch): libwebkit2gtk3-lang-2.36.8-150200.47.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): libjavascriptcoregtk-4_0-18-2.36.8-150200.47.1 libjavascriptcoregtk-4_0-18-debuginfo-2.36.8-150200.47.1 libwebkit2gtk-4_0-37-2.36.8-150200.47.1 libwebkit2gtk-4_0-37-debuginfo-2.36.8-150200.47.1 typelib-1_0-JavaScriptCore-4_0-2.36.8-150200.47.1 typelib-1_0-WebKit2-4_0-2.36.8-150200.47.1 typelib-1_0-WebKit2WebExtension-4_0-2.36.8-150200.47.1 webkit2gtk-4_0-injected-bundles-2.36.8-150200.47.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.36.8-150200.47.1 webkit2gtk3-debugsource-2.36.8-150200.47.1 webkit2gtk3-devel-2.36.8-150200.47.1 - SUSE Enterprise Storage 7 (noarch): libwebkit2gtk3-lang-2.36.8-150200.47.1 References: https://www.suse.com/security/cve/CVE-2022-32886.html https://www.suse.com/security/cve/CVE-2022-32912.html https://bugzilla.suse.com/1203530 From sle-updates at lists.suse.com Thu Oct 6 13:25:58 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 6 Oct 2022 15:25:58 +0200 (CEST) Subject: SUSE-SU-2022:3533-1: important: Security update for squid Message-ID: <20221006132558.1FE0CFD57@maintenance.suse.de> SUSE Security Update: Security update for squid ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3533-1 Rating: important References: #1203677 #1203680 Cross-References: CVE-2022-41317 CVE-2022-41318 CVSS scores: CVE-2022-41317 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-41318 (SUSE): 8.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:L/A:H Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server for SAP 12-SP4 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for squid fixes the following issues: - CVE-2022-41317: Fixed exposure of sensitive information in cache manager (bsc#1203677). - CVE-2022-41318: Fixed buffer overread in SSPI and SMB Authentication (bsc#1203680). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-3533=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2022-3533=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-3533=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-3533=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2022-3533=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2022-3533=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): squid-3.5.21-26.38.1 squid-debuginfo-3.5.21-26.38.1 squid-debugsource-3.5.21-26.38.1 - SUSE OpenStack Cloud 9 (x86_64): squid-3.5.21-26.38.1 squid-debuginfo-3.5.21-26.38.1 squid-debugsource-3.5.21-26.38.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): squid-3.5.21-26.38.1 squid-debuginfo-3.5.21-26.38.1 squid-debugsource-3.5.21-26.38.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): squid-3.5.21-26.38.1 squid-debuginfo-3.5.21-26.38.1 squid-debugsource-3.5.21-26.38.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): squid-3.5.21-26.38.1 squid-debuginfo-3.5.21-26.38.1 squid-debugsource-3.5.21-26.38.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): squid-3.5.21-26.38.1 squid-debuginfo-3.5.21-26.38.1 squid-debugsource-3.5.21-26.38.1 References: https://www.suse.com/security/cve/CVE-2022-41317.html https://www.suse.com/security/cve/CVE-2022-41318.html https://bugzilla.suse.com/1203677 https://bugzilla.suse.com/1203680 From sle-updates at lists.suse.com Thu Oct 6 13:27:00 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 6 Oct 2022 15:27:00 +0200 (CEST) Subject: SUSE-SU-2022:3537-1: important: Security update for postgresql-jdbc Message-ID: <20221006132700.607F7FD57@maintenance.suse.de> SUSE Security Update: Security update for postgresql-jdbc ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3537-1 Rating: important References: #1202170 Cross-References: CVE-2022-31197 CVSS scores: CVE-2022-31197 (NVD) : 8 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H CVE-2022-31197 (SUSE): 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Server Applications 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for postgresql-jdbc fixes the following issues: - CVE-2022-31197: Fixed SQL injection vulnerability (bsc#1202170). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3537=1 - SUSE Linux Enterprise Module for Server Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2022-3537=1 Package List: - openSUSE Leap 15.4 (noarch): postgresql-jdbc-42.2.25-150400.3.6.1 postgresql-jdbc-javadoc-42.2.25-150400.3.6.1 - SUSE Linux Enterprise Module for Server Applications 15-SP4 (noarch): postgresql-jdbc-42.2.25-150400.3.6.1 References: https://www.suse.com/security/cve/CVE-2022-31197.html https://bugzilla.suse.com/1202170 From sle-updates at lists.suse.com Thu Oct 6 13:28:00 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 6 Oct 2022 15:28:00 +0200 (CEST) Subject: SUSE-SU-2022:3541-1: important: Security update for postgresql-jdbc Message-ID: <20221006132800.8EA63FD57@maintenance.suse.de> SUSE Security Update: Security update for postgresql-jdbc ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3541-1 Rating: important References: #1202170 Cross-References: CVE-2022-31197 CVSS scores: CVE-2022-31197 (NVD) : 8 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H CVE-2022-31197 (SUSE): 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for postgresql-jdbc fixes the following issues: - CVE-2022-31197: Fixed SQL injection vulnerability (bsc#1202170). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-3541=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2022-3541=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-3541=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-3541=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-3541=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2022-3541=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2022-3541=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (noarch): postgresql-jdbc-9.4-3.6.3 - SUSE OpenStack Cloud 9 (noarch): postgresql-jdbc-9.4-3.6.3 - SUSE Linux Enterprise Server for SAP 12-SP4 (noarch): postgresql-jdbc-9.4-3.6.3 - SUSE Linux Enterprise Server 12-SP5 (noarch): postgresql-jdbc-9.4-3.6.3 - SUSE Linux Enterprise Server 12-SP4-LTSS (noarch): postgresql-jdbc-9.4-3.6.3 - SUSE Linux Enterprise Server 12-SP3-BCL (noarch): postgresql-jdbc-9.4-3.6.3 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): postgresql-jdbc-9.4-3.6.3 References: https://www.suse.com/security/cve/CVE-2022-31197.html https://bugzilla.suse.com/1202170 From sle-updates at lists.suse.com Thu Oct 6 13:29:16 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 6 Oct 2022 15:29:16 +0200 (CEST) Subject: SUSE-SU-2022:1040-3: moderate: Security update for protobuf Message-ID: <20221006132916.BF496FD57@maintenance.suse.de> SUSE Security Update: Security update for protobuf ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1040-3 Rating: moderate References: #1195258 Cross-References: CVE-2021-22570 CVSS scores: CVE-2021-22570 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-22570 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Enterprise Storage 7 SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise Module for SUSE Manager Server 4.3 SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Manager Proxy 4.1 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1 SUSE Manager Server 4.3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for protobuf fixes the following issues: - CVE-2021-22570: Fix incorrect parsing of nullchar in the proto symbol (bsc#1195258). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-1040=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-1040=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-1040=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-1040=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-1040=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-1040=1 - SUSE Linux Enterprise Module for SUSE Manager Server 4.3: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.3-2022-1040=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-1040=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-1040=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-1040=1 Package List: - SUSE Manager Server 4.1 (ppc64le s390x x86_64): libprotobuf-lite20-3.9.2-4.12.1 libprotobuf-lite20-debuginfo-3.9.2-4.12.1 libprotobuf20-3.9.2-4.12.1 libprotobuf20-debuginfo-3.9.2-4.12.1 libprotoc20-3.9.2-4.12.1 libprotoc20-debuginfo-3.9.2-4.12.1 protobuf-debugsource-3.9.2-4.12.1 protobuf-devel-3.9.2-4.12.1 protobuf-devel-debuginfo-3.9.2-4.12.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): libprotobuf-lite20-3.9.2-4.12.1 libprotobuf-lite20-debuginfo-3.9.2-4.12.1 libprotobuf20-3.9.2-4.12.1 libprotobuf20-debuginfo-3.9.2-4.12.1 libprotoc20-3.9.2-4.12.1 libprotoc20-debuginfo-3.9.2-4.12.1 protobuf-debugsource-3.9.2-4.12.1 protobuf-devel-3.9.2-4.12.1 protobuf-devel-debuginfo-3.9.2-4.12.1 - SUSE Manager Proxy 4.1 (x86_64): libprotobuf-lite20-3.9.2-4.12.1 libprotobuf-lite20-debuginfo-3.9.2-4.12.1 libprotobuf20-3.9.2-4.12.1 libprotobuf20-debuginfo-3.9.2-4.12.1 libprotoc20-3.9.2-4.12.1 libprotoc20-debuginfo-3.9.2-4.12.1 protobuf-debugsource-3.9.2-4.12.1 protobuf-devel-3.9.2-4.12.1 protobuf-devel-debuginfo-3.9.2-4.12.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): libprotobuf-lite20-3.9.2-4.12.1 libprotobuf-lite20-debuginfo-3.9.2-4.12.1 libprotobuf20-3.9.2-4.12.1 libprotobuf20-debuginfo-3.9.2-4.12.1 libprotoc20-3.9.2-4.12.1 libprotoc20-debuginfo-3.9.2-4.12.1 protobuf-debugsource-3.9.2-4.12.1 protobuf-devel-3.9.2-4.12.1 protobuf-devel-debuginfo-3.9.2-4.12.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): libprotobuf-lite20-3.9.2-4.12.1 libprotobuf-lite20-debuginfo-3.9.2-4.12.1 libprotobuf20-3.9.2-4.12.1 libprotobuf20-debuginfo-3.9.2-4.12.1 libprotoc20-3.9.2-4.12.1 libprotoc20-debuginfo-3.9.2-4.12.1 protobuf-debugsource-3.9.2-4.12.1 protobuf-devel-3.9.2-4.12.1 protobuf-devel-debuginfo-3.9.2-4.12.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): libprotobuf-lite20-3.9.2-4.12.1 libprotobuf-lite20-debuginfo-3.9.2-4.12.1 libprotobuf20-3.9.2-4.12.1 libprotobuf20-debuginfo-3.9.2-4.12.1 libprotoc20-3.9.2-4.12.1 libprotoc20-debuginfo-3.9.2-4.12.1 protobuf-debugsource-3.9.2-4.12.1 protobuf-devel-3.9.2-4.12.1 protobuf-devel-debuginfo-3.9.2-4.12.1 - SUSE Linux Enterprise Module for SUSE Manager Server 4.3 (aarch64 ppc64le s390x x86_64): protobuf-debugsource-3.9.2-4.12.1 protobuf-java-3.9.2-4.12.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): libprotobuf-lite20-3.9.2-4.12.1 libprotobuf-lite20-debuginfo-3.9.2-4.12.1 libprotobuf20-3.9.2-4.12.1 libprotobuf20-debuginfo-3.9.2-4.12.1 libprotoc20-3.9.2-4.12.1 libprotoc20-debuginfo-3.9.2-4.12.1 protobuf-debugsource-3.9.2-4.12.1 protobuf-devel-3.9.2-4.12.1 protobuf-devel-debuginfo-3.9.2-4.12.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): libprotobuf-lite20-3.9.2-4.12.1 libprotobuf-lite20-debuginfo-3.9.2-4.12.1 libprotobuf20-3.9.2-4.12.1 libprotobuf20-debuginfo-3.9.2-4.12.1 libprotoc20-3.9.2-4.12.1 libprotoc20-debuginfo-3.9.2-4.12.1 protobuf-debugsource-3.9.2-4.12.1 protobuf-devel-3.9.2-4.12.1 protobuf-devel-debuginfo-3.9.2-4.12.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): libprotobuf-lite20-3.9.2-4.12.1 libprotobuf-lite20-debuginfo-3.9.2-4.12.1 libprotobuf20-3.9.2-4.12.1 libprotobuf20-debuginfo-3.9.2-4.12.1 libprotoc20-3.9.2-4.12.1 libprotoc20-debuginfo-3.9.2-4.12.1 protobuf-debugsource-3.9.2-4.12.1 protobuf-devel-3.9.2-4.12.1 protobuf-devel-debuginfo-3.9.2-4.12.1 References: https://www.suse.com/security/cve/CVE-2021-22570.html https://bugzilla.suse.com/1195258 From sle-updates at lists.suse.com Thu Oct 6 13:30:27 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 6 Oct 2022 15:30:27 +0200 (CEST) Subject: SUSE-SU-2022:3535-1: important: Security update for slurm Message-ID: <20221006133027.87DD1FD57@maintenance.suse.de> SUSE Security Update: Security update for slurm ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3535-1 Rating: important References: #1199278 #1199279 #1201674 Cross-References: CVE-2022-29500 CVE-2022-29501 CVE-2022-31251 CVSS scores: CVE-2022-29500 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-29500 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-29501 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-29501 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-31251 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for slurm fixes the following issues: - CVE-2022-31251: Fixed a potential security vulnerability in the test package (bsc#1201674). - CVE-2022-29500: Fixed architectural flaw that could have been exploited to allow an unprivileged user to execute arbitrary processes as root (bsc#1199278). - CVE-2022-29501: Fixed a problem that an unprivileged user could have sent data to arbitrary unix socket as root (bsc#1199279). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3535=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-3535=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-3535=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-3535=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): libslurm32-17.11.13-150000.6.40.1 libslurm32-debuginfo-17.11.13-150000.6.40.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): libslurm32-17.11.13-150000.6.40.1 libslurm32-debuginfo-17.11.13-150000.6.40.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): libpmi0-17.11.13-150000.6.40.1 libpmi0-debuginfo-17.11.13-150000.6.40.1 libslurm32-17.11.13-150000.6.40.1 libslurm32-debuginfo-17.11.13-150000.6.40.1 perl-slurm-17.11.13-150000.6.40.1 perl-slurm-debuginfo-17.11.13-150000.6.40.1 slurm-17.11.13-150000.6.40.1 slurm-auth-none-17.11.13-150000.6.40.1 slurm-auth-none-debuginfo-17.11.13-150000.6.40.1 slurm-config-17.11.13-150000.6.40.1 slurm-debuginfo-17.11.13-150000.6.40.1 slurm-debugsource-17.11.13-150000.6.40.1 slurm-devel-17.11.13-150000.6.40.1 slurm-doc-17.11.13-150000.6.40.1 slurm-lua-17.11.13-150000.6.40.1 slurm-lua-debuginfo-17.11.13-150000.6.40.1 slurm-munge-17.11.13-150000.6.40.1 slurm-munge-debuginfo-17.11.13-150000.6.40.1 slurm-node-17.11.13-150000.6.40.1 slurm-node-debuginfo-17.11.13-150000.6.40.1 slurm-pam_slurm-17.11.13-150000.6.40.1 slurm-pam_slurm-debuginfo-17.11.13-150000.6.40.1 slurm-plugins-17.11.13-150000.6.40.1 slurm-plugins-debuginfo-17.11.13-150000.6.40.1 slurm-slurmdbd-17.11.13-150000.6.40.1 slurm-slurmdbd-debuginfo-17.11.13-150000.6.40.1 slurm-sql-17.11.13-150000.6.40.1 slurm-sql-debuginfo-17.11.13-150000.6.40.1 slurm-torque-17.11.13-150000.6.40.1 slurm-torque-debuginfo-17.11.13-150000.6.40.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): libpmi0-17.11.13-150000.6.40.1 libpmi0-debuginfo-17.11.13-150000.6.40.1 libslurm32-17.11.13-150000.6.40.1 libslurm32-debuginfo-17.11.13-150000.6.40.1 perl-slurm-17.11.13-150000.6.40.1 perl-slurm-debuginfo-17.11.13-150000.6.40.1 slurm-17.11.13-150000.6.40.1 slurm-auth-none-17.11.13-150000.6.40.1 slurm-auth-none-debuginfo-17.11.13-150000.6.40.1 slurm-config-17.11.13-150000.6.40.1 slurm-debuginfo-17.11.13-150000.6.40.1 slurm-debugsource-17.11.13-150000.6.40.1 slurm-devel-17.11.13-150000.6.40.1 slurm-doc-17.11.13-150000.6.40.1 slurm-lua-17.11.13-150000.6.40.1 slurm-lua-debuginfo-17.11.13-150000.6.40.1 slurm-munge-17.11.13-150000.6.40.1 slurm-munge-debuginfo-17.11.13-150000.6.40.1 slurm-node-17.11.13-150000.6.40.1 slurm-node-debuginfo-17.11.13-150000.6.40.1 slurm-pam_slurm-17.11.13-150000.6.40.1 slurm-pam_slurm-debuginfo-17.11.13-150000.6.40.1 slurm-plugins-17.11.13-150000.6.40.1 slurm-plugins-debuginfo-17.11.13-150000.6.40.1 slurm-slurmdbd-17.11.13-150000.6.40.1 slurm-slurmdbd-debuginfo-17.11.13-150000.6.40.1 slurm-sql-17.11.13-150000.6.40.1 slurm-sql-debuginfo-17.11.13-150000.6.40.1 slurm-torque-17.11.13-150000.6.40.1 slurm-torque-debuginfo-17.11.13-150000.6.40.1 References: https://www.suse.com/security/cve/CVE-2022-29500.html https://www.suse.com/security/cve/CVE-2022-29501.html https://www.suse.com/security/cve/CVE-2022-31251.html https://bugzilla.suse.com/1199278 https://bugzilla.suse.com/1199279 https://bugzilla.suse.com/1201674 From sle-updates at lists.suse.com Thu Oct 6 13:31:28 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 6 Oct 2022 15:31:28 +0200 (CEST) Subject: SUSE-SU-2022:3540-1: moderate: Security update for LibVNCServer Message-ID: <20221006133128.C26F3FD57@maintenance.suse.de> SUSE Security Update: Security update for LibVNCServer ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3540-1 Rating: moderate References: #1203106 Cross-References: CVE-2020-29260 CVSS scores: CVE-2020-29260 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2020-29260 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Linux Enterprise Workstation Extension 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for LibVNCServer fixes the following issues: - CVE-2020-29260: Fixed memory leakage via rfbClientCleanup() (bsc#1203106). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3540=1 - SUSE Linux Enterprise Workstation Extension 15-SP4: zypper in -t patch SUSE-SLE-Product-WE-15-SP4-2022-3540=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2022-3540=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): LibVNCServer-debugsource-0.9.13-150400.3.3.1 LibVNCServer-devel-0.9.13-150400.3.3.1 libvncclient1-0.9.13-150400.3.3.1 libvncclient1-debuginfo-0.9.13-150400.3.3.1 libvncserver1-0.9.13-150400.3.3.1 libvncserver1-debuginfo-0.9.13-150400.3.3.1 - SUSE Linux Enterprise Workstation Extension 15-SP4 (x86_64): LibVNCServer-debugsource-0.9.13-150400.3.3.1 libvncclient1-0.9.13-150400.3.3.1 libvncclient1-debuginfo-0.9.13-150400.3.3.1 libvncserver1-0.9.13-150400.3.3.1 libvncserver1-debuginfo-0.9.13-150400.3.3.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 (aarch64 ppc64le s390x): LibVNCServer-debugsource-0.9.13-150400.3.3.1 libvncclient1-0.9.13-150400.3.3.1 libvncclient1-debuginfo-0.9.13-150400.3.3.1 libvncserver1-0.9.13-150400.3.3.1 libvncserver1-debuginfo-0.9.13-150400.3.3.1 References: https://www.suse.com/security/cve/CVE-2020-29260.html https://bugzilla.suse.com/1203106 From sle-updates at lists.suse.com Thu Oct 6 13:32:18 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 6 Oct 2022 15:32:18 +0200 (CEST) Subject: SUSE-SU-2022:3532-1: important: Security update for squid Message-ID: <20221006133218.F04D0FD57@maintenance.suse.de> SUSE Security Update: Security update for squid ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3532-1 Rating: important References: #1203677 #1203680 Cross-References: CVE-2022-41317 CVE-2022-41318 CVSS scores: CVE-2022-41317 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-41318 (SUSE): 8.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:L/A:H Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for squid fixes the following issues: - CVE-2022-41317: Fixed exposure of sensitive information in cache manager (bsc#1203677). - CVE-2022-41318: Fixed buffer overread in SSPI and SMB Authentication (bsc#1203680). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-3532=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): squid-4.17-4.27.1 squid-debuginfo-4.17-4.27.1 squid-debugsource-4.17-4.27.1 References: https://www.suse.com/security/cve/CVE-2022-41317.html https://www.suse.com/security/cve/CVE-2022-41318.html https://bugzilla.suse.com/1203677 https://bugzilla.suse.com/1203680 From sle-updates at lists.suse.com Thu Oct 6 13:33:12 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 6 Oct 2022 15:33:12 +0200 (CEST) Subject: SUSE-SU-2022:3531-1: important: Security update for squid Message-ID: <20221006133312.C9B79FD57@maintenance.suse.de> SUSE Security Update: Security update for squid ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3531-1 Rating: important References: #1203677 #1203680 Cross-References: CVE-2022-41317 CVE-2022-41318 CVSS scores: CVE-2022-41317 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-41318 (SUSE): 8.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:L/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Server Applications 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for squid fixes the following issues: Updated squid to version 5.7: - CVE-2022-41317: Fixed exposure of sensitive information in cache manager (bsc#1203677). - CVE-2022-41318: Fixed buffer overread in SSPI and SMB Authentication (bsc#1203680). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3531=1 - SUSE Linux Enterprise Module for Server Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2022-3531=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): squid-5.7-150400.3.6.1 squid-debuginfo-5.7-150400.3.6.1 squid-debugsource-5.7-150400.3.6.1 - SUSE Linux Enterprise Module for Server Applications 15-SP4 (aarch64 ppc64le s390x x86_64): squid-5.7-150400.3.6.1 squid-debuginfo-5.7-150400.3.6.1 squid-debugsource-5.7-150400.3.6.1 References: https://www.suse.com/security/cve/CVE-2022-41317.html https://www.suse.com/security/cve/CVE-2022-41318.html https://bugzilla.suse.com/1203677 https://bugzilla.suse.com/1203680 From sle-updates at lists.suse.com Thu Oct 6 16:22:05 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 6 Oct 2022 18:22:05 +0200 (CEST) Subject: SUSE-SU-2022:3544-1: important: Security update for python3 Message-ID: <20221006162205.5FEBEFD57@maintenance.suse.de> SUSE Security Update: Security update for python3 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3544-1 Rating: important References: #1202624 Cross-References: CVE-2021-28861 CVSS scores: CVE-2021-28861 (NVD) : 7.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N CVE-2021-28861 (SUSE): 7.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Micro 5.3 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Module for Development Tools 15-SP3 SUSE Linux Enterprise Module for Development Tools 15-SP4 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 openSUSE Leap Micro 5.2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python3 fixes the following issues: - CVE-2021-28861: Fixed an open redirection vulnerability in the HTTP server when an URI path starts with // (bsc#1202624). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap Micro 5.2: zypper in -t patch openSUSE-Leap-Micro-5.2-2022-3544=1 - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3544=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-3544=1 - SUSE Linux Enterprise Module for Development Tools 15-SP4: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2022-3544=1 - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2022-3544=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-3544=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-3544=1 - SUSE Linux Enterprise Micro 5.3: zypper in -t patch SUSE-SLE-Micro-5.3-2022-3544=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-3544=1 Package List: - openSUSE Leap Micro 5.2 (aarch64 x86_64): libpython3_6m1_0-3.6.15-150300.10.30.1 libpython3_6m1_0-debuginfo-3.6.15-150300.10.30.1 python3-3.6.15-150300.10.30.1 python3-base-3.6.15-150300.10.30.1 python3-base-debuginfo-3.6.15-150300.10.30.1 python3-core-debugsource-3.6.15-150300.10.30.1 python3-debuginfo-3.6.15-150300.10.30.1 python3-debugsource-3.6.15-150300.10.30.1 - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): libpython3_6m1_0-3.6.15-150300.10.30.1 libpython3_6m1_0-debuginfo-3.6.15-150300.10.30.1 python3-3.6.15-150300.10.30.1 python3-base-3.6.15-150300.10.30.1 python3-base-debuginfo-3.6.15-150300.10.30.1 python3-core-debugsource-3.6.15-150300.10.30.1 python3-curses-3.6.15-150300.10.30.1 python3-curses-debuginfo-3.6.15-150300.10.30.1 python3-dbm-3.6.15-150300.10.30.1 python3-dbm-debuginfo-3.6.15-150300.10.30.1 python3-debuginfo-3.6.15-150300.10.30.1 python3-debugsource-3.6.15-150300.10.30.1 python3-devel-3.6.15-150300.10.30.1 python3-devel-debuginfo-3.6.15-150300.10.30.1 python3-doc-3.6.15-150300.10.30.1 python3-doc-devhelp-3.6.15-150300.10.30.1 python3-idle-3.6.15-150300.10.30.1 python3-testsuite-3.6.15-150300.10.30.1 python3-testsuite-debuginfo-3.6.15-150300.10.30.1 python3-tk-3.6.15-150300.10.30.1 python3-tk-debuginfo-3.6.15-150300.10.30.1 python3-tools-3.6.15-150300.10.30.1 - openSUSE Leap 15.4 (x86_64): libpython3_6m1_0-32bit-3.6.15-150300.10.30.1 libpython3_6m1_0-32bit-debuginfo-3.6.15-150300.10.30.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): libpython3_6m1_0-3.6.15-150300.10.30.1 libpython3_6m1_0-debuginfo-3.6.15-150300.10.30.1 python3-3.6.15-150300.10.30.1 python3-base-3.6.15-150300.10.30.1 python3-base-debuginfo-3.6.15-150300.10.30.1 python3-core-debugsource-3.6.15-150300.10.30.1 python3-curses-3.6.15-150300.10.30.1 python3-curses-debuginfo-3.6.15-150300.10.30.1 python3-dbm-3.6.15-150300.10.30.1 python3-dbm-debuginfo-3.6.15-150300.10.30.1 python3-debuginfo-3.6.15-150300.10.30.1 python3-debugsource-3.6.15-150300.10.30.1 python3-devel-3.6.15-150300.10.30.1 python3-devel-debuginfo-3.6.15-150300.10.30.1 python3-doc-3.6.15-150300.10.30.1 python3-doc-devhelp-3.6.15-150300.10.30.1 python3-idle-3.6.15-150300.10.30.1 python3-testsuite-3.6.15-150300.10.30.1 python3-testsuite-debuginfo-3.6.15-150300.10.30.1 python3-tk-3.6.15-150300.10.30.1 python3-tk-debuginfo-3.6.15-150300.10.30.1 python3-tools-3.6.15-150300.10.30.1 - openSUSE Leap 15.3 (x86_64): libpython3_6m1_0-32bit-3.6.15-150300.10.30.1 libpython3_6m1_0-32bit-debuginfo-3.6.15-150300.10.30.1 - SUSE Linux Enterprise Module for Development Tools 15-SP4 (aarch64 ppc64le s390x x86_64): python3-core-debugsource-3.6.15-150300.10.30.1 python3-tools-3.6.15-150300.10.30.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le s390x x86_64): python3-core-debugsource-3.6.15-150300.10.30.1 python3-tools-3.6.15-150300.10.30.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): libpython3_6m1_0-3.6.15-150300.10.30.1 libpython3_6m1_0-debuginfo-3.6.15-150300.10.30.1 python3-3.6.15-150300.10.30.1 python3-base-3.6.15-150300.10.30.1 python3-base-debuginfo-3.6.15-150300.10.30.1 python3-core-debugsource-3.6.15-150300.10.30.1 python3-curses-3.6.15-150300.10.30.1 python3-curses-debuginfo-3.6.15-150300.10.30.1 python3-dbm-3.6.15-150300.10.30.1 python3-dbm-debuginfo-3.6.15-150300.10.30.1 python3-debuginfo-3.6.15-150300.10.30.1 python3-debugsource-3.6.15-150300.10.30.1 python3-devel-3.6.15-150300.10.30.1 python3-devel-debuginfo-3.6.15-150300.10.30.1 python3-idle-3.6.15-150300.10.30.1 python3-tk-3.6.15-150300.10.30.1 python3-tk-debuginfo-3.6.15-150300.10.30.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): libpython3_6m1_0-3.6.15-150300.10.30.1 libpython3_6m1_0-debuginfo-3.6.15-150300.10.30.1 python3-3.6.15-150300.10.30.1 python3-base-3.6.15-150300.10.30.1 python3-base-debuginfo-3.6.15-150300.10.30.1 python3-core-debugsource-3.6.15-150300.10.30.1 python3-curses-3.6.15-150300.10.30.1 python3-curses-debuginfo-3.6.15-150300.10.30.1 python3-dbm-3.6.15-150300.10.30.1 python3-dbm-debuginfo-3.6.15-150300.10.30.1 python3-debuginfo-3.6.15-150300.10.30.1 python3-debugsource-3.6.15-150300.10.30.1 python3-devel-3.6.15-150300.10.30.1 python3-devel-debuginfo-3.6.15-150300.10.30.1 python3-idle-3.6.15-150300.10.30.1 python3-tk-3.6.15-150300.10.30.1 python3-tk-debuginfo-3.6.15-150300.10.30.1 - SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64): libpython3_6m1_0-3.6.15-150300.10.30.1 libpython3_6m1_0-debuginfo-3.6.15-150300.10.30.1 python3-3.6.15-150300.10.30.1 python3-base-3.6.15-150300.10.30.1 python3-base-debuginfo-3.6.15-150300.10.30.1 python3-core-debugsource-3.6.15-150300.10.30.1 python3-debuginfo-3.6.15-150300.10.30.1 python3-debugsource-3.6.15-150300.10.30.1 - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): libpython3_6m1_0-3.6.15-150300.10.30.1 libpython3_6m1_0-debuginfo-3.6.15-150300.10.30.1 python3-3.6.15-150300.10.30.1 python3-base-3.6.15-150300.10.30.1 python3-base-debuginfo-3.6.15-150300.10.30.1 python3-core-debugsource-3.6.15-150300.10.30.1 python3-debuginfo-3.6.15-150300.10.30.1 python3-debugsource-3.6.15-150300.10.30.1 References: https://www.suse.com/security/cve/CVE-2021-28861.html https://bugzilla.suse.com/1202624 From sle-updates at lists.suse.com Thu Oct 6 16:23:17 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 6 Oct 2022 18:23:17 +0200 (CEST) Subject: SUSE-SU-2022:3543-1: moderate: Security update for exiv2 Message-ID: <20221006162317.57FF7FD57@maintenance.suse.de> SUSE Security Update: Security update for exiv2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3543-1 Rating: moderate References: #1186192 #1188733 Cross-References: CVE-2021-31291 CVE-2021-32617 CVSS scores: CVE-2021-31291 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-32617 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-32617 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for exiv2 fixes the following issues: - CVE-2021-31291: Fixed heap-based buffer overflow vulnerability in jp2image.cpp may lead to a denial of service (bsc#1188733). - CVE-2021-32617: Fixed denial of service inside inefficient algorithm (quadratic complexity) (bsc#1186192). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-3543=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-3543=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): exiv2-debuginfo-0.23-12.11.1 exiv2-debugsource-0.23-12.11.1 libexiv2-devel-0.23-12.11.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): exiv2-debuginfo-0.23-12.11.1 exiv2-debugsource-0.23-12.11.1 libexiv2-12-0.23-12.11.1 libexiv2-12-debuginfo-0.23-12.11.1 References: https://www.suse.com/security/cve/CVE-2021-31291.html https://www.suse.com/security/cve/CVE-2021-32617.html https://bugzilla.suse.com/1186192 https://bugzilla.suse.com/1188733 From sle-updates at lists.suse.com Thu Oct 6 19:18:46 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 6 Oct 2022 21:18:46 +0200 (CEST) Subject: SUSE-SU-2022:3545-1: important: Security update for python-PyJWT Message-ID: <20221006191846.18209FD57@maintenance.suse.de> SUSE Security Update: Security update for python-PyJWT ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3545-1 Rating: important References: #1199756 Cross-References: CVE-2022-29217 CVSS scores: CVE-2022-29217 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVE-2022-29217 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Affected Products: SUSE Linux Enterprise High Performance Computing 15 SUSE Linux Enterprise Module for Public Cloud 15 SUSE Linux Enterprise Server 15 SUSE Linux Enterprise Server for SAP Applications 15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python-PyJWT fixes the following issues: - CVE-2022-29217: Fixed key confusion through non-blocklisted public key formats (bsc#1199756). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 15: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-2022-3545=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 15 (noarch): python3-PyJWT-1.5.3-150000.3.3.1 References: https://www.suse.com/security/cve/CVE-2022-29217.html https://bugzilla.suse.com/1199756 From sle-updates at lists.suse.com Fri Oct 7 07:32:12 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 7 Oct 2022 09:32:12 +0200 (CEST) Subject: SUSE-CU-2022:2463-1: Security update of bci/nodejs Message-ID: <20221007073212.C6D12FCF8@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2463-1 Container Tags : bci/node:12 , bci/node:12-16.221 , bci/nodejs:12 , bci/nodejs:12-16.221 Container Release : 16.221 Severity : important Type : security References : 1202624 CVE-2021-28861 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3544-1 Released: Thu Oct 6 13:48:42 2022 Summary: Security update for python3 Type: security Severity: important References: 1202624,CVE-2021-28861 This update for python3 fixes the following issues: - CVE-2021-28861: Fixed an open redirection vulnerability in the HTTP server when an URI path starts with // (bsc#1202624). The following package changes have been done: - libpython3_6m1_0-3.6.15-150300.10.30.1 updated - python3-base-3.6.15-150300.10.30.1 updated From sle-updates at lists.suse.com Fri Oct 7 07:40:18 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 7 Oct 2022 09:40:18 +0200 (CEST) Subject: SUSE-CU-2022:2464-1: Security update of bci/python Message-ID: <20221007074018.23F3DFCF8@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2464-1 Container Tags : bci/python:3 , bci/python:3.9 , bci/python:3.9-18.130 Container Release : 18.130 Severity : important Type : security References : 1202624 1203125 CVE-2020-10735 CVE-2021-28861 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3485-1 Released: Sat Oct 1 09:22:16 2022 Summary: Security update for python39 Type: security Severity: important References: 1202624,1203125,CVE-2020-10735,CVE-2021-28861 This update for python39 fixes the following issues: python39 was updated to version 3.9.14: - CVE-2020-10735: Fixed DoS due to int() type in PyLong_FromString() not limiting amount of digits when converting text to int (bsc#1203125). - CVE-2021-28861: Fixed an open redirection vulnerability in the HTTP server when an URI path starts with // (bsc#1202624). The following package changes have been done: - libpython3_9-1_0-3.9.14-150300.4.16.1 updated - python39-base-3.9.14-150300.4.16.1 updated - python39-3.9.14-150300.4.16.1 updated - container:sles15-image-15.0.0-17.20.46 updated From sle-updates at lists.suse.com Fri Oct 7 07:42:07 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 7 Oct 2022 09:42:07 +0200 (CEST) Subject: SUSE-CU-2022:2465-1: Security update of bci/nodejs Message-ID: <20221007074207.16BAAFCF8@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2465-1 Container Tags : bci/node:14 , bci/node:14-33.45 , bci/nodejs:14 , bci/nodejs:14-33.45 Container Release : 33.45 Severity : important Type : security References : 1202624 CVE-2021-28861 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3544-1 Released: Thu Oct 6 13:48:42 2022 Summary: Security update for python3 Type: security Severity: important References: 1202624,CVE-2021-28861 This update for python3 fixes the following issues: - CVE-2021-28861: Fixed an open redirection vulnerability in the HTTP server when an URI path starts with // (bsc#1202624). The following package changes have been done: - libpython3_6m1_0-3.6.15-150300.10.30.1 updated - python3-base-3.6.15-150300.10.30.1 updated From sle-updates at lists.suse.com Fri Oct 7 07:46:12 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 7 Oct 2022 09:46:12 +0200 (CEST) Subject: SUSE-CU-2022:2467-1: Security update of bci/python Message-ID: <20221007074612.AFF1AFCF8@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2467-1 Container Tags : bci/python:3 , bci/python:3.10 , bci/python:3.10-5.42 , bci/python:latest Container Release : 5.42 Severity : important Type : security References : 1202624 1203125 1203438 CVE-2020-10735 CVE-2021-28861 CVE-2022-40674 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3473-1 Released: Fri Sep 30 10:33:55 2022 Summary: Security update for python310 Type: security Severity: important References: 1202624,1203125,CVE-2020-10735,CVE-2021-28861 This update for python310 fixes the following issues: Updated to version 3.10.7: - CVE-2020-10735: Fixed DoS due to missing limit of amount of digits when converting text to int (bsc#1203125). - CVE-2021-28861: Fixed an open redirect in the http server when an URI path starts with // (bsc#1202624). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3489-1 Released: Sat Oct 1 13:35:24 2022 Summary: Security update for expat Type: security Severity: important References: 1203438,CVE-2022-40674 This update for expat fixes the following issues: - CVE-2022-40674: Fixed use-after-free in the doContent function in xmlparse.c (bsc#1203438). The following package changes have been done: - libexpat1-2.4.4-150400.3.9.1 updated - libpython3_10-1_0-3.10.7-150400.4.10.1 updated - python310-base-3.10.7-150400.4.10.1 updated - python310-3.10.7-150400.4.10.1 updated - aaa_base-84.87+git20180409.04c9dae-3.57.1 removed - bash-4.4-150400.25.22 removed - bash-sh-4.4-150400.25.22 removed - ca-certificates-2+git20210309.21162a6-2.1 removed - coreutils-8.32-150400.7.5 removed - cpio-2.13-150400.1.98 removed - cracklib-2.9.7-11.6.1 removed - cracklib-dict-small-2.9.7-11.6.1 removed - crypto-policies-20210917.c9d86d1-150400.1.7 removed - curl-7.79.1-150400.5.6.1 removed - diffutils-3.6-4.3.1 removed - file-magic-5.32-7.14.1 removed - filesystem-15.0-11.8.1 removed - fillup-1.42-2.18 removed - findutils-4.8.0-1.20 removed - glibc-2.31-150300.41.1 removed - grep-3.1-150000.4.6.1 removed - info-6.5-4.17 removed - krb5-1.19.2-150400.1.9 removed - libacl1-2.2.52-4.3.1 removed - libattr1-2.4.47-2.19 removed - libaudit1-3.0.6-150400.2.13 removed - libblkid1-2.37.2-150400.8.3.1 removed - libbrotlicommon1-1.0.7-3.3.1 removed - libbrotlidec1-1.0.7-3.3.1 removed - libbz2-1-1.0.8-150400.1.122 removed - libcap-ng0-0.7.9-4.37 removed - libcap2-2.63-150400.1.7 removed - libcom_err2-1.46.4-150400.3.3.1 removed - libcrack2-2.9.7-11.6.1 removed - libcrypt1-4.4.15-150300.4.4.3 removed - libcurl4-7.79.1-150400.5.6.1 removed - libdw1-0.185-150400.5.3.1 removed - libeconf0-0.4.4+git20220104.962774f-150400.1.38 removed - libelf1-0.185-150400.5.3.1 removed - libfdisk1-2.37.2-150400.8.3.1 removed - libffi7-3.2.1.git259-10.8 removed - libgcc_s1-11.3.0+git1637-150000.1.11.2 removed - libgcrypt20-1.9.4-150400.4.6 removed - libgcrypt20-hmac-1.9.4-150400.4.6 removed - libgmp10-6.1.2-4.9.1 removed - libgpg-error0-1.42-150400.1.101 removed - libidn2-0-2.2.0-3.6.1 removed - libkeyutils1-1.6.3-5.6.1 removed - libldap-2_4-2-2.4.46-150200.14.11.2 removed - libldap-data-2.4.46-150200.14.11.2 removed - liblua5_3-5-5.3.6-3.6.1 removed - liblz4-1-1.9.3-150400.1.7 removed - liblzma5-5.2.3-150000.4.7.1 removed - libmagic1-5.32-7.14.1 removed - libmount1-2.37.2-150400.8.3.1 removed - libncurses6-6.1-150000.5.12.1 removed - libnghttp2-14-1.40.0-6.1 removed - libnsl2-1.2.0-2.44 removed - libopenssl1_1-1.1.1l-150400.7.7.1 removed - libopenssl1_1-hmac-1.1.1l-150400.7.7.1 removed - libp11-kit0-0.23.22-150400.1.10 removed - libpcre1-8.45-150000.20.13.1 removed - libpopt0-1.16-3.22 removed - libpsl5-0.20.1-150000.3.3.1 removed - libreadline7-7.0-150400.25.22 removed - libsasl2-3-2.1.27-150300.4.6.1 removed - libselinux1-3.1-150400.1.69 removed - libsemanage1-3.1-150400.1.65 removed - libsepol1-3.1-150400.1.70 removed - libsmartcols1-2.37.2-150400.8.3.1 removed - libsqlite3-0-3.39.3-150000.3.17.1 removed - libssh-config-0.9.6-150400.1.5 removed - libssh4-0.9.6-150400.1.5 removed - libstdc++6-11.3.0+git1637-150000.1.11.2 removed - libsystemd0-249.12-150400.8.10.1 removed - libtasn1-4.13-4.5.1 removed - libtasn1-6-4.13-4.5.1 removed - libtirpc-netconfig-1.2.6-150300.3.14.1 removed - libtirpc3-1.2.6-150300.3.14.1 removed - libudev1-249.12-150400.8.10.1 removed - libunistring2-0.9.10-1.1 removed - libutempter0-1.1.6-3.42 removed - libuuid1-2.37.2-150400.8.3.1 removed - libverto1-0.2.6-3.20 removed - libxml2-2-2.9.14-150400.5.7.1 removed - libz1-1.2.11-150000.3.33.1 removed - libzio1-1.06-2.20 removed - libzstd1-1.5.0-150400.1.71 removed - login_defs-4.8.1-150400.8.57 removed - ncurses-utils-6.1-150000.5.12.1 removed - openssl-1_1-1.1.1l-150400.7.7.1 removed - p11-kit-0.23.22-150400.1.10 removed - p11-kit-tools-0.23.22-150400.1.10 removed - pam-1.3.0-150000.6.58.3 removed - patterns-base-fips-20200124-150400.18.4 removed - perl-base-5.26.1-150300.17.11.1 removed - permissions-20201225-150400.5.11.1 removed - rpm-config-SUSE-1-150400.14.3.1 removed - rpm-ndb-4.14.3-150300.49.1 removed - sed-4.4-11.6 removed - shadow-4.8.1-150400.8.57 removed - sles-release-15.4-150400.55.1 removed - system-group-hardware-20170617-150400.22.33 removed - system-user-root-20190513-3.3.1 removed - sysuser-shadow-3.1-150400.1.35 removed - terminfo-base-6.1-150000.5.12.1 removed - timezone-2022a-150000.75.10.1 removed - util-linux-2.37.2-150400.8.3.1 removed From sle-updates at lists.suse.com Fri Oct 7 07:47:50 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 7 Oct 2022 09:47:50 +0200 (CEST) Subject: SUSE-CU-2022:2468-1: Security update of bci/python Message-ID: <20221007074750.B7507FCF8@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2468-1 Container Tags : bci/python:3 , bci/python:3.6 , bci/python:3.6-28.42 Container Release : 28.42 Severity : important Type : security References : 1202624 CVE-2021-28861 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3544-1 Released: Thu Oct 6 13:48:42 2022 Summary: Security update for python3 Type: security Severity: important References: 1202624,CVE-2021-28861 This update for python3 fixes the following issues: - CVE-2021-28861: Fixed an open redirection vulnerability in the HTTP server when an URI path starts with // (bsc#1202624). The following package changes have been done: - libpython3_6m1_0-3.6.15-150300.10.30.1 updated - python3-base-3.6.15-150300.10.30.1 updated - python3-3.6.15-150300.10.30.1 updated From sle-updates at lists.suse.com Fri Oct 7 13:21:34 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 7 Oct 2022 15:21:34 +0200 (CEST) Subject: SUSE-RU-2022:3546-1: important: Recommended update for prometheus-ha_cluster_exporter Message-ID: <20221007132134.221C3FD57@maintenance.suse.de> SUSE Recommended Update: Recommended update for prometheus-ha_cluster_exporter ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:3546-1 Rating: important References: PED-2052 Affected Products: SUSE Linux Enterprise Module for SAP Applications 15 SUSE Linux Enterprise Module for SAP Applications 15-SP1 SUSE Linux Enterprise Server for SAP Applications 15 SUSE Linux Enterprise Server for SAP Applications 15-SP1 ______________________________________________________________________________ An update that has 0 recommended fixes and contains one feature can now be installed. Description: This update for prometheus-ha_cluster_exporter fixes the following issues: - Release 1.3.0 (jsc#PED-2052) - Added: - TLS and basic auth support (#200) - sysconfig file now available to override systemd unit CLI arguments (#200) - Changed - **Deprecated**: Some CLI flags were deprecated in favour of new ones according to upstream conventions (#200) - Boilerplate now uses the Prometheus Exporter Toolkit (#200) - Rename dashboard provider subpackage (#196) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for SAP Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP1-2022-3546=1 - SUSE Linux Enterprise Module for SAP Applications 15: zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-2022-3546=1 Package List: - SUSE Linux Enterprise Module for SAP Applications 15-SP1 (aarch64 ppc64le s390x x86_64): prometheus-ha_cluster_exporter-1.3.0+git.1653405719.2a65dfc-150000.1.21.1 - SUSE Linux Enterprise Module for SAP Applications 15 (aarch64 ppc64le s390x x86_64): prometheus-ha_cluster_exporter-1.3.0+git.1653405719.2a65dfc-150000.1.21.1 References: From sle-updates at lists.suse.com Fri Oct 7 16:20:21 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 7 Oct 2022 18:20:21 +0200 (CEST) Subject: SUSE-SU-2022:3550-1: important: Security update for xmlgraphics-commons Message-ID: <20221007162021.7E146FD57@maintenance.suse.de> SUSE Security Update: Security update for xmlgraphics-commons ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3550-1 Rating: important References: #1182754 Cross-References: CVE-2020-11988 CVSS scores: CVE-2020-11988 (NVD) : 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N CVE-2020-11988 (SUSE): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N Affected Products: SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for xmlgraphics-commons fixes the following issues: - Update to version 2.6 - CVE-2020-11988: Fixed a server-side request forgery caused by improper input validation by the XMPParser. (bsc#281607) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-3550=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (noarch): xmlgraphics-commons-2.6-3.3.1 References: https://www.suse.com/security/cve/CVE-2020-11988.html https://bugzilla.suse.com/1182754 From sle-updates at lists.suse.com Fri Oct 7 16:21:03 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 7 Oct 2022 18:21:03 +0200 (CEST) Subject: SUSE-RU-2022:3548-1: moderate: Recommended update for sassc Message-ID: <20221007162103.624B0FD57@maintenance.suse.de> SUSE Recommended Update: Recommended update for sassc ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:3548-1 Rating: moderate References: #1201074 Affected Products: openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for sassc fixes the following issues: - Update to version 3.6.2 (bsc#1201074): * Improve pseudo selector handling * Code improvements * Fix various functions arguments * Fix "call" for $function * Check weight argument on invert call * Fix bug in scale-color with positive saturation * Minor API documentation improvements * Fix selector isInvisible logic * Fix evaluation of unary expressions in loops * Fix attribute selector equality with modifiers Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3548=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-3548=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): sassc-3.6.2-150200.3.3.1 sassc-debuginfo-3.6.2-150200.3.3.1 sassc-debugsource-3.6.2-150200.3.3.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): sassc-3.6.2-150200.3.3.1 sassc-debuginfo-3.6.2-150200.3.3.1 sassc-debugsource-3.6.2-150200.3.3.1 References: https://bugzilla.suse.com/1201074 From sle-updates at lists.suse.com Fri Oct 7 16:22:14 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 7 Oct 2022 18:22:14 +0200 (CEST) Subject: SUSE-SU-2022:3549-1: important: Security update for cyrus-sasl Message-ID: <20221007162214.5AD94FD57@maintenance.suse.de> SUSE Security Update: Security update for cyrus-sasl ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3549-1 Rating: important References: #1159635 Cross-References: CVE-2019-19906 CVSS scores: CVE-2019-19906 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2019-19906 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Enterprise Storage 7 SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Manager Proxy 4.1 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for cyrus-sasl fixes the following issues: - CVE-2019-19906: Fixed an out-of-bounds write that could lead to unauthenticated remote denial of service in OpenLDAP via a malformed LDAP packet (bsc#1159635). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-3549=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-3549=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-3549=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-3549=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-3549=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-3549=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-3549=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-3549=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-3549=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-3549=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-3549=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-3549=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-3549=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-3549=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-3549=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-3549=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-3549=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-3549=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-3549=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Manager Server 4.1 (ppc64le s390x x86_64): cyrus-sasl-2.1.26-150000.5.13.1 cyrus-sasl-crammd5-2.1.26-150000.5.13.1 cyrus-sasl-crammd5-debuginfo-2.1.26-150000.5.13.1 cyrus-sasl-debuginfo-2.1.26-150000.5.13.1 cyrus-sasl-debugsource-2.1.26-150000.5.13.1 cyrus-sasl-devel-2.1.26-150000.5.13.1 cyrus-sasl-digestmd5-2.1.26-150000.5.13.1 cyrus-sasl-digestmd5-debuginfo-2.1.26-150000.5.13.1 cyrus-sasl-gssapi-2.1.26-150000.5.13.1 cyrus-sasl-gssapi-debuginfo-2.1.26-150000.5.13.1 cyrus-sasl-otp-2.1.26-150000.5.13.1 cyrus-sasl-otp-debuginfo-2.1.26-150000.5.13.1 cyrus-sasl-plain-2.1.26-150000.5.13.1 cyrus-sasl-plain-debuginfo-2.1.26-150000.5.13.1 cyrus-sasl-saslauthd-2.1.26-150000.5.13.1 cyrus-sasl-saslauthd-debuginfo-2.1.26-150000.5.13.1 cyrus-sasl-saslauthd-debugsource-2.1.26-150000.5.13.1 cyrus-sasl-sqlauxprop-2.1.26-150000.5.13.1 cyrus-sasl-sqlauxprop-debuginfo-2.1.26-150000.5.13.1 libsasl2-3-2.1.26-150000.5.13.1 libsasl2-3-debuginfo-2.1.26-150000.5.13.1 - SUSE Manager Server 4.1 (x86_64): cyrus-sasl-32bit-2.1.26-150000.5.13.1 cyrus-sasl-32bit-debuginfo-2.1.26-150000.5.13.1 cyrus-sasl-crammd5-32bit-2.1.26-150000.5.13.1 cyrus-sasl-crammd5-32bit-debuginfo-2.1.26-150000.5.13.1 cyrus-sasl-digestmd5-32bit-2.1.26-150000.5.13.1 cyrus-sasl-digestmd5-32bit-debuginfo-2.1.26-150000.5.13.1 cyrus-sasl-gssapi-32bit-2.1.26-150000.5.13.1 cyrus-sasl-gssapi-32bit-debuginfo-2.1.26-150000.5.13.1 cyrus-sasl-plain-32bit-2.1.26-150000.5.13.1 cyrus-sasl-plain-32bit-debuginfo-2.1.26-150000.5.13.1 libsasl2-3-32bit-2.1.26-150000.5.13.1 libsasl2-3-32bit-debuginfo-2.1.26-150000.5.13.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): cyrus-sasl-2.1.26-150000.5.13.1 cyrus-sasl-32bit-2.1.26-150000.5.13.1 cyrus-sasl-32bit-debuginfo-2.1.26-150000.5.13.1 cyrus-sasl-crammd5-2.1.26-150000.5.13.1 cyrus-sasl-crammd5-32bit-2.1.26-150000.5.13.1 cyrus-sasl-crammd5-32bit-debuginfo-2.1.26-150000.5.13.1 cyrus-sasl-crammd5-debuginfo-2.1.26-150000.5.13.1 cyrus-sasl-debuginfo-2.1.26-150000.5.13.1 cyrus-sasl-debugsource-2.1.26-150000.5.13.1 cyrus-sasl-devel-2.1.26-150000.5.13.1 cyrus-sasl-digestmd5-2.1.26-150000.5.13.1 cyrus-sasl-digestmd5-32bit-2.1.26-150000.5.13.1 cyrus-sasl-digestmd5-32bit-debuginfo-2.1.26-150000.5.13.1 cyrus-sasl-digestmd5-debuginfo-2.1.26-150000.5.13.1 cyrus-sasl-gssapi-2.1.26-150000.5.13.1 cyrus-sasl-gssapi-32bit-2.1.26-150000.5.13.1 cyrus-sasl-gssapi-32bit-debuginfo-2.1.26-150000.5.13.1 cyrus-sasl-gssapi-debuginfo-2.1.26-150000.5.13.1 cyrus-sasl-otp-2.1.26-150000.5.13.1 cyrus-sasl-otp-debuginfo-2.1.26-150000.5.13.1 cyrus-sasl-plain-2.1.26-150000.5.13.1 cyrus-sasl-plain-32bit-2.1.26-150000.5.13.1 cyrus-sasl-plain-32bit-debuginfo-2.1.26-150000.5.13.1 cyrus-sasl-plain-debuginfo-2.1.26-150000.5.13.1 cyrus-sasl-saslauthd-2.1.26-150000.5.13.1 cyrus-sasl-saslauthd-debuginfo-2.1.26-150000.5.13.1 cyrus-sasl-saslauthd-debugsource-2.1.26-150000.5.13.1 cyrus-sasl-sqlauxprop-2.1.26-150000.5.13.1 cyrus-sasl-sqlauxprop-debuginfo-2.1.26-150000.5.13.1 libsasl2-3-2.1.26-150000.5.13.1 libsasl2-3-32bit-2.1.26-150000.5.13.1 libsasl2-3-32bit-debuginfo-2.1.26-150000.5.13.1 libsasl2-3-debuginfo-2.1.26-150000.5.13.1 - SUSE Manager Proxy 4.1 (x86_64): cyrus-sasl-2.1.26-150000.5.13.1 cyrus-sasl-32bit-2.1.26-150000.5.13.1 cyrus-sasl-32bit-debuginfo-2.1.26-150000.5.13.1 cyrus-sasl-crammd5-2.1.26-150000.5.13.1 cyrus-sasl-crammd5-32bit-2.1.26-150000.5.13.1 cyrus-sasl-crammd5-32bit-debuginfo-2.1.26-150000.5.13.1 cyrus-sasl-crammd5-debuginfo-2.1.26-150000.5.13.1 cyrus-sasl-debuginfo-2.1.26-150000.5.13.1 cyrus-sasl-debugsource-2.1.26-150000.5.13.1 cyrus-sasl-devel-2.1.26-150000.5.13.1 cyrus-sasl-digestmd5-2.1.26-150000.5.13.1 cyrus-sasl-digestmd5-32bit-2.1.26-150000.5.13.1 cyrus-sasl-digestmd5-32bit-debuginfo-2.1.26-150000.5.13.1 cyrus-sasl-digestmd5-debuginfo-2.1.26-150000.5.13.1 cyrus-sasl-gssapi-2.1.26-150000.5.13.1 cyrus-sasl-gssapi-32bit-2.1.26-150000.5.13.1 cyrus-sasl-gssapi-32bit-debuginfo-2.1.26-150000.5.13.1 cyrus-sasl-gssapi-debuginfo-2.1.26-150000.5.13.1 cyrus-sasl-otp-2.1.26-150000.5.13.1 cyrus-sasl-otp-debuginfo-2.1.26-150000.5.13.1 cyrus-sasl-plain-2.1.26-150000.5.13.1 cyrus-sasl-plain-32bit-2.1.26-150000.5.13.1 cyrus-sasl-plain-32bit-debuginfo-2.1.26-150000.5.13.1 cyrus-sasl-plain-debuginfo-2.1.26-150000.5.13.1 cyrus-sasl-saslauthd-2.1.26-150000.5.13.1 cyrus-sasl-saslauthd-debuginfo-2.1.26-150000.5.13.1 cyrus-sasl-saslauthd-debugsource-2.1.26-150000.5.13.1 cyrus-sasl-sqlauxprop-2.1.26-150000.5.13.1 cyrus-sasl-sqlauxprop-debuginfo-2.1.26-150000.5.13.1 libsasl2-3-2.1.26-150000.5.13.1 libsasl2-3-32bit-2.1.26-150000.5.13.1 libsasl2-3-32bit-debuginfo-2.1.26-150000.5.13.1 libsasl2-3-debuginfo-2.1.26-150000.5.13.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): cyrus-sasl-2.1.26-150000.5.13.1 cyrus-sasl-crammd5-2.1.26-150000.5.13.1 cyrus-sasl-crammd5-debuginfo-2.1.26-150000.5.13.1 cyrus-sasl-debuginfo-2.1.26-150000.5.13.1 cyrus-sasl-debugsource-2.1.26-150000.5.13.1 cyrus-sasl-devel-2.1.26-150000.5.13.1 cyrus-sasl-digestmd5-2.1.26-150000.5.13.1 cyrus-sasl-digestmd5-debuginfo-2.1.26-150000.5.13.1 cyrus-sasl-gssapi-2.1.26-150000.5.13.1 cyrus-sasl-gssapi-debuginfo-2.1.26-150000.5.13.1 cyrus-sasl-otp-2.1.26-150000.5.13.1 cyrus-sasl-otp-debuginfo-2.1.26-150000.5.13.1 cyrus-sasl-plain-2.1.26-150000.5.13.1 cyrus-sasl-plain-debuginfo-2.1.26-150000.5.13.1 cyrus-sasl-saslauthd-2.1.26-150000.5.13.1 cyrus-sasl-saslauthd-debuginfo-2.1.26-150000.5.13.1 cyrus-sasl-saslauthd-debugsource-2.1.26-150000.5.13.1 cyrus-sasl-sqlauxprop-2.1.26-150000.5.13.1 cyrus-sasl-sqlauxprop-debuginfo-2.1.26-150000.5.13.1 libsasl2-3-2.1.26-150000.5.13.1 libsasl2-3-debuginfo-2.1.26-150000.5.13.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (x86_64): cyrus-sasl-32bit-2.1.26-150000.5.13.1 cyrus-sasl-32bit-debuginfo-2.1.26-150000.5.13.1 cyrus-sasl-crammd5-32bit-2.1.26-150000.5.13.1 cyrus-sasl-crammd5-32bit-debuginfo-2.1.26-150000.5.13.1 cyrus-sasl-digestmd5-32bit-2.1.26-150000.5.13.1 cyrus-sasl-digestmd5-32bit-debuginfo-2.1.26-150000.5.13.1 cyrus-sasl-gssapi-32bit-2.1.26-150000.5.13.1 cyrus-sasl-gssapi-32bit-debuginfo-2.1.26-150000.5.13.1 cyrus-sasl-plain-32bit-2.1.26-150000.5.13.1 cyrus-sasl-plain-32bit-debuginfo-2.1.26-150000.5.13.1 libsasl2-3-32bit-2.1.26-150000.5.13.1 libsasl2-3-32bit-debuginfo-2.1.26-150000.5.13.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): cyrus-sasl-2.1.26-150000.5.13.1 cyrus-sasl-crammd5-2.1.26-150000.5.13.1 cyrus-sasl-crammd5-debuginfo-2.1.26-150000.5.13.1 cyrus-sasl-debuginfo-2.1.26-150000.5.13.1 cyrus-sasl-debugsource-2.1.26-150000.5.13.1 cyrus-sasl-devel-2.1.26-150000.5.13.1 cyrus-sasl-digestmd5-2.1.26-150000.5.13.1 cyrus-sasl-digestmd5-debuginfo-2.1.26-150000.5.13.1 cyrus-sasl-gssapi-2.1.26-150000.5.13.1 cyrus-sasl-gssapi-debuginfo-2.1.26-150000.5.13.1 cyrus-sasl-otp-2.1.26-150000.5.13.1 cyrus-sasl-otp-debuginfo-2.1.26-150000.5.13.1 cyrus-sasl-plain-2.1.26-150000.5.13.1 cyrus-sasl-plain-debuginfo-2.1.26-150000.5.13.1 cyrus-sasl-saslauthd-2.1.26-150000.5.13.1 cyrus-sasl-saslauthd-debuginfo-2.1.26-150000.5.13.1 cyrus-sasl-saslauthd-debugsource-2.1.26-150000.5.13.1 cyrus-sasl-sqlauxprop-2.1.26-150000.5.13.1 cyrus-sasl-sqlauxprop-debuginfo-2.1.26-150000.5.13.1 libsasl2-3-2.1.26-150000.5.13.1 libsasl2-3-debuginfo-2.1.26-150000.5.13.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (x86_64): cyrus-sasl-32bit-2.1.26-150000.5.13.1 cyrus-sasl-32bit-debuginfo-2.1.26-150000.5.13.1 cyrus-sasl-crammd5-32bit-2.1.26-150000.5.13.1 cyrus-sasl-crammd5-32bit-debuginfo-2.1.26-150000.5.13.1 cyrus-sasl-digestmd5-32bit-2.1.26-150000.5.13.1 cyrus-sasl-digestmd5-32bit-debuginfo-2.1.26-150000.5.13.1 cyrus-sasl-gssapi-32bit-2.1.26-150000.5.13.1 cyrus-sasl-gssapi-32bit-debuginfo-2.1.26-150000.5.13.1 cyrus-sasl-plain-32bit-2.1.26-150000.5.13.1 cyrus-sasl-plain-32bit-debuginfo-2.1.26-150000.5.13.1 libsasl2-3-32bit-2.1.26-150000.5.13.1 libsasl2-3-32bit-debuginfo-2.1.26-150000.5.13.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): cyrus-sasl-2.1.26-150000.5.13.1 cyrus-sasl-crammd5-2.1.26-150000.5.13.1 cyrus-sasl-crammd5-debuginfo-2.1.26-150000.5.13.1 cyrus-sasl-debuginfo-2.1.26-150000.5.13.1 cyrus-sasl-debugsource-2.1.26-150000.5.13.1 cyrus-sasl-devel-2.1.26-150000.5.13.1 cyrus-sasl-digestmd5-2.1.26-150000.5.13.1 cyrus-sasl-digestmd5-debuginfo-2.1.26-150000.5.13.1 cyrus-sasl-gssapi-2.1.26-150000.5.13.1 cyrus-sasl-gssapi-debuginfo-2.1.26-150000.5.13.1 cyrus-sasl-otp-2.1.26-150000.5.13.1 cyrus-sasl-otp-debuginfo-2.1.26-150000.5.13.1 cyrus-sasl-plain-2.1.26-150000.5.13.1 cyrus-sasl-plain-debuginfo-2.1.26-150000.5.13.1 cyrus-sasl-saslauthd-2.1.26-150000.5.13.1 cyrus-sasl-saslauthd-debuginfo-2.1.26-150000.5.13.1 cyrus-sasl-saslauthd-debugsource-2.1.26-150000.5.13.1 cyrus-sasl-sqlauxprop-2.1.26-150000.5.13.1 cyrus-sasl-sqlauxprop-debuginfo-2.1.26-150000.5.13.1 libsasl2-3-2.1.26-150000.5.13.1 libsasl2-3-debuginfo-2.1.26-150000.5.13.1 - SUSE Linux Enterprise Server for SAP 15 (x86_64): cyrus-sasl-32bit-2.1.26-150000.5.13.1 cyrus-sasl-32bit-debuginfo-2.1.26-150000.5.13.1 cyrus-sasl-crammd5-32bit-2.1.26-150000.5.13.1 cyrus-sasl-crammd5-32bit-debuginfo-2.1.26-150000.5.13.1 cyrus-sasl-digestmd5-32bit-2.1.26-150000.5.13.1 cyrus-sasl-digestmd5-32bit-debuginfo-2.1.26-150000.5.13.1 cyrus-sasl-gssapi-32bit-2.1.26-150000.5.13.1 cyrus-sasl-gssapi-32bit-debuginfo-2.1.26-150000.5.13.1 cyrus-sasl-plain-32bit-2.1.26-150000.5.13.1 cyrus-sasl-plain-32bit-debuginfo-2.1.26-150000.5.13.1 libsasl2-3-32bit-2.1.26-150000.5.13.1 libsasl2-3-32bit-debuginfo-2.1.26-150000.5.13.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): cyrus-sasl-2.1.26-150000.5.13.1 cyrus-sasl-crammd5-2.1.26-150000.5.13.1 cyrus-sasl-crammd5-debuginfo-2.1.26-150000.5.13.1 cyrus-sasl-debuginfo-2.1.26-150000.5.13.1 cyrus-sasl-debugsource-2.1.26-150000.5.13.1 cyrus-sasl-devel-2.1.26-150000.5.13.1 cyrus-sasl-digestmd5-2.1.26-150000.5.13.1 cyrus-sasl-digestmd5-debuginfo-2.1.26-150000.5.13.1 cyrus-sasl-gssapi-2.1.26-150000.5.13.1 cyrus-sasl-gssapi-debuginfo-2.1.26-150000.5.13.1 cyrus-sasl-otp-2.1.26-150000.5.13.1 cyrus-sasl-otp-debuginfo-2.1.26-150000.5.13.1 cyrus-sasl-plain-2.1.26-150000.5.13.1 cyrus-sasl-plain-debuginfo-2.1.26-150000.5.13.1 cyrus-sasl-saslauthd-2.1.26-150000.5.13.1 cyrus-sasl-saslauthd-debuginfo-2.1.26-150000.5.13.1 cyrus-sasl-saslauthd-debugsource-2.1.26-150000.5.13.1 cyrus-sasl-sqlauxprop-2.1.26-150000.5.13.1 cyrus-sasl-sqlauxprop-debuginfo-2.1.26-150000.5.13.1 libsasl2-3-2.1.26-150000.5.13.1 libsasl2-3-debuginfo-2.1.26-150000.5.13.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (x86_64): cyrus-sasl-32bit-2.1.26-150000.5.13.1 cyrus-sasl-32bit-debuginfo-2.1.26-150000.5.13.1 cyrus-sasl-crammd5-32bit-2.1.26-150000.5.13.1 cyrus-sasl-crammd5-32bit-debuginfo-2.1.26-150000.5.13.1 cyrus-sasl-digestmd5-32bit-2.1.26-150000.5.13.1 cyrus-sasl-digestmd5-32bit-debuginfo-2.1.26-150000.5.13.1 cyrus-sasl-gssapi-32bit-2.1.26-150000.5.13.1 cyrus-sasl-gssapi-32bit-debuginfo-2.1.26-150000.5.13.1 cyrus-sasl-plain-32bit-2.1.26-150000.5.13.1 cyrus-sasl-plain-32bit-debuginfo-2.1.26-150000.5.13.1 libsasl2-3-32bit-2.1.26-150000.5.13.1 libsasl2-3-32bit-debuginfo-2.1.26-150000.5.13.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): cyrus-sasl-2.1.26-150000.5.13.1 cyrus-sasl-32bit-2.1.26-150000.5.13.1 cyrus-sasl-32bit-debuginfo-2.1.26-150000.5.13.1 cyrus-sasl-crammd5-2.1.26-150000.5.13.1 cyrus-sasl-crammd5-32bit-2.1.26-150000.5.13.1 cyrus-sasl-crammd5-32bit-debuginfo-2.1.26-150000.5.13.1 cyrus-sasl-crammd5-debuginfo-2.1.26-150000.5.13.1 cyrus-sasl-debuginfo-2.1.26-150000.5.13.1 cyrus-sasl-debugsource-2.1.26-150000.5.13.1 cyrus-sasl-devel-2.1.26-150000.5.13.1 cyrus-sasl-digestmd5-2.1.26-150000.5.13.1 cyrus-sasl-digestmd5-32bit-2.1.26-150000.5.13.1 cyrus-sasl-digestmd5-32bit-debuginfo-2.1.26-150000.5.13.1 cyrus-sasl-digestmd5-debuginfo-2.1.26-150000.5.13.1 cyrus-sasl-gssapi-2.1.26-150000.5.13.1 cyrus-sasl-gssapi-32bit-2.1.26-150000.5.13.1 cyrus-sasl-gssapi-32bit-debuginfo-2.1.26-150000.5.13.1 cyrus-sasl-gssapi-debuginfo-2.1.26-150000.5.13.1 cyrus-sasl-otp-2.1.26-150000.5.13.1 cyrus-sasl-otp-debuginfo-2.1.26-150000.5.13.1 cyrus-sasl-plain-2.1.26-150000.5.13.1 cyrus-sasl-plain-32bit-2.1.26-150000.5.13.1 cyrus-sasl-plain-32bit-debuginfo-2.1.26-150000.5.13.1 cyrus-sasl-plain-debuginfo-2.1.26-150000.5.13.1 cyrus-sasl-saslauthd-2.1.26-150000.5.13.1 cyrus-sasl-saslauthd-debuginfo-2.1.26-150000.5.13.1 cyrus-sasl-saslauthd-debugsource-2.1.26-150000.5.13.1 cyrus-sasl-sqlauxprop-2.1.26-150000.5.13.1 cyrus-sasl-sqlauxprop-debuginfo-2.1.26-150000.5.13.1 libsasl2-3-2.1.26-150000.5.13.1 libsasl2-3-32bit-2.1.26-150000.5.13.1 libsasl2-3-32bit-debuginfo-2.1.26-150000.5.13.1 libsasl2-3-debuginfo-2.1.26-150000.5.13.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): cyrus-sasl-2.1.26-150000.5.13.1 cyrus-sasl-crammd5-2.1.26-150000.5.13.1 cyrus-sasl-crammd5-debuginfo-2.1.26-150000.5.13.1 cyrus-sasl-debuginfo-2.1.26-150000.5.13.1 cyrus-sasl-debugsource-2.1.26-150000.5.13.1 cyrus-sasl-devel-2.1.26-150000.5.13.1 cyrus-sasl-digestmd5-2.1.26-150000.5.13.1 cyrus-sasl-digestmd5-debuginfo-2.1.26-150000.5.13.1 cyrus-sasl-gssapi-2.1.26-150000.5.13.1 cyrus-sasl-gssapi-debuginfo-2.1.26-150000.5.13.1 cyrus-sasl-otp-2.1.26-150000.5.13.1 cyrus-sasl-otp-debuginfo-2.1.26-150000.5.13.1 cyrus-sasl-plain-2.1.26-150000.5.13.1 cyrus-sasl-plain-debuginfo-2.1.26-150000.5.13.1 cyrus-sasl-saslauthd-2.1.26-150000.5.13.1 cyrus-sasl-saslauthd-debuginfo-2.1.26-150000.5.13.1 cyrus-sasl-saslauthd-debugsource-2.1.26-150000.5.13.1 cyrus-sasl-sqlauxprop-2.1.26-150000.5.13.1 cyrus-sasl-sqlauxprop-debuginfo-2.1.26-150000.5.13.1 libsasl2-3-2.1.26-150000.5.13.1 libsasl2-3-debuginfo-2.1.26-150000.5.13.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (x86_64): cyrus-sasl-32bit-2.1.26-150000.5.13.1 cyrus-sasl-32bit-debuginfo-2.1.26-150000.5.13.1 cyrus-sasl-crammd5-32bit-2.1.26-150000.5.13.1 cyrus-sasl-crammd5-32bit-debuginfo-2.1.26-150000.5.13.1 cyrus-sasl-digestmd5-32bit-2.1.26-150000.5.13.1 cyrus-sasl-digestmd5-32bit-debuginfo-2.1.26-150000.5.13.1 cyrus-sasl-gssapi-32bit-2.1.26-150000.5.13.1 cyrus-sasl-gssapi-32bit-debuginfo-2.1.26-150000.5.13.1 cyrus-sasl-plain-32bit-2.1.26-150000.5.13.1 cyrus-sasl-plain-32bit-debuginfo-2.1.26-150000.5.13.1 libsasl2-3-32bit-2.1.26-150000.5.13.1 libsasl2-3-32bit-debuginfo-2.1.26-150000.5.13.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): cyrus-sasl-2.1.26-150000.5.13.1 cyrus-sasl-32bit-2.1.26-150000.5.13.1 cyrus-sasl-32bit-debuginfo-2.1.26-150000.5.13.1 cyrus-sasl-crammd5-2.1.26-150000.5.13.1 cyrus-sasl-crammd5-32bit-2.1.26-150000.5.13.1 cyrus-sasl-crammd5-32bit-debuginfo-2.1.26-150000.5.13.1 cyrus-sasl-crammd5-debuginfo-2.1.26-150000.5.13.1 cyrus-sasl-debuginfo-2.1.26-150000.5.13.1 cyrus-sasl-debugsource-2.1.26-150000.5.13.1 cyrus-sasl-devel-2.1.26-150000.5.13.1 cyrus-sasl-digestmd5-2.1.26-150000.5.13.1 cyrus-sasl-digestmd5-32bit-2.1.26-150000.5.13.1 cyrus-sasl-digestmd5-32bit-debuginfo-2.1.26-150000.5.13.1 cyrus-sasl-digestmd5-debuginfo-2.1.26-150000.5.13.1 cyrus-sasl-gssapi-2.1.26-150000.5.13.1 cyrus-sasl-gssapi-32bit-2.1.26-150000.5.13.1 cyrus-sasl-gssapi-32bit-debuginfo-2.1.26-150000.5.13.1 cyrus-sasl-gssapi-debuginfo-2.1.26-150000.5.13.1 cyrus-sasl-otp-2.1.26-150000.5.13.1 cyrus-sasl-otp-debuginfo-2.1.26-150000.5.13.1 cyrus-sasl-plain-2.1.26-150000.5.13.1 cyrus-sasl-plain-32bit-2.1.26-150000.5.13.1 cyrus-sasl-plain-32bit-debuginfo-2.1.26-150000.5.13.1 cyrus-sasl-plain-debuginfo-2.1.26-150000.5.13.1 cyrus-sasl-saslauthd-2.1.26-150000.5.13.1 cyrus-sasl-saslauthd-debuginfo-2.1.26-150000.5.13.1 cyrus-sasl-saslauthd-debugsource-2.1.26-150000.5.13.1 cyrus-sasl-sqlauxprop-2.1.26-150000.5.13.1 cyrus-sasl-sqlauxprop-debuginfo-2.1.26-150000.5.13.1 libsasl2-3-2.1.26-150000.5.13.1 libsasl2-3-32bit-2.1.26-150000.5.13.1 libsasl2-3-32bit-debuginfo-2.1.26-150000.5.13.1 libsasl2-3-debuginfo-2.1.26-150000.5.13.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): cyrus-sasl-2.1.26-150000.5.13.1 cyrus-sasl-crammd5-2.1.26-150000.5.13.1 cyrus-sasl-crammd5-debuginfo-2.1.26-150000.5.13.1 cyrus-sasl-debuginfo-2.1.26-150000.5.13.1 cyrus-sasl-debugsource-2.1.26-150000.5.13.1 cyrus-sasl-devel-2.1.26-150000.5.13.1 cyrus-sasl-digestmd5-2.1.26-150000.5.13.1 cyrus-sasl-digestmd5-debuginfo-2.1.26-150000.5.13.1 cyrus-sasl-gssapi-2.1.26-150000.5.13.1 cyrus-sasl-gssapi-debuginfo-2.1.26-150000.5.13.1 cyrus-sasl-otp-2.1.26-150000.5.13.1 cyrus-sasl-otp-debuginfo-2.1.26-150000.5.13.1 cyrus-sasl-plain-2.1.26-150000.5.13.1 cyrus-sasl-plain-debuginfo-2.1.26-150000.5.13.1 cyrus-sasl-saslauthd-2.1.26-150000.5.13.1 cyrus-sasl-saslauthd-debuginfo-2.1.26-150000.5.13.1 cyrus-sasl-saslauthd-debugsource-2.1.26-150000.5.13.1 cyrus-sasl-sqlauxprop-2.1.26-150000.5.13.1 cyrus-sasl-sqlauxprop-debuginfo-2.1.26-150000.5.13.1 libsasl2-3-2.1.26-150000.5.13.1 libsasl2-3-debuginfo-2.1.26-150000.5.13.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): cyrus-sasl-2.1.26-150000.5.13.1 cyrus-sasl-crammd5-2.1.26-150000.5.13.1 cyrus-sasl-crammd5-debuginfo-2.1.26-150000.5.13.1 cyrus-sasl-debuginfo-2.1.26-150000.5.13.1 cyrus-sasl-debugsource-2.1.26-150000.5.13.1 cyrus-sasl-devel-2.1.26-150000.5.13.1 cyrus-sasl-digestmd5-2.1.26-150000.5.13.1 cyrus-sasl-digestmd5-debuginfo-2.1.26-150000.5.13.1 cyrus-sasl-gssapi-2.1.26-150000.5.13.1 cyrus-sasl-gssapi-debuginfo-2.1.26-150000.5.13.1 cyrus-sasl-otp-2.1.26-150000.5.13.1 cyrus-sasl-otp-debuginfo-2.1.26-150000.5.13.1 cyrus-sasl-plain-2.1.26-150000.5.13.1 cyrus-sasl-plain-debuginfo-2.1.26-150000.5.13.1 cyrus-sasl-saslauthd-2.1.26-150000.5.13.1 cyrus-sasl-saslauthd-debuginfo-2.1.26-150000.5.13.1 cyrus-sasl-saslauthd-debugsource-2.1.26-150000.5.13.1 cyrus-sasl-sqlauxprop-2.1.26-150000.5.13.1 cyrus-sasl-sqlauxprop-debuginfo-2.1.26-150000.5.13.1 libsasl2-3-2.1.26-150000.5.13.1 libsasl2-3-debuginfo-2.1.26-150000.5.13.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (x86_64): cyrus-sasl-32bit-2.1.26-150000.5.13.1 cyrus-sasl-32bit-debuginfo-2.1.26-150000.5.13.1 cyrus-sasl-crammd5-32bit-2.1.26-150000.5.13.1 cyrus-sasl-crammd5-32bit-debuginfo-2.1.26-150000.5.13.1 cyrus-sasl-digestmd5-32bit-2.1.26-150000.5.13.1 cyrus-sasl-digestmd5-32bit-debuginfo-2.1.26-150000.5.13.1 cyrus-sasl-gssapi-32bit-2.1.26-150000.5.13.1 cyrus-sasl-gssapi-32bit-debuginfo-2.1.26-150000.5.13.1 cyrus-sasl-plain-32bit-2.1.26-150000.5.13.1 cyrus-sasl-plain-32bit-debuginfo-2.1.26-150000.5.13.1 libsasl2-3-32bit-2.1.26-150000.5.13.1 libsasl2-3-32bit-debuginfo-2.1.26-150000.5.13.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): cyrus-sasl-2.1.26-150000.5.13.1 cyrus-sasl-crammd5-2.1.26-150000.5.13.1 cyrus-sasl-crammd5-debuginfo-2.1.26-150000.5.13.1 cyrus-sasl-debuginfo-2.1.26-150000.5.13.1 cyrus-sasl-debugsource-2.1.26-150000.5.13.1 cyrus-sasl-devel-2.1.26-150000.5.13.1 cyrus-sasl-digestmd5-2.1.26-150000.5.13.1 cyrus-sasl-digestmd5-debuginfo-2.1.26-150000.5.13.1 cyrus-sasl-gssapi-2.1.26-150000.5.13.1 cyrus-sasl-gssapi-debuginfo-2.1.26-150000.5.13.1 cyrus-sasl-otp-2.1.26-150000.5.13.1 cyrus-sasl-otp-debuginfo-2.1.26-150000.5.13.1 cyrus-sasl-plain-2.1.26-150000.5.13.1 cyrus-sasl-plain-debuginfo-2.1.26-150000.5.13.1 cyrus-sasl-saslauthd-2.1.26-150000.5.13.1 cyrus-sasl-saslauthd-debuginfo-2.1.26-150000.5.13.1 cyrus-sasl-saslauthd-debugsource-2.1.26-150000.5.13.1 cyrus-sasl-sqlauxprop-2.1.26-150000.5.13.1 cyrus-sasl-sqlauxprop-debuginfo-2.1.26-150000.5.13.1 libsasl2-3-2.1.26-150000.5.13.1 libsasl2-3-debuginfo-2.1.26-150000.5.13.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (x86_64): cyrus-sasl-32bit-2.1.26-150000.5.13.1 cyrus-sasl-32bit-debuginfo-2.1.26-150000.5.13.1 cyrus-sasl-crammd5-32bit-2.1.26-150000.5.13.1 cyrus-sasl-crammd5-32bit-debuginfo-2.1.26-150000.5.13.1 cyrus-sasl-digestmd5-32bit-2.1.26-150000.5.13.1 cyrus-sasl-digestmd5-32bit-debuginfo-2.1.26-150000.5.13.1 cyrus-sasl-gssapi-32bit-2.1.26-150000.5.13.1 cyrus-sasl-gssapi-32bit-debuginfo-2.1.26-150000.5.13.1 cyrus-sasl-plain-32bit-2.1.26-150000.5.13.1 cyrus-sasl-plain-32bit-debuginfo-2.1.26-150000.5.13.1 libsasl2-3-32bit-2.1.26-150000.5.13.1 libsasl2-3-32bit-debuginfo-2.1.26-150000.5.13.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): cyrus-sasl-2.1.26-150000.5.13.1 cyrus-sasl-crammd5-2.1.26-150000.5.13.1 cyrus-sasl-crammd5-debuginfo-2.1.26-150000.5.13.1 cyrus-sasl-debuginfo-2.1.26-150000.5.13.1 cyrus-sasl-debugsource-2.1.26-150000.5.13.1 cyrus-sasl-devel-2.1.26-150000.5.13.1 cyrus-sasl-digestmd5-2.1.26-150000.5.13.1 cyrus-sasl-digestmd5-debuginfo-2.1.26-150000.5.13.1 cyrus-sasl-gssapi-2.1.26-150000.5.13.1 cyrus-sasl-gssapi-debuginfo-2.1.26-150000.5.13.1 cyrus-sasl-otp-2.1.26-150000.5.13.1 cyrus-sasl-otp-debuginfo-2.1.26-150000.5.13.1 cyrus-sasl-plain-2.1.26-150000.5.13.1 cyrus-sasl-plain-debuginfo-2.1.26-150000.5.13.1 cyrus-sasl-saslauthd-2.1.26-150000.5.13.1 cyrus-sasl-saslauthd-debuginfo-2.1.26-150000.5.13.1 cyrus-sasl-saslauthd-debugsource-2.1.26-150000.5.13.1 cyrus-sasl-sqlauxprop-2.1.26-150000.5.13.1 cyrus-sasl-sqlauxprop-debuginfo-2.1.26-150000.5.13.1 libsasl2-3-2.1.26-150000.5.13.1 libsasl2-3-debuginfo-2.1.26-150000.5.13.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (x86_64): cyrus-sasl-32bit-2.1.26-150000.5.13.1 cyrus-sasl-32bit-debuginfo-2.1.26-150000.5.13.1 cyrus-sasl-crammd5-32bit-2.1.26-150000.5.13.1 cyrus-sasl-crammd5-32bit-debuginfo-2.1.26-150000.5.13.1 cyrus-sasl-digestmd5-32bit-2.1.26-150000.5.13.1 cyrus-sasl-digestmd5-32bit-debuginfo-2.1.26-150000.5.13.1 cyrus-sasl-gssapi-32bit-2.1.26-150000.5.13.1 cyrus-sasl-gssapi-32bit-debuginfo-2.1.26-150000.5.13.1 cyrus-sasl-plain-32bit-2.1.26-150000.5.13.1 cyrus-sasl-plain-32bit-debuginfo-2.1.26-150000.5.13.1 libsasl2-3-32bit-2.1.26-150000.5.13.1 libsasl2-3-32bit-debuginfo-2.1.26-150000.5.13.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): cyrus-sasl-2.1.26-150000.5.13.1 cyrus-sasl-crammd5-2.1.26-150000.5.13.1 cyrus-sasl-crammd5-debuginfo-2.1.26-150000.5.13.1 cyrus-sasl-debuginfo-2.1.26-150000.5.13.1 cyrus-sasl-debugsource-2.1.26-150000.5.13.1 cyrus-sasl-devel-2.1.26-150000.5.13.1 cyrus-sasl-digestmd5-2.1.26-150000.5.13.1 cyrus-sasl-digestmd5-debuginfo-2.1.26-150000.5.13.1 cyrus-sasl-gssapi-2.1.26-150000.5.13.1 cyrus-sasl-gssapi-debuginfo-2.1.26-150000.5.13.1 cyrus-sasl-otp-2.1.26-150000.5.13.1 cyrus-sasl-otp-debuginfo-2.1.26-150000.5.13.1 cyrus-sasl-plain-2.1.26-150000.5.13.1 cyrus-sasl-plain-debuginfo-2.1.26-150000.5.13.1 cyrus-sasl-saslauthd-2.1.26-150000.5.13.1 cyrus-sasl-saslauthd-debuginfo-2.1.26-150000.5.13.1 cyrus-sasl-saslauthd-debugsource-2.1.26-150000.5.13.1 cyrus-sasl-sqlauxprop-2.1.26-150000.5.13.1 cyrus-sasl-sqlauxprop-debuginfo-2.1.26-150000.5.13.1 libsasl2-3-2.1.26-150000.5.13.1 libsasl2-3-debuginfo-2.1.26-150000.5.13.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (x86_64): cyrus-sasl-32bit-2.1.26-150000.5.13.1 cyrus-sasl-32bit-debuginfo-2.1.26-150000.5.13.1 cyrus-sasl-crammd5-32bit-2.1.26-150000.5.13.1 cyrus-sasl-crammd5-32bit-debuginfo-2.1.26-150000.5.13.1 cyrus-sasl-digestmd5-32bit-2.1.26-150000.5.13.1 cyrus-sasl-digestmd5-32bit-debuginfo-2.1.26-150000.5.13.1 cyrus-sasl-gssapi-32bit-2.1.26-150000.5.13.1 cyrus-sasl-gssapi-32bit-debuginfo-2.1.26-150000.5.13.1 cyrus-sasl-plain-32bit-2.1.26-150000.5.13.1 cyrus-sasl-plain-32bit-debuginfo-2.1.26-150000.5.13.1 libsasl2-3-32bit-2.1.26-150000.5.13.1 libsasl2-3-32bit-debuginfo-2.1.26-150000.5.13.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): cyrus-sasl-2.1.26-150000.5.13.1 cyrus-sasl-crammd5-2.1.26-150000.5.13.1 cyrus-sasl-crammd5-debuginfo-2.1.26-150000.5.13.1 cyrus-sasl-debuginfo-2.1.26-150000.5.13.1 cyrus-sasl-debugsource-2.1.26-150000.5.13.1 cyrus-sasl-devel-2.1.26-150000.5.13.1 cyrus-sasl-digestmd5-2.1.26-150000.5.13.1 cyrus-sasl-digestmd5-debuginfo-2.1.26-150000.5.13.1 cyrus-sasl-gssapi-2.1.26-150000.5.13.1 cyrus-sasl-gssapi-debuginfo-2.1.26-150000.5.13.1 cyrus-sasl-otp-2.1.26-150000.5.13.1 cyrus-sasl-otp-debuginfo-2.1.26-150000.5.13.1 cyrus-sasl-plain-2.1.26-150000.5.13.1 cyrus-sasl-plain-debuginfo-2.1.26-150000.5.13.1 cyrus-sasl-saslauthd-2.1.26-150000.5.13.1 cyrus-sasl-saslauthd-debuginfo-2.1.26-150000.5.13.1 cyrus-sasl-saslauthd-debugsource-2.1.26-150000.5.13.1 cyrus-sasl-sqlauxprop-2.1.26-150000.5.13.1 cyrus-sasl-sqlauxprop-debuginfo-2.1.26-150000.5.13.1 libsasl2-3-2.1.26-150000.5.13.1 libsasl2-3-debuginfo-2.1.26-150000.5.13.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (x86_64): cyrus-sasl-32bit-2.1.26-150000.5.13.1 cyrus-sasl-32bit-debuginfo-2.1.26-150000.5.13.1 cyrus-sasl-crammd5-32bit-2.1.26-150000.5.13.1 cyrus-sasl-crammd5-32bit-debuginfo-2.1.26-150000.5.13.1 cyrus-sasl-digestmd5-32bit-2.1.26-150000.5.13.1 cyrus-sasl-digestmd5-32bit-debuginfo-2.1.26-150000.5.13.1 cyrus-sasl-gssapi-32bit-2.1.26-150000.5.13.1 cyrus-sasl-gssapi-32bit-debuginfo-2.1.26-150000.5.13.1 cyrus-sasl-plain-32bit-2.1.26-150000.5.13.1 cyrus-sasl-plain-32bit-debuginfo-2.1.26-150000.5.13.1 libsasl2-3-32bit-2.1.26-150000.5.13.1 libsasl2-3-32bit-debuginfo-2.1.26-150000.5.13.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): cyrus-sasl-2.1.26-150000.5.13.1 cyrus-sasl-crammd5-2.1.26-150000.5.13.1 cyrus-sasl-crammd5-debuginfo-2.1.26-150000.5.13.1 cyrus-sasl-debuginfo-2.1.26-150000.5.13.1 cyrus-sasl-debugsource-2.1.26-150000.5.13.1 cyrus-sasl-devel-2.1.26-150000.5.13.1 cyrus-sasl-digestmd5-2.1.26-150000.5.13.1 cyrus-sasl-digestmd5-debuginfo-2.1.26-150000.5.13.1 cyrus-sasl-gssapi-2.1.26-150000.5.13.1 cyrus-sasl-gssapi-debuginfo-2.1.26-150000.5.13.1 cyrus-sasl-otp-2.1.26-150000.5.13.1 cyrus-sasl-otp-debuginfo-2.1.26-150000.5.13.1 cyrus-sasl-plain-2.1.26-150000.5.13.1 cyrus-sasl-plain-debuginfo-2.1.26-150000.5.13.1 cyrus-sasl-saslauthd-2.1.26-150000.5.13.1 cyrus-sasl-saslauthd-debuginfo-2.1.26-150000.5.13.1 cyrus-sasl-saslauthd-debugsource-2.1.26-150000.5.13.1 cyrus-sasl-sqlauxprop-2.1.26-150000.5.13.1 cyrus-sasl-sqlauxprop-debuginfo-2.1.26-150000.5.13.1 libsasl2-3-2.1.26-150000.5.13.1 libsasl2-3-debuginfo-2.1.26-150000.5.13.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (x86_64): cyrus-sasl-32bit-2.1.26-150000.5.13.1 cyrus-sasl-32bit-debuginfo-2.1.26-150000.5.13.1 cyrus-sasl-crammd5-32bit-2.1.26-150000.5.13.1 cyrus-sasl-crammd5-32bit-debuginfo-2.1.26-150000.5.13.1 cyrus-sasl-digestmd5-32bit-2.1.26-150000.5.13.1 cyrus-sasl-digestmd5-32bit-debuginfo-2.1.26-150000.5.13.1 cyrus-sasl-gssapi-32bit-2.1.26-150000.5.13.1 cyrus-sasl-gssapi-32bit-debuginfo-2.1.26-150000.5.13.1 cyrus-sasl-plain-32bit-2.1.26-150000.5.13.1 cyrus-sasl-plain-32bit-debuginfo-2.1.26-150000.5.13.1 libsasl2-3-32bit-2.1.26-150000.5.13.1 libsasl2-3-32bit-debuginfo-2.1.26-150000.5.13.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): cyrus-sasl-2.1.26-150000.5.13.1 cyrus-sasl-crammd5-2.1.26-150000.5.13.1 cyrus-sasl-crammd5-debuginfo-2.1.26-150000.5.13.1 cyrus-sasl-debuginfo-2.1.26-150000.5.13.1 cyrus-sasl-debugsource-2.1.26-150000.5.13.1 cyrus-sasl-devel-2.1.26-150000.5.13.1 cyrus-sasl-digestmd5-2.1.26-150000.5.13.1 cyrus-sasl-digestmd5-debuginfo-2.1.26-150000.5.13.1 cyrus-sasl-gssapi-2.1.26-150000.5.13.1 cyrus-sasl-gssapi-debuginfo-2.1.26-150000.5.13.1 cyrus-sasl-otp-2.1.26-150000.5.13.1 cyrus-sasl-otp-debuginfo-2.1.26-150000.5.13.1 cyrus-sasl-plain-2.1.26-150000.5.13.1 cyrus-sasl-plain-debuginfo-2.1.26-150000.5.13.1 cyrus-sasl-saslauthd-2.1.26-150000.5.13.1 cyrus-sasl-saslauthd-debuginfo-2.1.26-150000.5.13.1 cyrus-sasl-saslauthd-debugsource-2.1.26-150000.5.13.1 cyrus-sasl-sqlauxprop-2.1.26-150000.5.13.1 cyrus-sasl-sqlauxprop-debuginfo-2.1.26-150000.5.13.1 libsasl2-3-2.1.26-150000.5.13.1 libsasl2-3-debuginfo-2.1.26-150000.5.13.1 - SUSE Enterprise Storage 7 (x86_64): cyrus-sasl-32bit-2.1.26-150000.5.13.1 cyrus-sasl-32bit-debuginfo-2.1.26-150000.5.13.1 cyrus-sasl-crammd5-32bit-2.1.26-150000.5.13.1 cyrus-sasl-crammd5-32bit-debuginfo-2.1.26-150000.5.13.1 cyrus-sasl-digestmd5-32bit-2.1.26-150000.5.13.1 cyrus-sasl-digestmd5-32bit-debuginfo-2.1.26-150000.5.13.1 cyrus-sasl-gssapi-32bit-2.1.26-150000.5.13.1 cyrus-sasl-gssapi-32bit-debuginfo-2.1.26-150000.5.13.1 cyrus-sasl-plain-32bit-2.1.26-150000.5.13.1 cyrus-sasl-plain-32bit-debuginfo-2.1.26-150000.5.13.1 libsasl2-3-32bit-2.1.26-150000.5.13.1 libsasl2-3-32bit-debuginfo-2.1.26-150000.5.13.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): cyrus-sasl-2.1.26-150000.5.13.1 cyrus-sasl-crammd5-2.1.26-150000.5.13.1 cyrus-sasl-crammd5-debuginfo-2.1.26-150000.5.13.1 cyrus-sasl-debuginfo-2.1.26-150000.5.13.1 cyrus-sasl-debugsource-2.1.26-150000.5.13.1 cyrus-sasl-devel-2.1.26-150000.5.13.1 cyrus-sasl-digestmd5-2.1.26-150000.5.13.1 cyrus-sasl-digestmd5-debuginfo-2.1.26-150000.5.13.1 cyrus-sasl-gssapi-2.1.26-150000.5.13.1 cyrus-sasl-gssapi-debuginfo-2.1.26-150000.5.13.1 cyrus-sasl-otp-2.1.26-150000.5.13.1 cyrus-sasl-otp-debuginfo-2.1.26-150000.5.13.1 cyrus-sasl-plain-2.1.26-150000.5.13.1 cyrus-sasl-plain-debuginfo-2.1.26-150000.5.13.1 cyrus-sasl-saslauthd-2.1.26-150000.5.13.1 cyrus-sasl-saslauthd-debuginfo-2.1.26-150000.5.13.1 cyrus-sasl-saslauthd-debugsource-2.1.26-150000.5.13.1 cyrus-sasl-sqlauxprop-2.1.26-150000.5.13.1 cyrus-sasl-sqlauxprop-debuginfo-2.1.26-150000.5.13.1 libsasl2-3-2.1.26-150000.5.13.1 libsasl2-3-debuginfo-2.1.26-150000.5.13.1 - SUSE Enterprise Storage 6 (x86_64): cyrus-sasl-32bit-2.1.26-150000.5.13.1 cyrus-sasl-32bit-debuginfo-2.1.26-150000.5.13.1 cyrus-sasl-crammd5-32bit-2.1.26-150000.5.13.1 cyrus-sasl-crammd5-32bit-debuginfo-2.1.26-150000.5.13.1 cyrus-sasl-digestmd5-32bit-2.1.26-150000.5.13.1 cyrus-sasl-digestmd5-32bit-debuginfo-2.1.26-150000.5.13.1 cyrus-sasl-gssapi-32bit-2.1.26-150000.5.13.1 cyrus-sasl-gssapi-32bit-debuginfo-2.1.26-150000.5.13.1 cyrus-sasl-plain-32bit-2.1.26-150000.5.13.1 cyrus-sasl-plain-32bit-debuginfo-2.1.26-150000.5.13.1 libsasl2-3-32bit-2.1.26-150000.5.13.1 libsasl2-3-32bit-debuginfo-2.1.26-150000.5.13.1 - SUSE CaaS Platform 4.0 (x86_64): cyrus-sasl-2.1.26-150000.5.13.1 cyrus-sasl-32bit-2.1.26-150000.5.13.1 cyrus-sasl-32bit-debuginfo-2.1.26-150000.5.13.1 cyrus-sasl-crammd5-2.1.26-150000.5.13.1 cyrus-sasl-crammd5-32bit-2.1.26-150000.5.13.1 cyrus-sasl-crammd5-32bit-debuginfo-2.1.26-150000.5.13.1 cyrus-sasl-crammd5-debuginfo-2.1.26-150000.5.13.1 cyrus-sasl-debuginfo-2.1.26-150000.5.13.1 cyrus-sasl-debugsource-2.1.26-150000.5.13.1 cyrus-sasl-devel-2.1.26-150000.5.13.1 cyrus-sasl-digestmd5-2.1.26-150000.5.13.1 cyrus-sasl-digestmd5-32bit-2.1.26-150000.5.13.1 cyrus-sasl-digestmd5-32bit-debuginfo-2.1.26-150000.5.13.1 cyrus-sasl-digestmd5-debuginfo-2.1.26-150000.5.13.1 cyrus-sasl-gssapi-2.1.26-150000.5.13.1 cyrus-sasl-gssapi-32bit-2.1.26-150000.5.13.1 cyrus-sasl-gssapi-32bit-debuginfo-2.1.26-150000.5.13.1 cyrus-sasl-gssapi-debuginfo-2.1.26-150000.5.13.1 cyrus-sasl-otp-2.1.26-150000.5.13.1 cyrus-sasl-otp-debuginfo-2.1.26-150000.5.13.1 cyrus-sasl-plain-2.1.26-150000.5.13.1 cyrus-sasl-plain-32bit-2.1.26-150000.5.13.1 cyrus-sasl-plain-32bit-debuginfo-2.1.26-150000.5.13.1 cyrus-sasl-plain-debuginfo-2.1.26-150000.5.13.1 cyrus-sasl-saslauthd-2.1.26-150000.5.13.1 cyrus-sasl-saslauthd-debuginfo-2.1.26-150000.5.13.1 cyrus-sasl-saslauthd-debugsource-2.1.26-150000.5.13.1 cyrus-sasl-sqlauxprop-2.1.26-150000.5.13.1 cyrus-sasl-sqlauxprop-debuginfo-2.1.26-150000.5.13.1 libsasl2-3-2.1.26-150000.5.13.1 libsasl2-3-32bit-2.1.26-150000.5.13.1 libsasl2-3-32bit-debuginfo-2.1.26-150000.5.13.1 libsasl2-3-debuginfo-2.1.26-150000.5.13.1 References: https://www.suse.com/security/cve/CVE-2019-19906.html https://bugzilla.suse.com/1159635 From sle-updates at lists.suse.com Fri Oct 7 19:18:57 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 7 Oct 2022 21:18:57 +0200 (CEST) Subject: SUSE-RU-2022:3551-1: moderate: Recommended update for libgcrypt Message-ID: <20221007191857.3E157FD57@maintenance.suse.de> SUSE Recommended Update: Recommended update for libgcrypt ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:3551-1 Rating: moderate References: #1182983 #1190700 #1191020 #1202117 SLE-24941 Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has four recommended fixes and contains one feature can now be installed. Description: This update for libgcrypt fixes the following issues: - FIPS: Fixed gpg/gpg2 gets out of core handler in FIPS mode while typing Tab key to Auto-Completion. [bsc#1182983] - FIPS: Ported libgcrypt to use jitterentropy [bsc#1202117, jsc#SLE-24941] * Enable the jitter based entropy generator by default in random.conf * Update the internal jitterentropy to version 3.4.0 - FIPS: Get most of the entropy from rndjent_poll [bsc#1202117] - FIPS: Check keylength in gcry_fips_indicator_kdf() [bsc#1190700] * Consider approved keylength greater or equal to 112 bits. - FIPS: Zeroize buffer and digest in check_binary_integrity() [bsc#1191020] Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3551=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-3551=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): libgcrypt-cavs-1.9.4-150400.6.5.1 libgcrypt-cavs-debuginfo-1.9.4-150400.6.5.1 libgcrypt-debugsource-1.9.4-150400.6.5.1 libgcrypt-devel-1.9.4-150400.6.5.1 libgcrypt-devel-debuginfo-1.9.4-150400.6.5.1 libgcrypt20-1.9.4-150400.6.5.1 libgcrypt20-debuginfo-1.9.4-150400.6.5.1 libgcrypt20-hmac-1.9.4-150400.6.5.1 - openSUSE Leap 15.4 (x86_64): libgcrypt-devel-32bit-1.9.4-150400.6.5.1 libgcrypt-devel-32bit-debuginfo-1.9.4-150400.6.5.1 libgcrypt20-32bit-1.9.4-150400.6.5.1 libgcrypt20-32bit-debuginfo-1.9.4-150400.6.5.1 libgcrypt20-hmac-32bit-1.9.4-150400.6.5.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): libgcrypt-debugsource-1.9.4-150400.6.5.1 libgcrypt-devel-1.9.4-150400.6.5.1 libgcrypt-devel-debuginfo-1.9.4-150400.6.5.1 libgcrypt20-1.9.4-150400.6.5.1 libgcrypt20-debuginfo-1.9.4-150400.6.5.1 libgcrypt20-hmac-1.9.4-150400.6.5.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (x86_64): libgcrypt20-32bit-1.9.4-150400.6.5.1 libgcrypt20-32bit-debuginfo-1.9.4-150400.6.5.1 libgcrypt20-hmac-32bit-1.9.4-150400.6.5.1 References: https://bugzilla.suse.com/1182983 https://bugzilla.suse.com/1190700 https://bugzilla.suse.com/1191020 https://bugzilla.suse.com/1202117 From sle-updates at lists.suse.com Fri Oct 7 22:20:06 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 8 Oct 2022 00:20:06 +0200 (CEST) Subject: SUSE-SU-2022:3552-1: Security update for ImageMagick Message-ID: <20221007222006.27EA6FD57@maintenance.suse.de> SUSE Security Update: Security update for ImageMagick ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3552-1 Rating: low References: #1203212 Cross-References: CVE-2021-3574 CVSS scores: CVE-2021-3574 (NVD) : 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2021-3574 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for Desktop Applications 15-SP3 SUSE Linux Enterprise Module for Development Tools 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for ImageMagick fixes the following issues: - CVE-2021-3574: Fixed memory leaks with convert command (bsc#1203212). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3552=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-3552=1 - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2022-3552=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP3-2022-3552=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): libMagick++-7_Q16HDRI4-7.0.7.34-150200.10.39.1 libMagick++-7_Q16HDRI4-debuginfo-7.0.7.34-150200.10.39.1 libMagickCore-7_Q16HDRI6-7.0.7.34-150200.10.39.1 libMagickCore-7_Q16HDRI6-debuginfo-7.0.7.34-150200.10.39.1 libMagickWand-7_Q16HDRI6-7.0.7.34-150200.10.39.1 libMagickWand-7_Q16HDRI6-debuginfo-7.0.7.34-150200.10.39.1 - openSUSE Leap 15.4 (x86_64): libMagick++-7_Q16HDRI4-32bit-7.0.7.34-150200.10.39.1 libMagick++-7_Q16HDRI4-32bit-debuginfo-7.0.7.34-150200.10.39.1 libMagickCore-7_Q16HDRI6-32bit-7.0.7.34-150200.10.39.1 libMagickCore-7_Q16HDRI6-32bit-debuginfo-7.0.7.34-150200.10.39.1 libMagickWand-7_Q16HDRI6-32bit-7.0.7.34-150200.10.39.1 libMagickWand-7_Q16HDRI6-32bit-debuginfo-7.0.7.34-150200.10.39.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): ImageMagick-7.0.7.34-150200.10.39.1 ImageMagick-config-7-SUSE-7.0.7.34-150200.10.39.1 ImageMagick-config-7-upstream-7.0.7.34-150200.10.39.1 ImageMagick-debuginfo-7.0.7.34-150200.10.39.1 ImageMagick-debugsource-7.0.7.34-150200.10.39.1 ImageMagick-devel-7.0.7.34-150200.10.39.1 ImageMagick-extra-7.0.7.34-150200.10.39.1 ImageMagick-extra-debuginfo-7.0.7.34-150200.10.39.1 libMagick++-7_Q16HDRI4-7.0.7.34-150200.10.39.1 libMagick++-7_Q16HDRI4-debuginfo-7.0.7.34-150200.10.39.1 libMagick++-devel-7.0.7.34-150200.10.39.1 libMagickCore-7_Q16HDRI6-7.0.7.34-150200.10.39.1 libMagickCore-7_Q16HDRI6-debuginfo-7.0.7.34-150200.10.39.1 libMagickWand-7_Q16HDRI6-7.0.7.34-150200.10.39.1 libMagickWand-7_Q16HDRI6-debuginfo-7.0.7.34-150200.10.39.1 perl-PerlMagick-7.0.7.34-150200.10.39.1 perl-PerlMagick-debuginfo-7.0.7.34-150200.10.39.1 - openSUSE Leap 15.3 (x86_64): ImageMagick-devel-32bit-7.0.7.34-150200.10.39.1 libMagick++-7_Q16HDRI4-32bit-7.0.7.34-150200.10.39.1 libMagick++-7_Q16HDRI4-32bit-debuginfo-7.0.7.34-150200.10.39.1 libMagick++-devel-32bit-7.0.7.34-150200.10.39.1 libMagickCore-7_Q16HDRI6-32bit-7.0.7.34-150200.10.39.1 libMagickCore-7_Q16HDRI6-32bit-debuginfo-7.0.7.34-150200.10.39.1 libMagickWand-7_Q16HDRI6-32bit-7.0.7.34-150200.10.39.1 libMagickWand-7_Q16HDRI6-32bit-debuginfo-7.0.7.34-150200.10.39.1 - openSUSE Leap 15.3 (noarch): ImageMagick-doc-7.0.7.34-150200.10.39.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le s390x x86_64): ImageMagick-debuginfo-7.0.7.34-150200.10.39.1 ImageMagick-debugsource-7.0.7.34-150200.10.39.1 perl-PerlMagick-7.0.7.34-150200.10.39.1 perl-PerlMagick-debuginfo-7.0.7.34-150200.10.39.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (aarch64 ppc64le s390x x86_64): ImageMagick-7.0.7.34-150200.10.39.1 ImageMagick-config-7-SUSE-7.0.7.34-150200.10.39.1 ImageMagick-config-7-upstream-7.0.7.34-150200.10.39.1 ImageMagick-debuginfo-7.0.7.34-150200.10.39.1 ImageMagick-debugsource-7.0.7.34-150200.10.39.1 ImageMagick-devel-7.0.7.34-150200.10.39.1 libMagick++-7_Q16HDRI4-7.0.7.34-150200.10.39.1 libMagick++-7_Q16HDRI4-debuginfo-7.0.7.34-150200.10.39.1 libMagick++-devel-7.0.7.34-150200.10.39.1 libMagickCore-7_Q16HDRI6-7.0.7.34-150200.10.39.1 libMagickCore-7_Q16HDRI6-debuginfo-7.0.7.34-150200.10.39.1 libMagickWand-7_Q16HDRI6-7.0.7.34-150200.10.39.1 libMagickWand-7_Q16HDRI6-debuginfo-7.0.7.34-150200.10.39.1 References: https://www.suse.com/security/cve/CVE-2021-3574.html https://bugzilla.suse.com/1203212 From sle-updates at lists.suse.com Sat Oct 8 08:25:02 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 8 Oct 2022 10:25:02 +0200 (CEST) Subject: SUSE-CU-2022:2471-1: Security update of suse/sle15 Message-ID: <20221008082502.3CD58FCF8@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2471-1 Container Tags : suse/sle15:15.0 , suse/sle15:15.0.4.22.621 Container Release : 4.22.621 Severity : important Type : security References : 1159635 CVE-2019-19906 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3549-1 Released: Fri Oct 7 14:39:40 2022 Summary: Security update for cyrus-sasl Type: security Severity: important References: 1159635,CVE-2019-19906 This update for cyrus-sasl fixes the following issues: - CVE-2019-19906: Fixed an out-of-bounds write that could lead to unauthenticated remote denial of service in OpenLDAP via a malformed LDAP packet (bsc#1159635). The following package changes have been done: - libsasl2-3-2.1.26-150000.5.13.1 updated From sle-updates at lists.suse.com Sat Oct 8 08:47:29 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 8 Oct 2022 10:47:29 +0200 (CEST) Subject: SUSE-CU-2022:2472-1: Security update of suse/sle15 Message-ID: <20221008084729.302F7FD57@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2472-1 Container Tags : suse/sle15:15.1 , suse/sle15:15.1.6.2.684 Container Release : 6.2.684 Severity : important Type : security References : 1159635 CVE-2019-19906 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3549-1 Released: Fri Oct 7 14:39:40 2022 Summary: Security update for cyrus-sasl Type: security Severity: important References: 1159635,CVE-2019-19906 This update for cyrus-sasl fixes the following issues: - CVE-2019-19906: Fixed an out-of-bounds write that could lead to unauthenticated remote denial of service in OpenLDAP via a malformed LDAP packet (bsc#1159635). The following package changes have been done: - libsasl2-3-2.1.26-150000.5.13.1 updated From sle-updates at lists.suse.com Sat Oct 8 09:03:50 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 8 Oct 2022 11:03:50 +0200 (CEST) Subject: SUSE-CU-2022:2473-1: Security update of suse/sle15 Message-ID: <20221008090350.9EA9DFD57@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2473-1 Container Tags : suse/sle15:15.2 , suse/sle15:15.2.9.5.204 Container Release : 9.5.204 Severity : important Type : security References : 1159635 CVE-2019-19906 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3549-1 Released: Fri Oct 7 14:39:40 2022 Summary: Security update for cyrus-sasl Type: security Severity: important References: 1159635,CVE-2019-19906 This update for cyrus-sasl fixes the following issues: - CVE-2019-19906: Fixed an out-of-bounds write that could lead to unauthenticated remote denial of service in OpenLDAP via a malformed LDAP packet (bsc#1159635). The following package changes have been done: - libsasl2-3-2.1.26-150000.5.13.1 updated From sle-updates at lists.suse.com Sat Oct 8 09:49:00 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 8 Oct 2022 11:49:00 +0200 (CEST) Subject: SUSE-CU-2022:2491-1: Recommended update of bci/bci-minimal Message-ID: <20221008094900.99647FCF8@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-minimal ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2491-1 Container Tags : bci/bci-minimal:15.4 , bci/bci-minimal:15.4.15.2 , bci/bci-minimal:latest Container Release : 15.2 Severity : moderate Type : recommended References : 1182983 1190700 1191020 1202117 ----------------------------------------------------------------- The container bci/bci-minimal was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3551-1 Released: Fri Oct 7 17:03:55 2022 Summary: Recommended update for libgcrypt Type: recommended Severity: moderate References: 1182983,1190700,1191020,1202117 This update for libgcrypt fixes the following issues: - FIPS: Fixed gpg/gpg2 gets out of core handler in FIPS mode while typing Tab key to Auto-Completion. [bsc#1182983] - FIPS: Ported libgcrypt to use jitterentropy [bsc#1202117, jsc#SLE-24941] * Enable the jitter based entropy generator by default in random.conf * Update the internal jitterentropy to version 3.4.0 - FIPS: Get most of the entropy from rndjent_poll [bsc#1202117] - FIPS: Check keylength in gcry_fips_indicator_kdf() [bsc#1190700] * Consider approved keylength greater or equal to 112 bits. - FIPS: Zeroize buffer and digest in check_binary_integrity() [bsc#1191020] The following package changes have been done: - libgcrypt20-1.9.4-150400.6.5.1 updated - container:micro-image-15.4.0-15.1 updated From sle-updates at lists.suse.com Sat Oct 8 10:05:30 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 8 Oct 2022 12:05:30 +0200 (CEST) Subject: SUSE-CU-2022:2502-1: Recommended update of suse/sle15 Message-ID: <20221008100530.0831BFD57@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2502-1 Container Tags : bci/bci-base:15.4 , bci/bci-base:15.4.27.11.29 , suse/sle15:15.4 , suse/sle15:15.4.27.11.29 Container Release : 27.11.29 Severity : moderate Type : recommended References : 1182983 1190700 1191020 1202117 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3551-1 Released: Fri Oct 7 17:03:55 2022 Summary: Recommended update for libgcrypt Type: recommended Severity: moderate References: 1182983,1190700,1191020,1202117 This update for libgcrypt fixes the following issues: - FIPS: Fixed gpg/gpg2 gets out of core handler in FIPS mode while typing Tab key to Auto-Completion. [bsc#1182983] - FIPS: Ported libgcrypt to use jitterentropy [bsc#1202117, jsc#SLE-24941] * Enable the jitter based entropy generator by default in random.conf * Update the internal jitterentropy to version 3.4.0 - FIPS: Get most of the entropy from rndjent_poll [bsc#1202117] - FIPS: Check keylength in gcry_fips_indicator_kdf() [bsc#1190700] * Consider approved keylength greater or equal to 112 bits. - FIPS: Zeroize buffer and digest in check_binary_integrity() [bsc#1191020] The following package changes have been done: - libgcrypt20-hmac-1.9.4-150400.6.5.1 updated - libgcrypt20-1.9.4-150400.6.5.1 updated From sle-updates at lists.suse.com Mon Oct 10 16:20:34 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 10 Oct 2022 18:20:34 +0200 (CEST) Subject: SUSE-FU-2022:3556-1: moderate: Feature update for nvme-stas Message-ID: <20221010162034.CC41BFD57@maintenance.suse.de> SUSE Feature Update: Feature update for nvme-stas ______________________________________________________________________________ Announcement ID: SUSE-FU-2022:3556-1 Rating: moderate References: #1200128 SLE-24805 Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has one feature fix and contains one feature can now be installed. Description: This feature update for nvme-stas fixes the following issues: Update from version 1.0 to version 1.1.6 (bsc#1200128, jsc#SLE-24805): - Added systemd service file (service disabled) - Install everything under `/usr/lib` instead of `/usr/lib64` - conf: Enable sticky-connections by default - doc: Troubleshoot guide for missing mDNS packets - doc: Update README.md - stacd: Add configuration parameter 'sticky-connections' - stacd: Fix D-Bus race condition between stacd and stafd - stacd: Allow disabling nvme-cli auto-connect udev rule - stacd: Audit connections - stacd: Fix I/O controller connection audits - stacd: Fix defered call to remove_controller() with wrong arguments - stafd, stacd: Add man page to systend service file. - staslib: Fix cback function deleting object that called the cback - staslib: Add override support - staslib: Calling wrong cback function on controller removal - staslib: Check that async operation hasn't been cancelled before proceeding - staslib: Fix race conditions during controller object removal - staslib: Fix support for fibre channel - staslib: Make sure controller object gets "purged" when removed - systemd: Add explicit dependency to modprobe at nvme_fabrics.service - udev: Fix I/O controller scan & detect algorithm Patch Instructions: To install this SUSE Feature Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3556=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-3556=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): nvme-stas-1.1.6-150400.3.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): nvme-stas-1.1.6-150400.3.3.1 References: https://bugzilla.suse.com/1200128 From sle-updates at lists.suse.com Mon Oct 10 16:21:28 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 10 Oct 2022 18:21:28 +0200 (CEST) Subject: SUSE-RU-2022:3557-1: critical: Recommended update for aws-efs-utils Message-ID: <20221010162128.B5636FD57@maintenance.suse.de> SUSE Recommended Update: Recommended update for aws-efs-utils ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:3557-1 Rating: critical References: #1203170 Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP1 SUSE Linux Enterprise High Performance Computing 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Public Cloud 15-SP1 SUSE Linux Enterprise Module for Public Cloud 15-SP2 SUSE Linux Enterprise Module for Public Cloud 15-SP3 SUSE Linux Enterprise Module for Public Cloud 15-SP4 SUSE Linux Enterprise Server 15-SP1 SUSE Linux Enterprise Server 15-SP2 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP1 SUSE Linux Enterprise Server for SAP Applications 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Linux Enterprise Storage 6 SUSE Linux Enterprise Storage 7 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.0 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.0 SUSE Manager Retail Branch Server 4.1 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.0 SUSE Manager Server 4.1 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for aws-efs-utils fixes the following issues: - Update to version 1.33.4 (bsc#1203170) * Fix the issue where watchdog sending signal to incorrect processes and add FIPS mode support * Apply additional check on awscredsuri option - from version 1.33.3 * Fix the potential stunnel hanging issue caused by full subprocess PIPE filled by stunnel log * Specify FIPS mode in configuration * Add separate env_path for macOS; Add comments * Update get-pip.py download url in README - from version 1.33.2 * Fix the incorrect path to generate read_ahead_kb config file and Bump the default tls port range from 400 to 1000 - Add patch to use unittest.mock instead of mock in testsuite - Use relative URL in Source field - version update to 1.33.1 * Enable mount process to retry on failed or timed out mount.nfs command * use unittest.mock instead of mock - version update to 1.32.1 * Enable watchdog to check stunnel health periodically and restart hanging stunnel process when necessary. - do not require python-mock for build Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3557=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-3557=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP4: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2022-3557=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP3: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP3-2022-3557=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP2: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP2-2022-3557=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP1: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP1-2022-3557=1 Package List: - openSUSE Leap 15.4 (noarch): aws-efs-utils-1.33.4-150100.4.8.1 - openSUSE Leap 15.3 (noarch): aws-efs-utils-1.33.4-150100.4.8.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP4 (noarch): aws-efs-utils-1.33.4-150100.4.8.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP3 (noarch): aws-efs-utils-1.33.4-150100.4.8.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP2 (noarch): aws-efs-utils-1.33.4-150100.4.8.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP1 (noarch): aws-efs-utils-1.33.4-150100.4.8.1 References: https://bugzilla.suse.com/1203170 From sle-updates at lists.suse.com Mon Oct 10 16:22:30 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 10 Oct 2022 18:22:30 +0200 (CEST) Subject: SUSE-SU-2022:3553-1: important: Security update for python Message-ID: <20221010162230.2023EFD57@maintenance.suse.de> SUSE Security Update: Security update for python ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3553-1 Rating: important References: #1202624 Cross-References: CVE-2021-28861 CVSS scores: CVE-2021-28861 (NVD) : 7.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N CVE-2021-28861 (SUSE): 7.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N Affected Products: SUSE Linux Enterprise Desktop 12-SP5 SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Workstation Extension 12-SP5 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python fixes the following issues: - CVE-2021-28861: Fixed an open redirection vulnerability in the HTTP server when an URI path starts with // (bsc#1202624). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-3553=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2022-3553=1 - SUSE Linux Enterprise Workstation Extension 12-SP5: zypper in -t patch SUSE-SLE-WE-12-SP5-2022-3553=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-3553=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-3553=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-3553=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): libpython2_7-1_0-2.7.18-33.14.1 libpython2_7-1_0-32bit-2.7.18-33.14.1 libpython2_7-1_0-debuginfo-2.7.18-33.14.1 libpython2_7-1_0-debuginfo-32bit-2.7.18-33.14.1 python-2.7.18-33.14.2 python-32bit-2.7.18-33.14.2 python-base-2.7.18-33.14.1 python-base-32bit-2.7.18-33.14.1 python-base-debuginfo-2.7.18-33.14.1 python-base-debuginfo-32bit-2.7.18-33.14.1 python-base-debugsource-2.7.18-33.14.1 python-curses-2.7.18-33.14.2 python-curses-debuginfo-2.7.18-33.14.2 python-debuginfo-2.7.18-33.14.2 python-debuginfo-32bit-2.7.18-33.14.2 python-debugsource-2.7.18-33.14.2 python-demo-2.7.18-33.14.2 python-devel-2.7.18-33.14.1 python-gdbm-2.7.18-33.14.2 python-gdbm-debuginfo-2.7.18-33.14.2 python-idle-2.7.18-33.14.2 python-tk-2.7.18-33.14.2 python-tk-debuginfo-2.7.18-33.14.2 python-xml-2.7.18-33.14.1 python-xml-debuginfo-2.7.18-33.14.1 - SUSE OpenStack Cloud Crowbar 9 (noarch): python-doc-2.7.18-33.14.2 python-doc-pdf-2.7.18-33.14.2 - SUSE OpenStack Cloud 9 (noarch): python-doc-2.7.18-33.14.2 python-doc-pdf-2.7.18-33.14.2 - SUSE OpenStack Cloud 9 (x86_64): libpython2_7-1_0-2.7.18-33.14.1 libpython2_7-1_0-32bit-2.7.18-33.14.1 libpython2_7-1_0-debuginfo-2.7.18-33.14.1 libpython2_7-1_0-debuginfo-32bit-2.7.18-33.14.1 python-2.7.18-33.14.2 python-32bit-2.7.18-33.14.2 python-base-2.7.18-33.14.1 python-base-32bit-2.7.18-33.14.1 python-base-debuginfo-2.7.18-33.14.1 python-base-debuginfo-32bit-2.7.18-33.14.1 python-base-debugsource-2.7.18-33.14.1 python-curses-2.7.18-33.14.2 python-curses-debuginfo-2.7.18-33.14.2 python-debuginfo-2.7.18-33.14.2 python-debuginfo-32bit-2.7.18-33.14.2 python-debugsource-2.7.18-33.14.2 python-demo-2.7.18-33.14.2 python-devel-2.7.18-33.14.1 python-gdbm-2.7.18-33.14.2 python-gdbm-debuginfo-2.7.18-33.14.2 python-idle-2.7.18-33.14.2 python-tk-2.7.18-33.14.2 python-tk-debuginfo-2.7.18-33.14.2 python-xml-2.7.18-33.14.1 python-xml-debuginfo-2.7.18-33.14.1 - SUSE Linux Enterprise Workstation Extension 12-SP5 (x86_64): python-base-debuginfo-2.7.18-33.14.1 python-base-debugsource-2.7.18-33.14.1 python-devel-2.7.18-33.14.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): libpython2_7-1_0-2.7.18-33.14.1 libpython2_7-1_0-debuginfo-2.7.18-33.14.1 python-2.7.18-33.14.2 python-base-2.7.18-33.14.1 python-base-debuginfo-2.7.18-33.14.1 python-base-debugsource-2.7.18-33.14.1 python-curses-2.7.18-33.14.2 python-curses-debuginfo-2.7.18-33.14.2 python-debuginfo-2.7.18-33.14.2 python-debugsource-2.7.18-33.14.2 python-demo-2.7.18-33.14.2 python-devel-2.7.18-33.14.1 python-gdbm-2.7.18-33.14.2 python-gdbm-debuginfo-2.7.18-33.14.2 python-idle-2.7.18-33.14.2 python-tk-2.7.18-33.14.2 python-tk-debuginfo-2.7.18-33.14.2 python-xml-2.7.18-33.14.1 python-xml-debuginfo-2.7.18-33.14.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64): libpython2_7-1_0-32bit-2.7.18-33.14.1 libpython2_7-1_0-debuginfo-32bit-2.7.18-33.14.1 python-32bit-2.7.18-33.14.2 python-base-32bit-2.7.18-33.14.1 python-base-debuginfo-32bit-2.7.18-33.14.1 python-debuginfo-32bit-2.7.18-33.14.2 - SUSE Linux Enterprise Server for SAP 12-SP4 (noarch): python-doc-2.7.18-33.14.2 python-doc-pdf-2.7.18-33.14.2 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libpython2_7-1_0-2.7.18-33.14.1 libpython2_7-1_0-debuginfo-2.7.18-33.14.1 python-2.7.18-33.14.2 python-base-2.7.18-33.14.1 python-base-debuginfo-2.7.18-33.14.1 python-base-debugsource-2.7.18-33.14.1 python-curses-2.7.18-33.14.2 python-curses-debuginfo-2.7.18-33.14.2 python-debuginfo-2.7.18-33.14.2 python-debugsource-2.7.18-33.14.2 python-demo-2.7.18-33.14.2 python-devel-2.7.18-33.14.1 python-gdbm-2.7.18-33.14.2 python-gdbm-debuginfo-2.7.18-33.14.2 python-idle-2.7.18-33.14.2 python-tk-2.7.18-33.14.2 python-tk-debuginfo-2.7.18-33.14.2 python-xml-2.7.18-33.14.1 python-xml-debuginfo-2.7.18-33.14.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): libpython2_7-1_0-32bit-2.7.18-33.14.1 libpython2_7-1_0-debuginfo-32bit-2.7.18-33.14.1 python-32bit-2.7.18-33.14.2 python-base-32bit-2.7.18-33.14.1 python-base-debuginfo-32bit-2.7.18-33.14.1 python-debuginfo-32bit-2.7.18-33.14.2 - SUSE Linux Enterprise Server 12-SP5 (noarch): python-doc-2.7.18-33.14.2 python-doc-pdf-2.7.18-33.14.2 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): libpython2_7-1_0-2.7.18-33.14.1 libpython2_7-1_0-debuginfo-2.7.18-33.14.1 python-2.7.18-33.14.2 python-base-2.7.18-33.14.1 python-base-debuginfo-2.7.18-33.14.1 python-base-debugsource-2.7.18-33.14.1 python-curses-2.7.18-33.14.2 python-curses-debuginfo-2.7.18-33.14.2 python-debuginfo-2.7.18-33.14.2 python-debugsource-2.7.18-33.14.2 python-demo-2.7.18-33.14.2 python-devel-2.7.18-33.14.1 python-gdbm-2.7.18-33.14.2 python-gdbm-debuginfo-2.7.18-33.14.2 python-idle-2.7.18-33.14.2 python-tk-2.7.18-33.14.2 python-tk-debuginfo-2.7.18-33.14.2 python-xml-2.7.18-33.14.1 python-xml-debuginfo-2.7.18-33.14.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (s390x x86_64): libpython2_7-1_0-32bit-2.7.18-33.14.1 libpython2_7-1_0-debuginfo-32bit-2.7.18-33.14.1 python-32bit-2.7.18-33.14.2 python-base-32bit-2.7.18-33.14.1 python-base-debuginfo-32bit-2.7.18-33.14.1 python-debuginfo-32bit-2.7.18-33.14.2 - SUSE Linux Enterprise Server 12-SP4-LTSS (noarch): python-doc-2.7.18-33.14.2 python-doc-pdf-2.7.18-33.14.2 References: https://www.suse.com/security/cve/CVE-2021-28861.html https://bugzilla.suse.com/1202624 From sle-updates at lists.suse.com Mon Oct 10 16:23:39 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 10 Oct 2022 18:23:39 +0200 (CEST) Subject: SUSE-RU-2022:3555-1: important: Recommended update for aaa_base Message-ID: <20221010162339.46FC9FD57@maintenance.suse.de> SUSE Recommended Update: Recommended update for aaa_base ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:3555-1 Rating: important References: #1199492 Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Micro 5.3 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Module for Development Tools 15-SP3 SUSE Linux Enterprise Module for Development Tools 15-SP4 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for aaa_base fixes the following issues: - The wrapper rootsh is not a restricted shell. (bsc#1199492) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3555=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-3555=1 - SUSE Linux Enterprise Module for Development Tools 15-SP4: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2022-3555=1 - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2022-3555=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-3555=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-3555=1 - SUSE Linux Enterprise Micro 5.3: zypper in -t patch SUSE-SLE-Micro-5.3-2022-3555=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-3555=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-3555=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): aaa_base-84.87+git20180409.04c9dae-150200.8.3.1 aaa_base-debuginfo-84.87+git20180409.04c9dae-150200.8.3.1 aaa_base-debugsource-84.87+git20180409.04c9dae-150200.8.3.1 aaa_base-extras-84.87+git20180409.04c9dae-150200.8.3.1 aaa_base-malloccheck-84.87+git20180409.04c9dae-150200.8.3.1 aaa_base-wsl-84.87+git20180409.04c9dae-150200.8.3.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): aaa_base-84.87+git20180409.04c9dae-150200.8.3.1 aaa_base-debuginfo-84.87+git20180409.04c9dae-150200.8.3.1 aaa_base-debugsource-84.87+git20180409.04c9dae-150200.8.3.1 aaa_base-extras-84.87+git20180409.04c9dae-150200.8.3.1 aaa_base-malloccheck-84.87+git20180409.04c9dae-150200.8.3.1 aaa_base-wsl-84.87+git20180409.04c9dae-150200.8.3.1 - SUSE Linux Enterprise Module for Development Tools 15-SP4 (aarch64 ppc64le s390x x86_64): aaa_base-debuginfo-84.87+git20180409.04c9dae-150200.8.3.1 aaa_base-debugsource-84.87+git20180409.04c9dae-150200.8.3.1 aaa_base-malloccheck-84.87+git20180409.04c9dae-150200.8.3.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le s390x x86_64): aaa_base-debuginfo-84.87+git20180409.04c9dae-150200.8.3.1 aaa_base-debugsource-84.87+git20180409.04c9dae-150200.8.3.1 aaa_base-malloccheck-84.87+git20180409.04c9dae-150200.8.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): aaa_base-84.87+git20180409.04c9dae-150200.8.3.1 aaa_base-debuginfo-84.87+git20180409.04c9dae-150200.8.3.1 aaa_base-debugsource-84.87+git20180409.04c9dae-150200.8.3.1 aaa_base-extras-84.87+git20180409.04c9dae-150200.8.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): aaa_base-84.87+git20180409.04c9dae-150200.8.3.1 aaa_base-debuginfo-84.87+git20180409.04c9dae-150200.8.3.1 aaa_base-debugsource-84.87+git20180409.04c9dae-150200.8.3.1 aaa_base-extras-84.87+git20180409.04c9dae-150200.8.3.1 - SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64): aaa_base-84.87+git20180409.04c9dae-150300.10.3.1 aaa_base-debuginfo-84.87+git20180409.04c9dae-150300.10.3.1 aaa_base-debugsource-84.87+git20180409.04c9dae-150300.10.3.1 - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): aaa_base-84.87+git20180409.04c9dae-150200.8.3.1 aaa_base-debuginfo-84.87+git20180409.04c9dae-150200.8.3.1 aaa_base-debugsource-84.87+git20180409.04c9dae-150200.8.3.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): aaa_base-84.87+git20180409.04c9dae-150200.8.3.1 aaa_base-debuginfo-84.87+git20180409.04c9dae-150200.8.3.1 aaa_base-debugsource-84.87+git20180409.04c9dae-150200.8.3.1 References: https://bugzilla.suse.com/1199492 From sle-updates at lists.suse.com Mon Oct 10 19:19:26 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 10 Oct 2022 21:19:26 +0200 (CEST) Subject: SUSE-RU-2022:3559-1: moderate: Recommended update for google-guest-agent, google-guest-configs, google-guest-oslogin, google-osconfig-agent Message-ID: <20221010191926.A00FBFD57@maintenance.suse.de> SUSE Recommended Update: Recommended update for google-guest-agent, google-guest-configs, google-guest-oslogin, google-osconfig-agent ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:3559-1 Rating: moderate References: #1195437 #1195438 Affected Products: SUSE Linux Enterprise High Performance Computing 12 SUSE Linux Enterprise Module for Public Cloud 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12 SUSE Linux Enterprise Server for SAP Applications 12-SP3 SUSE Linux Enterprise Server for SAP Applications 12-SP4 SUSE Linux Enterprise Server for SAP Applications 12-SP5 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for google-guest-agent, google-guest-configs, google-guest-oslogin, google-osconfig-agent fixes the following issues: - Update to version 20220204.00 (bsc#1195437, bsc#1195438) * remove han from owners * Remove extra slash from metadata URL. - from version 20220104.00 * List IPv6 routes - from version 20211228.00 * add add or remove route integration test, utils - from version 20211214.00 * add malformed ssh key unit test - Update to version 20220211.00: * Set NVMe-PD IO timeout to 4294967295. - Update to version 20220205.00 * Fix build for EL9. - from version 20211213.00 * Reauth error - Update to version 20220209.00 * Update licences, remove deprecated centos-8 tests - Update to version 20220204.00 * Add DisableLocalLogging option - from version 20220107.00 * OS assignment example: Copy file from bucket Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2022-3559=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 12 (aarch64 ppc64le s390x x86_64): google-guest-agent-20220204.00-1.26.1 google-guest-oslogin-20220205.00-1.26.2 google-guest-oslogin-debuginfo-20220205.00-1.26.2 google-guest-oslogin-debugsource-20220205.00-1.26.2 google-osconfig-agent-20220209.00-1.17.1 - SUSE Linux Enterprise Module for Public Cloud 12 (noarch): google-guest-configs-20220211.00-1.17.2 References: https://bugzilla.suse.com/1195437 https://bugzilla.suse.com/1195438 From sle-updates at lists.suse.com Mon Oct 10 19:20:06 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 10 Oct 2022 21:20:06 +0200 (CEST) Subject: SUSE-RU-2022:3558-1: Recommended update for release-notes-sled Message-ID: <20221010192006.B4660FD57@maintenance.suse.de> SUSE Recommended Update: Recommended update for release-notes-sled ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:3558-1 Rating: low References: #1187664 #933411 Affected Products: SUSE Linux Enterprise Desktop 15-SP3 openSUSE Leap 15.3 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for release-notes-sled fixes the following issues: Update the release notes to version 15.3.20220831 (bsc#933411) - Update outdated links (bsc#1187664) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-3558=1 - SUSE Linux Enterprise Desktop 15-SP3: zypper in -t patch SUSE-SLE-Product-SLED-15-SP3-2022-3558=1 Package List: - openSUSE Leap 15.3 (noarch): release-notes-sled-15.3.20220831-150300.3.6.1 - SUSE Linux Enterprise Desktop 15-SP3 (noarch): release-notes-sled-15.3.20220831-150300.3.6.1 References: https://bugzilla.suse.com/1187664 https://bugzilla.suse.com/933411 From sle-updates at lists.suse.com Tue Oct 11 07:23:51 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 11 Oct 2022 09:23:51 +0200 (CEST) Subject: SUSE-CU-2022:2505-1: Security update of suse/sle-micro/5.3/toolbox Message-ID: <20221011072351.A0E0DFBA8@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.3/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2505-1 Container Tags : suse/sle-micro/5.3/toolbox:11.1 , suse/sle-micro/5.3/toolbox:11.1-5.2.9 , suse/sle-micro/5.3/toolbox:latest Container Release : 5.2.9 Severity : critical Type : security References : 1198523 1201942 1202624 1203438 CVE-2021-28861 CVE-2022-40674 ----------------------------------------------------------------- The container suse/sle-micro/5.3/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3452-1 Released: Wed Sep 28 12:13:43 2022 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1201942 This update for glibc fixes the following issues: - Reversing calculation of __x86_shared_non_temporal_threshold (bsc#1201942) - powerpc: Optimized memcmp for power10 (jsc#PED-987) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3489-1 Released: Sat Oct 1 13:35:24 2022 Summary: Security update for expat Type: security Severity: important References: 1203438,CVE-2022-40674 This update for expat fixes the following issues: - CVE-2022-40674: Fixed use-after-free in the doContent function in xmlparse.c (bsc#1203438). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3521-1 Released: Tue Oct 4 14:18:56 2022 Summary: Recommended update for lvm2 Type: recommended Severity: critical References: 1198523 This update for lvm2 fixes the following issues: - Add additional check in the package to prevent removal of device-mapper library files during install (bsc#1198523) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3544-1 Released: Thu Oct 6 13:48:42 2022 Summary: Security update for python3 Type: security Severity: important References: 1202624,CVE-2021-28861 This update for python3 fixes the following issues: - CVE-2021-28861: Fixed an open redirection vulnerability in the HTTP server when an URI path starts with // (bsc#1202624). The following package changes have been done: - glibc-locale-base-2.31-150300.41.1 updated - glibc-locale-2.31-150300.41.1 updated - libdevmapper1_03-1.02.163-150400.178.1 updated - libexpat1-2.4.4-150400.3.9.1 updated - libpython3_6m1_0-3.6.15-150300.10.30.1 updated - python3-base-3.6.15-150300.10.30.1 updated From sle-updates at lists.suse.com Tue Oct 11 07:25:55 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 11 Oct 2022 09:25:55 +0200 (CEST) Subject: SUSE-CU-2022:2507-1: Security update of suse/389-ds Message-ID: <20221011072555.C7851FBA8@maintenance.suse.de> SUSE Container Update Advisory: suse/389-ds ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2507-1 Container Tags : suse/389-ds:2.0 , suse/389-ds:2.0-17.4 , suse/389-ds:latest Container Release : 17.4 Severity : important Type : security References : 1202624 1203438 CVE-2021-28861 CVE-2022-40674 ----------------------------------------------------------------- The container suse/389-ds was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3296-1 Released: Sat Sep 17 10:30:01 2022 Summary: Recommended update for nss_synth Type: recommended Severity: moderate References: This update for nss_synth fixes the following issues: - Support running 389-ds with bare uid/gid (non-root) in containers. (jsc#SLE-22585) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3489-1 Released: Sat Oct 1 13:35:24 2022 Summary: Security update for expat Type: security Severity: important References: 1203438,CVE-2022-40674 This update for expat fixes the following issues: - CVE-2022-40674: Fixed use-after-free in the doContent function in xmlparse.c (bsc#1203438). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3544-1 Released: Thu Oct 6 13:48:42 2022 Summary: Security update for python3 Type: security Severity: important References: 1202624,CVE-2021-28861 This update for python3 fixes the following issues: - CVE-2021-28861: Fixed an open redirection vulnerability in the HTTP server when an URI path starts with // (bsc#1202624). The following package changes have been done: - libexpat1-2.4.4-150400.3.9.1 updated - nss_synth-0.1.0~git0.7c23049-150400.9.5.1 added - python3-base-3.6.15-150300.10.30.1 updated - libpython3_6m1_0-3.6.15-150300.10.30.1 updated - container:sles15-image-15.0.0-27.11.29 updated - aaa_base-84.87+git20180409.04c9dae-3.57.1 removed - bash-4.4-150400.25.22 removed - bash-sh-4.4-150400.25.22 removed - coreutils-8.32-150400.7.5 removed - cpio-2.13-150400.1.98 removed - cracklib-2.9.7-11.6.1 removed - cracklib-dict-small-2.9.7-11.6.1 removed - crypto-policies-20210917.c9d86d1-150400.1.7 removed - diffutils-3.6-4.3.1 removed - file-magic-5.32-7.14.1 removed - filesystem-15.0-11.8.1 removed - fillup-1.42-2.18 removed - findutils-4.8.0-1.20 removed - glibc-2.31-150300.37.1 removed - grep-3.1-150000.4.6.1 removed - info-6.5-4.17 removed - krb5-1.19.2-150400.1.9 removed - libacl1-2.2.52-4.3.1 removed - libattr1-2.4.47-2.19 removed - libaudit1-3.0.6-150400.2.13 removed - libblkid1-2.37.2-150400.8.3.1 removed - libbrotlicommon1-1.0.7-3.3.1 removed - libbrotlidec1-1.0.7-3.3.1 removed - libbz2-1-1.0.8-150400.1.122 removed - libcap-ng0-0.7.9-4.37 removed - libcap2-2.63-150400.1.7 removed - libcom_err2-1.46.4-150400.3.3.1 removed - libcrack2-2.9.7-11.6.1 removed - libcrypt1-4.4.15-150300.4.4.3 removed - libcurl4-7.79.1-150400.5.6.1 removed - libdw1-0.185-150400.5.3.1 removed - libeconf0-0.4.4+git20220104.962774f-150400.1.38 removed - libelf1-0.185-150400.5.3.1 removed - libfdisk1-2.37.2-150400.8.3.1 removed - libffi7-3.2.1.git259-10.8 removed - libgcc_s1-11.3.0+git1637-150000.1.11.2 removed - libgcrypt20-1.9.4-150400.4.6 removed - libgcrypt20-hmac-1.9.4-150400.4.6 removed - libgmp10-6.1.2-4.9.1 removed - libgpg-error0-1.42-150400.1.101 removed - libidn2-0-2.2.0-3.6.1 removed - libkeyutils1-1.6.3-5.6.1 removed - libldap-2_4-2-2.4.46-150200.14.11.2 removed - libldap-data-2.4.46-150200.14.11.2 removed - liblua5_3-5-5.3.6-3.6.1 removed - liblz4-1-1.9.3-150400.1.7 removed - liblzma5-5.2.3-150000.4.7.1 removed - libmagic1-5.32-7.14.1 removed - libmount1-2.37.2-150400.8.3.1 removed - libncurses6-6.1-150000.5.12.1 removed - libnghttp2-14-1.40.0-6.1 removed - libnsl2-1.2.0-2.44 removed - libopenssl1_1-1.1.1l-150400.7.7.1 removed - libopenssl1_1-hmac-1.1.1l-150400.7.7.1 removed - libpcre1-8.45-150000.20.13.1 removed - libpopt0-1.16-3.22 removed - libpsl5-0.20.1-150000.3.3.1 removed - libreadline7-7.0-150400.25.22 removed - libsasl2-3-2.1.27-150300.4.6.1 removed - libselinux1-3.1-150400.1.69 removed - libsemanage1-3.1-150400.1.65 removed - libsepol1-3.1-150400.1.70 removed - libsmartcols1-2.37.2-150400.8.3.1 removed - libsqlite3-0-3.39.3-150000.3.17.1 removed - libssh-config-0.9.6-150400.1.5 removed - libssh4-0.9.6-150400.1.5 removed - libstdc++6-11.3.0+git1637-150000.1.11.2 removed - libsystemd0-249.12-150400.8.10.1 removed - libtirpc-netconfig-1.2.6-150300.3.14.1 removed - libtirpc3-1.2.6-150300.3.14.1 removed - libunistring2-0.9.10-1.1 removed - libutempter0-1.1.6-3.42 removed - libuuid1-2.37.2-150400.8.3.1 removed - libverto1-0.2.6-3.20 removed - libxml2-2-2.9.14-150400.5.7.1 removed - libz1-1.2.11-150000.3.33.1 removed - libzio1-1.06-2.20 removed - libzstd1-1.5.0-150400.1.71 removed - login_defs-4.8.1-150400.8.57 removed - ncurses-utils-6.1-150000.5.12.1 removed - openssl-1_1-1.1.1l-150400.7.7.1 removed - pam-1.3.0-150000.6.58.3 removed - patterns-base-fips-20200124-150400.18.4 removed - perl-base-5.26.1-150300.17.11.1 removed - permissions-20201225-150400.5.11.1 removed - rpm-config-SUSE-1-150400.14.3.1 removed - rpm-ndb-4.14.3-150300.49.1 removed - sed-4.4-11.6 removed - shadow-4.8.1-150400.8.57 removed - sles-release-15.4-150400.55.1 removed - system-group-hardware-20170617-150400.22.33 removed - system-user-root-20190513-3.3.1 removed - sysuser-shadow-3.1-150400.1.35 removed - terminfo-base-6.1-150000.5.12.1 removed - timezone-2022a-150000.75.10.1 removed - util-linux-2.37.2-150400.8.3.1 removed From sle-updates at lists.suse.com Tue Oct 11 07:32:43 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 11 Oct 2022 09:32:43 +0200 (CEST) Subject: SUSE-CU-2022:2512-1: Security update of suse/sle-micro/5.1/toolbox Message-ID: <20221011073243.7D6AEFBA8@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.1/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2512-1 Container Tags : suse/sle-micro/5.1/toolbox:11.1 , suse/sle-micro/5.1/toolbox:11.1-2.2.293 , suse/sle-micro/5.1/toolbox:latest Container Release : 2.2.293 Severity : important Type : security References : 1201942 1202624 CVE-2021-28861 ----------------------------------------------------------------- The container suse/sle-micro/5.1/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3452-1 Released: Wed Sep 28 12:13:43 2022 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1201942 This update for glibc fixes the following issues: - Reversing calculation of __x86_shared_non_temporal_threshold (bsc#1201942) - powerpc: Optimized memcmp for power10 (jsc#PED-987) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3544-1 Released: Thu Oct 6 13:48:42 2022 Summary: Security update for python3 Type: security Severity: important References: 1202624,CVE-2021-28861 This update for python3 fixes the following issues: - CVE-2021-28861: Fixed an open redirection vulnerability in the HTTP server when an URI path starts with // (bsc#1202624). The following package changes have been done: - glibc-locale-base-2.31-150300.41.1 updated - glibc-locale-2.31-150300.41.1 updated - libpython3_6m1_0-3.6.15-150300.10.30.1 updated - python3-base-3.6.15-150300.10.30.1 updated From sle-updates at lists.suse.com Tue Oct 11 07:39:22 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 11 Oct 2022 09:39:22 +0200 (CEST) Subject: SUSE-CU-2022:2515-1: Security update of suse/sle-micro/5.2/toolbox Message-ID: <20221011073922.117D6FBA8@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.2/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2515-1 Container Tags : suse/sle-micro/5.2/toolbox:11.1 , suse/sle-micro/5.2/toolbox:11.1-6.2.114 , suse/sle-micro/5.2/toolbox:latest Container Release : 6.2.114 Severity : important Type : security References : 1201942 1202624 CVE-2021-28861 ----------------------------------------------------------------- The container suse/sle-micro/5.2/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3452-1 Released: Wed Sep 28 12:13:43 2022 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1201942 This update for glibc fixes the following issues: - Reversing calculation of __x86_shared_non_temporal_threshold (bsc#1201942) - powerpc: Optimized memcmp for power10 (jsc#PED-987) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3544-1 Released: Thu Oct 6 13:48:42 2022 Summary: Security update for python3 Type: security Severity: important References: 1202624,CVE-2021-28861 This update for python3 fixes the following issues: - CVE-2021-28861: Fixed an open redirection vulnerability in the HTTP server when an URI path starts with // (bsc#1202624). The following package changes have been done: - glibc-locale-base-2.31-150300.41.1 updated - glibc-locale-2.31-150300.41.1 updated - libpython3_6m1_0-3.6.15-150300.10.30.1 updated - python3-base-3.6.15-150300.10.30.1 updated From sle-updates at lists.suse.com Tue Oct 11 13:19:45 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 11 Oct 2022 15:19:45 +0200 (CEST) Subject: SUSE-SU-2022:3562-1: moderate: Security update for libgsasl Message-ID: <20221011131945.8E75BFBAE@maintenance.suse.de> SUSE Security Update: Security update for libgsasl ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3562-1 Rating: moderate References: #1201715 Cross-References: CVE-2022-2469 CVSS scores: CVE-2022-2469 (NVD) : 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2022-2469 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Affected Products: SUSE Linux Enterprise Module for SUSE Manager Proxy 4.1 SUSE Linux Enterprise Module for SUSE Manager Server 4.1 SUSE Manager Proxy 4.1 SUSE Manager Server 4.1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for libgsasl fixes the following issues: - CVE-2022-2469: Fixed OOB read in GSSAPI server (bsc#1201715). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.1-2022-3562=1 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.1-2022-3562=1 Package List: - SUSE Linux Enterprise Module for SUSE Manager Server 4.1 (aarch64 ppc64le s390x x86_64): libgsasl-debugsource-1.8.0-150200.3.3.1 libgsasl7-1.8.0-150200.3.3.1 libgsasl7-debuginfo-1.8.0-150200.3.3.1 - SUSE Linux Enterprise Module for SUSE Manager Server 4.1 (noarch): libgsasl-lang-1.8.0-150200.3.3.1 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.1 (aarch64 ppc64le s390x x86_64): libgsasl-debugsource-1.8.0-150200.3.3.1 libgsasl7-1.8.0-150200.3.3.1 libgsasl7-debuginfo-1.8.0-150200.3.3.1 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.1 (noarch): libgsasl-lang-1.8.0-150200.3.3.1 References: https://www.suse.com/security/cve/CVE-2022-2469.html https://bugzilla.suse.com/1201715 From sle-updates at lists.suse.com Tue Oct 11 13:20:37 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 11 Oct 2022 15:20:37 +0200 (CEST) Subject: SUSE-SU-2022:3563-1: moderate: Security update for libgsasl Message-ID: <20221011132037.803DEFBAE@maintenance.suse.de> SUSE Security Update: Security update for libgsasl ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3563-1 Rating: moderate References: #1201715 Cross-References: CVE-2022-2469 CVSS scores: CVE-2022-2469 (NVD) : 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2022-2469 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Affected Products: SUSE Linux Enterprise Module for SUSE Manager Proxy 4.3 SUSE Linux Enterprise Module for SUSE Manager Server 4.3 SUSE Manager Proxy 4.3 SUSE Manager Server 4.3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for libgsasl fixes the following issues: - CVE-2022-2469: Fixed OOB read in GSSAPI server (bsc#1201715). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for SUSE Manager Server 4.3: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.3-2022-3563=1 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.3: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.3-2022-3563=1 Package List: - SUSE Linux Enterprise Module for SUSE Manager Server 4.3 (aarch64 ppc64le s390x x86_64): libgsasl-debugsource-1.8.0-150400.3.3.1 libgsasl7-1.8.0-150400.3.3.1 libgsasl7-debuginfo-1.8.0-150400.3.3.1 - SUSE Linux Enterprise Module for SUSE Manager Server 4.3 (noarch): libgsasl-lang-1.8.0-150400.3.3.1 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.3 (aarch64 ppc64le s390x x86_64): libgsasl-debugsource-1.8.0-150400.3.3.1 libgsasl7-1.8.0-150400.3.3.1 libgsasl7-debuginfo-1.8.0-150400.3.3.1 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.3 (noarch): libgsasl-lang-1.8.0-150400.3.3.1 References: https://www.suse.com/security/cve/CVE-2022-2469.html https://bugzilla.suse.com/1201715 From sle-updates at lists.suse.com Tue Oct 11 13:21:24 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 11 Oct 2022 15:21:24 +0200 (CEST) Subject: SUSE-SU-2022:3560-1: important: Security update for snakeyaml Message-ID: <20221011132124.76564FBAE@maintenance.suse.de> SUSE Security Update: Security update for snakeyaml ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3560-1 Rating: important References: #1183360 #1202932 #1203149 #1203153 #1203154 #1203158 Cross-References: CVE-2020-13936 CVE-2022-25857 CVE-2022-38749 CVE-2022-38750 CVE-2022-38751 CVE-2022-38752 CVSS scores: CVE-2020-13936 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2020-13936 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-25857 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-25857 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-38749 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-38749 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-38750 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2022-38750 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-38751 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-38751 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-38752 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-38752 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Module for SUSE Manager Server 4.1 SUSE Manager Server 4.1 ______________________________________________________________________________ An update that fixes 6 vulnerabilities is now available. Description: This update for snakeyaml fixes the following issues: snakeyaml was upgraded to version 1.31: - CVE-2022-25857: Fixed DoS due missing to nested depth limitation for collections (bsc#1202932). - CVE-2022-38749: Fixed DoS due to stack overflow in parser (bsc#1202932). - CVE-2022-38751: Fixed DoS due to parsing of untrusted yaml files (bsc#1203153). - CVE-2022-38752: Fixed DoS due to stack overflow in parser (bsc#1203154). - CVE-2022-38750: Fixed DoS due to parsing of untrusted yaml files (bsc#1203158). - CVE-2020-13936: Fixed arbitrary code execution when attacker is able to modify templates (bsc#1183360). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.1-2022-3560=1 Package List: - SUSE Linux Enterprise Module for SUSE Manager Server 4.1 (noarch): snakeyaml-1.31-150200.12.6.1 References: https://www.suse.com/security/cve/CVE-2020-13936.html https://www.suse.com/security/cve/CVE-2022-25857.html https://www.suse.com/security/cve/CVE-2022-38749.html https://www.suse.com/security/cve/CVE-2022-38750.html https://www.suse.com/security/cve/CVE-2022-38751.html https://www.suse.com/security/cve/CVE-2022-38752.html https://bugzilla.suse.com/1183360 https://bugzilla.suse.com/1202932 https://bugzilla.suse.com/1203149 https://bugzilla.suse.com/1203153 https://bugzilla.suse.com/1203154 https://bugzilla.suse.com/1203158 From sle-updates at lists.suse.com Tue Oct 11 13:22:33 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 11 Oct 2022 15:22:33 +0200 (CEST) Subject: SUSE-SU-2022:3561-1: moderate: Security update for libgsasl Message-ID: <20221011132233.798DAFBAE@maintenance.suse.de> SUSE Security Update: Security update for libgsasl ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3561-1 Rating: moderate References: #1201715 Cross-References: CVE-2022-2469 CVSS scores: CVE-2022-2469 (NVD) : 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2022-2469 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Affected Products: SUSE Linux Enterprise Module for SUSE Manager Proxy 4.2 SUSE Linux Enterprise Module for SUSE Manager Server 4.2 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for libgsasl fixes the following issues: - CVE-2022-2469: Fixed OOB read in GSSAPI server (bsc#1201715). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for SUSE Manager Server 4.2: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.2-2022-3561=1 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.2: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.2-2022-3561=1 Package List: - SUSE Linux Enterprise Module for SUSE Manager Server 4.2 (aarch64 ppc64le s390x x86_64): libgsasl-debugsource-1.8.0-150300.3.3.1 libgsasl7-1.8.0-150300.3.3.1 libgsasl7-debuginfo-1.8.0-150300.3.3.1 - SUSE Linux Enterprise Module for SUSE Manager Server 4.2 (noarch): libgsasl-lang-1.8.0-150300.3.3.1 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.2 (aarch64 ppc64le s390x x86_64): libgsasl-debugsource-1.8.0-150300.3.3.1 libgsasl7-1.8.0-150300.3.3.1 libgsasl7-debuginfo-1.8.0-150300.3.3.1 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.2 (noarch): libgsasl-lang-1.8.0-150300.3.3.1 References: https://www.suse.com/security/cve/CVE-2022-2469.html https://bugzilla.suse.com/1201715 From sle-updates at lists.suse.com Tue Oct 11 19:20:15 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 11 Oct 2022 21:20:15 +0200 (CEST) Subject: SUSE-RU-2022:3567-1: critical: Recommended update for libzypp, zypper Message-ID: <20221011192015.F326BFBAE@maintenance.suse.de> SUSE Recommended Update: Recommended update for libzypp, zypper ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:3567-1 Rating: critical References: #1189282 #1201972 #1203649 Affected Products: SUSE Linux Enterprise Desktop 15 SUSE Linux Enterprise High Performance Computing 15 SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise Installer 15 SUSE Linux Enterprise Server 15 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server for SAP Applications 15 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for libzypp, zypper fixes the following issues: libzypp: - Enable 'zck' support for SUSE Linux Enterprise 15 Service Pack 4 and newer (bsc#1189282) - Fix regression leading to `-allow-vendor-change` and `no-allow-vendor-change` options being ignored (bsc#1201972) - Remove migration code that is no longer needed (bsc#1203649) - Store logrotate files in vendor specific directory '/usr/etc/logrotate.d' if so defined zypper: - Fix contradiction in the man page: `--download-in-advance` option is the default behavior - Fix regression leading to `-allow-vendor-change` and `no-allow-vendor-change` options being ignored (bsc#1201972) - Fix tests to use locale "C.UTF-8" rather than "en_US" - Make sure 'up' respects solver related CLI options (bsc#1201972) - Remove unneeded code to compute the PPP status because it is now auto established - Store logrotate files in vendor specific directory '/usr/etc/logrotate.d' if so defined Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-3567=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-3567=1 - SUSE Linux Enterprise Installer 15: zypper in -t patch SUSE-SLE-INSTALLER-15-2022-3567=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-3567=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-3567=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): libzypp-17.31.2-150000.3.104.1 libzypp-debuginfo-17.31.2-150000.3.104.1 libzypp-debugsource-17.31.2-150000.3.104.1 libzypp-devel-17.31.2-150000.3.104.1 zypper-1.14.57-150000.3.78.1 zypper-debuginfo-1.14.57-150000.3.78.1 zypper-debugsource-1.14.57-150000.3.78.1 - SUSE Linux Enterprise Server for SAP 15 (noarch): zypper-log-1.14.57-150000.3.78.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): libzypp-17.31.2-150000.3.104.1 libzypp-debuginfo-17.31.2-150000.3.104.1 libzypp-debugsource-17.31.2-150000.3.104.1 libzypp-devel-17.31.2-150000.3.104.1 zypper-1.14.57-150000.3.78.1 zypper-debuginfo-1.14.57-150000.3.78.1 zypper-debugsource-1.14.57-150000.3.78.1 - SUSE Linux Enterprise Server 15-LTSS (noarch): zypper-log-1.14.57-150000.3.78.1 - SUSE Linux Enterprise Installer 15 (aarch64 ppc64le s390x x86_64): libzypp-17.31.2-150000.3.104.1 zypper-1.14.57-150000.3.78.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): libzypp-17.31.2-150000.3.104.1 libzypp-debuginfo-17.31.2-150000.3.104.1 libzypp-debugsource-17.31.2-150000.3.104.1 libzypp-devel-17.31.2-150000.3.104.1 zypper-1.14.57-150000.3.78.1 zypper-debuginfo-1.14.57-150000.3.78.1 zypper-debugsource-1.14.57-150000.3.78.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch): zypper-log-1.14.57-150000.3.78.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): libzypp-17.31.2-150000.3.104.1 libzypp-debuginfo-17.31.2-150000.3.104.1 libzypp-debugsource-17.31.2-150000.3.104.1 libzypp-devel-17.31.2-150000.3.104.1 zypper-1.14.57-150000.3.78.1 zypper-debuginfo-1.14.57-150000.3.78.1 zypper-debugsource-1.14.57-150000.3.78.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch): zypper-log-1.14.57-150000.3.78.1 References: https://bugzilla.suse.com/1189282 https://bugzilla.suse.com/1201972 https://bugzilla.suse.com/1203649 From sle-updates at lists.suse.com Tue Oct 11 19:21:06 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 11 Oct 2022 21:21:06 +0200 (CEST) Subject: SUSE-RU-2022:3568-1: moderate: Recommended update for subscription-matcher Message-ID: <20221011192106.3B1E3FBAE@maintenance.suse.de> SUSE Recommended Update: Recommended update for subscription-matcher ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:3568-1 Rating: moderate References: Affected Products: SUSE Linux Enterprise Module for SUSE Manager Server 4.1 SUSE Manager Server 4.1 ______________________________________________________________________________ An update that has 0 recommended fixes can now be installed. Description: This update for subscription-matcher fixes the following issues: - Specify that the supported Guava version is >= 27.0.1 and < 31.0. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.1-2022-3568=1 Package List: - SUSE Linux Enterprise Module for SUSE Manager Server 4.1 (noarch): subscription-matcher-0.28-150200.3.18.1 References: From sle-updates at lists.suse.com Tue Oct 11 19:21:48 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 11 Oct 2022 21:21:48 +0200 (CEST) Subject: SUSE-RU-2022:3566-1: critical: Recommended update for libzypp, zypper Message-ID: <20221011192148.0CFE9FBAE@maintenance.suse.de> SUSE Recommended Update: Recommended update for libzypp, zypper ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:3566-1 Rating: critical References: #1189282 #1201972 #1203649 Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Linux Enterprise Desktop 15-SP1 SUSE Linux Enterprise High Performance Computing 15-SP1 SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise Installer 15-SP1 SUSE Linux Enterprise Server 15-SP1 SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP Applications 15-SP1 SUSE Linux Enterprise Storage 6 SUSE Manager Proxy 4.0 SUSE Manager Retail Branch Server 4.0 SUSE Manager Server 4.0 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for libzypp, zypper fixes the following issues: libzypp: - Enable 'zck' support for SUSE Linux Enterprise 15 Service Pack 4 and newer (bsc#1189282) - Fix regression leading to `-allow-vendor-change` and `no-allow-vendor-change` options being ignored (bsc#1201972) - Remove migration code that is no longer needed (bsc#1203649) - Store logrotate files in vendor specif directory '/usr/etc/logrotate.d' if so defined zypper: - Fix contradiction in the man page: `--download-in-advance` option is the default behavior - Fix regression leading to `-allow-vendor-change` and `no-allow-vendor-change` options being ignored (bsc#1201972) - Fix tests to use locale "C.UTF-8" rather than "en_US" - Make sure 'up' respects solver related CLI options (bsc#1201972) - Remove unneeded code to compute the PPP status because it is now auto established - Store logrotate files in vendor specif directory '/usr/etc/logrotate.d' if so defined Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-3566=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-3566=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-3566=1 - SUSE Linux Enterprise Installer 15-SP1: zypper in -t patch SUSE-SLE-INSTALLER-15-SP1-2022-3566=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-3566=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-3566=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-3566=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): libzypp-17.31.2-150100.3.87.1 libzypp-debuginfo-17.31.2-150100.3.87.1 libzypp-debugsource-17.31.2-150100.3.87.1 libzypp-devel-17.31.2-150100.3.87.1 zypper-1.14.57-150100.3.64.1 zypper-debuginfo-1.14.57-150100.3.64.1 zypper-debugsource-1.14.57-150100.3.64.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (noarch): zypper-log-1.14.57-150100.3.64.1 zypper-needs-restarting-1.14.57-150100.3.64.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): libzypp-17.31.2-150100.3.87.1 libzypp-debuginfo-17.31.2-150100.3.87.1 libzypp-debugsource-17.31.2-150100.3.87.1 libzypp-devel-17.31.2-150100.3.87.1 zypper-1.14.57-150100.3.64.1 zypper-debuginfo-1.14.57-150100.3.64.1 zypper-debugsource-1.14.57-150100.3.64.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (noarch): zypper-log-1.14.57-150100.3.64.1 zypper-needs-restarting-1.14.57-150100.3.64.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): libzypp-17.31.2-150100.3.87.1 libzypp-debuginfo-17.31.2-150100.3.87.1 libzypp-debugsource-17.31.2-150100.3.87.1 libzypp-devel-17.31.2-150100.3.87.1 zypper-1.14.57-150100.3.64.1 zypper-debuginfo-1.14.57-150100.3.64.1 zypper-debugsource-1.14.57-150100.3.64.1 - SUSE Linux Enterprise Server 15-SP1-BCL (noarch): zypper-log-1.14.57-150100.3.64.1 zypper-needs-restarting-1.14.57-150100.3.64.1 - SUSE Linux Enterprise Installer 15-SP1 (aarch64 ppc64le s390x x86_64): libzypp-17.31.2-150100.3.87.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): libzypp-17.31.2-150100.3.87.1 libzypp-debuginfo-17.31.2-150100.3.87.1 libzypp-debugsource-17.31.2-150100.3.87.1 libzypp-devel-17.31.2-150100.3.87.1 zypper-1.14.57-150100.3.64.1 zypper-debuginfo-1.14.57-150100.3.64.1 zypper-debugsource-1.14.57-150100.3.64.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch): zypper-log-1.14.57-150100.3.64.1 zypper-needs-restarting-1.14.57-150100.3.64.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): libzypp-17.31.2-150100.3.87.1 libzypp-debuginfo-17.31.2-150100.3.87.1 libzypp-debugsource-17.31.2-150100.3.87.1 libzypp-devel-17.31.2-150100.3.87.1 zypper-1.14.57-150100.3.64.1 zypper-debuginfo-1.14.57-150100.3.64.1 zypper-debugsource-1.14.57-150100.3.64.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (noarch): zypper-log-1.14.57-150100.3.64.1 zypper-needs-restarting-1.14.57-150100.3.64.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): libzypp-17.31.2-150100.3.87.1 libzypp-debuginfo-17.31.2-150100.3.87.1 libzypp-debugsource-17.31.2-150100.3.87.1 libzypp-devel-17.31.2-150100.3.87.1 zypper-1.14.57-150100.3.64.1 zypper-debuginfo-1.14.57-150100.3.64.1 zypper-debugsource-1.14.57-150100.3.64.1 - SUSE Enterprise Storage 6 (noarch): zypper-log-1.14.57-150100.3.64.1 zypper-needs-restarting-1.14.57-150100.3.64.1 - SUSE CaaS Platform 4.0 (noarch): zypper-log-1.14.57-150100.3.64.1 zypper-needs-restarting-1.14.57-150100.3.64.1 - SUSE CaaS Platform 4.0 (x86_64): libzypp-17.31.2-150100.3.87.1 libzypp-debuginfo-17.31.2-150100.3.87.1 libzypp-debugsource-17.31.2-150100.3.87.1 libzypp-devel-17.31.2-150100.3.87.1 zypper-1.14.57-150100.3.64.1 zypper-debuginfo-1.14.57-150100.3.64.1 zypper-debugsource-1.14.57-150100.3.64.1 References: https://bugzilla.suse.com/1189282 https://bugzilla.suse.com/1201972 https://bugzilla.suse.com/1203649 From sle-updates at lists.suse.com Tue Oct 11 19:22:46 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 11 Oct 2022 21:22:46 +0200 (CEST) Subject: SUSE-RU-2022:3564-1: critical: Recommended update for libzypp, zypper Message-ID: <20221011192246.B4355FBAE@maintenance.suse.de> SUSE Recommended Update: Recommended update for libzypp, zypper ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:3564-1 Rating: critical References: #1189282 #1201972 #1203649 Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for libzypp, zypper fixes the following issues: libzypp: - Enable 'zck' support for SUSE Linux Enterprise 15 Service Pack 4 and newer (bsc#1189282) - Fix regression leading to `-allow-vendor-change` and `no-allow-vendor-change` options being ignored (bsc#1201972) - Remove migration code that is no longer needed (bsc#1203649) - Store logrotate files in vendor specif directory '/usr/etc/logrotate.d' if so defined zypper: - Fix contradiction in the man page: `--download-in-advance` option is the default behavior - Fix regression leading to `-allow-vendor-change` and `no-allow-vendor-change` options being ignored (bsc#1201972) - Fix tests to use locale "C.UTF-8" rather than "en_US" - Make sure 'up' respects solver related CLI options (bsc#1201972) - Remove unneeded code to compute the PPP status because it is now auto established - Store logrotate files in vendor specif directory '/usr/etc/logrotate.d' if so defined Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3564=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-3564=1 - SUSE Linux Enterprise Micro 5.3: zypper in -t patch SUSE-SLE-Micro-5.3-2022-3564=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): libzypp-17.31.2-150400.3.9.1 libzypp-debuginfo-17.31.2-150400.3.9.1 libzypp-debugsource-17.31.2-150400.3.9.1 libzypp-devel-17.31.2-150400.3.9.1 libzypp-devel-doc-17.31.2-150400.3.9.1 zypper-1.14.57-150400.3.9.1 zypper-debuginfo-1.14.57-150400.3.9.1 zypper-debugsource-1.14.57-150400.3.9.1 - openSUSE Leap 15.4 (noarch): zypper-aptitude-1.14.57-150400.3.9.1 zypper-log-1.14.57-150400.3.9.1 zypper-needs-restarting-1.14.57-150400.3.9.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): libzypp-17.31.2-150400.3.9.1 libzypp-debuginfo-17.31.2-150400.3.9.1 libzypp-debugsource-17.31.2-150400.3.9.1 libzypp-devel-17.31.2-150400.3.9.1 zypper-1.14.57-150400.3.9.1 zypper-debuginfo-1.14.57-150400.3.9.1 zypper-debugsource-1.14.57-150400.3.9.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (noarch): zypper-log-1.14.57-150400.3.9.1 zypper-needs-restarting-1.14.57-150400.3.9.1 - SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64): libzypp-17.31.2-150400.3.9.1 libzypp-debuginfo-17.31.2-150400.3.9.1 libzypp-debugsource-17.31.2-150400.3.9.1 zypper-1.14.57-150400.3.9.1 zypper-debuginfo-1.14.57-150400.3.9.1 zypper-debugsource-1.14.57-150400.3.9.1 - SUSE Linux Enterprise Micro 5.3 (noarch): zypper-needs-restarting-1.14.57-150400.3.9.1 References: https://bugzilla.suse.com/1189282 https://bugzilla.suse.com/1201972 https://bugzilla.suse.com/1203649 From sle-updates at lists.suse.com Tue Oct 11 19:23:49 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 11 Oct 2022 21:23:49 +0200 (CEST) Subject: SUSE-RU-2022:3569-1: important: Recommended update for SAPHanaSR Message-ID: <20221011192349.2863BFBAE@maintenance.suse.de> SUSE Recommended Update: Recommended update for SAPHanaSR ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:3569-1 Rating: important References: #1192963 #1198127 #1201945 PED-1253 Affected Products: SUSE Linux Enterprise Module for SAP Applications 15 SUSE Linux Enterprise Module for SAP Applications 15-SP1 SUSE Linux Enterprise Module for SAP Applications 15-SP2 SUSE Linux Enterprise Module for SAP Applications 15-SP3 SUSE Linux Enterprise Module for SAP Applications 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15 SUSE Linux Enterprise Server for SAP Applications 15-SP1 SUSE Linux Enterprise Server for SAP Applications 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has three recommended fixes and contains one feature can now be installed. Description: This update for SAPHanaSR fixes the following issues: - SAPHanaSR-monitor not reporting correctly. (bsc#1192963) - Version bump to 0.161.1_BF - add the required 'xmllint' to the package (bsc#1201945) - changes to the demote_clone function of the resource agent: if the role is '1:P' (topology agent run into timeouts) the function fail with rc=1, to get the managed resource stopped changes to the stop_clone function of the topology agent: call landscapeHostConfiguration.py and set the roles as they were reported. If the command timed out, set the role to '1:P' and return 1 to get the node fenced. The used timeout for the landscapeHostConfiguration.py call can be configured by the cluster action timeout, if needed. It will be 50% of the action timeout or the minimum of 300s. (bsc#1198127) - add new HA/DR provider hook susChkSrv (jsc#PED-1241, jsc#PED-1240, jsc#PED-1253) - add new tool SAPHanaSR-manageProvider to show, add and delete HA/DR provider sections in the global.ini of SAP HANA. - update suse icon to new branding Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3569=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-3569=1 - SUSE Linux Enterprise Module for SAP Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP4-2022-3569=1 - SUSE Linux Enterprise Module for SAP Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP3-2022-3569=1 - SUSE Linux Enterprise Module for SAP Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP2-2022-3569=1 - SUSE Linux Enterprise Module for SAP Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP1-2022-3569=1 - SUSE Linux Enterprise Module for SAP Applications 15: zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-2022-3569=1 Package List: - openSUSE Leap 15.4 (noarch): SAPHanaSR-0.161.1_BF-150000.4.25.1 SAPHanaSR-doc-0.161.1_BF-150000.4.25.1 - openSUSE Leap 15.3 (noarch): SAPHanaSR-0.161.1_BF-150000.4.25.1 SAPHanaSR-doc-0.161.1_BF-150000.4.25.1 - SUSE Linux Enterprise Module for SAP Applications 15-SP4 (noarch): SAPHanaSR-0.161.1_BF-150000.4.25.1 SAPHanaSR-doc-0.161.1_BF-150000.4.25.1 - SUSE Linux Enterprise Module for SAP Applications 15-SP3 (noarch): SAPHanaSR-0.161.1_BF-150000.4.25.1 SAPHanaSR-doc-0.161.1_BF-150000.4.25.1 - SUSE Linux Enterprise Module for SAP Applications 15-SP2 (noarch): SAPHanaSR-0.161.1_BF-150000.4.25.1 SAPHanaSR-doc-0.161.1_BF-150000.4.25.1 - SUSE Linux Enterprise Module for SAP Applications 15-SP1 (noarch): SAPHanaSR-0.161.1_BF-150000.4.25.1 SAPHanaSR-doc-0.161.1_BF-150000.4.25.1 - SUSE Linux Enterprise Module for SAP Applications 15 (noarch): SAPHanaSR-0.161.1_BF-150000.4.25.1 SAPHanaSR-doc-0.161.1_BF-150000.4.25.1 References: https://bugzilla.suse.com/1192963 https://bugzilla.suse.com/1198127 https://bugzilla.suse.com/1201945 From sle-updates at lists.suse.com Tue Oct 11 19:25:18 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 11 Oct 2022 21:25:18 +0200 (CEST) Subject: SUSE-RU-2022:3565-1: critical: Recommended update for libzypp, zypper Message-ID: <20221011192518.50581FBAE@maintenance.suse.de> SUSE Recommended Update: Recommended update for libzypp, zypper ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:3565-1 Rating: critical References: #1189282 #1201972 #1203649 Affected Products: SUSE Enterprise Storage 7 SUSE Linux Enterprise Desktop 15-SP2 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Installer 15-SP2 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Server 15-SP2 SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Storage 7 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.1 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.1 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap Micro 5.2 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for libzypp, zypper fixes the following issues: libzypp: - Enable 'zck' support for SUSE Linux Enterprise 15 Service Pack 4 and newer (bsc#1189282) - Fix regression leading to `-allow-vendor-change` and `no-allow-vendor-change` options being ignored (bsc#1201972) - Remove migration code that is no longer needed (bsc#1203649) - Store logrotate files in vendor specif directory '/usr/etc/logrotate.d' if so defined zypper: - Fix contradiction in the man page: `--download-in-advance` option is the default behavior - Fix regression leading to `-allow-vendor-change` and `no-allow-vendor-change` options being ignored (bsc#1201972) - Fix tests to use locale "C.UTF-8" rather than "en_US" - Make sure 'up' respects solver related CLI options (bsc#1201972) - Remove unneeded code to compute the PPP status because it is now auto established - Store logrotate files in vendor specif directory '/usr/etc/logrotate.d' if so defined Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap Micro 5.2: zypper in -t patch openSUSE-Leap-Micro-5.2-2022-3565=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-3565=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-3565=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-3565=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-3565=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-3565=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-3565=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-3565=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-3565=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-3565=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-3565=1 - SUSE Linux Enterprise Installer 15-SP2: zypper in -t patch SUSE-SLE-INSTALLER-15-SP2-2022-3565=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-3565=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-3565=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-3565=1 Package List: - openSUSE Leap Micro 5.2 (aarch64 x86_64): libzypp-17.31.2-150200.45.1 libzypp-debuginfo-17.31.2-150200.45.1 libzypp-debugsource-17.31.2-150200.45.1 zypper-1.14.57-150200.39.1 zypper-debuginfo-1.14.57-150200.39.1 zypper-debugsource-1.14.57-150200.39.1 - openSUSE Leap Micro 5.2 (noarch): zypper-needs-restarting-1.14.57-150200.39.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): libzypp-17.31.2-150200.45.1 libzypp-debuginfo-17.31.2-150200.45.1 libzypp-debugsource-17.31.2-150200.45.1 libzypp-devel-17.31.2-150200.45.1 libzypp-devel-doc-17.31.2-150200.45.1 zypper-1.14.57-150200.39.1 zypper-debuginfo-1.14.57-150200.39.1 zypper-debugsource-1.14.57-150200.39.1 - openSUSE Leap 15.3 (noarch): zypper-aptitude-1.14.57-150200.39.1 zypper-log-1.14.57-150200.39.1 zypper-needs-restarting-1.14.57-150200.39.1 - SUSE Manager Server 4.1 (ppc64le s390x x86_64): libzypp-17.31.2-150200.45.1 libzypp-debuginfo-17.31.2-150200.45.1 libzypp-debugsource-17.31.2-150200.45.1 libzypp-devel-17.31.2-150200.45.1 zypper-1.14.57-150200.39.1 zypper-debuginfo-1.14.57-150200.39.1 zypper-debugsource-1.14.57-150200.39.1 - SUSE Manager Server 4.1 (noarch): zypper-log-1.14.57-150200.39.1 zypper-needs-restarting-1.14.57-150200.39.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): libzypp-17.31.2-150200.45.1 libzypp-debuginfo-17.31.2-150200.45.1 libzypp-debugsource-17.31.2-150200.45.1 libzypp-devel-17.31.2-150200.45.1 zypper-1.14.57-150200.39.1 zypper-debuginfo-1.14.57-150200.39.1 zypper-debugsource-1.14.57-150200.39.1 - SUSE Manager Retail Branch Server 4.1 (noarch): zypper-log-1.14.57-150200.39.1 zypper-needs-restarting-1.14.57-150200.39.1 - SUSE Manager Proxy 4.1 (noarch): zypper-log-1.14.57-150200.39.1 zypper-needs-restarting-1.14.57-150200.39.1 - SUSE Manager Proxy 4.1 (x86_64): libzypp-17.31.2-150200.45.1 libzypp-debuginfo-17.31.2-150200.45.1 libzypp-debugsource-17.31.2-150200.45.1 libzypp-devel-17.31.2-150200.45.1 zypper-1.14.57-150200.39.1 zypper-debuginfo-1.14.57-150200.39.1 zypper-debugsource-1.14.57-150200.39.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): libzypp-17.31.2-150200.45.1 libzypp-debuginfo-17.31.2-150200.45.1 libzypp-debugsource-17.31.2-150200.45.1 libzypp-devel-17.31.2-150200.45.1 zypper-1.14.57-150200.39.1 zypper-debuginfo-1.14.57-150200.39.1 zypper-debugsource-1.14.57-150200.39.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (noarch): zypper-log-1.14.57-150200.39.1 zypper-needs-restarting-1.14.57-150200.39.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): libzypp-17.31.2-150200.45.1 libzypp-debuginfo-17.31.2-150200.45.1 libzypp-debugsource-17.31.2-150200.45.1 libzypp-devel-17.31.2-150200.45.1 zypper-1.14.57-150200.39.1 zypper-debuginfo-1.14.57-150200.39.1 zypper-debugsource-1.14.57-150200.39.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (noarch): zypper-log-1.14.57-150200.39.1 zypper-needs-restarting-1.14.57-150200.39.1 - SUSE Linux Enterprise Server 15-SP2-BCL (noarch): zypper-log-1.14.57-150200.39.1 zypper-needs-restarting-1.14.57-150200.39.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): libzypp-17.31.2-150200.45.1 libzypp-debuginfo-17.31.2-150200.45.1 libzypp-debugsource-17.31.2-150200.45.1 libzypp-devel-17.31.2-150200.45.1 zypper-1.14.57-150200.39.1 zypper-debuginfo-1.14.57-150200.39.1 zypper-debugsource-1.14.57-150200.39.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): libzypp-17.31.2-150200.45.1 libzypp-debuginfo-17.31.2-150200.45.1 libzypp-debugsource-17.31.2-150200.45.1 libzypp-devel-17.31.2-150200.45.1 zypper-1.14.57-150200.39.1 zypper-debuginfo-1.14.57-150200.39.1 zypper-debugsource-1.14.57-150200.39.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): zypper-log-1.14.57-150200.39.1 zypper-needs-restarting-1.14.57-150200.39.1 - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): libzypp-17.31.2-150200.45.1 libzypp-debuginfo-17.31.2-150200.45.1 libzypp-debugsource-17.31.2-150200.45.1 zypper-1.14.57-150200.39.1 zypper-debuginfo-1.14.57-150200.39.1 zypper-debugsource-1.14.57-150200.39.1 - SUSE Linux Enterprise Micro 5.2 (noarch): zypper-needs-restarting-1.14.57-150200.39.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): libzypp-17.31.2-150200.45.1 libzypp-debuginfo-17.31.2-150200.45.1 libzypp-debugsource-17.31.2-150200.45.1 zypper-1.14.57-150200.39.1 zypper-debuginfo-1.14.57-150200.39.1 zypper-debugsource-1.14.57-150200.39.1 - SUSE Linux Enterprise Micro 5.1 (noarch): zypper-needs-restarting-1.14.57-150200.39.1 - SUSE Linux Enterprise Installer 15-SP2 (aarch64 ppc64le s390x x86_64): libzypp-17.31.2-150200.45.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): libzypp-17.31.2-150200.45.1 libzypp-debuginfo-17.31.2-150200.45.1 libzypp-debugsource-17.31.2-150200.45.1 libzypp-devel-17.31.2-150200.45.1 zypper-1.14.57-150200.39.1 zypper-debuginfo-1.14.57-150200.39.1 zypper-debugsource-1.14.57-150200.39.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (noarch): zypper-log-1.14.57-150200.39.1 zypper-needs-restarting-1.14.57-150200.39.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): libzypp-17.31.2-150200.45.1 libzypp-debuginfo-17.31.2-150200.45.1 libzypp-debugsource-17.31.2-150200.45.1 libzypp-devel-17.31.2-150200.45.1 zypper-1.14.57-150200.39.1 zypper-debuginfo-1.14.57-150200.39.1 zypper-debugsource-1.14.57-150200.39.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (noarch): zypper-log-1.14.57-150200.39.1 zypper-needs-restarting-1.14.57-150200.39.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): libzypp-17.31.2-150200.45.1 libzypp-debuginfo-17.31.2-150200.45.1 libzypp-debugsource-17.31.2-150200.45.1 libzypp-devel-17.31.2-150200.45.1 zypper-1.14.57-150200.39.1 zypper-debuginfo-1.14.57-150200.39.1 zypper-debugsource-1.14.57-150200.39.1 - SUSE Enterprise Storage 7 (noarch): zypper-log-1.14.57-150200.39.1 zypper-needs-restarting-1.14.57-150200.39.1 References: https://bugzilla.suse.com/1189282 https://bugzilla.suse.com/1201972 https://bugzilla.suse.com/1203649 From sle-updates at lists.suse.com Tue Oct 11 22:20:58 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 12 Oct 2022 00:20:58 +0200 (CEST) Subject: SUSE-RU-2022:3570-1: important: Recommended update for prometheus-ha_cluster_exporter Message-ID: <20221011222058.DC6FFFBAE@maintenance.suse.de> SUSE Recommended Update: Recommended update for prometheus-ha_cluster_exporter ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:3570-1 Rating: important References: PED-2052 Affected Products: SUSE Linux Enterprise Module for SAP Applications 15-SP2 SUSE Linux Enterprise Module for SAP Applications 15-SP3 SUSE Linux Enterprise Module for SAP Applications 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has 0 recommended fixes and contains one feature can now be installed. Description: This update for prometheus-ha_cluster_exporter fixes the following issues: - Release 1.3.0 (jsc#PED-2052) - Added: - TLS and basic auth support (#200) - sysconfig file now available to override systemd unit CLI arguments (#200) - Changed - **Deprecated**: Some CLI flags were deprecated in favour of new ones according to upstream conventions (#200) - Boilerplate now uses the Prometheus Exporter Toolkit (#200) - Rename dashboard provider subpackage (#196) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3570=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-3570=1 - SUSE Linux Enterprise Module for SAP Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP4-2022-3570=1 - SUSE Linux Enterprise Module for SAP Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP3-2022-3570=1 - SUSE Linux Enterprise Module for SAP Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP2-2022-3570=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): prometheus-ha_cluster_exporter-1.3.0+git.1653405719.2a65dfc-150200.3.18.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): prometheus-ha_cluster_exporter-1.3.0+git.1653405719.2a65dfc-150200.3.18.1 - SUSE Linux Enterprise Module for SAP Applications 15-SP4 (aarch64 ppc64le s390x x86_64): prometheus-ha_cluster_exporter-1.3.0+git.1653405719.2a65dfc-150200.3.18.1 - SUSE Linux Enterprise Module for SAP Applications 15-SP3 (aarch64 ppc64le s390x x86_64): prometheus-ha_cluster_exporter-1.3.0+git.1653405719.2a65dfc-150200.3.18.1 - SUSE Linux Enterprise Module for SAP Applications 15-SP2 (aarch64 ppc64le s390x x86_64): prometheus-ha_cluster_exporter-1.3.0+git.1653405719.2a65dfc-150200.3.18.1 References: From sle-updates at lists.suse.com Wed Oct 12 07:33:35 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 12 Oct 2022 09:33:35 +0200 (CEST) Subject: SUSE-CU-2022:2518-1: Recommended update of bci/bci-init Message-ID: <20221012073335.7AF69FBA8@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2518-1 Container Tags : bci/bci-init:15.3 , bci/bci-init:15.3.20.6 Container Release : 20.6 Severity : critical Type : recommended References : 1189282 1199492 1201972 1203649 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3555-1 Released: Mon Oct 10 14:05:12 2022 Summary: Recommended update for aaa_base Type: recommended Severity: important References: 1199492 This update for aaa_base fixes the following issues: - The wrapper rootsh is not a restricted shell. (bsc#1199492) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3565-1 Released: Tue Oct 11 16:17:38 2022 Summary: Recommended update for libzypp, zypper Type: recommended Severity: critical References: 1189282,1201972,1203649 This update for libzypp, zypper fixes the following issues: libzypp: - Enable 'zck' support for SUSE Linux Enterprise 15 Service Pack 4 and newer (bsc#1189282) - Fix regression leading to `-allow-vendor-change` and `no-allow-vendor-change` options being ignored (bsc#1201972) - Remove migration code that is no longer needed (bsc#1203649) - Store logrotate files in vendor specif directory '/usr/etc/logrotate.d' if so defined zypper: - Fix contradiction in the man page: `--download-in-advance` option is the default behavior - Fix regression leading to `-allow-vendor-change` and `no-allow-vendor-change` options being ignored (bsc#1201972) - Fix tests to use locale 'C.UTF-8' rather than 'en_US' - Make sure 'up' respects solver related CLI options (bsc#1201972) - Remove unneeded code to compute the PPP status because it is now auto established - Store logrotate files in vendor specif directory '/usr/etc/logrotate.d' if so defined The following package changes have been done: - aaa_base-84.87+git20180409.04c9dae-150300.10.3.1 updated - libzypp-17.31.2-150200.45.1 updated - zypper-1.14.57-150200.39.1 updated - container:sles15-image-15.0.0-17.20.47 updated From sle-updates at lists.suse.com Wed Oct 12 07:45:22 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 12 Oct 2022 09:45:22 +0200 (CEST) Subject: SUSE-CU-2022:2520-1: Recommended update of bci/nodejs Message-ID: <20221012074522.28925FBA8@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2520-1 Container Tags : bci/node:12 , bci/node:12-17.5 , bci/nodejs:12 , bci/nodejs:12-17.5 Container Release : 17.5 Severity : critical Type : recommended References : 1189282 1199492 1201972 1203649 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3555-1 Released: Mon Oct 10 14:05:12 2022 Summary: Recommended update for aaa_base Type: recommended Severity: important References: 1199492 This update for aaa_base fixes the following issues: - The wrapper rootsh is not a restricted shell. (bsc#1199492) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3565-1 Released: Tue Oct 11 16:17:38 2022 Summary: Recommended update for libzypp, zypper Type: recommended Severity: critical References: 1189282,1201972,1203649 This update for libzypp, zypper fixes the following issues: libzypp: - Enable 'zck' support for SUSE Linux Enterprise 15 Service Pack 4 and newer (bsc#1189282) - Fix regression leading to `-allow-vendor-change` and `no-allow-vendor-change` options being ignored (bsc#1201972) - Remove migration code that is no longer needed (bsc#1203649) - Store logrotate files in vendor specif directory '/usr/etc/logrotate.d' if so defined zypper: - Fix contradiction in the man page: `--download-in-advance` option is the default behavior - Fix regression leading to `-allow-vendor-change` and `no-allow-vendor-change` options being ignored (bsc#1201972) - Fix tests to use locale 'C.UTF-8' rather than 'en_US' - Make sure 'up' respects solver related CLI options (bsc#1201972) - Remove unneeded code to compute the PPP status because it is now auto established - Store logrotate files in vendor specif directory '/usr/etc/logrotate.d' if so defined The following package changes have been done: - aaa_base-84.87+git20180409.04c9dae-150300.10.3.1 updated - libzypp-17.31.2-150200.45.1 updated - zypper-1.14.57-150200.39.1 updated - container:sles15-image-15.0.0-17.20.47 updated From sle-updates at lists.suse.com Wed Oct 12 07:53:03 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 12 Oct 2022 09:53:03 +0200 (CEST) Subject: SUSE-CU-2022:2521-1: Recommended update of bci/python Message-ID: <20221012075303.B728DFBA8@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2521-1 Container Tags : bci/python:3 , bci/python:3.9 , bci/python:3.9-19.5 Container Release : 19.5 Severity : critical Type : recommended References : 1189282 1199492 1201972 1203649 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3555-1 Released: Mon Oct 10 14:05:12 2022 Summary: Recommended update for aaa_base Type: recommended Severity: important References: 1199492 This update for aaa_base fixes the following issues: - The wrapper rootsh is not a restricted shell. (bsc#1199492) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3565-1 Released: Tue Oct 11 16:17:38 2022 Summary: Recommended update for libzypp, zypper Type: recommended Severity: critical References: 1189282,1201972,1203649 This update for libzypp, zypper fixes the following issues: libzypp: - Enable 'zck' support for SUSE Linux Enterprise 15 Service Pack 4 and newer (bsc#1189282) - Fix regression leading to `-allow-vendor-change` and `no-allow-vendor-change` options being ignored (bsc#1201972) - Remove migration code that is no longer needed (bsc#1203649) - Store logrotate files in vendor specif directory '/usr/etc/logrotate.d' if so defined zypper: - Fix contradiction in the man page: `--download-in-advance` option is the default behavior - Fix regression leading to `-allow-vendor-change` and `no-allow-vendor-change` options being ignored (bsc#1201972) - Fix tests to use locale 'C.UTF-8' rather than 'en_US' - Make sure 'up' respects solver related CLI options (bsc#1201972) - Remove unneeded code to compute the PPP status because it is now auto established - Store logrotate files in vendor specif directory '/usr/etc/logrotate.d' if so defined The following package changes have been done: - aaa_base-84.87+git20180409.04c9dae-150300.10.3.1 updated - libzypp-17.31.2-150200.45.1 updated - zypper-1.14.57-150200.39.1 updated - container:sles15-image-15.0.0-17.20.47 updated From sle-updates at lists.suse.com Wed Oct 12 08:05:28 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 12 Oct 2022 10:05:28 +0200 (CEST) Subject: SUSE-CU-2022:2522-1: Recommended update of suse/sle15 Message-ID: <20221012080528.C1886FBA8@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2522-1 Container Tags : bci/bci-base:15.3 , bci/bci-base:15.3.17.20.48 , suse/sle15:15.3 , suse/sle15:15.3.17.20.48 Container Release : 17.20.48 Severity : critical Type : recommended References : 1189282 1199492 1201972 1203649 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3555-1 Released: Mon Oct 10 14:05:12 2022 Summary: Recommended update for aaa_base Type: recommended Severity: important References: 1199492 This update for aaa_base fixes the following issues: - The wrapper rootsh is not a restricted shell. (bsc#1199492) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3565-1 Released: Tue Oct 11 16:17:38 2022 Summary: Recommended update for libzypp, zypper Type: recommended Severity: critical References: 1189282,1201972,1203649 This update for libzypp, zypper fixes the following issues: libzypp: - Enable 'zck' support for SUSE Linux Enterprise 15 Service Pack 4 and newer (bsc#1189282) - Fix regression leading to `-allow-vendor-change` and `no-allow-vendor-change` options being ignored (bsc#1201972) - Remove migration code that is no longer needed (bsc#1203649) - Store logrotate files in vendor specif directory '/usr/etc/logrotate.d' if so defined zypper: - Fix contradiction in the man page: `--download-in-advance` option is the default behavior - Fix regression leading to `-allow-vendor-change` and `no-allow-vendor-change` options being ignored (bsc#1201972) - Fix tests to use locale 'C.UTF-8' rather than 'en_US' - Make sure 'up' respects solver related CLI options (bsc#1201972) - Remove unneeded code to compute the PPP status because it is now auto established - Store logrotate files in vendor specif directory '/usr/etc/logrotate.d' if so defined The following package changes have been done: - aaa_base-84.87+git20180409.04c9dae-150300.10.3.1 updated - libzypp-17.31.2-150200.45.1 updated - zypper-1.14.57-150200.39.1 updated From sle-updates at lists.suse.com Wed Oct 12 08:50:42 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 12 Oct 2022 10:50:42 +0200 (CEST) Subject: SUSE-CU-2022:2546-1: Recommended update of suse/sle15 Message-ID: <20221012085042.30846FBA8@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2546-1 Container Tags : bci/bci-base:15.4 , bci/bci-base:15.4.27.11.31 , suse/sle15:15.4 , suse/sle15:15.4.27.11.31 Container Release : 27.11.31 Severity : critical Type : recommended References : 1189282 1199492 1201972 1203649 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3555-1 Released: Mon Oct 10 14:05:12 2022 Summary: Recommended update for aaa_base Type: recommended Severity: important References: 1199492 This update for aaa_base fixes the following issues: - The wrapper rootsh is not a restricted shell. (bsc#1199492) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3564-1 Released: Tue Oct 11 16:15:57 2022 Summary: Recommended update for libzypp, zypper Type: recommended Severity: critical References: 1189282,1201972,1203649 This update for libzypp, zypper fixes the following issues: libzypp: - Enable 'zck' support for SUSE Linux Enterprise 15 Service Pack 4 and newer (bsc#1189282) - Fix regression leading to `-allow-vendor-change` and `no-allow-vendor-change` options being ignored (bsc#1201972) - Remove migration code that is no longer needed (bsc#1203649) - Store logrotate files in vendor specif directory '/usr/etc/logrotate.d' if so defined zypper: - Fix contradiction in the man page: `--download-in-advance` option is the default behavior - Fix regression leading to `-allow-vendor-change` and `no-allow-vendor-change` options being ignored (bsc#1201972) - Fix tests to use locale 'C.UTF-8' rather than 'en_US' - Make sure 'up' respects solver related CLI options (bsc#1201972) - Remove unneeded code to compute the PPP status because it is now auto established - Store logrotate files in vendor specif directory '/usr/etc/logrotate.d' if so defined The following package changes have been done: - aaa_base-84.87+git20180409.04c9dae-150300.10.3.1 updated - libzck1-1.1.16-150400.1.10 added - libzypp-17.31.2-150400.3.9.1 updated - zypper-1.14.57-150400.3.9.1 updated From sle-updates at lists.suse.com Thu Oct 13 07:49:39 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 13 Oct 2022 09:49:39 +0200 (CEST) Subject: SUSE-CU-2022:2548-1: Recommended update of suse/sle15 Message-ID: <20221013074939.4B090FBA8@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2548-1 Container Tags : suse/sle15:15.0 , suse/sle15:15.0.4.22.623 Container Release : 4.22.623 Severity : critical Type : recommended References : 1189282 1201972 1203649 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3567-1 Released: Tue Oct 11 16:19:52 2022 Summary: Recommended update for libzypp, zypper Type: recommended Severity: critical References: 1189282,1201972,1203649 This update for libzypp, zypper fixes the following issues: libzypp: - Enable 'zck' support for SUSE Linux Enterprise 15 Service Pack 4 and newer (bsc#1189282) - Fix regression leading to `-allow-vendor-change` and `no-allow-vendor-change` options being ignored (bsc#1201972) - Remove migration code that is no longer needed (bsc#1203649) - Store logrotate files in vendor specific directory '/usr/etc/logrotate.d' if so defined zypper: - Fix contradiction in the man page: `--download-in-advance` option is the default behavior - Fix regression leading to `-allow-vendor-change` and `no-allow-vendor-change` options being ignored (bsc#1201972) - Fix tests to use locale 'C.UTF-8' rather than 'en_US' - Make sure 'up' respects solver related CLI options (bsc#1201972) - Remove unneeded code to compute the PPP status because it is now auto established - Store logrotate files in vendor specific directory '/usr/etc/logrotate.d' if so defined The following package changes have been done: - libzypp-17.31.2-150000.3.104.1 updated - zypper-1.14.57-150000.3.78.1 updated From sle-updates at lists.suse.com Thu Oct 13 08:35:14 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 13 Oct 2022 10:35:14 +0200 (CEST) Subject: SUSE-CU-2022:2550-1: Recommended update of suse/sle15 Message-ID: <20221013083514.0F195FBA8@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2550-1 Container Tags : suse/sle15:15.2 , suse/sle15:15.2.9.5.206 Container Release : 9.5.206 Severity : critical Type : recommended References : 1189282 1201972 1203649 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3565-1 Released: Tue Oct 11 16:17:38 2022 Summary: Recommended update for libzypp, zypper Type: recommended Severity: critical References: 1189282,1201972,1203649 This update for libzypp, zypper fixes the following issues: libzypp: - Enable 'zck' support for SUSE Linux Enterprise 15 Service Pack 4 and newer (bsc#1189282) - Fix regression leading to `-allow-vendor-change` and `no-allow-vendor-change` options being ignored (bsc#1201972) - Remove migration code that is no longer needed (bsc#1203649) - Store logrotate files in vendor specif directory '/usr/etc/logrotate.d' if so defined zypper: - Fix contradiction in the man page: `--download-in-advance` option is the default behavior - Fix regression leading to `-allow-vendor-change` and `no-allow-vendor-change` options being ignored (bsc#1201972) - Fix tests to use locale 'C.UTF-8' rather than 'en_US' - Make sure 'up' respects solver related CLI options (bsc#1201972) - Remove unneeded code to compute the PPP status because it is now auto established - Store logrotate files in vendor specif directory '/usr/etc/logrotate.d' if so defined The following package changes have been done: - libzypp-17.31.2-150200.45.1 updated - zypper-1.14.57-150200.39.1 updated From sle-updates at lists.suse.com Thu Oct 13 10:19:56 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 13 Oct 2022 12:19:56 +0200 (CEST) Subject: SUSE-SU-2022:3571-1: important: Security update for rubygem-puma Message-ID: <20221013101956.E7BFFFBAE@maintenance.suse.de> SUSE Security Update: Security update for rubygem-puma ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3571-1 Rating: important References: #1197818 Cross-References: CVE-2022-24790 CVSS scores: CVE-2022-24790 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVE-2022-24790 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Affected Products: SUSE Linux Enterprise High Availability 15 SUSE Linux Enterprise High Availability 15-SP1 SUSE Linux Enterprise High Availability 15-SP2 SUSE Linux Enterprise High Availability 15-SP3 SUSE Linux Enterprise High Availability 15-SP4 SUSE Linux Enterprise High Performance Computing 15 SUSE Linux Enterprise High Performance Computing 15-SP1 SUSE Linux Enterprise High Performance Computing 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Server 15 SUSE Linux Enterprise Server 15-SP1 SUSE Linux Enterprise Server 15-SP2 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15 SUSE Linux Enterprise Server for SAP Applications 15-SP1 SUSE Linux Enterprise Server for SAP Applications 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Linux Enterprise Storage 6 SUSE Linux Enterprise Storage 7 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.0 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.0 SUSE Manager Retail Branch Server 4.1 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.0 SUSE Manager Server 4.1 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for rubygem-puma fixes the following issues: Updated to version 4.3.12: - CVE-2022-24790: Fixed HTTP request smuggling if proxy is not RFC7230 compliant (bsc#1197818). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3571=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-3571=1 - SUSE Linux Enterprise High Availability 15-SP4: zypper in -t patch SUSE-SLE-Product-HA-15-SP4-2022-3571=1 - SUSE Linux Enterprise High Availability 15-SP3: zypper in -t patch SUSE-SLE-Product-HA-15-SP3-2022-3571=1 - SUSE Linux Enterprise High Availability 15-SP2: zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2022-3571=1 - SUSE Linux Enterprise High Availability 15-SP1: zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2022-3571=1 - SUSE Linux Enterprise High Availability 15: zypper in -t patch SUSE-SLE-Product-HA-15-2022-3571=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): ruby2.5-rubygem-puma-4.3.12-150000.3.9.1 ruby2.5-rubygem-puma-debuginfo-4.3.12-150000.3.9.1 ruby2.5-rubygem-puma-doc-4.3.12-150000.3.9.1 rubygem-puma-debugsource-4.3.12-150000.3.9.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): ruby2.5-rubygem-puma-4.3.12-150000.3.9.1 ruby2.5-rubygem-puma-debuginfo-4.3.12-150000.3.9.1 ruby2.5-rubygem-puma-doc-4.3.12-150000.3.9.1 rubygem-puma-debugsource-4.3.12-150000.3.9.1 - SUSE Linux Enterprise High Availability 15-SP4 (aarch64 ppc64le s390x x86_64): ruby2.5-rubygem-puma-4.3.12-150000.3.9.1 ruby2.5-rubygem-puma-debuginfo-4.3.12-150000.3.9.1 rubygem-puma-debugsource-4.3.12-150000.3.9.1 - SUSE Linux Enterprise High Availability 15-SP3 (aarch64 ppc64le s390x x86_64): ruby2.5-rubygem-puma-4.3.12-150000.3.9.1 ruby2.5-rubygem-puma-debuginfo-4.3.12-150000.3.9.1 rubygem-puma-debugsource-4.3.12-150000.3.9.1 - SUSE Linux Enterprise High Availability 15-SP2 (aarch64 ppc64le s390x x86_64): ruby2.5-rubygem-puma-4.3.12-150000.3.9.1 ruby2.5-rubygem-puma-debuginfo-4.3.12-150000.3.9.1 - SUSE Linux Enterprise High Availability 15-SP1 (aarch64 ppc64le s390x x86_64): ruby2.5-rubygem-puma-4.3.12-150000.3.9.1 ruby2.5-rubygem-puma-debuginfo-4.3.12-150000.3.9.1 - SUSE Linux Enterprise High Availability 15 (aarch64 ppc64le s390x x86_64): ruby2.5-rubygem-puma-4.3.12-150000.3.9.1 ruby2.5-rubygem-puma-debuginfo-4.3.12-150000.3.9.1 References: https://www.suse.com/security/cve/CVE-2022-24790.html https://bugzilla.suse.com/1197818 From sle-updates at lists.suse.com Thu Oct 13 13:19:14 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 13 Oct 2022 15:19:14 +0200 (CEST) Subject: SUSE-RU-2022:3573-1: moderate: Recommended update for pacemaker Message-ID: <20221013131914.A25D9FBA8@maintenance.suse.de> SUSE Recommended Update: Recommended update for pacemaker ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:3573-1 Rating: moderate References: #1129707 #1196340 #1197668 Affected Products: SUSE Linux Enterprise High Availability 15-SP1 SUSE Linux Enterprise High Performance Computing 15-SP1 SUSE Linux Enterprise Server 15-SP1 SUSE Linux Enterprise Server for SAP Applications 15-SP1 SUSE Linux Enterprise Storage 6 SUSE Manager Proxy 4.0 SUSE Manager Retail Branch Server 4.0 SUSE Manager Server 4.0 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for pacemaker fixes the following issues: - scheduler: do not enforce resource stop if any new probe/monitor indicates the resource was not running on the target (bsc#1196340) - OCF: controld: Give warning when no-quorum-policy not set as freeze while using DLM (bsc#1129707) - Pacemaker high resolution timestamps (bsc#1197668) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 15-SP1: zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2022-3573=1 Package List: - SUSE Linux Enterprise High Availability 15-SP1 (aarch64 ppc64le s390x x86_64): libpacemaker-devel-2.0.1+20190417.13d370ca9-150100.3.27.1 libpacemaker3-2.0.1+20190417.13d370ca9-150100.3.27.1 libpacemaker3-debuginfo-2.0.1+20190417.13d370ca9-150100.3.27.1 pacemaker-2.0.1+20190417.13d370ca9-150100.3.27.1 pacemaker-cli-2.0.1+20190417.13d370ca9-150100.3.27.1 pacemaker-cli-debuginfo-2.0.1+20190417.13d370ca9-150100.3.27.1 pacemaker-debuginfo-2.0.1+20190417.13d370ca9-150100.3.27.1 pacemaker-debugsource-2.0.1+20190417.13d370ca9-150100.3.27.1 pacemaker-remote-2.0.1+20190417.13d370ca9-150100.3.27.1 pacemaker-remote-debuginfo-2.0.1+20190417.13d370ca9-150100.3.27.1 - SUSE Linux Enterprise High Availability 15-SP1 (noarch): pacemaker-cts-2.0.1+20190417.13d370ca9-150100.3.27.1 References: https://bugzilla.suse.com/1129707 https://bugzilla.suse.com/1196340 https://bugzilla.suse.com/1197668 From sle-updates at lists.suse.com Thu Oct 13 13:20:03 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 13 Oct 2022 15:20:03 +0200 (CEST) Subject: SUSE-SU-2022:3576-1: important: Security update for icinga Message-ID: <20221013132003.23C8EFBA8@maintenance.suse.de> SUSE Security Update: Security update for icinga ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3576-1 Rating: important References: #1014637 #1156309 Cross-References: CVE-2016-9566 CVE-2019-3698 CVSS scores: CVE-2016-9566 (NVD) : 7.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2016-9566 (SUSE): 7.3 CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H CVE-2019-3698 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2019-3698 (SUSE): 4.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L Affected Products: SUSE Manager Tools 12 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for icinga fixes the following issues: - CVE-2016-9566: Fixed root privilege escalation (bsc#1014637). - CVE-2019-3698: Fixed symbolic link vulnerability that can cause DoS or potentially escalate privileges (bsc#1156309). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Tools 12: zypper in -t patch SUSE-SLE-Manager-Tools-12-2022-3576=1 Package List: - SUSE Manager Tools 12 (aarch64 ppc64le s390x x86_64): icinga-1.13.3-12.6.1 icinga-debuginfo-1.13.3-12.6.1 icinga-debugsource-1.13.3-12.6.1 icinga-devel-1.13.3-12.6.1 icinga-doc-1.13.3-12.6.1 icinga-idoutils-1.13.3-12.6.1 icinga-idoutils-mysql-1.13.3-12.6.1 icinga-idoutils-oracle-1.13.3-12.6.1 icinga-idoutils-pgsql-1.13.3-12.6.1 icinga-plugins-downtimes-1.13.3-12.6.1 icinga-plugins-eventhandlers-1.13.3-12.6.1 icinga-www-1.13.3-12.6.1 icinga-www-config-1.13.3-12.6.1 monitoring-tools-1.13.3-12.6.1 References: https://www.suse.com/security/cve/CVE-2016-9566.html https://www.suse.com/security/cve/CVE-2019-3698.html https://bugzilla.suse.com/1014637 https://bugzilla.suse.com/1156309 From sle-updates at lists.suse.com Thu Oct 13 13:20:44 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 13 Oct 2022 15:20:44 +0200 (CEST) Subject: SUSE-RU-2022:3572-1: moderate: Recommended update for grafana-status-panel and grafana-piechart-panel Message-ID: <20221013132044.C29C4FBA8@maintenance.suse.de> SUSE Recommended Update: Recommended update for grafana-status-panel and grafana-piechart-panel ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:3572-1 Rating: moderate References: #1198768 #1200501 Affected Products: SUSE Enterprise Storage 6 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for grafana-status-panel and grafana-piechart-panel fixes the following issues: grafana-status-panel: - Update to version 1.0.11, signed for use with grafana v8.x (bsc#1198768) grafana-piechart-panel: - Update to version 1.6.2, signed for use with Grafana v8.x (bsc#1200501) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-3572=1 Package List: - SUSE Enterprise Storage 6 (noarch): grafana-piechart-panel-1.6.2-150100.3.6.1 grafana-status-panel-1.0.11-150100.3.6.1 References: https://bugzilla.suse.com/1198768 https://bugzilla.suse.com/1200501 From sle-updates at lists.suse.com Thu Oct 13 13:21:41 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 13 Oct 2022 15:21:41 +0200 (CEST) Subject: SUSE-RU-2022:3574-1: Recommended update for clamsap Message-ID: <20221013132141.13632FBA8@maintenance.suse.de> SUSE Recommended Update: Recommended update for clamsap ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:3574-1 Rating: low References: #1200699 Affected Products: SUSE Linux Enterprise Module for SAP Applications 15 SUSE Linux Enterprise Module for SAP Applications 15-SP1 SUSE Linux Enterprise Module for SAP Applications 15-SP2 SUSE Linux Enterprise Module for SAP Applications 15-SP3 SUSE Linux Enterprise Module for SAP Applications 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15 SUSE Linux Enterprise Server for SAP Applications 15-SP1 SUSE Linux Enterprise Server for SAP Applications 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for clamsap fixes the following issues: - Add reference to bsc#1200699 in the changelog (bsc#1200699). Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3574=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-3574=1 - SUSE Linux Enterprise Module for SAP Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP4-2022-3574=1 - SUSE Linux Enterprise Module for SAP Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP3-2022-3574=1 - SUSE Linux Enterprise Module for SAP Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP2-2022-3574=1 - SUSE Linux Enterprise Module for SAP Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP1-2022-3574=1 - SUSE Linux Enterprise Module for SAP Applications 15: zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-2022-3574=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): clamsap-0.104.3-150000.4.12.1 clamsap-debuginfo-0.104.3-150000.4.12.1 clamsap-debugsource-0.104.3-150000.4.12.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): clamsap-0.104.3-150000.4.12.1 clamsap-debuginfo-0.104.3-150000.4.12.1 clamsap-debugsource-0.104.3-150000.4.12.1 - SUSE Linux Enterprise Module for SAP Applications 15-SP4 (aarch64 ppc64le s390x x86_64): clamsap-0.104.3-150000.4.12.1 clamsap-debuginfo-0.104.3-150000.4.12.1 clamsap-debugsource-0.104.3-150000.4.12.1 - SUSE Linux Enterprise Module for SAP Applications 15-SP3 (aarch64 ppc64le s390x x86_64): clamsap-0.104.3-150000.4.12.1 clamsap-debuginfo-0.104.3-150000.4.12.1 clamsap-debugsource-0.104.3-150000.4.12.1 - SUSE Linux Enterprise Module for SAP Applications 15-SP2 (aarch64 ppc64le s390x x86_64): clamsap-0.104.3-150000.4.12.1 clamsap-debuginfo-0.104.3-150000.4.12.1 clamsap-debugsource-0.104.3-150000.4.12.1 - SUSE Linux Enterprise Module for SAP Applications 15-SP1 (aarch64 ppc64le s390x x86_64): clamsap-0.104.3-150000.4.12.1 clamsap-debuginfo-0.104.3-150000.4.12.1 clamsap-debugsource-0.104.3-150000.4.12.1 - SUSE Linux Enterprise Module for SAP Applications 15 (aarch64 ppc64le s390x x86_64): clamsap-0.104.3-150000.4.12.1 clamsap-debuginfo-0.104.3-150000.4.12.1 clamsap-debugsource-0.104.3-150000.4.12.1 References: https://bugzilla.suse.com/1200699 From sle-updates at lists.suse.com Thu Oct 13 16:19:12 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 13 Oct 2022 18:19:12 +0200 (CEST) Subject: SUSE-RU-2022:3577-1: important: Recommended update for SAPHanaSR Message-ID: <20221013161912.87422FBAE@maintenance.suse.de> SUSE Recommended Update: Recommended update for SAPHanaSR ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:3577-1 Rating: important References: #1192963 #1198127 #1201945 PED-1253 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP5 ______________________________________________________________________________ An update that has three recommended fixes and contains one feature can now be installed. Description: This update for SAPHanaSR fixes the following issues: - SAPHanaSR-monitor not reporting correctly. (bsc#1192963) - Version bump to 0.161.1_BF - add the required 'xmllint' to the package (bsc#1201945) - changes to the demote_clone function of the resource agent: if the role is '1:P' (topology agent run into timeouts) the function fail with rc=1, to get the managed resource stopped changes to the stop_clone function of the topology agent: call landscapeHostConfiguration.py and set the roles as they were reported. If the command timed out, set the role to '1:P' and return 1 to get the node fenced. The used timeout for the landscapeHostConfiguration.py call can be configured by the cluster action timeout, if needed. It will be 50% of the action timeout or the minimum of 300s. (bsc#1198127) - add new HA/DR provider hook susChkSrv (jsc#PED-1241, jsc#PED-1240, jsc#PED-1253) - add new tool SAPHanaSR-manageProvider to show, add and delete HA/DR provider sections in the global.ini of SAP HANA. - update suse icon to new branding Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP5: zypper in -t patch SUSE-SLE-SAP-12-SP5-2022-3577=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-3577=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP5 (noarch): SAPHanaSR-0.161.1_BF-3.23.1 SAPHanaSR-doc-0.161.1_BF-3.23.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (noarch): SAPHanaSR-0.161.1_BF-3.23.1 SAPHanaSR-doc-0.161.1_BF-3.23.1 References: https://bugzilla.suse.com/1192963 https://bugzilla.suse.com/1198127 https://bugzilla.suse.com/1201945 From sle-updates at lists.suse.com Thu Oct 13 22:22:02 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 14 Oct 2022 00:22:02 +0200 (CEST) Subject: SUSE-RU-2022:3581-1: moderate: Recommended update for rmt-server Message-ID: <20221013222202.9F6BAFBAE@maintenance.suse.de> SUSE Recommended Update: Recommended update for rmt-server ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:3581-1 Rating: moderate References: #1188578 #1197038 #1197405 #1198721 #1199961 Affected Products: SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server for SAP 15 ______________________________________________________________________________ An update that has 5 recommended fixes can now be installed. Description: This update for rmt-server fixes the following issues: - Implement `System-Token` header handling to improve unique system reporting. - Add --proxy-byos flag to rmt-cli systems command to filter BYOS systems using RMT as a proxy - Retry failed http requests automatically (bsc#1197405, bsc#1188578, bsc#1198721, bsc#1199961) - Improved rmt-client-setup-res script for CentOS8.x and RHEL/RES8.x (bsc#1197038) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-3581=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-3581=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-3581=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-3581=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): rmt-server-2.9-150000.3.58.1 rmt-server-config-2.9-150000.3.58.1 rmt-server-debuginfo-2.9-150000.3.58.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): rmt-server-2.9-150000.3.58.1 rmt-server-config-2.9-150000.3.58.1 rmt-server-debuginfo-2.9-150000.3.58.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): rmt-server-2.9-150000.3.58.1 rmt-server-config-2.9-150000.3.58.1 rmt-server-debuginfo-2.9-150000.3.58.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): rmt-server-2.9-150000.3.58.1 rmt-server-config-2.9-150000.3.58.1 rmt-server-debuginfo-2.9-150000.3.58.1 References: https://bugzilla.suse.com/1188578 https://bugzilla.suse.com/1197038 https://bugzilla.suse.com/1197405 https://bugzilla.suse.com/1198721 https://bugzilla.suse.com/1199961 From sle-updates at lists.suse.com Thu Oct 13 22:23:20 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 14 Oct 2022 00:23:20 +0200 (CEST) Subject: SUSE-RU-2022:3580-1: moderate: Recommended update for rmt-server Message-ID: <20221013222320.98F76FBAE@maintenance.suse.de> SUSE Recommended Update: Recommended update for rmt-server ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:3580-1 Rating: moderate References: #1188578 #1197038 #1197405 #1198721 #1199961 Affected Products: SUSE Enterprise Storage 7 SUSE Linux Enterprise High Performance Computing 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise Module for Public Cloud 15-SP2 SUSE Linux Enterprise Server 15-SP2 SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP2 SUSE Linux Enterprise Storage 7 SUSE Manager Proxy 4.1 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1 ______________________________________________________________________________ An update that has 5 recommended fixes can now be installed. Description: This update for rmt-server fixes the following issues: - Implement `System-Token` header handling to improve unique system reporting. - Add --proxy-byos flag to rmt-cli systems command to filter BYOS systems using RMT as a proxy - Retry failed http requests automatically (bsc#1197405, bsc#1188578, bsc#1198721, bsc#1199961) - Improved rmt-client-setup-res script for CentOS8.x and RHEL/RES8.x (bsc#1197038) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-3580=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-3580=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-3580=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-3580=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-3580=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-3580=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP2: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP2-2022-3580=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-3580=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-3580=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-3580=1 Package List: - SUSE Manager Server 4.1 (ppc64le s390x x86_64): rmt-server-2.9-150200.3.26.1 rmt-server-config-2.9-150200.3.26.1 rmt-server-debuginfo-2.9-150200.3.26.1 rmt-server-debugsource-2.9-150200.3.26.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): rmt-server-2.9-150200.3.26.1 rmt-server-config-2.9-150200.3.26.1 rmt-server-debuginfo-2.9-150200.3.26.1 rmt-server-debugsource-2.9-150200.3.26.1 - SUSE Manager Proxy 4.1 (x86_64): rmt-server-2.9-150200.3.26.1 rmt-server-config-2.9-150200.3.26.1 rmt-server-debuginfo-2.9-150200.3.26.1 rmt-server-debugsource-2.9-150200.3.26.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): rmt-server-2.9-150200.3.26.1 rmt-server-config-2.9-150200.3.26.1 rmt-server-debuginfo-2.9-150200.3.26.1 rmt-server-debugsource-2.9-150200.3.26.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): rmt-server-2.9-150200.3.26.1 rmt-server-config-2.9-150200.3.26.1 rmt-server-debuginfo-2.9-150200.3.26.1 rmt-server-debugsource-2.9-150200.3.26.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): rmt-server-2.9-150200.3.26.1 rmt-server-config-2.9-150200.3.26.1 rmt-server-debuginfo-2.9-150200.3.26.1 rmt-server-debugsource-2.9-150200.3.26.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP2 (aarch64 ppc64le s390x x86_64): rmt-server-debuginfo-2.9-150200.3.26.1 rmt-server-debugsource-2.9-150200.3.26.1 rmt-server-pubcloud-2.9-150200.3.26.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): rmt-server-2.9-150200.3.26.1 rmt-server-config-2.9-150200.3.26.1 rmt-server-debuginfo-2.9-150200.3.26.1 rmt-server-debugsource-2.9-150200.3.26.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): rmt-server-2.9-150200.3.26.1 rmt-server-config-2.9-150200.3.26.1 rmt-server-debuginfo-2.9-150200.3.26.1 rmt-server-debugsource-2.9-150200.3.26.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): rmt-server-2.9-150200.3.26.1 rmt-server-config-2.9-150200.3.26.1 rmt-server-debuginfo-2.9-150200.3.26.1 rmt-server-debugsource-2.9-150200.3.26.1 References: https://bugzilla.suse.com/1188578 https://bugzilla.suse.com/1197038 https://bugzilla.suse.com/1197405 https://bugzilla.suse.com/1198721 https://bugzilla.suse.com/1199961 From sle-updates at lists.suse.com Thu Oct 13 22:24:43 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 14 Oct 2022 00:24:43 +0200 (CEST) Subject: SUSE-RU-2022:3582-1: moderate: Recommended update for rmt-server Message-ID: <20221013222443.D13A6FBAE@maintenance.suse.de> SUSE Recommended Update: Recommended update for rmt-server ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:3582-1 Rating: moderate References: #1188578 #1197038 #1197405 #1198721 #1199961 Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Linux Enterprise High Performance Computing 15-SP1 SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise Module for Public Cloud 15-SP1 SUSE Linux Enterprise Server 15-SP1 SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP Applications 15-SP1 SUSE Linux Enterprise Storage 6 SUSE Manager Proxy 4.0 SUSE Manager Retail Branch Server 4.0 SUSE Manager Server 4.0 ______________________________________________________________________________ An update that has 5 recommended fixes can now be installed. Description: This update for rmt-server fixes the following issues: - Implement `System-Token` header handling to improve unique system reporting. - Add --proxy-byos flag to rmt-cli systems command to filter BYOS systems using RMT as a proxy - Retry failed http requests automatically (bsc#1197405, bsc#1188578, bsc#1198721, bsc#1199961) - Improved rmt-client-setup-res script for CentOS8.x and RHEL/RES8.x (bsc#1197038) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-3582=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-3582=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-3582=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP1: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP1-2022-3582=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-3582=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-3582=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-3582=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): rmt-server-2.9-150100.3.39.1 rmt-server-config-2.9-150100.3.39.1 rmt-server-debuginfo-2.9-150100.3.39.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): rmt-server-2.9-150100.3.39.1 rmt-server-config-2.9-150100.3.39.1 rmt-server-debuginfo-2.9-150100.3.39.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): rmt-server-2.9-150100.3.39.1 rmt-server-config-2.9-150100.3.39.1 rmt-server-debuginfo-2.9-150100.3.39.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP1 (aarch64 ppc64le s390x x86_64): rmt-server-debuginfo-2.9-150100.3.39.1 rmt-server-pubcloud-2.9-150100.3.39.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): rmt-server-2.9-150100.3.39.1 rmt-server-config-2.9-150100.3.39.1 rmt-server-debuginfo-2.9-150100.3.39.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): rmt-server-2.9-150100.3.39.1 rmt-server-config-2.9-150100.3.39.1 rmt-server-debuginfo-2.9-150100.3.39.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): rmt-server-2.9-150100.3.39.1 rmt-server-config-2.9-150100.3.39.1 rmt-server-debuginfo-2.9-150100.3.39.1 - SUSE CaaS Platform 4.0 (x86_64): rmt-server-2.9-150100.3.39.1 rmt-server-config-2.9-150100.3.39.1 rmt-server-debuginfo-2.9-150100.3.39.1 References: https://bugzilla.suse.com/1188578 https://bugzilla.suse.com/1197038 https://bugzilla.suse.com/1197405 https://bugzilla.suse.com/1198721 https://bugzilla.suse.com/1199961 From sle-updates at lists.suse.com Thu Oct 13 22:25:58 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 14 Oct 2022 00:25:58 +0200 (CEST) Subject: SUSE-RU-2022:3579-1: moderate: Recommended update for rmt-server Message-ID: <20221013222558.51592FBAE@maintenance.suse.de> SUSE Recommended Update: Recommended update for rmt-server ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:3579-1 Rating: moderate References: #1188578 #1197038 #1197405 #1198721 #1199961 Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for Public Cloud 15-SP3 SUSE Linux Enterprise Module for Server Applications 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 ______________________________________________________________________________ An update that has 5 recommended fixes can now be installed. Description: This update for rmt-server fixes the following issues: - Implement `System-Token` header handling to improve unique system reporting. - Add --proxy-byos flag to rmt-cli systems command to filter BYOS systems using RMT as a proxy - Retry failed http requests automatically (bsc#1197405, bsc#1188578, bsc#1198721, bsc#1199961) - Improved rmt-client-setup-res script for CentOS8.x and RHEL/RES8.x (bsc#1197038) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-3579=1 - SUSE Linux Enterprise Module for Server Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2022-3579=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP3: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP3-2022-3579=1 Package List: - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): rmt-server-2.9-150300.3.18.1 rmt-server-config-2.9-150300.3.18.1 rmt-server-debuginfo-2.9-150300.3.18.1 rmt-server-debugsource-2.9-150300.3.18.1 rmt-server-pubcloud-2.9-150300.3.18.1 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (aarch64 ppc64le s390x x86_64): rmt-server-2.9-150300.3.18.1 rmt-server-config-2.9-150300.3.18.1 rmt-server-debuginfo-2.9-150300.3.18.1 rmt-server-debugsource-2.9-150300.3.18.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP3 (aarch64 ppc64le s390x x86_64): rmt-server-debuginfo-2.9-150300.3.18.1 rmt-server-debugsource-2.9-150300.3.18.1 rmt-server-pubcloud-2.9-150300.3.18.1 References: https://bugzilla.suse.com/1188578 https://bugzilla.suse.com/1197038 https://bugzilla.suse.com/1197405 https://bugzilla.suse.com/1198721 https://bugzilla.suse.com/1199961 From sle-updates at lists.suse.com Fri Oct 14 10:21:11 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 14 Oct 2022 12:21:11 +0200 (CEST) Subject: SUSE-SU-2022:3583-1: important: Security update for python-waitress Message-ID: <20221014102111.D6C1DFBAE@maintenance.suse.de> SUSE Security Update: Security update for python-waitress ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3583-1 Rating: important References: #1197255 Cross-References: CVE-2022-24761 CVSS scores: CVE-2022-24761 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVE-2022-24761 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Affected Products: SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python-waitress fixes the following issues: - CVE-2022-24761: Fixed a bug to avoid inconsistent interpretation of HTTP requests leading to request smuggling. (bsc#1197256) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-3583=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2022-3583=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (noarch): python-waitress-1.4.3-3.6.1 - SUSE OpenStack Cloud 9 (noarch): python-waitress-1.4.3-3.6.1 References: https://www.suse.com/security/cve/CVE-2022-24761.html https://bugzilla.suse.com/1197255 From sle-updates at lists.suse.com Fri Oct 14 13:21:55 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 14 Oct 2022 15:21:55 +0200 (CEST) Subject: SUSE-SU-2022:3585-1: important: Security update for the Linux Kernel Message-ID: <20221014132155.3CD48FBAE@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3585-1 Rating: important References: #1152472 #1152489 #1185032 #1190497 #1194023 #1194869 #1195917 #1196444 #1196869 #1197659 #1198189 #1200622 #1201309 #1201310 #1201987 #1202095 #1202960 #1203039 #1203066 #1203101 #1203197 #1203263 #1203338 #1203360 #1203361 #1203389 #1203410 #1203505 #1203552 #1203664 #1203693 #1203699 #1203701 #1203767 #1203769 #1203794 #1203798 #1203893 #1203902 #1203906 #1203908 #1203933 #1203935 #1203939 #1203969 #1203987 #1203992 PED-387 PED-529 PED-652 PED-664 PED-682 PED-688 PED-720 PED-729 PED-755 PED-763 SLE-19924 SLE-24814 Cross-References: CVE-2022-1263 CVE-2022-2586 CVE-2022-3202 CVE-2022-3239 CVE-2022-3303 CVE-2022-39189 CVE-2022-41218 CVE-2022-41848 CVE-2022-41849 CVSS scores: CVE-2022-1263 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-1263 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-2586 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-3202 (NVD) : 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2022-3202 (SUSE): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2022-3239 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3239 (SUSE): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-3303 (NVD) : 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3303 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2022-39189 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-39189 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-41218 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-41218 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-41848 (NVD) : 4.2 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-41848 (SUSE): 6.4 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-41849 (NVD) : 4.2 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-41849 (SUSE): 6.3 CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Public Cloud 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that solves 9 vulnerabilities, contains 12 features and has 38 fixes is now available. Description: The SUSE Linux Enterprise 15 SP4 kernel was updated. The following security bugs were fixed: - CVE-2022-3303: Fixed a race condition in the sound subsystem due to improper locking (bnc#1203769). - CVE-2022-41218: Fixed an use-after-free caused by refcount races in drivers/media/dvb-core/dmxdev.c (bnc#1202960). - CVE-2022-3239: Fixed an use-after-free in the video4linux driver that could lead a local user to able to crash the system or escalate their privileges (bnc#1203552). - CVE-2022-41848: Fixed a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling ioctl (bnc#1203987). - CVE-2022-41849: Fixed a race condition and resultant use-after-free if a physically proximate attacker removes a USB device while calling open (bnc#1203992). - CVE-2022-2586: Fixed a use-after-free which can be triggered when a nft table is deleted (bnc#1202095). - CVE-2022-1263: Fixed a NULL pointer dereference issue was found in KVM when releasing a vCPU with dirty ring support enabled. This flaw allowed an unprivileged local attacker on the host to issue specific ioctl calls, causing a kernel oops condition that results in a denial of service (bnc#1198189). - CVE-2022-3202: Fixed a NULL pointer dereference flaw in Journaled File System. This could allow a local attacker to crash the system or leak kernel internal information (bnc#1203389). - CVE-2022-39189: Fixed a bug in the x86 KVM subsystem which allows unprivileged guest users to compromise the guest kernel because TLB flush operations are mishandled (bnc#1203066). The following non-security bugs were fixed: - ACPI / scan: Create platform device for CS35L41 (bsc#1203699). - ACPI: processor idle: Practically limit "Dummy wait" workaround to old Intel systems (bsc#1203767). - ACPI: resource: skip IRQ override on AMD Zen platforms (git-fixes). - ACPI: scan: Add CLSA0101 Laptop Support (bsc#1203699). - ACPI: utils: Add api to read _SUB from ACPI (bsc#1203699). - ALSA: aloop: Fix random zeros in capture data when using jiffies timer (git-fixes). - ALSA: core: Fix double-free at snd_card_new() (git-fixes). - ALSA: cs35l41: Check hw_config before using it (bsc#1203699). - ALSA: cs35l41: Enable Internal Boost in shared lib (bsc#1203699). - ALSA: cs35l41: Move cs35l41_gpio_config to shared lib (bsc#1203699). - ALSA: cs35l41: Unify hardware configuration (bsc#1203699). - ALSA: emu10k1: Fix out of bounds access in snd_emu10k1_pcm_channel_alloc() (git-fixes). - ALSA: hda: add Intel 5 Series / 3400 PCI DID (git-fixes). - ALSA: hda: cs35l41: Add Amp Name based on channel and index (bsc#1203699). - ALSA: hda: cs35l41: Add Boost type flag (bsc#1203699). - ALSA: hda: cs35l41: Add calls to newly added test key function (bsc#1203699). - ALSA: hda: cs35l41: Add defaulted values into dsp bypass config sequence (bsc#1203699). - ALSA: hda: cs35l41: Add initial DSP support and firmware loading (bsc#1203699). - ALSA: hda: cs35l41: Add missing default cases (bsc#1203699). - ALSA: hda: cs35l41: Add module parameter to control firmware load (bsc#1203699). - ALSA: hda: cs35l41: Add support for CS35L41 in HDA systems (bsc#1203699). - ALSA: hda: cs35l41: Add Support for Interrupts (bsc#1203699). - ALSA: hda: cs35l41: Allow compilation test on non-ACPI configurations (bsc#1203699). - ALSA: hda: cs35l41: Always configure the DAI (bsc#1203699). - ALSA: hda: cs35l41: Avoid overwriting register patch (bsc#1203699). - ALSA: hda: cs35l41: Clarify support for CSC3551 without _DSD Properties (bsc#1203699). - ALSA: hda: cs35l41: Consolidate selections under SND_HDA_SCODEC_CS35L41 (bsc#1203699). - ALSA: hda: cs35l41: Do not dereference fwnode handle (bsc#1203699). - ALSA: hda: cs35l41: Drop wrong use of ACPI_PTR() (bsc#1203699). - ALSA: hda: cs35l41: Enable GPIO2 Interrupt for CLSA0100 laptops (bsc#1203699). - ALSA: hda: cs35l41: Fix comments wrt serial-multi-instantiate reference (bsc#1203699). - ALSA: hda: cs35l41: fix double free on error in probe() (bsc#1203699). - ALSA: hda: cs35l41: Fix error in spi cs35l41 hda driver name (bsc#1203699). - ALSA: hda: cs35l41: Fix I2S params comments (bsc#1203699). - ALSA: hda: cs35l41: Handle all external boost setups the same way (bsc#1203699). - ALSA: hda: cs35l41: Improve dev_err_probe() messaging (bsc#1203699). - ALSA: hda: cs35l41: Make cs35l41_hda_remove() return void (bsc#1203699). - ALSA: hda: cs35l41: Make use of the helper function dev_err_probe() (bsc#1203699). - ALSA: hda: cs35l41: Move boost config to initialization code (bsc#1203699). - ALSA: hda: cs35l41: Move cs35l41* calls to its own symbol namespace (bsc#1203699). - ALSA: hda: cs35l41: Move external boost handling to lib for ASoC use (bsc#1203699). - ALSA: hda: cs35l41: Mute the device before shutdown (bsc#1203699). - ALSA: hda: cs35l41: Put the device into safe mode for external boost (bsc#1203699). - ALSA: hda: cs35l41: Read Speaker Calibration data from UEFI variables (bsc#1203699). - ALSA: hda: cs35l41: Remove cs35l41_hda_reg_sequence struct (bsc#1203699). - ALSA: hda: cs35l41: Remove Set Channel Map api from binding (bsc#1203699). - ALSA: hda: cs35l41: Reorganize log for playback actions (bsc#1203699). - ALSA: hda: cs35l41: Save codec object inside component struct (bsc#1203699). - ALSA: hda: cs35l41: Save Subsystem ID inside CS35L41 Driver (bsc#1203699). - ALSA: hda: cs35l41: Set Speaker Position for CLSA0100 Laptop (bsc#1203699). - ALSA: hda: cs35l41: Support CLSA0101 (bsc#1203699). - ALSA: hda: cs35l41: Support Firmware switching and reloading (bsc#1203699). - ALSA: hda: cs35l41: Support Hibernation during Suspend (bsc#1203699). - ALSA: hda: cs35l41: Support multiple load paths for firmware (bsc#1203699). - ALSA: hda: cs35l41: Support reading subsystem id from ACPI (bsc#1203699). - ALSA: hda: cs35l41: Support Speaker ID for laptops (bsc#1203699). - ALSA: hda: cs35l41: Tidyup code (bsc#1203699). - ALSA: hda: cs35l41: Use the CS35L41 HDA internal define (bsc#1203699). - ALSA: hda: Fix dependencies of CS35L41 on SPI/I2C buses (bsc#1203699). - ALSA: hda: Fix dependency on ASoC cs35l41 codec (bsc#1203699). - ALSA: hda: Fix hang at HD-audio codec unbinding due to refcount saturation (git-fixes). - ALSA: hda: Fix Nvidia dp infoframe (git-fixes). - ALSA: hda: hda_cs_dsp_ctl: Add apis to write the controls directly (bsc#1203699). - ALSA: hda: hda_cs_dsp_ctl: Add fw id strings (bsc#1203699). - ALSA: hda: hda_cs_dsp_ctl: Add Library to support CS_DSP ALSA controls (bsc#1203699). - ALSA: hda: intel-dsp-config: Add RaptorLake PCI IDs (jsc#PED-720). - ALSA: hda/cs8409: Add new Dolphin HW variants (bsc#1203699). - ALSA: hda/cs8409: Add Speaker Playback Switch for Cyborg (bsc#1203699). - ALSA: hda/cs8409: Add Speaker Playback Switch for Warlock (bsc#1203699). - ALSA: hda/cs8409: change cs8409_fixups v.pins initializers to static (bsc#1203699). - ALSA: hda/cs8409: Disable HSBIAS_SENSE_EN for Cyborg (bsc#1203699). - ALSA: hda/cs8409: Fix Full Scale Volume setting for all variants (bsc#1203699). - ALSA: hda/cs8409: Fix Warlock to use mono mic configuration (bsc#1203699). - ALSA: hda/cs8409: Re-order quirk table into ascending order (bsc#1203699). - ALSA: hda/cs8409: Support manual mode detection for CS42L42 (bsc#1203699). - ALSA: hda/cs8409: Support new Dolphin Variants (bsc#1203699). - ALSA: hda/cs8409: Support new Odin Variants (bsc#1203699). - ALSA: hda/cs8409: Support new Warlock MLK Variants (bsc#1203699). - ALSA: hda/cs8409: Use general cs42l42 include in cs8409 hda driver (bsc#1203699). - ALSA: hda/realtek: Add a quirk for HP OMEN 16 (8902) mute LED (git-fixes). - ALSA: hda/realtek: Add CS35L41 support for Thinkpad laptops (bsc#1203699). - ALSA: hda/realtek: Add mute and micmut LED support for Zbook Fury 17 G9 (bsc#1203699). - ALSA: hda/realtek: Add pincfg for ASUS G513 HP jack (git-fixes). - ALSA: hda/realtek: Add pincfg for ASUS G533Z HP jack (git-fixes). - ALSA: hda/realtek: Add quirk for ASUS GA503R laptop (git-fixes). - ALSA: hda/realtek: Add quirk for HP Zbook Firefly 14 G9 model (bsc#1203699). - ALSA: hda/realtek: Add quirk for Huawei WRT-WX9 (git-fixes). - ALSA: hda/realtek: Add quirk for Lenovo Yoga7 14IAL7 (bsc#1203699). - ALSA: hda/realtek: Add quirks for ASUS Zenbooks using CS35L41 (bsc#1203699). - ALSA: hda/realtek: Add support for HP Laptops (bsc#1203699). - ALSA: hda/realtek: Add support for Legion 7 16ACHg6 laptop (bsc#1203699). - ALSA: hda/realtek: Enable 4-speaker output Dell Precision 5530 laptop (git-fixes). - ALSA: hda/realtek: Enable 4-speaker output Dell Precision 5570 laptop (git-fixes). - ALSA: hda/realtek: Enable mute/micmute LEDs and limit mic boost on EliteBook 845/865 G9 (bsc#1203699). - ALSA: hda/realtek: Enable mute/micmute LEDs support for HP Laptops (bsc#1203699). - ALSA: hda/realtek: Enable speaker and mute LEDs for HP laptops (bsc#1203699). - ALSA: hda/realtek: Fix LED on Zbook Studio G9 (bsc#1203699). - ALSA: hda/realtek: Fix mute led issue on thinkpad with cs35l41 s-codec (bsc#1203699). - ALSA: hda/realtek: More robust component matching for CS35L41 (bsc#1203699). - ALSA: hda/realtek: Re-arrange quirk table entries (git-fixes). - ALSA: hda/sigmatel: Fix unused variable warning for beep power change (git-fixes). - ALSA: hda/tegra: Add Tegra234 hda driver support (git-fixes). - ALSA: hda/tegra: Align BDL entry to 4KB boundary (git-fixes). - ALSA: hda/tegra: set depop delay for tegra (git-fixes). - ALSA: hda/tegra: Update scratch reg. communication (git-fixes). - ALSA: pcm: oss: Fix race at SNDCTL_DSP_SYNC (git-fixes). - ALSA: usb-audio: Fix an out-of-bounds bug in __snd_usb_parse_audio_interface() (git-fixes). - ALSA: usb-audio: Inform the delayed registration more properly (git-fixes). - ALSA: usb-audio: Register card again for iface over delayed_register option (git-fixes). - ALSA: usb-audio: Split endpoint setups for hw_params and prepare (git-fixes). - ARM: dts: am33xx: Fix MMCHS0 dma properties (git-fixes). - ARM: dts: imx: align SPI NOR node name with dtschema (git-fixes). - ARM: dts: imx6qdl-kontron-samx6i: fix spi-flash compatible (git-fixes). - arm64: dts: qcom: sm8350: fix UFS PHY serdes size (git-fixes). - arm64: dts: rockchip: Fix typo in lisense text for PX30.Core (git-fixes). - arm64: dts: rockchip: Pull up wlan wake# on Gru-Bob (git-fixes). - arm64: dts: rockchip: Remove 'enable-active-low' from rk3399-puma (git-fixes). - arm64: dts: rockchip: Set RK3399-Gru PCLK_EDP to 24 MHz (git-fixes). - arm64: errata: Add Cortex-A510 to the repeat tlbi list (git-fixes) Enable this errata fix configuration option to arm64/default. - arm64: kexec_file: use more system keyrings to verify kernel image signature (bsc#1196444). - arm64: lib: Import latest version of Arm Optimized Routines' strcmp (git-fixes) - arm64: select TRACE_IRQFLAGS_NMI_SUPPORT (git-fixes) - arm64: topology: fix possible overflow in amu_fie_setup() (git-fixes). - ASoC: cs35l41: Add ASP TX3/4 source to register patch (bsc#1203699). - ASoC: cs35l41: Add bindings for CS35L41 (bsc#1203699). - ASoC: cs35l41: Add common cs35l41 enter hibernate function (bsc#1203699). - ASoC: cs35l41: Add cs35l51/53 IDs (bsc#1203699). - ASoC: cs35l41: Add endianness flag in snd_soc_component_driver (bsc#1203699). - ASoC: cs35l41: Add one more variable in the debug log (bsc#1203699). - ASoC: cs35l41: Add one more variable in the debug log (bsc#1203699). - ASoC: cs35l41: Add support for CLSA3541 ACPI device ID (bsc#1203699). - ASoC: cs35l41: Add support for hibernate memory retention mode (bsc#1203699). - ASoC: cs35l41: Binding fixes (bsc#1203699). - ASoC: cs35l41: Change monitor widgets to siggens (bsc#1203699). - ASoC: cs35l41: Combine adjacent register writes (bsc#1203699). - ASoC: cs35l41: Convert tables to shared source code (bsc#1203699). - ASoC: cs35l41: Correct DSP power down (bsc#1203699). - ASoC: cs35l41: Correct handling of some registers in the cache (bsc#1203699). - ASoC: cs35l41: Correct some control names (bsc#1203699). - ASoC: cs35l41: Create shared function for boost configuration (bsc#1203699). - ASoC: cs35l41: Create shared function for errata patches (bsc#1203699). - ASoC: cs35l41: Create shared function for setting channels (bsc#1203699). - ASoC: cs35l41: CS35L41 Boosted Smart Amplifier (bsc#1203699). - ASoC: cs35l41: Do not overwrite returned error code (bsc#1203699). - ASoC: cs35l41: Do not print error when waking from hibernation (bsc#1203699). - ASoC: cs35l41: Document CS35l41 External Boost (bsc#1203699). - ASoC: cs35l41: DSP Support (bsc#1203699). - ASoC: cs35l41: Fix a bunch of trivial code formating/style issues (bsc#1203699). - ASoC: cs35l41: Fix a shift-out-of-bounds warning found by UBSAN (bsc#1203699). - ASoC: cs35l41: Fix an out-of-bounds access in otp_packed_element_t (bsc#1203699). - ASoC: cs35l41: Fix DSP mbox start command and global enable order (bsc#1203699). - ASoC: cs35l41: Fix GPIO2 configuration (bsc#1203699). - ASoC: cs35l41: Fix link problem (bsc#1203699). - ASoC: cs35l41: Fix max number of TX channels (bsc#1203699). - ASoC: cs35l41: Fix undefined reference to core functions (bsc#1203699). - ASoC: cs35l41: Fix use of an uninitialised variable (bsc#1203699). - ASoC: cs35l41: Fixup the error messages (bsc#1203699). - ASoC: cs35l41: Make cs35l41_remove() return void (bsc#1203699). - ASoC: cs35l41: Move cs_dsp config struct into shared code (bsc#1203699). - ASoC: cs35l41: Move cs35l41 exit hibernate function into shared code (bsc#1203699). - ASoC: cs35l41: Move cs35l41 fs errata into shared code (bsc#1203699). - ASoC: cs35l41: Move cs35l41_otp_unpack to shared code (bsc#1203699). - ASoC: cs35l41: Move cs35l41_set_cspl_mbox_cmd to shared code (bsc#1203699). - ASoC: cs35l41: Move power initializations to reg_sequence (bsc#1203699). - ASoC: cs35l41: Read System Name from ACPI _SUB to identify firmware (bsc#1203699). - ASoC: cs35l41: Remove incorrect comment (bsc#1203699). - ASoC: cs35l41: Remove unnecessary param (bsc#1203699). - ASoC: cs35l41: Set the max SPI speed for the whole device (bsc#1203699). - ASoC: cs35l41: Support external boost (bsc#1203699). - ASoC: cs35l41: Update handling of test key registers (bsc#1203699). - ASoC: cs35l41: Use regmap_read_poll_timeout to wait for OTP boot (bsc#1203699). - ASoC: cs42l42: Add control for audio slow-start switch (bsc#1203699). - ASoC: cs42l42: Add warnings about DETECT_MODE and PLL_START (bsc#1203699). - ASoC: cs42l42: Allow time for HP/ADC to power-up after enable (bsc#1203699). - ASoC: cs42l42: Always enable TS_PLUG and TS_UNPLUG interrupts (bsc#1203699). - ASoC: cs42l42: Change jack_detect_mutex to a lock of all IRQ handling (bsc#1203699). - ASoC: cs42l42: Do not claim to support 192k (bsc#1203699). - ASoC: cs42l42: Do not reconfigure the PLL while it is running (bsc#1203699). - ASoC: cs42l42: Fix WARN in remove() if running without an interrupt (bsc#1203699). - ASoC: cs42l42: free_irq() before powering-down on probe() fail (bsc#1203699). - ASoC: cs42l42: Handle system suspend (bsc#1203699). - ASoC: cs42l42: Implement Manual Type detection as fallback (bsc#1203699). - ASoC: cs42l42: Mark OSC_SWITCH_STATUS register volatile (bsc#1203699). - ASoC: cs42l42: Minor fix all errors reported by checkpatch.pl script (bsc#1203699). - ASoC: cs42l42: Move CS42L42 register descriptions to general include (bsc#1203699). - ASoC: cs42l42: Only report button state if there was a button interrupt (git-fixes). - ASoC: cs42l42: Prevent NULL pointer deref in interrupt handler (bsc#1203699). - ASoC: cs42l42: Remove redundant pll_divout member (bsc#1203699). - ASoC: cs42l42: Remove redundant writes to DETECT_MODE (bsc#1203699). - ASoC: cs42l42: Remove redundant writes to RS_PLUG/RS_UNPLUG masks (bsc#1203699). - ASoC: cs42l42: Remove unused runtime_suspend/runtime_resume callbacks (bsc#1203699). - ASoC: cs42l42: Report full jack status when plug is detected (bsc#1203699). - ASoC: cs42l42: Report initial jack state (bsc#1203699). - ASoC: cs42l42: Reset and power-down on remove() and failed probe() (bsc#1203699). - ASoC: cs42l42: Set correct SRC MCLK (bsc#1203699). - ASoC: cs42l42: Simplify reporting of jack unplug (bsc#1203699). - ASoC: cs42l42: Use PLL for SCLK > 12.288MHz (bsc#1203699). - ASoC: cs42l42: Use two thresholds and increased wait time for manual type detection (bsc#1203699). - ASoC: dt-bindings: cs42l42: Convert binding to yaml (bsc#1203699). - ASoC: imx-card: Fix refcount issue with of_node_put (git-fixes). - ASoC: mchp-spdiftx: Fix clang -Wbitfield-constant-conversion (git-fixes). - ASoC: mchp-spdiftx: remove references to mchp_i2s_caps (git-fixes). - ASoC: nau8824: Fix semaphore unbalance at error paths (git-fixes). - ASoC: qcom: sm8250: add missing module owner (git-fixes). - ASoC: SOF: Intel: pci-tgl: add ADL-PS support (jsc#PED-720). - ASoC: SOF: Intel: pci-tgl: add RPL-P support (jsc#PED-720). - ASoC: SOF: Intel: pci-tgl: add RPL-S support (jsc#PED-652). - ASoC: tas2770: Reinit regcache on reset (git-fixes). - ASoC: wm_adsp: Add support for "toggle" preloaders (bsc#1203699). - ASoC: wm_adsp: Add trace caps to speaker protection FW (bsc#1203699). - ASoC: wm_adsp: Cancel ongoing work when removing controls (bsc#1203699). - ASoC: wm_adsp: Compressed stream DSP memory structs should be __packed (bsc#1203699). - ASoC: wm_adsp: Correct control read size when parsing compressed buffer (bsc#1203699). - ASoC: wm_adsp: Expand firmware loading search options (bsc#1203699). - ASoC: wm_adsp: Fix event for preloader (bsc#1203699). - ASoC: wm_adsp: Introduce cs_dsp logging macros (bsc#1203699). - ASoC: wm_adsp: Make compressed buffers optional (bsc#1203699). - ASoC: wm_adsp: Minor clean and redundant code removal (bsc#1203699). - ASoC: wm_adsp: Move check for control existence (bsc#1203699). - ASoC: wm_adsp: Move check of dsp->running to better place (bsc#1203699). - ASoC: wm_adsp: move firmware loading to client (bsc#1203699). - ASoC: wm_adsp: Move sys_config_size to wm_adsp (bsc#1203699). - ASoC: wm_adsp: Pass firmware names as parameters when starting DSP core (bsc#1203699). - ASoC: wm_adsp: remove a repeated including (bsc#1203699). - ASoC: wm_adsp: Remove pointless string comparison (bsc#1203699). - ASoC: wm_adsp: Remove the wmfw_add_ctl helper function (bsc#1203699). - ASoC: wm_adsp: Remove use of snd_ctl_elem_type_t (bsc#1203699). - ASoC: wm_adsp: Rename generic DSP support (bsc#1203699). - ASoC: wm_adsp: Separate generic cs_dsp_coeff_ctl handling (bsc#1203699). - ASoC: wm_adsp: Separate some ASoC and generic functions (bsc#1203699). - ASoC: wm_adsp: Separate wm_adsp specifics in cs_dsp_client_ops (bsc#1203699). - ASoC: wm_adsp: Split DSP power operations into helper functions (bsc#1203699). - ASoC: wm_adsp: Split out struct cs_dsp from struct wm_adsp (bsc#1203699). - ASoC: wm_adsp: Switch to using wm_coeff_read_ctrl for compressed buffers (bsc#1203699). - ASoC: wm_adsp: wm_adsp_control_add() error: uninitialized symbol 'ret' (bsc#1203699). - batman-adv: Fix hang up with small MTU hard-interface (git-fixes). - Bluetooth: btusb: mediatek: fix WMT failure during runtime suspend (git-fixes). - Bluetooth: hci_{ldisc,serdev}: check percpu_init_rwsem() failure (git-fixes). - Bluetooth: hci_core: Fix not handling link timeouts propertly (git-fixes). - bnx2x: fix built-in kernel driver load failure (git-fixes). - bnx2x: fix driver load from initrd (git-fixes). - btrfs: fix relocation crash due to premature return from btrfs_commit_transaction() (bsc#1203360). - btrfs: fix space cache corruption and potential double allocations (bsc#1203361). - build mlx in x86_64/azure as modules again (bsc#1203701) There is little gain by having the drivers built into the kernel. Having them as modules allows easy replacement by third party drivers. - can: gs_usb: gs_can_open(): fix race dev->can.state condition (git-fixes). - can: rx-offload: can_rx_offload_init_queue(): fix typo (git-fixes). - cgroup: Add missing cpus_read_lock() to cgroup_attach_task_all() (bsc#1196869). - cgroup: cgroup_get_from_id() must check the looked-up kn is a directory (bsc#1203906). - cgroup: Fix race condition at rebind_subsystems() (bsc#1203902). - cgroup: Fix threadgroup_rwsem <-> cpus_read_lock() deadlock (bsc#1196869). - clk: bcm: rpi: Prevent out-of-bounds access (git-fixes). - clk: bcm: rpi: Use correct order for the parameters of devm_kcalloc() (git-fixes). - clk: imx: imx6sx: remove the SET_RATE_PARENT flag for QSPI clocks (git-fixes). - clk: ingenic-tcu: Properly enable registers before accessing timers (git-fixes). - clk: iproc: Do not rely on node name for correct PLL setup (git-fixes). - constraints: increase disk space for all architectures References: bsc#1203693 aarch64 is already suffering. SLE15-SP5 x86_64 stats show that it is very close to the limit. - crypto: arm64/gcm - Select AEAD for GHASH_ARM64_CE (git-fixes) - cs-dsp and serial-multi-instantiate enablement (bsc#1203699) - dmaengine: idxd: add helper for per interrupt handle drain (jsc#PED-682). - dmaengine: idxd: add knob for enqcmds retries (jsc#PED-755). - dmaengine: idxd: change MSIX allocation based on per wq activation (jsc#PED-664). - dmaengine: idxd: create locked version of idxd_quiesce() call (jsc#PED-682). - dmaengine: idxd: embed irq_entry in idxd_wq struct (jsc#PED-664). - dmaengine: idxd: fix descriptor flushing locking (jsc#PED-664). - dmaengine: idxd: fix retry value to be constant for duration of function call (git-fixes). - dmaengine: idxd: handle interrupt handle revoked event (jsc#PED-682). - dmaengine: idxd: handle invalid interrupt handle descriptors (jsc#PED-682). - dmaengine: idxd: int handle management refactoring (jsc#PED-682). - dmaengine: idxd: match type for retries var in idxd_enqcmds() (git-fixes). - dmaengine: idxd: move interrupt handle assignment (jsc#PED-682). - dmaengine: idxd: rework descriptor free path on failure (jsc#PED-682). - dmaengine: idxd: set defaults for wq configs (jsc#PED-688). - dmaengine: idxd: update IAA definitions for user header (jsc#PED-763). - dmaengine: ti: k3-udma-private: Fix refcount leak bug in of_xudma_dev_get() (git-fixes). - docs: i2c: i2c-topology: fix incorrect heading (git-fixes). - dpaa2-ptp: Fix refcount leak in dpaa2_ptp_probe (git-fixes). - drm/amd/amdgpu: fixing read wrong pf2vf data in SRIOV (git-fixes). - drm/amd/amdgpu: skip ucode loading if ucode_size == 0 (git-fixes). - drm/amd/display: Limit user regamma to a valid value (git-fixes). - drm/amd/display: Mark dml30's UseMinimumDCFCLK() as noinline for stack usage (git-fixes). - drm/amd/display: Reduce number of arguments of dml31's CalculateFlipSchedule() (git-fixes). - drm/amd/display: Reduce number of arguments of dml31's CalculateWatermarksAndDRAMSpeedChangeSupport() (git-fixes). - drm/amd/pm: disable BACO entry/exit completely on several sienna cichlid cards (git-fixes). - drm/amdgpu: Check num_gfx_rings for gfx v9_0 rb setup (git-fixes). - drm/amdgpu: do not register a dirty callback for non-atomic (git-fixes). - drm/amdgpu: make sure to init common IP before gmc (git-fixes). - drm/amdgpu: mmVM_L2_CNTL3 register not initialized correctly (git-fixes). - drm/amdgpu: move nbio ih_doorbell_range() into ih code for vega (git-fixes). - drm/amdgpu: move nbio sdma_doorbell_range() into sdma code for vega (git-fixes). - drm/amdgpu: Move psp_xgmi_terminate call from amdgpu_xgmi_remove_device to psp_hw_fini (git-fixes). - drm/amdgpu: Separate vf2pf work item init from virt data exchange (git-fixes). - drm/amdgpu: use dirty framebuffer helper (git-fixes). - drm/bridge: display-connector: implement bus fmts callbacks (git-fixes). - drm/bridge: lt8912b: add vsync hsync (git-fixes). - drm/bridge: lt8912b: fix corrupted image output (git-fixes). - drm/bridge: lt8912b: set hdmi or dvi mode (git-fixes). - drm/gem: Fix GEM handle release errors (git-fixes). - drm/gma500: Fix BUG: sleeping function called from invalid context errors (git-fixes). - drm/i915: Implement WaEdpLinkRateDataReload (git-fixes). - drm/i915: Skip wm/ddb readout for disabled pipes (git-fixes). - drm/i915/glk: ECS Liva Q2 needs GLK HDMI port timing quirk (git-fixes). - drm/i915/gt: Restrict forced preemption to the active context (git-fixes). - drm/mediatek: dsi: Add atomic {destroy,duplicate}_state, reset callbacks (git-fixes). - drm/mediatek: dsi: Move mtk_dsi_stop() call back to mtk_dsi_poweroff() (git-fixes). - drm/meson: Correct OSD1 global alpha value (git-fixes). - drm/meson: Fix OSD1 RGB to YCbCr coefficient (git-fixes). - drm/msm/rd: Fix FIFO-full deadlock (git-fixes). - drm/panel: simple: Fix innolux_g121i1_l01 bus_format (git-fixes). - drm/panfrost: devfreq: set opp to the recommended one to configure regulator (git-fixes). - drm/radeon: add a force flush to delay work when radeon (git-fixes). - drm/rockchip: Fix return type of cdn_dp_connector_mode_valid (git-fixes). - drm/tegra: vic: Fix build warning when CONFIG_PM=n (git-fixes). - dt-bindings: hwmon: (mr75203) fix "intel,vm-map" property to be optional (git-fixes). - EDAC/dmc520: Do not print an error for each unconfigured interrupt line (bsc#1190497). - efi: capsule-loader: Fix use-after-free in efi_capsule_write (git-fixes). - efi: libstub: Disable struct randomization (git-fixes). - eth: alx: take rtnl_lock on resume (git-fixes). - eth: sun: cassini: remove dead code (git-fixes). - explicit set MODULE_SIG_HASH in azure config (bsc#1203933) Setting this option became mandatory in Feb 2022. While the lack of this option did not cause issues with automated builds, a manual osc build started to fail due to incorrect macro expansion. - fbcon: Add option to enable legacy hardware acceleration (bsc#1152472) Backporting changes: * context fixes in other patch * update config - fbcon: Fix accelerated fbdev scrolling while logo is still shown (bsc#1152472) - fbdev: chipsfb: Add missing pci_disable_device() in chipsfb_pci_init() (git-fixes). - firmware: arm_scmi: Fix the asynchronous reset requests (git-fixes). - firmware: arm_scmi: Harden accesses to the reset domains (git-fixes). - firmware: cs_dsp: add driver to support firmware loading on Cirrus Logic DSPs (bsc#1203699). - firmware: cs_dsp: Add lockdep asserts to interface functions (bsc#1203699). - firmware: cs_dsp: Add memory chunk helpers (bsc#1203699). - firmware: cs_dsp: Add offset to cs_dsp read/write (bsc#1203699). - firmware: cs_dsp: Add pre_run callback (bsc#1203699). - firmware: cs_dsp: Add pre_stop callback (bsc#1203699). - firmware: cs_dsp: Add support for rev 2 coefficient files (bsc#1203699). - firmware: cs_dsp: Add version checks on coefficient loading (bsc#1203699). - firmware: cs_dsp: Allow creation of event controls (bsc#1203699). - firmware: cs_dsp: Clarify some kernel doc comments (bsc#1203699). - firmware: cs_dsp: Clear core reset for cache (bsc#1203699). - firmware: cs_dsp: Fix overrun of unterminated control name string (bsc#1203699). - firmware: cs_dsp: Move lockdep asserts to avoid potential null pointer (bsc#1203699). - firmware: cs_dsp: Perform NULL check in cs_dsp_coeff_write/read_ctrl (bsc#1203699). - firmware: cs_dsp: Print messages from bin files (bsc#1203699). - firmware: cs_dsp: tidy includes in cs_dsp.c and cs_dsp.h (bsc#1203699). - ftrace: Fix NULL pointer dereference in is_ftrace_trampoline when ftrace is dead (git-fixes). - fuse: Remove the control interface for virtio-fs (bsc#1203798). - gpio: mockup: fix NULL pointer dereference when removing debugfs (git-fixes). - gpio: mockup: remove gpio debugfs when remove device (git-fixes). - gpio: mpc8xxx: Fix support for IRQ_TYPE_LEVEL_LOW flow_type in mpc85xx (git-fixes). - gpio: mvebu: Fix check for pwm support on non-A8K platforms (git-fixes). - gpiolib: cdev: Set lineevent_state::irq after IRQ register successfully (git-fixes). - gve: Fix GFP flags when allocing pages (git-fixes). - HID: intel-ish-hid: ishtp: Fix ishtp client sending disordered message (git-fixes). - HID: ishtp-hid-clientHID: ishtp-hid-client: Fix comment typo (git-fixes). - hwmon: (gsc-hwmon) Call of_node_get() before of_find_xxx API (git-fixes). - hwmon: (mr75203) enable polling for all VM channels (git-fixes). - hwmon: (mr75203) fix multi-channel voltage reading (git-fixes). - hwmon: (mr75203) fix VM sensor allocation when "intel,vm-map" not defined (git-fixes). - hwmon: (mr75203) fix voltage equation for negative source input (git-fixes). - hwmon: (pmbus/mp2888) Fix sensors readouts for MPS Multi-phase mp2888 controller (git-fixes). - hwmon: (tps23861) fix byte order in resistance register (git-fixes). - i2c: acpi: Add an i2c_acpi_client_count() helper function (bsc#1203699). - i2c: imx: If pm_runtime_get_sync() returned 1 device access is possible (git-fixes). - i2c: mlxbf: Fix frequency calculation (git-fixes). - i2c: mlxbf: incorrect base address passed during io write (git-fixes). - i2c: mlxbf: prevent stack overflow in mlxbf_i2c_smbus_start_transaction() (git-fixes). - i2c: mlxbf: support lock mechanism (git-fixes). - ice: Allow operation with reduced device MSI-X (bsc#1201987). - ice: arfs: fix use-after-free when freeing @rx_cpu_rmap (git-fixes). - ice: Do not skip not enabled queues in ice_vc_dis_qs_msg (git-fixes). - ice: fix crash when writing timestamp on RX rings (git-fixes). - ice: Fix KASAN error in LAG NETDEV_UNREGISTER handler (git-fixes). - ice: fix possible under reporting of ethtool Tx and Rx statistics (git-fixes). - ice: Fix race during aux device (un)plugging (git-fixes). - ice: Match on all profiles in slow-path (git-fixes). - ieee802154: cc2520: add rc code in cc2520_tx() (git-fixes). - igb: skip phy status check where unavailable (git-fixes). - Input: goodix - add compatible string for GT1158 (git-fixes). - Input: goodix - add support for GT1158 (git-fixes). - Input: iforce - add support for Boeder Force Feedback Wheel (git-fixes). - Input: iqs62x-keys - drop unused device node references (git-fixes). - Input: melfas_mip4 - fix return value check in mip4_probe() (git-fixes). - Input: snvs_pwrkey - fix SNVS_HPVIDR1 register address (git-fixes). - kABI workaround for spi changes (bsc#1203699). - kABI: Add back removed struct paca member (bsc#1203664 ltc#199236). - kABI: fix adding another field to scsi_device (bsc#1203039). - kABI: Fix kABI after SNP-Guest backport (jsc#SLE-19924, jsc#SLE-24814). - kbuild: disable header exports for UML in a straightforward way (git-fixes). - kexec_file: drop weak attribute from functions (bsc#1196444). - kexec, KEYS, s390: Make use of built-in and secondary keyring for signature verification (bsc#1196444). - kexec, KEYS: make the code in bzImage64_verify_sig generic (bsc#1196444). - kexec: clean up arch_kexec_kernel_verify_sig (bsc#1196444). - kexec: drop weak attribute from functions (bsc#1196444). - KVM: SVM: Create a separate mapping for the GHCB save area (jsc#SLE-19924, jsc#SLE-24814). - KVM: SVM: Create a separate mapping for the SEV-ES save area (jsc#SLE-19924, jsc#SLE-24814). - KVM: SVM: Define sev_features and VMPL field in the VMSA (jsc#SLE-19924, jsc#SLE-24814). - KVM: SVM: fix tsc scaling cache logic (bsc#1203263). - KVM: SVM: Update the SEV-ES save area mapping (jsc#SLE-19924, jsc#SLE-24814). - KVM: VMX: Heed the 'msr' argument in msr_write_intercepted() (git-fixes). - KVM: X86: Fix when shadow_root_level=5 && guest root_level<4 (git-fixes). - KVM: x86: hyper-v: Drop redundant 'ex' parameter from kvm_hv_send_ipi() (git-fixes). - KVM: x86: hyper-v: HVCALL_SEND_IPI_EX is an XMM fast hypercall (git-fixes). - KVM: x86: Move lookup of indexed CPUID leafs to helper (jsc#SLE-19924, jsc#SLE-24814). - libata: add ATA_HORKAGE_NOLPM for Pioneer BDR-207M and BDR-205 (git-fixes). - lockd: detect and reject lock arguments that overflow (git-fixes). - md-raid10: fix KASAN warning (git-fixes). - md: call __md_stop_writes in md_stop (git-fixes). - md: unlock mddev before reap sync_thread in action_store (bsc#1197659). - media: aspeed: Fix an error handling path in aspeed_video_probe() (git-fixes). - media: coda: Add more H264 levels for CODA960 (git-fixes). - media: coda: Fix reported H264 profile (git-fixes). - media: dvb_vb2: fix possible out of bound access (git-fixes). - media: exynos4-is: Change clk_disable to clk_disable_unprepare (git-fixes). - media: exynos4-is: Fix PM disable depth imbalance in fimc_is_probe (git-fixes). - media: flexcop-usb: fix endpoint type check (git-fixes). - media: imx-jpeg: Add pm-sleep support for imx-jpeg (git-fixes). - media: imx-jpeg: Correct some definition according specification (git-fixes). - media: imx-jpeg: Disable slot interrupt when frame done (git-fixes). - media: imx-jpeg: Fix potential array out of bounds in queue_setup (git-fixes). - media: imx-jpeg: Leave a blank space before the configuration data (git-fixes). - media: imx-jpeg: Refactor function mxc_jpeg_parse (git-fixes). - media: mceusb: Use new usb_control_msg_*() routines (git-fixes). - media: platform: mtk-mdp: Fix mdp_ipi_comm structure alignment. - media: rkvdec: Disable H.264 error detection (git-fixes). - media: st-delta: Fix PM disable depth imbalance in delta_probe (git-fixes). - media: vsp1: Fix offset calculation for plane cropping. - misc: cs35l41: Remove unused pdn variable (bsc#1203699). - mISDN: fix use-after-free bugs in l1oip timer handlers (git-fixes). - mlxsw: i2c: Fix initialization error flow (git-fixes). - mm: Fix PASID use-after-free issue (bsc#1203908). - mmc: core: Fix inconsistent sd3_bus_mode at UHS-I SD voltage switch failure (git-fixes). - mmc: hsq: Fix data stomping during mmc recovery (git-fixes). - mmc: moxart: fix 4-bit bus width and remove 8-bit bus width (git-fixes). - mwifiex: fix sleep in atomic context bugs caused by dev_coredumpv (git-fixes). - net: axienet: fix RX ring refill allocation failure handling (git-fixes). - net: axienet: reset core on initialization prior to MDIO access (git-fixes). - net: bcmgenet: hide status block before TX timestamping (git-fixes). - net: bcmgenet: Revert "Use stronger register read/writes to assure ordering" (git-fixes). - net: cpsw: add missing of_node_put() in cpsw_probe_dt() (git-fixes). - net: dsa: bcm_sf2_cfp: fix an incorrect NULL check on list iterator (git-fixes). - net: dsa: bcm_sf2: Fix Wake-on-LAN with mac_link_down() (git-fixes). - net: dsa: felix: fix tagging protocol changes with multiple CPU ports (git-fixes). - net: dsa: felix: suppress -EPROBE_DEFER errors (git-fixes). - net: dsa: introduce helpers for iterating through ports using dp (git-fixes). - net: dsa: lantiq_gswip: Do not set GSWIP_MII_CFG_RMII_CLK (git-fixes). - net: dsa: lantiq_gswip: fix use after free in gswip_remove() (git-fixes). - net: dsa: microchip: fix bridging with more than two member ports (git-fixes). - net: dsa: mt7530: 1G can also support 1000BASE-X link mode (git-fixes). - net: dsa: mt7530: add missing of_node_put() in mt7530_setup() (git-fixes). - net: dsa: mv88e6xxx: Fix port_hidden_wait to account for port_base_addr (git-fixes). - net: dsa: mv88e6xxx: Fix refcount leak in mv88e6xxx_mdios_register (git-fixes). - net: dsa: restrict SMSC_LAN9303_I2C kconfig (git-fixes). - net: emaclite: Add error handling for of_address_to_resource() (git-fixes). - net: enetc: Use pci_release_region() to release some resources (git-fixes). - net: ethernet: mediatek: ppe: fix wrong size passed to memset() (git-fixes). - net: ethernet: mv643xx: Fix over zealous checking of_get_mac_address() (git-fixes). - net: ethernet: stmmac: fix altr_tse_pcs function when using a fixed-link (git-fixes). - net: ethernet: stmmac: fix write to sgmii_adapter_base (git-fixes). - net: fec: add missing of_node_put() in fec_enet_init_stop_mode() (git-fixes). - net: ftgmac100: access hardware register after clock ready (git-fixes). - net: hns3: add netdev reset check for hns3_set_tunable() (git-fixes). - net: hns3: fix the concurrency between functions reading debugfs (git-fixes). - net: ipa: get rid of a duplicate initialization (git-fixes). - net: ipa: kill ipa_cmd_pipeline_clear() (git-fixes). - net: ipa: record proper RX transaction count (git-fixes). - net: macb: Fix PTP one step sync support (git-fixes). - net: macb: Increment rx bd head after allocating skb and buffer (git-fixes). - net: mana: Add rmb after checking owner bits (git-fixes). - net: mana: Add support of XDP_REDIRECT action (bug#1201310, jsc#PED-529). - net: mana: Add the Linux MANA PF driver (bug#1201309, jsc#PED-529). - net: mdio: Fix ENOMEM return value in BCM6368 mux bus controller (git-fixes). - net: mscc: ocelot: avoid corrupting hardware counters when moving VCAP filters (git-fixes). - net: mscc: ocelot: fix all IP traffic getting trapped to CPU with PTP over IP (git-fixes). - net: mscc: ocelot: fix broken IP multicast flooding (git-fixes). - net: mscc: ocelot: fix last VCAP IS1/IS2 filter persisting in hardware when deleted (git-fixes). - net: mscc: ocelot: fix missing unlock on error in ocelot_hwstamp_set() (git-fixes). - net: mscc: ocelot: fix VCAP IS2 filters matching on both lookups (git-fixes). - net: mscc: ocelot: restrict tc-trap actions to VCAP IS2 lookup 0 (git-fixes). - net: phy: aquantia: wait for the suspend/resume operations to finish (git-fixes). - net: phy: at803x: move page selection fix to config_init (git-fixes). - net: phy: Do not WARN for PHY_UP state in mdio_bus_phy_resume() (git-fixes). - net: sparx5: depends on PTP_1588_CLOCK_OPTIONAL (git-fixes). - net: sparx5: uses, depends on BRIDGE or !BRIDGE (git-fixes). - net: stmmac: dwmac-qcom-ethqos: add platform level clocks management (git-fixes). - net: stmmac: dwmac-qcom-ethqos: Enable RGMII functional clock on resume (git-fixes). - net: stmmac: dwmac-sun8i: add missing of_node_put() in sun8i_dwmac_register_mdio_mux() (git-fixes). - net: stmmac: enhance XDP ZC driver level switching performance (git-fixes). - net: stmmac: fix out-of-bounds access in a selftest (git-fixes). - net: stmmac: Fix unset max_speed difference between DT and non-DT platforms (git-fixes). - net: stmmac: only enable DMA interrupts when ready (git-fixes). - net: stmmac: perserve TX and RX coalesce value during XDP setup (git-fixes). - net: stmmac: remove unused get_addr() callback (git-fixes). - net: stmmac: Use readl_poll_timeout_atomic() in atomic state (git-fixes). - net: systemport: Fix an error handling path in bcm_sysport_probe() (git-fixes). - net: thunderbolt: Enable DMA paths only after rings are enabled (git-fixes). - net: usb: qmi_wwan: add Quectel RM520N (git-fixes). - net: wwan: iosm: Call mutex_init before locking it (git-fixes). - net: wwan: iosm: remove pointless null check (git-fixes). - net/mlx5: CT: Fix header-rewrite re-use for tupels (git-fixes). - net/mlx5: Drain fw_reset when removing device (git-fixes). - net/mlx5e: Block rx-gro-hw feature in switchdev mode (git-fixes). - net/mlx5e: Properly block HW GRO when XDP is enabled (git-fixes). - net/mlx5e: Properly block LRO when XDP is enabled (git-fixes). - net/mlx5e: Remove HW-GRO from reported features (git-fixes). - net/mlx5e: TC NIC mode, fix tc chains miss table (git-fixes). - net/qla3xxx: Fix a test in ql_reset_work() (git-fixes). - net/sunrpc: fix potential memory leaks in rpc_sysfs_xprt_state_change() (git-fixes). - NFS: Do not decrease the value of seq_nr_highest_sent (git-fixes). - NFS: fix problems with __nfs42_ssc_open (git-fixes). - NFS: Fix races in the legacy idmapper upcall (git-fixes). - NFS: Fix WARN_ON due to unionization of nfs_inode.nrequests (git-fixes). - NFS: Handle NFS4ERR_DELAY replies to OP_SEQUENCE correctly (git-fixes). - NFS: LOOKUP_DIRECTORY is also ok with symlinks (git-fixes). - NFS: RECLAIM_COMPLETE must handle EACCES (git-fixes). - NFS: Turn off open-by-filehandle and NFS re-export for NFSv4.0 (git-fixes). - NFS: Update mode bits after ALLOCATE and DEALLOCATE (git-fixes). - NFSD: Clean up the show_nf_flags() macro (git-fixes). - NFSD: eliminate the NFSD_FILE_BREAK_* flags (git-fixes). - NFSD: Fix offset type in I/O trace points (git-fixes). - NFSD: restore EINVAL error translation in nfsd_commit() (git-fixes). - of: device: Fix up of_dma_configure_id() stub (git-fixes). - of: fdt: fix off-by-one error in unflatten_dt_nodes() (git-fixes). - parisc/sticon: fix reverse colors (bsc#1152489) - parisc/stifb: Fix fb_is_primary_device() only available with (bsc#1152489) - parisc/stifb: Implement fb_is_primary_device() (bsc#1152489) - parisc/stifb: Keep track of hardware path of graphics card (bsc#1152489) - PCI: Correct misspelled words (git-fixes). - PCI: Disable MSI for Tegra234 Root Ports (git-fixes). - PCI: Prefer 'unsigned int' over bare 'unsigned' (git-fixes). - PCI/ASPM: Make Intel DG2 L1 acceptable latency unlimited (jsc#PED-387). - pinctrl: qcom: sc8180x: Fix gpio_wakeirq_map (git-fixes). - pinctrl: qcom: sc8180x: Fix wrong pin numbers (git-fixes). - pinctrl: sunxi: Fix name for A100 R_PIO (git-fixes). - platform/surface: aggregator_registry: Add support for Surface Laptop Go 2 (git-fixes). - platform/x86: acer-wmi: Acer Aspire One AOD270/Packard Bell Dot keymap fixes (git-fixes). - platform/x86: i2c-multi-instantiate: Rename it for a generic serial driver name (bsc#1203699). - platform/x86: serial-multi-instantiate: Add CLSA0101 Laptop (bsc#1203699). - platform/x86: serial-multi-instantiate: Add SPI support (bsc#1203699). - platform/x86: serial-multi-instantiate: Reorganize I2C functions (bsc#1203699). - pNFS/flexfiles: Report RDMA connection errors to the server (git-fixes). - powerpc/pseries/vas: Pass hw_cpu_id to node associativity HCALL (bsc#1194869). - ppc64/kdump: Limit kdump base to 512MB (bsc#1203410 ltc#199904). - regulator: core: Clean up on enable failure (git-fixes). - regulator: pfuze100: Fix the global-out-of-bounds access in pfuze100_regulator_probe() (git-fixes). - regulator: qcom_rpm: Fix circular deferral regression (git-fixes). - reset: imx7: Fix the iMX8MP PCIe PHY PERST support (git-fixes). - s390: fix double free of GS and RI CBs on fork() failure (bsc#1203197 LTC#199895). - s390/boot: fix absolute zero lowcore corruption on boot (git-fixes). - scsi: core: Add BLIST_NO_ASK_VPD_SIZE for some VDASD (bsc#1203039). - scsi: lpfc: Add missing destroy_workqueue() in error path (bsc#1203939). - scsi: lpfc: Add missing free iocb and nlp kref put for early return VMID cases (bsc#1203939). - scsi: lpfc: Add reporting capability for Link Degrade Signaling (bsc#1203939). - scsi: lpfc: Fix FLOGI ACC with wrong SID in PT2PT topology (bsc#1203939). - scsi: lpfc: Fix mbuf pool resource detected as busy at driver unload (bsc#1203939). - scsi: lpfc: Fix multiple NVMe remoteport registration calls for the same NPort ID (bsc#1203939). - scsi: lpfc: Fix prli_fc4_req checks in PRLI handling (bsc#1203939). - scsi: lpfc: Fix various issues reported by tools (bsc#1203939). - scsi: lpfc: Move scsi_host_template outside dynamically allocated/freed phba (bsc#1185032 bsc#1203939). - scsi: lpfc: Remove the unneeded result variable (bsc#1203939). - scsi: lpfc: Remove unneeded result variable (bsc#1203939). - scsi: lpfc: Rename mp/bmp dma buffers to rq/rsp in lpfc_fdmi_cmd (bsc#1203939). - scsi: lpfc: Return DID_TRANSPORT_DISRUPTED instead of DID_REQUEUE (bsc#1203939). - scsi: lpfc: Rework FDMI attribute registration for unintential padding (bsc#1203939). - scsi: lpfc: Rework lpfc_fdmi_cmd() routine for cleanup and consistency (bsc#1203939). - scsi: lpfc: Update congestion mode logging for Emulex SAN Manager application (bsc#1203939). - scsi: lpfc: Update lpfc version to 14.2.0.7 (bsc#1203939). - scsi: mpt3sas: Fix use-after-free warning (git-fixes). - scsi: qla2xxx: Add debugfs create/delete helpers (bsc#1203935). - scsi: qla2xxx: Add NVMe parameters support in Auxiliary Image Status (bsc#1203935). - scsi: qla2xxx: Always wait for qlt_sess_work_fn() from qlt_stop_phase1() (bsc#1203935). - scsi: qla2xxx: Avoid flush_scheduled_work() usage (bsc#1203935). - scsi: qla2xxx: Define static symbols (bsc#1203935). - scsi: qla2xxx: Disable ATIO interrupt coalesce for quad port ISP27XX (bsc#1203935). - scsi: qla2xxx: Drop DID_TARGET_FAILURE use (bsc#1203935). - scsi: qla2xxx: Enhance driver tracing with separate tunable and more (bsc#1203935). - scsi: qla2xxx: Fix disk failure to rediscover (git-fixes). - scsi: qla2xxx: Fix memory leak in __qlt_24xx_handle_abts() (bsc#1203935). - scsi: qla2xxx: Fix response queue handler reading stale packets (bsc#1203935). - scsi: qla2xxx: Fix spelling mistake "definiton" -> "definition" (bsc#1203935). - scsi: qla2xxx: Log message "skipping scsi_scan_host()" as informational (bsc#1203935). - scsi: qla2xxx: Remove unused declarations for qla2xxx (bsc#1203935). - scsi: qla2xxx: Remove unused del_sess_list field (bsc#1203935). - scsi: qla2xxx: Remove unused qlt_tmr_work() (bsc#1203935). - scsi: qla2xxx: Revert "scsi: qla2xxx: Fix response queue handler reading stale packets" (bsc#1203935). - scsi: qla2xxx: Update version to 10.02.07.900-k (bsc#1203935). - scsi: Revert "scsi: qla2xxx: Fix disk failure to rediscover" (git-fixes). - scsi: smartpqi: Add module param to disable managed ints (bsc#1203893). - scsi: smartpqi: Shorten drive visibility after removal (bsc#1200622). - selftests: Fix the if conditions of in test_extra_filter() (git-fixes). - selftests: forwarding: add shebang for sch_red.sh (git-fixes). - selftests: forwarding: Fix failing tests with old libnet (git-fixes). - serial: atmel: remove redundant assignment in rs485_config (git-fixes). - serial: Create uart_xmit_advance() (git-fixes). - serial: fsl_lpuart: Reset prior to registration (git-fixes). - serial: tegra-tcu: Use uart_xmit_advance(), fixes icount.tx accounting (git-fixes). - serial: tegra: Use uart_xmit_advance(), fixes icount.tx accounting (git-fixes). - soc: sunxi: sram: Actually claim SRAM regions (git-fixes). - soc: sunxi: sram: Fix debugfs info for A64 SRAM C (git-fixes). - soc: sunxi: sram: Prevent the driver from being unbound (git-fixes). - spi: Add API to count spi acpi resources (bsc#1203699). - spi: Create helper API to lookup ACPI info for spi device (bsc#1203699). - spi: dw: Fix PM disable depth imbalance in dw_spi_bt1_probe (git-fixes). - spi: meson-spicc: do not rely on busy flag in pow2 clk ops (git-fixes). - spi: mt7621: Fix an error message in mt7621_spi_probe() (git-fixes). - spi: propagate error code to the caller of acpi_spi_device_alloc() (bsc#1203699). - spi: qup: add missing clk_disable_unprepare on error in spi_qup_pm_resume_runtime() (git-fixes). - spi: qup: add missing clk_disable_unprepare on error in spi_qup_resume() (git-fixes). - spi: Return deferred probe error when controller isn't yet available (bsc#1203699). - spi: s3c64xx: Fix large transfers with DMA (git-fixes). - spi: Support selection of the index of the ACPI Spi Resource before alloc (bsc#1203699). - spi/omap100k:Fix PM disable depth imbalance in omap1_spi100k_probe (git-fixes). - struct ehci_hcd: hide new element going into a hole (git-fixes). - struct xhci_hcd: restore member now dynamically allocated (git-fixes). - SUNRPC: Do not call connect() more than once on a TCP socket (git-fixes). - SUNRPC: Do not leak sockets in xs_local_connect() (git-fixes). - SUNRPC: fix expiry of auth creds (git-fixes). - SUNRPC: Fix xdr_encode_bool() (git-fixes). - SUNRPC: Reinitialise the backchannel request buffers before reuse (git-fixes). - SUNRPC: RPC level errors should set task->tk_rpc_status (git-fixes). - thunderbolt: Add support for Intel Maple Ridge single port controller (git-fixes). - tracing: hold caller_addr to hardirq_{enable,disable}_ip (git-fixes). - tty: serial: atmel: Preserve previous USART mode if RS485 disabled (git-fixes). - USB: add quirks for Lenovo OneLink+ Dock (git-fixes). - USB: cdc-acm: Add Icom PMR F3400 support (0c26:0020) (git-fixes). - USB: core: Fix RST error in hub.c (git-fixes). - USB: core: Prevent nested device-reset calls (git-fixes). - USB: Drop commas after SoC match table sentinels (git-fixes). - USB: dwc3: core: leave default DMA if the controller does not support 64-bit DMA (git-fixes). - USB: dwc3: disable USB core PHY management (git-fixes). - USB: dwc3: gadget: Avoid starting DWC3 gadget during UDC unbind (git-fixes). - USB: dwc3: gadget: Do not modify GEVNTCOUNT in pullup() (git-fixes). - USB: dwc3: gadget: Refactor pullup() (git-fixes). - USB: dwc3: pci: Add support for Intel Raptor Lake (git-fixes). - USB: Fix ehci infinite suspend-resume loop issue in zhaoxin (git-fixes). - USB: host: xhci: fix a comment typo in xhci_mem_init() (git-fixes). - USB: host: xhci: use ffs() in xhci_mem_init() (git-fixes). - USB: hub: avoid warm port reset during USB3 disconnect (git-fixes). - USB: serial: cp210x: add Decagon UCA device id (git-fixes). - USB: serial: ftdi_sio: add Omron CS1W-CIF31 device id (git-fixes). - USB: serial: option: add Quectel BG95 0x0203 composition (git-fixes). - USB: serial: option: add Quectel EM060K modem (git-fixes). - USB: serial: option: add Quectel RM520N (git-fixes). - USB: serial: option: add support for Cinterion MV32-WA/WB RmNet mode (git-fixes). - USB: serial: option: add support for OPPO R11 diag port (git-fixes). - USB: storage: Add ASUS <0x0b05:0x1932> to IGNORE_UAS (git-fixes). - USB: storage: Add ignore-residue quirk for NXP PN7462AU (git-fixes). - USB: struct usb_device: hide new member (git-fixes). - USB: typec: intel_pmc_mux: Add new ACPI ID for Meteor Lake IOM device (git-fixes). - USB: typec: tipd: Add an additional overflow check (git-fixes). - USB: typec: tipd: Do not read/write more bytes than required (git-fixes). - USB: typec: ucsi: Remove incorrect warning (git-fixes). - USB: xhci-mtk: relax TT periodic bandwidth allocation (git-fixes). - usbnet: Fix memory leak in usbnet_disconnect() (git-fixes). - vfio/type1: Unpin zero pages (git-fixes). - vhost/vsock: Use kvmalloc/kvfree for larger packets (git-fixes). - video: fbdev: i740fb: Error out if 'pixclock' equals zero (git-fixes). - video: fbdev: pxa3xx-gcu: Fix integer overflow in pxa3xx_gcu_write (git-fixes). - virt: Add SEV-SNP guest driver (jsc#SLE-19924, jsc#SLE-24814). - virt: sevguest: Add documentation for SEV-SNP CPUID Enforcement (jsc#SLE-19924, jsc#SLE-24814). - virt: sevguest: Add support to derive key (jsc#SLE-19924, jsc#SLE-24814). - virt: sevguest: Add support to get extended report (jsc#SLE-19924, jsc#SLE-24814). - virt: sevguest: Fix bool function returning negative value (jsc#SLE-19924, jsc#SLE-24814). - virt: sevguest: Fix return value check in alloc_shared_pages() (jsc#SLE-19924, jsc#SLE-24814). - vrf: fix packet sniffing for traffic originating from ip tunnels (git-fixes). - vt: Clear selection before changing the font (git-fixes). - watchdog: wdat_wdt: Set the min and max timeout values properly (bsc#1194023). - wifi: ath10k: add peer map clean up for peer delete in ath10k_sta_state() (git-fixes). - wifi: ath11k: fix number of VHT beamformee spatial streams (git-fixes). - wifi: iwlegacy: 4965: corrected fix for potential off-by-one overflow in il4965_rs_fill_link_cmd() (git-fixes). - wifi: mac80211_hwsim: check length for virtio packets (git-fixes). - wifi: mac80211: allow bw change during channel switch in mesh (git-fixes). - wifi: mac80211: fix regression with non-QoS drivers (git-fixes). - wifi: mac80211: Fix UAF in ieee80211_scan_rx() (git-fixes). - wifi: mt76: fix reading current per-tid starting sequence number for aggregation (git-fixes). - wifi: mt76: mt7615: add mt7615_mutex_acquire/release in mt7615_sta_set_decap_offload (git-fixes). - wifi: mt76: mt7915: do not check state before configuring implicit beamform (git-fixes). - wifi: mt76: sdio: fix transmitting packet hangs (git-fixes). - wifi: rtl8xxxu: Fix AIFS written to REG_EDCA_*_PARAM (git-fixes). - wifi: rtl8xxxu: Fix skb misuse in TX queue selection (git-fixes). - wifi: rtl8xxxu: gen2: Fix mistake in path B IQ calibration (git-fixes). - wifi: rtl8xxxu: Improve rtl8xxxu_queue_select (git-fixes). - wifi: rtl8xxxu: Remove copy-paste leftover in gen2_update_rate_mask (git-fixes). - wifi: rtl8xxxu: tighten bounds checking in rtl8xxxu_read_efuse() (git-fixes). - wifi: rtlwifi: 8192de: correct checking of IQK reload (git-fixes). - wifi: rtw88: add missing destroy_workqueue() on error path in rtw_core_init() (git-fixes). - workqueue: do not skip lockdep work dependency in cancel_work_sync() (git-fixes). - x86/boot: Add a pointer to Confidential Computing blob in bootparams (jsc#SLE-19924, jsc#SLE-24814). - x86/boot: Add Confidential Computing type to setup_data (jsc#SLE-19924, jsc#SLE-24814). - x86/boot: Introduce helpers for MSR reads/writes (jsc#SLE-19924, jsc#SLE-24814). - x86/boot: Put globals that are accessed early into the .data section (jsc#SLE-19924, jsc#SLE-24814). - x86/boot: Use MSR read/write helpers instead of inline assembly (jsc#SLE-19924, jsc#SLE-24814). - x86/compressed: Add helper for validating pages in the decompression stage (jsc#SLE-19924, jsc#SLE-24814). - x86/compressed: Add SEV-SNP feature detection/setup (jsc#SLE-19924, jsc#SLE-24814). - x86/compressed: Export and rename add_identity_map() (jsc#SLE-19924, jsc#SLE-24814). - x86/compressed: Register GHCB memory when SEV-SNP is active (jsc#SLE-19924, jsc#SLE-24814). - x86/compressed: Use firmware-validated CPUID leaves for SEV-SNP guests (jsc#SLE-19924, jsc#SLE-24814). - x86/compressed/64: Add identity mapping for Confidential Computing blob (jsc#SLE-19924, jsc#SLE-24814). - x86/compressed/64: Add support for SEV-SNP CPUID table in #VC handlers (jsc#SLE-19924, jsc#SLE-24814). - x86/compressed/64: Detect/setup SEV/SME features earlier during boot (jsc#SLE-19924, jsc#SLE-24814). - x86/compressed/acpi: Move EFI config table lookup to helper (jsc#SLE-19924, jsc#SLE-24814). - x86/compressed/acpi: Move EFI detection to helper (jsc#SLE-19924, jsc#SLE-24814). - x86/compressed/acpi: Move EFI kexec handling into common code (jsc#SLE-19924, jsc#SLE-24814). - x86/compressed/acpi: Move EFI system table lookup to helper (jsc#SLE-19924, jsc#SLE-24814). - x86/compressed/acpi: Move EFI vendor table lookup to helper (jsc#SLE-19924, jsc#SLE-24814). - x86/head/64: Re-enable stack protection (jsc#SLE-19924, jsc#SLE-24814). - x86/ibt,ftrace: Make function-graph play nice (bsc#1203969). - x86/kernel: Mark the .bss..decrypted section as shared in the RMP table (jsc#SLE-19924, jsc#SLE-24814). - x86/kernel: Validate ROM memory before accessing when SEV-SNP is active (jsc#SLE-19924, jsc#SLE-24814). - x86/kexec: fix memory leak of elf header buffer (bsc#1196444). - x86/mm: Extend cc_attr to include AMD SEV-SNP (jsc#SLE-19924, jsc#SLE-24814). - x86/mm: Validate memory when changing the C-bit (jsc#SLE-19924, jsc#SLE-24814). - x86/sev: Add a helper for the PVALIDATE instruction (jsc#SLE-19924, jsc#SLE-24814). - x86/sev: Add a sev= cmdline option (jsc#SLE-19924, jsc#SLE-24814). - x86/sev: Add helper for validating pages in early enc attribute changes (jsc#SLE-19924, jsc#SLE-24814). - x86/sev: Add missing __init annotations to SEV init routines (jsc#SLE-19924 jsc#SLE-24814). - x86/sev: Add SEV-SNP feature detection/setup (jsc#SLE-19924, jsc#SLE-24814). - x86/sev: Check SEV-SNP features support (jsc#SLE-19924, jsc#SLE-24814). - x86/sev: Check the VMPL level (jsc#SLE-19924, jsc#SLE-24814). - x86/sev: Detect/setup SEV/SME features earlier in boot (jsc#SLE-19924, jsc#SLE-24814). - x86/sev: Get the AP jump table address from secrets page (jsc#SLE-19924, jsc#SLE-24814). - x86/sev: Move MSR-based VMGEXITs for CPUID to helper (jsc#SLE-19924, jsc#SLE-24814). - x86/sev: Provide support for SNP guest request NAEs (jsc#SLE-19924, jsc#SLE-24814). - x86/sev: Register GHCB memory when SEV-SNP is active (jsc#SLE-19924, jsc#SLE-24814). - x86/sev: Register SEV-SNP guest request platform device (jsc#SLE-19924, jsc#SLE-24814). - x86/sev: Use firmware-validated CPUID for SEV-SNP guests (jsc#SLE-19924, jsc#SLE-24814). - x86/sev: Use SEV-SNP AP creation to start secondary CPUs (jsc#SLE-19924, jsc#SLE-24814). - x86/xen: Remove undefined behavior in setup_features() (git-fixes). - xen-blkback: Advertise feature-persistent as user requested (git-fixes). - xen-blkback: Apply 'feature_persistent' parameter when connect (git-fixes). - xen-blkback: fix persistent grants negotiation (git-fixes). - xen-blkfront: Advertise feature-persistent as user requested (git-fixes). - xen-blkfront: Apply 'feature_persistent' parameter when connect (git-fixes). - xen-blkfront: Cache feature_persistent value before advertisement (git-fixes). - xen-blkfront: Handle NULL gendisk (git-fixes). - xen-netback: only remove 'hotplug-status' when the vif is actually destroyed (git-fixes). - xen/gntdev: Avoid blocking in unmap_grant_pages() (git-fixes). - xen/gntdev: Ignore failure to unmap INVALID_GRANT_HANDLE (git-fixes). - xen/grants: prevent integer overflow in gnttab_dma_alloc_pages() (git-fixes). - xen/usb: do not use arbitrary_virt_to_machine() (git-fixes). - xhci: Allocate separate command structures for each LPM command (git-fixes). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3585=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP4: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2022-3585=1 Package List: - openSUSE Leap 15.4 (aarch64 x86_64): cluster-md-kmp-azure-5.14.21-150400.14.16.1 cluster-md-kmp-azure-debuginfo-5.14.21-150400.14.16.1 dlm-kmp-azure-5.14.21-150400.14.16.1 dlm-kmp-azure-debuginfo-5.14.21-150400.14.16.1 gfs2-kmp-azure-5.14.21-150400.14.16.1 gfs2-kmp-azure-debuginfo-5.14.21-150400.14.16.1 kernel-azure-5.14.21-150400.14.16.1 kernel-azure-debuginfo-5.14.21-150400.14.16.1 kernel-azure-debugsource-5.14.21-150400.14.16.1 kernel-azure-devel-5.14.21-150400.14.16.1 kernel-azure-devel-debuginfo-5.14.21-150400.14.16.1 kernel-azure-extra-5.14.21-150400.14.16.1 kernel-azure-extra-debuginfo-5.14.21-150400.14.16.1 kernel-azure-livepatch-devel-5.14.21-150400.14.16.1 kernel-azure-optional-5.14.21-150400.14.16.1 kernel-azure-optional-debuginfo-5.14.21-150400.14.16.1 kernel-syms-azure-5.14.21-150400.14.16.1 kselftests-kmp-azure-5.14.21-150400.14.16.1 kselftests-kmp-azure-debuginfo-5.14.21-150400.14.16.1 ocfs2-kmp-azure-5.14.21-150400.14.16.1 ocfs2-kmp-azure-debuginfo-5.14.21-150400.14.16.1 reiserfs-kmp-azure-5.14.21-150400.14.16.1 reiserfs-kmp-azure-debuginfo-5.14.21-150400.14.16.1 - openSUSE Leap 15.4 (noarch): kernel-devel-azure-5.14.21-150400.14.16.1 kernel-source-azure-5.14.21-150400.14.16.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP4 (aarch64 x86_64): kernel-azure-5.14.21-150400.14.16.1 kernel-azure-debuginfo-5.14.21-150400.14.16.1 kernel-azure-debugsource-5.14.21-150400.14.16.1 kernel-azure-devel-5.14.21-150400.14.16.1 kernel-azure-devel-debuginfo-5.14.21-150400.14.16.1 kernel-syms-azure-5.14.21-150400.14.16.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP4 (noarch): kernel-devel-azure-5.14.21-150400.14.16.1 kernel-source-azure-5.14.21-150400.14.16.1 References: https://www.suse.com/security/cve/CVE-2022-1263.html https://www.suse.com/security/cve/CVE-2022-2586.html https://www.suse.com/security/cve/CVE-2022-3202.html https://www.suse.com/security/cve/CVE-2022-3239.html https://www.suse.com/security/cve/CVE-2022-3303.html https://www.suse.com/security/cve/CVE-2022-39189.html https://www.suse.com/security/cve/CVE-2022-41218.html https://www.suse.com/security/cve/CVE-2022-41848.html https://www.suse.com/security/cve/CVE-2022-41849.html https://bugzilla.suse.com/1152472 https://bugzilla.suse.com/1152489 https://bugzilla.suse.com/1185032 https://bugzilla.suse.com/1190497 https://bugzilla.suse.com/1194023 https://bugzilla.suse.com/1194869 https://bugzilla.suse.com/1195917 https://bugzilla.suse.com/1196444 https://bugzilla.suse.com/1196869 https://bugzilla.suse.com/1197659 https://bugzilla.suse.com/1198189 https://bugzilla.suse.com/1200622 https://bugzilla.suse.com/1201309 https://bugzilla.suse.com/1201310 https://bugzilla.suse.com/1201987 https://bugzilla.suse.com/1202095 https://bugzilla.suse.com/1202960 https://bugzilla.suse.com/1203039 https://bugzilla.suse.com/1203066 https://bugzilla.suse.com/1203101 https://bugzilla.suse.com/1203197 https://bugzilla.suse.com/1203263 https://bugzilla.suse.com/1203338 https://bugzilla.suse.com/1203360 https://bugzilla.suse.com/1203361 https://bugzilla.suse.com/1203389 https://bugzilla.suse.com/1203410 https://bugzilla.suse.com/1203505 https://bugzilla.suse.com/1203552 https://bugzilla.suse.com/1203664 https://bugzilla.suse.com/1203693 https://bugzilla.suse.com/1203699 https://bugzilla.suse.com/1203701 https://bugzilla.suse.com/1203767 https://bugzilla.suse.com/1203769 https://bugzilla.suse.com/1203794 https://bugzilla.suse.com/1203798 https://bugzilla.suse.com/1203893 https://bugzilla.suse.com/1203902 https://bugzilla.suse.com/1203906 https://bugzilla.suse.com/1203908 https://bugzilla.suse.com/1203933 https://bugzilla.suse.com/1203935 https://bugzilla.suse.com/1203939 https://bugzilla.suse.com/1203969 https://bugzilla.suse.com/1203987 https://bugzilla.suse.com/1203992 From sle-updates at lists.suse.com Fri Oct 14 13:26:23 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 14 Oct 2022 15:26:23 +0200 (CEST) Subject: SUSE-SU-2022:3590-1: important: Security update for python-Babel Message-ID: <20221014132623.59D52FBAE@maintenance.suse.de> SUSE Security Update: Security update for python-Babel ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3590-1 Rating: important References: #1185768 Cross-References: CVE-2021-42771 CVSS scores: CVE-2021-42771 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-42771 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server for SAP 15-SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python-Babel fixes the following issues: - CVE-2021-42771: Fixed relative path traversal (bsc#1185768). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-3590=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-3590=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-3590=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-3590=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-3590=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-3590=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-3590=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-3590=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-3590=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-3590=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Server for SAP 15-SP1 (noarch): python2-Babel-2.5.1-150000.3.3.1 python3-Babel-2.5.1-150000.3.3.1 - SUSE Linux Enterprise Server for SAP 15 (noarch): python2-Babel-2.5.1-150000.3.3.1 python3-Babel-2.5.1-150000.3.3.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (noarch): python2-Babel-2.5.1-150000.3.3.1 python3-Babel-2.5.1-150000.3.3.1 - SUSE Linux Enterprise Server 15-SP1-BCL (noarch): python2-Babel-2.5.1-150000.3.3.1 python3-Babel-2.5.1-150000.3.3.1 - SUSE Linux Enterprise Server 15-LTSS (noarch): python2-Babel-2.5.1-150000.3.3.1 python3-Babel-2.5.1-150000.3.3.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch): python2-Babel-2.5.1-150000.3.3.1 python3-Babel-2.5.1-150000.3.3.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (noarch): python2-Babel-2.5.1-150000.3.3.1 python3-Babel-2.5.1-150000.3.3.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch): python2-Babel-2.5.1-150000.3.3.1 python3-Babel-2.5.1-150000.3.3.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch): python2-Babel-2.5.1-150000.3.3.1 python3-Babel-2.5.1-150000.3.3.1 - SUSE Enterprise Storage 6 (noarch): python2-Babel-2.5.1-150000.3.3.1 python3-Babel-2.5.1-150000.3.3.1 - SUSE CaaS Platform 4.0 (noarch): python2-Babel-2.5.1-150000.3.3.1 python3-Babel-2.5.1-150000.3.3.1 References: https://www.suse.com/security/cve/CVE-2021-42771.html https://bugzilla.suse.com/1185768 From sle-updates at lists.suse.com Fri Oct 14 13:27:24 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 14 Oct 2022 15:27:24 +0200 (CEST) Subject: SUSE-RU-2022:3588-1: moderate: Recommended update for rmt-server Message-ID: <20221014132724.D8A0FFBAE@maintenance.suse.de> SUSE Recommended Update: Recommended update for rmt-server ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:3588-1 Rating: moderate References: #1188578 #1197038 #1197405 #1198721 #1199961 Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Public Cloud 15-SP4 SUSE Linux Enterprise Module for Server Applications 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has 5 recommended fixes can now be installed. Description: This update for rmt-server fixes the following issues: - Implement `System-Token` header handling to improve unique system reporting. - Add --proxy-byos flag to rmt-cli systems command to filter BYOS systems using RMT as a proxy - Retry failed http requests automatically (bsc#1197405, bsc#1188578, bsc#1198721, bsc#1199961) - Improved rmt-client-setup-res script for CentOS8.x and RHEL/RES8.x (bsc#1197038) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3588=1 - SUSE Linux Enterprise Module for Server Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2022-3588=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP4: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2022-3588=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): rmt-server-2.9-150400.3.6.1 rmt-server-config-2.9-150400.3.6.1 rmt-server-debuginfo-2.9-150400.3.6.1 rmt-server-debugsource-2.9-150400.3.6.1 rmt-server-pubcloud-2.9-150400.3.6.1 - SUSE Linux Enterprise Module for Server Applications 15-SP4 (aarch64 ppc64le s390x x86_64): rmt-server-2.9-150400.3.6.1 rmt-server-config-2.9-150400.3.6.1 rmt-server-debuginfo-2.9-150400.3.6.1 rmt-server-debugsource-2.9-150400.3.6.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP4 (aarch64 ppc64le s390x x86_64): rmt-server-debuginfo-2.9-150400.3.6.1 rmt-server-debugsource-2.9-150400.3.6.1 rmt-server-pubcloud-2.9-150400.3.6.1 References: https://bugzilla.suse.com/1188578 https://bugzilla.suse.com/1197038 https://bugzilla.suse.com/1197405 https://bugzilla.suse.com/1198721 https://bugzilla.suse.com/1199961 From sle-updates at lists.suse.com Fri Oct 14 13:28:37 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 14 Oct 2022 15:28:37 +0200 (CEST) Subject: SUSE-RU-2022:3589-1: Recommended update for libva Message-ID: <20221014132837.9E7E4FBAE@maintenance.suse.de> SUSE Recommended Update: Recommended update for libva ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:3589-1 Rating: low References: #1198925 Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server for SAP 15-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for libva fixes the following issue: - libva-x11-2 32bit base libraries are shipped to meet dependencies of the ffmpeg 32bit libraries (bsc#1198925). Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-3589=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-3589=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-3589=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-3589=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-3589=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-3589=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): libva-debugsource-2.3.0-150100.7.4.1 libva-devel-2.3.0-150100.7.4.1 libva-drm2-2.3.0-150100.7.4.1 libva-drm2-debuginfo-2.3.0-150100.7.4.1 libva-x11-2-2.3.0-150100.7.4.1 libva-x11-2-debuginfo-2.3.0-150100.7.4.1 libva2-2.3.0-150100.7.4.1 libva2-debuginfo-2.3.0-150100.7.4.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (x86_64): libva-drm2-32bit-2.3.0-150100.7.4.1 libva-drm2-32bit-debuginfo-2.3.0-150100.7.4.1 libva-x11-2-32bit-2.3.0-150100.7.4.1 libva-x11-2-32bit-debuginfo-2.3.0-150100.7.4.1 libva2-32bit-2.3.0-150100.7.4.1 libva2-32bit-debuginfo-2.3.0-150100.7.4.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): libva-debugsource-2.3.0-150100.7.4.1 libva-devel-2.3.0-150100.7.4.1 libva-drm2-2.3.0-150100.7.4.1 libva-drm2-debuginfo-2.3.0-150100.7.4.1 libva-x11-2-2.3.0-150100.7.4.1 libva-x11-2-debuginfo-2.3.0-150100.7.4.1 libva2-2.3.0-150100.7.4.1 libva2-debuginfo-2.3.0-150100.7.4.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (x86_64): libva-drm2-32bit-2.3.0-150100.7.4.1 libva-drm2-32bit-debuginfo-2.3.0-150100.7.4.1 libva-x11-2-32bit-2.3.0-150100.7.4.1 libva-x11-2-32bit-debuginfo-2.3.0-150100.7.4.1 libva2-32bit-2.3.0-150100.7.4.1 libva2-32bit-debuginfo-2.3.0-150100.7.4.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): libva-debugsource-2.3.0-150100.7.4.1 libva-devel-2.3.0-150100.7.4.1 libva-drm2-2.3.0-150100.7.4.1 libva-drm2-32bit-2.3.0-150100.7.4.1 libva-drm2-32bit-debuginfo-2.3.0-150100.7.4.1 libva-drm2-debuginfo-2.3.0-150100.7.4.1 libva-x11-2-2.3.0-150100.7.4.1 libva-x11-2-32bit-2.3.0-150100.7.4.1 libva-x11-2-32bit-debuginfo-2.3.0-150100.7.4.1 libva-x11-2-debuginfo-2.3.0-150100.7.4.1 libva2-2.3.0-150100.7.4.1 libva2-32bit-2.3.0-150100.7.4.1 libva2-32bit-debuginfo-2.3.0-150100.7.4.1 libva2-debuginfo-2.3.0-150100.7.4.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): libva-debugsource-2.3.0-150100.7.4.1 libva-devel-2.3.0-150100.7.4.1 libva-drm2-2.3.0-150100.7.4.1 libva-drm2-debuginfo-2.3.0-150100.7.4.1 libva-x11-2-2.3.0-150100.7.4.1 libva-x11-2-debuginfo-2.3.0-150100.7.4.1 libva2-2.3.0-150100.7.4.1 libva2-debuginfo-2.3.0-150100.7.4.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (x86_64): libva-drm2-32bit-2.3.0-150100.7.4.1 libva-drm2-32bit-debuginfo-2.3.0-150100.7.4.1 libva-x11-2-32bit-2.3.0-150100.7.4.1 libva-x11-2-32bit-debuginfo-2.3.0-150100.7.4.1 libva2-32bit-2.3.0-150100.7.4.1 libva2-32bit-debuginfo-2.3.0-150100.7.4.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): libva-debugsource-2.3.0-150100.7.4.1 libva-devel-2.3.0-150100.7.4.1 libva-drm2-2.3.0-150100.7.4.1 libva-drm2-debuginfo-2.3.0-150100.7.4.1 libva-x11-2-2.3.0-150100.7.4.1 libva-x11-2-debuginfo-2.3.0-150100.7.4.1 libva2-2.3.0-150100.7.4.1 libva2-debuginfo-2.3.0-150100.7.4.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (x86_64): libva-x11-2-32bit-2.3.0-150100.7.4.1 libva-x11-2-32bit-debuginfo-2.3.0-150100.7.4.1 libva2-32bit-2.3.0-150100.7.4.1 libva2-32bit-debuginfo-2.3.0-150100.7.4.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): libva-debugsource-2.3.0-150100.7.4.1 libva-devel-2.3.0-150100.7.4.1 libva-drm2-2.3.0-150100.7.4.1 libva-drm2-debuginfo-2.3.0-150100.7.4.1 libva-x11-2-2.3.0-150100.7.4.1 libva-x11-2-debuginfo-2.3.0-150100.7.4.1 libva2-2.3.0-150100.7.4.1 libva2-debuginfo-2.3.0-150100.7.4.1 - SUSE Enterprise Storage 6 (x86_64): libva-drm2-32bit-2.3.0-150100.7.4.1 libva-drm2-32bit-debuginfo-2.3.0-150100.7.4.1 libva-x11-2-32bit-2.3.0-150100.7.4.1 libva-x11-2-32bit-debuginfo-2.3.0-150100.7.4.1 libva2-32bit-2.3.0-150100.7.4.1 libva2-32bit-debuginfo-2.3.0-150100.7.4.1 - SUSE CaaS Platform 4.0 (x86_64): libva-debugsource-2.3.0-150100.7.4.1 libva-devel-2.3.0-150100.7.4.1 libva-drm2-2.3.0-150100.7.4.1 libva-drm2-32bit-2.3.0-150100.7.4.1 libva-drm2-32bit-debuginfo-2.3.0-150100.7.4.1 libva-drm2-debuginfo-2.3.0-150100.7.4.1 libva-x11-2-2.3.0-150100.7.4.1 libva-x11-2-32bit-2.3.0-150100.7.4.1 libva-x11-2-32bit-debuginfo-2.3.0-150100.7.4.1 libva-x11-2-debuginfo-2.3.0-150100.7.4.1 libva2-2.3.0-150100.7.4.1 libva2-32bit-2.3.0-150100.7.4.1 libva2-32bit-debuginfo-2.3.0-150100.7.4.1 libva2-debuginfo-2.3.0-150100.7.4.1 References: https://bugzilla.suse.com/1198925 From sle-updates at lists.suse.com Fri Oct 14 13:29:28 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 14 Oct 2022 15:29:28 +0200 (CEST) Subject: SUSE-RU-2022:3591-1: moderate: Recommended update for kdump Message-ID: <20221014132928.E80AAFBAE@maintenance.suse.de> SUSE Recommended Update: Recommended update for kdump ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:3591-1 Rating: moderate References: #1186272 #1201051 Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap Micro 5.2 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for kdump fixes the following issues: - Fix unload issue when secure boot enabled (bsc#1186272) - Fix network-related dracut options handling for fadump case (bsc#1201051) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap Micro 5.2: zypper in -t patch openSUSE-Leap-Micro-5.2-2022-3591=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-3591=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-3591=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-3591=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-3591=1 Package List: - openSUSE Leap Micro 5.2 (aarch64 x86_64): kdump-0.9.0-150300.18.15.1 kdump-debuginfo-0.9.0-150300.18.15.1 kdump-debugsource-0.9.0-150300.18.15.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): kdump-0.9.0-150300.18.15.1 kdump-debuginfo-0.9.0-150300.18.15.1 kdump-debugsource-0.9.0-150300.18.15.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): kdump-0.9.0-150300.18.15.1 kdump-debuginfo-0.9.0-150300.18.15.1 kdump-debugsource-0.9.0-150300.18.15.1 - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): kdump-0.9.0-150300.18.15.1 kdump-debuginfo-0.9.0-150300.18.15.1 kdump-debugsource-0.9.0-150300.18.15.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): kdump-0.9.0-150300.18.15.1 kdump-debuginfo-0.9.0-150300.18.15.1 kdump-debugsource-0.9.0-150300.18.15.1 References: https://bugzilla.suse.com/1186272 https://bugzilla.suse.com/1201051 From sle-updates at lists.suse.com Fri Oct 14 13:30:29 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 14 Oct 2022 15:30:29 +0200 (CEST) Subject: SUSE-SU-2022:3586-1: important: Security update for the Linux Kernel Message-ID: <20221014133029.39DC6FD2F@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3586-1 Rating: important References: #1201309 #1202097 #1202385 #1202677 #1202960 #1203107 #1203552 Cross-References: CVE-2022-2503 CVE-2022-2663 CVE-2022-3239 CVE-2022-39188 CVE-2022-41218 CVSS scores: CVE-2022-2503 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-2503 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-2663 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2022-2663 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N CVE-2022-3239 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3239 (SUSE): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-39188 (NVD) : 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-39188 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-41218 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-41218 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise High Availability 12-SP4 SUSE Linux Enterprise High Performance Computing 12-SP4 SUSE Linux Enterprise Live Patching 12-SP4 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server for SAP 12-SP4 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that solves 5 vulnerabilities and has two fixes is now available. Description: The SUSE Linux Enterprise 12 SP4 kernel was updated The following security bugs were fixed: - CVE-2022-3303: Fixed a race condition in the sound subsystem due to improper locking (bnc#1203769). - CVE-2022-41218: Fixed an use-after-free caused by refcount races in drivers/media/dvb-core/dmxdev.c (bnc#1202960). - CVE-2022-3239: Fixed an use-after-free in the video4linux driver that could lead a local user to able to crash the system or escalate their privileges (bnc#1203552). - CVE-2022-2503: Fixed a bug in dm-verity, device-mapper table reloads allowed users with root privileges to switch out the target with an equivalent dm-linear target and bypass verification till reboot. This allowed root to bypass LoadPin and can be used to load untrusted and unverified kernel modules and firmware, which implies arbitrary kernel execution and persistence for peripherals that do not verify firmware updates (bnc#1202677). - CVE-2022-39188: Fixed a race condition where a device driver can free a page while it still has stale TLB entries. (bnc#1203107). - CVE-2022-2663: Fixed an issue which allowed a firewall to be bypassed when users are using unencrypted IRC with nf_conntrack_irc configured (bnc#1202097). The following non-security bugs were fixed: - dtb: Do not include sources in src.rpm - refer to kernel-source Same as other kernel binary packages there is no need to carry duplicate sources in dtb packages. - net: mana: Add rmb after checking owner bits (git-fixes). - net: mana: Add the Linux MANA PF driver (bug#1201309, jsc#PED-529). - x86/bugs: Reenable retbleed=off While for older kernels the return thunks are statically built in and cannot be dynamically patched out, retbleed=off should still be possible to do so that the mitigation can still be disabled on Intel who do not use the return thunks but IBRS. Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-3586=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2022-3586=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-3586=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-3586=1 - SUSE Linux Enterprise Live Patching 12-SP4: zypper in -t patch SUSE-SLE-Live-Patching-12-SP4-2022-3586=1 Please note that this is the initial kernel livepatch without fixes itself, this livepatch package is later updated by seperate standalone livepatch updates. - SUSE Linux Enterprise High Availability 12-SP4: zypper in -t patch SUSE-SLE-HA-12-SP4-2022-3586=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (noarch): kernel-devel-4.12.14-95.111.1 kernel-macros-4.12.14-95.111.1 kernel-source-4.12.14-95.111.1 - SUSE OpenStack Cloud Crowbar 9 (x86_64): kernel-default-4.12.14-95.111.1 kernel-default-base-4.12.14-95.111.1 kernel-default-base-debuginfo-4.12.14-95.111.1 kernel-default-debuginfo-4.12.14-95.111.1 kernel-default-debugsource-4.12.14-95.111.1 kernel-default-devel-4.12.14-95.111.1 kernel-default-devel-debuginfo-4.12.14-95.111.1 kernel-syms-4.12.14-95.111.1 - SUSE OpenStack Cloud 9 (x86_64): kernel-default-4.12.14-95.111.1 kernel-default-base-4.12.14-95.111.1 kernel-default-base-debuginfo-4.12.14-95.111.1 kernel-default-debuginfo-4.12.14-95.111.1 kernel-default-debugsource-4.12.14-95.111.1 kernel-default-devel-4.12.14-95.111.1 kernel-default-devel-debuginfo-4.12.14-95.111.1 kernel-syms-4.12.14-95.111.1 - SUSE OpenStack Cloud 9 (noarch): kernel-devel-4.12.14-95.111.1 kernel-macros-4.12.14-95.111.1 kernel-source-4.12.14-95.111.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): kernel-default-4.12.14-95.111.1 kernel-default-base-4.12.14-95.111.1 kernel-default-base-debuginfo-4.12.14-95.111.1 kernel-default-debuginfo-4.12.14-95.111.1 kernel-default-debugsource-4.12.14-95.111.1 kernel-default-devel-4.12.14-95.111.1 kernel-syms-4.12.14-95.111.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64): kernel-default-devel-debuginfo-4.12.14-95.111.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (noarch): kernel-devel-4.12.14-95.111.1 kernel-macros-4.12.14-95.111.1 kernel-source-4.12.14-95.111.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): kernel-default-4.12.14-95.111.1 kernel-default-base-4.12.14-95.111.1 kernel-default-base-debuginfo-4.12.14-95.111.1 kernel-default-debuginfo-4.12.14-95.111.1 kernel-default-debugsource-4.12.14-95.111.1 kernel-default-devel-4.12.14-95.111.1 kernel-syms-4.12.14-95.111.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (x86_64): kernel-default-devel-debuginfo-4.12.14-95.111.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (noarch): kernel-devel-4.12.14-95.111.1 kernel-macros-4.12.14-95.111.1 kernel-source-4.12.14-95.111.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (s390x): kernel-default-man-4.12.14-95.111.1 - SUSE Linux Enterprise Live Patching 12-SP4 (ppc64le s390x x86_64): kernel-default-kgraft-4.12.14-95.111.1 kernel-default-kgraft-devel-4.12.14-95.111.1 kgraft-patch-4_12_14-95_111-default-1-6.3.1 - SUSE Linux Enterprise High Availability 12-SP4 (ppc64le s390x x86_64): cluster-md-kmp-default-4.12.14-95.111.1 cluster-md-kmp-default-debuginfo-4.12.14-95.111.1 dlm-kmp-default-4.12.14-95.111.1 dlm-kmp-default-debuginfo-4.12.14-95.111.1 gfs2-kmp-default-4.12.14-95.111.1 gfs2-kmp-default-debuginfo-4.12.14-95.111.1 kernel-default-debuginfo-4.12.14-95.111.1 kernel-default-debugsource-4.12.14-95.111.1 ocfs2-kmp-default-4.12.14-95.111.1 ocfs2-kmp-default-debuginfo-4.12.14-95.111.1 References: https://www.suse.com/security/cve/CVE-2022-2503.html https://www.suse.com/security/cve/CVE-2022-2663.html https://www.suse.com/security/cve/CVE-2022-3239.html https://www.suse.com/security/cve/CVE-2022-39188.html https://www.suse.com/security/cve/CVE-2022-41218.html https://bugzilla.suse.com/1201309 https://bugzilla.suse.com/1202097 https://bugzilla.suse.com/1202385 https://bugzilla.suse.com/1202677 https://bugzilla.suse.com/1202960 https://bugzilla.suse.com/1203107 https://bugzilla.suse.com/1203552 From sle-updates at lists.suse.com Fri Oct 14 13:32:01 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 14 Oct 2022 15:32:01 +0200 (CEST) Subject: SUSE-SU-2022:3587-1: important: Security update for the Linux Kernel Message-ID: <20221014133201.23AD3FD2F@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3587-1 Rating: important References: #1124235 #1129770 #1154048 #1190317 #1199564 #1201309 #1202097 #1202385 #1202677 #1202960 #1203098 #1203107 #1203410 #1203424 #1203462 #1203552 #1203769 #1203935 #1203987 Cross-References: CVE-2022-20008 CVE-2022-2503 CVE-2022-2663 CVE-2022-3239 CVE-2022-3303 CVE-2022-39188 CVE-2022-41218 CVE-2022-41848 CVSS scores: CVE-2022-20008 (NVD) : 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2022-20008 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2022-2503 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-2503 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-2663 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2022-2663 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N CVE-2022-3239 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3239 (SUSE): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-3303 (NVD) : 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3303 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2022-39188 (NVD) : 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-39188 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-41218 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-41218 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-41848 (NVD) : 4.2 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-41848 (SUSE): 6.4 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Desktop 12-SP5 SUSE Linux Enterprise High Availability 12-SP5 SUSE Linux Enterprise High Performance Computing 12-SP5 SUSE Linux Enterprise Live Patching 12-SP5 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Workstation Extension 12-SP5 ______________________________________________________________________________ An update that solves 8 vulnerabilities and has 11 fixes is now available. Description: The SUSE Linux Enterprise 12 SP5 kernel was updated. The following security bugs were fixed: - CVE-2022-3303: Fixed a race condition in the sound subsystem due to improper locking (bnc#1203769). - CVE-2022-41218: Fixed an use-after-free caused by refcount races in drivers/media/dvb-core/dmxdev.c (bnc#1202960). - CVE-2022-3239: Fixed an use-after-free in the video4linux driver that could lead a local user to able to crash the system or escalate their privileges (bnc#1203552). - CVE-2022-41848: Fixed a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling ioctl (bnc#1203987). - CVE-2022-2503: Fixed a vulnerability that allowed root to bypass LoadPin and load untrusted and unverified kernel modules and firmware (bnc#1202677). - CVE-2022-20008: Fixed a bug which allowed to read kernel heap memory due to uninitialized data. This could lead to local information disclosure if reading from an SD card that triggers errors, with no additional execution privileges needed. (bnc#1199564) - CVE-2022-2663: Fixed an issue which allowed a firewall to be bypassed when users are using unencrypted IRC with nf_conntrack_irc configured (bnc#1202097). - CVE-2022-39188: Fixed a race condition where a device driver can free a page while it still has stale TLB entries. (bnc#1203107). The following non-security bugs were fixed: - arm64: cpufeature: Allow different PMU versions in ID_DFR0_EL1 (git-fixes) - cifs: alloc_mid function should be marked as static (bsc#1190317). - cifs: alloc_path_with_tree_prefix: do not append sep. if the path is empty (bsc#1190317). - cifs: change smb2_query_info_compound to use a cached fid, if available (bsc#1190317). - cifs: check for smb1 in open_cached_dir() (bsc#1190317). - cifs: Check the IOCB_DIRECT flag, not O_DIRECT (bsc#1190317). - cifs: clean up an inconsistent indenting (bsc#1190317). - cifs: convert the path to utf16 in smb2_query_info_compound (bsc#1190317). - cifs: Do not use tcon->cfid directly, use the cfid we get from open_cached_dir (bsc#1190317). - cifs: do not use uninitialized data in the owner/group sid (bsc#1190317). - cifs: fix double free race when mount fails in cifs_get_root() (bsc#1190317). - cifs: fix FILE_BOTH_DIRECTORY_INFO definition (bsc#1190317). - cifs: fix handlecache and multiuser (bsc#1190317). - cifs: fix lock length calculation (bsc#1190317). - cifs: fix ntlmssp auth when there is no key exchange (bsc#1190317). - cifs: fix NULL ptr dereference in refresh_mounts() (bsc#1190317). - cifs: fix NULL ptr dereference in smb2_ioctl_query_info() (bsc#1190317). - cifs: fix set of group SID via NTSD xattrs (bsc#1190317). - cifs: fix signed integer overflow when fl_end is OFFSET_MAX (bsc#1190317). - cifs: Fix smb311_update_preauth_hash() kernel-doc comment (bsc#1190317). - cifs: fix the cifs_reconnect path for DFS (bsc#1190317). - cifs: fix uninitialized pointer in error case in dfs_cache_get_tgt_share (bsc#1190317). - cifs: mark sessions for reconnection in helper function (bsc#1190317). - cifs: modefromsids must add an ACE for authenticated users (bsc#1190317). - cifs: move definition of cifs_fattr earlier in cifsglob.h (bsc#1190317). - cifs: move from strlcpy with unused retval to strscpy (bsc#1190317). - cifs: move superblock magic defitions to magic.h (bsc#1190317). - cifs: potential buffer overflow in handling symlinks (bsc#1190317). - cifs: prevent bad output lengths in smb2_ioctl_query_info() (bsc#1190317). - cifs: release cached dentries only if mount is complete (bsc#1190317). - cifs: remove "cifs_" prefix from init/destroy mids functions (bsc#1190317). - cifs: remove check of list iterator against head past the loop body (bsc#1190317). - cifs: remove minor build warning (bsc#1190317). - cifs: remove redundant initialization to variable mnt_sign_enabled (bsc#1190317). - cifs: remove remaining build warnings (bsc#1190317). - cifs: remove repeated debug message on cifs_put_smb_ses() (bsc#1190317). - cifs: remove some camelCase and also some static build warnings (bsc#1190317). - cifs: remove unnecessary (void*) conversions (bsc#1190317). - cifs: remove unused server parameter from calc_smb_size() (bsc#1190317). - cifs: remove useless DeleteMidQEntry() (bsc#1190317). - cifs: remove useless parameter 'is_fsctl' from SMB2_ioctl() (bsc#1190317). - cifs: return errors during session setup during reconnects (bsc#1190317). - cifs: return the more nuanced writeback error on close() (bsc#1190317). - cifs: sanitize multiple delimiters in prepath (bsc#1190317). - cifs: set the CREATE_NOT_FILE when opening the directory in use_cached_dir() (bsc#1190317). - cifs: skip trailing separators of prefix paths (bsc#1190317). - cifs: smbd: fix typo in comment (bsc#1190317). - cifs: Split the smb3_add_credits tracepoint (bsc#1190317). - cifs: use correct lock type in cifs_reconnect() (bsc#1190317). - cifs: Use kzalloc instead of kmalloc/memset (bsc#1190317). - cifs: verify that tcon is valid before dereference in cifs_kill_sb (bsc#1190317). - cifs: version operations for smb20 unneeded when legacy support disabled (bsc#1190317). - cifs: we do not need a spinlock around the tree access during umount (bsc#1190317). - cifs: when extending a file with falloc we should make files not-sparse (bsc#1190317). - dm: thin metadata: Fix use-after-free in dm_bm_set_read_only (bsc#1203462). - dtb: Do not include sources in src.rpm - refer to kernel-source Same as other kernel binary packages there is no need to carry duplicate sources in dtb packages. - fbdev: fb_pm2fb: Avoid potential divide by zero error (bsc#1154048) - ftrace: Fix NULL pointer dereference in is_ftrace_trampoline when ftrace is dead (git-fixes). - Input: iforce - constify usb_device_id and fix space before '[' error (git-fixes). - Input: melfas_mip4 - fix return value check in mip4_probe() (git-fixes). - Input: stop telling users to snail-mail Vojtech (git-fixes). - md-raid10: fix KASAN warning (git-fixes). - md: call __md_stop_writes in md_stop (git-fixes). - net: mana: Add rmb after checking owner bits (git-fixes). - net: mana: Add the Linux MANA PF driver (bug#1201309, jsc#PED-529). - NFS: LOOKUP_DIRECTORY is also ok with symlinks (git-fixes). - NFS: RECLAIM_COMPLETE must handle EACCES (git-fixes). - NFSD: Fix zero-length NFSv3 WRITEs (git-fixes). - powerpc: Use device_type helpers to access the node type (bsc#1203424 ltc#199544). - powerpc/drmem: Make lmb_size 64 bit (bsc#1203424 ltc#199544). - powerpc/memhotplug: Make lmb size 64bit (bsc#1203424 ltc#199544). - ppc64/kdump: Limit kdump base to 512MB (bsc#1203410 ltc#199904). - scsi: ch: Make it possible to open a ch device multiple times again (git-fixes). - scsi: core: Avoid that a kernel warning appears during system resume (git-fixes). - scsi: core: Avoid that system resume triggers a kernel warning (git-fixes). - scsi: fcoe: Embed fc_rport_priv in fcoe_rport structure (git-fixes). - scsi: lpfc: Add missing destroy_workqueue() in error path (git-fixes). - scsi: lpfc: Check the return value of alloc_workqueue() (git-fixes). - scsi: mpt3sas: Do not call disable_irq from IRQ poll handler (git-fixes). - scsi: mpt3sas: Fix ioctl timeout (git-fixes). - scsi: mpt3sas: Fix sync irqs (git-fixes). - scsi: mpt3sas: Fix use-after-free warning (git-fixes). - scsi: qla2xxx: Add debugfs create/delete helpers (bsc#1203935). - scsi: qla2xxx: Add NVMe parameters support in Auxiliary Image Status (bsc#1203935). - scsi: qla2xxx: Always wait for qlt_sess_work_fn() from qlt_stop_phase1() (bsc#1203935). - scsi: qla2xxx: Avoid flush_scheduled_work() usage (bsc#1203935). - scsi: qla2xxx: Disable ATIO interrupt coalesce for quad port ISP27XX (bsc#1203935). - scsi: qla2xxx: Drop DID_TARGET_FAILURE use (bsc#1203935). - scsi: qla2xxx: Fix memory leak in __qlt_24xx_handle_abts() (bsc#1203935). - scsi: qla2xxx: Fix memory leak in __qlt_24xx_handle_abts() (git-fixes). - scsi: qla2xxx: Fix response queue handler reading stale packets (bsc#1203935). - scsi: qla2xxx: Log message "skipping scsi_scan_host()" as informational (bsc#1203935). - scsi: qla2xxx: Remove unused declarations for qla2xxx (bsc#1203935). - scsi: qla2xxx: Remove unused del_sess_list field (bsc#1203935). - scsi: qla2xxx: Remove unused qlt_tmr_work() (bsc#1203935). - scsi: qla2xxx: Revert "scsi: qla2xxx: Fix response queue handler reading stale packets" (bsc#1203935). - scsi: qla2xxx: Update version to 10.02.07.900-k (bsc#1203935). - scsi: sd_zbc: Fix compilation warning (git-fixes). - scsi: sd: enable compat ioctls for sed-opal (git-fixes). - scsi: sd: Fix Opal support (git-fixes). - scsi: sg: Allow waiting for commands to complete on removed device (git-fixes). - scsi: smartpqi: Fix DMA direction for RAID requests (git-fixes). - SMB2: small refactor in smb2_check_message() (bsc#1190317). - SMB3: add trace point for SMB2_set_eof (bsc#1190317). - SMB3: check for null tcon (bsc#1190317). - SMB3: check xattr value length earlier (bsc#1190317). - SMB3: do not set rc when used and unneeded in query_info_compound (bsc#1190317). - SMB3: EBADF/EIO errors in rename/open caused by race condition in smb2_compound_op (bsc#1190317). - SUNRPC: Reinitialise the backchannel request buffers before reuse (git-fixes). - sysfb: Enable boot time VESA graphic mode selection (bsc#1129770) Backporting notes: * context changes * config update - USB: Add ignore-residue quirk for NXP PN7462AU (git-fixes). - USB: cdc-acm: Add Icom PMR F3400 support (0c26:0020) (git-fixes). - USB: core: Prevent nested device-reset calls (git-fixes). - USB: dwc2: fix wrong order of phy_power_on and phy_init (git-fixes). - USB: serial: ftdi_sio: add Belimo device ids (git-fixes). - USB: serial: option: add Quectel EM05-G modem (git-fixes). - USB: serial: option: add Quectel RM500K module support. - USB: serial: option: add support for Cinterion MV31 with new baseline (git-fixes). - USB: serial: option: add Telit LE910Cx 0x1250 composition (git-fixes). - USB: struct usb_device: hide new member (git-fixes). - USB: typec: altmodes/displayport: correct pin assignment for UFP receptacles (git-fixes). - USB: typec: tcpci: Do not skip cleanup in .remove() on error (git-fixes). - usbnet: Fix memory leak in usbnet_disconnect() (git-fixes). - video: fbdev: amba-clcd: Fix refcount leak bugs (bsc#1154048) Backporting notes: * context changes - video: fbdev: arkfb: Check the size of screen before memset_io() (bsc#1154048) - video: fbdev: arkfb: Fix a divide-by-zero bug in ark_set_pixclock() (bsc#1154048) - video: fbdev: s3fb: Check the size of screen before memset_io() (bsc#1154048) - video: fbdev: sis: fix typos in SiS_GetModeID() (bsc#1154048) - video: fbdev: vt8623fb: Check the size of screen before memset_io() (bsc#1154048) - x86/bugs: Reenable retbleed=off While for older kernels the return thunks are statically built in and cannot be dynamically patched out, retbleed=off should still be possible to do so that the mitigation can still be disabled on Intel who do not use the return thunks but IBRS. - xhci: bail out early if driver can't accress host in resume (git-fixes). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP5: zypper in -t patch SUSE-SLE-WE-12-SP5-2022-3587=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-3587=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-3587=1 - SUSE Linux Enterprise Live Patching 12-SP5: zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2022-3587=1 Please note that this is the initial kernel livepatch without fixes itself, this livepatch package is later updated by seperate standalone livepatch updates. - SUSE Linux Enterprise High Availability 12-SP5: zypper in -t patch SUSE-SLE-HA-12-SP5-2022-3587=1 Package List: - SUSE Linux Enterprise Workstation Extension 12-SP5 (x86_64): kernel-default-debuginfo-4.12.14-122.136.1 kernel-default-debugsource-4.12.14-122.136.1 kernel-default-extra-4.12.14-122.136.1 kernel-default-extra-debuginfo-4.12.14-122.136.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): kernel-obs-build-4.12.14-122.136.1 kernel-obs-build-debugsource-4.12.14-122.136.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (noarch): kernel-docs-4.12.14-122.136.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): kernel-default-4.12.14-122.136.1 kernel-default-base-4.12.14-122.136.1 kernel-default-base-debuginfo-4.12.14-122.136.1 kernel-default-debuginfo-4.12.14-122.136.1 kernel-default-debugsource-4.12.14-122.136.1 kernel-default-devel-4.12.14-122.136.1 kernel-syms-4.12.14-122.136.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): kernel-devel-4.12.14-122.136.1 kernel-macros-4.12.14-122.136.1 kernel-source-4.12.14-122.136.1 - SUSE Linux Enterprise Server 12-SP5 (x86_64): kernel-default-devel-debuginfo-4.12.14-122.136.1 - SUSE Linux Enterprise Server 12-SP5 (s390x): kernel-default-man-4.12.14-122.136.1 - SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64): kernel-default-debuginfo-4.12.14-122.136.1 kernel-default-debugsource-4.12.14-122.136.1 kernel-default-kgraft-4.12.14-122.136.1 kernel-default-kgraft-devel-4.12.14-122.136.1 kgraft-patch-4_12_14-122_136-default-1-8.3.1 - SUSE Linux Enterprise High Availability 12-SP5 (ppc64le s390x x86_64): cluster-md-kmp-default-4.12.14-122.136.1 cluster-md-kmp-default-debuginfo-4.12.14-122.136.1 dlm-kmp-default-4.12.14-122.136.1 dlm-kmp-default-debuginfo-4.12.14-122.136.1 gfs2-kmp-default-4.12.14-122.136.1 gfs2-kmp-default-debuginfo-4.12.14-122.136.1 kernel-default-debuginfo-4.12.14-122.136.1 kernel-default-debugsource-4.12.14-122.136.1 ocfs2-kmp-default-4.12.14-122.136.1 ocfs2-kmp-default-debuginfo-4.12.14-122.136.1 References: https://www.suse.com/security/cve/CVE-2022-20008.html https://www.suse.com/security/cve/CVE-2022-2503.html https://www.suse.com/security/cve/CVE-2022-2663.html https://www.suse.com/security/cve/CVE-2022-3239.html https://www.suse.com/security/cve/CVE-2022-3303.html https://www.suse.com/security/cve/CVE-2022-39188.html https://www.suse.com/security/cve/CVE-2022-41218.html https://www.suse.com/security/cve/CVE-2022-41848.html https://bugzilla.suse.com/1124235 https://bugzilla.suse.com/1129770 https://bugzilla.suse.com/1154048 https://bugzilla.suse.com/1190317 https://bugzilla.suse.com/1199564 https://bugzilla.suse.com/1201309 https://bugzilla.suse.com/1202097 https://bugzilla.suse.com/1202385 https://bugzilla.suse.com/1202677 https://bugzilla.suse.com/1202960 https://bugzilla.suse.com/1203098 https://bugzilla.suse.com/1203107 https://bugzilla.suse.com/1203410 https://bugzilla.suse.com/1203424 https://bugzilla.suse.com/1203462 https://bugzilla.suse.com/1203552 https://bugzilla.suse.com/1203769 https://bugzilla.suse.com/1203935 https://bugzilla.suse.com/1203987 From sle-updates at lists.suse.com Fri Oct 14 13:34:19 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 14 Oct 2022 15:34:19 +0200 (CEST) Subject: SUSE-SU-2022:3584-1: important: Security update for the Linux Kernel Message-ID: <20221014133419.09BFFFD2F@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3584-1 Rating: important References: #1124235 #1129770 #1154048 #1190317 #1199564 #1201309 #1202097 #1202385 #1202677 #1202960 #1203098 #1203107 #1203410 #1203424 #1203462 #1203552 #1203769 #1203933 #1203935 #1203987 Cross-References: CVE-2022-20008 CVE-2022-2503 CVE-2022-2663 CVE-2022-3239 CVE-2022-3303 CVE-2022-39188 CVE-2022-41218 CVE-2022-41848 CVSS scores: CVE-2022-20008 (NVD) : 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2022-20008 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2022-2503 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-2503 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-2663 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2022-2663 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N CVE-2022-3239 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3239 (SUSE): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-3303 (NVD) : 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3303 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2022-39188 (NVD) : 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-39188 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-41218 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-41218 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-41848 (NVD) : 4.2 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-41848 (SUSE): 6.4 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that solves 8 vulnerabilities and has 12 fixes is now available. Description: The SUSE Linux Enterprise 12 SP5 kernel was updated. The following security bugs were fixed: - CVE-2022-3303: Fixed a race condition in the sound subsystem due to improper locking (bnc#1203769). - CVE-2022-41218: Fixed an use-after-free caused by refcount races in drivers/media/dvb-core/dmxdev.c (bnc#1202960). - CVE-2022-3239: Fixed an use-after-free in the video4linux driver that could lead a local user to able to crash the system or escalate their privileges (bnc#1203552). - CVE-2022-41848: Fixed a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling ioctl (bnc#1203987). - CVE-2022-2503: Fixed a vulnerability that allowed root to bypass LoadPin and load untrusted and unverified kernel modules and firmware (bnc#1202677). - CVE-2022-20008: Fixed a bug which allowed to read kernel heap memory due to uninitialized data. This could lead to local information disclosure if reading from an SD card that triggers errors, with no additional execution privileges needed. (bnc#1199564) - CVE-2022-2663: Fixed an issue which allowed a firewall to be bypassed when users are using unencrypted IRC with nf_conntrack_irc configured (bnc#1202097). - CVE-2022-39188: Fixed a race condition where a device driver can free a page while it still has stale TLB entries. (bnc#1203107). The following non-security bugs were fixed: - arm64: cpufeature: Allow different PMU versions in ID_DFR0_EL1 (git-fixes) - cifs: alloc_mid function should be marked as static (bsc#1190317). - cifs: alloc_path_with_tree_prefix: do not append sep. if the path is empty (bsc#1190317). - cifs: change smb2_query_info_compound to use a cached fid, if available (bsc#1190317). - cifs: check for smb1 in open_cached_dir() (bsc#1190317). - cifs: Check the IOCB_DIRECT flag, not O_DIRECT (bsc#1190317). - cifs: clean up an inconsistent indenting (bsc#1190317). - cifs: convert the path to utf16 in smb2_query_info_compound (bsc#1190317). - cifs: Do not use tcon->cfid directly, use the cfid we get from open_cached_dir (bsc#1190317). - cifs: do not use uninitialized data in the owner/group sid (bsc#1190317). - cifs: fix double free race when mount fails in cifs_get_root() (bsc#1190317). - cifs: fix FILE_BOTH_DIRECTORY_INFO definition (bsc#1190317). - cifs: fix handlecache and multiuser (bsc#1190317). - cifs: fix lock length calculation (bsc#1190317). - cifs: fix ntlmssp auth when there is no key exchange (bsc#1190317). - cifs: fix NULL ptr dereference in refresh_mounts() (bsc#1190317). - cifs: fix NULL ptr dereference in smb2_ioctl_query_info() (bsc#1190317). - cifs: fix set of group SID via NTSD xattrs (bsc#1190317). - cifs: fix signed integer overflow when fl_end is OFFSET_MAX (bsc#1190317). - cifs: Fix smb311_update_preauth_hash() kernel-doc comment (bsc#1190317). - cifs: fix the cifs_reconnect path for DFS (bsc#1190317). - cifs: fix uninitialized pointer in error case in dfs_cache_get_tgt_share (bsc#1190317). - cifs: mark sessions for reconnection in helper function (bsc#1190317). - cifs: modefromsids must add an ACE for authenticated users (bsc#1190317). - cifs: move definition of cifs_fattr earlier in cifsglob.h (bsc#1190317). - cifs: move from strlcpy with unused retval to strscpy (bsc#1190317). - cifs: move superblock magic defitions to magic.h (bsc#1190317). - cifs: potential buffer overflow in handling symlinks (bsc#1190317). - cifs: prevent bad output lengths in smb2_ioctl_query_info() (bsc#1190317). - cifs: release cached dentries only if mount is complete (bsc#1190317). - cifs: remove "cifs_" prefix from init/destroy mids functions (bsc#1190317). - cifs: remove check of list iterator against head past the loop body (bsc#1190317). - cifs: remove minor build warning (bsc#1190317). - cifs: remove redundant initialization to variable mnt_sign_enabled (bsc#1190317). - cifs: remove remaining build warnings (bsc#1190317). - cifs: remove repeated debug message on cifs_put_smb_ses() (bsc#1190317). - cifs: remove some camelCase and also some static build warnings (bsc#1190317). - cifs: remove unnecessary (void*) conversions (bsc#1190317). - cifs: remove unused server parameter from calc_smb_size() (bsc#1190317). - cifs: remove useless DeleteMidQEntry() (bsc#1190317). - cifs: remove useless parameter 'is_fsctl' from SMB2_ioctl() (bsc#1190317). - cifs: return errors during session setup during reconnects (bsc#1190317). - cifs: return the more nuanced writeback error on close() (bsc#1190317). - cifs: sanitize multiple delimiters in prepath (bsc#1190317). - cifs: set the CREATE_NOT_FILE when opening the directory in use_cached_dir() (bsc#1190317). - cifs: skip trailing separators of prefix paths (bsc#1190317). - cifs: smbd: fix typo in comment (bsc#1190317). - cifs: Split the smb3_add_credits tracepoint (bsc#1190317). - cifs: use correct lock type in cifs_reconnect() (bsc#1190317). - cifs: Use kzalloc instead of kmalloc/memset (bsc#1190317). - cifs: verify that tcon is valid before dereference in cifs_kill_sb (bsc#1190317). - cifs: version operations for smb20 unneeded when legacy support disabled (bsc#1190317). - cifs: we do not need a spinlock around the tree access during umount (bsc#1190317). - cifs: when extending a file with falloc we should make files not-sparse (bsc#1190317). - dm thin metadata: Fix use-after-free in dm_bm_set_read_only (bsc#1203462). - dtb: Do not include sources in src.rpm - refer to kernel-source Same as other kernel binary packages there is no need to carry duplicate sources in dtb packages. - fbdev: fb_pm2fb: Avoid potential divide by zero error (bsc#1154048) - ftrace: Fix NULL pointer dereference in is_ftrace_trampoline when ftrace is dead (git-fixes). - Input: iforce - constify usb_device_id and fix space before '[' error (git-fixes). - Input: melfas_mip4 - fix return value check in mip4_probe() (git-fixes). - Input: stop telling users to snail-mail Vojtech (git-fixes). - md-raid10: fix KASAN warning (git-fixes). - md: call __md_stop_writes in md_stop (git-fixes). - net: mana: Add rmb after checking owner bits (git-fixes). - net: mana: Add the Linux MANA PF driver (bug#1201309, jsc#PED-529). - NFS: LOOKUP_DIRECTORY is also ok with symlinks (git-fixes). - NFS: RECLAIM_COMPLETE must handle EACCES (git-fixes). - NFSD: Fix zero-length NFSv3 WRITEs (git-fixes). - powerpc: Use device_type helpers to access the node type (bsc#1203424 ltc#199544). - powerpc/drmem: Make lmb_size 64 bit (bsc#1203424 ltc#199544). - powerpc/memhotplug: Make lmb size 64bit (bsc#1203424 ltc#199544). - ppc64/kdump: Limit kdump base to 512MB (bsc#1203410 ltc#199904). - scsi: ch: Make it possible to open a ch device multiple times again (git-fixes). - scsi: core: Avoid that a kernel warning appears during system resume (git-fixes). - scsi: core: Avoid that system resume triggers a kernel warning (git-fixes). - scsi: fcoe: Embed fc_rport_priv in fcoe_rport structure (git-fixes). - scsi: lpfc: Add missing destroy_workqueue() in error path (git-fixes). - scsi: lpfc: Check the return value of alloc_workqueue() (git-fixes). - scsi: mpt3sas: Do not call disable_irq from IRQ poll handler (git-fixes). - scsi: mpt3sas: Fix ioctl timeout (git-fixes). - scsi: mpt3sas: Fix sync irqs (git-fixes). - scsi: mpt3sas: Fix use-after-free warning (git-fixes). - scsi: qla2xxx: Add debugfs create/delete helpers (bsc#1203935). - scsi: qla2xxx: Add NVMe parameters support in Auxiliary Image Status (bsc#1203935). - scsi: qla2xxx: Always wait for qlt_sess_work_fn() from qlt_stop_phase1() (bsc#1203935). - scsi: qla2xxx: Avoid flush_scheduled_work() usage (bsc#1203935). - scsi: qla2xxx: Disable ATIO interrupt coalesce for quad port ISP27XX (bsc#1203935). - scsi: qla2xxx: Drop DID_TARGET_FAILURE use (bsc#1203935). - scsi: qla2xxx: Fix memory leak in __qlt_24xx_handle_abts() (bsc#1203935). - scsi: qla2xxx: Fix memory leak in __qlt_24xx_handle_abts() (git-fixes). - scsi: qla2xxx: Fix response queue handler reading stale packets (bsc#1203935). - scsi: qla2xxx: Log message "skipping scsi_scan_host()" as informational (bsc#1203935). - scsi: qla2xxx: Remove unused declarations for qla2xxx (bsc#1203935). - scsi: qla2xxx: Remove unused del_sess_list field (bsc#1203935). - scsi: qla2xxx: Remove unused qlt_tmr_work() (bsc#1203935). - scsi: qla2xxx: Revert "scsi: qla2xxx: Fix response queue handler reading stale packets" (bsc#1203935). - scsi: qla2xxx: Update version to 10.02.07.900-k (bsc#1203935). - scsi: sd_zbc: Fix compilation warning (git-fixes). - scsi: sd: enable compat ioctls for sed-opal (git-fixes). - scsi: sd: Fix Opal support (git-fixes). - scsi: sg: Allow waiting for commands to complete on removed device (git-fixes). - scsi: smartpqi: Fix DMA direction for RAID requests (git-fixes). - smb2: small refactor in smb2_check_message() (bsc#1190317). - smb3: add trace point for SMB2_set_eof (bsc#1190317). - smb3: check for null tcon (bsc#1190317). - smb3: check xattr value length earlier (bsc#1190317). - smb3: do not set rc when used and unneeded in query_info_compound (bsc#1190317). - smb3: EBADF/EIO errors in rename/open caused by race condition in smb2_compound_op (bsc#1190317). - SUNRPC: Reinitialise the backchannel request buffers before reuse (git-fixes). - sysfb: Enable boot time VESA graphic mode selection (bsc#1129770) Backporting notes: * context changes * config update - USB: cdc-acm: Add Icom PMR F3400 support (0c26:0020) (git-fixes). - USB: core: Prevent nested device-reset calls (git-fixes). - USB: dwc2: fix wrong order of phy_power_on and phy_init (git-fixes). - USB: serial: ftdi_sio: add Belimo device ids (git-fixes). - USB: serial: option: add Quectel EM05-G modem (git-fixes). - USB: serial: option: add Quectel RM500K module support. - USB: serial: option: add support for Cinterion MV31 with new baseline (git-fixes). - USB: serial: option: add Telit LE910Cx 0x1250 composition (git-fixes). - USB: Storage: Add ignore-residue quirk for NXP PN7462AU (git-fixes). - USB: struct usb_device: hide new member (git-fixes). - USB: typec: altmodes/displayport: correct pin assignment for UFP receptacles (git-fixes). - USB: typec: tcpci: Do not skip cleanup in .remove() on error (git-fixes). - usbnet: Fix memory leak in usbnet_disconnect() (git-fixes). - video: fbdev: amba-clcd: Fix refcount leak bugs (bsc#1154048) Backporting notes: * context changes - video: fbdev: arkfb: Check the size of screen before memset_io() (bsc#1154048) - video: fbdev: arkfb: Fix a divide-by-zero bug in ark_set_pixclock() (bsc#1154048) - video: fbdev: s3fb: Check the size of screen before memset_io() (bsc#1154048) - video: fbdev: sis: fix typos in SiS_GetModeID() (bsc#1154048) - video: fbdev: vt8623fb: Check the size of screen before memset_io() (bsc#1154048) - x86/bugs: Reenable retbleed=off While for older kernels the return thunks are statically built in and cannot be dynamically patched out, retbleed=off should still be possible to do so that the mitigation can still be disabled on Intel who do not use the return thunks but IBRS. - xhci: bail out early if driver can't accress host in resume (git-fixes). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-3584=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (x86_64): kernel-azure-4.12.14-16.112.1 kernel-azure-base-4.12.14-16.112.1 kernel-azure-base-debuginfo-4.12.14-16.112.1 kernel-azure-debuginfo-4.12.14-16.112.1 kernel-azure-debugsource-4.12.14-16.112.1 kernel-azure-devel-4.12.14-16.112.1 kernel-syms-azure-4.12.14-16.112.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): kernel-devel-azure-4.12.14-16.112.1 kernel-source-azure-4.12.14-16.112.1 References: https://www.suse.com/security/cve/CVE-2022-20008.html https://www.suse.com/security/cve/CVE-2022-2503.html https://www.suse.com/security/cve/CVE-2022-2663.html https://www.suse.com/security/cve/CVE-2022-3239.html https://www.suse.com/security/cve/CVE-2022-3303.html https://www.suse.com/security/cve/CVE-2022-39188.html https://www.suse.com/security/cve/CVE-2022-41218.html https://www.suse.com/security/cve/CVE-2022-41848.html https://bugzilla.suse.com/1124235 https://bugzilla.suse.com/1129770 https://bugzilla.suse.com/1154048 https://bugzilla.suse.com/1190317 https://bugzilla.suse.com/1199564 https://bugzilla.suse.com/1201309 https://bugzilla.suse.com/1202097 https://bugzilla.suse.com/1202385 https://bugzilla.suse.com/1202677 https://bugzilla.suse.com/1202960 https://bugzilla.suse.com/1203098 https://bugzilla.suse.com/1203107 https://bugzilla.suse.com/1203410 https://bugzilla.suse.com/1203424 https://bugzilla.suse.com/1203462 https://bugzilla.suse.com/1203552 https://bugzilla.suse.com/1203769 https://bugzilla.suse.com/1203933 https://bugzilla.suse.com/1203935 https://bugzilla.suse.com/1203987 From sle-updates at lists.suse.com Fri Oct 14 16:19:33 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 14 Oct 2022 18:19:33 +0200 (CEST) Subject: SUSE-SU-2022:3593-1: important: Security update for python3 Message-ID: <20221014161933.43ABEFBAE@maintenance.suse.de> SUSE Security Update: Security update for python3 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3593-1 Rating: important References: #1202624 Cross-References: CVE-2021-28861 CVSS scores: CVE-2021-28861 (NVD) : 7.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N CVE-2021-28861 (SUSE): 7.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Enterprise Storage 7 SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Manager Proxy 4.1 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python3 fixes the following issues: - CVE-2021-28861: Fixed an open redirection vulnerability in the HTTP server when an URI path starts with // (bsc#1202624). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-3593=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-3593=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-3593=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-3593=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-3593=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-3593=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-3593=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-3593=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-3593=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-3593=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-3593=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-3593=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-3593=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-3593=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-3593=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-3593=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-3593=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-3593=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-3593=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-3593=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Manager Server 4.1 (ppc64le s390x x86_64): libpython3_6m1_0-3.6.15-150000.3.109.1 libpython3_6m1_0-debuginfo-3.6.15-150000.3.109.1 python3-3.6.15-150000.3.109.1 python3-base-3.6.15-150000.3.109.1 python3-base-debuginfo-3.6.15-150000.3.109.1 python3-core-debugsource-3.6.15-150000.3.109.1 python3-curses-3.6.15-150000.3.109.1 python3-curses-debuginfo-3.6.15-150000.3.109.1 python3-dbm-3.6.15-150000.3.109.1 python3-dbm-debuginfo-3.6.15-150000.3.109.1 python3-debuginfo-3.6.15-150000.3.109.1 python3-debugsource-3.6.15-150000.3.109.1 python3-devel-3.6.15-150000.3.109.1 python3-devel-debuginfo-3.6.15-150000.3.109.1 python3-idle-3.6.15-150000.3.109.1 python3-tk-3.6.15-150000.3.109.1 python3-tk-debuginfo-3.6.15-150000.3.109.1 python3-tools-3.6.15-150000.3.109.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): libpython3_6m1_0-3.6.15-150000.3.109.1 libpython3_6m1_0-debuginfo-3.6.15-150000.3.109.1 python3-3.6.15-150000.3.109.1 python3-base-3.6.15-150000.3.109.1 python3-base-debuginfo-3.6.15-150000.3.109.1 python3-core-debugsource-3.6.15-150000.3.109.1 python3-curses-3.6.15-150000.3.109.1 python3-curses-debuginfo-3.6.15-150000.3.109.1 python3-dbm-3.6.15-150000.3.109.1 python3-dbm-debuginfo-3.6.15-150000.3.109.1 python3-debuginfo-3.6.15-150000.3.109.1 python3-debugsource-3.6.15-150000.3.109.1 python3-devel-3.6.15-150000.3.109.1 python3-devel-debuginfo-3.6.15-150000.3.109.1 python3-idle-3.6.15-150000.3.109.1 python3-tk-3.6.15-150000.3.109.1 python3-tk-debuginfo-3.6.15-150000.3.109.1 python3-tools-3.6.15-150000.3.109.1 - SUSE Manager Proxy 4.1 (x86_64): libpython3_6m1_0-3.6.15-150000.3.109.1 libpython3_6m1_0-debuginfo-3.6.15-150000.3.109.1 python3-3.6.15-150000.3.109.1 python3-base-3.6.15-150000.3.109.1 python3-base-debuginfo-3.6.15-150000.3.109.1 python3-core-debugsource-3.6.15-150000.3.109.1 python3-curses-3.6.15-150000.3.109.1 python3-curses-debuginfo-3.6.15-150000.3.109.1 python3-dbm-3.6.15-150000.3.109.1 python3-dbm-debuginfo-3.6.15-150000.3.109.1 python3-debuginfo-3.6.15-150000.3.109.1 python3-debugsource-3.6.15-150000.3.109.1 python3-devel-3.6.15-150000.3.109.1 python3-devel-debuginfo-3.6.15-150000.3.109.1 python3-idle-3.6.15-150000.3.109.1 python3-tk-3.6.15-150000.3.109.1 python3-tk-debuginfo-3.6.15-150000.3.109.1 python3-tools-3.6.15-150000.3.109.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): libpython3_6m1_0-3.6.15-150000.3.109.1 libpython3_6m1_0-debuginfo-3.6.15-150000.3.109.1 python3-3.6.15-150000.3.109.1 python3-base-3.6.15-150000.3.109.1 python3-base-debuginfo-3.6.15-150000.3.109.1 python3-core-debugsource-3.6.15-150000.3.109.1 python3-curses-3.6.15-150000.3.109.1 python3-curses-debuginfo-3.6.15-150000.3.109.1 python3-dbm-3.6.15-150000.3.109.1 python3-dbm-debuginfo-3.6.15-150000.3.109.1 python3-debuginfo-3.6.15-150000.3.109.1 python3-debugsource-3.6.15-150000.3.109.1 python3-devel-3.6.15-150000.3.109.1 python3-devel-debuginfo-3.6.15-150000.3.109.1 python3-idle-3.6.15-150000.3.109.1 python3-tk-3.6.15-150000.3.109.1 python3-tk-debuginfo-3.6.15-150000.3.109.1 python3-tools-3.6.15-150000.3.109.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): libpython3_6m1_0-3.6.15-150000.3.109.1 libpython3_6m1_0-debuginfo-3.6.15-150000.3.109.1 python3-3.6.15-150000.3.109.1 python3-base-3.6.15-150000.3.109.1 python3-base-debuginfo-3.6.15-150000.3.109.1 python3-core-debugsource-3.6.15-150000.3.109.1 python3-curses-3.6.15-150000.3.109.1 python3-curses-debuginfo-3.6.15-150000.3.109.1 python3-dbm-3.6.15-150000.3.109.1 python3-dbm-debuginfo-3.6.15-150000.3.109.1 python3-debuginfo-3.6.15-150000.3.109.1 python3-debugsource-3.6.15-150000.3.109.1 python3-devel-3.6.15-150000.3.109.1 python3-devel-debuginfo-3.6.15-150000.3.109.1 python3-idle-3.6.15-150000.3.109.1 python3-testsuite-3.6.15-150000.3.109.1 python3-tk-3.6.15-150000.3.109.1 python3-tk-debuginfo-3.6.15-150000.3.109.1 python3-tools-3.6.15-150000.3.109.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): libpython3_6m1_0-3.6.15-150000.3.109.1 libpython3_6m1_0-debuginfo-3.6.15-150000.3.109.1 python3-3.6.15-150000.3.109.1 python3-base-3.6.15-150000.3.109.1 python3-base-debuginfo-3.6.15-150000.3.109.1 python3-core-debugsource-3.6.15-150000.3.109.1 python3-curses-3.6.15-150000.3.109.1 python3-curses-debuginfo-3.6.15-150000.3.109.1 python3-dbm-3.6.15-150000.3.109.1 python3-dbm-debuginfo-3.6.15-150000.3.109.1 python3-debuginfo-3.6.15-150000.3.109.1 python3-debugsource-3.6.15-150000.3.109.1 python3-devel-3.6.15-150000.3.109.1 python3-devel-debuginfo-3.6.15-150000.3.109.1 python3-idle-3.6.15-150000.3.109.1 python3-tk-3.6.15-150000.3.109.1 python3-tk-debuginfo-3.6.15-150000.3.109.1 python3-tools-3.6.15-150000.3.109.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): libpython3_6m1_0-3.6.15-150000.3.109.1 libpython3_6m1_0-debuginfo-3.6.15-150000.3.109.1 python3-3.6.15-150000.3.109.1 python3-base-3.6.15-150000.3.109.1 python3-base-debuginfo-3.6.15-150000.3.109.1 python3-core-debugsource-3.6.15-150000.3.109.1 python3-curses-3.6.15-150000.3.109.1 python3-curses-debuginfo-3.6.15-150000.3.109.1 python3-dbm-3.6.15-150000.3.109.1 python3-dbm-debuginfo-3.6.15-150000.3.109.1 python3-debuginfo-3.6.15-150000.3.109.1 python3-debugsource-3.6.15-150000.3.109.1 python3-devel-3.6.15-150000.3.109.1 python3-devel-debuginfo-3.6.15-150000.3.109.1 python3-idle-3.6.15-150000.3.109.1 python3-tk-3.6.15-150000.3.109.1 python3-tk-debuginfo-3.6.15-150000.3.109.1 python3-tools-3.6.15-150000.3.109.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): libpython3_6m1_0-3.6.15-150000.3.109.1 libpython3_6m1_0-debuginfo-3.6.15-150000.3.109.1 python3-3.6.15-150000.3.109.1 python3-base-3.6.15-150000.3.109.1 python3-base-debuginfo-3.6.15-150000.3.109.1 python3-core-debugsource-3.6.15-150000.3.109.1 python3-curses-3.6.15-150000.3.109.1 python3-curses-debuginfo-3.6.15-150000.3.109.1 python3-dbm-3.6.15-150000.3.109.1 python3-dbm-debuginfo-3.6.15-150000.3.109.1 python3-debuginfo-3.6.15-150000.3.109.1 python3-debugsource-3.6.15-150000.3.109.1 python3-devel-3.6.15-150000.3.109.1 python3-devel-debuginfo-3.6.15-150000.3.109.1 python3-idle-3.6.15-150000.3.109.1 python3-tk-3.6.15-150000.3.109.1 python3-tk-debuginfo-3.6.15-150000.3.109.1 python3-tools-3.6.15-150000.3.109.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): libpython3_6m1_0-3.6.15-150000.3.109.1 libpython3_6m1_0-debuginfo-3.6.15-150000.3.109.1 python3-3.6.15-150000.3.109.1 python3-base-3.6.15-150000.3.109.1 python3-base-debuginfo-3.6.15-150000.3.109.1 python3-core-debugsource-3.6.15-150000.3.109.1 python3-curses-3.6.15-150000.3.109.1 python3-curses-debuginfo-3.6.15-150000.3.109.1 python3-dbm-3.6.15-150000.3.109.1 python3-dbm-debuginfo-3.6.15-150000.3.109.1 python3-debuginfo-3.6.15-150000.3.109.1 python3-debugsource-3.6.15-150000.3.109.1 python3-devel-3.6.15-150000.3.109.1 python3-devel-debuginfo-3.6.15-150000.3.109.1 python3-idle-3.6.15-150000.3.109.1 python3-testsuite-3.6.15-150000.3.109.1 python3-tk-3.6.15-150000.3.109.1 python3-tk-debuginfo-3.6.15-150000.3.109.1 python3-tools-3.6.15-150000.3.109.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): libpython3_6m1_0-3.6.15-150000.3.109.1 libpython3_6m1_0-debuginfo-3.6.15-150000.3.109.1 python3-3.6.15-150000.3.109.1 python3-base-3.6.15-150000.3.109.1 python3-base-debuginfo-3.6.15-150000.3.109.1 python3-core-debugsource-3.6.15-150000.3.109.1 python3-curses-3.6.15-150000.3.109.1 python3-curses-debuginfo-3.6.15-150000.3.109.1 python3-dbm-3.6.15-150000.3.109.1 python3-dbm-debuginfo-3.6.15-150000.3.109.1 python3-debuginfo-3.6.15-150000.3.109.1 python3-debugsource-3.6.15-150000.3.109.1 python3-devel-3.6.15-150000.3.109.1 python3-devel-debuginfo-3.6.15-150000.3.109.1 python3-idle-3.6.15-150000.3.109.1 python3-testsuite-3.6.15-150000.3.109.1 python3-tk-3.6.15-150000.3.109.1 python3-tk-debuginfo-3.6.15-150000.3.109.1 python3-tools-3.6.15-150000.3.109.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): libpython3_6m1_0-3.6.15-150000.3.109.1 libpython3_6m1_0-debuginfo-3.6.15-150000.3.109.1 python3-3.6.15-150000.3.109.1 python3-base-3.6.15-150000.3.109.1 python3-base-debuginfo-3.6.15-150000.3.109.1 python3-core-debugsource-3.6.15-150000.3.109.1 python3-curses-3.6.15-150000.3.109.1 python3-curses-debuginfo-3.6.15-150000.3.109.1 python3-dbm-3.6.15-150000.3.109.1 python3-dbm-debuginfo-3.6.15-150000.3.109.1 python3-debuginfo-3.6.15-150000.3.109.1 python3-debugsource-3.6.15-150000.3.109.1 python3-devel-3.6.15-150000.3.109.1 python3-devel-debuginfo-3.6.15-150000.3.109.1 python3-idle-3.6.15-150000.3.109.1 python3-tk-3.6.15-150000.3.109.1 python3-tk-debuginfo-3.6.15-150000.3.109.1 python3-tools-3.6.15-150000.3.109.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): libpython3_6m1_0-3.6.15-150000.3.109.1 libpython3_6m1_0-debuginfo-3.6.15-150000.3.109.1 python3-3.6.15-150000.3.109.1 python3-base-3.6.15-150000.3.109.1 python3-base-debuginfo-3.6.15-150000.3.109.1 python3-core-debugsource-3.6.15-150000.3.109.1 python3-debuginfo-3.6.15-150000.3.109.1 python3-debugsource-3.6.15-150000.3.109.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): libpython3_6m1_0-3.6.15-150000.3.109.1 libpython3_6m1_0-debuginfo-3.6.15-150000.3.109.1 python3-3.6.15-150000.3.109.1 python3-base-3.6.15-150000.3.109.1 python3-base-debuginfo-3.6.15-150000.3.109.1 python3-core-debugsource-3.6.15-150000.3.109.1 python3-curses-3.6.15-150000.3.109.1 python3-curses-debuginfo-3.6.15-150000.3.109.1 python3-dbm-3.6.15-150000.3.109.1 python3-dbm-debuginfo-3.6.15-150000.3.109.1 python3-debuginfo-3.6.15-150000.3.109.1 python3-debugsource-3.6.15-150000.3.109.1 python3-devel-3.6.15-150000.3.109.1 python3-devel-debuginfo-3.6.15-150000.3.109.1 python3-idle-3.6.15-150000.3.109.1 python3-tk-3.6.15-150000.3.109.1 python3-tk-debuginfo-3.6.15-150000.3.109.1 python3-tools-3.6.15-150000.3.109.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): libpython3_6m1_0-3.6.15-150000.3.109.1 libpython3_6m1_0-debuginfo-3.6.15-150000.3.109.1 python3-3.6.15-150000.3.109.1 python3-base-3.6.15-150000.3.109.1 python3-base-debuginfo-3.6.15-150000.3.109.1 python3-core-debugsource-3.6.15-150000.3.109.1 python3-curses-3.6.15-150000.3.109.1 python3-curses-debuginfo-3.6.15-150000.3.109.1 python3-dbm-3.6.15-150000.3.109.1 python3-dbm-debuginfo-3.6.15-150000.3.109.1 python3-debuginfo-3.6.15-150000.3.109.1 python3-debugsource-3.6.15-150000.3.109.1 python3-devel-3.6.15-150000.3.109.1 python3-devel-debuginfo-3.6.15-150000.3.109.1 python3-idle-3.6.15-150000.3.109.1 python3-tk-3.6.15-150000.3.109.1 python3-tk-debuginfo-3.6.15-150000.3.109.1 python3-tools-3.6.15-150000.3.109.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): libpython3_6m1_0-3.6.15-150000.3.109.1 libpython3_6m1_0-debuginfo-3.6.15-150000.3.109.1 python3-3.6.15-150000.3.109.1 python3-base-3.6.15-150000.3.109.1 python3-base-debuginfo-3.6.15-150000.3.109.1 python3-core-debugsource-3.6.15-150000.3.109.1 python3-curses-3.6.15-150000.3.109.1 python3-curses-debuginfo-3.6.15-150000.3.109.1 python3-dbm-3.6.15-150000.3.109.1 python3-dbm-debuginfo-3.6.15-150000.3.109.1 python3-debuginfo-3.6.15-150000.3.109.1 python3-debugsource-3.6.15-150000.3.109.1 python3-devel-3.6.15-150000.3.109.1 python3-devel-debuginfo-3.6.15-150000.3.109.1 python3-idle-3.6.15-150000.3.109.1 python3-testsuite-3.6.15-150000.3.109.1 python3-tk-3.6.15-150000.3.109.1 python3-tk-debuginfo-3.6.15-150000.3.109.1 python3-tools-3.6.15-150000.3.109.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): libpython3_6m1_0-3.6.15-150000.3.109.1 libpython3_6m1_0-debuginfo-3.6.15-150000.3.109.1 python3-3.6.15-150000.3.109.1 python3-base-3.6.15-150000.3.109.1 python3-base-debuginfo-3.6.15-150000.3.109.1 python3-core-debugsource-3.6.15-150000.3.109.1 python3-curses-3.6.15-150000.3.109.1 python3-curses-debuginfo-3.6.15-150000.3.109.1 python3-dbm-3.6.15-150000.3.109.1 python3-dbm-debuginfo-3.6.15-150000.3.109.1 python3-debuginfo-3.6.15-150000.3.109.1 python3-debugsource-3.6.15-150000.3.109.1 python3-devel-3.6.15-150000.3.109.1 python3-devel-debuginfo-3.6.15-150000.3.109.1 python3-idle-3.6.15-150000.3.109.1 python3-testsuite-3.6.15-150000.3.109.1 python3-tk-3.6.15-150000.3.109.1 python3-tk-debuginfo-3.6.15-150000.3.109.1 python3-tools-3.6.15-150000.3.109.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): libpython3_6m1_0-3.6.15-150000.3.109.1 libpython3_6m1_0-debuginfo-3.6.15-150000.3.109.1 python3-3.6.15-150000.3.109.1 python3-base-3.6.15-150000.3.109.1 python3-base-debuginfo-3.6.15-150000.3.109.1 python3-core-debugsource-3.6.15-150000.3.109.1 python3-curses-3.6.15-150000.3.109.1 python3-curses-debuginfo-3.6.15-150000.3.109.1 python3-dbm-3.6.15-150000.3.109.1 python3-dbm-debuginfo-3.6.15-150000.3.109.1 python3-debuginfo-3.6.15-150000.3.109.1 python3-debugsource-3.6.15-150000.3.109.1 python3-devel-3.6.15-150000.3.109.1 python3-devel-debuginfo-3.6.15-150000.3.109.1 python3-idle-3.6.15-150000.3.109.1 python3-tk-3.6.15-150000.3.109.1 python3-tk-debuginfo-3.6.15-150000.3.109.1 python3-tools-3.6.15-150000.3.109.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): libpython3_6m1_0-3.6.15-150000.3.109.1 libpython3_6m1_0-debuginfo-3.6.15-150000.3.109.1 python3-3.6.15-150000.3.109.1 python3-base-3.6.15-150000.3.109.1 python3-base-debuginfo-3.6.15-150000.3.109.1 python3-core-debugsource-3.6.15-150000.3.109.1 python3-curses-3.6.15-150000.3.109.1 python3-curses-debuginfo-3.6.15-150000.3.109.1 python3-dbm-3.6.15-150000.3.109.1 python3-dbm-debuginfo-3.6.15-150000.3.109.1 python3-debuginfo-3.6.15-150000.3.109.1 python3-debugsource-3.6.15-150000.3.109.1 python3-devel-3.6.15-150000.3.109.1 python3-devel-debuginfo-3.6.15-150000.3.109.1 python3-idle-3.6.15-150000.3.109.1 python3-tk-3.6.15-150000.3.109.1 python3-tk-debuginfo-3.6.15-150000.3.109.1 python3-tools-3.6.15-150000.3.109.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): libpython3_6m1_0-3.6.15-150000.3.109.1 libpython3_6m1_0-debuginfo-3.6.15-150000.3.109.1 python3-3.6.15-150000.3.109.1 python3-base-3.6.15-150000.3.109.1 python3-base-debuginfo-3.6.15-150000.3.109.1 python3-core-debugsource-3.6.15-150000.3.109.1 python3-curses-3.6.15-150000.3.109.1 python3-curses-debuginfo-3.6.15-150000.3.109.1 python3-dbm-3.6.15-150000.3.109.1 python3-dbm-debuginfo-3.6.15-150000.3.109.1 python3-debuginfo-3.6.15-150000.3.109.1 python3-debugsource-3.6.15-150000.3.109.1 python3-devel-3.6.15-150000.3.109.1 python3-devel-debuginfo-3.6.15-150000.3.109.1 python3-idle-3.6.15-150000.3.109.1 python3-tk-3.6.15-150000.3.109.1 python3-tk-debuginfo-3.6.15-150000.3.109.1 python3-tools-3.6.15-150000.3.109.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): libpython3_6m1_0-3.6.15-150000.3.109.1 libpython3_6m1_0-debuginfo-3.6.15-150000.3.109.1 python3-3.6.15-150000.3.109.1 python3-base-3.6.15-150000.3.109.1 python3-base-debuginfo-3.6.15-150000.3.109.1 python3-core-debugsource-3.6.15-150000.3.109.1 python3-curses-3.6.15-150000.3.109.1 python3-curses-debuginfo-3.6.15-150000.3.109.1 python3-dbm-3.6.15-150000.3.109.1 python3-dbm-debuginfo-3.6.15-150000.3.109.1 python3-debuginfo-3.6.15-150000.3.109.1 python3-debugsource-3.6.15-150000.3.109.1 python3-devel-3.6.15-150000.3.109.1 python3-devel-debuginfo-3.6.15-150000.3.109.1 python3-idle-3.6.15-150000.3.109.1 python3-testsuite-3.6.15-150000.3.109.1 python3-tk-3.6.15-150000.3.109.1 python3-tk-debuginfo-3.6.15-150000.3.109.1 python3-tools-3.6.15-150000.3.109.1 - SUSE CaaS Platform 4.0 (x86_64): libpython3_6m1_0-3.6.15-150000.3.109.1 libpython3_6m1_0-debuginfo-3.6.15-150000.3.109.1 python3-3.6.15-150000.3.109.1 python3-base-3.6.15-150000.3.109.1 python3-base-debuginfo-3.6.15-150000.3.109.1 python3-core-debugsource-3.6.15-150000.3.109.1 python3-curses-3.6.15-150000.3.109.1 python3-curses-debuginfo-3.6.15-150000.3.109.1 python3-dbm-3.6.15-150000.3.109.1 python3-dbm-debuginfo-3.6.15-150000.3.109.1 python3-debuginfo-3.6.15-150000.3.109.1 python3-debugsource-3.6.15-150000.3.109.1 python3-devel-3.6.15-150000.3.109.1 python3-devel-debuginfo-3.6.15-150000.3.109.1 python3-idle-3.6.15-150000.3.109.1 python3-testsuite-3.6.15-150000.3.109.1 python3-tk-3.6.15-150000.3.109.1 python3-tk-debuginfo-3.6.15-150000.3.109.1 python3-tools-3.6.15-150000.3.109.1 References: https://www.suse.com/security/cve/CVE-2021-28861.html https://bugzilla.suse.com/1202624 From sle-updates at lists.suse.com Fri Oct 14 16:20:41 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 14 Oct 2022 18:20:41 +0200 (CEST) Subject: SUSE-RU-2022:3592-1: important: Recommended update for prometheus-ha_cluster_exporter Message-ID: <20221014162041.B730DFBAE@maintenance.suse.de> SUSE Recommended Update: Recommended update for prometheus-ha_cluster_exporter ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:3592-1 Rating: important References: PED-2052 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP5 ______________________________________________________________________________ An update that has 0 recommended fixes and contains one feature can now be installed. Description: This update for prometheus-ha_cluster_exporter fixes the following issues: - Release 1.3.0 (jsc#PED-2052) - Added: - TLS and basic auth support (#200) - sysconfig file now available to override systemd unit CLI arguments (#200) - Changed - **Deprecated**: Some CLI flags were deprecated in favour of new ones according to upstream conventions (#200) - Boilerplate now uses the Prometheus Exporter Toolkit (#200) - Rename dashboard provider subpackage (#196) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP5: zypper in -t patch SUSE-SLE-SAP-12-SP5-2022-3592=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-3592=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP5 (ppc64le x86_64): prometheus-ha_cluster_exporter-1.3.0+git.1653405719.2a65dfc-4.23.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): prometheus-ha_cluster_exporter-1.3.0+git.1653405719.2a65dfc-4.23.1 References: From sle-updates at lists.suse.com Mon Oct 17 10:20:21 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 17 Oct 2022 12:20:21 +0200 (CEST) Subject: SUSE-SU-2022:3594-1: important: Security update for qemu Message-ID: <20221017102021.3190BFBAE@maintenance.suse.de> SUSE Security Update: Security update for qemu ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3594-1 Rating: important References: #1175144 #1182282 #1192115 #1198035 #1198037 #1198038 Cross-References: CVE-2021-3409 CVE-2021-4206 CVE-2021-4207 CVE-2022-0216 CVE-2022-35414 CVSS scores: CVE-2021-3409 (NVD) : 5.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L CVE-2021-3409 (SUSE): 5.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L CVE-2021-4206 (NVD) : 8.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2021-4206 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2021-4207 (NVD) : 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H CVE-2021-4207 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2022-0216 (NVD) : 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2022-0216 (SUSE): 5.3 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2022-35414 (NVD) : 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H CVE-2022-35414 (SUSE): 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H Affected Products: SUSE Enterprise Storage 7 SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Manager Proxy 4.1 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that solves 5 vulnerabilities and has one errata is now available. Description: This update for qemu fixes the following issues: - CVE-2021-3409: Fixed an incomplete fix for CVE-2020-17380 and CVE-2020-25085 in sdhi controller. (bsc#1182282) - CVE-2021-4206: Fixed an integer overflow in cursor_alloc which can lead to heap buffer overflow. (bsc#1198035) - CVE-2021-4207: Fixed a double fetch in qxl_cursor ehich can lead to heap buffer overflow. (bsc#1198037) - CVE-2022-0216: Fixed a use after free issue found in hw/scsi/lsi53c895a.c. (bsc#1198038) - CVE-2022-35414: Fixed an uninitialized read during address translation that leads to a crash. (bsc#1201367) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3594=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-3594=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-3594=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-3594=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-3594=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-3594=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-3594=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-3594=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-3594=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-3594=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-3594=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): qemu-s390-4.2.1-150200.69.1 qemu-s390-debuginfo-4.2.1-150200.69.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): qemu-s390-4.2.1-150200.69.1 qemu-s390-debuginfo-4.2.1-150200.69.1 - SUSE Manager Server 4.1 (ppc64le s390x x86_64): qemu-4.2.1-150200.69.1 qemu-block-curl-4.2.1-150200.69.1 qemu-block-curl-debuginfo-4.2.1-150200.69.1 qemu-block-iscsi-4.2.1-150200.69.1 qemu-block-iscsi-debuginfo-4.2.1-150200.69.1 qemu-block-rbd-4.2.1-150200.69.1 qemu-block-rbd-debuginfo-4.2.1-150200.69.1 qemu-block-ssh-4.2.1-150200.69.1 qemu-block-ssh-debuginfo-4.2.1-150200.69.1 qemu-debuginfo-4.2.1-150200.69.1 qemu-debugsource-4.2.1-150200.69.1 qemu-guest-agent-4.2.1-150200.69.1 qemu-guest-agent-debuginfo-4.2.1-150200.69.1 qemu-lang-4.2.1-150200.69.1 qemu-tools-4.2.1-150200.69.1 qemu-tools-debuginfo-4.2.1-150200.69.1 qemu-ui-spice-app-4.2.1-150200.69.1 qemu-ui-spice-app-debuginfo-4.2.1-150200.69.1 - SUSE Manager Server 4.1 (s390x x86_64): qemu-kvm-4.2.1-150200.69.1 - SUSE Manager Server 4.1 (ppc64le): qemu-ppc-4.2.1-150200.69.1 qemu-ppc-debuginfo-4.2.1-150200.69.1 - SUSE Manager Server 4.1 (noarch): qemu-ipxe-1.0.0+-150200.69.1 qemu-microvm-4.2.1-150200.69.1 qemu-seabios-1.12.1+-150200.69.1 qemu-sgabios-8-150200.69.1 qemu-vgabios-1.12.1+-150200.69.1 - SUSE Manager Server 4.1 (x86_64): qemu-audio-alsa-4.2.1-150200.69.1 qemu-audio-alsa-debuginfo-4.2.1-150200.69.1 qemu-audio-pa-4.2.1-150200.69.1 qemu-audio-pa-debuginfo-4.2.1-150200.69.1 qemu-ui-curses-4.2.1-150200.69.1 qemu-ui-curses-debuginfo-4.2.1-150200.69.1 qemu-ui-gtk-4.2.1-150200.69.1 qemu-ui-gtk-debuginfo-4.2.1-150200.69.1 qemu-x86-4.2.1-150200.69.1 qemu-x86-debuginfo-4.2.1-150200.69.1 - SUSE Manager Server 4.1 (s390x): qemu-s390-4.2.1-150200.69.1 qemu-s390-debuginfo-4.2.1-150200.69.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): qemu-4.2.1-150200.69.1 qemu-audio-alsa-4.2.1-150200.69.1 qemu-audio-alsa-debuginfo-4.2.1-150200.69.1 qemu-audio-pa-4.2.1-150200.69.1 qemu-audio-pa-debuginfo-4.2.1-150200.69.1 qemu-block-curl-4.2.1-150200.69.1 qemu-block-curl-debuginfo-4.2.1-150200.69.1 qemu-block-iscsi-4.2.1-150200.69.1 qemu-block-iscsi-debuginfo-4.2.1-150200.69.1 qemu-block-rbd-4.2.1-150200.69.1 qemu-block-rbd-debuginfo-4.2.1-150200.69.1 qemu-block-ssh-4.2.1-150200.69.1 qemu-block-ssh-debuginfo-4.2.1-150200.69.1 qemu-debuginfo-4.2.1-150200.69.1 qemu-debugsource-4.2.1-150200.69.1 qemu-guest-agent-4.2.1-150200.69.1 qemu-guest-agent-debuginfo-4.2.1-150200.69.1 qemu-kvm-4.2.1-150200.69.1 qemu-lang-4.2.1-150200.69.1 qemu-tools-4.2.1-150200.69.1 qemu-tools-debuginfo-4.2.1-150200.69.1 qemu-ui-curses-4.2.1-150200.69.1 qemu-ui-curses-debuginfo-4.2.1-150200.69.1 qemu-ui-gtk-4.2.1-150200.69.1 qemu-ui-gtk-debuginfo-4.2.1-150200.69.1 qemu-ui-spice-app-4.2.1-150200.69.1 qemu-ui-spice-app-debuginfo-4.2.1-150200.69.1 qemu-x86-4.2.1-150200.69.1 qemu-x86-debuginfo-4.2.1-150200.69.1 - SUSE Manager Retail Branch Server 4.1 (noarch): qemu-ipxe-1.0.0+-150200.69.1 qemu-microvm-4.2.1-150200.69.1 qemu-seabios-1.12.1+-150200.69.1 qemu-sgabios-8-150200.69.1 qemu-vgabios-1.12.1+-150200.69.1 - SUSE Manager Proxy 4.1 (noarch): qemu-ipxe-1.0.0+-150200.69.1 qemu-microvm-4.2.1-150200.69.1 qemu-seabios-1.12.1+-150200.69.1 qemu-sgabios-8-150200.69.1 qemu-vgabios-1.12.1+-150200.69.1 - SUSE Manager Proxy 4.1 (x86_64): qemu-4.2.1-150200.69.1 qemu-audio-alsa-4.2.1-150200.69.1 qemu-audio-alsa-debuginfo-4.2.1-150200.69.1 qemu-audio-pa-4.2.1-150200.69.1 qemu-audio-pa-debuginfo-4.2.1-150200.69.1 qemu-block-curl-4.2.1-150200.69.1 qemu-block-curl-debuginfo-4.2.1-150200.69.1 qemu-block-iscsi-4.2.1-150200.69.1 qemu-block-iscsi-debuginfo-4.2.1-150200.69.1 qemu-block-rbd-4.2.1-150200.69.1 qemu-block-rbd-debuginfo-4.2.1-150200.69.1 qemu-block-ssh-4.2.1-150200.69.1 qemu-block-ssh-debuginfo-4.2.1-150200.69.1 qemu-debuginfo-4.2.1-150200.69.1 qemu-debugsource-4.2.1-150200.69.1 qemu-guest-agent-4.2.1-150200.69.1 qemu-guest-agent-debuginfo-4.2.1-150200.69.1 qemu-kvm-4.2.1-150200.69.1 qemu-lang-4.2.1-150200.69.1 qemu-tools-4.2.1-150200.69.1 qemu-tools-debuginfo-4.2.1-150200.69.1 qemu-ui-curses-4.2.1-150200.69.1 qemu-ui-curses-debuginfo-4.2.1-150200.69.1 qemu-ui-gtk-4.2.1-150200.69.1 qemu-ui-gtk-debuginfo-4.2.1-150200.69.1 qemu-ui-spice-app-4.2.1-150200.69.1 qemu-ui-spice-app-debuginfo-4.2.1-150200.69.1 qemu-x86-4.2.1-150200.69.1 qemu-x86-debuginfo-4.2.1-150200.69.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): qemu-4.2.1-150200.69.1 qemu-block-curl-4.2.1-150200.69.1 qemu-block-curl-debuginfo-4.2.1-150200.69.1 qemu-block-iscsi-4.2.1-150200.69.1 qemu-block-iscsi-debuginfo-4.2.1-150200.69.1 qemu-block-rbd-4.2.1-150200.69.1 qemu-block-rbd-debuginfo-4.2.1-150200.69.1 qemu-block-ssh-4.2.1-150200.69.1 qemu-block-ssh-debuginfo-4.2.1-150200.69.1 qemu-debuginfo-4.2.1-150200.69.1 qemu-debugsource-4.2.1-150200.69.1 qemu-guest-agent-4.2.1-150200.69.1 qemu-guest-agent-debuginfo-4.2.1-150200.69.1 qemu-lang-4.2.1-150200.69.1 qemu-tools-4.2.1-150200.69.1 qemu-tools-debuginfo-4.2.1-150200.69.1 qemu-ui-spice-app-4.2.1-150200.69.1 qemu-ui-spice-app-debuginfo-4.2.1-150200.69.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le): qemu-ppc-4.2.1-150200.69.1 qemu-ppc-debuginfo-4.2.1-150200.69.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (noarch): qemu-ipxe-1.0.0+-150200.69.1 qemu-microvm-4.2.1-150200.69.1 qemu-seabios-1.12.1+-150200.69.1 qemu-sgabios-8-150200.69.1 qemu-vgabios-1.12.1+-150200.69.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (x86_64): qemu-audio-alsa-4.2.1-150200.69.1 qemu-audio-alsa-debuginfo-4.2.1-150200.69.1 qemu-audio-pa-4.2.1-150200.69.1 qemu-audio-pa-debuginfo-4.2.1-150200.69.1 qemu-kvm-4.2.1-150200.69.1 qemu-ui-curses-4.2.1-150200.69.1 qemu-ui-curses-debuginfo-4.2.1-150200.69.1 qemu-ui-gtk-4.2.1-150200.69.1 qemu-ui-gtk-debuginfo-4.2.1-150200.69.1 qemu-x86-4.2.1-150200.69.1 qemu-x86-debuginfo-4.2.1-150200.69.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): qemu-4.2.1-150200.69.1 qemu-block-curl-4.2.1-150200.69.1 qemu-block-curl-debuginfo-4.2.1-150200.69.1 qemu-block-iscsi-4.2.1-150200.69.1 qemu-block-iscsi-debuginfo-4.2.1-150200.69.1 qemu-block-rbd-4.2.1-150200.69.1 qemu-block-rbd-debuginfo-4.2.1-150200.69.1 qemu-block-ssh-4.2.1-150200.69.1 qemu-block-ssh-debuginfo-4.2.1-150200.69.1 qemu-debuginfo-4.2.1-150200.69.1 qemu-debugsource-4.2.1-150200.69.1 qemu-guest-agent-4.2.1-150200.69.1 qemu-guest-agent-debuginfo-4.2.1-150200.69.1 qemu-lang-4.2.1-150200.69.1 qemu-tools-4.2.1-150200.69.1 qemu-tools-debuginfo-4.2.1-150200.69.1 qemu-ui-spice-app-4.2.1-150200.69.1 qemu-ui-spice-app-debuginfo-4.2.1-150200.69.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (s390x x86_64): qemu-kvm-4.2.1-150200.69.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (ppc64le): qemu-ppc-4.2.1-150200.69.1 qemu-ppc-debuginfo-4.2.1-150200.69.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64): qemu-arm-4.2.1-150200.69.1 qemu-arm-debuginfo-4.2.1-150200.69.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (x86_64): qemu-audio-alsa-4.2.1-150200.69.1 qemu-audio-alsa-debuginfo-4.2.1-150200.69.1 qemu-audio-pa-4.2.1-150200.69.1 qemu-audio-pa-debuginfo-4.2.1-150200.69.1 qemu-ui-curses-4.2.1-150200.69.1 qemu-ui-curses-debuginfo-4.2.1-150200.69.1 qemu-ui-gtk-4.2.1-150200.69.1 qemu-ui-gtk-debuginfo-4.2.1-150200.69.1 qemu-x86-4.2.1-150200.69.1 qemu-x86-debuginfo-4.2.1-150200.69.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (noarch): qemu-ipxe-1.0.0+-150200.69.1 qemu-microvm-4.2.1-150200.69.1 qemu-seabios-1.12.1+-150200.69.1 qemu-sgabios-8-150200.69.1 qemu-vgabios-1.12.1+-150200.69.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (s390x): qemu-s390-4.2.1-150200.69.1 qemu-s390-debuginfo-4.2.1-150200.69.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): qemu-4.2.1-150200.69.1 qemu-audio-alsa-4.2.1-150200.69.1 qemu-audio-alsa-debuginfo-4.2.1-150200.69.1 qemu-audio-pa-4.2.1-150200.69.1 qemu-audio-pa-debuginfo-4.2.1-150200.69.1 qemu-block-curl-4.2.1-150200.69.1 qemu-block-curl-debuginfo-4.2.1-150200.69.1 qemu-block-iscsi-4.2.1-150200.69.1 qemu-block-iscsi-debuginfo-4.2.1-150200.69.1 qemu-block-rbd-4.2.1-150200.69.1 qemu-block-rbd-debuginfo-4.2.1-150200.69.1 qemu-block-ssh-4.2.1-150200.69.1 qemu-block-ssh-debuginfo-4.2.1-150200.69.1 qemu-debuginfo-4.2.1-150200.69.1 qemu-debugsource-4.2.1-150200.69.1 qemu-guest-agent-4.2.1-150200.69.1 qemu-guest-agent-debuginfo-4.2.1-150200.69.1 qemu-kvm-4.2.1-150200.69.1 qemu-lang-4.2.1-150200.69.1 qemu-tools-4.2.1-150200.69.1 qemu-tools-debuginfo-4.2.1-150200.69.1 qemu-ui-curses-4.2.1-150200.69.1 qemu-ui-curses-debuginfo-4.2.1-150200.69.1 qemu-ui-gtk-4.2.1-150200.69.1 qemu-ui-gtk-debuginfo-4.2.1-150200.69.1 qemu-ui-spice-app-4.2.1-150200.69.1 qemu-ui-spice-app-debuginfo-4.2.1-150200.69.1 qemu-x86-4.2.1-150200.69.1 qemu-x86-debuginfo-4.2.1-150200.69.1 - SUSE Linux Enterprise Server 15-SP2-BCL (noarch): qemu-ipxe-1.0.0+-150200.69.1 qemu-microvm-4.2.1-150200.69.1 qemu-seabios-1.12.1+-150200.69.1 qemu-sgabios-8-150200.69.1 qemu-vgabios-1.12.1+-150200.69.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): qemu-4.2.1-150200.69.1 qemu-block-curl-4.2.1-150200.69.1 qemu-block-curl-debuginfo-4.2.1-150200.69.1 qemu-block-iscsi-4.2.1-150200.69.1 qemu-block-iscsi-debuginfo-4.2.1-150200.69.1 qemu-block-rbd-4.2.1-150200.69.1 qemu-block-rbd-debuginfo-4.2.1-150200.69.1 qemu-block-ssh-4.2.1-150200.69.1 qemu-block-ssh-debuginfo-4.2.1-150200.69.1 qemu-debuginfo-4.2.1-150200.69.1 qemu-debugsource-4.2.1-150200.69.1 qemu-guest-agent-4.2.1-150200.69.1 qemu-guest-agent-debuginfo-4.2.1-150200.69.1 qemu-lang-4.2.1-150200.69.1 qemu-tools-4.2.1-150200.69.1 qemu-tools-debuginfo-4.2.1-150200.69.1 qemu-ui-spice-app-4.2.1-150200.69.1 qemu-ui-spice-app-debuginfo-4.2.1-150200.69.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64): qemu-arm-4.2.1-150200.69.1 qemu-arm-debuginfo-4.2.1-150200.69.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (noarch): qemu-ipxe-1.0.0+-150200.69.1 qemu-microvm-4.2.1-150200.69.1 qemu-seabios-1.12.1+-150200.69.1 qemu-sgabios-8-150200.69.1 qemu-vgabios-1.12.1+-150200.69.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (x86_64): qemu-audio-alsa-4.2.1-150200.69.1 qemu-audio-alsa-debuginfo-4.2.1-150200.69.1 qemu-audio-pa-4.2.1-150200.69.1 qemu-audio-pa-debuginfo-4.2.1-150200.69.1 qemu-kvm-4.2.1-150200.69.1 qemu-ui-curses-4.2.1-150200.69.1 qemu-ui-curses-debuginfo-4.2.1-150200.69.1 qemu-ui-gtk-4.2.1-150200.69.1 qemu-ui-gtk-debuginfo-4.2.1-150200.69.1 qemu-x86-4.2.1-150200.69.1 qemu-x86-debuginfo-4.2.1-150200.69.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): qemu-4.2.1-150200.69.1 qemu-block-curl-4.2.1-150200.69.1 qemu-block-curl-debuginfo-4.2.1-150200.69.1 qemu-block-iscsi-4.2.1-150200.69.1 qemu-block-iscsi-debuginfo-4.2.1-150200.69.1 qemu-block-rbd-4.2.1-150200.69.1 qemu-block-rbd-debuginfo-4.2.1-150200.69.1 qemu-block-ssh-4.2.1-150200.69.1 qemu-block-ssh-debuginfo-4.2.1-150200.69.1 qemu-debuginfo-4.2.1-150200.69.1 qemu-debugsource-4.2.1-150200.69.1 qemu-guest-agent-4.2.1-150200.69.1 qemu-guest-agent-debuginfo-4.2.1-150200.69.1 qemu-lang-4.2.1-150200.69.1 qemu-tools-4.2.1-150200.69.1 qemu-tools-debuginfo-4.2.1-150200.69.1 qemu-ui-spice-app-4.2.1-150200.69.1 qemu-ui-spice-app-debuginfo-4.2.1-150200.69.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64): qemu-arm-4.2.1-150200.69.1 qemu-arm-debuginfo-4.2.1-150200.69.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (noarch): qemu-ipxe-1.0.0+-150200.69.1 qemu-microvm-4.2.1-150200.69.1 qemu-seabios-1.12.1+-150200.69.1 qemu-sgabios-8-150200.69.1 qemu-vgabios-1.12.1+-150200.69.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (x86_64): qemu-audio-alsa-4.2.1-150200.69.1 qemu-audio-alsa-debuginfo-4.2.1-150200.69.1 qemu-audio-pa-4.2.1-150200.69.1 qemu-audio-pa-debuginfo-4.2.1-150200.69.1 qemu-kvm-4.2.1-150200.69.1 qemu-ui-curses-4.2.1-150200.69.1 qemu-ui-curses-debuginfo-4.2.1-150200.69.1 qemu-ui-gtk-4.2.1-150200.69.1 qemu-ui-gtk-debuginfo-4.2.1-150200.69.1 qemu-x86-4.2.1-150200.69.1 qemu-x86-debuginfo-4.2.1-150200.69.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): qemu-4.2.1-150200.69.1 qemu-block-curl-4.2.1-150200.69.1 qemu-block-curl-debuginfo-4.2.1-150200.69.1 qemu-block-iscsi-4.2.1-150200.69.1 qemu-block-iscsi-debuginfo-4.2.1-150200.69.1 qemu-block-rbd-4.2.1-150200.69.1 qemu-block-rbd-debuginfo-4.2.1-150200.69.1 qemu-block-ssh-4.2.1-150200.69.1 qemu-block-ssh-debuginfo-4.2.1-150200.69.1 qemu-debuginfo-4.2.1-150200.69.1 qemu-debugsource-4.2.1-150200.69.1 qemu-guest-agent-4.2.1-150200.69.1 qemu-guest-agent-debuginfo-4.2.1-150200.69.1 qemu-lang-4.2.1-150200.69.1 qemu-tools-4.2.1-150200.69.1 qemu-tools-debuginfo-4.2.1-150200.69.1 qemu-ui-spice-app-4.2.1-150200.69.1 qemu-ui-spice-app-debuginfo-4.2.1-150200.69.1 - SUSE Enterprise Storage 7 (aarch64): qemu-arm-4.2.1-150200.69.1 qemu-arm-debuginfo-4.2.1-150200.69.1 - SUSE Enterprise Storage 7 (x86_64): qemu-audio-alsa-4.2.1-150200.69.1 qemu-audio-alsa-debuginfo-4.2.1-150200.69.1 qemu-audio-pa-4.2.1-150200.69.1 qemu-audio-pa-debuginfo-4.2.1-150200.69.1 qemu-kvm-4.2.1-150200.69.1 qemu-ui-curses-4.2.1-150200.69.1 qemu-ui-curses-debuginfo-4.2.1-150200.69.1 qemu-ui-gtk-4.2.1-150200.69.1 qemu-ui-gtk-debuginfo-4.2.1-150200.69.1 qemu-x86-4.2.1-150200.69.1 qemu-x86-debuginfo-4.2.1-150200.69.1 - SUSE Enterprise Storage 7 (noarch): qemu-ipxe-1.0.0+-150200.69.1 qemu-microvm-4.2.1-150200.69.1 qemu-seabios-1.12.1+-150200.69.1 qemu-sgabios-8-150200.69.1 qemu-vgabios-1.12.1+-150200.69.1 References: https://www.suse.com/security/cve/CVE-2021-3409.html https://www.suse.com/security/cve/CVE-2021-4206.html https://www.suse.com/security/cve/CVE-2021-4207.html https://www.suse.com/security/cve/CVE-2022-0216.html https://www.suse.com/security/cve/CVE-2022-35414.html https://bugzilla.suse.com/1175144 https://bugzilla.suse.com/1182282 https://bugzilla.suse.com/1192115 https://bugzilla.suse.com/1198035 https://bugzilla.suse.com/1198037 https://bugzilla.suse.com/1198038 From sle-updates at lists.suse.com Mon Oct 17 13:22:33 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 17 Oct 2022 15:22:33 +0200 (CEST) Subject: SUSE-RU-2022:3595-1: moderate: Recommended update for certmonger Message-ID: <20221017132233.9EE6FFD2F@maintenance.suse.de> SUSE Recommended Update: Recommended update for certmonger ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:3595-1 Rating: moderate References: #1197745 Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for certmonger fixes the following issues: - Use "pkgconfig(systemd)" for the BR to allow hacksaw systemd-mini package to satisfy dependencies in the openSUSE Build Service. - Add buildrequires on systemd which is required for correct installation of the .service file. - Update to 0.79.13 (bsc#1197745) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3595=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-3595=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): certmonger-0.79.13-150400.3.3.1 certmonger-debuginfo-0.79.13-150400.3.3.1 certmonger-debugsource-0.79.13-150400.3.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): certmonger-0.79.13-150400.3.3.1 certmonger-debuginfo-0.79.13-150400.3.3.1 certmonger-debugsource-0.79.13-150400.3.3.1 References: https://bugzilla.suse.com/1197745 From sle-updates at lists.suse.com Mon Oct 17 16:23:52 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 17 Oct 2022 18:23:52 +0200 (CEST) Subject: SUSE-SU-2022:3512-2: important: Security update for python Message-ID: <20221017162352.10F5DFD2F@maintenance.suse.de> SUSE Security Update: Security update for python ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3512-2 Rating: important References: #1202624 Cross-References: CVE-2021-28861 CVSS scores: CVE-2021-28861 (NVD) : 7.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N CVE-2021-28861 (SUSE): 7.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Enterprise Storage 7 SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Manager Proxy 4.1 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python fixes the following issues: - CVE-2021-28861: Fixed an open redirection vulnerability in the HTTP server when an URI path starts with // (bsc#1202624). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-3512=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-3512=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-3512=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-3512=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-3512=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-3512=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-3512=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-3512=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-3512=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-3512=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-3512=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-3512=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-3512=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-3512=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-3512=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-3512=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-3512=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-3512=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-3512=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Manager Server 4.1 (ppc64le s390x x86_64): libpython2_7-1_0-2.7.18-150000.44.1 libpython2_7-1_0-debuginfo-2.7.18-150000.44.1 python-2.7.18-150000.44.1 python-base-2.7.18-150000.44.1 python-base-debuginfo-2.7.18-150000.44.1 python-base-debugsource-2.7.18-150000.44.1 python-curses-2.7.18-150000.44.1 python-curses-debuginfo-2.7.18-150000.44.1 python-debuginfo-2.7.18-150000.44.1 python-debugsource-2.7.18-150000.44.1 python-devel-2.7.18-150000.44.1 python-gdbm-2.7.18-150000.44.1 python-gdbm-debuginfo-2.7.18-150000.44.1 python-tk-2.7.18-150000.44.1 python-tk-debuginfo-2.7.18-150000.44.1 python-xml-2.7.18-150000.44.1 python-xml-debuginfo-2.7.18-150000.44.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): libpython2_7-1_0-2.7.18-150000.44.1 libpython2_7-1_0-debuginfo-2.7.18-150000.44.1 python-2.7.18-150000.44.1 python-base-2.7.18-150000.44.1 python-base-debuginfo-2.7.18-150000.44.1 python-base-debugsource-2.7.18-150000.44.1 python-curses-2.7.18-150000.44.1 python-curses-debuginfo-2.7.18-150000.44.1 python-debuginfo-2.7.18-150000.44.1 python-debugsource-2.7.18-150000.44.1 python-devel-2.7.18-150000.44.1 python-gdbm-2.7.18-150000.44.1 python-gdbm-debuginfo-2.7.18-150000.44.1 python-tk-2.7.18-150000.44.1 python-tk-debuginfo-2.7.18-150000.44.1 python-xml-2.7.18-150000.44.1 python-xml-debuginfo-2.7.18-150000.44.1 - SUSE Manager Proxy 4.1 (x86_64): libpython2_7-1_0-2.7.18-150000.44.1 libpython2_7-1_0-debuginfo-2.7.18-150000.44.1 python-2.7.18-150000.44.1 python-base-2.7.18-150000.44.1 python-base-debuginfo-2.7.18-150000.44.1 python-base-debugsource-2.7.18-150000.44.1 python-curses-2.7.18-150000.44.1 python-curses-debuginfo-2.7.18-150000.44.1 python-debuginfo-2.7.18-150000.44.1 python-debugsource-2.7.18-150000.44.1 python-devel-2.7.18-150000.44.1 python-gdbm-2.7.18-150000.44.1 python-gdbm-debuginfo-2.7.18-150000.44.1 python-tk-2.7.18-150000.44.1 python-tk-debuginfo-2.7.18-150000.44.1 python-xml-2.7.18-150000.44.1 python-xml-debuginfo-2.7.18-150000.44.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): libpython2_7-1_0-2.7.18-150000.44.1 libpython2_7-1_0-debuginfo-2.7.18-150000.44.1 python-2.7.18-150000.44.1 python-base-2.7.18-150000.44.1 python-base-debuginfo-2.7.18-150000.44.1 python-base-debugsource-2.7.18-150000.44.1 python-curses-2.7.18-150000.44.1 python-curses-debuginfo-2.7.18-150000.44.1 python-debuginfo-2.7.18-150000.44.1 python-debugsource-2.7.18-150000.44.1 python-devel-2.7.18-150000.44.1 python-gdbm-2.7.18-150000.44.1 python-gdbm-debuginfo-2.7.18-150000.44.1 python-tk-2.7.18-150000.44.1 python-tk-debuginfo-2.7.18-150000.44.1 python-xml-2.7.18-150000.44.1 python-xml-debuginfo-2.7.18-150000.44.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): libpython2_7-1_0-2.7.18-150000.44.1 libpython2_7-1_0-debuginfo-2.7.18-150000.44.1 python-2.7.18-150000.44.1 python-base-2.7.18-150000.44.1 python-base-debuginfo-2.7.18-150000.44.1 python-base-debugsource-2.7.18-150000.44.1 python-curses-2.7.18-150000.44.1 python-curses-debuginfo-2.7.18-150000.44.1 python-debuginfo-2.7.18-150000.44.1 python-debugsource-2.7.18-150000.44.1 python-devel-2.7.18-150000.44.1 python-gdbm-2.7.18-150000.44.1 python-gdbm-debuginfo-2.7.18-150000.44.1 python-tk-2.7.18-150000.44.1 python-tk-debuginfo-2.7.18-150000.44.1 python-xml-2.7.18-150000.44.1 python-xml-debuginfo-2.7.18-150000.44.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): libpython2_7-1_0-2.7.18-150000.44.1 libpython2_7-1_0-debuginfo-2.7.18-150000.44.1 python-2.7.18-150000.44.1 python-base-2.7.18-150000.44.1 python-base-debuginfo-2.7.18-150000.44.1 python-base-debugsource-2.7.18-150000.44.1 python-curses-2.7.18-150000.44.1 python-curses-debuginfo-2.7.18-150000.44.1 python-debuginfo-2.7.18-150000.44.1 python-debugsource-2.7.18-150000.44.1 python-devel-2.7.18-150000.44.1 python-gdbm-2.7.18-150000.44.1 python-gdbm-debuginfo-2.7.18-150000.44.1 python-tk-2.7.18-150000.44.1 python-tk-debuginfo-2.7.18-150000.44.1 python-xml-2.7.18-150000.44.1 python-xml-debuginfo-2.7.18-150000.44.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): libpython2_7-1_0-2.7.18-150000.44.1 libpython2_7-1_0-debuginfo-2.7.18-150000.44.1 python-2.7.18-150000.44.1 python-base-2.7.18-150000.44.1 python-base-debuginfo-2.7.18-150000.44.1 python-base-debugsource-2.7.18-150000.44.1 python-curses-2.7.18-150000.44.1 python-curses-debuginfo-2.7.18-150000.44.1 python-debuginfo-2.7.18-150000.44.1 python-debugsource-2.7.18-150000.44.1 python-devel-2.7.18-150000.44.1 python-gdbm-2.7.18-150000.44.1 python-gdbm-debuginfo-2.7.18-150000.44.1 python-tk-2.7.18-150000.44.1 python-tk-debuginfo-2.7.18-150000.44.1 python-xml-2.7.18-150000.44.1 python-xml-debuginfo-2.7.18-150000.44.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): libpython2_7-1_0-2.7.18-150000.44.1 libpython2_7-1_0-debuginfo-2.7.18-150000.44.1 python-2.7.18-150000.44.1 python-base-2.7.18-150000.44.1 python-base-debuginfo-2.7.18-150000.44.1 python-base-debugsource-2.7.18-150000.44.1 python-debuginfo-2.7.18-150000.44.1 python-debugsource-2.7.18-150000.44.1 python-tk-2.7.18-150000.44.1 python-tk-debuginfo-2.7.18-150000.44.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): libpython2_7-1_0-2.7.18-150000.44.1 libpython2_7-1_0-debuginfo-2.7.18-150000.44.1 python-2.7.18-150000.44.1 python-base-2.7.18-150000.44.1 python-base-debuginfo-2.7.18-150000.44.1 python-base-debugsource-2.7.18-150000.44.1 python-curses-2.7.18-150000.44.1 python-curses-debuginfo-2.7.18-150000.44.1 python-debuginfo-2.7.18-150000.44.1 python-debugsource-2.7.18-150000.44.1 python-devel-2.7.18-150000.44.1 python-gdbm-2.7.18-150000.44.1 python-gdbm-debuginfo-2.7.18-150000.44.1 python-tk-2.7.18-150000.44.1 python-tk-debuginfo-2.7.18-150000.44.1 python-xml-2.7.18-150000.44.1 python-xml-debuginfo-2.7.18-150000.44.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): libpython2_7-1_0-2.7.18-150000.44.1 libpython2_7-1_0-debuginfo-2.7.18-150000.44.1 python-2.7.18-150000.44.1 python-base-2.7.18-150000.44.1 python-base-debuginfo-2.7.18-150000.44.1 python-base-debugsource-2.7.18-150000.44.1 python-curses-2.7.18-150000.44.1 python-curses-debuginfo-2.7.18-150000.44.1 python-debuginfo-2.7.18-150000.44.1 python-debugsource-2.7.18-150000.44.1 python-devel-2.7.18-150000.44.1 python-gdbm-2.7.18-150000.44.1 python-gdbm-debuginfo-2.7.18-150000.44.1 python-tk-2.7.18-150000.44.1 python-tk-debuginfo-2.7.18-150000.44.1 python-xml-2.7.18-150000.44.1 python-xml-debuginfo-2.7.18-150000.44.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): libpython2_7-1_0-2.7.18-150000.44.1 libpython2_7-1_0-debuginfo-2.7.18-150000.44.1 python-2.7.18-150000.44.1 python-base-2.7.18-150000.44.1 python-base-debuginfo-2.7.18-150000.44.1 python-base-debugsource-2.7.18-150000.44.1 python-curses-2.7.18-150000.44.1 python-curses-debuginfo-2.7.18-150000.44.1 python-debuginfo-2.7.18-150000.44.1 python-debugsource-2.7.18-150000.44.1 python-devel-2.7.18-150000.44.1 python-gdbm-2.7.18-150000.44.1 python-gdbm-debuginfo-2.7.18-150000.44.1 python-tk-2.7.18-150000.44.1 python-tk-debuginfo-2.7.18-150000.44.1 python-xml-2.7.18-150000.44.1 python-xml-debuginfo-2.7.18-150000.44.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): libpython2_7-1_0-2.7.18-150000.44.1 libpython2_7-1_0-debuginfo-2.7.18-150000.44.1 python-2.7.18-150000.44.1 python-base-2.7.18-150000.44.1 python-base-debuginfo-2.7.18-150000.44.1 python-base-debugsource-2.7.18-150000.44.1 python-curses-2.7.18-150000.44.1 python-curses-debuginfo-2.7.18-150000.44.1 python-debuginfo-2.7.18-150000.44.1 python-debugsource-2.7.18-150000.44.1 python-devel-2.7.18-150000.44.1 python-gdbm-2.7.18-150000.44.1 python-gdbm-debuginfo-2.7.18-150000.44.1 python-tk-2.7.18-150000.44.1 python-tk-debuginfo-2.7.18-150000.44.1 python-xml-2.7.18-150000.44.1 python-xml-debuginfo-2.7.18-150000.44.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): libpython2_7-1_0-2.7.18-150000.44.1 libpython2_7-1_0-debuginfo-2.7.18-150000.44.1 python-2.7.18-150000.44.1 python-base-2.7.18-150000.44.1 python-base-debuginfo-2.7.18-150000.44.1 python-base-debugsource-2.7.18-150000.44.1 python-curses-2.7.18-150000.44.1 python-curses-debuginfo-2.7.18-150000.44.1 python-debuginfo-2.7.18-150000.44.1 python-debugsource-2.7.18-150000.44.1 python-devel-2.7.18-150000.44.1 python-gdbm-2.7.18-150000.44.1 python-gdbm-debuginfo-2.7.18-150000.44.1 python-tk-2.7.18-150000.44.1 python-tk-debuginfo-2.7.18-150000.44.1 python-xml-2.7.18-150000.44.1 python-xml-debuginfo-2.7.18-150000.44.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): libpython2_7-1_0-2.7.18-150000.44.1 libpython2_7-1_0-debuginfo-2.7.18-150000.44.1 python-2.7.18-150000.44.1 python-base-2.7.18-150000.44.1 python-base-debuginfo-2.7.18-150000.44.1 python-base-debugsource-2.7.18-150000.44.1 python-curses-2.7.18-150000.44.1 python-curses-debuginfo-2.7.18-150000.44.1 python-debuginfo-2.7.18-150000.44.1 python-debugsource-2.7.18-150000.44.1 python-devel-2.7.18-150000.44.1 python-gdbm-2.7.18-150000.44.1 python-gdbm-debuginfo-2.7.18-150000.44.1 python-tk-2.7.18-150000.44.1 python-tk-debuginfo-2.7.18-150000.44.1 python-xml-2.7.18-150000.44.1 python-xml-debuginfo-2.7.18-150000.44.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): libpython2_7-1_0-2.7.18-150000.44.1 libpython2_7-1_0-debuginfo-2.7.18-150000.44.1 python-2.7.18-150000.44.1 python-base-2.7.18-150000.44.1 python-base-debuginfo-2.7.18-150000.44.1 python-base-debugsource-2.7.18-150000.44.1 python-curses-2.7.18-150000.44.1 python-curses-debuginfo-2.7.18-150000.44.1 python-debuginfo-2.7.18-150000.44.1 python-debugsource-2.7.18-150000.44.1 python-devel-2.7.18-150000.44.1 python-gdbm-2.7.18-150000.44.1 python-gdbm-debuginfo-2.7.18-150000.44.1 python-tk-2.7.18-150000.44.1 python-tk-debuginfo-2.7.18-150000.44.1 python-xml-2.7.18-150000.44.1 python-xml-debuginfo-2.7.18-150000.44.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): libpython2_7-1_0-2.7.18-150000.44.1 libpython2_7-1_0-debuginfo-2.7.18-150000.44.1 python-2.7.18-150000.44.1 python-base-2.7.18-150000.44.1 python-base-debuginfo-2.7.18-150000.44.1 python-base-debugsource-2.7.18-150000.44.1 python-curses-2.7.18-150000.44.1 python-curses-debuginfo-2.7.18-150000.44.1 python-debuginfo-2.7.18-150000.44.1 python-debugsource-2.7.18-150000.44.1 python-devel-2.7.18-150000.44.1 python-gdbm-2.7.18-150000.44.1 python-gdbm-debuginfo-2.7.18-150000.44.1 python-tk-2.7.18-150000.44.1 python-tk-debuginfo-2.7.18-150000.44.1 python-xml-2.7.18-150000.44.1 python-xml-debuginfo-2.7.18-150000.44.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): libpython2_7-1_0-2.7.18-150000.44.1 libpython2_7-1_0-debuginfo-2.7.18-150000.44.1 python-2.7.18-150000.44.1 python-base-2.7.18-150000.44.1 python-base-debuginfo-2.7.18-150000.44.1 python-base-debugsource-2.7.18-150000.44.1 python-curses-2.7.18-150000.44.1 python-curses-debuginfo-2.7.18-150000.44.1 python-debuginfo-2.7.18-150000.44.1 python-debugsource-2.7.18-150000.44.1 python-devel-2.7.18-150000.44.1 python-gdbm-2.7.18-150000.44.1 python-gdbm-debuginfo-2.7.18-150000.44.1 python-tk-2.7.18-150000.44.1 python-tk-debuginfo-2.7.18-150000.44.1 python-xml-2.7.18-150000.44.1 python-xml-debuginfo-2.7.18-150000.44.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): libpython2_7-1_0-2.7.18-150000.44.1 libpython2_7-1_0-debuginfo-2.7.18-150000.44.1 python-2.7.18-150000.44.1 python-base-2.7.18-150000.44.1 python-base-debuginfo-2.7.18-150000.44.1 python-base-debugsource-2.7.18-150000.44.1 python-curses-2.7.18-150000.44.1 python-curses-debuginfo-2.7.18-150000.44.1 python-debuginfo-2.7.18-150000.44.1 python-debugsource-2.7.18-150000.44.1 python-devel-2.7.18-150000.44.1 python-gdbm-2.7.18-150000.44.1 python-gdbm-debuginfo-2.7.18-150000.44.1 python-tk-2.7.18-150000.44.1 python-tk-debuginfo-2.7.18-150000.44.1 python-xml-2.7.18-150000.44.1 python-xml-debuginfo-2.7.18-150000.44.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): libpython2_7-1_0-2.7.18-150000.44.1 libpython2_7-1_0-debuginfo-2.7.18-150000.44.1 python-2.7.18-150000.44.1 python-base-2.7.18-150000.44.1 python-base-debuginfo-2.7.18-150000.44.1 python-base-debugsource-2.7.18-150000.44.1 python-curses-2.7.18-150000.44.1 python-curses-debuginfo-2.7.18-150000.44.1 python-debuginfo-2.7.18-150000.44.1 python-debugsource-2.7.18-150000.44.1 python-devel-2.7.18-150000.44.1 python-gdbm-2.7.18-150000.44.1 python-gdbm-debuginfo-2.7.18-150000.44.1 python-tk-2.7.18-150000.44.1 python-tk-debuginfo-2.7.18-150000.44.1 python-xml-2.7.18-150000.44.1 python-xml-debuginfo-2.7.18-150000.44.1 - SUSE CaaS Platform 4.0 (x86_64): libpython2_7-1_0-2.7.18-150000.44.1 libpython2_7-1_0-debuginfo-2.7.18-150000.44.1 python-2.7.18-150000.44.1 python-base-2.7.18-150000.44.1 python-base-debuginfo-2.7.18-150000.44.1 python-base-debugsource-2.7.18-150000.44.1 python-curses-2.7.18-150000.44.1 python-curses-debuginfo-2.7.18-150000.44.1 python-debuginfo-2.7.18-150000.44.1 python-debugsource-2.7.18-150000.44.1 python-devel-2.7.18-150000.44.1 python-gdbm-2.7.18-150000.44.1 python-gdbm-debuginfo-2.7.18-150000.44.1 python-tk-2.7.18-150000.44.1 python-tk-debuginfo-2.7.18-150000.44.1 python-xml-2.7.18-150000.44.1 python-xml-debuginfo-2.7.18-150000.44.1 References: https://www.suse.com/security/cve/CVE-2021-28861.html https://bugzilla.suse.com/1202624 From sle-updates at lists.suse.com Mon Oct 17 16:25:45 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 17 Oct 2022 18:25:45 +0200 (CEST) Subject: SUSE-SU-2022:3597-1: important: Security update for expat Message-ID: <20221017162545.3D4BAFD2F@maintenance.suse.de> SUSE Security Update: Security update for expat ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3597-1 Rating: important References: #1203438 Cross-References: CVE-2022-40674 CVSS scores: CVE-2022-40674 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-40674 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Enterprise Storage 7 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.1 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.1 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap Micro 5.2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for expat fixes the following issues: - CVE-2022-40674: Fixed use-after-free in the doContent function in xmlparse.c (bsc#1203438). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap Micro 5.2: zypper in -t patch openSUSE-Leap-Micro-5.2-2022-3597=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-3597=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-3597=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-3597=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-3597=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-3597=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-3597=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-3597=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-3597=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-3597=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-3597=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-3597=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-3597=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-3597=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-3597=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-3597=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-3597=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-3597=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-3597=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-3597=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-3597=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-3597=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-3597=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-3597=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - openSUSE Leap Micro 5.2 (aarch64 x86_64): expat-debuginfo-2.2.5-150000.3.22.1 expat-debugsource-2.2.5-150000.3.22.1 libexpat1-2.2.5-150000.3.22.1 libexpat1-debuginfo-2.2.5-150000.3.22.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): expat-2.2.5-150000.3.22.1 expat-debuginfo-2.2.5-150000.3.22.1 expat-debugsource-2.2.5-150000.3.22.1 libexpat-devel-2.2.5-150000.3.22.1 libexpat1-2.2.5-150000.3.22.1 libexpat1-debuginfo-2.2.5-150000.3.22.1 - openSUSE Leap 15.3 (x86_64): expat-32bit-debuginfo-2.2.5-150000.3.22.1 libexpat-devel-32bit-2.2.5-150000.3.22.1 libexpat1-32bit-2.2.5-150000.3.22.1 libexpat1-32bit-debuginfo-2.2.5-150000.3.22.1 - SUSE Manager Server 4.1 (ppc64le s390x x86_64): expat-2.2.5-150000.3.22.1 expat-debuginfo-2.2.5-150000.3.22.1 expat-debugsource-2.2.5-150000.3.22.1 libexpat-devel-2.2.5-150000.3.22.1 libexpat1-2.2.5-150000.3.22.1 libexpat1-debuginfo-2.2.5-150000.3.22.1 - SUSE Manager Server 4.1 (x86_64): expat-32bit-debuginfo-2.2.5-150000.3.22.1 libexpat1-32bit-2.2.5-150000.3.22.1 libexpat1-32bit-debuginfo-2.2.5-150000.3.22.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): expat-2.2.5-150000.3.22.1 expat-32bit-debuginfo-2.2.5-150000.3.22.1 expat-debuginfo-2.2.5-150000.3.22.1 expat-debugsource-2.2.5-150000.3.22.1 libexpat-devel-2.2.5-150000.3.22.1 libexpat1-2.2.5-150000.3.22.1 libexpat1-32bit-2.2.5-150000.3.22.1 libexpat1-32bit-debuginfo-2.2.5-150000.3.22.1 libexpat1-debuginfo-2.2.5-150000.3.22.1 - SUSE Manager Proxy 4.1 (x86_64): expat-2.2.5-150000.3.22.1 expat-32bit-debuginfo-2.2.5-150000.3.22.1 expat-debuginfo-2.2.5-150000.3.22.1 expat-debugsource-2.2.5-150000.3.22.1 libexpat-devel-2.2.5-150000.3.22.1 libexpat1-2.2.5-150000.3.22.1 libexpat1-32bit-2.2.5-150000.3.22.1 libexpat1-32bit-debuginfo-2.2.5-150000.3.22.1 libexpat1-debuginfo-2.2.5-150000.3.22.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): expat-2.2.5-150000.3.22.1 expat-debuginfo-2.2.5-150000.3.22.1 expat-debugsource-2.2.5-150000.3.22.1 libexpat-devel-2.2.5-150000.3.22.1 libexpat1-2.2.5-150000.3.22.1 libexpat1-debuginfo-2.2.5-150000.3.22.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (x86_64): expat-32bit-debuginfo-2.2.5-150000.3.22.1 libexpat1-32bit-2.2.5-150000.3.22.1 libexpat1-32bit-debuginfo-2.2.5-150000.3.22.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): expat-2.2.5-150000.3.22.1 expat-debuginfo-2.2.5-150000.3.22.1 expat-debugsource-2.2.5-150000.3.22.1 libexpat-devel-2.2.5-150000.3.22.1 libexpat1-2.2.5-150000.3.22.1 libexpat1-debuginfo-2.2.5-150000.3.22.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (x86_64): expat-32bit-debuginfo-2.2.5-150000.3.22.1 libexpat1-32bit-2.2.5-150000.3.22.1 libexpat1-32bit-debuginfo-2.2.5-150000.3.22.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): expat-2.2.5-150000.3.22.1 expat-debuginfo-2.2.5-150000.3.22.1 expat-debugsource-2.2.5-150000.3.22.1 libexpat-devel-2.2.5-150000.3.22.1 libexpat1-2.2.5-150000.3.22.1 libexpat1-debuginfo-2.2.5-150000.3.22.1 - SUSE Linux Enterprise Server for SAP 15 (x86_64): expat-32bit-debuginfo-2.2.5-150000.3.22.1 libexpat1-32bit-2.2.5-150000.3.22.1 libexpat1-32bit-debuginfo-2.2.5-150000.3.22.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): expat-2.2.5-150000.3.22.1 expat-debuginfo-2.2.5-150000.3.22.1 expat-debugsource-2.2.5-150000.3.22.1 libexpat-devel-2.2.5-150000.3.22.1 libexpat1-2.2.5-150000.3.22.1 libexpat1-debuginfo-2.2.5-150000.3.22.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (x86_64): expat-32bit-debuginfo-2.2.5-150000.3.22.1 libexpat1-32bit-2.2.5-150000.3.22.1 libexpat1-32bit-debuginfo-2.2.5-150000.3.22.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): expat-2.2.5-150000.3.22.1 expat-32bit-debuginfo-2.2.5-150000.3.22.1 expat-debuginfo-2.2.5-150000.3.22.1 expat-debugsource-2.2.5-150000.3.22.1 libexpat-devel-2.2.5-150000.3.22.1 libexpat1-2.2.5-150000.3.22.1 libexpat1-32bit-2.2.5-150000.3.22.1 libexpat1-32bit-debuginfo-2.2.5-150000.3.22.1 libexpat1-debuginfo-2.2.5-150000.3.22.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): expat-2.2.5-150000.3.22.1 expat-debuginfo-2.2.5-150000.3.22.1 expat-debugsource-2.2.5-150000.3.22.1 libexpat-devel-2.2.5-150000.3.22.1 libexpat1-2.2.5-150000.3.22.1 libexpat1-debuginfo-2.2.5-150000.3.22.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (x86_64): expat-32bit-debuginfo-2.2.5-150000.3.22.1 libexpat1-32bit-2.2.5-150000.3.22.1 libexpat1-32bit-debuginfo-2.2.5-150000.3.22.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): expat-2.2.5-150000.3.22.1 expat-32bit-debuginfo-2.2.5-150000.3.22.1 expat-debuginfo-2.2.5-150000.3.22.1 expat-debugsource-2.2.5-150000.3.22.1 libexpat-devel-2.2.5-150000.3.22.1 libexpat1-2.2.5-150000.3.22.1 libexpat1-32bit-2.2.5-150000.3.22.1 libexpat1-32bit-debuginfo-2.2.5-150000.3.22.1 libexpat1-debuginfo-2.2.5-150000.3.22.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): expat-2.2.5-150000.3.22.1 expat-debuginfo-2.2.5-150000.3.22.1 expat-debugsource-2.2.5-150000.3.22.1 libexpat-devel-2.2.5-150000.3.22.1 libexpat1-2.2.5-150000.3.22.1 libexpat1-debuginfo-2.2.5-150000.3.22.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): expat-2.2.5-150000.3.22.1 expat-debuginfo-2.2.5-150000.3.22.1 expat-debugsource-2.2.5-150000.3.22.1 libexpat-devel-2.2.5-150000.3.22.1 libexpat1-2.2.5-150000.3.22.1 libexpat1-debuginfo-2.2.5-150000.3.22.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (x86_64): expat-32bit-debuginfo-2.2.5-150000.3.22.1 libexpat1-32bit-2.2.5-150000.3.22.1 libexpat1-32bit-debuginfo-2.2.5-150000.3.22.1 - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): expat-debuginfo-2.2.5-150000.3.22.1 expat-debugsource-2.2.5-150000.3.22.1 libexpat1-2.2.5-150000.3.22.1 libexpat1-debuginfo-2.2.5-150000.3.22.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): expat-debuginfo-2.2.5-150000.3.22.1 expat-debugsource-2.2.5-150000.3.22.1 libexpat1-2.2.5-150000.3.22.1 libexpat1-debuginfo-2.2.5-150000.3.22.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): expat-2.2.5-150000.3.22.1 expat-debuginfo-2.2.5-150000.3.22.1 expat-debugsource-2.2.5-150000.3.22.1 libexpat-devel-2.2.5-150000.3.22.1 libexpat1-2.2.5-150000.3.22.1 libexpat1-debuginfo-2.2.5-150000.3.22.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (x86_64): expat-32bit-debuginfo-2.2.5-150000.3.22.1 libexpat1-32bit-2.2.5-150000.3.22.1 libexpat1-32bit-debuginfo-2.2.5-150000.3.22.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): expat-2.2.5-150000.3.22.1 expat-debuginfo-2.2.5-150000.3.22.1 expat-debugsource-2.2.5-150000.3.22.1 libexpat-devel-2.2.5-150000.3.22.1 libexpat1-2.2.5-150000.3.22.1 libexpat1-debuginfo-2.2.5-150000.3.22.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (x86_64): expat-32bit-debuginfo-2.2.5-150000.3.22.1 libexpat1-32bit-2.2.5-150000.3.22.1 libexpat1-32bit-debuginfo-2.2.5-150000.3.22.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): expat-2.2.5-150000.3.22.1 expat-debuginfo-2.2.5-150000.3.22.1 expat-debugsource-2.2.5-150000.3.22.1 libexpat-devel-2.2.5-150000.3.22.1 libexpat1-2.2.5-150000.3.22.1 libexpat1-debuginfo-2.2.5-150000.3.22.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (x86_64): expat-32bit-debuginfo-2.2.5-150000.3.22.1 libexpat1-32bit-2.2.5-150000.3.22.1 libexpat1-32bit-debuginfo-2.2.5-150000.3.22.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): expat-2.2.5-150000.3.22.1 expat-debuginfo-2.2.5-150000.3.22.1 expat-debugsource-2.2.5-150000.3.22.1 libexpat-devel-2.2.5-150000.3.22.1 libexpat1-2.2.5-150000.3.22.1 libexpat1-debuginfo-2.2.5-150000.3.22.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (x86_64): expat-32bit-debuginfo-2.2.5-150000.3.22.1 libexpat1-32bit-2.2.5-150000.3.22.1 libexpat1-32bit-debuginfo-2.2.5-150000.3.22.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): expat-2.2.5-150000.3.22.1 expat-debuginfo-2.2.5-150000.3.22.1 expat-debugsource-2.2.5-150000.3.22.1 libexpat-devel-2.2.5-150000.3.22.1 libexpat1-2.2.5-150000.3.22.1 libexpat1-debuginfo-2.2.5-150000.3.22.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (x86_64): expat-32bit-debuginfo-2.2.5-150000.3.22.1 libexpat1-32bit-2.2.5-150000.3.22.1 libexpat1-32bit-debuginfo-2.2.5-150000.3.22.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): expat-2.2.5-150000.3.22.1 expat-debuginfo-2.2.5-150000.3.22.1 expat-debugsource-2.2.5-150000.3.22.1 libexpat-devel-2.2.5-150000.3.22.1 libexpat1-2.2.5-150000.3.22.1 libexpat1-debuginfo-2.2.5-150000.3.22.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (x86_64): expat-32bit-debuginfo-2.2.5-150000.3.22.1 libexpat1-32bit-2.2.5-150000.3.22.1 libexpat1-32bit-debuginfo-2.2.5-150000.3.22.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): expat-2.2.5-150000.3.22.1 expat-debuginfo-2.2.5-150000.3.22.1 expat-debugsource-2.2.5-150000.3.22.1 libexpat-devel-2.2.5-150000.3.22.1 libexpat1-2.2.5-150000.3.22.1 libexpat1-debuginfo-2.2.5-150000.3.22.1 - SUSE Enterprise Storage 7 (x86_64): expat-32bit-debuginfo-2.2.5-150000.3.22.1 libexpat1-32bit-2.2.5-150000.3.22.1 libexpat1-32bit-debuginfo-2.2.5-150000.3.22.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): expat-2.2.5-150000.3.22.1 expat-debuginfo-2.2.5-150000.3.22.1 expat-debugsource-2.2.5-150000.3.22.1 libexpat-devel-2.2.5-150000.3.22.1 libexpat1-2.2.5-150000.3.22.1 libexpat1-debuginfo-2.2.5-150000.3.22.1 - SUSE Enterprise Storage 6 (x86_64): expat-32bit-debuginfo-2.2.5-150000.3.22.1 libexpat1-32bit-2.2.5-150000.3.22.1 libexpat1-32bit-debuginfo-2.2.5-150000.3.22.1 - SUSE CaaS Platform 4.0 (x86_64): expat-2.2.5-150000.3.22.1 expat-32bit-debuginfo-2.2.5-150000.3.22.1 expat-debuginfo-2.2.5-150000.3.22.1 expat-debugsource-2.2.5-150000.3.22.1 libexpat-devel-2.2.5-150000.3.22.1 libexpat1-2.2.5-150000.3.22.1 libexpat1-32bit-2.2.5-150000.3.22.1 libexpat1-32bit-debuginfo-2.2.5-150000.3.22.1 libexpat1-debuginfo-2.2.5-150000.3.22.1 References: https://www.suse.com/security/cve/CVE-2022-40674.html https://bugzilla.suse.com/1203438 From sle-updates at lists.suse.com Mon Oct 17 16:27:39 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 17 Oct 2022 18:27:39 +0200 (CEST) Subject: SUSE-SU-2022:3596-1: important: Security update for squid Message-ID: <20221017162739.147DEFD2F@maintenance.suse.de> SUSE Security Update: Security update for squid ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3596-1 Rating: important References: #1203677 #1203680 Cross-References: CVE-2022-41317 CVE-2022-41318 CVSS scores: CVE-2022-41317 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-41318 (SUSE): 8.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:L/A:H Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Enterprise Storage 7 SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for Server Applications 15-SP3 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.1 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.1 SUSE Manager Server 4.2 openSUSE Leap 15.3 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for squid fixes the following issues: - CVE-2022-41317: Fixed exposure of sensitive information in cache manager (bsc#1203677). - CVE-2022-41318: Fixed buffer overread in SSPI and SMB Authentication (bsc#1203680). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-3596=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-3596=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-3596=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-3596=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-3596=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-3596=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-3596=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-3596=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-3596=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-3596=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-3596=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-3596=1 - SUSE Linux Enterprise Module for Server Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2022-3596=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-3596=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-3596=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-3596=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-3596=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-3596=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-3596=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-3596=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-3596=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): squid-4.17-150000.5.35.1 squid-debuginfo-4.17-150000.5.35.1 squid-debugsource-4.17-150000.5.35.1 - SUSE Manager Server 4.1 (ppc64le s390x x86_64): squid-4.17-150000.5.35.1 squid-debuginfo-4.17-150000.5.35.1 squid-debugsource-4.17-150000.5.35.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): squid-4.17-150000.5.35.1 squid-debuginfo-4.17-150000.5.35.1 squid-debugsource-4.17-150000.5.35.1 - SUSE Manager Proxy 4.1 (x86_64): squid-4.17-150000.5.35.1 squid-debuginfo-4.17-150000.5.35.1 squid-debugsource-4.17-150000.5.35.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): squid-4.17-150000.5.35.1 squid-debuginfo-4.17-150000.5.35.1 squid-debugsource-4.17-150000.5.35.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): squid-4.17-150000.5.35.1 squid-debuginfo-4.17-150000.5.35.1 squid-debugsource-4.17-150000.5.35.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): squid-4.17-150000.5.35.1 squid-debuginfo-4.17-150000.5.35.1 squid-debugsource-4.17-150000.5.35.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): squid-4.17-150000.5.35.1 squid-debuginfo-4.17-150000.5.35.1 squid-debugsource-4.17-150000.5.35.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): squid-4.17-150000.5.35.1 squid-debuginfo-4.17-150000.5.35.1 squid-debugsource-4.17-150000.5.35.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): squid-4.17-150000.5.35.1 squid-debuginfo-4.17-150000.5.35.1 squid-debugsource-4.17-150000.5.35.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): squid-4.17-150000.5.35.1 squid-debuginfo-4.17-150000.5.35.1 squid-debugsource-4.17-150000.5.35.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): squid-4.17-150000.5.35.1 squid-debuginfo-4.17-150000.5.35.1 squid-debugsource-4.17-150000.5.35.1 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (aarch64 ppc64le s390x x86_64): squid-4.17-150000.5.35.1 squid-debuginfo-4.17-150000.5.35.1 squid-debugsource-4.17-150000.5.35.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): squid-4.17-150000.5.35.1 squid-debuginfo-4.17-150000.5.35.1 squid-debugsource-4.17-150000.5.35.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): squid-4.17-150000.5.35.1 squid-debuginfo-4.17-150000.5.35.1 squid-debugsource-4.17-150000.5.35.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): squid-4.17-150000.5.35.1 squid-debuginfo-4.17-150000.5.35.1 squid-debugsource-4.17-150000.5.35.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): squid-4.17-150000.5.35.1 squid-debuginfo-4.17-150000.5.35.1 squid-debugsource-4.17-150000.5.35.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): squid-4.17-150000.5.35.1 squid-debuginfo-4.17-150000.5.35.1 squid-debugsource-4.17-150000.5.35.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): squid-4.17-150000.5.35.1 squid-debuginfo-4.17-150000.5.35.1 squid-debugsource-4.17-150000.5.35.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): squid-4.17-150000.5.35.1 squid-debuginfo-4.17-150000.5.35.1 squid-debugsource-4.17-150000.5.35.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): squid-4.17-150000.5.35.1 squid-debuginfo-4.17-150000.5.35.1 squid-debugsource-4.17-150000.5.35.1 - SUSE CaaS Platform 4.0 (x86_64): squid-4.17-150000.5.35.1 squid-debuginfo-4.17-150000.5.35.1 squid-debugsource-4.17-150000.5.35.1 References: https://www.suse.com/security/cve/CVE-2022-41317.html https://www.suse.com/security/cve/CVE-2022-41318.html https://bugzilla.suse.com/1203677 https://bugzilla.suse.com/1203680 From sle-updates at lists.suse.com Mon Oct 17 16:29:24 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 17 Oct 2022 18:29:24 +0200 (CEST) Subject: SUSE-SU-2022:0134-3: important: Security update for python-numpy Message-ID: <20221017162924.75A54FD2F@maintenance.suse.de> SUSE Security Update: Security update for python-numpy ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0134-3 Rating: important References: #1193907 #1193913 Cross-References: CVE-2021-33430 CVE-2021-41496 CVSS scores: CVE-2021-33430 (NVD) : 5.3 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-33430 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-41496 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-41496 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Enterprise Storage 7 SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Manager Proxy 4.1 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for python-numpy fixes the following issues: - CVE-2021-33430: Fixed buffer overflow that could lead to DoS in PyArray_NewFromDescr_int function of ctors.c (bsc#1193913). - CVE-2021-41496: Fixed buffer overflow that could lead to DoS in array_from_pyobj function of fortranobject.c (bsc#1193907). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-134=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-134=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-134=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-134=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-134=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-134=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-134=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-134=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-134=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-134=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-134=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-134=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-134=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-134=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-134=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-134=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-134=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-134=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-134=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Manager Server 4.1 (ppc64le s390x x86_64): python-numpy-debugsource-1.17.3-10.1 python3-numpy-1.17.3-10.1 python3-numpy-debuginfo-1.17.3-10.1 python3-numpy-devel-1.17.3-10.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): python-numpy-debugsource-1.17.3-10.1 python3-numpy-1.17.3-10.1 python3-numpy-debuginfo-1.17.3-10.1 python3-numpy-devel-1.17.3-10.1 - SUSE Manager Proxy 4.1 (x86_64): python-numpy-debugsource-1.17.3-10.1 python3-numpy-1.17.3-10.1 python3-numpy-debuginfo-1.17.3-10.1 python3-numpy-devel-1.17.3-10.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): python-numpy-debugsource-1.17.3-10.1 python3-numpy-1.17.3-10.1 python3-numpy-debuginfo-1.17.3-10.1 python3-numpy-devel-1.17.3-10.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): python3-numpy-1.17.3-10.1 python3-numpy-debuginfo-1.17.3-10.1 python3-numpy-devel-1.17.3-10.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): python3-numpy-1.17.3-10.1 python3-numpy-debuginfo-1.17.3-10.1 python3-numpy-devel-1.17.3-10.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): python-numpy-debugsource-1.17.3-10.1 python3-numpy-1.17.3-10.1 python3-numpy-debuginfo-1.17.3-10.1 python3-numpy-devel-1.17.3-10.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): python-numpy-debugsource-1.17.3-10.1 python3-numpy-1.17.3-10.1 python3-numpy-debuginfo-1.17.3-10.1 python3-numpy-devel-1.17.3-10.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): python3-numpy-1.17.3-10.1 python3-numpy-debuginfo-1.17.3-10.1 python3-numpy-devel-1.17.3-10.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): python3-numpy-1.17.3-10.1 python3-numpy-debuginfo-1.17.3-10.1 python3-numpy-devel-1.17.3-10.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): python3-numpy-1.17.3-10.1 python3-numpy-debuginfo-1.17.3-10.1 python3-numpy-devel-1.17.3-10.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): python-numpy-debugsource-1.17.3-10.1 python-numpy_1_17_3-gnu-hpc-debugsource-1.17.3-10.1 python3-numpy-1.17.3-10.1 python3-numpy-debuginfo-1.17.3-10.1 python3-numpy-devel-1.17.3-10.1 python3-numpy-gnu-hpc-1.17.3-10.1 python3-numpy-gnu-hpc-devel-1.17.3-10.1 python3-numpy_1_17_3-gnu-hpc-1.17.3-10.1 python3-numpy_1_17_3-gnu-hpc-debuginfo-1.17.3-10.1 python3-numpy_1_17_3-gnu-hpc-devel-1.17.3-10.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): python-numpy-debugsource-1.17.3-10.1 python-numpy_1_17_3-gnu-hpc-debugsource-1.17.3-10.1 python3-numpy-1.17.3-10.1 python3-numpy-debuginfo-1.17.3-10.1 python3-numpy-devel-1.17.3-10.1 python3-numpy-gnu-hpc-1.17.3-10.1 python3-numpy-gnu-hpc-devel-1.17.3-10.1 python3-numpy_1_17_3-gnu-hpc-1.17.3-10.1 python3-numpy_1_17_3-gnu-hpc-debuginfo-1.17.3-10.1 python3-numpy_1_17_3-gnu-hpc-devel-1.17.3-10.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): python-numpy_1_17_3-gnu-hpc-debugsource-1.17.3-10.1 python3-numpy-1.17.3-10.1 python3-numpy-debuginfo-1.17.3-10.1 python3-numpy-devel-1.17.3-10.1 python3-numpy-gnu-hpc-1.17.3-10.1 python3-numpy-gnu-hpc-devel-1.17.3-10.1 python3-numpy_1_17_3-gnu-hpc-1.17.3-10.1 python3-numpy_1_17_3-gnu-hpc-debuginfo-1.17.3-10.1 python3-numpy_1_17_3-gnu-hpc-devel-1.17.3-10.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): python-numpy_1_17_3-gnu-hpc-debugsource-1.17.3-10.1 python3-numpy-1.17.3-10.1 python3-numpy-debuginfo-1.17.3-10.1 python3-numpy-devel-1.17.3-10.1 python3-numpy-gnu-hpc-1.17.3-10.1 python3-numpy-gnu-hpc-devel-1.17.3-10.1 python3-numpy_1_17_3-gnu-hpc-1.17.3-10.1 python3-numpy_1_17_3-gnu-hpc-debuginfo-1.17.3-10.1 python3-numpy_1_17_3-gnu-hpc-devel-1.17.3-10.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): python3-numpy-1.17.3-10.1 python3-numpy-debuginfo-1.17.3-10.1 python3-numpy-devel-1.17.3-10.1 python3-numpy-gnu-hpc-1.17.3-10.1 python3-numpy-gnu-hpc-devel-1.17.3-10.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): python3-numpy-1.17.3-10.1 python3-numpy-debuginfo-1.17.3-10.1 python3-numpy-devel-1.17.3-10.1 python3-numpy-gnu-hpc-1.17.3-10.1 python3-numpy-gnu-hpc-devel-1.17.3-10.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): python-numpy-debugsource-1.17.3-10.1 python3-numpy-1.17.3-10.1 python3-numpy-debuginfo-1.17.3-10.1 python3-numpy-devel-1.17.3-10.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): python3-numpy-1.17.3-10.1 python3-numpy-debuginfo-1.17.3-10.1 python3-numpy-devel-1.17.3-10.1 - SUSE CaaS Platform 4.0 (x86_64): python3-numpy-1.17.3-10.1 python3-numpy-debuginfo-1.17.3-10.1 python3-numpy-devel-1.17.3-10.1 References: https://www.suse.com/security/cve/CVE-2021-33430.html https://www.suse.com/security/cve/CVE-2021-41496.html https://bugzilla.suse.com/1193907 https://bugzilla.suse.com/1193913 From sle-updates at lists.suse.com Mon Oct 17 16:30:45 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 17 Oct 2022 18:30:45 +0200 (CEST) Subject: SUSE-SU-2022:3601-1: important: Security update for the Linux Kernel (Live Patch 3 for SLE 15 SP4) Message-ID: <20221017163045.E8DF2FD2F@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 3 for SLE 15 SP4) ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3601-1 Rating: important References: #1203067 #1203994 #1204290 #1204291 #1204292 Cross-References: CVE-2022-39189 CVE-2022-41674 CVE-2022-42719 CVE-2022-42720 CVE-2022-42721 CVSS scores: CVE-2022-39189 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-39189 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-41674 (SUSE): 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-42719 (SUSE): 7.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-42720 (SUSE): 7.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-42721 (SUSE): 7.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Live Patching 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update for the Linux Kernel 5.14.21-150400_24_21 fixes several issues. The following security issues were fixed: - CVE-2022-41674: Fixed buffer overflow that can be triggered by injected WLAN frames (bsc#1203994). - CVE-2022-42719: Fixed use-after-free in the mac80211 stack when parsing a multi-BSSID element (bsc#1204292). - CVE-2022-42720: Fixed refcounting bugs in the multi-BSS handling of the mac80211 stack (bsc#1204291). - CVE-2022-42721: Fixed list management bug in BSS handling of the mac80211 stack (bsc#1204290). - CVE-2022-39189: Fixed mishandled TLB flush operation in certain KVM_VCPU_PREEMPTED situations (bsc#1203067). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15-SP4: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2022-3601=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15-SP4 (ppc64le s390x x86_64): kernel-livepatch-5_14_21-150400_24_21-default-3-150400.2.1 kernel-livepatch-5_14_21-150400_24_21-default-debuginfo-3-150400.2.1 kernel-livepatch-SLE15-SP4_Update_3-debugsource-3-150400.2.1 References: https://www.suse.com/security/cve/CVE-2022-39189.html https://www.suse.com/security/cve/CVE-2022-41674.html https://www.suse.com/security/cve/CVE-2022-42719.html https://www.suse.com/security/cve/CVE-2022-42720.html https://www.suse.com/security/cve/CVE-2022-42721.html https://bugzilla.suse.com/1203067 https://bugzilla.suse.com/1203994 https://bugzilla.suse.com/1204290 https://bugzilla.suse.com/1204291 https://bugzilla.suse.com/1204292 From sle-updates at lists.suse.com Mon Oct 17 16:32:44 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 17 Oct 2022 18:32:44 +0200 (CEST) Subject: SUSE-SU-2022:3598-1: important: Security update for exiv2 Message-ID: <20221017163244.98D35FD2F@maintenance.suse.de> SUSE Security Update: Security update for exiv2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3598-1 Rating: important References: #1076579 #1086798 #1086810 #1092096 #1114690 #1185447 #1186192 #1188733 #1188756 #1189330 #1189331 #1189332 #1189333 #1189636 #1189780 Cross-References: CVE-2018-10772 CVE-2018-18915 CVE-2018-5772 CVE-2018-8976 CVE-2018-8977 CVE-2020-18898 CVE-2020-18899 CVE-2021-29470 CVE-2021-31291 CVE-2021-31292 CVE-2021-32617 CVE-2021-37618 CVE-2021-37619 CVE-2021-37620 CVE-2021-37621 CVSS scores: CVE-2018-10772 (NVD) : 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2018-10772 (SUSE): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2018-18915 (NVD) : 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2018-18915 (SUSE): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2018-5772 (NVD) : 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2018-5772 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2018-8976 (NVD) : 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2018-8976 (SUSE): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2018-8977 (NVD) : 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2018-8977 (SUSE): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2020-18898 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2020-18898 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2020-18899 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2020-18899 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-29470 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-29470 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-31291 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-31292 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-31292 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-32617 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-32617 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-37618 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-37618 (SUSE): 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2021-37619 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-37619 (SUSE): 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2021-37620 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-37620 (SUSE): 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2021-37621 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-37621 (SUSE): 4.4 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Enterprise Storage 7 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Desktop Applications 15-SP3 SUSE Linux Enterprise Module for Desktop Applications 15-SP4 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.1 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.1 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes 15 vulnerabilities is now available. Description: This update for exiv2 fixes the following issues: - CVE-2021-37621: Fixed denial of service due to infinite loop in Image:printIFDStructure (bsc#1189333). - CVE-2021-37620: Fixed out-of-bounds read in XmpTextValue:read() (bsc#1189332). - CVE-2021-37619: Fixed out-of-bounds read in Exiv2:Jp2Image:encodeJp2Header (bsc#1189331). - CVE-2021-37618: Fixed out-of-bounds read in Exiv2:Jp2Image:printStructure (bsc#1189330). - CVE-2021-32617: Fixed denial of service inside inefficient algorithm (quadratic complexity) (bsc#1186192). - CVE-2021-31292: Fixed integer overflow in CrwMap:encode0x1810 (bsc#1188756). - CVE-2021-31291: Fixed heap-based buffer overflow vulnerability in jp2image.cpp may lead to a denial of service (bsc#1188733). - CVE-2021-29470: Fixed out-of-bounds read in Exiv2:Jp2Image:encodeJp2Header (bsc#1185447). - CVE-2020-18899: Fixed uncontrolled memory allocation (bsc#1189636). - CVE-2020-18898: Fixed remote denial of service in printIFDStructure function (bsc#1189780). - CVE-2018-8977: Fixed remote denial of service in Exiv2::Internal::printCsLensFFFF function in canonmn_int.cpp (bsc#1086798). - CVE-2018-8976: Fixed remote denial of service in image.cpp Exiv2::Internal::stringFormat via out-of-bounds read (bsc#1086810). - CVE-2018-5772: Fixed segmentation fault caused by uncontrolled recursion inthe Exiv2::Image::printIFDStructure (bsc#1076579). - CVE-2018-18915: Fixed an infinite loop in the Exiv2:Image:printIFDStructure function (bsc#1114690). - CVE-2018-10772: Fixed segmentation fault when the function Exiv2::tEXtToDataBuf() is finished (bsc#1092096). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3598=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-3598=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-3598=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-3598=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-3598=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-3598=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-3598=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-3598=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-3598=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-3598=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-3598=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-3598=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-3598=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2022-3598=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP3-2022-3598=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-3598=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-3598=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-3598=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-3598=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-3598=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-3598=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-3598=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-3598=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): exiv2-0.26-150000.6.16.1 exiv2-debuginfo-0.26-150000.6.16.1 exiv2-debugsource-0.26-150000.6.16.1 libexiv2-26-0.26-150000.6.16.1 libexiv2-26-debuginfo-0.26-150000.6.16.1 libexiv2-devel-0.26-150000.6.16.1 libexiv2-doc-0.26-150000.6.16.1 - openSUSE Leap 15.4 (x86_64): libexiv2-26-32bit-0.26-150000.6.16.1 libexiv2-26-32bit-debuginfo-0.26-150000.6.16.1 - openSUSE Leap 15.4 (noarch): exiv2-lang-0.26-150000.6.16.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): exiv2-0.26-150000.6.16.1 exiv2-debuginfo-0.26-150000.6.16.1 exiv2-debugsource-0.26-150000.6.16.1 libexiv2-26-0.26-150000.6.16.1 libexiv2-26-debuginfo-0.26-150000.6.16.1 libexiv2-devel-0.26-150000.6.16.1 libexiv2-doc-0.26-150000.6.16.1 - openSUSE Leap 15.3 (noarch): exiv2-lang-0.26-150000.6.16.1 - openSUSE Leap 15.3 (x86_64): libexiv2-26-32bit-0.26-150000.6.16.1 libexiv2-26-32bit-debuginfo-0.26-150000.6.16.1 - SUSE Manager Server 4.1 (ppc64le s390x x86_64): exiv2-debuginfo-0.26-150000.6.16.1 exiv2-debugsource-0.26-150000.6.16.1 libexiv2-26-0.26-150000.6.16.1 libexiv2-26-debuginfo-0.26-150000.6.16.1 libexiv2-devel-0.26-150000.6.16.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): exiv2-debuginfo-0.26-150000.6.16.1 exiv2-debugsource-0.26-150000.6.16.1 libexiv2-26-0.26-150000.6.16.1 libexiv2-26-debuginfo-0.26-150000.6.16.1 libexiv2-devel-0.26-150000.6.16.1 - SUSE Manager Proxy 4.1 (x86_64): exiv2-debuginfo-0.26-150000.6.16.1 exiv2-debugsource-0.26-150000.6.16.1 libexiv2-26-0.26-150000.6.16.1 libexiv2-26-debuginfo-0.26-150000.6.16.1 libexiv2-devel-0.26-150000.6.16.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): exiv2-debuginfo-0.26-150000.6.16.1 exiv2-debugsource-0.26-150000.6.16.1 libexiv2-26-0.26-150000.6.16.1 libexiv2-26-debuginfo-0.26-150000.6.16.1 libexiv2-devel-0.26-150000.6.16.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): exiv2-debuginfo-0.26-150000.6.16.1 exiv2-debugsource-0.26-150000.6.16.1 libexiv2-26-0.26-150000.6.16.1 libexiv2-26-debuginfo-0.26-150000.6.16.1 libexiv2-devel-0.26-150000.6.16.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): exiv2-debuginfo-0.26-150000.6.16.1 exiv2-debugsource-0.26-150000.6.16.1 libexiv2-26-0.26-150000.6.16.1 libexiv2-26-debuginfo-0.26-150000.6.16.1 libexiv2-devel-0.26-150000.6.16.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): exiv2-debuginfo-0.26-150000.6.16.1 exiv2-debugsource-0.26-150000.6.16.1 libexiv2-26-0.26-150000.6.16.1 libexiv2-26-debuginfo-0.26-150000.6.16.1 libexiv2-devel-0.26-150000.6.16.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): exiv2-debuginfo-0.26-150000.6.16.1 exiv2-debugsource-0.26-150000.6.16.1 libexiv2-26-0.26-150000.6.16.1 libexiv2-26-debuginfo-0.26-150000.6.16.1 libexiv2-devel-0.26-150000.6.16.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): exiv2-debuginfo-0.26-150000.6.16.1 exiv2-debugsource-0.26-150000.6.16.1 libexiv2-26-0.26-150000.6.16.1 libexiv2-26-debuginfo-0.26-150000.6.16.1 libexiv2-devel-0.26-150000.6.16.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): exiv2-debuginfo-0.26-150000.6.16.1 exiv2-debugsource-0.26-150000.6.16.1 libexiv2-26-0.26-150000.6.16.1 libexiv2-26-debuginfo-0.26-150000.6.16.1 libexiv2-devel-0.26-150000.6.16.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): exiv2-debuginfo-0.26-150000.6.16.1 exiv2-debugsource-0.26-150000.6.16.1 libexiv2-26-0.26-150000.6.16.1 libexiv2-26-debuginfo-0.26-150000.6.16.1 libexiv2-devel-0.26-150000.6.16.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4 (aarch64 ppc64le s390x x86_64): exiv2-debuginfo-0.26-150000.6.16.1 exiv2-debugsource-0.26-150000.6.16.1 libexiv2-26-0.26-150000.6.16.1 libexiv2-26-debuginfo-0.26-150000.6.16.1 libexiv2-devel-0.26-150000.6.16.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (aarch64 ppc64le s390x x86_64): exiv2-debuginfo-0.26-150000.6.16.1 exiv2-debugsource-0.26-150000.6.16.1 libexiv2-26-0.26-150000.6.16.1 libexiv2-26-debuginfo-0.26-150000.6.16.1 libexiv2-devel-0.26-150000.6.16.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): exiv2-debuginfo-0.26-150000.6.16.1 exiv2-debugsource-0.26-150000.6.16.1 libexiv2-26-0.26-150000.6.16.1 libexiv2-26-debuginfo-0.26-150000.6.16.1 libexiv2-devel-0.26-150000.6.16.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): exiv2-debuginfo-0.26-150000.6.16.1 exiv2-debugsource-0.26-150000.6.16.1 libexiv2-26-0.26-150000.6.16.1 libexiv2-26-debuginfo-0.26-150000.6.16.1 libexiv2-devel-0.26-150000.6.16.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): exiv2-debuginfo-0.26-150000.6.16.1 exiv2-debugsource-0.26-150000.6.16.1 libexiv2-26-0.26-150000.6.16.1 libexiv2-26-debuginfo-0.26-150000.6.16.1 libexiv2-devel-0.26-150000.6.16.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): exiv2-debuginfo-0.26-150000.6.16.1 exiv2-debugsource-0.26-150000.6.16.1 libexiv2-26-0.26-150000.6.16.1 libexiv2-26-debuginfo-0.26-150000.6.16.1 libexiv2-devel-0.26-150000.6.16.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): exiv2-debuginfo-0.26-150000.6.16.1 exiv2-debugsource-0.26-150000.6.16.1 libexiv2-26-0.26-150000.6.16.1 libexiv2-26-debuginfo-0.26-150000.6.16.1 libexiv2-devel-0.26-150000.6.16.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): exiv2-debuginfo-0.26-150000.6.16.1 exiv2-debugsource-0.26-150000.6.16.1 libexiv2-26-0.26-150000.6.16.1 libexiv2-26-debuginfo-0.26-150000.6.16.1 libexiv2-devel-0.26-150000.6.16.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): exiv2-debuginfo-0.26-150000.6.16.1 exiv2-debugsource-0.26-150000.6.16.1 libexiv2-26-0.26-150000.6.16.1 libexiv2-26-debuginfo-0.26-150000.6.16.1 libexiv2-devel-0.26-150000.6.16.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): exiv2-debuginfo-0.26-150000.6.16.1 exiv2-debugsource-0.26-150000.6.16.1 libexiv2-26-0.26-150000.6.16.1 libexiv2-26-debuginfo-0.26-150000.6.16.1 libexiv2-devel-0.26-150000.6.16.1 - SUSE CaaS Platform 4.0 (x86_64): exiv2-debuginfo-0.26-150000.6.16.1 exiv2-debugsource-0.26-150000.6.16.1 libexiv2-26-0.26-150000.6.16.1 libexiv2-26-debuginfo-0.26-150000.6.16.1 libexiv2-devel-0.26-150000.6.16.1 References: https://www.suse.com/security/cve/CVE-2018-10772.html https://www.suse.com/security/cve/CVE-2018-18915.html https://www.suse.com/security/cve/CVE-2018-5772.html https://www.suse.com/security/cve/CVE-2018-8976.html https://www.suse.com/security/cve/CVE-2018-8977.html https://www.suse.com/security/cve/CVE-2020-18898.html https://www.suse.com/security/cve/CVE-2020-18899.html https://www.suse.com/security/cve/CVE-2021-29470.html https://www.suse.com/security/cve/CVE-2021-31291.html https://www.suse.com/security/cve/CVE-2021-31292.html https://www.suse.com/security/cve/CVE-2021-32617.html https://www.suse.com/security/cve/CVE-2021-37618.html https://www.suse.com/security/cve/CVE-2021-37619.html https://www.suse.com/security/cve/CVE-2021-37620.html https://www.suse.com/security/cve/CVE-2021-37621.html https://bugzilla.suse.com/1076579 https://bugzilla.suse.com/1086798 https://bugzilla.suse.com/1086810 https://bugzilla.suse.com/1092096 https://bugzilla.suse.com/1114690 https://bugzilla.suse.com/1185447 https://bugzilla.suse.com/1186192 https://bugzilla.suse.com/1188733 https://bugzilla.suse.com/1188756 https://bugzilla.suse.com/1189330 https://bugzilla.suse.com/1189331 https://bugzilla.suse.com/1189332 https://bugzilla.suse.com/1189333 https://bugzilla.suse.com/1189636 https://bugzilla.suse.com/1189780 From sle-updates at lists.suse.com Mon Oct 17 16:36:05 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 17 Oct 2022 18:36:05 +0200 (CEST) Subject: SUSE-SU-2022:3599-1: important: Security update for the Linux Kernel Message-ID: <20221017163605.72AE8FD2F@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3599-1 Rating: important References: #1202677 #1202960 #1203552 #1203769 Cross-References: CVE-2022-2503 CVE-2022-3239 CVE-2022-3303 CVE-2022-41218 CVSS scores: CVE-2022-2503 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-2503 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-3239 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3239 (SUSE): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-3303 (NVD) : 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3303 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2022-41218 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-41218 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Server 12-SP3-BCL ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: The SUSE Linux Enterprise 12 SP3 kernel was updated. The following security bugs were fixed: - CVE-2022-3303: Fixed a race condition in the sound subsystem due to improper locking (bnc#1203769). - CVE-2022-41218: Fixed an use-after-free caused by refcount races in drivers/media/dvb-core/dmxdev.c (bnc#1202960). - CVE-2022-3239: Fixed an use-after-free in the video4linux driver that could lead a local user to able to crash the system or escalate their privileges (bnc#1203552). - CVE-2022-2503: Fixed a vulnerability that allowed root to bypass LoadPin and load untrusted and unverified kernel modules and firmware (bnc#1202677). The following non-security bugs were fixed: - x86/bugs: Reenable retbleed=off While for older kernels the return thunks are statically built in and cannot be dynamically patched out, retbleed=off should still be possible to do so that the mitigation can still be disabled on Intel who do not use the return thunks but IBRS. Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2022-3599=1 Package List: - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): kernel-default-4.4.180-94.177.1 kernel-default-base-4.4.180-94.177.1 kernel-default-base-debuginfo-4.4.180-94.177.1 kernel-default-debuginfo-4.4.180-94.177.1 kernel-default-debugsource-4.4.180-94.177.1 kernel-default-devel-4.4.180-94.177.1 kernel-syms-4.4.180-94.177.1 - SUSE Linux Enterprise Server 12-SP3-BCL (noarch): kernel-devel-4.4.180-94.177.1 kernel-macros-4.4.180-94.177.1 kernel-source-4.4.180-94.177.1 References: https://www.suse.com/security/cve/CVE-2022-2503.html https://www.suse.com/security/cve/CVE-2022-3239.html https://www.suse.com/security/cve/CVE-2022-3303.html https://www.suse.com/security/cve/CVE-2022-41218.html https://bugzilla.suse.com/1202677 https://bugzilla.suse.com/1202960 https://bugzilla.suse.com/1203552 https://bugzilla.suse.com/1203769 From sle-updates at lists.suse.com Mon Oct 17 16:35:22 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 17 Oct 2022 18:35:22 +0200 (CEST) Subject: SUSE-RU-2022:3600-1: moderate: Recommended update for python-urlgrabber Message-ID: <20221017163522.CDF8AFD2F@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-urlgrabber ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:3600-1 Rating: moderate References: #1201788 Affected Products: SUSE Linux Enterprise High Performance Computing SUSE Linux Enterprise Module for Legacy Software 15-SP4 SUSE Linux Enterprise Server SUSE Linux Enterprise Server for SAP Applications SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for python-urlgrabber fixes the following issues: - Avoid crashing when setting URLGRABBER_DEBUG=1 environment variable - Incorporate latest changes for the fix of wrong logic on find_proxy method causing proxy not being used (bsc#1201788) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3600=1 - SUSE Linux Enterprise Module for Legacy Software 15-SP4: zypper in -t patch SUSE-SLE-Module-Legacy-15-SP4-2022-3600=1 Package List: - openSUSE Leap 15.4 (noarch): python3-urlgrabber-4.1.0-150400.4.6.1 - SUSE Linux Enterprise Module for Legacy Software 15-SP4 (noarch): python3-urlgrabber-4.1.0-150400.4.6.1 References: https://bugzilla.suse.com/1201788 From sle-updates at lists.suse.com Mon Oct 17 19:20:43 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 17 Oct 2022 21:20:43 +0200 (CEST) Subject: SUSE-SU-2022:3602-1: important: Security update for libreoffice Message-ID: <20221017192043.75C8FFBAE@maintenance.suse.de> SUSE Security Update: Security update for libreoffice ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3602-1 Rating: important References: #1201868 #1201872 #1203209 SLE-23448 Cross-References: CVE-2022-26305 CVE-2022-26307 CVE-2022-3140 CVSS scores: CVE-2022-26305 (NVD) : 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-26305 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-26307 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-26307 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N CVE-2022-3140 (NVD) : 6.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L Affected Products: SUSE Linux Enterprise Desktop 12-SP5 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Workstation Extension 12-SP5 ______________________________________________________________________________ An update that fixes three vulnerabilities, contains one feature is now available. Description: This update for libreoffice fixes the following issues: Updated to version 7.3.6.2 (jsc#SLE-23448): - CVE-2022-3140: Fixed macro URL arbitrary script execution (bsc#1203209). - CVE-2022-26305: Fixed execution of untrusted Macros due to improper certificate validation (bsc#1201868). - CVE-2022-26307: Fixed weak Master Keys in password storage (bsc#1201872). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP5: zypper in -t patch SUSE-SLE-WE-12-SP5-2022-3602=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-3602=1 Package List: - SUSE Linux Enterprise Workstation Extension 12-SP5 (noarch): libreoffice-branding-upstream-7.3.6.2-48.28.1 libreoffice-icon-themes-7.3.6.2-48.28.1 libreoffice-l10n-af-7.3.6.2-48.28.1 libreoffice-l10n-ar-7.3.6.2-48.28.1 libreoffice-l10n-bg-7.3.6.2-48.28.1 libreoffice-l10n-ca-7.3.6.2-48.28.1 libreoffice-l10n-cs-7.3.6.2-48.28.1 libreoffice-l10n-da-7.3.6.2-48.28.1 libreoffice-l10n-de-7.3.6.2-48.28.1 libreoffice-l10n-en-7.3.6.2-48.28.1 libreoffice-l10n-es-7.3.6.2-48.28.1 libreoffice-l10n-fi-7.3.6.2-48.28.1 libreoffice-l10n-fr-7.3.6.2-48.28.1 libreoffice-l10n-gu-7.3.6.2-48.28.1 libreoffice-l10n-hi-7.3.6.2-48.28.1 libreoffice-l10n-hr-7.3.6.2-48.28.1 libreoffice-l10n-hu-7.3.6.2-48.28.1 libreoffice-l10n-it-7.3.6.2-48.28.1 libreoffice-l10n-ja-7.3.6.2-48.28.1 libreoffice-l10n-ko-7.3.6.2-48.28.1 libreoffice-l10n-lt-7.3.6.2-48.28.1 libreoffice-l10n-nb-7.3.6.2-48.28.1 libreoffice-l10n-nl-7.3.6.2-48.28.1 libreoffice-l10n-nn-7.3.6.2-48.28.1 libreoffice-l10n-pl-7.3.6.2-48.28.1 libreoffice-l10n-pt_BR-7.3.6.2-48.28.1 libreoffice-l10n-pt_PT-7.3.6.2-48.28.1 libreoffice-l10n-ro-7.3.6.2-48.28.1 libreoffice-l10n-ru-7.3.6.2-48.28.1 libreoffice-l10n-sk-7.3.6.2-48.28.1 libreoffice-l10n-sv-7.3.6.2-48.28.1 libreoffice-l10n-uk-7.3.6.2-48.28.1 libreoffice-l10n-xh-7.3.6.2-48.28.1 libreoffice-l10n-zh_CN-7.3.6.2-48.28.1 libreoffice-l10n-zh_TW-7.3.6.2-48.28.1 libreoffice-l10n-zu-7.3.6.2-48.28.1 - SUSE Linux Enterprise Workstation Extension 12-SP5 (x86_64): libreoffice-7.3.6.2-48.28.1 libreoffice-base-7.3.6.2-48.28.1 libreoffice-base-debuginfo-7.3.6.2-48.28.1 libreoffice-base-drivers-postgresql-7.3.6.2-48.28.1 libreoffice-base-drivers-postgresql-debuginfo-7.3.6.2-48.28.1 libreoffice-calc-7.3.6.2-48.28.1 libreoffice-calc-debuginfo-7.3.6.2-48.28.1 libreoffice-calc-extensions-7.3.6.2-48.28.1 libreoffice-debuginfo-7.3.6.2-48.28.1 libreoffice-debugsource-7.3.6.2-48.28.1 libreoffice-draw-7.3.6.2-48.28.1 libreoffice-draw-debuginfo-7.3.6.2-48.28.1 libreoffice-filters-optional-7.3.6.2-48.28.1 libreoffice-gnome-7.3.6.2-48.28.1 libreoffice-gnome-debuginfo-7.3.6.2-48.28.1 libreoffice-gtk3-7.3.6.2-48.28.1 libreoffice-gtk3-debuginfo-7.3.6.2-48.28.1 libreoffice-impress-7.3.6.2-48.28.1 libreoffice-impress-debuginfo-7.3.6.2-48.28.1 libreoffice-librelogo-7.3.6.2-48.28.1 libreoffice-mailmerge-7.3.6.2-48.28.1 libreoffice-math-7.3.6.2-48.28.1 libreoffice-math-debuginfo-7.3.6.2-48.28.1 libreoffice-officebean-7.3.6.2-48.28.1 libreoffice-officebean-debuginfo-7.3.6.2-48.28.1 libreoffice-pyuno-7.3.6.2-48.28.1 libreoffice-pyuno-debuginfo-7.3.6.2-48.28.1 libreoffice-writer-7.3.6.2-48.28.1 libreoffice-writer-debuginfo-7.3.6.2-48.28.1 libreoffice-writer-extensions-7.3.6.2-48.28.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (x86_64): libreoffice-debuginfo-7.3.6.2-48.28.1 libreoffice-debugsource-7.3.6.2-48.28.1 libreoffice-sdk-7.3.6.2-48.28.1 libreoffice-sdk-debuginfo-7.3.6.2-48.28.1 References: https://www.suse.com/security/cve/CVE-2022-26305.html https://www.suse.com/security/cve/CVE-2022-26307.html https://www.suse.com/security/cve/CVE-2022-3140.html https://bugzilla.suse.com/1201868 https://bugzilla.suse.com/1201872 https://bugzilla.suse.com/1203209 From sle-updates at lists.suse.com Mon Oct 17 19:21:31 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 17 Oct 2022 21:21:31 +0200 (CEST) Subject: SUSE-RU-2022:3603-1: moderate: Recommended update for release-notes-sle_hpc Message-ID: <20221017192131.D5B20FD2F@maintenance.suse.de> SUSE Recommended Update: Recommended update for release-notes-sle_hpc ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:3603-1 Rating: moderate References: #933411 SLE-22743 Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for HPC 15-SP4 ______________________________________________________________________________ An update that has one recommended fix and contains one feature can now be installed. Description: This update for release-notes-sle_hpc fixes the following issue: Update the release notes to version 15.400000000.20220831 (bsc#933411) - Added note about automatically opened ports (jsc#SLE-22743) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for HPC 15-SP4: zypper in -t patch SUSE-SLE-Module-HPC-15-SP4-2022-3603=1 - SUSE Linux Enterprise High Performance Computing 15-SP4: zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-2022-3603=1 Package List: - SUSE Linux Enterprise Module for HPC 15-SP4 (noarch): release-notes-sle_hpc-15.400000000.20220831-150400.3.3.1 - SUSE Linux Enterprise High Performance Computing 15-SP4 (noarch): release-notes-sle_hpc-15.400000000.20220831-150400.3.3.1 References: https://bugzilla.suse.com/933411 From sle-updates at lists.suse.com Tue Oct 18 01:20:07 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 18 Oct 2022 03:20:07 +0200 (CEST) Subject: SUSE-SU-2022:3605-1: important: Security update for the Linux Kernel (Live Patch 2 for SLE 15 SP4) Message-ID: <20221018012007.94290FBAE@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 2 for SLE 15 SP4) ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3605-1 Rating: important References: #1203067 #1203994 #1204290 #1204291 #1204292 Cross-References: CVE-2022-39189 CVE-2022-41674 CVE-2022-42719 CVE-2022-42720 CVE-2022-42721 CVSS scores: CVE-2022-39189 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-39189 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-41674 (SUSE): 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-42719 (SUSE): 7.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-42720 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-42720 (SUSE): 7.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-42721 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-42721 (SUSE): 7.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Live Patching 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update for the Linux Kernel 5.14.21-150400_24_18 fixes several issues. The following security issues were fixed: - CVE-2022-41674: Fixed buffer overflow that can be triggered by injected WLAN frames (bsc#1203994). - CVE-2022-42719: Fixed use-after-free in the mac80211 stack when parsing a multi-BSSID element (bsc#1204292). - CVE-2022-42720: Fixed refcounting bugs in the multi-BSS handling of the mac80211 stack (bsc#1204291). - CVE-2022-42721: Fixed list management bug in BSS handling of the mac80211 stack (bsc#1204290). - CVE-2022-39189: Fixed mishandled TLB flush operation in certain KVM_VCPU_PREEMPTED situations (bsc#1203067). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15-SP4: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2022-3605=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15-SP4 (ppc64le s390x x86_64): kernel-livepatch-5_14_21-150400_24_18-default-4-150400.2.1 kernel-livepatch-5_14_21-150400_24_18-default-debuginfo-4-150400.2.1 kernel-livepatch-SLE15-SP4_Update_2-debugsource-4-150400.2.1 References: https://www.suse.com/security/cve/CVE-2022-39189.html https://www.suse.com/security/cve/CVE-2022-41674.html https://www.suse.com/security/cve/CVE-2022-42719.html https://www.suse.com/security/cve/CVE-2022-42720.html https://www.suse.com/security/cve/CVE-2022-42721.html https://bugzilla.suse.com/1203067 https://bugzilla.suse.com/1203994 https://bugzilla.suse.com/1204290 https://bugzilla.suse.com/1204291 https://bugzilla.suse.com/1204292 From sle-updates at lists.suse.com Tue Oct 18 07:20:09 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 18 Oct 2022 09:20:09 +0200 (CEST) Subject: SUSE-SU-2022:3606-1: important: Security update for the Linux Kernel (Live Patch 24 for SLE 15 SP3) Message-ID: <20221018072009.F01B3FBAE@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 24 for SLE 15 SP3) ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3606-1 Rating: important References: #1203067 #1203624 #1203994 #1204290 #1204291 #1204292 Cross-References: CVE-2022-39189 CVE-2022-41222 CVE-2022-41674 CVE-2022-42719 CVE-2022-42720 CVE-2022-42721 CVSS scores: CVE-2022-39189 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-39189 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-41222 (NVD) : 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-41222 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-41674 (SUSE): 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-42719 (SUSE): 7.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-42720 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-42720 (SUSE): 7.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-42721 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-42721 (SUSE): 7.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Module for Live Patching 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 ______________________________________________________________________________ An update that fixes 6 vulnerabilities is now available. Description: This update for the Linux Kernel 5.3.18-150300_59_93 fixes several issues. The following security issues were fixed: - CVE-2022-41674: Fixed buffer overflow that can be triggered by injected WLAN frames (bsc#1203994). - CVE-2022-42719: Fixed use-after-free in the mac80211 stack when parsing a multi-BSSID element (bsc#1204292). - CVE-2022-42720: Fixed refcounting bugs in the multi-BSS handling of the mac80211 stack (bsc#1204291). - CVE-2022-42721: Fixed list management bug in BSS handling of the mac80211 stack (bsc#1204290). - CVE-2022-41222: Fixed a use-after-free via a stale TLB (bsc#1203624). - CVE-2022-39189: Fixed mishandled TLB flush operation in certain KVM_VCPU_PREEMPTED situations (bsc#1203067). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15-SP3: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2022-3606=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15-SP3 (ppc64le s390x x86_64): kernel-livepatch-5_3_18-150300_59_93-default-3-150300.2.1 References: https://www.suse.com/security/cve/CVE-2022-39189.html https://www.suse.com/security/cve/CVE-2022-41222.html https://www.suse.com/security/cve/CVE-2022-41674.html https://www.suse.com/security/cve/CVE-2022-42719.html https://www.suse.com/security/cve/CVE-2022-42720.html https://www.suse.com/security/cve/CVE-2022-42721.html https://bugzilla.suse.com/1203067 https://bugzilla.suse.com/1203624 https://bugzilla.suse.com/1203994 https://bugzilla.suse.com/1204290 https://bugzilla.suse.com/1204291 https://bugzilla.suse.com/1204292 From sle-updates at lists.suse.com Tue Oct 18 07:28:17 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 18 Oct 2022 09:28:17 +0200 (CEST) Subject: SUSE-CU-2022:2557-1: Security update of bci/bci-init Message-ID: <20221018072817.64CBCFBA8@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2557-1 Container Tags : bci/bci-init:15.3 , bci/bci-init:15.3.20.9 Container Release : 20.9 Severity : important Type : security References : 1203438 CVE-2022-40674 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3597-1 Released: Mon Oct 17 13:13:16 2022 Summary: Security update for expat Type: security Severity: important References: 1203438,CVE-2022-40674 This update for expat fixes the following issues: - CVE-2022-40674: Fixed use-after-free in the doContent function in xmlparse.c (bsc#1203438). The following package changes have been done: - libexpat1-2.2.5-150000.3.22.1 updated - container:sles15-image-15.0.0-17.20.49 updated From sle-updates at lists.suse.com Tue Oct 18 07:36:17 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 18 Oct 2022 09:36:17 +0200 (CEST) Subject: SUSE-CU-2022:2558-1: Security update of bci/nodejs Message-ID: <20221018073617.04CC0FBA8@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2558-1 Container Tags : bci/node:12 , bci/node:12-17.7 , bci/nodejs:12 , bci/nodejs:12-17.7 Container Release : 17.7 Severity : important Type : security References : 1203438 CVE-2022-40674 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3597-1 Released: Mon Oct 17 13:13:16 2022 Summary: Security update for expat Type: security Severity: important References: 1203438,CVE-2022-40674 This update for expat fixes the following issues: - CVE-2022-40674: Fixed use-after-free in the doContent function in xmlparse.c (bsc#1203438). The following package changes have been done: - libexpat1-2.2.5-150000.3.22.1 updated - container:sles15-image-15.0.0-17.20.49 updated From sle-updates at lists.suse.com Tue Oct 18 07:43:28 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 18 Oct 2022 09:43:28 +0200 (CEST) Subject: SUSE-CU-2022:2559-1: Security update of bci/python Message-ID: <20221018074328.E0D1FFBA8@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2559-1 Container Tags : bci/python:3 , bci/python:3.9 , bci/python:3.9-19.7 Container Release : 19.7 Severity : important Type : security References : 1203438 CVE-2022-40674 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3597-1 Released: Mon Oct 17 13:13:16 2022 Summary: Security update for expat Type: security Severity: important References: 1203438,CVE-2022-40674 This update for expat fixes the following issues: - CVE-2022-40674: Fixed use-after-free in the doContent function in xmlparse.c (bsc#1203438). The following package changes have been done: - libexpat1-2.2.5-150000.3.22.1 updated - container:sles15-image-15.0.0-17.20.49 updated From sle-updates at lists.suse.com Tue Oct 18 10:20:11 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 18 Oct 2022 12:20:11 +0200 (CEST) Subject: SUSE-SU-2022:3607-1: important: Security update for the Linux Kernel (Live Patch 30 for SLE 15 SP2) Message-ID: <20221018102011.AAF05FD2F@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 30 for SLE 15 SP2) ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3607-1 Rating: important References: #1196959 #1203067 #1203624 #1203994 #1204290 #1204291 #1204292 Cross-References: CVE-2021-39698 CVE-2022-39189 CVE-2022-41222 CVE-2022-41674 CVE-2022-42719 CVE-2022-42720 CVE-2022-42721 CVSS scores: CVE-2021-39698 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-39698 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-39189 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-39189 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-41222 (NVD) : 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-41222 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-41674 (SUSE): 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-42719 (SUSE): 7.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-42720 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-42720 (SUSE): 7.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-42721 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-42721 (SUSE): 7.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP2 SUSE Linux Enterprise Module for Live Patching 15-SP2 SUSE Linux Enterprise Server 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP2 ______________________________________________________________________________ An update that fixes 7 vulnerabilities is now available. Description: This update for the Linux Kernel 5.3.18-150200_24_129 fixes several issues. The following security issues were fixed: - CVE-2022-41674: Fixed buffer overflow that can be triggered by injected WLAN frames (bsc#1203994). - CVE-2022-42719: Fixed use-after-free in the mac80211 stack when parsing a multi-BSSID element (bsc#1204292). - CVE-2022-42720: Fixed refcounting bugs in the multi-BSS handling of the mac80211 stack (bsc#1204291). - CVE-2022-42721: Fixed list management bug in BSS handling of the mac80211 stack (bsc#1204290). - CVE-2022-41222: Fixed a use-after-free via a stale TLB (bsc#1203624). - CVE-2022-39189: Fixed mishandled TLB flush operation in certain KVM_VCPU_PREEMPTED situations (bsc#1203067). - CVE-2021-39698: Fixed memory corruption due to a use after free in aio_poll_complete_work of aio.c (bsc#1196959). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15-SP2: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2022-3607=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15-SP2 (ppc64le s390x x86_64): kernel-livepatch-5_3_18-150200_24_129-default-2-150200.2.1 kernel-livepatch-5_3_18-150200_24_129-default-debuginfo-2-150200.2.1 kernel-livepatch-SLE15-SP2_Update_30-debugsource-2-150200.2.1 References: https://www.suse.com/security/cve/CVE-2021-39698.html https://www.suse.com/security/cve/CVE-2022-39189.html https://www.suse.com/security/cve/CVE-2022-41222.html https://www.suse.com/security/cve/CVE-2022-41674.html https://www.suse.com/security/cve/CVE-2022-42719.html https://www.suse.com/security/cve/CVE-2022-42720.html https://www.suse.com/security/cve/CVE-2022-42721.html https://bugzilla.suse.com/1196959 https://bugzilla.suse.com/1203067 https://bugzilla.suse.com/1203624 https://bugzilla.suse.com/1203994 https://bugzilla.suse.com/1204290 https://bugzilla.suse.com/1204291 https://bugzilla.suse.com/1204292 From sle-updates at lists.suse.com Tue Oct 18 13:21:22 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 18 Oct 2022 15:21:22 +0200 (CEST) Subject: SUSE-SU-2022:3609-1: important: Security update for the Linux Kernel Message-ID: <20221018132122.63F2DFD2F@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3609-1 Rating: important References: #1023051 #1065729 #1156395 #1177471 #1179722 #1179723 #1181862 #1185032 #1191662 #1191667 #1191881 #1192594 #1194023 #1194272 #1194535 #1196444 #1196616 #1196867 #1197158 #1197659 #1197755 #1197756 #1197757 #1197760 #1197763 #1197920 #1198971 #1199255 #1199291 #1200084 #1200313 #1200431 #1200622 #1200845 #1200868 #1200869 #1200870 #1200871 #1200872 #1200873 #1201019 #1201309 #1201310 #1201420 #1201442 #1201489 #1201610 #1201645 #1201705 #1201726 #1201865 #1201948 #1201990 #1202095 #1202096 #1202097 #1202154 #1202341 #1202346 #1202347 #1202385 #1202393 #1202396 #1202447 #1202577 #1202636 #1202672 #1202677 #1202701 #1202708 #1202709 #1202710 #1202711 #1202712 #1202713 #1202714 #1202715 #1202716 #1202717 #1202718 #1202720 #1202722 #1202745 #1202756 #1202810 #1202811 #1202860 #1202895 #1202898 #1202960 #1202984 #1203063 #1203098 #1203107 #1203116 #1203117 #1203135 #1203136 #1203137 #1203159 #1203313 #1203389 #1203410 #1203424 #1203552 #1203622 #1203737 #1203769 #1203906 #1203909 #1203933 #1203935 #1203939 #1203987 #1203992 PED-529 SLE-24635 Cross-References: CVE-2016-3695 CVE-2020-16119 CVE-2020-27784 CVE-2020-36516 CVE-2021-4155 CVE-2021-4203 CVE-2022-20368 CVE-2022-20369 CVE-2022-2503 CVE-2022-2586 CVE-2022-2588 CVE-2022-26373 CVE-2022-2639 CVE-2022-2663 CVE-2022-2905 CVE-2022-2977 CVE-2022-3028 CVE-2022-3239 CVE-2022-3303 CVE-2022-36879 CVE-2022-39188 CVE-2022-39190 CVE-2022-41218 CVE-2022-41222 CVE-2022-41848 CVE-2022-41849 CVSS scores: CVE-2016-3695 (NVD) : 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2016-3695 (SUSE): 2.2 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:L CVE-2020-16119 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2020-16119 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2020-27784 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-27784 (SUSE): 4 CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H CVE-2020-36516 (NVD) : 5.9 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:L CVE-2020-36516 (SUSE): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H CVE-2021-4155 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2021-4155 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2021-4203 (NVD) : 6.8 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2021-4203 (SUSE): 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:L CVE-2022-20368 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-20368 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-20369 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-20369 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-2503 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-2503 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-2586 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-2588 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-26373 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-26373 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-2639 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-2639 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H CVE-2022-2663 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2022-2663 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N CVE-2022-2905 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-2905 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2022-2977 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-2977 (SUSE): 4.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H CVE-2022-3028 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3028 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-3239 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3239 (SUSE): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-3303 (NVD) : 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3303 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2022-36879 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-36879 (SUSE): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2022-39188 (NVD) : 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-39188 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-39190 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-39190 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-41218 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-41218 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-41222 (NVD) : 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-41222 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-41848 (NVD) : 4.2 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-41848 (SUSE): 6.4 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-41849 (NVD) : 4.2 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-41849 (SUSE): 6.3 CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for Public Cloud 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 ______________________________________________________________________________ An update that solves 26 vulnerabilities, contains two features and has 89 fixes is now available. Description: The SUSE Linux Enterprise 15 SP3 Azure kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-39190: Fixed an issue that was discovered in net/netfilter/nf_tables_api.c and could cause a denial of service upon binding to an already bound chain (bnc#1203117). - CVE-2022-39188: Fixed race condition in include/asm-generic/tlb.h where a device driver can free a page while it still has stale TLB entries (bnc#1203107). - CVE-2022-36879: Fixed an issue in xfrm_expand_policies in net/xfrm/xfrm_policy.c where a refcount could be dropped twice (bnc#1201948). - CVE-2022-3028: Fixed race condition that was found in the IP framework for transforming packets (XFRM subsystem) (bnc#1202898). - CVE-2022-2977: Fixed reference counting for struct tpm_chip (bsc#1202672). - CVE-2022-2905: Fixed tnum_range usage on array range checking for poke descriptors (bsc#1202564, bsc#1202860). - CVE-2022-2663: Fixed an issue that was found in nf_conntrack_irc where the message handling could be confused and incorrectly matches the message (bnc#1202097). - CVE-2022-2639: Fixed an integer coercion error that was found in the openvswitch kernel module (bnc#1202154). - CVE-2022-26373: Fixed non-transparent sharing of return predictor targets between contexts in some Intel Processors (bnc#1201726). - CVE-2022-2588: Fixed use-after-free in cls_route (bsc#1202096). - CVE-2022-20369: Fixed out of bounds write in v4l2_m2m_querybuf of v4l2-mem2mem.c (bnc#1202347). - CVE-2022-20368: Fixed slab-out-of-bounds access in packet_recvmsg() (bsc#1202346). - CVE-2021-4203: Fixed use-after-free read flaw that was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and SO_PEERGROUPS race with listen() (bnc#1194535). - CVE-2021-4155: Fixed a data leak flaw that was found in the way XFS_IOC_ALLOCSP IOCTL in the XFS filesystem (bnc#1194272). - CVE-2020-36516: Fixed an issue in the mixed IPID assignment method where an attacker was able to inject data into or terminate a victim's TCP session (bnc#1196616). - CVE-2020-27784: Fixed a vulnerability that was found in printer_ioctl() printer_ioctl() when accessing a deallocated instance (bnc#1202895). - CVE-2016-3695: Fixed an issue inside the einj_error_inject function in drivers/acpi/apei/einj.c that allowed users to simulate hardware errors and consequently cause a denial of service (bnc#1023051). - CVE-2022-3303: Fixed a race condition in the sound subsystem due to improper locking (bnc#1203769). - CVE-2022-41218: Fixed an use-after-free caused by refcount races in drivers/media/dvb-core/dmxdev.c (bnc#1202960). - CVE-2022-3239: Fixed an use-after-free in the video4linux driver that could lead a local user to able to crash the system or escalate their privileges (bnc#1203552). - CVE-2022-41848: Fixed a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling ioctl (bnc#1203987). - CVE-2022-41849: Fixed a race condition and resultant use-after-free if a physically proximate attacker removes a USB device while calling open (bnc#1203992). - CVE-2022-2586: Fixed a use-after-free which can be triggered when a nft table is deleted (bnc#1202095). - CVE-2022-41222: Fixed a use-after-free via a stale TLB because an rmap lock is not held during a PUD move (bnc#1203622). - CVE-2022-2503: Fixed a bug in dm-verity, device-mapper table reloads allowed users with root privileges to switch out the target with an equivalent dm-linear target and bypass verification till reboot. This allowed root to bypass LoadPin and can be used to load untrusted and unverified kernel modules and firmware, which implies arbitrary kernel execution and persistence for peripherals that do not verify firmware updates (bnc#1202677). - CVE-2020-16119: Fixed a use-after-free vulnerability exploitable by a local attacker due to reuse of a DCCP socket. (bnc#1177471) The following non-security bugs were fixed: - ACPI: APEI: Better fix to avoid spamming the console with old error logs (git-fixes). - ACPI: CPPC: Do not prevent CPPC from working in the future (git-fixes). - ACPI: EC: Remove duplicate ThinkPad X1 Carbon 6th entry from DMI quirks (git-fixes). - ACPI: LPSS: Fix missing check in register_device_clock() (git-fixes). - ACPI: PM: save NVS memory for Lenovo G40-45 (git-fixes). - ACPI: processor: Remove freq Qos request for all CPUs (git-fixes). - ACPI: property: Return type of acpi_add_nondev_subnodes() should be bool (git-fixes). - ACPI: video: Force backlight native for some TongFang devices (git-fixes). - ACPI: video: Shortening quirk list by identifying Clevo by board_name only (git-fixes). - ALSA: aloop: Fix random zeros in capture data when using jiffies timer (git-fixes). - ALSA: bcd2000: Fix a UAF bug on the error path of probing (git-fixes). - ALSA: emu10k1: Fix out of bounds access in snd_emu10k1_pcm_channel_alloc() (git-fixes). - ALSA: hda/cirrus - support for iMac 12,1 model (git-fixes). - ALSA: hda/conexant: Add quirk for LENOVO 20149 Notebook model (git-fixes). - ALSA: hda/realtek: Add a quirk for HP OMEN 15 (8786) mute LED (git-fixes). - ALSA: hda/realtek: Add mute LED quirk for HP Omen laptop (git-fixes). - ALSA: hda/realtek: Add new alc285-hp-amp-init model (git-fixes). - ALSA: hda/realtek: Add quirk for another Asus K42JZ model (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo L140PU (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo NP50PNJ (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo NP70PNJ (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo NP70PNP (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo NS50PU (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo NV45PZ (git-fixes). - ALSA: hda/realtek: Add quirk for Dell Latitude 7520 (git-fixes). - ALSA: hda/realtek: Add quirk for HP Dev One (git-fixes). - ALSA: hda/realtek: Add quirk for HP Spectre x360 15-eb0xxx (git-fixes). - ALSA: hda/realtek: Add quirk for the Framework Laptop (git-fixes). - ALSA: hda/realtek: Add quirk for TongFang devices with pop noise (git-fixes). - ALSA: hda/realtek: Fix deadlock by COEF mutex (git-fixes). - ALSA: hda/realtek: Fix headset mic for Acer SF313-51 (git-fixes). - ALSA: hda/realtek: Fix LED on HP ProBook 435 G7 (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs for a HP ProBook (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs for HP machines (git-fixes). - ALSA: hda/realtek: fix right sounds and mute/micmute LEDs for HP machine (git-fixes). - ALSA: hda/realtek: fix right sounds and mute/micmute LEDs for HP machines (git-fixes). - ALSA: hda/realtek: Re-arrange quirk table entries (git-fixes). - ALSA: info: Fix llseek return value when using callback (git-fixes). - ALSA: seq: Fix data-race at module auto-loading (git-fixes). - ALSA: seq: oss: Fix data-race for max_midi_devs access (git-fixes). - ALSA: usb-audio: Fix an out-of-bounds bug in __snd_usb_parse_audio_interface() (git-fixes). - ALSA: usb-audio: fix spelling mistakes (git-fixes). - ALSA: usb-audio: Inform the delayed registration more properly (git-fixes). - ALSA: usb-audio: More comprehensive mixer map for ASUS ROG Zenith II (git-fixes). - ALSA: usb-audio: Register card again for iface over delayed_register option (git-fixes). - ALSA: usb-audio: Split endpoint setups for hw_params and prepare (git-fixes). - ARM: 9077/1: PLT: Move struct plt_entries definition to header (git-fixes). - ARM: 9078/1: Add warn suppress parameter to arm_gen_branch_link() (git-fixes). - ARM: 9079/1: ftrace: Add MODULE_PLTS support (git-fixes). - ARM: 9098/1: ftrace: MODULE_PLT: Fix build problem without DYNAMIC_FTRACE (git-fixes). - arm64: cpufeature: Allow different PMU versions in ID_DFR0_EL1 (git-fixes) - arm64: dts: allwinner: A64 Sopine: phy-mode rgmii-id (git-fixes) - arm64: dts: allwinner: a64-sopine-baseboard: change RGMII mode to (bsc#1202341) - arm64: dts: allwinner: H5: NanoPi Neo Plus2: phy-mode rgmii-id (git-fixes) - arm64: dts: rockchip: Pull up wlan wake# on Gru-Bob (git-fixes) - arm64: dts: rockchip: Remove 'enable-active-low' from rk3399-puma (git-fixes) - arm64: dts: rockchip: Set RK3399-Gru PCLK_EDP to 24 MHz (git-fixes) - arm64: dts: uniphier: Fix USB interrupts for PXs3 SoC (git-fixes) - arm64: kexec_file: use more system keyrings to verify kernel image signature (bsc#1196444). - arm64: mm: Always update TCR_EL1 from __cpu_set_tcr_t0sz() (git-fixes) - arm64: mm: fix p?d_leaf() (git-fixes) - arm64: mm: use a 48-bit ID map when possible on 52-bit VA builds (git-fixes) - arm64: mm: Validate hotplug range before creating linear mapping (git-fixes) - arm64: signal: nofpsimd: Do not allocate fp/simd context when not available (git-fixes). - arm64: tegra: Fix SDMMC1 CD on P2888 (git-fixes) - arm64: tegra: Remove non existent Tegra194 reset (git-fixes) - arm64: tlb: fix the TTL value of tlb_get_level (git-fixes) - asm-generic: sections: refactor memory_intersects (git-fixes). - ASoC: audio-graph-card: Add of_node_put() in fail path (git-fixes). - ASoC: codecs: da7210: add check for i2c_add_driver (git-fixes). - ASoC: codecs: msm8916-wcd-digital: move gains from SX_TLV to S8_TLV (git-fixes). - ASoC: codecs: wcd9335: move gains from SX_TLV to S8_TLV (git-fixes). - ASoC: mt6797-mt6351: Fix refcount leak in mt6797_mt6351_dev_probe (git-fixes). - ASoC: qcom: q6dsp: Fix an off-by-one in q6adm_alloc_copp() (git-fixes). - ASoC: SOF: debug: Fix potential buffer overflow by snprintf() (git-fixes). - ASoC: tas2770: Allow mono streams (git-fixes). - ata: libata-eh: Add missing command name (git-fixes). - ath10k: do not enforce interrupt trigger type (git-fixes). - ath10k: Fix error handling in ath10k_setup_msa_resources (git-fixes). - atm: idt77252: fix use-after-free bugs caused by tst_timer (git-fixes). - blk-iocost: clamp inuse and skip noops in __propagate_weights() (bsc#1202722). - blk-iocost: fix operation ordering in iocg_wake_fn() (bsc#1202720). - blk-iocost: fix weight updates of inner active iocgs (bsc#1202717). - blk-iocost: rename propagate_active_weights() to propagate_weights() (bsc#1202722). - blktrace: fix blk_rq_merge documentation (git-fixes). - Bluetooth: hci_intel: Add check for platform_driver_register (git-fixes). - Bluetooth: L2CAP: Fix build errors in some archs (git-fixes). - Bluetooth: L2CAP: Fix l2cap_global_chan_by_psm regression (git-fixes). - Bluetooth: L2CAP: Fix use-after-free caused by l2cap_chan_put (git-fixes). - Bluetooth: MGMT: Fixes build warnings with C=1 (git-fixes). - bpf: Compile out btf_parse_module() if module BTF is not enabled (git-fixes). - bus: hisi_lpc: fix missing platform_device_put() in hisi_lpc_acpi_probe() (git-fixes). - can: Break loopback loop on loopback documentation (git-fixes). - can: ems_usb: fix clang's -Wunaligned-access warning (git-fixes). - can: error: specify the values of data[5..7] of CAN error frames (git-fixes). - can: hi311x: do not report txerr and rxerr during bus-off (git-fixes). - can: kvaser_usb_hydra: do not report txerr and rxerr during bus-off (git-fixes). - can: kvaser_usb_leaf: do not report txerr and rxerr during bus-off (git-fixes). - can: m_can: process interrupt only when not runtime suspended (git-fixes). - can: pch_can: do not report txerr and rxerr during bus-off (git-fixes). - can: pch_can: pch_can_error(): initialize errc before using it (git-fixes). - can: rcar_can: do not report txerr and rxerr during bus-off (git-fixes). - can: sja1000: do not report txerr and rxerr during bus-off (git-fixes). - can: sun4i_can: do not report txerr and rxerr during bus-off (git-fixes). - can: usb_8dev: do not report txerr and rxerr during bus-off (git-fixes). - ceph: do not leak snap_rwsem in handle_cap_grant (bsc#1202810). - ceph: do not truncate file in atomic_open (bsc#1202811). - cgroup: cgroup_get_from_id() must check the looked-up kn is a directory (bsc#1203906). - cgroup: Trace event cgroup id fields should be u64 (git-fixes). - cgroup: Use separate src/dst nodes when preloading css_sets for migration (bsc#1201610). - clk: bcm: rpi: Fix error handling of raspberrypi_fw_get_rate (git-fixes). - clk: core: Fix runtime PM sequence in clk_core_unprepare() (git-fixes). - clk: core: Honor CLK_OPS_PARENT_ENABLE for clk gate ops (git-fixes). - clk: qcom: camcc-sdm845: Fix topology around titan_top power domain (git-fixes). - clk: qcom: clk-krait: unlock spin after mux completion (git-fixes). - clk: qcom: ipq8074: dont disable gcc_sleep_clk_src (git-fixes). - clk: qcom: ipq8074: fix NSS core PLL-s (git-fixes). - clk: qcom: ipq8074: fix NSS port frequency tables (git-fixes). - clk: qcom: ipq8074: set BRANCH_HALT_DELAY flag for UBI clocks (git-fixes). - clk: qcom: ipq8074: SW workaround for UBI32 PLL lock (git-fixes). - clk: renesas: r9a06g032: Fix UART clkgrp bitsel (git-fixes). - clk: rockchip: add sclk_mac_lbtest to rk3188_critical_clocks (git-fixes). - coresight: cti: Correct the parameter for pm_runtime_put (git-fixes). - crypto: arm64/gcm - Select AEAD for GHASH_ARM64_CE (git-fixes) - crypto: arm64/poly1305 - fix a read out-of-bound (git-fixes) - devlink: Fix use-after-free after a failed reload (git-fixes). - dm raid: fix KASAN warning in raid5_add_disks (git-fixes). - dmaengine: sprd: Cleanup in .remove() after pm_runtime_get_sync() failed (git-fixes). - dpaa2-eth: unregister the netdev before disconnecting from the PHY (git-fixes). - driver core: Do not probe devices after bus_type.match() probe deferral (git-fixes). - driver core: fix potential deadlock in __driver_attach (git-fixes). - drm: adv7511: override i2c address of cec before accessing it (git-fixes). - drm: bridge: adv7511: Add check for mipi_dsi_driver_register (git-fixes). - drm: bridge: sii8620: fix possible off-by-one (git-fixes). - drm/amd/display: Enable building new display engine with KCOV enabled (git-fixes). - drm/amdgpu: Check BO's requested pinning domains against its preferred_domains (git-fixes). - drm/amdgpu: Check num_gfx_rings for gfx v9_0 rb setup (git-fixes). - drm/amdgpu: mmVM_L2_CNTL3 register not initialized correctly (git-fixes). - drm/amdgpu: remove useless condition in amdgpu_job_stop_all_jobs_on_sched() (git-fixes). - drm/bridge: tc358767: Make sure Refclk clock are enabled (git-fixes). - drm/doc: Fix comment typo (git-fixes). - drm/exynos/exynos7_drm_decon: free resources when clk_set_parent() failed (git-fixes). - drm/gem: Fix GEM handle release errors (git-fixes). - drm/gem: Properly annotate WW context on drm_gem_lock_reservations() error (git-fixes). - drm/i915/glk: ECS Liva Q2 needs GLK HDMI port timing quirk (git-fixes). - drm/i915/reg: Fix spelling mistake "Unsupport" -> "Unsupported" (git-fixes). - drm/mcde: Fix refcount leak in mcde_dsi_bind (git-fixes). - drm/mediatek: Add pull-down MIPI operation in mtk_dsi_poweroff function (git-fixes). - drm/mediatek: dpi: Only enable dpi after the bridge is enabled (git-fixes). - drm/mediatek: dpi: Remove output format of YUV (git-fixes). - drm/meson: Correct OSD1 global alpha value (git-fixes). - drm/meson: Fix OSD1 RGB to YCbCr coefficient (git-fixes). - drm/meson: Fix overflow implicit truncation warnings (git-fixes). - drm/meson: Fix refcount bugs in meson_vpu_has_available_connectors() (git-fixes). - drm/mipi-dbi: align max_chunk to 2 in spi_transfer (git-fixes). - drm/msm/dsi: Fix number of regulators for msm8996_dsi_cfg (git-fixes). - drm/msm/dsi: Fix number of regulators for SDM660 (git-fixes). - drm/msm/dsi: fix the inconsistent indenting (git-fixes). - drm/msm/hdmi: enable core-vcc/core-vdda-supply for 8996 platform (git-fixes). - drm/msm/mdp5: Fix global state lock backoff (git-fixes). - drm/msm/rd: Fix FIFO-full deadlock (git-fixes). - drm/nouveau: fix another off-by-one in nvbios_addr (git-fixes). - drm/radeon: add a force flush to delay work when radeon (git-fixes). - drm/radeon: fix incorrrect SPDX-License-Identifiers (git-fixes). - drm/radeon: fix potential buffer overflow in ni_set_mc_special_registers() (git-fixes). - drm/rockchip: Fix an error handling path rockchip_dp_probe() (git-fixes). - drm/rockchip: vop: Do not crash for invalid duplicate_state() (git-fixes). - drm/st7735r: Fix module autoloading for Okaya RH128128T (git-fixes). - drm/sun4i: dsi: Prevent underflow when computing packet sizes (git-fixes). - drm/vc4: dsi: Add correct stop condition to vc4_dsi_encoder_disable iteration (git-fixes). - drm/vc4: dsi: Correct DSI divider calculations (git-fixes). - drm/vc4: dsi: Correct pixel order for DSI0 (git-fixes). - drm/vc4: hdmi: Correct HDMI timing registers for interlaced modes (git-fixes). - drm/vc4: hdmi: Fix timings for interlaced modes (git-fixes). - drm/vc4: plane: Fix margin calculations for the right/bottom edges (git-fixes). - drm/vc4: plane: Remove subpixel positioning check (git-fixes). - efi: capsule-loader: Fix use-after-free in efi_capsule_write (git-fixes). - ehea: fix error return code in ehea_restart_qps() (git-fixes). - enetc: Fix endianness issues for enetc_qos (git-fixes). - ethernet: sun: niu: fix missing checks of niu_pci_eeprom_read() (git-fixes). - ext4: add reserved GDT blocks check (bsc#1202712). - ext4: do not set SB_ACTIVE in ext4_orphan_cleanup() (bsc#1202708). - ext4: do not use the orphan list when migrating an inode (bsc#1197756). - ext4: Fix BUG_ON in ext4_bread when write quota data (bsc#1197755). - ext4: fix bug_on in ext4_writepages (bsc#1200872). - ext4: fix error handling code in add_new_gdb (bsc#1179722). - ext4: fix error handling in ext4_restore_inline_data() (bsc#1197757). - ext4: fix invalid inode checksum (bsc#1179723). - ext4: fix loff_t overflow in ext4_max_bitmap_size() (bsc#1202709). - ext4: fix overhead calculation to account for the reserved gdt blocks (bsc#1200869). - ext4: fix potential infinite loop in ext4_dx_readdir() (bsc#1191662). - ext4: fix race when reusing xattr blocks (bsc#1198971). - ext4: fix symlink file size not match to file content (bsc#1200868). - ext4: fix use-after-free in ext4_rename_dir_prepare (bsc#1200871). - ext4: fix use-after-free in ext4_search_dir (bsc#1202710). - ext4: fix warning in ext4_handle_inode_extension (bsc#1202711). - ext4: force overhead calculation if the s_overhead_cluster makes no sense (bsc#1200870). - ext4: recover csum seed of tmp_inode after migrating to extents (bsc#1202713). - ext4: remove EA inode entry from mbcache on inode eviction (bsc#1198971). - ext4: unindent codeblock in ext4_xattr_block_set() (bsc#1198971). - fbcon: Fix boundary checks for fbcon=vc:n1-n2 parameters (git-fixes). - fbdev: chipsfb: Add missing pci_disable_device() in chipsfb_pci_init() (git-fixes). - fbdev: fb_pm2fb: Avoid potential divide by zero error (git-fixes). - firmware: tegra: bpmp: Do only aligned access to IPC memory area (git-fixes). - Fix parsing of rpm/macros.kernel-source on SLE12 (bsc#1201019). - fpga: altera-pr-ip: fix unsigned comparison with less than zero (git-fixes). - fs-writeback: writeback_sb_inodes: Recalculate 'wrote' according skipped pages (bsc#1200873). - ftrace: Fix NULL pointer dereference in is_ftrace_trampoline when ftrace is dead (git-fixes). - fuse: ioctl: translate ENOSYS (bsc#1203136). - fuse: limit nsec (bsc#1203135). - fuse: Remove the control interface for virtio-fs (bsc#1203137). - gadgetfs: ep_io - wait until IRQ finishes (git-fixes). - geneve: do not use RT_TOS for IPv6 flowlabel (git-fixes). - geneve: fix TOS inheriting for ipv4 (git-fixes). - gpio: gpiolib-of: Fix refcount bugs in of_mm_gpiochip_add_data() (git-fixes). - gpio: mpc8xxx: Fix support for IRQ_TYPE_LEVEL_LOW flow_type in mpc85xx (git-fixes). - gpio: pca953x: Add mutex_lock for regcache sync in PM (git-fixes). - HID: alps: Declare U1_UNICORN_LEGACY support (git-fixes). - HID: cp2112: prevent a buffer overflow in cp2112_xfer() (git-fixes). - HID: intel-ish-hid: ishtp: Fix ishtp client sending disordered message (git-fixes). - HID: ishtp-hid-clientHID: ishtp-hid-client: Fix comment typo (git-fixes). - HID: steam: Prevent NULL pointer dereference in steam_{recv,send}_report (git-fixes). - HID: wacom: Do not register pad_input for touch switch (git-fixes). - HID: wacom: Only report rotation for art pen (git-fixes). - hv_netvsc: Load and store the proper (NBL_HASH_INFO) per-packet info (bsc#1202701). - hwmon: (gpio-fan) Fix array out of bounds access (git-fixes). - i2c: cadence: Support PEC for SMBus block read (git-fixes). - i2c: Fix a potential use after free (git-fixes). - i2c: imx: Make sure to unregister adapter on remove() (git-fixes). - i2c: mux-gpmux: Add of_node_put() when breaking out of loop (git-fixes). - ice: report supported and advertised autoneg using PHY capabilities (git-fixes). - ieee802154: cc2520: add rc code in cc2520_tx() (git-fixes). - ieee802154/adf7242: defer destroy_workqueue call (git-fixes). - iio: accel: bma220: Fix alignment for DMA safety (git-fixes). - iio: accel: sca3000: Fix alignment for DMA safety (git-fixes). - iio: adc: ad7266: Fix alignment for DMA safety (git-fixes). - iio: adc: ad7298: Fix alignment for DMA safety (git-fixes). - iio: adc: ad7476: Fix alignment for DMA safety (git-fixes). - iio: adc: ad7766: Fix alignment for DMA safety (git-fixes). - iio: adc: ad7768-1: Fix alignment for DMA safety (git-fixes). - iio: adc: ad7887: Fix alignment for DMA safety (git-fixes). - iio: adc: hi8435: Fix alignment for DMA safety (git-fixes). - iio: adc: ltc2497: Fix alignment for DMA safety (git-fixes). - iio: adc: max1027: Fix alignment for DMA safety (git-fixes). - iio: adc: max11100: Fix alignment for DMA safety (git-fixes). - iio: adc: max1118: Fix alignment for DMA safety (git-fixes). - iio: adc: mcp320x: Fix alignment for DMA safety (git-fixes). - iio: adc: mcp3911: make use of the sign bit (git-fixes). - iio: adc: mcp3911: use correct formula for AD conversion (git-fixes). - iio: adc: ti-adc0832: Fix alignment for DMA safety (git-fixes). - iio: adc: ti-adc084s021: Fix alignment for DMA safety (git-fixes). - iio: adc: ti-adc12138: Fix alignment for DMA safety (git-fixes). - iio: adc: ti-adc128s052: Fix alignment for DMA safety (git-fixes). - iio: adc: ti-adc161s626: Fix alignment for DMA safety (git-fixes). - iio: adc: ti-ads124s08: Fix alignment for DMA safety (git-fixes). - iio: adc: ti-ads7950: Fix alignment for DMA safety (git-fixes). - iio: adc: ti-ads8344: Fix alignment for DMA safety (git-fixes). - iio: adc: ti-ads8688: Fix alignment for DMA safety (git-fixes). - iio: adc: ti-tlc4541: Fix alignment for DMA safety (git-fixes). - iio: amplifiers: ad8366: Fix alignment for DMA safety (git-fixes). - iio: core: Fix IIO_ALIGN and rename as it was not sufficiently large (git-fixes). - iio: dac: ad5064: Fix alignment for DMA safety (git-fixes). - iio: dac: ad5360: Fix alignment for DMA safety (git-fixes). - iio: dac: ad5421: Fix alignment for DMA safety (git-fixes). - iio: dac: ad5449: Fix alignment for DMA safety (git-fixes). - iio: dac: ad5504: Fix alignment for DMA safety (git-fixes). - iio: dac: ad5755: Fix alignment for DMA safety (git-fixes). - iio: dac: ad5761: Fix alignment for DMA safety (git-fixes). - iio: dac: ad5764: Fix alignment for DMA safety (git-fixes). - iio: dac: ad5791: Fix alignment for DMA saftey (git-fixes). - iio: dac: ad7303: Fix alignment for DMA safety (git-fixes). - iio: dac: ad8801: Fix alignment for DMA safety (git-fixes). - iio: dac: mcp4922: Fix alignment for DMA safety (git-fixes). - iio: dac: ti-dac082s085: Fix alignment for DMA safety (git-fixes). - iio: dac: ti-dac5571: Fix alignment for DMA safety (git-fixes). - iio: dac: ti-dac7311: Fix alignment for DMA safety (git-fixes). - iio: dac: ti-dac7612: Fix alignment for DMA safety (git-fixes). - iio: frequency: ad9523: Fix alignment for DMA safety (git-fixes). - iio: frequency: adf4350: Fix alignment for DMA safety (git-fixes). - iio: frequency: adf4371: Fix alignment for DMA safety (git-fixes). - iio: gyro: adis16080: Fix alignment for DMA safety (git-fixes). - iio: gyro: adis16130: Fix alignment for DMA safety (git-fixes). - iio: gyro: adxrs450: Fix alignment for DMA safety (git-fixes). - iio: gyro: fxas210002c: Fix alignment for DMA safety (git-fixes). - iio: light: isl29028: Fix the warning in isl29028_remove() (git-fixes). - iio: potentiometer: ad5272: Fix alignment for DMA safety (git-fixes). - iio: potentiometer: max5481: Fix alignment for DMA safety (git-fixes). - iio: potentiometer: mcp41010: Fix alignment for DMA safety (git-fixes). - iio: potentiometer: mcp4131: Fix alignment for DMA safety (git-fixes). - iio: proximity: as3935: Fix alignment for DMA safety (git-fixes). - iio: resolver: ad2s1200: Fix alignment for DMA safety (git-fixes). - iio: resolver: ad2s90: Fix alignment for DMA safety (git-fixes). - ima: force signature verification when CONFIG_KEXEC_SIG is configured (bsc#1203737). - Input: iforce - add support for Boeder Force Feedback Wheel (git-fixes). - Input: iforce - wake up after clearing IFORCE_XMIT_RUNNING flag (git-fixes). - Input: melfas_mip4 - fix return value check in mip4_probe() (git-fixes). - Input: rk805-pwrkey - fix module autoloading (git-fixes). - Input: snvs_pwrkey - fix SNVS_HPVIDR1 register address (git-fixes). - intel_th: Fix a resource leak in an error handling path (git-fixes). - intel_th: msu-sink: Potential dereference of null pointer (git-fixes). - intel_th: msu: Fix vmalloced buffers (git-fixes). - intel_th: pci: Add Meteor Lake-P support (git-fixes). - intel_th: pci: Add Raptor Lake-S CPU support (git-fixes). - intel_th: pci: Add Raptor Lake-S PCH support (git-fixes). - iommu/amd: Simplify and Consolidate Virtual APIC (AVIC) Enablement (git-fixes). - iommu/arm-smmu: qcom_iommu: Add of_node_put() when breaking out of loop (git-fixes). - iommu/exynos: Handle failed IOMMU device registration properly (git-fixes). - iommu/iova: Improve 32-bit free space estimate (git-fixes). - iommu/ipmmu-vmsa: Check for error num after setting mask (git-fixes). - iommu/mediatek: Add list_del in mtk_iommu_remove (git-fixes). - iommu/msm: Fix an incorrect NULL check on list iterator (git-fixes). - iommu/omap: Fix regression in probe for NULL pointer dereference (git-fixes). - iommu/vt-d: avoid invalid memory access via node_online(NUMA_NO_NODE) (git-fixes). - iommu/vt-d: Calculate mask for non-aligned flushes (git-fixes). - iommu/vt-d: Fix PCI bus rescan device hot add (git-fixes). - iommu/vt-d: Fix RID2PASID setup/teardown failure (git-fixes). - ipheth: fix EOVERFLOW in ipheth_rcvbulk_callback (git-fixes). - ipmi: ssif: initialize ssif_info->client early (git-fixes). - ixgbevf: add correct exception tracing for XDP (git-fixes). - jbd2: fix assertion 'jh->b_frozen_data == NULL' failure when journal aborted (bsc#1202716). - jbd2: fix outstanding credits assert in jbd2_journal_commit_transaction() (bsc#1202715). - jfs: fix GPF in diFree (bsc#1203389). - JFS: fix memleak in jfs_mount (git-fixes). - JFS: more checks for invalid superblock (git-fixes). - jfs: prevent NULL deref in diFree (bsc#1203389). - kABI: cgroup: Restore KABI of css_set (bsc#1201610). - kABI: x86: kexec: hide new include from genksyms (bsc#1196444). - kabi/severities: add stmmac driver local sumbols - kexec: clean up arch_kexec_kernel_verify_sig (bsc#1196444). - kexec: do not verify the signature without the lockdown or mandatory signature (bsc#1203737). - kexec: drop weak attribute from arch_kexec_apply_relocations[_add] (bsc#1196444). - kexec: drop weak attribute from functions (bsc#1196444). - kexec: drop weak attribute from functions (bsc#1196444). - kexec: KEYS, s390: Make use of built-in and secondary keyring for signature verification (bsc#1196444). - kexec: KEYS: make the code in bzImage64_verify_sig generic (bsc#1196444). - kfifo: fix kfifo_to_user() return type (git-fixes). - kfifo: fix ternary sign extension bugs (git-fixes). - KVM: arm64: Avoid setting the upper 32 bits of TCR_EL2 and CPTR_EL2 (bsc#1201442) - KVM: nVMX: Let userspace set nVMX MSR to any _host_ supported value (git-fixes). - KVM: nVMX: Snapshot pre-VM-Enter BNDCFGS for !nested_run_pending case (git-fixes). - KVM: nVMX: Snapshot pre-VM-Enter DEBUGCTL for !nested_run_pending case (git-fixes). - KVM: PPC: Book3S HV: Context tracking exit guest context before enabling irqs (bsc#1065729). - KVM: PPC: Book3S HV: Prevent POWER7/8 TLB flush flushing SLB (bsc#1156395). - KVM: PPC: Book3S HV: Use GLOBAL_TOC for kvmppc_h_set_dabr/xdabr() (bsc#1156395). - KVM: PPC: Fix vmx/vsx mixup in mmio emulation (bsc#1156395). - KVM: PPC: Use arch_get_random_seed_long instead of powernv variant (bsc#1156395). - KVM: VMX: Refuse to load kvm_intel if EPT and NX are disabled (git-fixes). - KVM: x86: accept userspace interrupt only if no event is injected (git-fixes). - KVM: x86: Mark TSS busy during LTR emulation _after_ all fault checks (git-fixes). - KVM: x86: Set error code to segment selector on LLDT/LTR non-canonical #GP (git-fixes). - lib: bitmap: provide devm_bitmap_alloc() and devm_bitmap_zalloc() (git-fixes). - lib/list_debug.c: Detect uninitialized lists (git-fixes). - lightnvm: Remove lightnvm implemenation (bsc#1191881 bsc#1201420 ZDI-CAN-17325). - list: add "list_del_init_careful()" to go with "list_empty_careful()" (bsc#1202745). - locking/lockdep: Avoid potential access of invalid memory in lock_class (git-fixes). - loop: Fix missing discard support when using LOOP_CONFIGURE (bsc#1202718). - mbcache: add functions to delete entry if unused (bsc#1198971). - mbcache: do not reclaim used entries (bsc#1198971). - md-raid10: fix KASAN warning (git-fixes). - md: call __md_stop_writes in md_stop (git-fixes). - md: unlock mddev before reap sync_thread in action_store (bsc#1197659). - md/bitmap: do not set sb values if can't pass sanity check (bsc#1197158). - media: hdpvr: fix error value returns in hdpvr_read (git-fixes). - media: rc: increase rc-mm tolerance and add debug message (git-fixes). - media: rtl28xxu: add missing sleep before probing slave demod (git-fixes). - media: rtl28xxu: Add support for PROlectrix DV107669 DVB-T dongle (git-fixes). - media: rtl28xxu: set keymap for Astrometa DVB-T2 (git-fixes). - media: smipcie: fix interrupt handling and IR timeout (git-fixes). - media: tw686x: Register the irq at the end of probe (git-fixes). - media: usb: dvb-usb-v2: rtl28xxu: convert to use i2c_new_client_device() (git-fixes). - media: v4l2-mem2mem: always consider OUTPUT queue during poll (git-fixes). - media: v4l2-mem2mem: reorder checks in v4l2_m2m_poll() (git-fixes). - mediatek: mt76: mac80211: Fix missing of_node_put() in mt76_led_init() (git-fixes). - memstick/ms_block: Fix a memory leak (git-fixes). - memstick/ms_block: Fix some incorrect memory allocation (git-fixes). - meson-mx-socinfo: Fix refcount leak in meson_mx_socinfo_init (git-fixes). - mfd: max77620: Fix refcount leak in max77620_initialise_fps (git-fixes). - mfd: t7l66xb: Drop platform disable callback (git-fixes). - misc: fastrpc: fix memory corruption on open (git-fixes). - misc: fastrpc: fix memory corruption on probe (git-fixes). - misc: rtsx: Fix an error handling path in rtsx_pci_probe() (git-fixes). - mm: bdi: initialize bdi_min_ratio when bdi is unregistered (bsc#1197763). - mm: fix page reference leak in soft_offline_page() (git fixes (mm/memory-failure)). - mm: memcontrol: fix potential oom_lock recursion deadlock (bsc#1202447). - mm: pagewalk: Fix race between unmap and page walker (git-fixes, bsc#1203159). - mm: proc: smaps_rollup: do not stall write attempts on mmap_lock (bsc#1201990). - mm: rmap: Fix anon_vma->degree ambiguity leading to double-reuse (git-fixes, bsc#1203098). - mm: smaps*: extend smap_gather_stats to support specified beginning (bsc#1201990). - mmap locking API: add mmap_lock_is_contended() (bsc#1201990). - mmc: cavium-octeon: Add of_node_put() when breaking out of loop (git-fixes). - mmc: cavium-thunderx: Add of_node_put() when breaking out of loop (git-fixes). - mmc: pxamci: Fix an error handling path in pxamci_probe() (git-fixes). - mmc: pxamci: Fix another error handling path in pxamci_probe() (git-fixes). - mmc: sdhci-of-at91: fix set_uhs_signaling rewriting of MC1R (git-fixes). - mmc: sdhci-of-esdhc: Fix refcount leak in esdhc_signal_voltage_switch (git-fixes). - module: Ignore _GLOBAL_OFFSET_TABLE_ when warning for undefined symbols (git-fixes). - mt76: mt76x02u: fix possible memory leak in __mt76x02u_mcu_send_msg (git-fixes). - mt7601u: add USB device ID for some versions of XiaoDu WiFi Dongle (git-fixes). - mtd: maps: Fix refcount leak in ap_flash_init (git-fixes). - mtd: maps: Fix refcount leak in of_flash_probe_versatile (git-fixes). - mtd: partitions: Fix refcount leak in parse_redboot_of (git-fixes). - mtd: rawnand: meson: Fix a potential double free issue (git-fixes). - mtd: sm_ftl: Fix deadlock caused by cancel_work_sync in sm_release (git-fixes). - mtd: st_spi_fsm: Add a clk_disable_unprepare() in .probe()'s error path (git-fixes). - net_sched: cls_route: disallow handle of 0 (bsc#1202393). - net: bcmgenet: Add mdio-bcm-unimac soft dependency (git-fixes). - net: cpsw: add missing of_node_put() in cpsw_probe_dt() (git-fixes). - net: cpsw: Properly initialise struct page_pool_params (git-fixes). - net: davinci_emac: Fix incorrect masking of tx and rx error channel (git-fixes). - net: dsa: b53: fix an off by one in checking "vlan->vid" (git-fixes). - net: dsa: felix: suppress -EPROBE_DEFER errors (git-fixes). - net: dsa: mt7530: fix VLAN traffic leaks (git-fixes). - net: enetc: report software timestamping via SO_TIMESTAMPING (git-fixes). - net: enetc: unmap DMA in enetc_send_cmd() (git-fixes). - net: enetc: Use pci_release_region() to release some resources (git-fixes). - net: ethernet: aeroflex: fix UAF in greth_of_remove (git-fixes). - net: ethernet: ezchip: fix error handling (git-fixes). - net: ethernet: ezchip: fix UAF in nps_enet_remove (git-fixes). - net: ethernet: ezchip: remove redundant check (git-fixes). - net: ethernet: fix potential use-after-free in ec_bhf_remove (git-fixes). - net: ethernet: ti: cpsw_ale: Fix access to un-initialized memory (git-fixes). - net: fec_ptp: add clock rate zero check (git-fixes). - net: fec: fix the potential memory leak in fec_enet_init() (git-fixes). - net: ftgmac100: Fix crash when removing driver (git-fixes). - net: hdlc_x25: Return meaningful error code in x25_open (git-fixes). - net: hns: Fix kernel-doc (git-fixes). - net: lantiq: fix memory corruption in RX ring (git-fixes). - net: lapbether: Prevent racing when checking whether the netif is running (git-fixes). - net: mana: Add rmb after checking owner bits (git-fixes). - net: mana: Add support of XDP_REDIRECT action (bug#1201310, jsc#PED-529). - net: mana: Add the Linux MANA PF driver (bug#1201309, jsc#PED-529). - net: moxa: Use devm_platform_get_and_ioremap_resource() (git-fixes). - net: mscc: ocelot: correctly report the timestamping RX filters in ethtool (git-fixes). - net: mscc: ocelot: do not downgrade timestamping RX filters in SIOCSHWTSTAMP (git-fixes). - net: mvpp2: fix interrupt mask/unmask skip condition (git-fixes). - net: netcp: Fix an error message (git-fixes). - net: pch_gbe: Propagate error from devm_gpio_request_one() (git-fixes). - net: rose: fix netdev reference changes (git-fixes). - net: sock: tracing: Fix sock_exceed_buf_limit not to dereference stale pointer (git-fixes). - net: stmicro: handle clk_prepare() failure during init (git-fixes). - net: stmmac: disable clocks in stmmac_remove_config_dt() (git-fixes). - net: stmmac: dwmac1000: Fix extended MAC address registers definition (git-fixes). - net: stmmac: Modify configuration method of EEE timers (git-fixes). - net: stmmac: Use resolved link config in mac_link_up() (git-fixes). - net: vmxnet3: fix possible NULL pointer dereference in vmxnet3_rq_cleanup() (bsc#1200431). - net: vmxnet3: fix possible use-after-free bugs in vmxnet3_rq_alloc_rx_buf() (bsc#1200431). - net: vmxnet3: remove multiple false checks in vmxnet3_ethtool.c (bsc#1200431). - net:emac/emac-mac: Fix a use after free in emac_mac_tx_buf_send (git-fixes). - net:enetc: allocate CBD ring data memory using DMA coherent methods (git-fixes). - net/mlx5e: Check for needed capability for cvlan matching (git-fixes). - net/sonic: Fix a resource leak in an error handling path in 'jazz_sonic_probe()' (git-fixes). - NFS: Do not decrease the value of seq_nr_highest_sent (git-fixes). - NFS: fix nfs_path in case of a rename retry (git-fixes). - NFS: Fix races in the legacy idmapper upcall (git-fixes). - NFS: Fix second deadlock in nfs4_evict_inode() (git-fixes). - NFS: Handle NFS4ERR_DELAY replies to OP_SEQUENCE correctly (git-fixes). - NFS: nfs4_proc_set_acl needs to restore NFS_CAP_UIDGID_NOMAP on error (git-fixes). - NFS: RECLAIM_COMPLETE must handle EACCES (git-fixes). - NFS: support EXCHGID4_FLAG_SUPP_FENCE_OPS 4.2 EXCHANGE_ID flag (git-fixes). - NFSD: Add missing NFSv2 .pc_func methods (git-fixes). - NFSD: Clamp WRITE offsets (git-fixes). - NFSD: Fix offset type in I/O trace points (git-fixes). - NFSD: Fix possible sleep during nfsd4_release_lockowner() (git-fixes). - NFSD: fix use-after-free due to delegation race (git-fixes). - NFSD: prevent integer overflow on 32 bit systems (git-fixes). - NFSD: prevent underflow in nfssvc_decode_writeargs() (git-fixes). - NTB: ntb_tool: uninitialized heap data in tool_fn_write() (git-fixes). - nvme-fabrics: parse nvme connect Linux error codes (bsc#1201865). - nvme-rdma: Handle number of queue changes (bsc#1201865). - nvme-tcp: fix UAF when detecting digest errors (bsc#1200313 bsc#1201489). - nvme-tcp: Handle number of queue changes (bsc#1201865). - nvme: fix RCU hole that allowed for endless looping in multipath round robin (bsc#1202636). - nvmet: Expose max queues to configfs (bsc#1201865). - objtool: Add support for intra-function calls (bsc#1202396). - objtool: Make handle_insn_ops() unconditional (bsc#1202396). - objtool: Remove INSN_STACK (bsc#1202396). - objtool: Rework allocating stack_ops on decode (bsc#1202396). - objtool: Support multiple stack_op per instruction (bsc#1202396). - ocfs2: drop acl cache for directories too (bsc#1191667). - ocfs2: fix crash when initialize filecheck kobj fails (bsc#1197920). - ocfs2: mount fails with buffer overflow in strlen (bsc#1197760). - octeontx2-af: fix infinite loop in unmapping NPC counter (git-fixes). - of: fdt: fix off-by-one error in unflatten_dt_nodes() (git-fixes). - of/device: Fix up of_dma_configure_id() stub (git-fixes). - PCI: Add ACS quirk for Broadcom BCM5750x NICs (git-fixes). - PCI: dwc: Add unroll iATU space support to dw_pcie_disable_atu() (git-fixes). - PCI: dwc: Always enable CDM check if "snps,enable-cdm-check" exists (git-fixes). - PCI: dwc: Deallocate EPC memory on dw_pcie_ep_init() errors (git-fixes). - PCI: dwc: Disable outbound windows only for controllers using iATU (git-fixes). - PCI: dwc: Stop link on host_init errors and de-initialization (git-fixes). - PCI: hv: Fix hv_arch_irq_unmask() for multi-MSI (bsc#1200845). - PCI: hv: Fix interrupt mapping for multi-MSI (bsc#1200845). - PCI: hv: Fix multi-MSI to allow more than one MSI vector (bsc#1200845). - PCI: hv: Make the code arch neutral by adding arch specific interfaces (bsc#1200845). - PCI: hv: Only reuse existing IRTE allocation for Multi-MSI (bsc#1200845). - PCI: hv: Reuse existing IRTE allocation in compose_msi_msg() (bsc#1200845). - PCI: qcom: Fix pipe clock imbalance (git-fixes). - PCI: qcom: Power on PHY before IPQ8074 DBI register accesses (git-fixes). - PCI: qcom: Set up rev 2.1.0 PARF_PHY before enabling clocks (git-fixes). - PCI: tegra194: Fix link up retry sequence (git-fixes). - PCI: tegra194: Fix PM error handling in tegra_pcie_config_ep() (git-fixes). - PCI: tegra194: Fix Root Port interrupt handling (git-fixes). - PCI/ACPI: Guard ARM64-specific mcfg_quirks (git-fixes). - PCI/portdrv: Do not disable AER reporting in get_port_device_capability() (git-fixes). - perf bench: Share some global variables to fix build with gcc 10 (git-fixes). - pinctrl: nomadik: Fix refcount leak in nmk_pinctrl_dt_subnode_to_map (git-fixes). - pinctrl: qcom: msm8916: Allow CAMSS GP clocks to be muxed (git-fixes). - pinctrl: rockchip: Enhance support for IRQ_TYPE_EDGE_BOTH (git-fixes). - pinctrl: sunxi: Add I/O bias setting for H6 R-PIO (git-fixes). - pinctrl/rockchip: fix gpio device creation (git-fixes). - platform/olpc: Fix uninitialized data in debugfs write (git-fixes). - platform/x86: acer-wmi: Acer Aspire One AOD270/Packard Bell Dot keymap fixes (git-fixes). - platform/x86: pmc_atom: Fix SLP_TYPx bitfield mask (git-fixes). - PM: runtime: Remove link state checks in rpm_get/put_supplier() (git-fixes). - powerpc: define get_cycles macro for arch-override (bsc#1065729). - powerpc: Enable execve syscall exit tracepoint (bsc#1065729). - powerpc: powernv: kABI: add back powernv_get_random_long (bsc#1065729). - powerpc/drmem: Make lmb_size 64 bit (bsc#1203424 ltc#199544). - powerpc/memhotplug: Make lmb size 64bit (bsc#1203424 ltc#199544). - powerpc/perf: Optimize clearing the pending PMI and remove WARN_ON for PMI check in power_pmu_disable (bsc#1156395). - powerpc/powernv: Avoid crashing if rng is NULL (bsc#1065729). - powerpc/powernv: delay rng platform device creation until later in boot (bsc#1065729). - powerpc/powernv: rename remaining rng powernv_ functions to pnv_ (bsc#1065729). - powerpc/powernv: Staticify functions without prototypes (bsc#1065729). - powerpc/powernv: wire up rng during setup_arch (bsc#1065729). - powerpc/powernv/kvm: Use darn for H_RANDOM on Power9 (bsc#1065729). - powerpc/pseries: wire up rng during setup_arch() (bsc#1065729). - powerpc/xive: Fix refcount leak in xive_get_max_prio (git-fixess). - ppc64/kdump: Limit kdump base to 512MB (bsc#1203410 ltc#199904). - profiling: fix shift too large makes kernel panic (git-fixes). - profiling: fix shift-out-of-bounds bugs (git fixes). - psi: Fix uaf issue when psi trigger is destroyed while being polled (bsc#1203909). - qlcnic: Add null check after calling netdev_alloc_skb (git-fixes). - random: fix crash on multiple early calls to add_bootloader_randomness() (git-fixes). - random: remove useless header comment (git fixes). - ratelimit: Fix data-races in ___ratelimit() (git-fixes). - regulator: core: Clean up on enable failure (git-fixes). - regulator: of: Fix refcount leak bug in of_get_regulation_constraints() (git-fixes). - reiserfs: fix handling of -EOPNOTSUPP in reiserfs_for_each_xattr (bsc#1202714). - remoteproc: qcom: q6v5-mss: add powerdomains to MSM8996 config (git-fixes). - remoteproc: qcom: wcnss: Fix handling of IRQs (git-fixes). - s390/crash: fix incorrect number of bytes to copy to user space (git-fixes). - s390/crash: make copy_oldmem_page() return number of bytes copied (git-fixes). - s390/mm: do not trigger write fault when vma does not allow VM_WRITE (git-fixes). - s390/mm: fix 2KB pgtable release race (git-fixes). - s390/ptrace: pass invalid syscall numbers to tracing (bsc#1192594 LTC#197522). - s390/qeth: cache link_info for ethtool (bsc#1202984 LTC#199607). - s390/qeth: clean up default cases for ethtool link mode (bsc#1202984 LTC#199607). - s390/qeth: improve QUERY CARD INFO processing (bsc#1202984 LTC#199607). - s390/qeth: improve selection of ethtool link modes (bsc#1202984 LTC#199607). - s390/qeth: set static link info during initialization (bsc#1202984 LTC#199607). - s390/qeth: tolerate error when querying card info (bsc#1202984 LTC#199607). - s390/qeth: use QUERY OAT for initial link info (bsc#1202984 LTC#199607). - sched/debug: Remove mpol_get/put and task_lock/unlock from (git-fixes) - sched/fair: Revise comment about lb decision matrix (git fixes (sched/fair)). - sched/membarrier: fix missing local execution of ipi_sync_rq_state() (git fixes (sched/membarrier)). - scsi: core: Fix bad pointer dereference when ehandler kthread is invalid (git-fixes). - scsi: lpfc: Add missing destroy_workqueue() in error path (bsc#1203939). - scsi: lpfc: Add missing free iocb and nlp kref put for early return VMID cases (bsc#1203939). - scsi: lpfc: Add reporting capability for Link Degrade Signaling (bsc#1203939). - scsi: lpfc: Add warning notification period to CMF_SYNC_WQE (bsc#1203063). - scsi: lpfc: Check the return value of alloc_workqueue() (bsc#1203063). - scsi: lpfc: Copyright updates for 14.2.0.6 patches (bsc#1203063). - scsi: lpfc: Fix FLOGI ACC with wrong SID in PT2PT topology (bsc#1203939). - scsi: lpfc: Fix mbuf pool resource detected as busy at driver unload (bsc#1203939). - scsi: lpfc: Fix multiple NVMe remoteport registration calls for the same NPort ID (bsc#1203939). - scsi: lpfc: Fix null ndlp ptr dereference in abnormal exit path for GFT_ID (bsc#1203063). - scsi: lpfc: Fix prli_fc4_req checks in PRLI handling (bsc#1203939). - scsi: lpfc: Fix unsolicited FLOGI receive handling during PT2PT discovery (bsc#1203063). - scsi: lpfc: Fix various issues reported by tools (bsc#1203939). - scsi: lpfc: Move scsi_host_template outside dynamically allocated/freed phba (bsc#1185032 bsc#1203939). - scsi: lpfc: Remove SANDiags related code (bsc#1203063). - scsi: lpfc: Remove the unneeded result variable (bsc#1203939). - scsi: lpfc: Remove unneeded result variable (bsc#1203939). - scsi: lpfc: Rename mp/bmp dma buffers to rq/rsp in lpfc_fdmi_cmd (bsc#1203939). - scsi: lpfc: Return DID_TRANSPORT_DISRUPTED instead of DID_REQUEUE (bsc#1203939). - scsi: lpfc: Rework FDMI attribute registration for unintential padding (bsc#1203939). - scsi: lpfc: Rework lpfc_fdmi_cmd() routine for cleanup and consistency (bsc#1203939). - scsi: lpfc: Rework MIB Rx Monitor debug info logic (bsc#1203063). - scsi: lpfc: Update congestion mode logging for Emulex SAN Manager application (bsc#1203939). - scsi: lpfc: Update lpfc version to 14.2.0.6 (bsc#1203063). - scsi: lpfc: Update lpfc version to 14.2.0.7 (bsc#1203939). - scsi: mpt3sas: Fix use-after-free warning (git-fixes). - scsi: qla2xxx: Add debugfs create/delete helpers (bsc#1203935). - scsi: qla2xxx: Add NVMe parameters support in Auxiliary Image Status (bsc#1203935). - scsi: qla2xxx: Always wait for qlt_sess_work_fn() from qlt_stop_phase1() (bsc#1203935). - scsi: qla2xxx: Avoid flush_scheduled_work() usage (bsc#1203935). - scsi: qla2xxx: Disable ATIO interrupt coalesce for quad port ISP27XX (bsc#1203935). - scsi: qla2xxx: Drop DID_TARGET_FAILURE use (bsc#1203935). - scsi: qla2xxx: Fix memory leak in __qlt_24xx_handle_abts() (bsc#1203935). - scsi: qla2xxx: Fix response queue handler reading stale packets (bsc#1203935). - scsi: qla2xxx: Log message "skipping scsi_scan_host()" as informational (bsc#1203935). - scsi: qla2xxx: Remove unused declarations for qla2xxx (bsc#1203935). - scsi: qla2xxx: Remove unused del_sess_list field (bsc#1203935). - scsi: qla2xxx: Remove unused qlt_tmr_work() (bsc#1203935). - scsi: qla2xxx: Revert "scsi: qla2xxx: Fix response queue handler reading stale packets" (bsc#1203935). - scsi: qla2xxx: Update version to 10.02.07.900-k (bsc#1203935). - scsi: sg: Allow waiting for commands to complete on removed device (git-fixes). - scsi: smartpqi: Fix DMA direction for RAID requests (git-fixes). - scsi: smartpqi: Shorten drive visibility after removal (bsc#1200622). - scsi: smartpqi: Update LUN reset handler (bsc#1200622). - selftests: futex: Use variable MAKE instead of make (git-fixes). - serial: 8250_dw: Store LSR into lsr_saved_flags in dw8250_tx_wait_empty() (git-fixes). - serial: fsl_lpuart: RS485 RTS polariy is inverse (git-fixes). - serial: mvebu-uart: uart2 error bits clearing (git-fixes). - serial: tegra: Change lower tolerance baud rate limit for tegra20 and tegra30 (git-fixes). - soc: brcmstb: pm-arm: Fix refcount leak and __iomem leak bugs (git-fixes). - soc: fsl: guts: machine variable might be unset (git-fixes). - soundwire: bus_type: fix remove and shutdown support (git-fixes). - spi: Fix incorrect cs_setup delay handling (git-fixes). - spi: spi-rspi: Fix PIO fallback on RZ platforms (git-fixes). - spi: synquacer: Add missing clk_disable_unprepare() (git-fixes). - spmi: trace: fix stack-out-of-bound access in SPMI tracing functions (git-fixes). - squashfs: fix divide error in calculate_skip() (git-fixes). - staging: rtl8192u: Fix sleep in atomic context bug in dm_fsync_timer_callback (git-fixes). - staging: rtl8712: fix use after free bugs (git-fixes). - SUNRPC reverting d03727b248d0 ("NFSv4 fix CLOSE not waiting for direct IO compeletion") (git-fixes). - SUNRPC: Clean up scheduling of autoclose (git-fixes). - SUNRPC: Do not call connect() more than once on a TCP socket (git-fixes). - SUNRPC: Do not dereference xprt->snd_task if it's a cookie (git-fixes). - SUNRPC: Do not leak sockets in xs_local_connect() (git-fixes). - SUNRPC: fix expiry of auth creds (git-fixes). - SUNRPC: Fix misplaced barrier in call_decode (git-fixes). - SUNRPC: Fix READ_PLUS crasher (git-fixes). - SUNRPC: Partial revert of commit 6f9f17287e78 (git-fixes). - SUNRPC: Prevent immediate close+reconnect (git-fixes). - SUNRPC: Reinitialise the backchannel request buffers before reuse (git-fixes). - SUNRPC: RPC level errors should set task->tk_rpc_status (git-fixes). - svcrdma: Hold private mutex while invoking rdma_accept() (git-fixes). - tee: optee: Fix incorrect page free bug (git-fixes). - thermal: Fix NULL pointer dereferences in of_thermal_ functions (git-fixes). - thermal: sysfs: Fix cooling_device_stats_setup() error code path (git-fixes). - thermal/tools/tmon: Include pthread and time headers in tmon.h (git-fixes). - thunderbolt: Use the actual buffer in tb_async_error() (git-fixes). - tick/nohz: Use WARN_ON_ONCE() to prevent console saturation (git fixes (kernel/time)). - tools/thermal: Fix possible path truncations (git-fixes). - tracing: Add ustring operation to filtering string pointers (git-fixes). - tracing: hold caller_addr to hardirq_{enable,disable}_ip (git-fixes). - tracing/histogram: Fix a potential memory leak for kstrdup() (git-fixes). - tracing/histograms: Fix memory leak problem (git-fixes). - tracing/probes: Have kprobes and uprobes use $COMM too (git-fixes). - tty: serial: Fix refcount leak bug in ucc_uart.c (git-fixes). - tty: serial: lpuart: disable flow control while waiting for the transmit engine to complete (git-fixes). - tty: vt: initialize unicode screen buffer (git-fixes). - USB: cdc-acm: Add Icom PMR F3400 support (0c26:0020) (git-fixes). - USB: core: Fix RST error in hub.c (git-fixes). - USB: core: Prevent nested device-reset calls (git-fixes). - USB: dwc2: fix wrong order of phy_power_on and phy_init (git-fixes). - USB: dwc3: add cancelled reasons for dwc3 requests (git-fixes). - USB: dwc3: disable USB core PHY management (git-fixes). - USB: dwc3: ep0: Fix delay status handling (git-fixes). - USB: dwc3: gadget: END_TRANSFER before CLEAR_STALL command (git-fixes). - USB: dwc3: gadget: Fix IN endpoint max packet size allocation (git-fixes). - USB: dwc3: gadget: Refactor dwc3_gadget_ep_dequeue (git-fixes). - USB: dwc3: gadget: Remove FS bInterval_m1 limitation (git-fixes). - USB: dwc3: gadget: Remove unnecessary checks (git-fixes). - USB: dwc3: gadget: Replace list_for_each_entry_safe() if using giveback (git-fixes). - USB: dwc3: gadget: Store resource index of start cmd (git-fixes). - USB: dwc3: qcom: fix missing optional irq warnings. - USB: dwc3: Switch to platform_get_irq_byname_optional() (git-fixes). - USB: ehci: handshake CMD_RUN instead of STS_HALT (git-fixes). - USB: Follow-up to SPDX identifiers addition - remove now useless comments (git-fixes). - USB: gadget: mass_storage: Fix cdrom data transfers on MAC-OS (git-fixes). - USB: gadget: u_audio: fix race condition on endpoint stop (git-fixes). - USB: gadget: udc-xilinx: replace memcpy with memcpy_toio (git-fixes). - USB: gadget: udc: amd5536 depends on HAS_DMA (git-fixes). - USB: gadget: uvc: call uvc uvcg_warn on completed status instead of uvcg_info (git-fixes). - USB: host: Fix refcount leak in ehci_hcd_ppc_of_probe (git-fixes). - USB: host: ohci-ppc-of: Fix refcount leak bug (git-fixes). - USB: host: xhci: use snprintf() in xhci_decode_trb() (git-fixes). - USB: ohci-nxp: Fix refcount leak in ohci_hcd_nxp_probe (git-fixes). - USB: otg-fsm: Fix hrtimer list corruption (git-fixes). - USB: renesas: Fix refcount leak bug (git-fixes). - USB: serial: ch341: fix disabled rx timer on older devices (git-fixes). - USB: serial: ch341: fix lost character on LCR updates (git-fixes). - USB: serial: ch341: name prescaler, divisor registers (git-fixes). - USB: serial: cp210x: add Decagon UCA device id (git-fixes). - USB: serial: fix tty-port initialized comments (git-fixes). - USB: serial: ftdi_sio: add Omron CS1W-CIF31 device id (git-fixes). - USB: serial: option: add Quectel EM060K modem (git-fixes). - USB: serial: option: add support for Cinterion MV32-WA/WB RmNet mode (git-fixes). - USB: serial: option: add support for OPPO R11 diag port (git-fixes). - USB: storage: Add ASUS <0x0b05:0x1932> to IGNORE_UAS (git-fixes). - USB: storage: Add ignore-residue quirk for NXP PN7462AU (git-fixes). - USB: struct usb_device: hide new member (git-fixes). - USB: typec: altmodes/displayport: correct pin assignment for UFP receptacles (git-fixes). - USB: typec: ucsi: Acknowledge the GET_ERROR_STATUS command completion (git-fixes). - USB: xhci: tegra: Fix error check (git-fixes). - usbnet: Fix linkwatch use-after-free on disconnect (git-fixes). - usbnet: Fix memory leak in usbnet_disconnect() (git-fixes). - usbnet: smsc95xx: Fix deadlock on runtime resume (git-fixes). - vboxguest: Do not use devm for irq (git-fixes). - vfio/ccw: Remove UUID from s390 debug log (git-fixes). - video: fbdev: amba-clcd: Fix refcount leak bugs (git-fixes). - video: fbdev: arkfb: Check the size of screen before memset_io() (git-fixes). - video: fbdev: arkfb: Fix a divide-by-zero bug in ark_set_pixclock() (git-fixes). - video: fbdev: i740fb: Check the argument of i740_calc_vclk() (git-fixes). - video: fbdev: s3fb: Check the size of screen before memset_io() (git-fixes). - video: fbdev: sis: fix typos in SiS_GetModeID() (git-fixes). - video: fbdev: vt8623fb: Check the size of screen before memset_io() (git-fixes). - virtio_net: fix memory leak inside XPD_TX with mergeable (git-fixes). - virtio-gpu: fix a missing check to avoid NULL dereference (git-fixes). - virtio-net: fix the race between refill work and close (git-fixes). - VMCI: Add support for ARM64 (bsc#1199291, jsc#SLE-24635). - VMCI: Check exclusive_vectors when freeing interrupt 1 (bsc#1199291, jsc#SLE-24635). - VMCI: dma dg: add MMIO access to registers (bsc#1199291, jsc#SLE-24635). - VMCI: dma dg: add support for DMA datagrams receive (bsc#1199291, jsc#SLE-24635). - VMCI: dma dg: add support for DMA datagrams sends (bsc#1199291, jsc#SLE-24635). - VMCI: dma dg: allocate send and receive buffers for DMA datagrams (bsc#1199291, jsc#SLE-24635). - VMCI: dma dg: detect DMA datagram capability (bsc#1199291, jsc#SLE-24635). - VMCI: dma dg: register dummy IRQ handlers for DMA datagrams (bsc#1199291, jsc#SLE-24635). - VMCI: dma dg: set OS page size (bsc#1199291, jsc#SLE-24635). - VMCI: dma dg: whitespace formatting change for vmci register defines (bsc#1199291, jsc#SLE-24635). - VMCI: Enforce queuepair max size for IOCTL_VMCI_QUEUEPAIR_ALLOC (bsc#1199291, jsc#SLE-24635). - VMCI: Fix some error handling paths in vmci_guest_probe_device() (bsc#1199291, jsc#SLE-24635). - VMCI: Release notification_bitmap in error path (bsc#1199291, jsc#SLE-24635). - vmxnet3: add command to set ring buffer sizes (bsc#1200431). - vmxnet3: add support for capability registers (bsc#1200431). - vmxnet3: add support for large passthrough BAR register (bsc#1200431). - vmxnet3: add support for out of order rx completion (bsc#1200431). - vmxnet3: disable overlay offloads if UPT device does not support (bsc#1200431). - vmxnet3: do not reschedule napi for rx processing (bsc#1200431). - vmxnet3: do not stop tx queues after netif_device_detach() (bsc#1200431). - vmxnet3: Implement ethtool's get_channels command (bsc#1200431). - vmxnet3: limit number of TXDs used for TSO packet (bsc#1200431). - vmxnet3: prepare for version 7 changes (bsc#1200431). - vmxnet3: Record queue number to incoming packets (bsc#1200431). - vmxnet3: Remove useless DMA-32 fallback configuration (bsc#1200431). - vmxnet3: switch from 'pci_' to 'dma_' API (bsc#1200431). - vmxnet3: update to version 7 (bsc#1200431). - vmxnet3: use ext1 field to indicate encapsulated packet (bsc#1200431). - vsock: Fix memory leak in vsock_connect() (git-fixes). - vsock: Set socket state back to SS_UNCONNECTED in vsock_connect_timeout() (git-fixes). - vt: Clear selection before changing the font (git-fixes). - vt: selection, introduce vc_is_sel (git-fixes). - watchdog: armada_37xx_wdt: check the return value of devm_ioremap() in armada_37xx_wdt_probe() (git-fixes). - watchdog: wdat_wdt: Set the min and max timeout values properly (bsc#1194023). - wifi: cfg80211: debugfs: fix return type in ht40allow_map_read() (git-fixes). - wifi: iwlegacy: 4965: corrected fix for potential off-by-one overflow in il4965_rs_fill_link_cmd() (git-fixes). - wifi: iwlegacy: 4965: fix potential off-by-one overflow in il4965_rs_fill_link_cmd() (git-fixes). - wifi: iwlwifi: mvm: fix double list_add at iwl_mvm_mac_wake_tx_queue (git-fixes). - wifi: libertas: Fix possible refcount leak in if_usb_probe() (git-fixes). - wifi: mac80211_hwsim: add back erroneously removed cast (git-fixes). - wifi: mac80211_hwsim: fix race condition in pending packet (git-fixes). - wifi: mac80211_hwsim: use 32-bit skb cookie (git-fixes). - wifi: mac80211: Do not finalize CSA in IBSS mode if state is disconnected (git-fixes). - wifi: p54: add missing parentheses in p54_flush() (git-fixes). - wifi: p54: Fix an error handling path in p54spi_probe() (git-fixes). - wifi: rtlwifi: fix error codes in rtl_debugfs_set_write_h2c() (git-fixes). - wifi: wil6210: debugfs: fix info leak in wil_write_file_wmi() (git-fixes). - wifi: wil6210: debugfs: fix uninitialized variable use in `wil_write_file_wmi()` (git-fixes). - x86/bugs: Reenable retbleed=off While for older kernels the return thunks are statically built in and cannot be dynamically patched out, retbleed=off should still work so that it can be disabled. - x86/kexec: fix memory leak of elf header buffer (bsc#1196444). - x86/olpc: fix 'logical not is only applied to the left hand side' (git-fixes). - x86/xen: Remove undefined behavior in setup_features() (git-fixes). - xen/xenbus: fix return type in xenbus_file_read() (git-fixes). - xfs: bunmapi has unnecessary AG lock ordering issues (git-fixes). - xfs: check sb_meta_uuid for dabuf buffer recovery (bsc#1202577). - xfs: Fix assert failure in xfs_setattr_size() (git-fixes). - xfs: make xfs_rtalloc_query_range input parameters const (git-fixes). - xfs: mark a data structure sick if there are cross-referencing errors (git-fixes). - xfs: only reset incore inode health state flags when reclaiming an inode (git-fixes). - xfs: prevent a UAF when log IO errors race with unmount (git-fixes). - xfs: use kmem_cache_free() for kmem_cache objects (git-fixes). - xprtrdma: Fix cwnd update ordering (git-fixes). - xprtrdma: Fix XDRBUF_SPARSE_PAGES support (git-fixes). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-3609=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP3: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP3-2022-3609=1 Package List: - openSUSE Leap 15.3 (noarch): kernel-devel-azure-5.3.18-150300.38.80.1 kernel-source-azure-5.3.18-150300.38.80.1 - openSUSE Leap 15.3 (x86_64): cluster-md-kmp-azure-5.3.18-150300.38.80.1 cluster-md-kmp-azure-debuginfo-5.3.18-150300.38.80.1 dlm-kmp-azure-5.3.18-150300.38.80.1 dlm-kmp-azure-debuginfo-5.3.18-150300.38.80.1 gfs2-kmp-azure-5.3.18-150300.38.80.1 gfs2-kmp-azure-debuginfo-5.3.18-150300.38.80.1 kernel-azure-5.3.18-150300.38.80.1 kernel-azure-debuginfo-5.3.18-150300.38.80.1 kernel-azure-debugsource-5.3.18-150300.38.80.1 kernel-azure-devel-5.3.18-150300.38.80.1 kernel-azure-devel-debuginfo-5.3.18-150300.38.80.1 kernel-azure-extra-5.3.18-150300.38.80.1 kernel-azure-extra-debuginfo-5.3.18-150300.38.80.1 kernel-azure-livepatch-devel-5.3.18-150300.38.80.1 kernel-azure-optional-5.3.18-150300.38.80.1 kernel-azure-optional-debuginfo-5.3.18-150300.38.80.1 kernel-syms-azure-5.3.18-150300.38.80.1 kselftests-kmp-azure-5.3.18-150300.38.80.1 kselftests-kmp-azure-debuginfo-5.3.18-150300.38.80.1 ocfs2-kmp-azure-5.3.18-150300.38.80.1 ocfs2-kmp-azure-debuginfo-5.3.18-150300.38.80.1 reiserfs-kmp-azure-5.3.18-150300.38.80.1 reiserfs-kmp-azure-debuginfo-5.3.18-150300.38.80.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP3 (noarch): kernel-devel-azure-5.3.18-150300.38.80.1 kernel-source-azure-5.3.18-150300.38.80.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP3 (x86_64): kernel-azure-5.3.18-150300.38.80.1 kernel-azure-debuginfo-5.3.18-150300.38.80.1 kernel-azure-debugsource-5.3.18-150300.38.80.1 kernel-azure-devel-5.3.18-150300.38.80.1 kernel-azure-devel-debuginfo-5.3.18-150300.38.80.1 kernel-syms-azure-5.3.18-150300.38.80.1 References: https://www.suse.com/security/cve/CVE-2016-3695.html https://www.suse.com/security/cve/CVE-2020-16119.html https://www.suse.com/security/cve/CVE-2020-27784.html https://www.suse.com/security/cve/CVE-2020-36516.html https://www.suse.com/security/cve/CVE-2021-4155.html https://www.suse.com/security/cve/CVE-2021-4203.html https://www.suse.com/security/cve/CVE-2022-20368.html https://www.suse.com/security/cve/CVE-2022-20369.html https://www.suse.com/security/cve/CVE-2022-2503.html https://www.suse.com/security/cve/CVE-2022-2586.html https://www.suse.com/security/cve/CVE-2022-2588.html https://www.suse.com/security/cve/CVE-2022-26373.html https://www.suse.com/security/cve/CVE-2022-2639.html https://www.suse.com/security/cve/CVE-2022-2663.html https://www.suse.com/security/cve/CVE-2022-2905.html https://www.suse.com/security/cve/CVE-2022-2977.html https://www.suse.com/security/cve/CVE-2022-3028.html https://www.suse.com/security/cve/CVE-2022-3239.html https://www.suse.com/security/cve/CVE-2022-3303.html https://www.suse.com/security/cve/CVE-2022-36879.html https://www.suse.com/security/cve/CVE-2022-39188.html https://www.suse.com/security/cve/CVE-2022-39190.html https://www.suse.com/security/cve/CVE-2022-41218.html https://www.suse.com/security/cve/CVE-2022-41222.html https://www.suse.com/security/cve/CVE-2022-41848.html https://www.suse.com/security/cve/CVE-2022-41849.html https://bugzilla.suse.com/1023051 https://bugzilla.suse.com/1065729 https://bugzilla.suse.com/1156395 https://bugzilla.suse.com/1177471 https://bugzilla.suse.com/1179722 https://bugzilla.suse.com/1179723 https://bugzilla.suse.com/1181862 https://bugzilla.suse.com/1185032 https://bugzilla.suse.com/1191662 https://bugzilla.suse.com/1191667 https://bugzilla.suse.com/1191881 https://bugzilla.suse.com/1192594 https://bugzilla.suse.com/1194023 https://bugzilla.suse.com/1194272 https://bugzilla.suse.com/1194535 https://bugzilla.suse.com/1196444 https://bugzilla.suse.com/1196616 https://bugzilla.suse.com/1196867 https://bugzilla.suse.com/1197158 https://bugzilla.suse.com/1197659 https://bugzilla.suse.com/1197755 https://bugzilla.suse.com/1197756 https://bugzilla.suse.com/1197757 https://bugzilla.suse.com/1197760 https://bugzilla.suse.com/1197763 https://bugzilla.suse.com/1197920 https://bugzilla.suse.com/1198971 https://bugzilla.suse.com/1199255 https://bugzilla.suse.com/1199291 https://bugzilla.suse.com/1200084 https://bugzilla.suse.com/1200313 https://bugzilla.suse.com/1200431 https://bugzilla.suse.com/1200622 https://bugzilla.suse.com/1200845 https://bugzilla.suse.com/1200868 https://bugzilla.suse.com/1200869 https://bugzilla.suse.com/1200870 https://bugzilla.suse.com/1200871 https://bugzilla.suse.com/1200872 https://bugzilla.suse.com/1200873 https://bugzilla.suse.com/1201019 https://bugzilla.suse.com/1201309 https://bugzilla.suse.com/1201310 https://bugzilla.suse.com/1201420 https://bugzilla.suse.com/1201442 https://bugzilla.suse.com/1201489 https://bugzilla.suse.com/1201610 https://bugzilla.suse.com/1201645 https://bugzilla.suse.com/1201705 https://bugzilla.suse.com/1201726 https://bugzilla.suse.com/1201865 https://bugzilla.suse.com/1201948 https://bugzilla.suse.com/1201990 https://bugzilla.suse.com/1202095 https://bugzilla.suse.com/1202096 https://bugzilla.suse.com/1202097 https://bugzilla.suse.com/1202154 https://bugzilla.suse.com/1202341 https://bugzilla.suse.com/1202346 https://bugzilla.suse.com/1202347 https://bugzilla.suse.com/1202385 https://bugzilla.suse.com/1202393 https://bugzilla.suse.com/1202396 https://bugzilla.suse.com/1202447 https://bugzilla.suse.com/1202577 https://bugzilla.suse.com/1202636 https://bugzilla.suse.com/1202672 https://bugzilla.suse.com/1202677 https://bugzilla.suse.com/1202701 https://bugzilla.suse.com/1202708 https://bugzilla.suse.com/1202709 https://bugzilla.suse.com/1202710 https://bugzilla.suse.com/1202711 https://bugzilla.suse.com/1202712 https://bugzilla.suse.com/1202713 https://bugzilla.suse.com/1202714 https://bugzilla.suse.com/1202715 https://bugzilla.suse.com/1202716 https://bugzilla.suse.com/1202717 https://bugzilla.suse.com/1202718 https://bugzilla.suse.com/1202720 https://bugzilla.suse.com/1202722 https://bugzilla.suse.com/1202745 https://bugzilla.suse.com/1202756 https://bugzilla.suse.com/1202810 https://bugzilla.suse.com/1202811 https://bugzilla.suse.com/1202860 https://bugzilla.suse.com/1202895 https://bugzilla.suse.com/1202898 https://bugzilla.suse.com/1202960 https://bugzilla.suse.com/1202984 https://bugzilla.suse.com/1203063 https://bugzilla.suse.com/1203098 https://bugzilla.suse.com/1203107 https://bugzilla.suse.com/1203116 https://bugzilla.suse.com/1203117 https://bugzilla.suse.com/1203135 https://bugzilla.suse.com/1203136 https://bugzilla.suse.com/1203137 https://bugzilla.suse.com/1203159 https://bugzilla.suse.com/1203313 https://bugzilla.suse.com/1203389 https://bugzilla.suse.com/1203410 https://bugzilla.suse.com/1203424 https://bugzilla.suse.com/1203552 https://bugzilla.suse.com/1203622 https://bugzilla.suse.com/1203737 https://bugzilla.suse.com/1203769 https://bugzilla.suse.com/1203906 https://bugzilla.suse.com/1203909 https://bugzilla.suse.com/1203933 https://bugzilla.suse.com/1203935 https://bugzilla.suse.com/1203939 https://bugzilla.suse.com/1203987 https://bugzilla.suse.com/1203992 From sle-updates at lists.suse.com Tue Oct 18 13:31:29 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 18 Oct 2022 15:31:29 +0200 (CEST) Subject: SUSE-RU-2022:3611-1: moderate: Recommended update for resource-agents Message-ID: <20221018133129.02B7CFD2F@maintenance.suse.de> SUSE Recommended Update: Recommended update for resource-agents ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:3611-1 Rating: moderate References: PED-2000 Affected Products: SUSE Linux Enterprise High Availability 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 ______________________________________________________________________________ An update that has 0 recommended fixes and contains one feature can now be installed. Description: This update for resource-agents fixes the following issues: - Azure Events RA can not handle AV Zones (jsc#PED-2000) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-3611=1 - SUSE Linux Enterprise High Availability 15-SP3: zypper in -t patch SUSE-SLE-Product-HA-15-SP3-2022-3611=1 Package List: - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): ldirectord-4.8.0+git30.d0077df0-150300.8.31.1 resource-agents-4.8.0+git30.d0077df0-150300.8.31.1 resource-agents-debuginfo-4.8.0+git30.d0077df0-150300.8.31.1 resource-agents-debugsource-4.8.0+git30.d0077df0-150300.8.31.1 - openSUSE Leap 15.3 (noarch): monitoring-plugins-metadata-4.8.0+git30.d0077df0-150300.8.31.1 - SUSE Linux Enterprise High Availability 15-SP3 (aarch64 ppc64le s390x x86_64): ldirectord-4.8.0+git30.d0077df0-150300.8.31.1 resource-agents-4.8.0+git30.d0077df0-150300.8.31.1 resource-agents-debuginfo-4.8.0+git30.d0077df0-150300.8.31.1 resource-agents-debugsource-4.8.0+git30.d0077df0-150300.8.31.1 - SUSE Linux Enterprise High Availability 15-SP3 (noarch): monitoring-plugins-metadata-4.8.0+git30.d0077df0-150300.8.31.1 References: From sle-updates at lists.suse.com Tue Oct 18 13:32:06 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 18 Oct 2022 15:32:06 +0200 (CEST) Subject: SUSE-RU-2022:3608-1: moderate: Recommended update for lifecycle-data-sle-live-patching Message-ID: <20221018133206.5A25FFD2F@maintenance.suse.de> SUSE Recommended Update: Recommended update for lifecycle-data-sle-live-patching ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:3608-1 Rating: moderate References: #1020320 Affected Products: SUSE Linux Enterprise Live Patching 12 SUSE Linux Enterprise Live Patching 12-SP4 SUSE Linux Enterprise Live Patching 12-SP5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for lifecycle-data-sle-live-patching fixes the following issues: Lifecycle data update. (bsc#1020320) - Added data for 4_12_14-122_127, 4_12_14-122_130, 4_12_14-95_102, 4_12_14-95_105. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12-SP5: zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2022-3608=1 - SUSE Linux Enterprise Live Patching 12-SP4: zypper in -t patch SUSE-SLE-Live-Patching-12-SP4-2022-3608=1 - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2022-3608=1 Package List: - SUSE Linux Enterprise Live Patching 12-SP5 (noarch): lifecycle-data-sle-live-patching-1-10.115.1 - SUSE Linux Enterprise Live Patching 12-SP4 (noarch): lifecycle-data-sle-live-patching-1-10.115.1 - SUSE Linux Enterprise Live Patching 12 (noarch): lifecycle-data-sle-live-patching-1-10.115.1 References: https://bugzilla.suse.com/1020320 From sle-updates at lists.suse.com Tue Oct 18 13:32:49 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 18 Oct 2022 15:32:49 +0200 (CEST) Subject: SUSE-RU-2022:3610-1: moderate: Recommended update for resource-agents Message-ID: <20221018133249.927E8FD2F@maintenance.suse.de> SUSE Recommended Update: Recommended update for resource-agents ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:3610-1 Rating: moderate References: PED-2000 Affected Products: SUSE Linux Enterprise High Availability 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has 0 recommended fixes and contains one feature can now be installed. Description: This update for resource-agents fixes the following issues: - Azure Events RA can not handle AV Zones (jsc#PED-2000) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3610=1 - SUSE Linux Enterprise High Availability 15-SP4: zypper in -t patch SUSE-SLE-Product-HA-15-SP4-2022-3610=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): ldirectord-4.10.0+git40.0f4de473-150400.3.10.1 resource-agents-4.10.0+git40.0f4de473-150400.3.10.1 resource-agents-debuginfo-4.10.0+git40.0f4de473-150400.3.10.1 resource-agents-debugsource-4.10.0+git40.0f4de473-150400.3.10.1 - openSUSE Leap 15.4 (noarch): monitoring-plugins-metadata-4.10.0+git40.0f4de473-150400.3.10.1 - SUSE Linux Enterprise High Availability 15-SP4 (aarch64 ppc64le s390x x86_64): ldirectord-4.10.0+git40.0f4de473-150400.3.10.1 resource-agents-4.10.0+git40.0f4de473-150400.3.10.1 resource-agents-debuginfo-4.10.0+git40.0f4de473-150400.3.10.1 resource-agents-debugsource-4.10.0+git40.0f4de473-150400.3.10.1 - SUSE Linux Enterprise High Availability 15-SP4 (noarch): monitoring-plugins-metadata-4.10.0+git40.0f4de473-150400.3.10.1 References: From sle-updates at lists.suse.com Tue Oct 18 13:33:24 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 18 Oct 2022 15:33:24 +0200 (CEST) Subject: SUSE-RU-2022:3612-1: moderate: Recommended update for SUSEConnect Message-ID: <20221018133324.B5732FD2F@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSEConnect ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:3612-1 Rating: moderate References: #1200641 #1200994 Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for SUSEConnect fixes the following issues: - Allow suseconnect-keepalive.service to recognize a configured proxy. (bsc#1200994) - Remove the `WantedBy` statement from suseconnect-keepalive.service since it's only to be triggered by a systemd timer. - SUSEConnect will now ensure that the `PROXY_ENABLED` environment variable is honored. - Write services with ssl_verify=no when using connect with insecure - Rely on system-wide defaults for enabling the keepalive timer by systemd-presets-branding-SLE. (bsc#1200641) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-3612=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-3612=1 Package List: - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): SUSEConnect-0.3.36-150300.20.6.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): SUSEConnect-0.3.36-150300.20.6.1 References: https://bugzilla.suse.com/1200641 https://bugzilla.suse.com/1200994 From sle-updates at lists.suse.com Tue Oct 18 16:20:47 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 18 Oct 2022 18:20:47 +0200 (CEST) Subject: SUSE-SU-2022:3614-1: moderate: Security update for nodejs14 Message-ID: <20221018162047.ED0C8FD2F@maintenance.suse.de> SUSE Security Update: Security update for nodejs14 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3614-1 Rating: moderate References: #1201325 #1203832 Cross-References: CVE-2022-32213 CVE-2022-35256 CVSS scores: CVE-2022-32213 (NVD) : 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVE-2022-32213 (SUSE): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H CVE-2022-35256 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for Web Scripting 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for nodejs14 fixes the following issues: Updated to version 14.20.1: - CVE-2022-32213: Fixed bypass via obs-fold mechanic (bsc#1201325). - CVE-2022-35256: Fixed incorrect Parsing of Header Fields (bsc#1203832). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3614=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-3614=1 - SUSE Linux Enterprise Module for Web Scripting 15-SP3: zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP3-2022-3614=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): corepack14-14.20.1-150200.15.37.1 nodejs14-14.20.1-150200.15.37.1 nodejs14-debuginfo-14.20.1-150200.15.37.1 nodejs14-debugsource-14.20.1-150200.15.37.1 nodejs14-devel-14.20.1-150200.15.37.1 npm14-14.20.1-150200.15.37.1 - openSUSE Leap 15.4 (noarch): nodejs14-docs-14.20.1-150200.15.37.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): nodejs14-14.20.1-150200.15.37.1 nodejs14-debuginfo-14.20.1-150200.15.37.1 nodejs14-debugsource-14.20.1-150200.15.37.1 nodejs14-devel-14.20.1-150200.15.37.1 npm14-14.20.1-150200.15.37.1 - openSUSE Leap 15.3 (noarch): nodejs14-docs-14.20.1-150200.15.37.1 - SUSE Linux Enterprise Module for Web Scripting 15-SP3 (aarch64 ppc64le s390x x86_64): nodejs14-14.20.1-150200.15.37.1 nodejs14-debuginfo-14.20.1-150200.15.37.1 nodejs14-debugsource-14.20.1-150200.15.37.1 nodejs14-devel-14.20.1-150200.15.37.1 npm14-14.20.1-150200.15.37.1 - SUSE Linux Enterprise Module for Web Scripting 15-SP3 (noarch): nodejs14-docs-14.20.1-150200.15.37.1 References: https://www.suse.com/security/cve/CVE-2022-32213.html https://www.suse.com/security/cve/CVE-2022-35256.html https://bugzilla.suse.com/1201325 https://bugzilla.suse.com/1203832 From sle-updates at lists.suse.com Tue Oct 18 16:21:39 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 18 Oct 2022 18:21:39 +0200 (CEST) Subject: SUSE-SU-2022:3613-1: important: Security update for postgresql-jdbc Message-ID: <20221018162139.DB6E7FD2F@maintenance.suse.de> SUSE Security Update: Security update for postgresql-jdbc ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3613-1 Rating: important References: #1202170 Cross-References: CVE-2022-31197 CVSS scores: CVE-2022-31197 (NVD) : 8 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H CVE-2022-31197 (SUSE): 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for SUSE Manager Server 4.2 SUSE Linux Enterprise Module for Server Applications 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for postgresql-jdbc fixes the following issues: - CVE-2022-31197: Fixed SQL injection vulnerability (bsc#1202170). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-3613=1 - SUSE Linux Enterprise Module for Server Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2022-3613=1 - SUSE Linux Enterprise Module for SUSE Manager Server 4.2: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.2-2022-3613=1 Package List: - openSUSE Leap 15.3 (noarch): postgresql-jdbc-42.2.25-150300.3.8.1 postgresql-jdbc-javadoc-42.2.25-150300.3.8.1 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (noarch): postgresql-jdbc-42.2.25-150300.3.8.1 - SUSE Linux Enterprise Module for SUSE Manager Server 4.2 (noarch): postgresql-jdbc-42.2.25-150300.3.8.1 References: https://www.suse.com/security/cve/CVE-2022-31197.html https://bugzilla.suse.com/1202170 From sle-updates at lists.suse.com Tue Oct 18 16:22:29 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 18 Oct 2022 18:22:29 +0200 (CEST) Subject: SUSE-SU-2022:3615-1: important: Security update for nodejs16 Message-ID: <20221018162229.7FCDBFD2F@maintenance.suse.de> SUSE Security Update: Security update for nodejs16 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3615-1 Rating: important References: #1201325 #1201327 #1203831 #1203832 Cross-References: CVE-2022-32213 CVE-2022-32215 CVE-2022-35255 CVE-2022-35256 CVSS scores: CVE-2022-32213 (NVD) : 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVE-2022-32213 (SUSE): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H CVE-2022-32215 (NVD) : 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVE-2022-32215 (SUSE): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N CVE-2022-35255 (SUSE): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N CVE-2022-35256 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for Web Scripting 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for nodejs16 fixes the following issues: Updated to version 16.17.1: - CVE-2022-32213: Fixed bypass via obs-fold mechanic (bsc#1201325). - CVE-2022-32215: Fixed incorrect Parsing of Multi-line Transfer-Encoding (bsc#1201327). - CVE-2022-35256: Fixed incorrect Parsing of Header Fields (bsc#1203832). - CVE-2022-35255: FIxed weak randomness in WebCrypto keygen (bsc#1203831). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-3615=1 - SUSE Linux Enterprise Module for Web Scripting 15-SP3: zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP3-2022-3615=1 Package List: - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): nodejs16-16.17.1-150300.7.12.1 nodejs16-debuginfo-16.17.1-150300.7.12.1 nodejs16-debugsource-16.17.1-150300.7.12.1 nodejs16-devel-16.17.1-150300.7.12.1 npm16-16.17.1-150300.7.12.1 - openSUSE Leap 15.3 (noarch): nodejs16-docs-16.17.1-150300.7.12.1 - SUSE Linux Enterprise Module for Web Scripting 15-SP3 (aarch64 ppc64le s390x x86_64): nodejs16-16.17.1-150300.7.12.1 nodejs16-debuginfo-16.17.1-150300.7.12.1 nodejs16-debugsource-16.17.1-150300.7.12.1 nodejs16-devel-16.17.1-150300.7.12.1 npm16-16.17.1-150300.7.12.1 - SUSE Linux Enterprise Module for Web Scripting 15-SP3 (noarch): nodejs16-docs-16.17.1-150300.7.12.1 References: https://www.suse.com/security/cve/CVE-2022-32213.html https://www.suse.com/security/cve/CVE-2022-32215.html https://www.suse.com/security/cve/CVE-2022-35255.html https://www.suse.com/security/cve/CVE-2022-35256.html https://bugzilla.suse.com/1201325 https://bugzilla.suse.com/1201327 https://bugzilla.suse.com/1203831 https://bugzilla.suse.com/1203832 From sle-updates at lists.suse.com Tue Oct 18 16:23:42 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 18 Oct 2022 18:23:42 +0200 (CEST) Subject: SUSE-SU-2022:3621-1: moderate: Security update for rubygem-activesupport-5_1 Message-ID: <20221018162342.7B77FFD2F@maintenance.suse.de> SUSE Security Update: Security update for rubygem-activesupport-5_1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3621-1 Rating: moderate References: #1199060 Cross-References: CVE-2022-27777 CVSS scores: CVE-2022-27777 (NVD) : 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVE-2022-27777 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N Affected Products: SUSE Linux Enterprise High Availability 15 SUSE Linux Enterprise High Availability 15-SP1 SUSE Linux Enterprise High Availability 15-SP2 SUSE Linux Enterprise High Availability 15-SP3 SUSE Linux Enterprise High Availability 15-SP4 SUSE Linux Enterprise High Performance Computing 15 SUSE Linux Enterprise High Performance Computing 15-SP1 SUSE Linux Enterprise High Performance Computing 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Server 15 SUSE Linux Enterprise Server 15-SP1 SUSE Linux Enterprise Server 15-SP2 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15 SUSE Linux Enterprise Server for SAP Applications 15-SP1 SUSE Linux Enterprise Server for SAP Applications 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Linux Enterprise Storage 6 SUSE Linux Enterprise Storage 7 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.0 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.0 SUSE Manager Retail Branch Server 4.1 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.0 SUSE Manager Server 4.1 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for rubygem-activesupport-5_1 fixes the following issues: - CVE-2022-27777: Fixed cross-site scripting vulnerability in Action View tag helper (bsc#1199060). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3621=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-3621=1 - SUSE Linux Enterprise High Availability 15-SP4: zypper in -t patch SUSE-SLE-Product-HA-15-SP4-2022-3621=1 - SUSE Linux Enterprise High Availability 15-SP3: zypper in -t patch SUSE-SLE-Product-HA-15-SP3-2022-3621=1 - SUSE Linux Enterprise High Availability 15-SP2: zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2022-3621=1 - SUSE Linux Enterprise High Availability 15-SP1: zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2022-3621=1 - SUSE Linux Enterprise High Availability 15: zypper in -t patch SUSE-SLE-Product-HA-15-2022-3621=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): ruby2.5-rubygem-activesupport-5_1-5.1.4-150000.3.9.1 ruby2.5-rubygem-activesupport-doc-5_1-5.1.4-150000.3.9.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): ruby2.5-rubygem-activesupport-5_1-5.1.4-150000.3.9.1 ruby2.5-rubygem-activesupport-doc-5_1-5.1.4-150000.3.9.1 - SUSE Linux Enterprise High Availability 15-SP4 (aarch64 ppc64le s390x x86_64): ruby2.5-rubygem-activesupport-5_1-5.1.4-150000.3.9.1 - SUSE Linux Enterprise High Availability 15-SP3 (aarch64 ppc64le s390x x86_64): ruby2.5-rubygem-activesupport-5_1-5.1.4-150000.3.9.1 - SUSE Linux Enterprise High Availability 15-SP2 (aarch64 ppc64le s390x x86_64): ruby2.5-rubygem-activesupport-5_1-5.1.4-150000.3.9.1 - SUSE Linux Enterprise High Availability 15-SP1 (aarch64 ppc64le s390x x86_64): ruby2.5-rubygem-activesupport-5_1-5.1.4-150000.3.9.1 - SUSE Linux Enterprise High Availability 15 (aarch64 ppc64le s390x x86_64): ruby2.5-rubygem-activesupport-5_1-5.1.4-150000.3.9.1 References: https://www.suse.com/security/cve/CVE-2022-27777.html https://bugzilla.suse.com/1199060 From sle-updates at lists.suse.com Tue Oct 18 16:24:39 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 18 Oct 2022 18:24:39 +0200 (CEST) Subject: SUSE-SU-2022:3617-1: important: Security update for netty Message-ID: <20221018162439.6F578FD2F@maintenance.suse.de> SUSE Security Update: Security update for netty ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3617-1 Rating: important References: #1168932 #1182103 #1190610 #1190613 Cross-References: CVE-2020-11612 CVE-2021-21290 CVE-2021-37136 CVE-2021-37137 CVSS scores: CVE-2020-11612 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2020-11612 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2021-21290 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2021-21290 (SUSE): 2.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2021-37136 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-37136 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-37137 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-37137 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Module for SUSE Manager Server 4.2 SUSE Manager Server 4.2 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for netty fixes the following issues: - CVE-2020-11612: The ZlibDecoders allow for unbounded memory allocation while decoding a byte stream (bsc#1168932) - CVE-2021-21290: Information disclosure via the local system temporary directory (bsc#1182103) - CVE-2021-37136: Bzip2Decoder doesn't allow setting size restrictions for decompressed data (bsc#1190610) - CVE-2021-37137: Snappy frame decoder doesn't restrict the chunk length and may buffer skippable chunks (bsc#1190613) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for SUSE Manager Server 4.2: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.2-2022-3617=1 Package List: - SUSE Linux Enterprise Module for SUSE Manager Server 4.2 (noarch): netty-4.1.44.Final-150300.4.3.2 References: https://www.suse.com/security/cve/CVE-2020-11612.html https://www.suse.com/security/cve/CVE-2021-21290.html https://www.suse.com/security/cve/CVE-2021-37136.html https://www.suse.com/security/cve/CVE-2021-37137.html https://bugzilla.suse.com/1168932 https://bugzilla.suse.com/1182103 https://bugzilla.suse.com/1190610 https://bugzilla.suse.com/1190613 From sle-updates at lists.suse.com Tue Oct 18 16:25:39 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 18 Oct 2022 18:25:39 +0200 (CEST) Subject: SUSE-SU-2022:3616-1: moderate: Security update for nodejs12 Message-ID: <20221018162539.4550BFD2F@maintenance.suse.de> SUSE Security Update: Security update for nodejs12 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3616-1 Rating: moderate References: #1201325 #1203832 Cross-References: CVE-2022-32213 CVE-2022-35256 CVSS scores: CVE-2022-32213 (NVD) : 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVE-2022-32213 (SUSE): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H CVE-2022-35256 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for Web Scripting 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for nodejs12 fixes the following issues: - CVE-2022-35256: Fixed incorrect parsing of header fields (bsc#1203832). - CVE-2022-32213: Fixed bypass via obs-fold mechanic (bsc#1201325). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3616=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-3616=1 - SUSE Linux Enterprise Module for Web Scripting 15-SP3: zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP3-2022-3616=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): nodejs12-12.22.12-150200.4.38.1 nodejs12-debuginfo-12.22.12-150200.4.38.1 nodejs12-debugsource-12.22.12-150200.4.38.1 nodejs12-devel-12.22.12-150200.4.38.1 npm12-12.22.12-150200.4.38.1 - openSUSE Leap 15.4 (noarch): nodejs12-docs-12.22.12-150200.4.38.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): nodejs12-12.22.12-150200.4.38.1 nodejs12-debuginfo-12.22.12-150200.4.38.1 nodejs12-debugsource-12.22.12-150200.4.38.1 nodejs12-devel-12.22.12-150200.4.38.1 npm12-12.22.12-150200.4.38.1 - openSUSE Leap 15.3 (noarch): nodejs12-docs-12.22.12-150200.4.38.1 - SUSE Linux Enterprise Module for Web Scripting 15-SP3 (aarch64 ppc64le s390x x86_64): nodejs12-12.22.12-150200.4.38.1 nodejs12-debuginfo-12.22.12-150200.4.38.1 nodejs12-debugsource-12.22.12-150200.4.38.1 nodejs12-devel-12.22.12-150200.4.38.1 npm12-12.22.12-150200.4.38.1 - SUSE Linux Enterprise Module for Web Scripting 15-SP3 (noarch): nodejs12-docs-12.22.12-150200.4.38.1 References: https://www.suse.com/security/cve/CVE-2022-32213.html https://www.suse.com/security/cve/CVE-2022-35256.html https://bugzilla.suse.com/1201325 https://bugzilla.suse.com/1203832 From sle-updates at lists.suse.com Tue Oct 18 19:19:51 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 18 Oct 2022 21:19:51 +0200 (CEST) Subject: SUSE-SU-2022:3637-1: moderate: Security update for caasp-release, cri-o, patchinfo, release-notes-caasp, skuba Message-ID: <20221018191951.6453DFD2F@maintenance.suse.de> SUSE Security Update: Security update for caasp-release, cri-o, patchinfo, release-notes-caasp, skuba ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3637-1 Rating: moderate References: #1200285 Cross-References: CVE-2022-1708 CVSS scores: CVE-2022-1708 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-1708 (SUSE): 6.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:H Affected Products: SUSE CaaS Platform 4.0 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for caasp-release, cri-o, patchinfo, release-notes-caasp, skuba fixes the following issues: - Maintenance update to version 4.2.9 - Use golang(API) = 1.17 - Updated to cri-o v1.19.7: * includes the fix for CVE-2022-1708 (bsc#1200285) - Update to release v4.2.9 - Update to v1.4.16: * c6485e38 Prevent skuba to compile against go 1.18 * 5e128280 Update cri-o to v1.19.7 (bsc#1200285) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE CaaS Platform 4.0 (noarch): release-notes-caasp-4.2.20220921-150100.4.80.1 skuba-update-1.4.16-150100.3.65.1 - SUSE CaaS Platform 4.0 (x86_64): caasp-release-4.2.9-150100.24.52.1 cri-o-1.19.7-150100.3.50.1 cri-o-kubeadm-criconfig-1.19.7-150100.3.50.1 skuba-1.4.16-150100.3.65.1 References: https://www.suse.com/security/cve/CVE-2022-1708.html https://bugzilla.suse.com/1200285 From sle-updates at lists.suse.com Tue Oct 18 19:20:27 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 18 Oct 2022 21:20:27 +0200 (CEST) Subject: SUSE-RU-2022:3629-1: moderate: Recommended update for resource-agents Message-ID: <20221018192027.66EA6FD2F@maintenance.suse.de> SUSE Recommended Update: Recommended update for resource-agents ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:3629-1 Rating: moderate References: PED-2000 Affected Products: SUSE Linux Enterprise High Availability 15-SP1 SUSE Linux Enterprise High Performance Computing 15-SP1 SUSE Linux Enterprise Server 15-SP1 SUSE Linux Enterprise Server for SAP Applications 15-SP1 SUSE Linux Enterprise Storage 6 SUSE Manager Proxy 4.0 SUSE Manager Retail Branch Server 4.0 SUSE Manager Server 4.0 ______________________________________________________________________________ An update that has 0 recommended fixes and contains one feature can now be installed. Description: This update for resource-agents fixes the following issues: - Azure Events RA can not handle AV Zones (jsc#PED-2000) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 15-SP1: zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2022-3629=1 Package List: - SUSE Linux Enterprise High Availability 15-SP1 (aarch64 ppc64le s390x x86_64): ldirectord-4.3.0184.6ee15eb2-150100.4.72.1 resource-agents-4.3.0184.6ee15eb2-150100.4.72.1 resource-agents-debuginfo-4.3.0184.6ee15eb2-150100.4.72.1 resource-agents-debugsource-4.3.0184.6ee15eb2-150100.4.72.1 - SUSE Linux Enterprise High Availability 15-SP1 (noarch): monitoring-plugins-metadata-4.3.0184.6ee15eb2-150100.4.72.1 References: From sle-updates at lists.suse.com Tue Oct 18 19:21:04 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 18 Oct 2022 21:21:04 +0200 (CEST) Subject: SUSE-RU-2022:3633-1: moderate: Recommended update for rust Message-ID: <20221018192104.C8276FD2F@maintenance.suse.de> SUSE Recommended Update: Recommended update for rust ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:3633-1 Rating: moderate References: SLE-18626 Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Development Tools 15-SP3 SUSE Linux Enterprise Module for Development Tools 15-SP4 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has 0 recommended fixes and contains one feature can now be installed. Description: This update for rust fixes the following issues: Rust was updated to ship in version 1.64.0 in rust1.64. Version 1.64.0 (2022-09-22) =========================== Language -------- - Unions with mutable references or tuples of allowed types are now allowed - It is now considered valid to deallocate memory pointed to by a shared reference `&T` [if every byte in `T` is inside an `UnsafeCell`] - Unused tuple struct fields are now warned against in an allow-by-default lint, [`unused_tuple_struct_fields`] Compiler -------- - Add Nintendo Switch as tier 3 target - Refer to Rust's platform support page for more information on Rust's tiered platform support. - Only compile `#[used]` as llvm.compiler.used for ELF targets - Add the `--diagnostic-width` compiler flag to define the terminal width. - Add support for link-flavor `rust-lld` for iOS, tvOS and watchOS Libraries --------- - Remove restrictions on compare-exchange memory ordering. - You can now `write!` or `writeln!` into an `OsString`: [Implement `fmt::Write` for `OsString`] - Make RwLockReadGuard covariant - Implement `FusedIterator` for `std::net::[Into]Incoming` - `impl AsRawFd for {Arc,Box}` - `ptr::copy` and `ptr::swap` are doing untyped copies - Add cgroupv1 support to `available_parallelism` - Mitigate many incorrect uses of `mem::uninitialized` Stabilized APIs --------------- - future::IntoFuture - future::poll_fn - task::ready! - num::NonZero*::checked_mul - num::NonZero*::checked_pow - num::NonZero*::saturating_mul - num::NonZero*::saturating_pow - num::NonZeroI*::abs - num::NonZeroI*::checked_abs - num::NonZeroI*::overflowing_abs - num::NonZeroI*::saturating_abs - num::NonZeroI*::unsigned_abs - num::NonZeroI*::wrapping_abs - num::NonZeroU*::checked_add - num::NonZeroU*::checked_next_power_of_two - num::NonZeroU*::saturating_add - os::unix::process::CommandExt::process_group - os::windows::fs::FileTypeExt::is_symlink_dir - os::windows::fs::FileTypeExt::is_symlink_file These types were previously stable in std::ffi, but are now also available in core and alloc: - core::ffi::CStr - core::ffi::FromBytesWithNulError - alloc::ffi::CString - alloc::ffi::FromVecWithNulError - alloc::ffi::IntoStringError - alloc::ffi::NulError These types were previously stable in std::os::raw, but are now also available in core::ffi and std::ffi: - ffi::c_char - ffi::c_double - ffi::c_float - ffi::c_int - ffi::c_long - ffi::c_longlong - ffi::c_schar - ffi::c_short - ffi::c_uchar - ffi::c_uint - ffi::c_ulong - ffi::c_ulonglong - ffi::c_ushort These APIs are now usable in const contexts: - slice::from_raw_parts Cargo ----- - Packages can now inherit settings from the workspace so that the settings can be centralized in one place. - Cargo commands can now accept multiple `--target` flags to build for multiple targets at once - The --jobs argument can now take a negative number to count backwards from the max CPUs. - cargo add will now update Cargo.lock. - Added the --crate-type flag to `cargo rustc` to override the crate type. - Significantly improved the performance fetching git dependencies from GitHub when using a hash in the `rev` field. Misc ---- - The rust-analyzer rustup component is now available on the stable channel. Compatibility Notes ------------------- - The minimum required versions for all -linux-nu` targets are now at least kernel 3.2 and glibc 2.17, for targets that previously supported older versions. - Network primitives are now implemented with the ideal Rust layout, not the C system layout - Add assertion that `transmute_copy`'s `U` is not larger than `T` - A soundness bug in `BTreeMap` was fixed - The Drop behavior of C-like enums cast to ints has changed - Relate late-bound closure lifetimes to parent fn in NLL - Errors at const-eval time are now in future incompatibility reports - On the `thumbv6m-none-eabi` target, some incorrect `asm!` statements were erroneously accepted if they used the high registers (r8 to r14) as an input/output operand. This is no longer accepted. - `impl Trait` was accidentally accepted as the associated type value of return-position `impl Trait`, without fulfilling all the trait bounds of that associated type, as long as the hidden type satisfies said bounds. This has been fixed. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3633=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-3633=1 - SUSE Linux Enterprise Module for Development Tools 15-SP4: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2022-3633=1 - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2022-3633=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): cargo-1.64.0-150300.21.35.1 cargo1.64-1.64.0-150300.7.3.1 cargo1.64-debuginfo-1.64.0-150300.7.3.1 rust-1.64.0-150300.21.35.1 rust1.64-1.64.0-150300.7.3.1 rust1.64-debuginfo-1.64.0-150300.7.3.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): cargo-1.64.0-150300.21.35.1 cargo1.64-1.64.0-150300.7.3.1 cargo1.64-debuginfo-1.64.0-150300.7.3.1 rust-1.64.0-150300.21.35.1 rust1.64-1.64.0-150300.7.3.1 rust1.64-debuginfo-1.64.0-150300.7.3.1 - SUSE Linux Enterprise Module for Development Tools 15-SP4 (aarch64 ppc64le s390x x86_64): cargo-1.64.0-150300.21.35.1 cargo1.64-1.64.0-150300.7.3.1 cargo1.64-debuginfo-1.64.0-150300.7.3.1 rust-1.64.0-150300.21.35.1 rust1.64-1.64.0-150300.7.3.1 rust1.64-debuginfo-1.64.0-150300.7.3.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le s390x x86_64): cargo-1.64.0-150300.21.35.1 cargo1.64-1.64.0-150300.7.3.1 cargo1.64-debuginfo-1.64.0-150300.7.3.1 rust-1.64.0-150300.21.35.1 rust1.64-1.64.0-150300.7.3.1 rust1.64-debuginfo-1.64.0-150300.7.3.1 References: From sle-updates at lists.suse.com Tue Oct 18 19:21:44 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 18 Oct 2022 21:21:44 +0200 (CEST) Subject: SUSE-SU-2022:3635-1: important: Security update for python-waitress Message-ID: <20221018192144.CE02EFD2F@maintenance.suse.de> SUSE Security Update: Security update for python-waitress ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3635-1 Rating: important References: #1197255 Cross-References: CVE-2022-24761 CVSS scores: CVE-2022-24761 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVE-2022-24761 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Affected Products: HPE Helion Openstack 8 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud Crowbar 8 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python-waitress fixes the following issues: - CVE-2022-24761: Fixed a bug to avoid inconsistent interpretation of HTTP requests leading to request smuggling. (bsc#1197255) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2022-3635=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2022-3635=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2022-3635=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (noarch): python-waitress-1.4.3-3.6.1 - SUSE OpenStack Cloud 8 (noarch): python-waitress-1.4.3-3.6.1 - HPE Helion Openstack 8 (noarch): python-waitress-1.4.3-3.6.1 References: https://www.suse.com/security/cve/CVE-2022-24761.html https://bugzilla.suse.com/1197255 From sle-updates at lists.suse.com Tue Oct 18 19:22:28 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 18 Oct 2022 21:22:28 +0200 (CEST) Subject: SUSE-RU-2022:3630-1: moderate: Recommended update for resource-agents Message-ID: <20221018192228.7439BFD2F@maintenance.suse.de> SUSE Recommended Update: Recommended update for resource-agents ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:3630-1 Rating: moderate References: PED-2000 Affected Products: SUSE Linux Enterprise High Availability 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP2 SUSE Linux Enterprise Server 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP2 SUSE Linux Enterprise Storage 7 SUSE Manager Proxy 4.1 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1 ______________________________________________________________________________ An update that has 0 recommended fixes and contains one feature can now be installed. Description: This update for resource-agents fixes the following issues: - Azure Events RA can not handle AV Zones (jsc#PED-2000) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 15-SP2: zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2022-3630=1 Package List: - SUSE Linux Enterprise High Availability 15-SP2 (aarch64 ppc64le s390x x86_64): ldirectord-4.4.0+git57.70549516-150200.3.56.1 resource-agents-4.4.0+git57.70549516-150200.3.56.1 resource-agents-debuginfo-4.4.0+git57.70549516-150200.3.56.1 resource-agents-debugsource-4.4.0+git57.70549516-150200.3.56.1 - SUSE Linux Enterprise High Availability 15-SP2 (noarch): monitoring-plugins-metadata-4.4.0+git57.70549516-150200.3.56.1 References: From sle-updates at lists.suse.com Tue Oct 18 19:23:08 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 18 Oct 2022 21:23:08 +0200 (CEST) Subject: SUSE-SU-2022:3628-1: important: Security update for the Linux Kernel (Live Patch 1 for SLE 15 SP4) Message-ID: <20221018192308.C90F6FD2F@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 1 for SLE 15 SP4) ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3628-1 Rating: important References: #1203067 #1203994 #1204290 #1204291 #1204292 Cross-References: CVE-2022-39189 CVE-2022-41674 CVE-2022-42719 CVE-2022-42720 CVE-2022-42721 CVSS scores: CVE-2022-39189 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-39189 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-41674 (NVD) : 8.1 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H CVE-2022-41674 (SUSE): 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-42719 (NVD) : 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-42719 (SUSE): 7.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-42720 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-42720 (SUSE): 7.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-42721 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-42721 (SUSE): 7.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Live Patching 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update for the Linux Kernel 5.14.21-150400_24_11 fixes several issues. The following security issues were fixed: - CVE-2022-41674: Fixed buffer overflow that can be triggered by injected WLAN frames (bsc#1203994). - CVE-2022-42719: Fixed use-after-free in the mac80211 stack when parsing a multi-BSSID element (bsc#1204292). - CVE-2022-42720: Fixed refcounting bugs in the multi-BSS handling of the mac80211 stack (bsc#1204291). - CVE-2022-42721: Fixed list management bug in BSS handling of the mac80211 stack (bsc#1204290). - CVE-2022-39189: Fixed mishandled TLB flush operation in certain KVM_VCPU_PREEMPTED situations (bsc#1203067). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15-SP4: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2022-3628=1 SUSE-SLE-Module-Live-Patching-15-SP4-2022-3632=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15-SP4 (ppc64le s390x x86_64): kernel-livepatch-5_14_21-150400_22-default-7-150400.4.18.3 kernel-livepatch-5_14_21-150400_22-default-debuginfo-7-150400.4.18.3 kernel-livepatch-5_14_21-150400_24_11-default-4-150400.2.1 kernel-livepatch-5_14_21-150400_24_11-default-debuginfo-4-150400.2.1 kernel-livepatch-SLE15-SP4_Update_0-debugsource-7-150400.4.18.3 kernel-livepatch-SLE15-SP4_Update_1-debugsource-4-150400.2.1 References: https://www.suse.com/security/cve/CVE-2022-39189.html https://www.suse.com/security/cve/CVE-2022-41674.html https://www.suse.com/security/cve/CVE-2022-42719.html https://www.suse.com/security/cve/CVE-2022-42720.html https://www.suse.com/security/cve/CVE-2022-42721.html https://bugzilla.suse.com/1203067 https://bugzilla.suse.com/1203994 https://bugzilla.suse.com/1204290 https://bugzilla.suse.com/1204291 https://bugzilla.suse.com/1204292 From sle-updates at lists.suse.com Wed Oct 19 01:22:42 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 19 Oct 2022 03:22:42 +0200 (CEST) Subject: SUSE-SU-2022:3648-1: important: Security update for the Linux Kernel (Live Patch 29 for SLE 15 SP2) Message-ID: <20221019012242.8E493FBAE@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 29 for SLE 15 SP2) ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3648-1 Rating: important References: #1203067 #1203624 #1203994 #1204290 #1204291 #1204292 Cross-References: CVE-2022-39189 CVE-2022-41222 CVE-2022-41674 CVE-2022-42719 CVE-2022-42720 CVE-2022-42721 CVSS scores: CVE-2022-39189 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-39189 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-41222 (NVD) : 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-41222 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-41674 (NVD) : 8.1 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H CVE-2022-41674 (SUSE): 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-42719 (NVD) : 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-42719 (SUSE): 7.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-42720 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-42720 (SUSE): 7.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-42721 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-42721 (SUSE): 7.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Module for Live Patching 15-SP2 SUSE Linux Enterprise Module for Live Patching 15-SP3 SUSE Linux Enterprise Server 15-SP2 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 ______________________________________________________________________________ An update that fixes 6 vulnerabilities is now available. Description: This update for the Linux Kernel 5.3.18-150200_24_126 fixes several issues. The following security issues were fixed: - CVE-2022-41674: Fixed buffer overflow that can be triggered by injected WLAN frames (bsc#1203994). - CVE-2022-42719: Fixed use-after-free in the mac80211 stack when parsing a multi-BSSID element (bsc#1204292). - CVE-2022-42720: Fixed refcounting bugs in the multi-BSS handling of the mac80211 stack (bsc#1204291). - CVE-2022-42721: Fixed list management bug in BSS handling of the mac80211 stack (bsc#1204290). - CVE-2022-41222: Fixed a use-after-free via a stale TLB (bsc#1203624). - CVE-2022-39189: Fixed mishandled TLB flush operation in certain KVM_VCPU_PREEMPTED situations (bsc#1203067). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15-SP3: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2022-3631=1 SUSE-SLE-Module-Live-Patching-15-SP3-2022-3634=1 SUSE-SLE-Module-Live-Patching-15-SP3-2022-3636=1 SUSE-SLE-Module-Live-Patching-15-SP3-2022-3638=1 SUSE-SLE-Module-Live-Patching-15-SP3-2022-3639=1 SUSE-SLE-Module-Live-Patching-15-SP3-2022-3640=1 SUSE-SLE-Module-Live-Patching-15-SP3-2022-3641=1 SUSE-SLE-Module-Live-Patching-15-SP3-2022-3642=1 SUSE-SLE-Module-Live-Patching-15-SP3-2022-3643=1 SUSE-SLE-Module-Live-Patching-15-SP3-2022-3645=1 SUSE-SLE-Module-Live-Patching-15-SP3-2022-3646=1 SUSE-SLE-Module-Live-Patching-15-SP3-2022-3647=1 SUSE-SLE-Module-Live-Patching-15-SP3-2022-3648=1 SUSE-SLE-Module-Live-Patching-15-SP3-2022-3649=1 - SUSE Linux Enterprise Module for Live Patching 15-SP2: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2022-3618=1 SUSE-SLE-Module-Live-Patching-15-SP2-2022-3620=1 SUSE-SLE-Module-Live-Patching-15-SP2-2022-3622=1 SUSE-SLE-Module-Live-Patching-15-SP2-2022-3623=1 SUSE-SLE-Module-Live-Patching-15-SP2-2022-3624=1 SUSE-SLE-Module-Live-Patching-15-SP2-2022-3625=1 SUSE-SLE-Module-Live-Patching-15-SP2-2022-3626=1 SUSE-SLE-Module-Live-Patching-15-SP2-2022-3627=1 SUSE-SLE-Module-Live-Patching-15-SP2-2022-3644=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15-SP3 (ppc64le s390x x86_64): kernel-livepatch-5_3_18-150300_59_43-default-15-150300.2.2 kernel-livepatch-5_3_18-150300_59_43-default-debuginfo-15-150300.2.2 kernel-livepatch-5_3_18-150300_59_46-default-15-150300.2.2 kernel-livepatch-5_3_18-150300_59_46-default-debuginfo-15-150300.2.2 kernel-livepatch-5_3_18-150300_59_49-default-14-150300.2.2 kernel-livepatch-5_3_18-150300_59_60-default-12-150300.2.2 kernel-livepatch-5_3_18-150300_59_63-default-9-150300.2.2 kernel-livepatch-5_3_18-150300_59_68-default-8-150300.2.2 kernel-livepatch-5_3_18-150300_59_71-default-7-150300.2.1 kernel-livepatch-5_3_18-150300_59_76-default-6-150300.2.1 kernel-livepatch-5_3_18-150300_59_87-default-5-150300.2.1 kernel-livepatch-5_3_18-150300_59_90-default-4-150300.2.1 kernel-livepatch-5_3_18-59_27-default-18-150300.2.2 kernel-livepatch-5_3_18-59_27-default-debuginfo-18-150300.2.2 kernel-livepatch-5_3_18-59_34-default-17-150300.2.2 kernel-livepatch-5_3_18-59_34-default-debuginfo-17-150300.2.2 kernel-livepatch-5_3_18-59_37-default-16-150300.2.2 kernel-livepatch-5_3_18-59_37-default-debuginfo-16-150300.2.2 kernel-livepatch-5_3_18-59_40-default-16-150300.2.2 kernel-livepatch-SLE15-SP3_Update_10-debugsource-16-150300.2.2 kernel-livepatch-SLE15-SP3_Update_7-debugsource-18-150300.2.2 kernel-livepatch-SLE15-SP3_Update_9-debugsource-17-150300.2.2 - SUSE Linux Enterprise Module for Live Patching 15-SP3 (ppc64le x86_64): kernel-livepatch-5_3_18-59_40-default-debuginfo-16-150300.2.2 - SUSE Linux Enterprise Module for Live Patching 15-SP2 (ppc64le s390x x86_64): kernel-livepatch-5_3_18-150200_24_112-default-9-150200.2.2 kernel-livepatch-5_3_18-150200_24_112-default-debuginfo-9-150200.2.2 kernel-livepatch-5_3_18-150200_24_115-default-7-150200.2.1 kernel-livepatch-5_3_18-150200_24_115-default-debuginfo-7-150200.2.1 kernel-livepatch-5_3_18-150200_24_126-default-4-150200.2.1 kernel-livepatch-5_3_18-150200_24_126-default-debuginfo-4-150200.2.1 kernel-livepatch-5_3_18-24_102-default-14-150200.2.2 kernel-livepatch-5_3_18-24_102-default-debuginfo-14-150200.2.2 kernel-livepatch-5_3_18-24_107-default-13-150200.2.2 kernel-livepatch-5_3_18-24_107-default-debuginfo-13-150200.2.2 kernel-livepatch-5_3_18-24_86-default-18-150200.2.2 kernel-livepatch-5_3_18-24_86-default-debuginfo-18-150200.2.2 kernel-livepatch-5_3_18-24_93-default-17-150200.2.2 kernel-livepatch-5_3_18-24_93-default-debuginfo-17-150200.2.2 kernel-livepatch-5_3_18-24_96-default-16-150200.2.2 kernel-livepatch-5_3_18-24_96-default-debuginfo-16-150200.2.2 kernel-livepatch-5_3_18-24_99-default-15-150200.2.2 kernel-livepatch-5_3_18-24_99-default-debuginfo-15-150200.2.2 kernel-livepatch-SLE15-SP2_Update_20-debugsource-18-150200.2.2 kernel-livepatch-SLE15-SP2_Update_21-debugsource-17-150200.2.2 kernel-livepatch-SLE15-SP2_Update_22-debugsource-16-150200.2.2 kernel-livepatch-SLE15-SP2_Update_23-debugsource-15-150200.2.2 kernel-livepatch-SLE15-SP2_Update_24-debugsource-14-150200.2.2 kernel-livepatch-SLE15-SP2_Update_26-debugsource-9-150200.2.2 kernel-livepatch-SLE15-SP2_Update_27-debugsource-7-150200.2.1 kernel-livepatch-SLE15-SP2_Update_29-debugsource-4-150200.2.1 - SUSE Linux Enterprise Module for Live Patching 15-SP2 (ppc64le x86_64): kernel-livepatch-SLE15-SP2_Update_25-debugsource-13-150200.2.2 References: https://www.suse.com/security/cve/CVE-2022-39189.html https://www.suse.com/security/cve/CVE-2022-41222.html https://www.suse.com/security/cve/CVE-2022-41674.html https://www.suse.com/security/cve/CVE-2022-42719.html https://www.suse.com/security/cve/CVE-2022-42720.html https://www.suse.com/security/cve/CVE-2022-42721.html https://bugzilla.suse.com/1203067 https://bugzilla.suse.com/1203624 https://bugzilla.suse.com/1203994 https://bugzilla.suse.com/1204290 https://bugzilla.suse.com/1204291 https://bugzilla.suse.com/1204292 From sle-updates at lists.suse.com Wed Oct 19 01:24:55 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 19 Oct 2022 03:24:55 +0200 (CEST) Subject: SUSE-SU-2022:3650-1: important: Security update for libreoffice Message-ID: <20221019012455.75586FBAE@maintenance.suse.de> SUSE Security Update: Security update for libreoffice ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3650-1 Rating: important References: #1201868 #1201872 #1203209 SLE-23447 Cross-References: CVE-2022-26305 CVE-2022-26307 CVE-2022-3140 CVSS scores: CVE-2022-26305 (NVD) : 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-26305 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-26307 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-26307 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N CVE-2022-3140 (NVD) : 6.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Linux Enterprise Storage 7.1 SUSE Linux Enterprise Workstation Extension 15-SP3 SUSE Linux Enterprise Workstation Extension 15-SP4 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes three vulnerabilities, contains one feature is now available. Description: This update for libreoffice fixes the following issues: Updated to version 7.3.6.2 (jsc#SLE-23447): - CVE-2022-3140: Fixed macro URL arbitrary script execution (bsc#1203209). - CVE-2022-26305: Fixed execution of untrusted Macros due to improper certificate validation (bsc#1201868). - CVE-2022-26307: Fixed weak Master Keys in password storage (bsc#1201872). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3650=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-3650=1 - SUSE Linux Enterprise Workstation Extension 15-SP4: zypper in -t patch SUSE-SLE-Product-WE-15-SP4-2022-3650=1 - SUSE Linux Enterprise Workstation Extension 15-SP3: zypper in -t patch SUSE-SLE-Product-WE-15-SP3-2022-3650=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2022-3650=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2022-3650=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le x86_64): libreoffice-7.3.6.2-150300.14.22.24.2 libreoffice-base-7.3.6.2-150300.14.22.24.2 libreoffice-base-debuginfo-7.3.6.2-150300.14.22.24.2 libreoffice-base-drivers-postgresql-7.3.6.2-150300.14.22.24.2 libreoffice-base-drivers-postgresql-debuginfo-7.3.6.2-150300.14.22.24.2 libreoffice-calc-7.3.6.2-150300.14.22.24.2 libreoffice-calc-debuginfo-7.3.6.2-150300.14.22.24.2 libreoffice-calc-extensions-7.3.6.2-150300.14.22.24.2 libreoffice-debuginfo-7.3.6.2-150300.14.22.24.2 libreoffice-debugsource-7.3.6.2-150300.14.22.24.2 libreoffice-draw-7.3.6.2-150300.14.22.24.2 libreoffice-draw-debuginfo-7.3.6.2-150300.14.22.24.2 libreoffice-filters-optional-7.3.6.2-150300.14.22.24.2 libreoffice-gnome-7.3.6.2-150300.14.22.24.2 libreoffice-gnome-debuginfo-7.3.6.2-150300.14.22.24.2 libreoffice-gtk3-7.3.6.2-150300.14.22.24.2 libreoffice-gtk3-debuginfo-7.3.6.2-150300.14.22.24.2 libreoffice-impress-7.3.6.2-150300.14.22.24.2 libreoffice-impress-debuginfo-7.3.6.2-150300.14.22.24.2 libreoffice-librelogo-7.3.6.2-150300.14.22.24.2 libreoffice-mailmerge-7.3.6.2-150300.14.22.24.2 libreoffice-math-7.3.6.2-150300.14.22.24.2 libreoffice-math-debuginfo-7.3.6.2-150300.14.22.24.2 libreoffice-officebean-7.3.6.2-150300.14.22.24.2 libreoffice-officebean-debuginfo-7.3.6.2-150300.14.22.24.2 libreoffice-pyuno-7.3.6.2-150300.14.22.24.2 libreoffice-pyuno-debuginfo-7.3.6.2-150300.14.22.24.2 libreoffice-qt5-7.3.6.2-150300.14.22.24.2 libreoffice-qt5-debuginfo-7.3.6.2-150300.14.22.24.2 libreoffice-sdk-7.3.6.2-150300.14.22.24.2 libreoffice-sdk-debuginfo-7.3.6.2-150300.14.22.24.2 libreoffice-sdk-doc-7.3.6.2-150300.14.22.24.2 libreoffice-writer-7.3.6.2-150300.14.22.24.2 libreoffice-writer-debuginfo-7.3.6.2-150300.14.22.24.2 libreoffice-writer-extensions-7.3.6.2-150300.14.22.24.2 libreofficekit-7.3.6.2-150300.14.22.24.2 libreofficekit-devel-7.3.6.2-150300.14.22.24.2 - openSUSE Leap 15.4 (noarch): libreoffice-branding-upstream-7.3.6.2-150300.14.22.24.2 libreoffice-gdb-pretty-printers-7.3.6.2-150300.14.22.24.2 libreoffice-glade-7.3.6.2-150300.14.22.24.2 libreoffice-icon-themes-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-af-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-am-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-ar-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-as-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-ast-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-be-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-bg-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-bn-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-bn_IN-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-bo-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-br-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-brx-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-bs-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-ca-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-ca_valencia-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-ckb-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-cs-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-cy-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-da-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-de-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-dgo-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-dsb-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-dz-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-el-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-en-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-en_GB-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-en_ZA-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-eo-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-es-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-et-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-eu-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-fa-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-fi-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-fr-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-fur-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-fy-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-ga-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-gd-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-gl-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-gu-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-gug-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-he-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-hi-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-hr-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-hsb-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-hu-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-id-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-is-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-it-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-ja-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-ka-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-kab-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-kk-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-km-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-kmr_Latn-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-kn-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-ko-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-kok-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-ks-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-lb-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-lo-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-lt-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-lv-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-mai-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-mk-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-ml-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-mn-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-mni-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-mr-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-my-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-nb-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-ne-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-nl-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-nn-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-nr-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-nso-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-oc-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-om-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-or-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-pa-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-pl-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-pt_BR-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-pt_PT-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-ro-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-ru-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-rw-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-sa_IN-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-sat-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-sd-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-si-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-sid-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-sk-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-sl-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-sq-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-sr-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-ss-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-st-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-sv-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-sw_TZ-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-szl-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-ta-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-te-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-tg-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-th-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-tn-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-tr-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-ts-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-tt-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-ug-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-uk-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-uz-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-ve-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-vec-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-vi-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-xh-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-zh_CN-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-zh_TW-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-zu-7.3.6.2-150300.14.22.24.2 - openSUSE Leap 15.3 (aarch64 ppc64le x86_64): libreoffice-7.3.6.2-150300.14.22.24.2 libreoffice-base-7.3.6.2-150300.14.22.24.2 libreoffice-base-debuginfo-7.3.6.2-150300.14.22.24.2 libreoffice-base-drivers-postgresql-7.3.6.2-150300.14.22.24.2 libreoffice-base-drivers-postgresql-debuginfo-7.3.6.2-150300.14.22.24.2 libreoffice-calc-7.3.6.2-150300.14.22.24.2 libreoffice-calc-debuginfo-7.3.6.2-150300.14.22.24.2 libreoffice-calc-extensions-7.3.6.2-150300.14.22.24.2 libreoffice-debuginfo-7.3.6.2-150300.14.22.24.2 libreoffice-debugsource-7.3.6.2-150300.14.22.24.2 libreoffice-draw-7.3.6.2-150300.14.22.24.2 libreoffice-draw-debuginfo-7.3.6.2-150300.14.22.24.2 libreoffice-filters-optional-7.3.6.2-150300.14.22.24.2 libreoffice-gnome-7.3.6.2-150300.14.22.24.2 libreoffice-gnome-debuginfo-7.3.6.2-150300.14.22.24.2 libreoffice-gtk3-7.3.6.2-150300.14.22.24.2 libreoffice-gtk3-debuginfo-7.3.6.2-150300.14.22.24.2 libreoffice-impress-7.3.6.2-150300.14.22.24.2 libreoffice-impress-debuginfo-7.3.6.2-150300.14.22.24.2 libreoffice-librelogo-7.3.6.2-150300.14.22.24.2 libreoffice-mailmerge-7.3.6.2-150300.14.22.24.2 libreoffice-math-7.3.6.2-150300.14.22.24.2 libreoffice-math-debuginfo-7.3.6.2-150300.14.22.24.2 libreoffice-officebean-7.3.6.2-150300.14.22.24.2 libreoffice-officebean-debuginfo-7.3.6.2-150300.14.22.24.2 libreoffice-pyuno-7.3.6.2-150300.14.22.24.2 libreoffice-pyuno-debuginfo-7.3.6.2-150300.14.22.24.2 libreoffice-qt5-7.3.6.2-150300.14.22.24.2 libreoffice-qt5-debuginfo-7.3.6.2-150300.14.22.24.2 libreoffice-sdk-7.3.6.2-150300.14.22.24.2 libreoffice-sdk-debuginfo-7.3.6.2-150300.14.22.24.2 libreoffice-sdk-doc-7.3.6.2-150300.14.22.24.2 libreoffice-writer-7.3.6.2-150300.14.22.24.2 libreoffice-writer-debuginfo-7.3.6.2-150300.14.22.24.2 libreoffice-writer-extensions-7.3.6.2-150300.14.22.24.2 libreofficekit-7.3.6.2-150300.14.22.24.2 libreofficekit-devel-7.3.6.2-150300.14.22.24.2 - openSUSE Leap 15.3 (noarch): libreoffice-branding-upstream-7.3.6.2-150300.14.22.24.2 libreoffice-gdb-pretty-printers-7.3.6.2-150300.14.22.24.2 libreoffice-glade-7.3.6.2-150300.14.22.24.2 libreoffice-icon-themes-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-af-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-am-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-ar-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-as-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-ast-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-be-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-bg-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-bn-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-bn_IN-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-bo-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-br-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-brx-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-bs-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-ca-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-ca_valencia-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-ckb-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-cs-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-cy-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-da-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-de-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-dgo-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-dsb-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-dz-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-el-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-en-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-en_GB-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-en_ZA-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-eo-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-es-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-et-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-eu-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-fa-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-fi-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-fr-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-fur-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-fy-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-ga-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-gd-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-gl-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-gu-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-gug-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-he-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-hi-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-hr-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-hsb-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-hu-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-id-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-is-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-it-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-ja-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-ka-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-kab-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-kk-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-km-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-kmr_Latn-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-kn-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-ko-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-kok-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-ks-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-lb-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-lo-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-lt-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-lv-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-mai-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-mk-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-ml-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-mn-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-mni-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-mr-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-my-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-nb-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-ne-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-nl-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-nn-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-nr-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-nso-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-oc-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-om-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-or-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-pa-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-pl-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-pt_BR-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-pt_PT-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-ro-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-ru-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-rw-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-sa_IN-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-sat-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-sd-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-si-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-sid-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-sk-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-sl-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-sq-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-sr-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-ss-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-st-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-sv-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-sw_TZ-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-szl-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-ta-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-te-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-tg-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-th-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-tn-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-tr-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-ts-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-tt-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-ug-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-uk-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-uz-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-ve-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-vec-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-vi-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-xh-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-zh_CN-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-zh_TW-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-zu-7.3.6.2-150300.14.22.24.2 - SUSE Linux Enterprise Workstation Extension 15-SP4 (noarch): libreoffice-branding-upstream-7.3.6.2-150300.14.22.24.2 libreoffice-icon-themes-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-af-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-ar-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-as-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-bg-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-bn-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-br-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-ca-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-ckb-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-cs-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-cy-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-da-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-de-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-dz-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-el-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-en-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-eo-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-es-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-et-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-eu-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-fa-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-fi-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-fr-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-fur-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-ga-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-gl-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-gu-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-he-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-hi-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-hr-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-hu-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-it-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-ja-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-kk-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-kn-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-ko-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-lt-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-lv-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-mai-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-ml-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-mr-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-nb-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-nl-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-nn-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-nr-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-nso-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-or-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-pa-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-pl-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-pt_BR-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-pt_PT-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-ro-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-ru-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-si-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-sk-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-sl-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-sr-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-ss-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-st-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-sv-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-ta-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-te-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-th-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-tn-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-tr-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-ts-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-uk-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-ve-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-xh-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-zh_CN-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-zh_TW-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-zu-7.3.6.2-150300.14.22.24.2 - SUSE Linux Enterprise Workstation Extension 15-SP4 (x86_64): libreoffice-7.3.6.2-150300.14.22.24.2 libreoffice-base-7.3.6.2-150300.14.22.24.2 libreoffice-base-debuginfo-7.3.6.2-150300.14.22.24.2 libreoffice-base-drivers-postgresql-7.3.6.2-150300.14.22.24.2 libreoffice-base-drivers-postgresql-debuginfo-7.3.6.2-150300.14.22.24.2 libreoffice-calc-7.3.6.2-150300.14.22.24.2 libreoffice-calc-debuginfo-7.3.6.2-150300.14.22.24.2 libreoffice-calc-extensions-7.3.6.2-150300.14.22.24.2 libreoffice-debuginfo-7.3.6.2-150300.14.22.24.2 libreoffice-debugsource-7.3.6.2-150300.14.22.24.2 libreoffice-draw-7.3.6.2-150300.14.22.24.2 libreoffice-draw-debuginfo-7.3.6.2-150300.14.22.24.2 libreoffice-filters-optional-7.3.6.2-150300.14.22.24.2 libreoffice-gnome-7.3.6.2-150300.14.22.24.2 libreoffice-gnome-debuginfo-7.3.6.2-150300.14.22.24.2 libreoffice-gtk3-7.3.6.2-150300.14.22.24.2 libreoffice-gtk3-debuginfo-7.3.6.2-150300.14.22.24.2 libreoffice-impress-7.3.6.2-150300.14.22.24.2 libreoffice-impress-debuginfo-7.3.6.2-150300.14.22.24.2 libreoffice-mailmerge-7.3.6.2-150300.14.22.24.2 libreoffice-math-7.3.6.2-150300.14.22.24.2 libreoffice-math-debuginfo-7.3.6.2-150300.14.22.24.2 libreoffice-officebean-7.3.6.2-150300.14.22.24.2 libreoffice-officebean-debuginfo-7.3.6.2-150300.14.22.24.2 libreoffice-pyuno-7.3.6.2-150300.14.22.24.2 libreoffice-pyuno-debuginfo-7.3.6.2-150300.14.22.24.2 libreoffice-writer-7.3.6.2-150300.14.22.24.2 libreoffice-writer-debuginfo-7.3.6.2-150300.14.22.24.2 libreoffice-writer-extensions-7.3.6.2-150300.14.22.24.2 libreofficekit-7.3.6.2-150300.14.22.24.2 - SUSE Linux Enterprise Workstation Extension 15-SP3 (x86_64): libreoffice-7.3.6.2-150300.14.22.24.2 libreoffice-base-7.3.6.2-150300.14.22.24.2 libreoffice-base-debuginfo-7.3.6.2-150300.14.22.24.2 libreoffice-base-drivers-postgresql-7.3.6.2-150300.14.22.24.2 libreoffice-base-drivers-postgresql-debuginfo-7.3.6.2-150300.14.22.24.2 libreoffice-calc-7.3.6.2-150300.14.22.24.2 libreoffice-calc-debuginfo-7.3.6.2-150300.14.22.24.2 libreoffice-calc-extensions-7.3.6.2-150300.14.22.24.2 libreoffice-debuginfo-7.3.6.2-150300.14.22.24.2 libreoffice-debugsource-7.3.6.2-150300.14.22.24.2 libreoffice-draw-7.3.6.2-150300.14.22.24.2 libreoffice-draw-debuginfo-7.3.6.2-150300.14.22.24.2 libreoffice-filters-optional-7.3.6.2-150300.14.22.24.2 libreoffice-gnome-7.3.6.2-150300.14.22.24.2 libreoffice-gnome-debuginfo-7.3.6.2-150300.14.22.24.2 libreoffice-gtk3-7.3.6.2-150300.14.22.24.2 libreoffice-gtk3-debuginfo-7.3.6.2-150300.14.22.24.2 libreoffice-impress-7.3.6.2-150300.14.22.24.2 libreoffice-impress-debuginfo-7.3.6.2-150300.14.22.24.2 libreoffice-mailmerge-7.3.6.2-150300.14.22.24.2 libreoffice-math-7.3.6.2-150300.14.22.24.2 libreoffice-math-debuginfo-7.3.6.2-150300.14.22.24.2 libreoffice-officebean-7.3.6.2-150300.14.22.24.2 libreoffice-officebean-debuginfo-7.3.6.2-150300.14.22.24.2 libreoffice-pyuno-7.3.6.2-150300.14.22.24.2 libreoffice-pyuno-debuginfo-7.3.6.2-150300.14.22.24.2 libreoffice-writer-7.3.6.2-150300.14.22.24.2 libreoffice-writer-debuginfo-7.3.6.2-150300.14.22.24.2 libreoffice-writer-extensions-7.3.6.2-150300.14.22.24.2 libreofficekit-7.3.6.2-150300.14.22.24.2 - SUSE Linux Enterprise Workstation Extension 15-SP3 (noarch): libreoffice-branding-upstream-7.3.6.2-150300.14.22.24.2 libreoffice-icon-themes-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-af-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-ar-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-as-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-bg-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-bn-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-br-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-ca-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-ckb-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-cs-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-cy-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-da-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-de-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-dz-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-el-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-en-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-eo-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-es-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-et-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-eu-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-fa-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-fi-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-fr-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-fur-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-ga-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-gl-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-gu-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-he-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-hi-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-hr-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-hu-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-it-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-ja-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-kk-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-kn-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-ko-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-lt-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-lv-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-mai-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-ml-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-mr-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-nb-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-nl-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-nn-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-nr-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-nso-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-or-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-pa-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-pl-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-pt_BR-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-pt_PT-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-ro-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-ru-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-si-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-sk-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-sl-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-sr-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-ss-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-st-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-sv-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-ta-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-te-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-th-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-tn-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-tr-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-ts-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-uk-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-ve-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-xh-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-zh_CN-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-zh_TW-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-zu-7.3.6.2-150300.14.22.24.2 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 (aarch64 ppc64le): libreoffice-7.3.6.2-150300.14.22.24.2 libreoffice-base-7.3.6.2-150300.14.22.24.2 libreoffice-base-debuginfo-7.3.6.2-150300.14.22.24.2 libreoffice-base-drivers-postgresql-7.3.6.2-150300.14.22.24.2 libreoffice-base-drivers-postgresql-debuginfo-7.3.6.2-150300.14.22.24.2 libreoffice-calc-7.3.6.2-150300.14.22.24.2 libreoffice-calc-debuginfo-7.3.6.2-150300.14.22.24.2 libreoffice-calc-extensions-7.3.6.2-150300.14.22.24.2 libreoffice-debuginfo-7.3.6.2-150300.14.22.24.2 libreoffice-debugsource-7.3.6.2-150300.14.22.24.2 libreoffice-draw-7.3.6.2-150300.14.22.24.2 libreoffice-draw-debuginfo-7.3.6.2-150300.14.22.24.2 libreoffice-filters-optional-7.3.6.2-150300.14.22.24.2 libreoffice-gnome-7.3.6.2-150300.14.22.24.2 libreoffice-gnome-debuginfo-7.3.6.2-150300.14.22.24.2 libreoffice-gtk3-7.3.6.2-150300.14.22.24.2 libreoffice-gtk3-debuginfo-7.3.6.2-150300.14.22.24.2 libreoffice-impress-7.3.6.2-150300.14.22.24.2 libreoffice-impress-debuginfo-7.3.6.2-150300.14.22.24.2 libreoffice-librelogo-7.3.6.2-150300.14.22.24.2 libreoffice-mailmerge-7.3.6.2-150300.14.22.24.2 libreoffice-math-7.3.6.2-150300.14.22.24.2 libreoffice-math-debuginfo-7.3.6.2-150300.14.22.24.2 libreoffice-officebean-7.3.6.2-150300.14.22.24.2 libreoffice-officebean-debuginfo-7.3.6.2-150300.14.22.24.2 libreoffice-pyuno-7.3.6.2-150300.14.22.24.2 libreoffice-pyuno-debuginfo-7.3.6.2-150300.14.22.24.2 libreoffice-qt5-7.3.6.2-150300.14.22.24.2 libreoffice-qt5-debuginfo-7.3.6.2-150300.14.22.24.2 libreoffice-sdk-7.3.6.2-150300.14.22.24.2 libreoffice-sdk-debuginfo-7.3.6.2-150300.14.22.24.2 libreoffice-sdk-doc-7.3.6.2-150300.14.22.24.2 libreoffice-writer-7.3.6.2-150300.14.22.24.2 libreoffice-writer-debuginfo-7.3.6.2-150300.14.22.24.2 libreoffice-writer-extensions-7.3.6.2-150300.14.22.24.2 libreofficekit-7.3.6.2-150300.14.22.24.2 libreofficekit-devel-7.3.6.2-150300.14.22.24.2 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 (noarch): libreoffice-branding-upstream-7.3.6.2-150300.14.22.24.2 libreoffice-gdb-pretty-printers-7.3.6.2-150300.14.22.24.2 libreoffice-glade-7.3.6.2-150300.14.22.24.2 libreoffice-icon-themes-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-af-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-am-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-ar-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-as-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-ast-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-be-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-bg-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-bn-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-bn_IN-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-bo-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-br-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-brx-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-bs-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-ca-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-ca_valencia-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-ckb-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-cs-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-cy-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-da-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-de-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-dgo-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-dsb-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-dz-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-el-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-en-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-en_GB-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-en_ZA-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-eo-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-es-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-et-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-eu-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-fa-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-fi-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-fr-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-fur-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-fy-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-ga-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-gd-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-gl-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-gu-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-gug-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-he-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-hi-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-hr-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-hsb-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-hu-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-id-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-is-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-it-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-ja-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-ka-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-kab-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-kk-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-km-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-kmr_Latn-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-kn-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-ko-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-kok-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-ks-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-lb-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-lo-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-lt-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-lv-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-mai-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-mk-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-ml-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-mn-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-mni-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-mr-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-my-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-nb-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-ne-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-nl-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-nn-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-nr-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-nso-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-oc-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-om-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-or-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-pa-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-pl-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-pt_BR-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-pt_PT-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-ro-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-ru-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-rw-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-sa_IN-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-sat-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-sd-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-si-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-sid-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-sk-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-sl-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-sq-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-sr-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-ss-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-st-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-sv-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-sw_TZ-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-szl-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-ta-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-te-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-tg-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-th-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-tn-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-tr-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-ts-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-tt-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-ug-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-uk-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-uz-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-ve-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-vec-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-vi-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-xh-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-zh_CN-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-zh_TW-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-zu-7.3.6.2-150300.14.22.24.2 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (aarch64 ppc64le): libreoffice-7.3.6.2-150300.14.22.24.2 libreoffice-base-7.3.6.2-150300.14.22.24.2 libreoffice-base-debuginfo-7.3.6.2-150300.14.22.24.2 libreoffice-base-drivers-postgresql-7.3.6.2-150300.14.22.24.2 libreoffice-base-drivers-postgresql-debuginfo-7.3.6.2-150300.14.22.24.2 libreoffice-calc-7.3.6.2-150300.14.22.24.2 libreoffice-calc-debuginfo-7.3.6.2-150300.14.22.24.2 libreoffice-calc-extensions-7.3.6.2-150300.14.22.24.2 libreoffice-debuginfo-7.3.6.2-150300.14.22.24.2 libreoffice-debugsource-7.3.6.2-150300.14.22.24.2 libreoffice-draw-7.3.6.2-150300.14.22.24.2 libreoffice-draw-debuginfo-7.3.6.2-150300.14.22.24.2 libreoffice-filters-optional-7.3.6.2-150300.14.22.24.2 libreoffice-gnome-7.3.6.2-150300.14.22.24.2 libreoffice-gnome-debuginfo-7.3.6.2-150300.14.22.24.2 libreoffice-gtk3-7.3.6.2-150300.14.22.24.2 libreoffice-gtk3-debuginfo-7.3.6.2-150300.14.22.24.2 libreoffice-impress-7.3.6.2-150300.14.22.24.2 libreoffice-impress-debuginfo-7.3.6.2-150300.14.22.24.2 libreoffice-librelogo-7.3.6.2-150300.14.22.24.2 libreoffice-mailmerge-7.3.6.2-150300.14.22.24.2 libreoffice-math-7.3.6.2-150300.14.22.24.2 libreoffice-math-debuginfo-7.3.6.2-150300.14.22.24.2 libreoffice-officebean-7.3.6.2-150300.14.22.24.2 libreoffice-officebean-debuginfo-7.3.6.2-150300.14.22.24.2 libreoffice-pyuno-7.3.6.2-150300.14.22.24.2 libreoffice-pyuno-debuginfo-7.3.6.2-150300.14.22.24.2 libreoffice-qt5-7.3.6.2-150300.14.22.24.2 libreoffice-qt5-debuginfo-7.3.6.2-150300.14.22.24.2 libreoffice-sdk-7.3.6.2-150300.14.22.24.2 libreoffice-sdk-debuginfo-7.3.6.2-150300.14.22.24.2 libreoffice-sdk-doc-7.3.6.2-150300.14.22.24.2 libreoffice-writer-7.3.6.2-150300.14.22.24.2 libreoffice-writer-debuginfo-7.3.6.2-150300.14.22.24.2 libreoffice-writer-extensions-7.3.6.2-150300.14.22.24.2 libreofficekit-7.3.6.2-150300.14.22.24.2 libreofficekit-devel-7.3.6.2-150300.14.22.24.2 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (noarch): libreoffice-branding-upstream-7.3.6.2-150300.14.22.24.2 libreoffice-gdb-pretty-printers-7.3.6.2-150300.14.22.24.2 libreoffice-glade-7.3.6.2-150300.14.22.24.2 libreoffice-icon-themes-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-af-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-am-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-ar-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-as-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-ast-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-be-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-bg-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-bn-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-bn_IN-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-bo-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-br-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-brx-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-bs-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-ca-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-ca_valencia-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-ckb-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-cs-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-cy-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-da-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-de-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-dgo-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-dsb-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-dz-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-el-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-en-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-en_GB-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-en_ZA-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-eo-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-es-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-et-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-eu-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-fa-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-fi-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-fr-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-fur-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-fy-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-ga-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-gd-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-gl-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-gu-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-gug-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-he-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-hi-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-hr-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-hsb-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-hu-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-id-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-is-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-it-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-ja-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-ka-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-kab-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-kk-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-km-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-kmr_Latn-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-kn-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-ko-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-kok-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-ks-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-lb-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-lo-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-lt-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-lv-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-mai-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-mk-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-ml-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-mn-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-mni-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-mr-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-my-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-nb-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-ne-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-nl-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-nn-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-nr-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-nso-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-oc-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-om-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-or-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-pa-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-pl-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-pt_BR-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-pt_PT-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-ro-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-ru-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-rw-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-sa_IN-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-sat-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-sd-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-si-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-sid-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-sk-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-sl-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-sq-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-sr-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-ss-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-st-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-sv-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-sw_TZ-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-szl-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-ta-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-te-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-tg-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-th-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-tn-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-tr-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-ts-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-tt-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-ug-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-uk-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-uz-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-ve-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-vec-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-vi-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-xh-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-zh_CN-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-zh_TW-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-zu-7.3.6.2-150300.14.22.24.2 References: https://www.suse.com/security/cve/CVE-2022-26305.html https://www.suse.com/security/cve/CVE-2022-26307.html https://www.suse.com/security/cve/CVE-2022-3140.html https://bugzilla.suse.com/1201868 https://bugzilla.suse.com/1201872 https://bugzilla.suse.com/1203209 From sle-updates at lists.suse.com Wed Oct 19 07:24:16 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 19 Oct 2022 09:24:16 +0200 (CEST) Subject: SUSE-CU-2022:2561-1: Security update of suse/sle-micro/5.3/toolbox Message-ID: <20221019072416.14CEFFBA8@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.3/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2561-1 Container Tags : suse/sle-micro/5.3/toolbox:11.1 , suse/sle-micro/5.3/toolbox:11.1-5.2.12 , suse/sle-micro/5.3/toolbox:latest Container Release : 5.2.12 Severity : critical Type : security References : 1160171 1178331 1178332 1181475 1182983 1189282 1189802 1190700 1191020 1193282 1194550 1195061 1195773 1196125 1196490 1197684 1198341 1198627 1198720 1198752 1199042 1199132 1199140 1199492 1199895 1200624 1200747 1200800 1200993 1201092 1201225 1201385 1201576 1201638 1201680 1201783 1201972 1202117 1202175 1202310 1202593 1203018 1203649 CVE-2021-36690 CVE-2021-46828 CVE-2022-23308 CVE-2022-29458 CVE-2022-29824 CVE-2022-31252 CVE-2022-34903 CVE-2022-35252 CVE-2022-35737 CVE-2022-37434 ----------------------------------------------------------------- The container suse/sle-micro/5.3/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2493-1 Released: Thu Jul 21 14:35:08 2022 Summary: Recommended update for rpm-config-SUSE Type: recommended Severity: moderate References: 1193282 This update for rpm-config-SUSE fixes the following issues: - Add SBAT values macros for other packages (bsc#1193282) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2546-1 Released: Mon Jul 25 14:43:22 2022 Summary: Security update for gpg2 Type: security Severity: important References: 1196125,1201225,CVE-2022-34903 This update for gpg2 fixes the following issues: - CVE-2022-34903: Fixed a status injection vulnerability (bsc#1201225). - Use AES as default cipher instead of 3DES when we are in FIPS mode. (bsc#1196125) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2552-1 Released: Tue Jul 26 14:55:40 2022 Summary: Security update for libxml2 Type: security Severity: important References: 1196490,1199132,CVE-2022-23308,CVE-2022-29824 This update for libxml2 fixes the following issues: Update to 2.9.14: - CVE-2022-29824: Fixed integer overflow that could have led to an out-of-bounds write in buf.c (xmlBuf*) and tree.c (xmlBuffer*) (bsc#1199132). Update to version 2.9.13: - CVE-2022-23308: Fixed a use-after-free of ID and IDREF attributes. (bsc#1196490) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2573-1 Released: Thu Jul 28 04:24:19 2022 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1194550,1197684,1199042 This update for libzypp, zypper fixes the following issues: libzypp: - appdata plugin: Pass path to the repodata/ directory inside the cache (bsc#1197684) - zypp-rpm: flush rpm script output buffer before sending endOfScriptTag - PluginRepoverification: initial version hooked into repo::Downloader and repo refresh - Immediately start monitoring the download.transfer_timeout. Do not wait until the first data arrived (bsc#1199042) - singletrans: no dry-run commit if doing just download-only - Work around cases where sat repo.start points to an invalid solvable. May happen if (wrong arch) solvables were removed at the beginning of the repo. - Fix misplaced #endif SINGLE_RPMTRANS_AS_DEFAULT_FOR_ZYPPER zypper: - Basic JobReport for 'cmdout/monitor' - versioncmp: if verbose, also print the edition 'parts' which are compared - Make sure MediaAccess is closed on exception (bsc#1194550) - Display plus-content hint conditionally - Honor the NO_COLOR environment variable when auto-detecting whether to use color - Define table columns which should be sorted natural [case insensitive] - lr/ls: Use highlight color on name and alias as well ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2632-1 Released: Wed Aug 3 09:51:00 2022 Summary: Security update for permissions Type: security Severity: important References: 1198720,1200747,1201385 This update for permissions fixes the following issues: * apptainer: fix starter-suid location (bsc#1198720) * static permissions: remove deprecated bind / named chroot entries (bsc#1200747) * postfix: add postlog setgid for maildrop binary (bsc#1201385) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2640-1 Released: Wed Aug 3 10:43:44 2022 Summary: Recommended update for yaml-cpp Type: recommended Severity: moderate References: 1160171,1178331,1178332,1200624 This update for yaml-cpp fixes the following issue: - Version 0.6.3 changed ABI without changing SONAME. Re-add symbol from the old ABI to prevent ABI breakage and crash of applications compiled with 0.6.1 (bsc#1200624, bsc#1178332, bsc#1178331, bsc#1160171). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2717-1 Released: Tue Aug 9 12:54:16 2022 Summary: Security update for ncurses Type: security Severity: moderate References: 1198627,CVE-2022-29458 This update for ncurses fixes the following issues: - CVE-2022-29458: Fixed segfaulting out-of-bounds read in convert_strings in tinfo/read_entry.c (bsc#1198627). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2904-1 Released: Fri Aug 26 05:28:34 2022 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1198341 This update for openldap2 fixes the following issues: - Prevent memory reuse which may lead to instability (bsc#1198341) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2929-1 Released: Mon Aug 29 11:21:47 2022 Summary: Recommended update for timezone Type: recommended Severity: important References: 1202310 This update for timezone fixes the following issue: - Reflect new Chile DST change (bsc#1202310) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2944-1 Released: Wed Aug 31 05:39:14 2022 Summary: Recommended update for procps Type: recommended Severity: important References: 1181475 This update for procps fixes the following issues: - Fix 'free' command reporting misleading 'used' value (bsc#1181475) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2947-1 Released: Wed Aug 31 09:16:21 2022 Summary: Security update for zlib Type: security Severity: important References: 1202175,CVE-2022-37434 This update for zlib fixes the following issues: - CVE-2022-37434: Fixed heap-based buffer over-read or buffer overflow via large gzip header extra field (bsc#1202175). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3003-1 Released: Fri Sep 2 15:01:44 2022 Summary: Security update for curl Type: security Severity: low References: 1202593,CVE-2022-35252 This update for curl fixes the following issues: - CVE-2022-35252: Fixed a potential injection of control characters into cookies, which could be exploited by sister sites to cause a denial of service (bsc#1202593). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3127-1 Released: Wed Sep 7 04:36:10 2022 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1198752,1200800 This update for libtirpc fixes the following issues: - Exclude ipv6 addresses in client protocol version 2 code (bsc#1200800) - Fix memory leak in params.r_addr assignement (bsc#1198752) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3215-1 Released: Thu Sep 8 15:58:27 2022 Summary: Recommended update for rpm Type: recommended Severity: moderate References: This update for rpm fixes the following issues: - Support Ed25519 RPM signatures [jsc#SLE-24714] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3220-1 Released: Fri Sep 9 04:30:52 2022 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1199895,1200993,1201092,1201576,1201638 This update for libzypp, zypper fixes the following issues: libzypp: - Improve handling of package locks, allowing to reset the status of its initial state (bsc#1199895) - Fix issues when receiving exceptions from curl_easy_cleanup (bsc#1201092) - Don't auto-flag kernel-firmware as 'reboot-needed' (bsc#1200993) - Remove Medianetwork and its dependent code. First reason for this is that MediaNetwork was just meant as a way to test the new CURL based downloaded. Second the Provide API is going to completely replace the current media backend. zypper: - Truncate the 'Name' column when using `zypper lr`, if the table is wider than the terminal (bsc#1201638) - Reject install/remove modifier without argument (bsc#1201576) - zypper-download: Handle unresolvable arguments as errors - Put signing key supplying repository name in quotes ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3262-1 Released: Tue Sep 13 15:34:29 2022 Summary: Recommended update for gcc11 Type: recommended Severity: moderate References: 1199140 This update for gcc11 ships some missing 32bit libraries for s390x. (bsc#1199140) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3304-1 Released: Mon Sep 19 11:43:25 2022 Summary: Recommended update for libassuan Type: recommended Severity: moderate References: This update for libassuan fixes the following issues: - Add a timeout for writing to a SOCKS5 proxy - Add workaround for a problem with LD_LIBRARY_PATH on newer systems - Fix issue in the logging code - Fix some build trivialities - Upgrade autoconf ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3305-1 Released: Mon Sep 19 11:45:57 2022 Summary: Security update for libtirpc Type: security Severity: important References: 1201680,CVE-2021-46828 This update for libtirpc fixes the following issues: - CVE-2021-46828: Fixed denial of service vulnerability with lots of connections (bsc#1201680). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3307-1 Released: Mon Sep 19 13:26:51 2022 Summary: Security update for sqlite3 Type: security Severity: moderate References: 1189802,1195773,1201783,CVE-2021-36690,CVE-2022-35737 This update for sqlite3 fixes the following issues: - CVE-2022-35737: Fixed an array-bounds overflow if billions of bytes are used in a string argument to a C API (bnc#1201783). - CVE-2021-36690: Fixed an issue with the SQLite Expert extension when a column has no collating sequence (bsc#1189802). - Package the Tcl bindings here again so that we only ship one copy of SQLite (bsc#1195773). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3353-1 Released: Fri Sep 23 15:23:40 2022 Summary: Security update for permissions Type: security Severity: moderate References: 1203018,CVE-2022-31252 This update for permissions fixes the following issues: - CVE-2022-31252: Fixed chkstat group controlled paths (bsc#1203018). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3551-1 Released: Fri Oct 7 17:03:55 2022 Summary: Recommended update for libgcrypt Type: recommended Severity: moderate References: 1182983,1190700,1191020,1202117 This update for libgcrypt fixes the following issues: - FIPS: Fixed gpg/gpg2 gets out of core handler in FIPS mode while typing Tab key to Auto-Completion. [bsc#1182983] - FIPS: Ported libgcrypt to use jitterentropy [bsc#1202117, jsc#SLE-24941] * Enable the jitter based entropy generator by default in random.conf * Update the internal jitterentropy to version 3.4.0 - FIPS: Get most of the entropy from rndjent_poll [bsc#1202117] - FIPS: Check keylength in gcry_fips_indicator_kdf() [bsc#1190700] * Consider approved keylength greater or equal to 112 bits. - FIPS: Zeroize buffer and digest in check_binary_integrity() [bsc#1191020] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3555-1 Released: Mon Oct 10 14:05:12 2022 Summary: Recommended update for aaa_base Type: recommended Severity: important References: 1199492 This update for aaa_base fixes the following issues: - The wrapper rootsh is not a restricted shell. (bsc#1199492) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3564-1 Released: Tue Oct 11 16:15:57 2022 Summary: Recommended update for libzypp, zypper Type: recommended Severity: critical References: 1189282,1201972,1203649 This update for libzypp, zypper fixes the following issues: libzypp: - Enable 'zck' support for SUSE Linux Enterprise 15 Service Pack 4 and newer (bsc#1189282) - Fix regression leading to `-allow-vendor-change` and `no-allow-vendor-change` options being ignored (bsc#1201972) - Remove migration code that is no longer needed (bsc#1203649) - Store logrotate files in vendor specif directory '/usr/etc/logrotate.d' if so defined zypper: - Fix contradiction in the man page: `--download-in-advance` option is the default behavior - Fix regression leading to `-allow-vendor-change` and `no-allow-vendor-change` options being ignored (bsc#1201972) - Fix tests to use locale 'C.UTF-8' rather than 'en_US' - Make sure 'up' respects solver related CLI options (bsc#1201972) - Remove unneeded code to compute the PPP status because it is now auto established - Store logrotate files in vendor specif directory '/usr/etc/logrotate.d' if so defined ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3604-1 Released: Mon Oct 17 22:29:59 2022 Summary: Recommended update for sles15-image Type: recommended Severity: moderate References: 1195061 This update for sles15-image fixes the following issues: - Make the title match BCI (bsc#1195061) The following package changes have been done: - aaa_base-84.87+git20180409.04c9dae-150300.10.3.1 updated - glibc-2.31-150300.41.1 updated - gpg2-2.2.27-150300.3.5.1 updated - libassuan0-2.5.5-150000.4.3.1 updated - libblkid1-2.37.2-150400.8.3.1 updated - libcurl4-7.79.1-150400.5.6.1 updated - libdw1-0.185-150400.5.3.1 updated - libelf1-0.185-150400.5.3.1 updated - libfdisk1-2.37.2-150400.8.3.1 updated - libgcc_s1-11.3.0+git1637-150000.1.11.2 updated - libgcrypt20-hmac-1.9.4-150400.6.5.1 updated - libgcrypt20-1.9.4-150400.6.5.1 updated - libldap-2_4-2-2.4.46-150200.14.11.2 updated - libldap-data-2.4.46-150200.14.11.2 updated - libmount1-2.37.2-150400.8.3.1 updated - libncurses6-6.1-150000.5.12.1 updated - libprocps7-3.3.15-150000.7.25.1 updated - libsmartcols1-2.37.2-150400.8.3.1 updated - libsqlite3-0-3.39.3-150000.3.17.1 updated - libstdc++6-11.3.0+git1637-150000.1.11.2 updated - libsystemd0-249.12-150400.8.10.1 updated - libtirpc-netconfig-1.2.6-150300.3.14.1 updated - libtirpc3-1.2.6-150300.3.14.1 updated - libudev1-249.12-150400.8.10.1 updated - libuuid1-2.37.2-150400.8.3.1 updated - libxml2-2-2.9.14-150400.5.7.1 updated - libyaml-cpp0_6-0.6.3-150400.4.3.1 updated - libz1-1.2.11-150000.3.33.1 updated - libzck1-1.1.16-150400.1.10 added - libzypp-17.31.2-150400.3.9.1 updated - ncurses-utils-6.1-150000.5.12.1 updated - perl-base-5.26.1-150300.17.11.1 updated - permissions-20201225-150400.5.11.1 updated - procps-3.3.15-150000.7.25.1 updated - rpm-config-SUSE-1-150400.14.3.1 updated - rpm-ndb-4.14.3-150300.49.1 updated - terminfo-base-6.1-150000.5.12.1 updated - timezone-2022a-150000.75.10.1 updated - util-linux-2.37.2-150400.8.3.1 updated - zypper-1.14.57-150400.3.9.1 updated - container:sles15-image-15.0.0-27.12.1 updated From sle-updates at lists.suse.com Wed Oct 19 08:09:59 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 19 Oct 2022 10:09:59 +0200 (CEST) Subject: SUSE-CU-2022:2586-1: Security update of bci/nodejs Message-ID: <20221019080959.ECC54FBA8@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2586-1 Container Tags : bci/node:14 , bci/node:14-34.10 , bci/nodejs:14 , bci/nodejs:14-34.10 Container Release : 34.10 Severity : moderate Type : security References : 1201325 1203832 CVE-2022-32213 CVE-2022-35256 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3614-1 Released: Tue Oct 18 13:05:23 2022 Summary: Security update for nodejs14 Type: security Severity: moderate References: 1201325,1203832,CVE-2022-32213,CVE-2022-35256 This update for nodejs14 fixes the following issues: Updated to version 14.20.1: - CVE-2022-32213: Fixed bypass via obs-fold mechanic (bsc#1201325). - CVE-2022-35256: Fixed incorrect Parsing of Header Fields (bsc#1203832). The following package changes have been done: - nodejs14-14.20.1-150200.15.37.1 updated - npm14-14.20.1-150200.15.37.1 updated From sle-updates at lists.suse.com Wed Oct 19 08:36:19 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 19 Oct 2022 10:36:19 +0200 (CEST) Subject: SUSE-CU-2022:2601-1: Security update of suse/sle-micro/5.1/toolbox Message-ID: <20221019083619.0A5D1FBA8@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.1/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2601-1 Container Tags : suse/sle-micro/5.1/toolbox:11.1 , suse/sle-micro/5.1/toolbox:11.1-2.2.296 , suse/sle-micro/5.1/toolbox:latest Container Release : 2.2.296 Severity : important Type : security References : 1203438 CVE-2022-40674 ----------------------------------------------------------------- The container suse/sle-micro/5.1/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3597-1 Released: Mon Oct 17 13:13:16 2022 Summary: Security update for expat Type: security Severity: important References: 1203438,CVE-2022-40674 This update for expat fixes the following issues: - CVE-2022-40674: Fixed use-after-free in the doContent function in xmlparse.c (bsc#1203438). The following package changes have been done: - libexpat1-2.2.5-150000.3.22.1 updated From sle-updates at lists.suse.com Wed Oct 19 08:38:03 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 19 Oct 2022 10:38:03 +0200 (CEST) Subject: SUSE-CU-2022:2602-1: Security update of suse/sle-micro/5.2/toolbox Message-ID: <20221019083803.3EE25FBA8@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.2/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2602-1 Container Tags : suse/sle-micro/5.2/toolbox:11.1 , suse/sle-micro/5.2/toolbox:11.1-6.2.117 , suse/sle-micro/5.2/toolbox:latest Container Release : 6.2.117 Severity : important Type : security References : 1203438 CVE-2022-40674 ----------------------------------------------------------------- The container suse/sle-micro/5.2/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3597-1 Released: Mon Oct 17 13:13:16 2022 Summary: Security update for expat Type: security Severity: important References: 1203438,CVE-2022-40674 This update for expat fixes the following issues: - CVE-2022-40674: Fixed use-after-free in the doContent function in xmlparse.c (bsc#1203438). The following package changes have been done: - libexpat1-2.2.5-150000.3.22.1 updated From sle-updates at lists.suse.com Wed Oct 19 13:19:50 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 19 Oct 2022 15:19:50 +0200 (CEST) Subject: SUSE-SU-2022:3653-1: important: Security update for tcl Message-ID: <20221019131950.2FEA4FD2F@maintenance.suse.de> SUSE Security Update: Security update for tcl ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3653-1 Rating: important References: #1195773 Affected Products: SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for tcl fixes the following issues: - Fixed a race condition in test socket-13.1. - Removed the SQLite extension and use the packaged sqlite3 instead (bsc#1195773). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-3653=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-3653=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): tcl-debuginfo-8.6.12-11.6.1 tcl-debugsource-8.6.12-11.6.1 tcl-devel-8.6.12-11.6.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): tcl-8.6.12-11.6.1 tcl-debuginfo-8.6.12-11.6.1 tcl-debugsource-8.6.12-11.6.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): tcl-32bit-8.6.12-11.6.1 tcl-debuginfo-32bit-8.6.12-11.6.1 References: https://bugzilla.suse.com/1195773 From sle-updates at lists.suse.com Wed Oct 19 13:20:29 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 19 Oct 2022 15:20:29 +0200 (CEST) Subject: SUSE-SU-2022:3654-1: important: Security update for amazon-ssm-agent Message-ID: <20221019132029.482EBFD2F@maintenance.suse.de> SUSE Security Update: Security update for amazon-ssm-agent ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3654-1 Rating: important References: #1196556 Cross-References: CVE-2022-29527 CVSS scores: CVE-2022-29527 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-29527 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 12 SUSE Linux Enterprise Module for Public Cloud 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12 SUSE Linux Enterprise Server for SAP Applications 12-SP3 SUSE Linux Enterprise Server for SAP Applications 12-SP4 SUSE Linux Enterprise Server for SAP Applications 12-SP5 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for amazon-ssm-agent fixes the following issues: - Update to version 3.1.1260.0 - CVE-2022-29527: Fixed a bug which creates world-writable sudoers file during runtime. (bsc#1196556) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2022-3654=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 12 (aarch64 x86_64): amazon-ssm-agent-3.1.1260.0-4.27.2 References: https://www.suse.com/security/cve/CVE-2022-29527.html https://bugzilla.suse.com/1196556 From sle-updates at lists.suse.com Wed Oct 19 16:20:58 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 19 Oct 2022 18:20:58 +0200 (CEST) Subject: SUSE-RU-2022:3658-1: moderate: Recommended update for resource-agents Message-ID: <20221019162058.93C0EFD2F@maintenance.suse.de> SUSE Recommended Update: Recommended update for resource-agents ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:3658-1 Rating: moderate References: PED-2000 Affected Products: SUSE Linux Enterprise High Availability 15 SUSE Linux Enterprise High Performance Computing 15 SUSE Linux Enterprise Server 15 SUSE Linux Enterprise Server for SAP Applications 15 ______________________________________________________________________________ An update that has 0 recommended fixes and contains one feature can now be installed. Description: This update for resource-agents fixes the following issues: - Azure Events RA can not handle AV Zones (jsc#PED-2000) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 15: zypper in -t patch SUSE-SLE-Product-HA-15-2022-3658=1 Package List: - SUSE Linux Enterprise High Availability 15 (aarch64 ppc64le s390x x86_64): ldirectord-4.3.0184.6ee15eb2-150000.3.70.1 resource-agents-4.3.0184.6ee15eb2-150000.3.70.1 resource-agents-debuginfo-4.3.0184.6ee15eb2-150000.3.70.1 resource-agents-debugsource-4.3.0184.6ee15eb2-150000.3.70.1 - SUSE Linux Enterprise High Availability 15 (noarch): monitoring-plugins-metadata-4.3.0184.6ee15eb2-150000.3.70.1 References: From sle-updates at lists.suse.com Wed Oct 19 16:21:37 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 19 Oct 2022 18:21:37 +0200 (CEST) Subject: SUSE-RU-2022:3659-1: moderate: Recommended update for resource-agents Message-ID: <20221019162137.34201FD2F@maintenance.suse.de> SUSE Recommended Update: Recommended update for resource-agents ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:3659-1 Rating: moderate References: PED-2000 Affected Products: SUSE Linux Enterprise High Availability 12-SP4 SUSE Linux Enterprise High Availability 12-SP5 SUSE Linux Enterprise High Performance Computing 12-SP4 SUSE Linux Enterprise High Performance Computing 12-SP5 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that has 0 recommended fixes and contains one feature can now be installed. Description: This update for resource-agents fixes the following issues: - Azure Events RA can not handle AV Zones (jsc#PED-2000) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 12-SP5: zypper in -t patch SUSE-SLE-HA-12-SP5-2022-3659=1 - SUSE Linux Enterprise High Availability 12-SP4: zypper in -t patch SUSE-SLE-HA-12-SP4-2022-3659=1 Package List: - SUSE Linux Enterprise High Availability 12-SP5 (ppc64le s390x x86_64): ldirectord-4.3.018.a7fb5035-3.98.1 resource-agents-4.3.018.a7fb5035-3.98.1 resource-agents-debuginfo-4.3.018.a7fb5035-3.98.1 resource-agents-debugsource-4.3.018.a7fb5035-3.98.1 - SUSE Linux Enterprise High Availability 12-SP5 (noarch): monitoring-plugins-metadata-4.3.018.a7fb5035-3.98.1 - SUSE Linux Enterprise High Availability 12-SP4 (ppc64le s390x x86_64): ldirectord-4.3.018.a7fb5035-3.98.1 resource-agents-4.3.018.a7fb5035-3.98.1 resource-agents-debuginfo-4.3.018.a7fb5035-3.98.1 resource-agents-debugsource-4.3.018.a7fb5035-3.98.1 - SUSE Linux Enterprise High Availability 12-SP4 (noarch): monitoring-plugins-metadata-4.3.018.a7fb5035-3.98.1 References: From sle-updates at lists.suse.com Wed Oct 19 16:22:19 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 19 Oct 2022 18:22:19 +0200 (CEST) Subject: SUSE-SU-2022:3661-1: important: Security update for php8 Message-ID: <20221019162219.85E50FD2F@maintenance.suse.de> SUSE Security Update: Security update for php8 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3661-1 Rating: important References: #1192050 #1200772 #1203867 #1203870 SLE-23639 SLE-24723 Cross-References: CVE-2021-21703 CVE-2022-31628 CVE-2022-31629 CVSS scores: CVE-2021-21703 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-21703 (SUSE): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-31628 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-31629 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Web Scripting 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that solves three vulnerabilities, contains two features and has one errata is now available. Description: This update for php8 fixes the following issues: - php8 was updated to version 8.0.24 - php8 was updated to version 8.0.23 (jsc#SLE-23639). - CVE-2021-21703: Fixed a local privilege escalation via PHP-FPM. (bsc#1192050) - CVE-2022-31628: Fixed an uncontrolled recursion in the phar uncompressor while decompressing "quines" gzip files. (bsc#1203867) - CVE-2022-31629: Fixed a bug which could lead an attacker to set an insecure cookie that will treated as secure in the victim's browser. (bsc#1203870) - Fixed missing devel package requires pear and pecl extensions (jsc#SLE-24723, bsc#1200772). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3661=1 - SUSE Linux Enterprise Module for Web Scripting 15-SP4: zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP4-2022-3661=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): apache2-mod_php8-8.0.24-150400.4.14.1 apache2-mod_php8-debuginfo-8.0.24-150400.4.14.1 apache2-mod_php8-debugsource-8.0.24-150400.4.14.1 php8-8.0.24-150400.4.14.1 php8-bcmath-8.0.24-150400.4.14.1 php8-bcmath-debuginfo-8.0.24-150400.4.14.1 php8-bz2-8.0.24-150400.4.14.1 php8-bz2-debuginfo-8.0.24-150400.4.14.1 php8-calendar-8.0.24-150400.4.14.1 php8-calendar-debuginfo-8.0.24-150400.4.14.1 php8-cli-8.0.24-150400.4.14.1 php8-cli-debuginfo-8.0.24-150400.4.14.1 php8-ctype-8.0.24-150400.4.14.1 php8-ctype-debuginfo-8.0.24-150400.4.14.1 php8-curl-8.0.24-150400.4.14.1 php8-curl-debuginfo-8.0.24-150400.4.14.1 php8-dba-8.0.24-150400.4.14.1 php8-dba-debuginfo-8.0.24-150400.4.14.1 php8-debuginfo-8.0.24-150400.4.14.1 php8-debugsource-8.0.24-150400.4.14.1 php8-devel-8.0.24-150400.4.14.1 php8-dom-8.0.24-150400.4.14.1 php8-dom-debuginfo-8.0.24-150400.4.14.1 php8-embed-8.0.24-150400.4.14.1 php8-embed-debuginfo-8.0.24-150400.4.14.1 php8-embed-debugsource-8.0.24-150400.4.14.1 php8-enchant-8.0.24-150400.4.14.1 php8-enchant-debuginfo-8.0.24-150400.4.14.1 php8-exif-8.0.24-150400.4.14.1 php8-exif-debuginfo-8.0.24-150400.4.14.1 php8-fastcgi-8.0.24-150400.4.14.1 php8-fastcgi-debuginfo-8.0.24-150400.4.14.1 php8-fastcgi-debugsource-8.0.24-150400.4.14.1 php8-fileinfo-8.0.24-150400.4.14.1 php8-fileinfo-debuginfo-8.0.24-150400.4.14.1 php8-fpm-8.0.24-150400.4.14.1 php8-fpm-debuginfo-8.0.24-150400.4.14.1 php8-fpm-debugsource-8.0.24-150400.4.14.1 php8-ftp-8.0.24-150400.4.14.1 php8-ftp-debuginfo-8.0.24-150400.4.14.1 php8-gd-8.0.24-150400.4.14.1 php8-gd-debuginfo-8.0.24-150400.4.14.1 php8-gettext-8.0.24-150400.4.14.1 php8-gettext-debuginfo-8.0.24-150400.4.14.1 php8-gmp-8.0.24-150400.4.14.1 php8-gmp-debuginfo-8.0.24-150400.4.14.1 php8-iconv-8.0.24-150400.4.14.1 php8-iconv-debuginfo-8.0.24-150400.4.14.1 php8-intl-8.0.24-150400.4.14.1 php8-intl-debuginfo-8.0.24-150400.4.14.1 php8-ldap-8.0.24-150400.4.14.1 php8-ldap-debuginfo-8.0.24-150400.4.14.1 php8-mbstring-8.0.24-150400.4.14.1 php8-mbstring-debuginfo-8.0.24-150400.4.14.1 php8-mysql-8.0.24-150400.4.14.1 php8-mysql-debuginfo-8.0.24-150400.4.14.1 php8-odbc-8.0.24-150400.4.14.1 php8-odbc-debuginfo-8.0.24-150400.4.14.1 php8-opcache-8.0.24-150400.4.14.1 php8-opcache-debuginfo-8.0.24-150400.4.14.1 php8-openssl-8.0.24-150400.4.14.1 php8-openssl-debuginfo-8.0.24-150400.4.14.1 php8-pcntl-8.0.24-150400.4.14.1 php8-pcntl-debuginfo-8.0.24-150400.4.14.1 php8-pdo-8.0.24-150400.4.14.1 php8-pdo-debuginfo-8.0.24-150400.4.14.1 php8-pgsql-8.0.24-150400.4.14.1 php8-pgsql-debuginfo-8.0.24-150400.4.14.1 php8-phar-8.0.24-150400.4.14.1 php8-phar-debuginfo-8.0.24-150400.4.14.1 php8-posix-8.0.24-150400.4.14.1 php8-posix-debuginfo-8.0.24-150400.4.14.1 php8-readline-8.0.24-150400.4.14.1 php8-readline-debuginfo-8.0.24-150400.4.14.1 php8-shmop-8.0.24-150400.4.14.1 php8-shmop-debuginfo-8.0.24-150400.4.14.1 php8-snmp-8.0.24-150400.4.14.1 php8-snmp-debuginfo-8.0.24-150400.4.14.1 php8-soap-8.0.24-150400.4.14.1 php8-soap-debuginfo-8.0.24-150400.4.14.1 php8-sockets-8.0.24-150400.4.14.1 php8-sockets-debuginfo-8.0.24-150400.4.14.1 php8-sodium-8.0.24-150400.4.14.1 php8-sodium-debuginfo-8.0.24-150400.4.14.1 php8-sqlite-8.0.24-150400.4.14.1 php8-sqlite-debuginfo-8.0.24-150400.4.14.1 php8-sysvmsg-8.0.24-150400.4.14.1 php8-sysvmsg-debuginfo-8.0.24-150400.4.14.1 php8-sysvsem-8.0.24-150400.4.14.1 php8-sysvsem-debuginfo-8.0.24-150400.4.14.1 php8-sysvshm-8.0.24-150400.4.14.1 php8-sysvshm-debuginfo-8.0.24-150400.4.14.1 php8-test-8.0.24-150400.4.14.1 php8-tidy-8.0.24-150400.4.14.1 php8-tidy-debuginfo-8.0.24-150400.4.14.1 php8-tokenizer-8.0.24-150400.4.14.1 php8-tokenizer-debuginfo-8.0.24-150400.4.14.1 php8-xmlreader-8.0.24-150400.4.14.1 php8-xmlreader-debuginfo-8.0.24-150400.4.14.1 php8-xmlwriter-8.0.24-150400.4.14.1 php8-xmlwriter-debuginfo-8.0.24-150400.4.14.1 php8-xsl-8.0.24-150400.4.14.1 php8-xsl-debuginfo-8.0.24-150400.4.14.1 php8-zip-8.0.24-150400.4.14.1 php8-zip-debuginfo-8.0.24-150400.4.14.1 php8-zlib-8.0.24-150400.4.14.1 php8-zlib-debuginfo-8.0.24-150400.4.14.1 - SUSE Linux Enterprise Module for Web Scripting 15-SP4 (aarch64 ppc64le s390x x86_64): apache2-mod_php8-8.0.24-150400.4.14.1 apache2-mod_php8-debuginfo-8.0.24-150400.4.14.1 apache2-mod_php8-debugsource-8.0.24-150400.4.14.1 php8-8.0.24-150400.4.14.1 php8-bcmath-8.0.24-150400.4.14.1 php8-bcmath-debuginfo-8.0.24-150400.4.14.1 php8-bz2-8.0.24-150400.4.14.1 php8-bz2-debuginfo-8.0.24-150400.4.14.1 php8-calendar-8.0.24-150400.4.14.1 php8-calendar-debuginfo-8.0.24-150400.4.14.1 php8-cli-8.0.24-150400.4.14.1 php8-cli-debuginfo-8.0.24-150400.4.14.1 php8-ctype-8.0.24-150400.4.14.1 php8-ctype-debuginfo-8.0.24-150400.4.14.1 php8-curl-8.0.24-150400.4.14.1 php8-curl-debuginfo-8.0.24-150400.4.14.1 php8-dba-8.0.24-150400.4.14.1 php8-dba-debuginfo-8.0.24-150400.4.14.1 php8-debuginfo-8.0.24-150400.4.14.1 php8-debugsource-8.0.24-150400.4.14.1 php8-devel-8.0.24-150400.4.14.1 php8-dom-8.0.24-150400.4.14.1 php8-dom-debuginfo-8.0.24-150400.4.14.1 php8-embed-8.0.24-150400.4.14.1 php8-embed-debuginfo-8.0.24-150400.4.14.1 php8-embed-debugsource-8.0.24-150400.4.14.1 php8-enchant-8.0.24-150400.4.14.1 php8-enchant-debuginfo-8.0.24-150400.4.14.1 php8-exif-8.0.24-150400.4.14.1 php8-exif-debuginfo-8.0.24-150400.4.14.1 php8-fastcgi-8.0.24-150400.4.14.1 php8-fastcgi-debuginfo-8.0.24-150400.4.14.1 php8-fastcgi-debugsource-8.0.24-150400.4.14.1 php8-fileinfo-8.0.24-150400.4.14.1 php8-fileinfo-debuginfo-8.0.24-150400.4.14.1 php8-fpm-8.0.24-150400.4.14.1 php8-fpm-debuginfo-8.0.24-150400.4.14.1 php8-fpm-debugsource-8.0.24-150400.4.14.1 php8-ftp-8.0.24-150400.4.14.1 php8-ftp-debuginfo-8.0.24-150400.4.14.1 php8-gd-8.0.24-150400.4.14.1 php8-gd-debuginfo-8.0.24-150400.4.14.1 php8-gettext-8.0.24-150400.4.14.1 php8-gettext-debuginfo-8.0.24-150400.4.14.1 php8-gmp-8.0.24-150400.4.14.1 php8-gmp-debuginfo-8.0.24-150400.4.14.1 php8-iconv-8.0.24-150400.4.14.1 php8-iconv-debuginfo-8.0.24-150400.4.14.1 php8-intl-8.0.24-150400.4.14.1 php8-intl-debuginfo-8.0.24-150400.4.14.1 php8-ldap-8.0.24-150400.4.14.1 php8-ldap-debuginfo-8.0.24-150400.4.14.1 php8-mbstring-8.0.24-150400.4.14.1 php8-mbstring-debuginfo-8.0.24-150400.4.14.1 php8-mysql-8.0.24-150400.4.14.1 php8-mysql-debuginfo-8.0.24-150400.4.14.1 php8-odbc-8.0.24-150400.4.14.1 php8-odbc-debuginfo-8.0.24-150400.4.14.1 php8-opcache-8.0.24-150400.4.14.1 php8-opcache-debuginfo-8.0.24-150400.4.14.1 php8-openssl-8.0.24-150400.4.14.1 php8-openssl-debuginfo-8.0.24-150400.4.14.1 php8-pcntl-8.0.24-150400.4.14.1 php8-pcntl-debuginfo-8.0.24-150400.4.14.1 php8-pdo-8.0.24-150400.4.14.1 php8-pdo-debuginfo-8.0.24-150400.4.14.1 php8-pgsql-8.0.24-150400.4.14.1 php8-pgsql-debuginfo-8.0.24-150400.4.14.1 php8-phar-8.0.24-150400.4.14.1 php8-phar-debuginfo-8.0.24-150400.4.14.1 php8-posix-8.0.24-150400.4.14.1 php8-posix-debuginfo-8.0.24-150400.4.14.1 php8-readline-8.0.24-150400.4.14.1 php8-readline-debuginfo-8.0.24-150400.4.14.1 php8-shmop-8.0.24-150400.4.14.1 php8-shmop-debuginfo-8.0.24-150400.4.14.1 php8-snmp-8.0.24-150400.4.14.1 php8-snmp-debuginfo-8.0.24-150400.4.14.1 php8-soap-8.0.24-150400.4.14.1 php8-soap-debuginfo-8.0.24-150400.4.14.1 php8-sockets-8.0.24-150400.4.14.1 php8-sockets-debuginfo-8.0.24-150400.4.14.1 php8-sodium-8.0.24-150400.4.14.1 php8-sodium-debuginfo-8.0.24-150400.4.14.1 php8-sqlite-8.0.24-150400.4.14.1 php8-sqlite-debuginfo-8.0.24-150400.4.14.1 php8-sysvmsg-8.0.24-150400.4.14.1 php8-sysvmsg-debuginfo-8.0.24-150400.4.14.1 php8-sysvsem-8.0.24-150400.4.14.1 php8-sysvsem-debuginfo-8.0.24-150400.4.14.1 php8-sysvshm-8.0.24-150400.4.14.1 php8-sysvshm-debuginfo-8.0.24-150400.4.14.1 php8-test-8.0.24-150400.4.14.1 php8-tidy-8.0.24-150400.4.14.1 php8-tidy-debuginfo-8.0.24-150400.4.14.1 php8-tokenizer-8.0.24-150400.4.14.1 php8-tokenizer-debuginfo-8.0.24-150400.4.14.1 php8-xmlreader-8.0.24-150400.4.14.1 php8-xmlreader-debuginfo-8.0.24-150400.4.14.1 php8-xmlwriter-8.0.24-150400.4.14.1 php8-xmlwriter-debuginfo-8.0.24-150400.4.14.1 php8-xsl-8.0.24-150400.4.14.1 php8-xsl-debuginfo-8.0.24-150400.4.14.1 php8-zip-8.0.24-150400.4.14.1 php8-zip-debuginfo-8.0.24-150400.4.14.1 php8-zlib-8.0.24-150400.4.14.1 php8-zlib-debuginfo-8.0.24-150400.4.14.1 References: https://www.suse.com/security/cve/CVE-2021-21703.html https://www.suse.com/security/cve/CVE-2022-31628.html https://www.suse.com/security/cve/CVE-2022-31629.html https://bugzilla.suse.com/1192050 https://bugzilla.suse.com/1200772 https://bugzilla.suse.com/1203867 https://bugzilla.suse.com/1203870 From sle-updates at lists.suse.com Wed Oct 19 16:23:29 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 19 Oct 2022 18:23:29 +0200 (CEST) Subject: SUSE-SU-2022:3660-1: moderate: Security update for qemu Message-ID: <20221019162329.446CCFD2F@maintenance.suse.de> SUSE Security Update: Security update for qemu ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3660-1 Rating: moderate References: #1192115 #1198038 #1201367 Cross-References: CVE-2022-0216 CVE-2022-35414 CVSS scores: CVE-2022-0216 (NVD) : 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2022-0216 (SUSE): 5.3 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2022-35414 (NVD) : 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H CVE-2022-35414 (SUSE): 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Server Applications 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap Micro 5.2 ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: This update for qemu fixes the following issues: - CVE-2022-0216: Fixed a use after free issue found in hw/scsi/lsi53c895a.c. (bsc#1198038) - CVE-2022-35414: Fixed an uninitialized read during address translation that leads to a crash. (bsc#1201367) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap Micro 5.2: zypper in -t patch openSUSE-Leap-Micro-5.2-2022-3660=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-3660=1 - SUSE Linux Enterprise Module for Server Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2022-3660=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-3660=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-3660=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-3660=1 Package List: - openSUSE Leap Micro 5.2 (aarch64 x86_64): qemu-5.2.0-150300.118.3 qemu-audio-spice-5.2.0-150300.118.3 qemu-audio-spice-debuginfo-5.2.0-150300.118.3 qemu-chardev-spice-5.2.0-150300.118.3 qemu-chardev-spice-debuginfo-5.2.0-150300.118.3 qemu-debuginfo-5.2.0-150300.118.3 qemu-debugsource-5.2.0-150300.118.3 qemu-guest-agent-5.2.0-150300.118.3 qemu-guest-agent-debuginfo-5.2.0-150300.118.3 qemu-hw-display-qxl-5.2.0-150300.118.3 qemu-hw-display-qxl-debuginfo-5.2.0-150300.118.3 qemu-hw-display-virtio-gpu-5.2.0-150300.118.3 qemu-hw-display-virtio-gpu-debuginfo-5.2.0-150300.118.3 qemu-hw-display-virtio-vga-5.2.0-150300.118.3 qemu-hw-display-virtio-vga-debuginfo-5.2.0-150300.118.3 qemu-hw-usb-redirect-5.2.0-150300.118.3 qemu-hw-usb-redirect-debuginfo-5.2.0-150300.118.3 qemu-tools-5.2.0-150300.118.3 qemu-tools-debuginfo-5.2.0-150300.118.3 qemu-ui-opengl-5.2.0-150300.118.3 qemu-ui-opengl-debuginfo-5.2.0-150300.118.3 qemu-ui-spice-core-5.2.0-150300.118.3 qemu-ui-spice-core-debuginfo-5.2.0-150300.118.3 - openSUSE Leap Micro 5.2 (aarch64): qemu-arm-5.2.0-150300.118.3 qemu-arm-debuginfo-5.2.0-150300.118.3 - openSUSE Leap Micro 5.2 (noarch): qemu-ipxe-1.0.0+-150300.118.3 qemu-seabios-1.14.0_0_g155821a-150300.118.3 qemu-sgabios-8-150300.118.3 qemu-vgabios-1.14.0_0_g155821a-150300.118.3 - openSUSE Leap Micro 5.2 (x86_64): qemu-x86-5.2.0-150300.118.3 qemu-x86-debuginfo-5.2.0-150300.118.3 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): qemu-5.2.0-150300.118.3 qemu-arm-5.2.0-150300.118.3 qemu-arm-debuginfo-5.2.0-150300.118.3 qemu-audio-alsa-5.2.0-150300.118.3 qemu-audio-alsa-debuginfo-5.2.0-150300.118.3 qemu-audio-pa-5.2.0-150300.118.3 qemu-audio-pa-debuginfo-5.2.0-150300.118.3 qemu-audio-spice-5.2.0-150300.118.3 qemu-audio-spice-debuginfo-5.2.0-150300.118.3 qemu-block-curl-5.2.0-150300.118.3 qemu-block-curl-debuginfo-5.2.0-150300.118.3 qemu-block-dmg-5.2.0-150300.118.3 qemu-block-dmg-debuginfo-5.2.0-150300.118.3 qemu-block-gluster-5.2.0-150300.118.3 qemu-block-gluster-debuginfo-5.2.0-150300.118.3 qemu-block-iscsi-5.2.0-150300.118.3 qemu-block-iscsi-debuginfo-5.2.0-150300.118.3 qemu-block-nfs-5.2.0-150300.118.3 qemu-block-nfs-debuginfo-5.2.0-150300.118.3 qemu-block-rbd-5.2.0-150300.118.3 qemu-block-rbd-debuginfo-5.2.0-150300.118.3 qemu-block-ssh-5.2.0-150300.118.3 qemu-block-ssh-debuginfo-5.2.0-150300.118.3 qemu-chardev-baum-5.2.0-150300.118.3 qemu-chardev-baum-debuginfo-5.2.0-150300.118.3 qemu-chardev-spice-5.2.0-150300.118.3 qemu-chardev-spice-debuginfo-5.2.0-150300.118.3 qemu-debuginfo-5.2.0-150300.118.3 qemu-debugsource-5.2.0-150300.118.3 qemu-extra-5.2.0-150300.118.3 qemu-extra-debuginfo-5.2.0-150300.118.3 qemu-guest-agent-5.2.0-150300.118.3 qemu-guest-agent-debuginfo-5.2.0-150300.118.3 qemu-hw-display-qxl-5.2.0-150300.118.3 qemu-hw-display-qxl-debuginfo-5.2.0-150300.118.3 qemu-hw-display-virtio-gpu-5.2.0-150300.118.3 qemu-hw-display-virtio-gpu-debuginfo-5.2.0-150300.118.3 qemu-hw-display-virtio-gpu-pci-5.2.0-150300.118.3 qemu-hw-display-virtio-gpu-pci-debuginfo-5.2.0-150300.118.3 qemu-hw-display-virtio-vga-5.2.0-150300.118.3 qemu-hw-display-virtio-vga-debuginfo-5.2.0-150300.118.3 qemu-hw-s390x-virtio-gpu-ccw-5.2.0-150300.118.3 qemu-hw-s390x-virtio-gpu-ccw-debuginfo-5.2.0-150300.118.3 qemu-hw-usb-redirect-5.2.0-150300.118.3 qemu-hw-usb-redirect-debuginfo-5.2.0-150300.118.3 qemu-hw-usb-smartcard-5.2.0-150300.118.3 qemu-hw-usb-smartcard-debuginfo-5.2.0-150300.118.3 qemu-ivshmem-tools-5.2.0-150300.118.3 qemu-ivshmem-tools-debuginfo-5.2.0-150300.118.3 qemu-ksm-5.2.0-150300.118.3 qemu-lang-5.2.0-150300.118.3 qemu-linux-user-5.2.0-150300.118.2 qemu-linux-user-debuginfo-5.2.0-150300.118.2 qemu-linux-user-debugsource-5.2.0-150300.118.2 qemu-ppc-5.2.0-150300.118.3 qemu-ppc-debuginfo-5.2.0-150300.118.3 qemu-s390x-5.2.0-150300.118.3 qemu-s390x-debuginfo-5.2.0-150300.118.3 qemu-testsuite-5.2.0-150300.118.5 qemu-tools-5.2.0-150300.118.3 qemu-tools-debuginfo-5.2.0-150300.118.3 qemu-ui-curses-5.2.0-150300.118.3 qemu-ui-curses-debuginfo-5.2.0-150300.118.3 qemu-ui-gtk-5.2.0-150300.118.3 qemu-ui-gtk-debuginfo-5.2.0-150300.118.3 qemu-ui-opengl-5.2.0-150300.118.3 qemu-ui-opengl-debuginfo-5.2.0-150300.118.3 qemu-ui-spice-app-5.2.0-150300.118.3 qemu-ui-spice-app-debuginfo-5.2.0-150300.118.3 qemu-ui-spice-core-5.2.0-150300.118.3 qemu-ui-spice-core-debuginfo-5.2.0-150300.118.3 qemu-vhost-user-gpu-5.2.0-150300.118.3 qemu-vhost-user-gpu-debuginfo-5.2.0-150300.118.3 qemu-x86-5.2.0-150300.118.3 qemu-x86-debuginfo-5.2.0-150300.118.3 - openSUSE Leap 15.3 (s390x x86_64): qemu-kvm-5.2.0-150300.118.3 - openSUSE Leap 15.3 (noarch): qemu-SLOF-5.2.0-150300.118.3 qemu-ipxe-1.0.0+-150300.118.3 qemu-microvm-5.2.0-150300.118.3 qemu-seabios-1.14.0_0_g155821a-150300.118.3 qemu-sgabios-8-150300.118.3 qemu-skiboot-5.2.0-150300.118.3 qemu-vgabios-1.14.0_0_g155821a-150300.118.3 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (aarch64 ppc64le s390x x86_64): qemu-5.2.0-150300.118.3 qemu-block-curl-5.2.0-150300.118.3 qemu-block-curl-debuginfo-5.2.0-150300.118.3 qemu-block-iscsi-5.2.0-150300.118.3 qemu-block-iscsi-debuginfo-5.2.0-150300.118.3 qemu-block-rbd-5.2.0-150300.118.3 qemu-block-rbd-debuginfo-5.2.0-150300.118.3 qemu-block-ssh-5.2.0-150300.118.3 qemu-block-ssh-debuginfo-5.2.0-150300.118.3 qemu-chardev-baum-5.2.0-150300.118.3 qemu-chardev-baum-debuginfo-5.2.0-150300.118.3 qemu-debuginfo-5.2.0-150300.118.3 qemu-debugsource-5.2.0-150300.118.3 qemu-guest-agent-5.2.0-150300.118.3 qemu-guest-agent-debuginfo-5.2.0-150300.118.3 qemu-ksm-5.2.0-150300.118.3 qemu-lang-5.2.0-150300.118.3 qemu-ui-curses-5.2.0-150300.118.3 qemu-ui-curses-debuginfo-5.2.0-150300.118.3 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (aarch64 ppc64le x86_64): qemu-audio-spice-5.2.0-150300.118.3 qemu-audio-spice-debuginfo-5.2.0-150300.118.3 qemu-chardev-spice-5.2.0-150300.118.3 qemu-chardev-spice-debuginfo-5.2.0-150300.118.3 qemu-hw-display-qxl-5.2.0-150300.118.3 qemu-hw-display-qxl-debuginfo-5.2.0-150300.118.3 qemu-hw-display-virtio-vga-5.2.0-150300.118.3 qemu-hw-display-virtio-vga-debuginfo-5.2.0-150300.118.3 qemu-hw-usb-redirect-5.2.0-150300.118.3 qemu-hw-usb-redirect-debuginfo-5.2.0-150300.118.3 qemu-ui-gtk-5.2.0-150300.118.3 qemu-ui-gtk-debuginfo-5.2.0-150300.118.3 qemu-ui-opengl-5.2.0-150300.118.3 qemu-ui-opengl-debuginfo-5.2.0-150300.118.3 qemu-ui-spice-app-5.2.0-150300.118.3 qemu-ui-spice-app-debuginfo-5.2.0-150300.118.3 qemu-ui-spice-core-5.2.0-150300.118.3 qemu-ui-spice-core-debuginfo-5.2.0-150300.118.3 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (s390x x86_64): qemu-hw-display-virtio-gpu-5.2.0-150300.118.3 qemu-hw-display-virtio-gpu-debuginfo-5.2.0-150300.118.3 qemu-hw-display-virtio-gpu-pci-5.2.0-150300.118.3 qemu-hw-display-virtio-gpu-pci-debuginfo-5.2.0-150300.118.3 qemu-kvm-5.2.0-150300.118.3 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (aarch64): qemu-arm-5.2.0-150300.118.3 qemu-arm-debuginfo-5.2.0-150300.118.3 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (ppc64le): qemu-ppc-5.2.0-150300.118.3 qemu-ppc-debuginfo-5.2.0-150300.118.3 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (noarch): qemu-SLOF-5.2.0-150300.118.3 qemu-ipxe-1.0.0+-150300.118.3 qemu-seabios-1.14.0_0_g155821a-150300.118.3 qemu-sgabios-8-150300.118.3 qemu-skiboot-5.2.0-150300.118.3 qemu-vgabios-1.14.0_0_g155821a-150300.118.3 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (x86_64): qemu-audio-alsa-5.2.0-150300.118.3 qemu-audio-alsa-debuginfo-5.2.0-150300.118.3 qemu-audio-pa-5.2.0-150300.118.3 qemu-audio-pa-debuginfo-5.2.0-150300.118.3 qemu-x86-5.2.0-150300.118.3 qemu-x86-debuginfo-5.2.0-150300.118.3 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (s390x): qemu-hw-s390x-virtio-gpu-ccw-5.2.0-150300.118.3 qemu-hw-s390x-virtio-gpu-ccw-debuginfo-5.2.0-150300.118.3 qemu-s390x-5.2.0-150300.118.3 qemu-s390x-debuginfo-5.2.0-150300.118.3 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): qemu-debuginfo-5.2.0-150300.118.3 qemu-debugsource-5.2.0-150300.118.3 qemu-tools-5.2.0-150300.118.3 qemu-tools-debuginfo-5.2.0-150300.118.3 - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): qemu-5.2.0-150300.118.3 qemu-audio-spice-5.2.0-150300.118.3 qemu-audio-spice-debuginfo-5.2.0-150300.118.3 qemu-chardev-spice-5.2.0-150300.118.3 qemu-chardev-spice-debuginfo-5.2.0-150300.118.3 qemu-debuginfo-5.2.0-150300.118.3 qemu-debugsource-5.2.0-150300.118.3 qemu-guest-agent-5.2.0-150300.118.3 qemu-guest-agent-debuginfo-5.2.0-150300.118.3 qemu-hw-display-qxl-5.2.0-150300.118.3 qemu-hw-display-qxl-debuginfo-5.2.0-150300.118.3 qemu-hw-display-virtio-gpu-5.2.0-150300.118.3 qemu-hw-display-virtio-gpu-debuginfo-5.2.0-150300.118.3 qemu-hw-display-virtio-vga-5.2.0-150300.118.3 qemu-hw-display-virtio-vga-debuginfo-5.2.0-150300.118.3 qemu-hw-usb-redirect-5.2.0-150300.118.3 qemu-hw-usb-redirect-debuginfo-5.2.0-150300.118.3 qemu-tools-5.2.0-150300.118.3 qemu-tools-debuginfo-5.2.0-150300.118.3 qemu-ui-opengl-5.2.0-150300.118.3 qemu-ui-opengl-debuginfo-5.2.0-150300.118.3 qemu-ui-spice-core-5.2.0-150300.118.3 qemu-ui-spice-core-debuginfo-5.2.0-150300.118.3 - SUSE Linux Enterprise Micro 5.2 (aarch64): qemu-arm-5.2.0-150300.118.3 qemu-arm-debuginfo-5.2.0-150300.118.3 - SUSE Linux Enterprise Micro 5.2 (noarch): qemu-ipxe-1.0.0+-150300.118.3 qemu-seabios-1.14.0_0_g155821a-150300.118.3 qemu-sgabios-8-150300.118.3 qemu-vgabios-1.14.0_0_g155821a-150300.118.3 - SUSE Linux Enterprise Micro 5.2 (x86_64): qemu-x86-5.2.0-150300.118.3 qemu-x86-debuginfo-5.2.0-150300.118.3 - SUSE Linux Enterprise Micro 5.2 (s390x): qemu-s390x-5.2.0-150300.118.3 qemu-s390x-debuginfo-5.2.0-150300.118.3 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): qemu-5.2.0-150300.118.3 qemu-debuginfo-5.2.0-150300.118.3 qemu-debugsource-5.2.0-150300.118.3 qemu-tools-5.2.0-150300.118.3 qemu-tools-debuginfo-5.2.0-150300.118.3 - SUSE Linux Enterprise Micro 5.1 (aarch64): qemu-arm-5.2.0-150300.118.3 qemu-arm-debuginfo-5.2.0-150300.118.3 - SUSE Linux Enterprise Micro 5.1 (x86_64): qemu-x86-5.2.0-150300.118.3 qemu-x86-debuginfo-5.2.0-150300.118.3 - SUSE Linux Enterprise Micro 5.1 (noarch): qemu-ipxe-1.0.0+-150300.118.3 qemu-seabios-1.14.0_0_g155821a-150300.118.3 qemu-sgabios-8-150300.118.3 qemu-vgabios-1.14.0_0_g155821a-150300.118.3 - SUSE Linux Enterprise Micro 5.1 (s390x): qemu-s390x-5.2.0-150300.118.3 qemu-s390x-debuginfo-5.2.0-150300.118.3 References: https://www.suse.com/security/cve/CVE-2022-0216.html https://www.suse.com/security/cve/CVE-2022-35414.html https://bugzilla.suse.com/1192115 https://bugzilla.suse.com/1198038 https://bugzilla.suse.com/1201367 From sle-updates at lists.suse.com Wed Oct 19 16:24:34 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 19 Oct 2022 18:24:34 +0200 (CEST) Subject: SUSE-SU-2022:3657-1: important: Security update for the Linux Kernel (Live Patch 15 for SLE 15 SP3) Message-ID: <20221019162434.76A84FD2F@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 15 for SLE 15 SP3) ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3657-1 Rating: important References: #1203067 #1203624 #1203994 #1204290 #1204291 #1204292 Cross-References: CVE-2022-39189 CVE-2022-41222 CVE-2022-41674 CVE-2022-42719 CVE-2022-42720 CVE-2022-42721 CVSS scores: CVE-2022-39189 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-39189 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-41222 (NVD) : 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-41222 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-41674 (NVD) : 8.1 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H CVE-2022-41674 (SUSE): 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-42719 (NVD) : 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-42719 (SUSE): 7.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-42720 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-42720 (SUSE): 7.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-42721 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-42721 (SUSE): 7.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Module for Live Patching 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 ______________________________________________________________________________ An update that fixes 6 vulnerabilities is now available. Description: This update for the Linux Kernel 5.3.18-150300_59_54 fixes several issues. The following security issues were fixed: - CVE-2022-41674: Fixed buffer overflow that can be triggered by injected WLAN frames (bsc#1203994). - CVE-2022-42719: Fixed use-after-free in the mac80211 stack when parsing a multi-BSSID element (bsc#1204292). - CVE-2022-42720: Fixed refcounting bugs in the multi-BSS handling of the mac80211 stack (bsc#1204291). - CVE-2022-42721: Fixed list management bug in BSS handling of the mac80211 stack (bsc#1204290). - CVE-2022-41222: Fixed a use-after-free via a stale TLB (bsc#1203624). - CVE-2022-39189: Fixed mishandled TLB flush operation in certain KVM_VCPU_PREEMPTED situations (bsc#1203067). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15-SP3: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2022-3657=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15-SP3 (ppc64le s390x x86_64): kernel-livepatch-5_3_18-150300_59_54-default-13-150300.2.2 References: https://www.suse.com/security/cve/CVE-2022-39189.html https://www.suse.com/security/cve/CVE-2022-41222.html https://www.suse.com/security/cve/CVE-2022-41674.html https://www.suse.com/security/cve/CVE-2022-42719.html https://www.suse.com/security/cve/CVE-2022-42720.html https://www.suse.com/security/cve/CVE-2022-42721.html https://bugzilla.suse.com/1203067 https://bugzilla.suse.com/1203624 https://bugzilla.suse.com/1203994 https://bugzilla.suse.com/1204290 https://bugzilla.suse.com/1204291 https://bugzilla.suse.com/1204292 From sle-updates at lists.suse.com Wed Oct 19 16:25:46 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 19 Oct 2022 18:25:46 +0200 (CEST) Subject: SUSE-SU-2022:3655-1: important: Security update for buildah Message-ID: <20221019162546.A3269FD2F@maintenance.suse.de> SUSE Security Update: Security update for buildah ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3655-1 Rating: important References: #1167864 #1181961 #1202812 Cross-References: CVE-2020-10696 CVE-2021-20206 CVE-2022-2990 CVSS scores: CVE-2020-10696 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2020-10696 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-20206 (NVD) : 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-20206 (SUSE): 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-2990 (NVD) : 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N CVE-2022-2990 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Containers 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for buildah fixes the following issues: Buildah was updated to version 1.27.1: - CVE-2021-20206: Fixed an issue in libcni that could allow an attacker to execute arbitrary binaries on the host (bsc#1181961). - CVE-2020-10696: Fixed an issue that could lead to files being overwritten during the image building process (bsc#1167864). - CVE-2022-2990: Fixed a possible information disclosure and modification (bsc#1202812). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3655=1 - SUSE Linux Enterprise Module for Containers 15-SP4: zypper in -t patch SUSE-SLE-Module-Containers-15-SP4-2022-3655=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): buildah-1.27.1-150400.3.8.1 - SUSE Linux Enterprise Module for Containers 15-SP4 (aarch64 ppc64le s390x x86_64): buildah-1.27.1-150400.3.8.1 References: https://www.suse.com/security/cve/CVE-2020-10696.html https://www.suse.com/security/cve/CVE-2021-20206.html https://www.suse.com/security/cve/CVE-2022-2990.html https://bugzilla.suse.com/1167864 https://bugzilla.suse.com/1181961 https://bugzilla.suse.com/1202812 From sle-updates at lists.suse.com Wed Oct 19 16:26:44 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 19 Oct 2022 18:26:44 +0200 (CEST) Subject: SUSE-SU-2022:3656-1: important: Security update for nodejs16 Message-ID: <20221019162644.55A0DFD2F@maintenance.suse.de> SUSE Security Update: Security update for nodejs16 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3656-1 Rating: important References: #1201325 #1201327 #1203831 #1203832 Cross-References: CVE-2022-32213 CVE-2022-32215 CVE-2022-35255 CVE-2022-35256 CVSS scores: CVE-2022-32213 (NVD) : 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVE-2022-32213 (SUSE): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H CVE-2022-32215 (NVD) : 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVE-2022-32215 (SUSE): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N CVE-2022-35255 (SUSE): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N CVE-2022-35256 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Web Scripting 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for nodejs16 fixes the following issues: Updated to version 16.17.1: - CVE-2022-32213: Fixed bypass via obs-fold mechanic (bsc#1201325). - CVE-2022-32215: Fixed incorrect Parsing of Multi-line Transfer-Encoding (bsc#1201327). - CVE-2022-35256: Fixed incorrect Parsing of Header Fields (bsc#1203832). - CVE-2022-35255: FIxed weak randomness in WebCrypto keygen (bsc#1203831). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3656=1 - SUSE Linux Enterprise Module for Web Scripting 15-SP4: zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP4-2022-3656=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): corepack16-16.17.1-150400.3.9.1 nodejs16-16.17.1-150400.3.9.1 nodejs16-debuginfo-16.17.1-150400.3.9.1 nodejs16-debugsource-16.17.1-150400.3.9.1 nodejs16-devel-16.17.1-150400.3.9.1 npm16-16.17.1-150400.3.9.1 - openSUSE Leap 15.4 (noarch): nodejs16-docs-16.17.1-150400.3.9.1 - SUSE Linux Enterprise Module for Web Scripting 15-SP4 (aarch64 ppc64le s390x x86_64): nodejs16-16.17.1-150400.3.9.1 nodejs16-debuginfo-16.17.1-150400.3.9.1 nodejs16-debugsource-16.17.1-150400.3.9.1 nodejs16-devel-16.17.1-150400.3.9.1 npm16-16.17.1-150400.3.9.1 - SUSE Linux Enterprise Module for Web Scripting 15-SP4 (noarch): nodejs16-docs-16.17.1-150400.3.9.1 References: https://www.suse.com/security/cve/CVE-2022-32213.html https://www.suse.com/security/cve/CVE-2022-32215.html https://www.suse.com/security/cve/CVE-2022-35255.html https://www.suse.com/security/cve/CVE-2022-35256.html https://bugzilla.suse.com/1201325 https://bugzilla.suse.com/1201327 https://bugzilla.suse.com/1203831 https://bugzilla.suse.com/1203832 From sle-updates at lists.suse.com Wed Oct 19 22:21:42 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 20 Oct 2022 00:21:42 +0200 (CEST) Subject: SUSE-SU-2022:3665-1: important: Security update for xen Message-ID: <20221019222142.14EADFBAE@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3665-1 Rating: important References: #1027519 #1167608 #1185104 #1197081 #1200762 #1201394 #1201631 #1203806 #1203807 Cross-References: CVE-2021-28689 CVE-2022-26365 CVE-2022-33740 CVE-2022-33741 CVE-2022-33742 CVE-2022-33745 CVE-2022-33746 CVE-2022-33748 CVSS scores: CVE-2021-28689 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2021-28689 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-26365 (NVD) : 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2022-26365 (SUSE): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H CVE-2022-33740 (NVD) : 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2022-33740 (SUSE): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H CVE-2022-33741 (NVD) : 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2022-33741 (SUSE): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H CVE-2022-33742 (NVD) : 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2022-33742 (SUSE): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H CVE-2022-33745 (NVD) : 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H CVE-2022-33745 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2022-33746 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2022-33746 (SUSE): 5.3 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2022-33748 (NVD) : 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2022-33748 (SUSE): 5.3 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Server Applications 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap Micro 5.2 ______________________________________________________________________________ An update that solves 8 vulnerabilities and has one errata is now available. Description: This update for xen fixes the following issues: - CVE-2022-33746: Fixed DoS due to excessively long P2M pool freeing (bsc#1203806). - CVE-2022-33748: Fixed DoS due to race in locking (bsc#1203807). - CVE-2022-26365: Fixed issue where Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (bsc#1200762). - CVE-2022-33740: Fixed issue where Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (bsc#1200762). - CVE-2022-33741: Fixed issue where data residing in the same 4K page as data shared with a backend was being accessible by such backend (bsc#1200762). - CVE-2022-33742: Fixed issue where data residing in the same 4K page as data shared with a backend was being accessible by such backend (bsc#1200762). - CVE-2022-33745: Fixed an insufficient TLB flush for x86 PV guests in shadow mode (bsc#1201394). - CVE-2021-28689: Fixed speculative vulnerabilities with bare (non-shim) 32-bit PV guests (bsc#1185104). Bugfixes: - Fixed logic error in built-in default of max_event_channels (bsc#1167608, bsc#1201631). - Fixed issue where dom0 fails to boot with constrained vcpus and nodes (bsc#1197081). - Included upstream bugfixes (bsc#1027519). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap Micro 5.2: zypper in -t patch openSUSE-Leap-Micro-5.2-2022-3665=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-3665=1 - SUSE Linux Enterprise Module for Server Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2022-3665=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-3665=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-3665=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-3665=1 Package List: - openSUSE Leap Micro 5.2 (x86_64): xen-debugsource-4.14.5_06-150300.3.35.1 xen-libs-4.14.5_06-150300.3.35.1 xen-libs-debuginfo-4.14.5_06-150300.3.35.1 - openSUSE Leap 15.3 (aarch64 x86_64): xen-4.14.5_06-150300.3.35.1 xen-debugsource-4.14.5_06-150300.3.35.1 xen-devel-4.14.5_06-150300.3.35.1 xen-doc-html-4.14.5_06-150300.3.35.1 xen-libs-4.14.5_06-150300.3.35.1 xen-libs-debuginfo-4.14.5_06-150300.3.35.1 xen-tools-4.14.5_06-150300.3.35.1 xen-tools-debuginfo-4.14.5_06-150300.3.35.1 xen-tools-domU-4.14.5_06-150300.3.35.1 xen-tools-domU-debuginfo-4.14.5_06-150300.3.35.1 - openSUSE Leap 15.3 (x86_64): xen-libs-32bit-4.14.5_06-150300.3.35.1 xen-libs-32bit-debuginfo-4.14.5_06-150300.3.35.1 - openSUSE Leap 15.3 (noarch): xen-tools-xendomains-wait-disk-4.14.5_06-150300.3.35.1 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (x86_64): xen-4.14.5_06-150300.3.35.1 xen-debugsource-4.14.5_06-150300.3.35.1 xen-devel-4.14.5_06-150300.3.35.1 xen-tools-4.14.5_06-150300.3.35.1 xen-tools-debuginfo-4.14.5_06-150300.3.35.1 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (noarch): xen-tools-xendomains-wait-disk-4.14.5_06-150300.3.35.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (x86_64): xen-debugsource-4.14.5_06-150300.3.35.1 xen-libs-4.14.5_06-150300.3.35.1 xen-libs-debuginfo-4.14.5_06-150300.3.35.1 xen-tools-domU-4.14.5_06-150300.3.35.1 xen-tools-domU-debuginfo-4.14.5_06-150300.3.35.1 - SUSE Linux Enterprise Micro 5.2 (x86_64): xen-debugsource-4.14.5_06-150300.3.35.1 xen-libs-4.14.5_06-150300.3.35.1 xen-libs-debuginfo-4.14.5_06-150300.3.35.1 - SUSE Linux Enterprise Micro 5.1 (x86_64): xen-debugsource-4.14.5_06-150300.3.35.1 xen-libs-4.14.5_06-150300.3.35.1 xen-libs-debuginfo-4.14.5_06-150300.3.35.1 References: https://www.suse.com/security/cve/CVE-2021-28689.html https://www.suse.com/security/cve/CVE-2022-26365.html https://www.suse.com/security/cve/CVE-2022-33740.html https://www.suse.com/security/cve/CVE-2022-33741.html https://www.suse.com/security/cve/CVE-2022-33742.html https://www.suse.com/security/cve/CVE-2022-33745.html https://www.suse.com/security/cve/CVE-2022-33746.html https://www.suse.com/security/cve/CVE-2022-33748.html https://bugzilla.suse.com/1027519 https://bugzilla.suse.com/1167608 https://bugzilla.suse.com/1185104 https://bugzilla.suse.com/1197081 https://bugzilla.suse.com/1200762 https://bugzilla.suse.com/1201394 https://bugzilla.suse.com/1201631 https://bugzilla.suse.com/1203806 https://bugzilla.suse.com/1203807 From sle-updates at lists.suse.com Wed Oct 19 22:23:12 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 20 Oct 2022 00:23:12 +0200 (CEST) Subject: SUSE-RU-2022:3664-1: moderate: Recommended update for qmlpluginexports Message-ID: <20221019222312.2356AFBAE@maintenance.suse.de> SUSE Recommended Update: Recommended update for qmlpluginexports ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:3664-1 Rating: moderate References: #1201268 PED-1898 Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Development Tools 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has one recommended fix and contains one feature can now be installed. Description: This update of qmlpluginexports ships the missing qmlpluginexports-qt5 package. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3664=1 - SUSE Linux Enterprise Module for Development Tools 15-SP4: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2022-3664=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): qmlpluginexports-qt5-1.0-150400.3.2.1 qmlpluginexports-qt5-debuginfo-1.0-150400.3.2.1 qmlpluginexports-qt5-debugsource-1.0-150400.3.2.1 qmlpluginexports-qt6-1.0-150400.3.2.1 qmlpluginexports-qt6-debuginfo-1.0-150400.3.2.1 qmlpluginexports-qt6-debugsource-1.0-150400.3.2.1 - SUSE Linux Enterprise Module for Development Tools 15-SP4 (aarch64 ppc64le s390x x86_64): qmlpluginexports-qt5-1.0-150400.3.2.1 References: https://bugzilla.suse.com/1201268 From sle-updates at lists.suse.com Wed Oct 19 22:23:56 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 20 Oct 2022 00:23:56 +0200 (CEST) Subject: SUSE-RU-2022:3663-1: moderate: Recommended update for openssl-1_1 Message-ID: <20221019222356.A5D3BFBAE@maintenance.suse.de> SUSE Recommended Update: Recommended update for openssl-1_1 ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:3663-1 Rating: moderate References: #1121365 #1180995 #1190651 #1190653 #1190888 #1193859 #1198471 #1198472 #1201293 #1202148 #1203046 #1203069 SLE-24941 Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has 12 recommended fixes and contains one feature can now be installed. Description: This update for openssl-1_1 fixes the following issues: - FIPS: Default to RFC-7919 groups for genparam and dhparam - FIPS: list only FIPS approved digest and public key algorithms [bsc#1121365, bsc#1190888, bsc#1193859, bsc#1198471, bsc#1198472] - FIPS: Add KAT for the RAND_DRBG implementation [bsc#1203069] - FIPS: openssl: RAND api should call into FIPS DRBG [bsc#1201293] * The FIPS_drbg implementation is not FIPS validated anymore. To provide backwards compatibility for applications that need FIPS compliant RNG number generation and use FIPS_drbg_generate, this function was re-wired to call the FIPS validated DRBG instance instead through the RAND_bytes() call. - FIPS: Fix minor memory leaks by FIPS patch [bsc#1203046] - FIPS: OpenSSL: Port openssl to use jitterentropy [bsc#1202148, jsc#SLE-24941] libcrypto.so now requires libjitterentropy3 library. - FIPS: OpenSSL Provide a service-level indicator [bsc#1190651] - FIPS: Add zeroization of temporary variables to the hmac integrity function FIPSCHECK_verify(). [bsc#1190653] Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3663=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-3663=1 - SUSE Linux Enterprise Micro 5.3: zypper in -t patch SUSE-SLE-Micro-5.3-2022-3663=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): libopenssl-1_1-devel-1.1.1l-150400.7.10.5 libopenssl1_1-1.1.1l-150400.7.10.5 libopenssl1_1-debuginfo-1.1.1l-150400.7.10.5 libopenssl1_1-hmac-1.1.1l-150400.7.10.5 openssl-1_1-1.1.1l-150400.7.10.5 openssl-1_1-debuginfo-1.1.1l-150400.7.10.5 openssl-1_1-debugsource-1.1.1l-150400.7.10.5 - openSUSE Leap 15.4 (noarch): openssl-1_1-doc-1.1.1l-150400.7.10.5 - openSUSE Leap 15.4 (x86_64): libopenssl-1_1-devel-32bit-1.1.1l-150400.7.10.5 libopenssl1_1-32bit-1.1.1l-150400.7.10.5 libopenssl1_1-32bit-debuginfo-1.1.1l-150400.7.10.5 libopenssl1_1-hmac-32bit-1.1.1l-150400.7.10.5 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): libopenssl-1_1-devel-1.1.1l-150400.7.10.5 libopenssl1_1-1.1.1l-150400.7.10.5 libopenssl1_1-debuginfo-1.1.1l-150400.7.10.5 libopenssl1_1-hmac-1.1.1l-150400.7.10.5 openssl-1_1-1.1.1l-150400.7.10.5 openssl-1_1-debuginfo-1.1.1l-150400.7.10.5 openssl-1_1-debugsource-1.1.1l-150400.7.10.5 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (x86_64): libopenssl1_1-32bit-1.1.1l-150400.7.10.5 libopenssl1_1-32bit-debuginfo-1.1.1l-150400.7.10.5 libopenssl1_1-hmac-32bit-1.1.1l-150400.7.10.5 - SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64): libopenssl-1_1-devel-1.1.1l-150400.7.10.5 libopenssl1_1-1.1.1l-150400.7.10.5 libopenssl1_1-debuginfo-1.1.1l-150400.7.10.5 libopenssl1_1-hmac-1.1.1l-150400.7.10.5 openssl-1_1-1.1.1l-150400.7.10.5 openssl-1_1-debuginfo-1.1.1l-150400.7.10.5 openssl-1_1-debugsource-1.1.1l-150400.7.10.5 References: https://bugzilla.suse.com/1121365 https://bugzilla.suse.com/1180995 https://bugzilla.suse.com/1190651 https://bugzilla.suse.com/1190653 https://bugzilla.suse.com/1190888 https://bugzilla.suse.com/1193859 https://bugzilla.suse.com/1198471 https://bugzilla.suse.com/1198472 https://bugzilla.suse.com/1201293 https://bugzilla.suse.com/1202148 https://bugzilla.suse.com/1203046 https://bugzilla.suse.com/1203069 From sle-updates at lists.suse.com Wed Oct 19 22:25:50 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 20 Oct 2022 00:25:50 +0200 (CEST) Subject: SUSE-SU-2022:3666-1: important: Security update for helm Message-ID: <20221019222550.78456FBAE@maintenance.suse.de> SUSE Security Update: Security update for helm ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3666-1 Rating: important References: #1200528 #1203054 Cross-References: CVE-2022-1996 CVE-2022-36055 CVSS scores: CVE-2022-1996 (NVD) : 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVE-2022-1996 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-36055 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-36055 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Containers 15-SP3 SUSE Linux Enterprise Module for Containers 15-SP4 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for helm fixes the following issues: helm was updated to version 3.9.4: * CVE-2022-36055: Fixed denial of service through string value parsing (bsc#1203054). * Updating the certificates used for testing * Updating index handling helm was updated to version 3.9.3: - CVE-2022-1996: Updated kube-openapi to fix an issue that could result in a CORS protection bypass (bsc#1200528). * Fix missing array length check on release helm was updated to version 3.9.2: * Update of the circleci image helm was updated to version 3.9.1: * Update to support Kubernetes 1.24.2 * Improve logging and safety of statefulSetReady * Make token caching an opt-in feature * Bump github.com/lib/pq from 1.10.5 to 1.10.6 * Bump github.com/Masterminds/squirrel from 1.5.2 to 1.5.3 helm was updated to version 3.9.0: * Added a --quiet flag to helm lint * Added a --post-renderer-args flag to support arguments being passed to the post renderer * Added more checks during the signing process * Updated to add Kubernetes 1.24 support helm was updated to version 3.8.2: * Bump oras.land/oras-go from 1.1.0 to 1.1.1 * Fixing downloader plugin error handling * Simplify testdata charts * Simplify testdata charts * Add tests for multi-level dependencies. * Fix value precedence * Bumping Kubernetes package versions * Updating vcs to latest version * Dont modify provided transport * Pass http getter as pointer in tests * Add docs block * Add transport option and tests * Reuse http transport * Updating Kubernetes libs to 0.23.4 (latest) * fix: remove deadcode * fix: helm package tests * fix: helm package with dependency update for charts with OCI dependencies * Fix typo Unset the env var before func return in Unit Test * add legal name check * maint: fix syntax error in deploy.sh * linting issue fixed * only apply overwrite if version is canary * overwrite flag added to az storage blob upload-batch * Avoid querying for OCI tags can explicit version provided in chart dependencies * Management of bearer tokens for tag listing * Updating Kubernetes packages to 1.23.3 * refactor: use `os.ReadDir` for lightweight directory reading * Add IngressClass to manifests to be (un)installed * feat(comp): Shell completion for OCI * Fix install memory/goroutine leak Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3666=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-3666=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2022-3666=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2022-3666=1 - SUSE Linux Enterprise Module for Containers 15-SP4: zypper in -t patch SUSE-SLE-Module-Containers-15-SP4-2022-3666=1 - SUSE Linux Enterprise Module for Containers 15-SP3: zypper in -t patch SUSE-SLE-Module-Containers-15-SP3-2022-3666=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): helm-3.9.4-150000.1.10.3 helm-debuginfo-3.9.4-150000.1.10.3 - openSUSE Leap 15.4 (noarch): helm-bash-completion-3.9.4-150000.1.10.3 helm-fish-completion-3.9.4-150000.1.10.3 helm-zsh-completion-3.9.4-150000.1.10.3 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): helm-3.9.4-150000.1.10.3 helm-debuginfo-3.9.4-150000.1.10.3 - openSUSE Leap 15.3 (noarch): helm-bash-completion-3.9.4-150000.1.10.3 helm-zsh-completion-3.9.4-150000.1.10.3 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 (noarch): helm-fish-completion-3.9.4-150000.1.10.3 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (noarch): helm-fish-completion-3.9.4-150000.1.10.3 - SUSE Linux Enterprise Module for Containers 15-SP4 (aarch64 ppc64le s390x x86_64): helm-3.9.4-150000.1.10.3 helm-debuginfo-3.9.4-150000.1.10.3 - SUSE Linux Enterprise Module for Containers 15-SP4 (noarch): helm-bash-completion-3.9.4-150000.1.10.3 helm-zsh-completion-3.9.4-150000.1.10.3 - SUSE Linux Enterprise Module for Containers 15-SP3 (aarch64 ppc64le s390x x86_64): helm-3.9.4-150000.1.10.3 helm-debuginfo-3.9.4-150000.1.10.3 - SUSE Linux Enterprise Module for Containers 15-SP3 (noarch): helm-bash-completion-3.9.4-150000.1.10.3 helm-zsh-completion-3.9.4-150000.1.10.3 References: https://www.suse.com/security/cve/CVE-2022-1996.html https://www.suse.com/security/cve/CVE-2022-36055.html https://bugzilla.suse.com/1200528 https://bugzilla.suse.com/1203054 From sle-updates at lists.suse.com Thu Oct 20 01:20:06 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 20 Oct 2022 03:20:06 +0200 (CEST) Subject: SUSE-SU-2022:3669-1: important: Security update for go1.19 Message-ID: <20221020012006.C615FFBA8@maintenance.suse.de> SUSE Security Update: Security update for go1.19 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3669-1 Rating: important References: #1200441 #1204023 #1204024 #1204025 Cross-References: CVE-2022-2879 CVE-2022-2880 CVE-2022-41715 CVSS scores: CVE-2022-2879 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-2879 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-2880 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVE-2022-2880 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-41715 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-41715 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Development Tools 15-SP3 SUSE Linux Enterprise Module for Development Tools 15-SP4 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that solves three vulnerabilities and has one errata is now available. Description: This update for go1.19 fixes the following issues: Updated to version 1.19.2 (bsc#1200441): - CVE-2022-41715: Fixed memory exhaustion in regexp/syntax (bsc#1204023). - CVE-2022-2879: Fixed unbounded memory consumption when reading headers in archive/tar (bsc#1204024). - CVE-2022-2880: Fixed ReverseProxy forwarding unparseable query parameters (bsc#1204025). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3669=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-3669=1 - SUSE Linux Enterprise Module for Development Tools 15-SP4: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2022-3669=1 - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2022-3669=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): go1.19-1.19.2-150000.1.12.1 go1.19-doc-1.19.2-150000.1.12.1 - openSUSE Leap 15.4 (aarch64 x86_64): go1.19-race-1.19.2-150000.1.12.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): go1.19-1.19.2-150000.1.12.1 go1.19-doc-1.19.2-150000.1.12.1 - openSUSE Leap 15.3 (aarch64 x86_64): go1.19-race-1.19.2-150000.1.12.1 - SUSE Linux Enterprise Module for Development Tools 15-SP4 (aarch64 ppc64le s390x x86_64): go1.19-1.19.2-150000.1.12.1 go1.19-doc-1.19.2-150000.1.12.1 - SUSE Linux Enterprise Module for Development Tools 15-SP4 (aarch64 x86_64): go1.19-race-1.19.2-150000.1.12.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le s390x x86_64): go1.19-1.19.2-150000.1.12.1 go1.19-doc-1.19.2-150000.1.12.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 x86_64): go1.19-race-1.19.2-150000.1.12.1 References: https://www.suse.com/security/cve/CVE-2022-2879.html https://www.suse.com/security/cve/CVE-2022-2880.html https://www.suse.com/security/cve/CVE-2022-41715.html https://bugzilla.suse.com/1200441 https://bugzilla.suse.com/1204023 https://bugzilla.suse.com/1204024 https://bugzilla.suse.com/1204025 From sle-updates at lists.suse.com Thu Oct 20 01:21:08 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 20 Oct 2022 03:21:08 +0200 (CEST) Subject: SUSE-SU-2022:3668-1: important: Security update for go1.18 Message-ID: <20221020012108.D8421FBA8@maintenance.suse.de> SUSE Security Update: Security update for go1.18 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3668-1 Rating: important References: #1193742 #1204023 #1204024 #1204025 Cross-References: CVE-2022-2879 CVE-2022-2880 CVE-2022-41715 CVSS scores: CVE-2022-2879 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-2879 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-2880 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVE-2022-2880 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-41715 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-41715 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Development Tools 15-SP3 SUSE Linux Enterprise Module for Development Tools 15-SP4 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that solves three vulnerabilities and has one errata is now available. Description: This update for go1.18 fixes the following issues: Updated to version 1.18.7 (bsc#1193742): - CVE-2022-41715: Fixed memory exhaustion in regexp/syntax (bsc#1204023). - CVE-2022-2879: Fixed unbounded memory consumption when reading headers in archive/tar (bsc#1204024). - CVE-2022-2880: Fixed ReverseProxy forwarding unparseable query parameters (bsc#1204025). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3668=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-3668=1 - SUSE Linux Enterprise Module for Development Tools 15-SP4: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2022-3668=1 - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2022-3668=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): go1.18-1.18.7-150000.1.34.1 go1.18-doc-1.18.7-150000.1.34.1 - openSUSE Leap 15.4 (aarch64 x86_64): go1.18-race-1.18.7-150000.1.34.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): go1.18-1.18.7-150000.1.34.1 go1.18-doc-1.18.7-150000.1.34.1 - openSUSE Leap 15.3 (aarch64 x86_64): go1.18-race-1.18.7-150000.1.34.1 - SUSE Linux Enterprise Module for Development Tools 15-SP4 (aarch64 ppc64le s390x x86_64): go1.18-1.18.7-150000.1.34.1 go1.18-doc-1.18.7-150000.1.34.1 - SUSE Linux Enterprise Module for Development Tools 15-SP4 (aarch64 x86_64): go1.18-race-1.18.7-150000.1.34.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le s390x x86_64): go1.18-1.18.7-150000.1.34.1 go1.18-doc-1.18.7-150000.1.34.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 x86_64): go1.18-race-1.18.7-150000.1.34.1 References: https://www.suse.com/security/cve/CVE-2022-2879.html https://www.suse.com/security/cve/CVE-2022-2880.html https://www.suse.com/security/cve/CVE-2022-41715.html https://bugzilla.suse.com/1193742 https://bugzilla.suse.com/1204023 https://bugzilla.suse.com/1204024 https://bugzilla.suse.com/1204025 From sle-updates at lists.suse.com Thu Oct 20 01:22:10 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 20 Oct 2022 03:22:10 +0200 (CEST) Subject: SUSE-SU-2022:3667-1: moderate: Security update for clone-master-clean-up Message-ID: <20221020012210.636B5FBA8@maintenance.suse.de> SUSE Security Update: Security update for clone-master-clean-up ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3667-1 Rating: moderate References: #1181050 #1203651 Cross-References: CVE-2021-32000 CVSS scores: CVE-2021-32000 (NVD) : 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H CVE-2021-32000 (SUSE): 5 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Server Applications 15-SP3 SUSE Linux Enterprise Module for Server Applications 15-SP4 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for clone-master-clean-up fixes the following issues: - CVE-2021-32000: Fixed some potentially dangerous file system operations (bsc#1181050). Bugfixes: - Fixed clone-master-clean-up failing to remove btrfs snapshots (bsc#1203651). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3667=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-3667=1 - SUSE Linux Enterprise Module for Server Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2022-3667=1 - SUSE Linux Enterprise Module for Server Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2022-3667=1 Package List: - openSUSE Leap 15.4 (noarch): clone-master-clean-up-1.8-150100.3.14.1 - openSUSE Leap 15.3 (noarch): clone-master-clean-up-1.8-150100.3.14.1 - SUSE Linux Enterprise Module for Server Applications 15-SP4 (noarch): clone-master-clean-up-1.8-150100.3.14.1 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (noarch): clone-master-clean-up-1.8-150100.3.14.1 References: https://www.suse.com/security/cve/CVE-2021-32000.html https://bugzilla.suse.com/1181050 https://bugzilla.suse.com/1203651 From sle-updates at lists.suse.com Thu Oct 20 07:02:25 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 20 Oct 2022 09:02:25 +0200 (CEST) Subject: SUSE-IU-2022:1108-1: Security update of suse-sles-15-sp4-chost-byos-v20221018-x86_64-gen2 Message-ID: <20221020070225.E5EA8FBA8@maintenance.suse.de> SUSE Image Update Advisory: suse-sles-15-sp4-chost-byos-v20221018-x86_64-gen2 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2022:1108-1 Image Tags : suse-sles-15-sp4-chost-byos-v20221018-x86_64-gen2:20221018 Image Release : Severity : critical Type : security References : 1181994 1182983 1188006 1189282 1190700 1191020 1198197 1198523 1198828 1198976 1199079 1199492 1201942 1201972 1202117 1202624 1202821 1202868 1203438 1203649 CVE-2021-28861 CVE-2022-29869 CVE-2022-40674 ----------------------------------------------------------------- The container suse-sles-15-sp4-chost-byos-v20221018-x86_64-gen2 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3395-1 Released: Mon Sep 26 16:35:18 2022 Summary: Recommended update for ca-certificates-mozilla Type: recommended Severity: moderate References: 1181994,1188006,1199079,1202868 This update for ca-certificates-mozilla fixes the following issues: Updated to 2.56 state of Mozilla SSL root CAs (bsc#1202868) - Added: - Certainly Root E1 - Certainly Root R1 - DigiCert SMIME ECC P384 Root G5 - DigiCert SMIME RSA4096 Root G5 - DigiCert TLS ECC P384 Root G5 - DigiCert TLS RSA4096 Root G5 - E-Tugra Global Root CA ECC v3 - E-Tugra Global Root CA RSA v3 - Removed: - Hellenic Academic and Research Institutions RootCA 2011 Updated to 2.54 state of Mozilla SSL root CAs (bsc#1199079) - Added: - Autoridad de Certificacion Firmaprofesional CIF A62634068 - D-TRUST BR Root CA 1 2020 - D-TRUST EV Root CA 1 2020 - GlobalSign ECC Root CA R4 - GTS Root R1 - GTS Root R2 - GTS Root R3 - GTS Root R4 - HiPKI Root CA - G1 - ISRG Root X2 - Telia Root CA v2 - vTrus ECC Root CA - vTrus Root CA - Removed: - Cybertrust Global Root - DST Root CA X3 - DigiNotar PKIoverheid CA Organisatie - G2 - GlobalSign ECC Root CA R4 - GlobalSign Root CA R2 - GTS Root R1 - GTS Root R2 - GTS Root R3 - GTS Root R4 Updated to 2.50 state of the Mozilla NSS Certificate store (bsc#1188006) - Added: - HARICA Client ECC Root CA 2021 - HARICA Client RSA Root CA 2021 - HARICA TLS ECC Root CA 2021 - HARICA TLS RSA Root CA 2021 - TunTrust Root CA Updated to 2.46 state of the Mozilla NSS Certificate store (bsc#1181994) - Added new root CAs: - NAVER Global Root Certification Authority - Removed old root CAs: - GeoTrust Global CA - GeoTrust Primary Certification Authority - GeoTrust Primary Certification Authority - G3 - GeoTrust Universal CA - GeoTrust Universal CA 2 - thawte Primary Root CA - thawte Primary Root CA - G2 - thawte Primary Root CA - G3 - VeriSign Class 3 Public Primary Certification Authority - G4 - VeriSign Class 3 Public Primary Certification Authority - G5 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3435-1 Released: Tue Sep 27 14:55:38 2022 Summary: Recommended update for runc Type: recommended Severity: important References: 1202821 This update for runc fixes the following issues: - Fix mounting via wrong proc fd. When the user and mount namespaces are used, and the bind mount is followed by the cgroup mount in the spec, the cgroup was mounted using the bind mount's mount fd. - Fix 'permission denied' error from runc run on noexec fs - Fix regression causing a failed 'exec' error after systemctl daemon-reload (bsc#1202821) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3449-1 Released: Tue Sep 27 20:12:03 2022 Summary: Recommended update for perl-Bootloader Type: recommended Severity: moderate References: 1198197,1198828 This update for perl-Bootloader fixes the following issues: - Fix sysconfig parsing (bsc#1198828) - grub2/install: Reset error code when passing through recover code. (bsc#1198197) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3452-1 Released: Wed Sep 28 12:13:43 2022 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1201942 This update for glibc fixes the following issues: - Reversing calculation of __x86_shared_non_temporal_threshold (bsc#1201942) - powerpc: Optimized memcmp for power10 (jsc#PED-987) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3489-1 Released: Sat Oct 1 13:35:24 2022 Summary: Security update for expat Type: security Severity: important References: 1203438,CVE-2022-40674 This update for expat fixes the following issues: - CVE-2022-40674: Fixed use-after-free in the doContent function in xmlparse.c (bsc#1203438). ----------------------------------------------------------------- Advisory ID: SUSE-feature-2022:3520-1 Released: Tue Oct 4 14:18:34 2022 Summary: Feature update for dmidecode Type: feature Severity: moderate References: This feature update for dmidecode fixes the following issues: Update dmidecode from version 3.2 to version 3.4 (jsc#SLE-24502, jsc#SLE-24591, jsc#PED-411): - Add bios-revision, firmware-revision and system-sku-number to `-s` option - Decode HPE OEM records 194, 199, 203, 236, 237, 238 ans 240 - Decode system slot base bus width and peers - Document how the UUID fields are interpreted - Don't display the raw CPU ID in quiet mode - Don't use memcpy on /dev/mem on arm64 - Fix OEM vendor name matching - Fix small typo in NEWS file - Improve the formatting of the manual pages - Present HPE type 240 attributes as a proper list instead of packing them on a single line. This makes it more readable overall, and will also scale better if the number of attributes increases - Skip details of uninstalled memory modules - Support for SMBIOS 3.4.0. This includes new memory device types, new processor upgrades, new slot types and characteristics, decoding of memor module extended speed, new system slot types, new processor characteristic and new format of Processor ID - Support for SMBIOS 3.5.0. This includes new processor upgrades, BIOS characteristics, new slot characteristics, new on-board device types, new pointing device interface types, and a new record type (type 45 - Firmware Inventory Information) - Use the most appropriate unit for cache size ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3521-1 Released: Tue Oct 4 14:18:56 2022 Summary: Recommended update for lvm2 Type: recommended Severity: critical References: 1198523 This update for lvm2 fixes the following issues: - Add additional check in the package to prevent removal of device-mapper library files during install (bsc#1198523) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3525-1 Released: Wed Oct 5 12:17:14 2022 Summary: Security update for cifs-utils Type: security Severity: moderate References: 1198976,CVE-2022-29869 This update for cifs-utils fixes the following issues: - Fix changelog to include Bugzilla and CVE tracker id numbers missing from previous update ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3544-1 Released: Thu Oct 6 13:48:42 2022 Summary: Security update for python3 Type: security Severity: important References: 1202624,CVE-2021-28861 This update for python3 fixes the following issues: - CVE-2021-28861: Fixed an open redirection vulnerability in the HTTP server when an URI path starts with // (bsc#1202624). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3551-1 Released: Fri Oct 7 17:03:55 2022 Summary: Recommended update for libgcrypt Type: recommended Severity: moderate References: 1182983,1190700,1191020,1202117 This update for libgcrypt fixes the following issues: - FIPS: Fixed gpg/gpg2 gets out of core handler in FIPS mode while typing Tab key to Auto-Completion. [bsc#1182983] - FIPS: Ported libgcrypt to use jitterentropy [bsc#1202117, jsc#SLE-24941] * Enable the jitter based entropy generator by default in random.conf * Update the internal jitterentropy to version 3.4.0 - FIPS: Get most of the entropy from rndjent_poll [bsc#1202117] - FIPS: Check keylength in gcry_fips_indicator_kdf() [bsc#1190700] * Consider approved keylength greater or equal to 112 bits. - FIPS: Zeroize buffer and digest in check_binary_integrity() [bsc#1191020] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3555-1 Released: Mon Oct 10 14:05:12 2022 Summary: Recommended update for aaa_base Type: recommended Severity: important References: 1199492 This update for aaa_base fixes the following issues: - The wrapper rootsh is not a restricted shell. (bsc#1199492) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3564-1 Released: Tue Oct 11 16:15:57 2022 Summary: Recommended update for libzypp, zypper Type: recommended Severity: critical References: 1189282,1201972,1203649 This update for libzypp, zypper fixes the following issues: libzypp: - Enable 'zck' support for SUSE Linux Enterprise 15 Service Pack 4 and newer (bsc#1189282) - Fix regression leading to `-allow-vendor-change` and `no-allow-vendor-change` options being ignored (bsc#1201972) - Remove migration code that is no longer needed (bsc#1203649) - Store logrotate files in vendor specif directory '/usr/etc/logrotate.d' if so defined zypper: - Fix contradiction in the man page: `--download-in-advance` option is the default behavior - Fix regression leading to `-allow-vendor-change` and `no-allow-vendor-change` options being ignored (bsc#1201972) - Fix tests to use locale 'C.UTF-8' rather than 'en_US' - Make sure 'up' respects solver related CLI options (bsc#1201972) - Remove unneeded code to compute the PPP status because it is now auto established - Store logrotate files in vendor specif directory '/usr/etc/logrotate.d' if so defined The following package changes have been done: - aaa_base-84.87+git20180409.04c9dae-150300.10.3.1 updated - ca-certificates-mozilla-2.56-150200.24.1 updated - cifs-utils-6.15-150400.3.9.1 updated - dmidecode-3.4-150400.16.3.1 updated - glibc-locale-base-2.31-150300.41.1 updated - glibc-locale-2.31-150300.41.1 updated - glibc-2.31-150300.41.1 updated - libdevmapper1_03-1.02.163-150400.178.1 updated - libexpat1-2.4.4-150400.3.9.1 updated - libgcrypt20-1.9.4-150400.6.5.1 updated - libpython3_6m1_0-3.6.15-150300.10.30.1 updated - libzck1-1.1.16-150400.1.10 added - libzypp-17.31.2-150400.3.9.1 updated - perl-Bootloader-0.939-150400.3.3.1 updated - python3-base-3.6.15-150300.10.30.1 updated - python3-3.6.15-150300.10.30.1 updated - runc-1.1.4-150000.33.4 updated - zypper-1.14.57-150400.3.9.1 updated - klogd-1.4.1-11.2 removed From sle-updates at lists.suse.com Thu Oct 20 07:03:15 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 20 Oct 2022 09:03:15 +0200 (CEST) Subject: SUSE-IU-2022:1109-1: Security update of suse-sles-15-sp4-chost-byos-v20221018-hvm-ssd-x86_64 Message-ID: <20221020070315.634A6FBA8@maintenance.suse.de> SUSE Image Update Advisory: suse-sles-15-sp4-chost-byos-v20221018-hvm-ssd-x86_64 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2022:1109-1 Image Tags : suse-sles-15-sp4-chost-byos-v20221018-hvm-ssd-x86_64:20221018 Image Release : Severity : critical Type : security References : 1181994 1182983 1188006 1189282 1190700 1191020 1198197 1198523 1198828 1198976 1199079 1199492 1201942 1201972 1202117 1202624 1202821 1202868 1203438 1203649 CVE-2021-28861 CVE-2022-29869 CVE-2022-40674 ----------------------------------------------------------------- The container suse-sles-15-sp4-chost-byos-v20221018-hvm-ssd-x86_64 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3395-1 Released: Mon Sep 26 16:35:18 2022 Summary: Recommended update for ca-certificates-mozilla Type: recommended Severity: moderate References: 1181994,1188006,1199079,1202868 This update for ca-certificates-mozilla fixes the following issues: Updated to 2.56 state of Mozilla SSL root CAs (bsc#1202868) - Added: - Certainly Root E1 - Certainly Root R1 - DigiCert SMIME ECC P384 Root G5 - DigiCert SMIME RSA4096 Root G5 - DigiCert TLS ECC P384 Root G5 - DigiCert TLS RSA4096 Root G5 - E-Tugra Global Root CA ECC v3 - E-Tugra Global Root CA RSA v3 - Removed: - Hellenic Academic and Research Institutions RootCA 2011 Updated to 2.54 state of Mozilla SSL root CAs (bsc#1199079) - Added: - Autoridad de Certificacion Firmaprofesional CIF A62634068 - D-TRUST BR Root CA 1 2020 - D-TRUST EV Root CA 1 2020 - GlobalSign ECC Root CA R4 - GTS Root R1 - GTS Root R2 - GTS Root R3 - GTS Root R4 - HiPKI Root CA - G1 - ISRG Root X2 - Telia Root CA v2 - vTrus ECC Root CA - vTrus Root CA - Removed: - Cybertrust Global Root - DST Root CA X3 - DigiNotar PKIoverheid CA Organisatie - G2 - GlobalSign ECC Root CA R4 - GlobalSign Root CA R2 - GTS Root R1 - GTS Root R2 - GTS Root R3 - GTS Root R4 Updated to 2.50 state of the Mozilla NSS Certificate store (bsc#1188006) - Added: - HARICA Client ECC Root CA 2021 - HARICA Client RSA Root CA 2021 - HARICA TLS ECC Root CA 2021 - HARICA TLS RSA Root CA 2021 - TunTrust Root CA Updated to 2.46 state of the Mozilla NSS Certificate store (bsc#1181994) - Added new root CAs: - NAVER Global Root Certification Authority - Removed old root CAs: - GeoTrust Global CA - GeoTrust Primary Certification Authority - GeoTrust Primary Certification Authority - G3 - GeoTrust Universal CA - GeoTrust Universal CA 2 - thawte Primary Root CA - thawte Primary Root CA - G2 - thawte Primary Root CA - G3 - VeriSign Class 3 Public Primary Certification Authority - G4 - VeriSign Class 3 Public Primary Certification Authority - G5 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3435-1 Released: Tue Sep 27 14:55:38 2022 Summary: Recommended update for runc Type: recommended Severity: important References: 1202821 This update for runc fixes the following issues: - Fix mounting via wrong proc fd. When the user and mount namespaces are used, and the bind mount is followed by the cgroup mount in the spec, the cgroup was mounted using the bind mount's mount fd. - Fix 'permission denied' error from runc run on noexec fs - Fix regression causing a failed 'exec' error after systemctl daemon-reload (bsc#1202821) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3449-1 Released: Tue Sep 27 20:12:03 2022 Summary: Recommended update for perl-Bootloader Type: recommended Severity: moderate References: 1198197,1198828 This update for perl-Bootloader fixes the following issues: - Fix sysconfig parsing (bsc#1198828) - grub2/install: Reset error code when passing through recover code. (bsc#1198197) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3452-1 Released: Wed Sep 28 12:13:43 2022 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1201942 This update for glibc fixes the following issues: - Reversing calculation of __x86_shared_non_temporal_threshold (bsc#1201942) - powerpc: Optimized memcmp for power10 (jsc#PED-987) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3489-1 Released: Sat Oct 1 13:35:24 2022 Summary: Security update for expat Type: security Severity: important References: 1203438,CVE-2022-40674 This update for expat fixes the following issues: - CVE-2022-40674: Fixed use-after-free in the doContent function in xmlparse.c (bsc#1203438). ----------------------------------------------------------------- Advisory ID: SUSE-feature-2022:3520-1 Released: Tue Oct 4 14:18:34 2022 Summary: Feature update for dmidecode Type: feature Severity: moderate References: This feature update for dmidecode fixes the following issues: Update dmidecode from version 3.2 to version 3.4 (jsc#SLE-24502, jsc#SLE-24591, jsc#PED-411): - Add bios-revision, firmware-revision and system-sku-number to `-s` option - Decode HPE OEM records 194, 199, 203, 236, 237, 238 ans 240 - Decode system slot base bus width and peers - Document how the UUID fields are interpreted - Don't display the raw CPU ID in quiet mode - Don't use memcpy on /dev/mem on arm64 - Fix OEM vendor name matching - Fix small typo in NEWS file - Improve the formatting of the manual pages - Present HPE type 240 attributes as a proper list instead of packing them on a single line. This makes it more readable overall, and will also scale better if the number of attributes increases - Skip details of uninstalled memory modules - Support for SMBIOS 3.4.0. This includes new memory device types, new processor upgrades, new slot types and characteristics, decoding of memor module extended speed, new system slot types, new processor characteristic and new format of Processor ID - Support for SMBIOS 3.5.0. This includes new processor upgrades, BIOS characteristics, new slot characteristics, new on-board device types, new pointing device interface types, and a new record type (type 45 - Firmware Inventory Information) - Use the most appropriate unit for cache size ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3521-1 Released: Tue Oct 4 14:18:56 2022 Summary: Recommended update for lvm2 Type: recommended Severity: critical References: 1198523 This update for lvm2 fixes the following issues: - Add additional check in the package to prevent removal of device-mapper library files during install (bsc#1198523) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3525-1 Released: Wed Oct 5 12:17:14 2022 Summary: Security update for cifs-utils Type: security Severity: moderate References: 1198976,CVE-2022-29869 This update for cifs-utils fixes the following issues: - Fix changelog to include Bugzilla and CVE tracker id numbers missing from previous update ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3544-1 Released: Thu Oct 6 13:48:42 2022 Summary: Security update for python3 Type: security Severity: important References: 1202624,CVE-2021-28861 This update for python3 fixes the following issues: - CVE-2021-28861: Fixed an open redirection vulnerability in the HTTP server when an URI path starts with // (bsc#1202624). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3551-1 Released: Fri Oct 7 17:03:55 2022 Summary: Recommended update for libgcrypt Type: recommended Severity: moderate References: 1182983,1190700,1191020,1202117 This update for libgcrypt fixes the following issues: - FIPS: Fixed gpg/gpg2 gets out of core handler in FIPS mode while typing Tab key to Auto-Completion. [bsc#1182983] - FIPS: Ported libgcrypt to use jitterentropy [bsc#1202117, jsc#SLE-24941] * Enable the jitter based entropy generator by default in random.conf * Update the internal jitterentropy to version 3.4.0 - FIPS: Get most of the entropy from rndjent_poll [bsc#1202117] - FIPS: Check keylength in gcry_fips_indicator_kdf() [bsc#1190700] * Consider approved keylength greater or equal to 112 bits. - FIPS: Zeroize buffer and digest in check_binary_integrity() [bsc#1191020] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3555-1 Released: Mon Oct 10 14:05:12 2022 Summary: Recommended update for aaa_base Type: recommended Severity: important References: 1199492 This update for aaa_base fixes the following issues: - The wrapper rootsh is not a restricted shell. (bsc#1199492) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3564-1 Released: Tue Oct 11 16:15:57 2022 Summary: Recommended update for libzypp, zypper Type: recommended Severity: critical References: 1189282,1201972,1203649 This update for libzypp, zypper fixes the following issues: libzypp: - Enable 'zck' support for SUSE Linux Enterprise 15 Service Pack 4 and newer (bsc#1189282) - Fix regression leading to `-allow-vendor-change` and `no-allow-vendor-change` options being ignored (bsc#1201972) - Remove migration code that is no longer needed (bsc#1203649) - Store logrotate files in vendor specif directory '/usr/etc/logrotate.d' if so defined zypper: - Fix contradiction in the man page: `--download-in-advance` option is the default behavior - Fix regression leading to `-allow-vendor-change` and `no-allow-vendor-change` options being ignored (bsc#1201972) - Fix tests to use locale 'C.UTF-8' rather than 'en_US' - Make sure 'up' respects solver related CLI options (bsc#1201972) - Remove unneeded code to compute the PPP status because it is now auto established - Store logrotate files in vendor specif directory '/usr/etc/logrotate.d' if so defined The following package changes have been done: - aaa_base-84.87+git20180409.04c9dae-150300.10.3.1 updated - ca-certificates-mozilla-2.56-150200.24.1 updated - cifs-utils-6.15-150400.3.9.1 updated - dmidecode-3.4-150400.16.3.1 updated - glibc-locale-base-2.31-150300.41.1 updated - glibc-locale-2.31-150300.41.1 updated - glibc-2.31-150300.41.1 updated - libdevmapper1_03-1.02.163-150400.178.1 updated - libexpat1-2.4.4-150400.3.9.1 updated - libgcrypt20-1.9.4-150400.6.5.1 updated - libpython3_6m1_0-3.6.15-150300.10.30.1 updated - libzck1-1.1.16-150400.1.10 added - libzypp-17.31.2-150400.3.9.1 updated - perl-Bootloader-0.939-150400.3.3.1 updated - python3-base-3.6.15-150300.10.30.1 updated - python3-3.6.15-150300.10.30.1 updated - runc-1.1.4-150000.33.4 updated - zypper-1.14.57-150400.3.9.1 updated - klogd-1.4.1-11.2 removed From sle-updates at lists.suse.com Thu Oct 20 07:03:48 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 20 Oct 2022 09:03:48 +0200 (CEST) Subject: SUSE-IU-2022:1110-1: Security update of sles-15-sp4-chost-byos-v20221018-x86-64 Message-ID: <20221020070348.43510FBA8@maintenance.suse.de> SUSE Image Update Advisory: sles-15-sp4-chost-byos-v20221018-x86-64 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2022:1110-1 Image Tags : sles-15-sp4-chost-byos-v20221018-x86-64:20221018 Image Release : Severity : critical Type : security References : 1023051 1032323 1047178 1065729 1142847 1150130 1156395 1157805 1164550 1164569 1177179 1181475 1181994 1182983 1185882 1188006 1189282 1189802 1190497 1190698 1190698 1190700 1191020 1191021 1191036 1194319 1194557 1194592 1194869 1194904 1195059 1195391 1195480 1195773 1195917 1196616 1197158 1197178 1197391 1197755 1197756 1197757 1197763 1198197 1198341 1198405 1198410 1198523 1198709 1198731 1198752 1198823 1198828 1198830 1198832 1198971 1198976 1198979 1199079 1199086 1199093 1199140 1199283 1199364 1199492 1199524 1199670 1199895 1200102 1200270 1200313 1200431 1200465 1200485 1200544 1200570 1200697 1200698 1200700 1200701 1200732 1200800 1200845 1200868 1200869 1200870 1200871 1200872 1200873 1200884 1200902 1200903 1200904 1200975 1200993 1201019 1201092 1201132 1201133 1201134 1201135 1201136 1201150 1201151 1201152 1201153 1201154 1201155 1201249 1201308 1201356 1201359 1201363 1201427 1201442 1201455 1201489 1201511 1201519 1201576 1201610 1201620 1201638 1201675 1201680 1201725 1201768 1201783 1201795 1201863 1201940 1201942 1201956 1201958 1201972 1201975 1202011 1202020 1202046 1202049 1202050 1202051 1202096 1202097 1202100 1202101 1202113 1202117 1202131 1202146 1202154 1202175 1202262 1202265 1202310 1202312 1202346 1202347 1202385 1202393 1202414 1202420 1202421 1202447 1202471 1202511 1202512 1202515 1202552 1202558 1202564 1202593 1202599 1202623 1202624 1202636 1202672 1202681 1202687 1202689 1202710 1202711 1202712 1202713 1202715 1202716 1202757 1202758 1202759 1202761 1202762 1202763 1202764 1202765 1202766 1202767 1202768 1202769 1202770 1202771 1202773 1202774 1202775 1202776 1202778 1202779 1202780 1202781 1202782 1202783 1202803 1202821 1202822 1202823 1202824 1202826 1202860 1202862 1202867 1202868 1202870 1202874 1202898 1202976 1203018 1203036 1203041 1203063 1203107 1203117 1203138 1203139 1203159 1203438 1203649 CVE-2016-3695 CVE-2017-6512 CVE-2019-13224 CVE-2019-16163 CVE-2019-19203 CVE-2019-19204 CVE-2019-19246 CVE-2020-26159 CVE-2020-36516 CVE-2021-28861 CVE-2021-33135 CVE-2021-36690 CVE-2021-4037 CVE-2021-46828 CVE-2022-1615 CVE-2022-1706 CVE-2022-1720 CVE-2022-1968 CVE-2022-20368 CVE-2022-20369 CVE-2022-2124 CVE-2022-2125 CVE-2022-2126 CVE-2022-2129 CVE-2022-2175 CVE-2022-2182 CVE-2022-2183 CVE-2022-2206 CVE-2022-2207 CVE-2022-2208 CVE-2022-2210 CVE-2022-2231 CVE-2022-2257 CVE-2022-2264 CVE-2022-2284 CVE-2022-2285 CVE-2022-2286 CVE-2022-2287 CVE-2022-2304 CVE-2022-2343 CVE-2022-2344 CVE-2022-2345 CVE-2022-24795 CVE-2022-2509 CVE-2022-2522 CVE-2022-2571 CVE-2022-2580 CVE-2022-2581 CVE-2022-2588 CVE-2022-2598 CVE-2022-2639 CVE-2022-2663 CVE-2022-27404 CVE-2022-27405 CVE-2022-27406 CVE-2022-2816 CVE-2022-2817 CVE-2022-2819 CVE-2022-28356 CVE-2022-2845 CVE-2022-2849 CVE-2022-2862 CVE-2022-28693 CVE-2022-2873 CVE-2022-2874 CVE-2022-2889 CVE-2022-2905 CVE-2022-2923 CVE-2022-2938 CVE-2022-2946 CVE-2022-2959 CVE-2022-2977 CVE-2022-29869 CVE-2022-3016 CVE-2022-3028 CVE-2022-3078 CVE-2022-31252 CVE-2022-32250 CVE-2022-32743 CVE-2022-35252 CVE-2022-35737 CVE-2022-36879 CVE-2022-36946 CVE-2022-37434 CVE-2022-39188 CVE-2022-39190 CVE-2022-40674 ----------------------------------------------------------------- The container sles-15-sp4-chost-byos-v20221018-x86-64 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2796-1 Released: Fri Aug 12 14:34:31 2022 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: This update for jitterentropy fixes the following issues: jitterentropy is included in version 3.4.0 (jsc#SLE-24941): This is a FIPS 140-3 / NIST 800-90b compliant userspace jitter entropy generator library, used by other FIPS libraries. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2866-1 Released: Mon Aug 22 15:36:30 2022 Summary: Security update for systemd-presets-common-SUSE Type: security Severity: moderate References: 1199524,1200485,CVE-2022-1706 This update for systemd-presets-common-SUSE fixes the following issues: - CVE-2022-1706: Fixed accessible configs from unprivileged containers in VMs running on VMware products (bsc#1199524). The following non-security bugs were fixed: - Modify branding-preset-states to fix systemd-presets-common-SUSE not enabling new user systemd service preset configuration just as it handles system service presets. By passing an (optional) second parameter 'user', the save/apply-changes commands now work with user services instead of system ones (bsc#1200485) - Add the wireplumber user service preset to enable it by default in SLE15-SP4 where it replaced pipewire-media-session, but keep pipewire-media-session preset so we don't have to branch the systemd-presets-common-SUSE package for SP4 (bsc#1200485) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2901-1 Released: Fri Aug 26 03:34:23 2022 Summary: Recommended update for elfutils Type: recommended Severity: moderate References: This update for elfutils fixes the following issues: - Fix runtime dependency for devel package ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2904-1 Released: Fri Aug 26 05:28:34 2022 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1198341 This update for openldap2 fixes the following issues: - Prevent memory reuse which may lead to instability (bsc#1198341) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2919-1 Released: Fri Aug 26 15:04:20 2022 Summary: Security update for gnutls Type: security Severity: important References: 1190698,1198979,1202020,CVE-2022-2509 This update for gnutls fixes the following issues: - CVE-2022-2509: Fixed a double free issue during PKCS7 verification (bsc#1202020). Non-security fixes: - FIPS: Check minimum keylength for symmetric key generation [bsc#1190698] - FIPS: Only allows ECDSA signature with valid set of hashes (SHA2 and SHA3) [bsc#1190698] - FIPS: Provides interface for running library self tests on-demand [bsc#1198979] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2920-1 Released: Fri Aug 26 15:17:02 2022 Summary: Recommended update for systemd Type: recommended Severity: important References: 1195059,1201795 This update for systemd fixes the following issues: - Don't replace /etc/systemd/system/tmp.mount symlink with a dangling one pointing to /usr/lib/systemd/ (bsc#1201795) - Drop or soften some of the deprecation warnings (jsc#PED-944) - Ensure root user can login even if systemd-user-sessions.service is not activated yet (bsc#1195059) - Avoid applying presets to any services shipped by the experimental sub-package, as they aren't enabled by default - analyze: Fix offline check for syscal filter - calendarspec: Fix timer skipping the next elapse - core: Allow command argument to be longer - hwdb: Add AV production controllers to hwdb and add uaccess - hwdb: Allow console users access to rfkill - hwdb: Allow end-users root-less access to TL866 EPROM readers - hwdb: Permit unsetting power/persist for USB devices - hwdb: Tag IR cameras as such - hwdb: Fix parsing issue - hwdb: Make usb match patterns uppercase - hwdb: Update the hardware database - journal-file: Stop using the event loop if it's already shutting down - journal-remote: Disable `--trust` option when gnutls is disabled and check_permission() should not be called - journald: Ensure resources are properly allocated for SIGTERM handling - kernel-install: Ensure modules.builtin.alias.bin is removed when no longer needed - macro: Account for negative values in DECIMAL_STR_WIDTH() - manager: Disallow clone3() function call in seccomp filters - missing-syscall: Define MOVE_MOUNT_T_EMPTY_PATH if missing - pid1,cgroup-show: Prevent failure if cgroup.procs in some subcgroups is not readable - resolve: Fix typo in dns_class_is_pseudo() - sd-event: Improve handling of process events and termination of processes - sd-ipv4acd: Fix ARP packet conflicts occurring when sender hardware is one of the host's interfaces - stdio-bridge: Improve the meaning of the error message - tmpfiles: Check for the correct directory ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2925-1 Released: Mon Aug 29 03:16:48 2022 Summary: Recommended update for audit-secondary Type: recommended Severity: important References: 1201519 This update for audit-secondary fixes the following issues: - Create symbolic link from /sbin/audisp-syslog to /usr/sbin/audisp-syslog (bsc#1201519) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2929-1 Released: Mon Aug 29 11:21:47 2022 Summary: Recommended update for timezone Type: recommended Severity: important References: 1202310 This update for timezone fixes the following issue: - Reflect new Chile DST change (bsc#1202310) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2944-1 Released: Wed Aug 31 05:39:14 2022 Summary: Recommended update for procps Type: recommended Severity: important References: 1181475 This update for procps fixes the following issues: - Fix 'free' command reporting misleading 'used' value (bsc#1181475) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2947-1 Released: Wed Aug 31 09:16:21 2022 Summary: Security update for zlib Type: security Severity: important References: 1202175,CVE-2022-37434 This update for zlib fixes the following issues: - CVE-2022-37434: Fixed heap-based buffer over-read or buffer overflow via large gzip header extra field (bsc#1202175). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2973-1 Released: Thu Sep 1 11:37:02 2022 Summary: Recommended update for dracut Type: recommended Severity: important References: 1198709,1201975 This update for dracut fixes the following issues: - Include fixes to make network-manager module work properly with dracut (bsc#1201975) - Add auto timeout to wicked DHCP test (bsc#1198709) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2977-1 Released: Thu Sep 1 12:30:19 2022 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1197178,1198731 This update for util-linux fixes the following issues: - agetty: Resolve tty name even if stdin is specified (bsc#1197178) - libmount: When moving a mount point, update all sub mount entries in utab (bsc#1198731) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3003-1 Released: Fri Sep 2 15:01:44 2022 Summary: Security update for curl Type: security Severity: low References: 1202593,CVE-2022-35252 This update for curl fixes the following issues: - CVE-2022-35252: Fixed a potential injection of control characters into cookies, which could be exploited by sister sites to cause a denial of service (bsc#1202593). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3009-1 Released: Mon Sep 5 04:49:43 2022 Summary: Recommended update for rsyslog Type: recommended Severity: moderate References: 1199283 This update for rsyslog fixes the following issues: -Fix memory access violation issue in qDeqLinkedList during shutdown (bsc#1199283) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3118-1 Released: Tue Sep 6 15:43:53 2022 Summary: Recommended update for lvm2 Type: recommended Severity: moderate References: 1202011 This update for lvm2 fixes the following issues: - Do not use udev for device listing or device information (bsc#1202011) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3127-1 Released: Wed Sep 7 04:36:10 2022 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1198752,1200800 This update for libtirpc fixes the following issues: - Exclude ipv6 addresses in client protocol version 2 code (bsc#1200800) - Fix memory leak in params.r_addr assignement (bsc#1198752) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3161-1 Released: Wed Sep 7 14:40:54 2022 Summary: Recommended update for hwinfo Type: recommended Severity: moderate References: 1200975 This update for hwinfo fixes the following issue: - improve treatment of NVME devices (bsc#1200975) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3162-1 Released: Wed Sep 7 15:07:31 2022 Summary: Security update for libyajl Type: security Severity: moderate References: 1198405,CVE-2022-24795 This update for libyajl fixes the following issues: - CVE-2022-24795: Fixed heap-based buffer overflow when handling large inputs (bsc#1198405). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3209-1 Released: Thu Sep 8 13:10:13 2022 Summary: Recommended update for open-iscsi Type: recommended Severity: moderate References: 1200570 This update for open-iscsi fixes the following issues: - Set the systemd unit files as non executable. (bsc#1200570) - For openSUSE Tumbleweed, moved logrotate files from user-specific directory `/etc/logrotate.d` to vendor-specific `/usr/etc/logrotate.d` ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3215-1 Released: Thu Sep 8 15:58:27 2022 Summary: Recommended update for rpm Type: recommended Severity: moderate References: This update for rpm fixes the following issues: - Support Ed25519 RPM signatures [jsc#SLE-24714] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3219-1 Released: Thu Sep 8 21:15:24 2022 Summary: Recommended update for sysconfig Type: recommended Severity: moderate References: 1185882,1194557,1199093 This update for sysconfig fixes the following issues: - netconfig: remove sed dependency - netconfig/dns-resolver: remove search limit of 6 domains (bsc#1199093) - netconfig: cleanup /var/run leftovers (bsc#1194557) - netconfig: update ntp man page documentation, fix typos - netconfig: revert NM default policy change change (bsc#1185882) With the change to the default policy, netconfig with NetworkManager as network.service accepted settings from all services/programs directly instead only from NetworkManager, where plugins/services have to deliver their settings to apply them. - Also support service(network) provides ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3220-1 Released: Fri Sep 9 04:30:52 2022 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1199895,1200993,1201092,1201576,1201638 This update for libzypp, zypper fixes the following issues: libzypp: - Improve handling of package locks, allowing to reset the status of its initial state (bsc#1199895) - Fix issues when receiving exceptions from curl_easy_cleanup (bsc#1201092) - Don't auto-flag kernel-firmware as 'reboot-needed' (bsc#1200993) - Remove Medianetwork and its dependent code. First reason for this is that MediaNetwork was just meant as a way to test the new CURL based downloaded. Second the Provide API is going to completely replace the current media backend. zypper: - Truncate the 'Name' column when using `zypper lr`, if the table is wider than the terminal (bsc#1201638) - Reject install/remove modifier without argument (bsc#1201576) - zypper-download: Handle unresolvable arguments as errors - Put signing key supplying repository name in quotes ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3229-1 Released: Fri Sep 9 14:46:01 2022 Summary: Security update for vim Type: security Severity: important References: 1200270,1200697,1200698,1200700,1200701,1200732,1200884,1200902,1200903,1200904,1201132,1201133,1201134,1201135,1201136,1201150,1201151,1201152,1201153,1201154,1201155,1201249,1201356,1201359,1201363,1201620,1201863,1202046,1202049,1202050,1202051,1202414,1202420,1202421,1202511,1202512,1202515,1202552,1202599,1202687,1202689,1202862,CVE-2022-1720,CVE-2022-1968,CVE-2022-2124,CVE-2022-2125,CVE-2022-2126,CVE-2022-2129,CVE-2022-2175,CVE-2022-2182,CVE-2022-2183,CVE-2022-2206,CVE-2022-2207,CVE-2022-2208,CVE-2022-2210,CVE-2022-2231,CVE-2022-2257,CVE-2022-2264,CVE-2022-2284,CVE-2022-2285,CVE-2022-2286,CVE-2022-2287,CVE-2022-2304,CVE-2022-2343,CVE-2022-2344,CVE-2022-2345,CVE-2022-2522,CVE-2022-2571,CVE-2022-2580,CVE-2022-2581,CVE-2022-2598,CVE-2022-2816,CVE-2022-2817,CVE-2022-2819,CVE-2022-2845,CVE-2022-2849,CVE-2022-2862,CVE-2022-2874,CVE-2022-2889,CVE-2022-2923,CVE-2022-2946,CVE-2022-3016 This update for vim fixes the following issues: Updated to version 9.0 with patch level 0313: - CVE-2022-2183: Fixed out-of-bounds read through get_lisp_indent() (bsc#1200902). - CVE-2022-2182: Fixed heap-based buffer overflow through parse_cmd_address() (bsc#1200903). - CVE-2022-2175: Fixed buffer over-read through cmdline_insert_reg() (bsc#1200904). - CVE-2022-2304: Fixed stack buffer overflow in spell_dump_compl() (bsc#1201249). - CVE-2022-2343: Fixed heap-based buffer overflow in GitHub repository vim prior to 9.0.0044 (bsc#1201356). - CVE-2022-2344: Fixed another heap-based buffer overflow vim prior to 9.0.0045 (bsc#1201359). - CVE-2022-2345: Fixed use after free in GitHub repository vim prior to 9.0.0046. (bsc#1201363). - CVE-2022-2819: Fixed heap-based Buffer Overflow in compile_lock_unlock() (bsc#1202414). - CVE-2022-2874: Fixed NULL Pointer Dereference in generate_loadvar() (bsc#1202552). - CVE-2022-1968: Fixed use after free in utf_ptr2char (bsc#1200270). - CVE-2022-2124: Fixed out of bounds read in current_quote() (bsc#1200697). - CVE-2022-2125: Fixed out of bounds read in get_lisp_indent() (bsc#1200698). - CVE-2022-2126: Fixed out of bounds read in suggest_trie_walk() (bsc#1200700). - CVE-2022-2129: Fixed out of bounds write in vim_regsub_both() (bsc#1200701). - CVE-2022-1720: Fixed out of bounds read in grab_file_name() (bsc#1200732). - CVE-2022-2264: Fixed out of bounds read in inc() (bsc#1201132). - CVE-2022-2284: Fixed out of bounds read in utfc_ptr2len() (bsc#1201133). - CVE-2022-2285: Fixed negative size passed to memmove() due to integer overflow (bsc#1201134). - CVE-2022-2286: Fixed out of bounds read in ins_bytes() (bsc#1201135). - CVE-2022-2287: Fixed out of bounds read in suggest_trie_walk() (bsc#1201136). - CVE-2022-2231: Fixed null pointer dereference skipwhite() (bsc#1201150). - CVE-2022-2210: Fixed out of bounds read in ml_append_int() (bsc#1201151). - CVE-2022-2208: Fixed null pointer dereference in diff_check() (bsc#1201152). - CVE-2022-2207: Fixed out of bounds read in ins_bs() (bsc#1201153). - CVE-2022-2257: Fixed out of bounds read in msg_outtrans_special() (bsc#1201154). - CVE-2022-2206: Fixed out of bounds read in msg_outtrans_attr() (bsc#1201155). - CVE-2022-2522: Fixed out of bounds read via nested autocommand (bsc#1201863). - CVE-2022-2571: Fixed heap-based buffer overflow related to ins_comp_get_next_word_or_line() (bsc#1202046). - CVE-2022-2580: Fixed heap-based buffer overflow related to eval_string() (bsc#1202049). - CVE-2022-2581: Fixed out-of-bounds read related to cstrchr() (bsc#1202050). - CVE-2022-2598: Fixed undefined behavior for Input to API related to diff_mark_adjust_tp() and ex_diffgetput() (bsc#1202051). - CVE-2022-2817: Fixed use after gree in f_assert_fails() (bsc#1202420). - CVE-2022-2816: Fixed out-of-bounds Read in check_vim9_unlet() (bsc#1202421). - CVE-2022-2862: Fixed use-after-free in compile_nested_function() (bsc#1202511). - CVE-2022-2849: Fixed invalid memory access related to mb_ptr2len() (bsc#1202512). - CVE-2022-2845: Fixed buffer Over-read related to display_dollar() (bsc#1202515). - CVE-2022-2889: Fixed use-after-free in find_var_also_in_script() in evalvars.c (bsc#1202599). - CVE-2022-2923: Fixed NULL pointer dereference in GitHub repository vim/vim prior to 9.0.0240 (bsc#1202687). - CVE-2022-2946: Fixed use after free in function vim_vsnprintf_typval (bsc#1202689). - CVE-2022-3016: Fixed use after free in vim prior to 9.0.0285 (bsc#1202862). Bugfixes: - Fixing vim error on startup (bsc#1200884). - Fixing vim SUSE Linux Enterprise Server 15 SP4 Basesystem plugin-tlib issue (bsc#1201620). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3241-1 Released: Mon Sep 12 07:21:04 2022 Summary: Recommended update for cups Type: recommended Severity: moderate References: 1201511 This update for cups fixes the following issues: - Stuck print jobs being cancelled immediately, despite MaxJobTime being set to 0 (bsc#1201511) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3244-1 Released: Mon Sep 12 09:00:27 2022 Summary: Security update for samba Type: security Severity: important References: 1200102,1202803,1202976,CVE-2022-1615,CVE-2022-32743 This update for samba fixes the following issues: - CVE-2022-1615: Fixed error handling in random number generation (bso#15103)(bsc#1202976). - CVE-2022-32743: Implement validated dnsHostName write rights (bso#14833)(bsc#1202803). Bugfixes: - Fixed use after free when iterating smbd_server_connection->connections after tree disconnect failure (bso#15128)(bsc#1200102). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3252-1 Released: Mon Sep 12 09:07:53 2022 Summary: Security update for freetype2 Type: security Severity: moderate References: 1198823,1198830,1198832,CVE-2022-27404,CVE-2022-27405,CVE-2022-27406 This update for freetype2 fixes the following issues: - CVE-2022-27404 Fixed a segmentation fault via a crafted typeface (bsc#1198830). - CVE-2022-27405 Fixed a buffer overflow via a crafted typeface (bsc#1198832). - CVE-2022-27406 Fixed a segmentation fault via a crafted typeface (bsc#1198823). Non-security fixes: - Updated to version 2.10.4 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3262-1 Released: Tue Sep 13 15:34:29 2022 Summary: Recommended update for gcc11 Type: recommended Severity: moderate References: 1199140 This update for gcc11 ships some missing 32bit libraries for s390x. (bsc#1199140) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3271-1 Released: Wed Sep 14 06:45:39 2022 Summary: Security update for perl Type: security Severity: moderate References: 1047178,CVE-2017-6512 This update for perl fixes the following issues: - CVE-2017-6512: Fixed File::Path rmtree/remove_tree race condition (bsc#1047178). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3293-1 Released: Fri Sep 16 17:30:01 2022 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1023051,1032323,1065729,1156395,1190497,1194592,1194869,1194904,1195480,1195917,1196616,1197158,1197391,1197755,1197756,1197757,1197763,1198410,1198971,1199086,1199364,1199670,1200313,1200431,1200465,1200544,1200845,1200868,1200869,1200870,1200871,1200872,1200873,1201019,1201308,1201427,1201442,1201455,1201489,1201610,1201675,1201725,1201768,1201940,1201956,1201958,1202096,1202097,1202113,1202131,1202154,1202262,1202265,1202312,1202346,1202347,1202385,1202393,1202447,1202471,1202558,1202564,1202623,1202636,1202672,1202681,1202710,1202711,1202712,1202713,1202715,1202716,1202757,1202758,1202759,1202761,1202762,1202763,1202764,1202765,1202766,1202767,1202768,1202769,1202770,1202771,1202773,1202774,1202775,1202776,1202778,1202779,1202780,1202781,1202782,1202783,1202822,1202823,1202824,1202860,1202867,1202874,1202898,1203036,1203041,1203063,1203107,1203117,1203138,1203139,1203159,CVE-2016-3695,CVE-2020-36516,CVE-2021-33135,CVE-2021-4037,CVE-2022-20368,CVE-2022-20369,CVE-2022- 2588,CVE-2022-2639,CVE-2022-2663,CVE-2022-28356,CVE-2022-28693,CVE-2022-2873,CVE-2022-2905,CVE-2022-2938,CVE-2022-2959,CVE-2022-2977,CVE-2022-3028,CVE-2022-3078,CVE-2022-32250,CVE-2022-36879,CVE-2022-36946,CVE-2022-39188,CVE-2022-39190 The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-39190: Fixed an issue that was discovered in net/netfilter/nf_tables_api.c and could cause a denial of service upon binding to an already bound chain (bnc#1203117). - CVE-2022-39188: Fixed race condition in include/asm-generic/tlb.h where a device driver can free a page while it still has stale TLB entries (bnc#1203107). - CVE-2022-2663: Fixed an issue that was found in nf_conntrack_irc where the message handling could be confused and incorrectly matches the message (bnc#1202097). - CVE-2022-3078: Fixed a lack of check after calling vzalloc() and lack of free after allocation in drivers/media/test-drivers/vidtv/vidtv_s302m.c (bnc#1203041). - CVE-2022-28356: Fixed a refcount leak bug that was found in net/llc/af_llc.c (bnc#1197391). - CVE-2022-3028: Fixed race condition that was found in the IP framework for transforming packets (XFRM subsystem) (bnc#1202898). - CVE-2022-2905: Fixed tnum_range usage on array range checking for poke descriptors (bsc#1202564, bsc#1202860). - CVE-2022-2977: Fixed reference counting for struct tpm_chip (bsc#1202672). - CVE-2022-2938: Fixed a flaw that was found inside the Pressure Stall Information implementation that could have been used to allow an attacker to crash the system or have other memory-corruption side effects (bnc#1202623). - CVE-2022-28693: Fixed x86/speculation behavior by disabling RRSBA (bsc#1201455). - CVE-2021-33135: Fixed uncontrolled resource consumption inside Intel(R) SGX that may have allowed an authenticated user to potentially enable denial of service via local access (bnc#1199515). - CVE-2022-2588: Fixed use-after-free in cls_route (bsc#1202096). - CVE-2022-2959: Fixed a race condition that was found inside the watch queue due to a missing lock in pipe_resize_ring() (bnc#1202681 bnc#1202685). - CVE-2022-36946: Fixed a denial of service (panic) inside nfqnl_mangle in net/netfilter/nfnetlink_queue.c (bnc#1201940 bnc#1201941 bnc#1202312 bnc#1202874). - CVE-2021-4037: Fixed function logic vulnerability that allowed local users to create files for the XFS file-system with an unintended group ownership and with group execution and SGID permission bits set (bnc#1198702). - CVE-2022-2873: Fixed an out-of-bounds memory access flaw that was found in iSMT SMBus host controller driver (bnc#1202558). - CVE-2022-36879: Fixed an issue in xfrm_expand_policies in net/xfrm/xfrm_policy.c where a refcount could be dropped twice (bnc#1201948). - CVE-2022-20368: Fixed slab-out-of-bounds access in packet_recvmsg() (bsc#1202346). - CVE-2022-20369: Fixed out of bounds write in v4l2_m2m_querybuf of v4l2-mem2mem.c (bnc#1202347). - CVE-2016-3695: Fixed an issue inside the einj_error_inject function in drivers/acpi/apei/einj.c that allowed users to simulate hardware errors and consequently cause a denial of service (bnc#1023051). - CVE-2022-2639: Fixed an integer coercion error that was found in the openvswitch kernel module (bnc#1202154). - CVE-2020-36516: Fixed an issue in the mixed IPID assignment method where an attacker was able to inject data into or terminate a victim's TCP session (bnc#1196616). - CVE-2022-32250: Fixed a privilege escalation issue in net/netfilter/nf_tables_api.c that allowed a local user to became root (bnc#1200015). The following non-security bugs were fixed: - 9p: Fix refcounting during full path walks for fid lookups (git-fixes). - 9p: fix fid refcount leak in v9fs_vfs_atomic_open_dotl (git-fixes). - 9p: fix fid refcount leak in v9fs_vfs_get_link (git-fixes). - ACPI: APEI: Better fix to avoid spamming the console with old error logs (git-fixes). - ACPI: APEI: explicit init of HEST and GHES in apci_init() (git-fixes). - ACPI: CPPC: Do not prevent CPPC from working in the future (git-fixes). - ACPI: EC: Drop the EC_FLAGS_IGNORE_DSDT_GPE quirk (git-fixes). - ACPI: EC: Remove duplicate ThinkPad X1 Carbon 6th entry from DMI quirks (git-fixes). - ACPI: LPSS: Fix missing check in register_device_clock() (git-fixes). - ACPI: PM: save NVS memory for Lenovo G40-45 (git-fixes). - ACPI: VIOT: Fix ACS setup (git-fixes). - ACPI: processor/idle: Annotate more functions to live in cpuidle section (git-fixes). - ACPI: processor: Remove freq Qos request for all CPUs (git-fixes). - ACPI: property: Return type of acpi_add_nondev_subnodes() should be bool (git-fixes). - ACPI: thermal: drop an always true check (git-fixes). - ACPI: video: Force backlight native for some TongFang devices (git-fixes). - ACPI: video: Shortening quirk list by identifying Clevo by board_name only (git-fixes). - ALSA: bcd2000: Fix a UAF bug on the error path of probing (git-fixes). - ALSA: hda/cirrus - support for iMac 12,1 model (git-fixes). - ALSA: hda/conexant: Add quirk for LENOVO 20149 Notebook model (git-fixes). - ALSA: hda/conexant: add a new hda codec SN6140 (git-fixes). - ALSA: hda/realtek: Add a quirk for HP OMEN 15 (8786) mute LED (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo NS50PU, NS70PU (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo NV45PZ (git-fixes). - ALSA: hda/realtek: Add quirk for HP Spectre x360 15-eb0xxx (git-fixes). - ALSA: hda/realtek: Add quirk for Lenovo Yoga9 14IAP7 (git-fixes). - ALSA: hda/realtek: Add quirk for another Asus K42JZ model (git-fixes). - ALSA: hda/realtek: Add speaker AMP init for Samsung laptops with ALC298 (git-fixes). - ALSA: hda/sigmatel: Keep power up while beep is enabled (bsc#1200544). - ALSA: hda: intel-nhlt: Correct the handling of fmt_config flexible array (git-fixes). - ALSA: info: Fix llseek return value when using callback (git-fixes). - ALSA: seq: Fix data-race at module auto-loading (git-fixes). - ALSA: seq: oss: Fix data-race for max_midi_devs access (git-fixes). - ALSA: usb-audio: Add endianness annotations (git-fixes). - ALSA: usb-audio: Add quirk for Behringer UMC202HD (git-fixes). - ALSA: usb-audio: Add quirk for LH Labs Geek Out HD Audio 1V5 (git-fixes). - ALSA: usb-audio: More comprehensive mixer map for ASUS ROG Zenith II (git-fixes). - ALSA: usb-audio: Support jack detection on Dell dock (git-fixes). - ALSA: usb-audio: Turn off 'manual mode' on Dell dock (git-fixes). - ARM: 9216/1: Fix MAX_DMA_ADDRESS overflow (git-fixes). - ARM: OMAP2+: Fix refcount leak in omap3xxx_prm_late_init (git-fixes). - ARM: OMAP2+: Fix refcount leak in omapdss_init_of (git-fixes). - ARM: OMAP2+: display: Fix refcount leak bug (git-fixes). - ARM: OMAP2+: pdata-quirks: Fix refcount leak bug (git-fixes). - ARM: bcm: Fix refcount leak in bcm_kona_smc_init (git-fixes). - ARM: dts: BCM5301X: Add DT for Meraki MR26 (git-fixes). - ARM: dts: ast2500-evb: fix board compatible (git-fixes). - ARM: dts: ast2600-evb-a1: fix board compatible (git-fixes). - ARM: dts: ast2600-evb: fix board compatible (git-fixes). - ARM: dts: at91: sama5d27_wlsom1: do not keep ldo2 enabled all the time (git-fixes). - ARM: dts: at91: sama5d27_wlsom1: specify proper regulator output ranges (git-fixes). - ARM: dts: at91: sama5d2_icp: do not keep vdd_other enabled all the time (git-fixes). - ARM: dts: at91: sama5d2_icp: specify proper regulator output ranges (git-fixes). - ARM: dts: imx6qdl-kontron-samx6i: remove duplicated node (git-fixes). - ARM: dts: imx6ul: add missing properties for sram (git-fixes). - ARM: dts: imx6ul: change operating-points to uint32-matrix (git-fixes). - ARM: dts: imx6ul: fix csi node compatible (git-fixes). - ARM: dts: imx6ul: fix keypad compatible (git-fixes). - ARM: dts: imx6ul: fix lcdif node compatible (git-fixes). - ARM: dts: imx6ul: fix qspi node compatible (git-fixes). - ARM: dts: imx7d-colibri-emmc: add cpu1 supply (git-fixes). - ARM: dts: qcom: mdm9615: add missing PMIC GPIO reg (git-fixes). - ARM: dts: qcom: pm8841: add required thermal-sensor-cells (git-fixes). - ARM: dts: qcom: sdx55: Fix the IRQ trigger type for UART (git-fixes). - ARM: dts: uniphier: Fix USB interrupts for PXs2 SoC (git-fixes). - ARM: findbit: fix overflowing offset (git-fixes). - ARM: shmobile: rcar-gen2: Increase refcount for new reference (git-fixes). - ASoC: SOF: debug: Fix potential buffer overflow by snprintf() (git-fixes). - ASoC: audio-graph-card: Add of_node_put() in fail path (git-fixes). - ASoC: codec: tlv320aic32x4: fix mono playback via I2S (git-fixes). - ASoC: codecs: da7210: add check for i2c_add_driver (git-fixes). - ASoC: codecs: msm8916-wcd-digital: move gains from SX_TLV to S8_TLV (git-fixes). - ASoC: codecs: wcd9335: move gains from SX_TLV to S8_TLV (git-fixes). - ASoC: cros_ec_codec: Fix refcount leak in cros_ec_codec_platform_probe (git-fixes). - ASoC: fsl-asoc-card: force cast the asrc_format type (git-fixes). - ASoC: fsl_asrc: force cast the asrc_format type (git-fixes). - ASoC: fsl_easrc: use snd_pcm_format_t type for sample_format (git-fixes). - ASoC: imx-audmux: Silence a clang warning (git-fixes). - ASoC: imx-card: Fix DSD/PDM mclk frequency (git-fixes). - ASoC: imx-card: use snd_pcm_format_t type for asrc_format (git-fixes). - ASoC: mchp-spdifrx: disable end of block interrupt on failures (git-fixes). - ASoC: mt6359: Fix refcount leak bug (git-fixes). - ASoC: mt6797-mt6351: Fix refcount leak in mt6797_mt6351_dev_probe (git-fixes). - ASoC: qcom: Fix missing of_node_put() in asoc_qcom_lpass_cpu_platform_probe() (git-fixes). - ASoC: qcom: q6dsp: Fix an off-by-one in q6adm_alloc_copp() (git-fixes). - ASoC: rsnd: care default case on rsnd_ssiu_busif_err_irq_ctrl() (git-fixes). - ASoC: samsung: Fix error handling in aries_audio_probe (git-fixes). - ASoC: samsung: change gpiod_speaker_power and rx1950_audio from global to static variables (git-fixes). - ASoC: samsung: change neo1973_audio from a global to static (git-fixes). - ASoC: samsung: h1940_uda1380: include proepr GPIO consumer header (git-fixes). - ASoC: tas2770: Allow mono streams (git-fixes). - ASoC: tas2770: Drop conflicting set_bias_level power setting (git-fixes). - ASoC: tas2770: Fix handling of mute/unmute (git-fixes). - ASoC: tas2770: Set correct FSYNC polarity (git-fixes). - Bluetooth: Add bt_skb_sendmmsg helper (git-fixes). - Bluetooth: Add bt_skb_sendmsg helper (git-fixes). - Bluetooth: Fix bt_skb_sendmmsg not allocating partial chunks (git-fixes). - Bluetooth: Fix passing NULL to PTR_ERR (git-fixes). - Bluetooth: L2CAP: Fix build errors in some archs (git-fixes). - Bluetooth: L2CAP: Fix l2cap_global_chan_by_psm regression (git-fixes). - Bluetooth: L2CAP: Fix use-after-free caused by l2cap_chan_put (git-fixes). - Bluetooth: MGMT: Fixes build warnings with C=1 (git-fixes). - Bluetooth: RFCOMM: Replace use of memcpy_from_msg with bt_skb_sendmmsg (git-fixes). - Bluetooth: SCO: Fix sco_send_frame returning skb->len (git-fixes). - Bluetooth: SCO: Replace use of memcpy_from_msg with bt_skb_sendmsg (git-fixes). - Bluetooth: btusb: Add Realtek RTL8852C support ID 0x04C5:0x1675 (git-fixes). - Bluetooth: btusb: Add Realtek RTL8852C support ID 0x04CA:0x4007 (git-fixes). - Bluetooth: btusb: Add Realtek RTL8852C support ID 0x0CB8:0xC558 (git-fixes). - Bluetooth: btusb: Add Realtek RTL8852C support ID 0x13D3:0x3586 (git-fixes). - Bluetooth: btusb: Add Realtek RTL8852C support ID 0x13D3:0x3587 (git-fixes). - Bluetooth: btusb: Add support of IMC Networks PID 0x3568 (git-fixes). - Bluetooth: hci_bcm: Add BCM4349B1 variant (git-fixes). - Bluetooth: hci_bcm: Add DT compatible for CYW55572 (git-fixes). - Bluetooth: hci_intel: Add check for platform_driver_register (git-fixes). - EDAC/ghes: Set the DIMM label unconditionally (bsc#1201768). - rpm: Fix parsing of rpm/macros.kernel-source on SLE12 (bsc#1201019). - HID: AMD_SFH: Add a DMI quirk entry for Chromebooks (git-fixes). - HID: add Lenovo Yoga C630 battery quirk (git-fixes). - HID: alps: Declare U1_UNICORN_LEGACY support (git-fixes). - HID: amd_sfh: Add NULL check for hid device (git-fixes). - HID: amd_sfh: Handle condition of 'no sensors' (git-fixes). - HID: asus: ROG NKey: Ignore portion of 0x5a report (git-fixes). - HID: cp2112: prevent a buffer overflow in cp2112_xfer() (git-fixes). - HID: hid-input: add Surface Go battery quirk (git-fixes). - HID: mcp2221: prevent a buffer overflow in mcp_smbus_write() (git-fixes). - HID: multitouch: new device class fix Lenovo X12 trackpad sticky (git-fixes). - HID: steam: Prevent NULL pointer dereference in steam_{recv,send}_report (git-fies). - HID: thrustmaster: Add sparco wheel and fix array length (git-fixes). - HID: wacom: Do not register pad_input for touch switch (git-fixes). - HID: wacom: Only report rotation for art pen (git-fixes). - Input: exc3000 - fix return value check of wait_for_completion_timeout (git-fixes). - Input: gscps2 - check return value of ioremap() in gscps2_probe() (git-fixes). - Input: i8042 - add TUXEDO devices to i8042 quirk tables (git-fies). - Input: i8042 - add additional TUXEDO devices to i8042 quirk tables (git-fies). - Input: i8042 - merge quirk tables (git-fies). - Input: i8042 - move __initconst to fix code styling warning (git-fies). - Input: iforce - wake up after clearing IFORCE_XMIT_RUNNING flag (git-fixes). - Input: rk805-pwrkey - fix module autoloading (git-fixes). - KABI: cgroup: Restore KABI of css_set (bsc#1201610). - KEYS: asymmetric: enforce SM2 signature use pkey algo (git-fixes). - KVM: LAPIC: Also cancel preemption timer during SET_LAPIC (git-fixes). - KVM: MMU: shadow nested paging does not have PKU (git-fixes). - KVM: PPC: Book3S HV: Check return value of kvmppc_radix_init (bsc#1194869). - KVM: PPC: Book3S HV: Prevent POWER7/8 TLB flush flushing SLB (bsc#1156395). - KVM: PPC: Book3S HV: Remove kvmhv_p9_[set,restore]_lpcr declarations (bsc#1194869). - KVM: PPC: Book3S HV: Use GLOBAL_TOC for kvmppc_h_set_dabr/xdabr() (bsc#1156395). - KVM: PPC: Book3S HV: fix incorrect NULL check on list iterator (bsc#1194869). - KVM: PPC: Book3s HV: Remove unused function kvmppc_bad_interrupt (bsc#1194869). - KVM: PPC: Fix vmx/vsx mixup in mmio emulation (bsc#1156395). - KVM: PPC: Use arch_get_random_seed_long instead of powernv variant (bsc#1156395). - KVM: SVM: Do not BUG if userspace injects an interrupt with GIF=0 (git-fixes). - KVM: SVM: Do not intercept #GP for SEV guests (git-fixes). - KVM: SVM: Unwind 'speculative' RIP advancement if INTn injection 'fails' (git-fixes). - KVM: SVM: fix panic on out-of-bounds guest IRQ (git-fixes). - KVM: VMX: Print VM-instruction error as unsigned (git-fixes). - KVM: VMX: prepare sync_pir_to_irr for running with APICv disabled (git-fixes). - KVM: VMX: switch blocked_vcpu_on_cpu_lock to raw spinlock (git-fixes). - KVM: X86: Use vcpu->arch.walk_mmu for kvm_mmu_invlpg() (git-fixes). - KVM: X86: avoid uninitialized 'fault.async_page_fault' from fixed-up #PF (git-fixes). - KVM: arm64: Avoid setting the upper 32 bits of TCR_EL2 and CPTR_EL2 (bsc#1201442) - KVM: nVMX: Defer APICv updates while L2 is active until L1 is active (git-fixes). - KVM: nVMX: Inject #UD if VMXON is attempted with incompatible CR0/CR4 (git-fixes). - KVM: nVMX: Let userspace set nVMX MSR to any _host_ supported value (git-fixes). - KVM: nVMX: Set UMIP bit CR4_FIXED1 MSR when emulating UMIP (git-fixes). - KVM: nVMX: Snapshot pre-VM-Enter BNDCFGS for !nested_run_pending case (git-fixes). - KVM: nVMX: Snapshot pre-VM-Enter DEBUGCTL for !nested_run_pending case (git-fixes). - KVM: nVMX: Synthesize TRIPLE_FAULT for L2 if emulation is required (git-fixes). - KVM: nVMX: do not use vcpu->arch.efer when checking host state on nested state load (git-fixes). - KVM: selftests: Make sure kvm_create_max_vcpus test won't hit RLIMIT_NOFILE (git-fixes). - KVM: selftests: Silence compiler warning in the kvm_page_table_test (git-fixes). - KVM: x86/mmu: Do not freak out if pml5_root is NULL on 4-level host (git-fixes). - KVM: x86/mmu: Move 'invalid' check out of kvm_tdp_mmu_get_root() (git-fixes). - KVM: x86/mmu: Zap _all_ roots when unmapping gfn range in TDP MMU (git-fixes). - KVM: x86/mmu: include EFER.LMA in extended mmu role (git-fixes). - KVM: x86/mmu: make apf token non-zero to fix bug (git-fixes). - KVM: x86: Avoid theoretical NULL pointer dereference in kvm_irq_delivery_to_apic_fast() (git-fixes). - KVM: x86: Check lapic_in_kernel() before attempting to set a SynIC irq (git-fixes). - KVM: x86: Forbid VMM to set SYNIC/STIMER MSRs when SynIC wasn't activated (git-fixes). - KVM: x86: Mark TSS busy during LTR emulation _after_ all fault checks (git-fixes). - KVM: x86: SVM: do not passthrough SMAP/SMEP/PKE bits in !NPT && !gCR0.PG case (git-fixes). - KVM: x86: Set error code to segment selector on LLDT/LTR non-canonical #GP (git-fixes). - KVM: x86: check PIR even for vCPUs with disabled APICv (git-fixes). - KVM: x86: hyper-v: Drop redundant 'ex' parameter from kvm_hv_flush_tlb() (git-fixes). - KVM: x86: ignore APICv if LAPIC is not enabled (git-fixes). - KVM: x86: remove PMU FIXED_CTR3 from msrs_to_save_all (git-fixes). - KVM: x86: revalidate steal time cache if MSR value changes (git-fixes). - NFSD: Clamp WRITE offsets (git-fixes). - NFSD: Fix NFSv3 SETATTR/CREATE's handling of large file sizes (git-fixes). - NFSD: Fix ia_size underflow (git-fixes). - NFSD: Fix possible sleep during nfsd4_release_lockowner() (git-fixes). - NFSD: prevent integer overflow on 32 bit systems (git-fixes). - NFSD: prevent underflow in nfssvc_decode_writeargs() (git-fixes). - NTB: ntb_tool: uninitialized heap data in tool_fn_write() (git-fixes). - PCI/ACPI: Guard ARM64-specific mcfg_quirks (git-fixes). - PCI/AER: Iterate over error counters instead of error strings (git-fixes). - PCI/portdrv: Do not disable AER reporting in get_port_device_capability() (git-fixes). - PCI: Add ACS quirk for Broadcom BCM5750x NICs (git-fixes). - PCI: aardvark: Fix reporting Slot capabilities on emulated bridge (git-fixes). - PCI: dwc: Add unroll iATU space support to dw_pcie_disable_atu() (git-fixes). - PCI: dwc: Always enable CDM check if 'snps,enable-cdm-check' exists (git-fixes). - PCI: dwc: Deallocate EPC memory on dw_pcie_ep_init() errors (git-fixes). - PCI: dwc: Disable outbound windows only for controllers using iATU (git-fixes). - PCI: dwc: Set INCREASE_REGION_SIZE flag based on limit address (git-fixes). - PCI: dwc: Stop link on host_init errors and de-initialization (git-fixes). - PCI: endpoint: Do not stop controller when unbinding endpoint function (git-fixes). - PCI: hv: Only reuse existing IRTE allocation for Multi-MSI (bsc#1200845). - PCI: microchip: Fix refcount leak in mc_pcie_init_irq_domains() (git-fixes). - PCI: qcom: Power on PHY before IPQ8074 DBI register accesses (git-fixes). - PCI: qcom: Set up rev 2.1.0 PARF_PHY before enabling clocks (git-fixes). - PCI: tegra194: Fix PM error handling in tegra_pcie_config_ep() (git-fixes). - PCI: tegra194: Fix Root Port interrupt handling (git-fixes). - PCI: tegra194: Fix link up retry sequence (git-fixes). - PM: domains: Ensure genpd_debugfs_dir exists before remove (git-fixes). - PM: hibernate: defer device probing when resuming from hibernation (git-fixes). - SUNRPC: Fix NFSD's request deferral on RDMA transports (git-fixes). - SUNRPC: Fix READ_PLUS crasher (git-fixes). - SUNRPC: Prevent immediate close+reconnect (git-fixes). - USB: Follow-up to SPDX GPL-2.0+ identifiers addition - remove now useless comments (git-fixes). - USB: Follow-up to SPDX identifiers addition - remove now useless comments (git-fixes). - USB: serial: ch314: use usb_control_msg_recv() (git-fixes). - USB: serial: ch341: fix disabled rx timer on older devices (git-fixes). - USB: serial: ch341: fix lost character on LCR updates (git-fixes). - USB: serial: fix tty-port initialized comments (git-fixes). - XArray: Update the LRU list in xas_split() (git-fixes). - apparmor: Fix failed mount permission check error message (git-fixes). - apparmor: Fix memleak in aa_simple_write_to_buffer() (git-fixes). - apparmor: fix aa_label_asxprint return check (git-fixes). - apparmor: fix absroot causing audited secids to begin with = (git-fixes). - apparmor: fix overlapping attachment computation (git-fixes). - apparmor: fix quiet_denied for file rules (git-fixes). - apparmor: fix reference count leak in aa_pivotroot() (git-fixes). - apparmor: fix setting unconfined mode on a loaded profile (git-fixes). - arm64: Do not forget syscall when starting a new thread (git-fixes). - arm64: Fix match_list for erratum 1286807 on Arm Cortex-A76 (git-fixes). - arm64: cpufeature: Allow different PMU versions in ID_DFR0_EL1 (git-fixes). - arm64: dts: allwinner: a64: orangepi-win: Fix LED node name (git-fixes). - arm64: dts: mt7622: fix BPI-R64 WPS button (git-fixes). - arm64: dts: mt8192: Fix idle-states entry-method (git-fixes). - arm64: dts: mt8192: Fix idle-states nodes naming scheme (git-fixes). - arm64: dts: qcom: ipq8074: fix NAND node name (git-fixes). - arm64: dts: qcom: msm8916: Fix typo in pronto remoteproc node (git-fixes). - arm64: dts: qcom: qcs404: Fix incorrect USB2 PHYs assignment (git-fixes). - arm64: dts: qcom: sm8250: add missing PCIe PHY clock-cells (git-fixes). - arm64: dts: renesas: Fix thermal-sensors on single-zone sensors (git-fixes). - arm64: dts: renesas: beacon: Fix regulator node names (git-fixes). - arm64: dts: uniphier: Fix USB interrupts for PXs3 SoC (git-fixes). - arm64: fix oops in concurrently setting insn_emulation sysctls (git-fixes). - arm64: fix rodata=full (git-fixes). - arm64: kasan: Revert 'arm64: mte: reset the page tag in page->flags' (git-fixes). - arm64: set UXN on swapper page tables (git-fixes). - arm64: tegra: Fix SDMMC1 CD on P2888 (git-fixes). - arm64: tegra: Fixup SYSRAM references (git-fixes). - arm64: tegra: Mark BPMP channels as no-memory-wc (git-fixes). - arm64: tegra: Update Tegra234 BPMP channel addresses (git-fixes). - arm_pmu: Validate single/group leader events (git-fixes). - asm-generic: remove a broken and needless ifdef conditional (git-fixes). - asm-generic: sections: refactor memory_intersects (git-fixes). - ata: libata-eh: Add missing command name (git-fixes). - ath10k: do not enforce interrupt trigger type (git-fixes). - ath11k: Fix incorrect debug_mask mappings (git-fixes). - ath11k: fix netdev open race (git-fixes). - atm: idt77252: fix use-after-free bugs caused by tst_timer (git-fixes). - audit: fix potential double free on error path from fsnotify_add_inode_mark (git-fixes). - ax25: Fix ax25 session cleanup problems (git-fixes). - bitfield.h: Fix 'type of reg too small for mask' test (git-fixes). - block: Fix fsync always failed if once failed (bsc#1202779). - block: Fix wrong offset in bio_truncate() (bsc#1202780). - block: fix rq-qos breakage from skipping rq_qos_done_bio() (bsc#1202781). - block: only mark bio as tracked if it really is tracked (bsc#1202782). - bnx2x: Invalidate fastpath HSI version for VFs (git-fixes). - bnx2x: Utilize firmware 7.13.21.0 (git-fixes). - btrfs: properly flag filesystem with BTRFS_FEATURE_INCOMPAT_BIG_METADATA (git-fixes). - bus: hisi_lpc: fix missing platform_device_put() in hisi_lpc_acpi_probe() (git-fixes). - can: Break loopback loop on loopback documentation (git-fixes). - can: ems_usb: fix clang's -Wunaligned-access warning (git-fixes). - can: error: specify the values of data[5..7] of CAN error frames (git-fixes). - can: hi311x: do not report txerr and rxerr during bus-off (git-fixes). - can: j1939: j1939_sk_queue_activate_next_locked(): replace WARN_ON_ONCE with netdev_warn_once() (git-fixes). - can: kvaser_usb_hydra: do not report txerr and rxerr during bus-off (git-fixes). - can: kvaser_usb_leaf: do not report txerr and rxerr during bus-off (git-fixes). - can: mcp251x: Fix race condition on receive interrupt (git-fixes). - can: mcp251xfd: mcp251xfd_dump(): fix comment (git-fixes). - can: netlink: allow configuring of fixed bit rates without need for do_set_bittiming callback (git-fixes). - can: netlink: allow configuring of fixed data bit rates without need for do_set_data_bittiming callback (git-fixes). - can: pch_can: do not report txerr and rxerr during bus-off (git-fixes). - can: pch_can: pch_can_error(): initialize errc before using it (git-fixes). - can: rcar_can: do not report txerr and rxerr during bus-off (git-fixes). - can: sja1000: do not report txerr and rxerr during bus-off (git-fixes). - can: sun4i_can: do not report txerr and rxerr during bus-off (git-fixes). - can: usb_8dev: do not report txerr and rxerr during bus-off (git-fixes). - ceph: do not leak snap_rwsem in handle_cap_grant (bsc#1202823). - ceph: do not truncate file in atomic_open (bsc#1202824). - ceph: use correct index when encoding client supported features (bsc#1202822). - cfg80211/mac80211: assume CHECKSUM_COMPLETE includes SNAP (bsc#1202131). - cgroup: Use separate src/dst nodes when preloading css_sets for migration (bsc#1201610). - cifs: fix reconnect on smb3 mount types (bsc#1201427). - clk: bcm: rpi: Fix error handling of raspberrypi_fw_get_rate (git-fixes). - clk: core: Fix runtime PM sequence in clk_core_unprepare() (git-fixes). - clk: core: Honor CLK_OPS_PARENT_ENABLE for clk gate ops (git-fixes). - clk: mediatek: reset: Fix written reset bit offset (git-fixes). - clk: qcom: camcc-sdm845: Fix topology around titan_top power domain (git-fixes). - clk: qcom: camcc-sm8250: Fix halt on boot by reducing driver's init level (git-fixes). - clk: qcom: camcc-sm8250: Fix topology around titan_top power domain (git-fixes). - clk: qcom: clk-alpha-pll: fix clk_trion_pll_configure description (git-fixes). - clk: qcom: clk-krait: unlock spin after mux completion (git-fixes). - clk: qcom: clk-rcg2: Fail Duty-Cycle configuration if MND divider is not enabled (git-fixes). - clk: qcom: clk-rcg2: Make sure to not write d=0 to the NMD register (git-fixes). - clk: qcom: gcc-msm8939: Add missing SYSTEM_MM_NOC_BFDCD_CLK_SRC (git-fixes). - clk: qcom: gcc-msm8939: Add missing system_mm_noc_bfdcd_clk_src (git-fixes). - clk: qcom: gcc-msm8939: Fix bimc_ddr_clk_src rcgr base address (git-fixes). - clk: qcom: gcc-msm8939: Fix weird field spacing in ftbl_gcc_camss_cci_clk (git-fixes). - clk: qcom: gcc-msm8939: Point MM peripherals to system_mm_noc clock (git-fixes). - clk: qcom: ipq8074: SW workaround for UBI32 PLL lock (git-fixes). - clk: qcom: ipq8074: dont disable gcc_sleep_clk_src (git-fixes). - clk: qcom: ipq8074: fix NSS core PLL-s (git-fixes). - clk: qcom: ipq8074: fix NSS port frequency tables (git-fixes). - clk: qcom: ipq8074: set BRANCH_HALT_DELAY flag for UBI clocks (git-fixes). - clk: renesas: r9a06g032: Fix UART clkgrp bitsel (git-fixes). - clk: ti: Stop using legacy clkctrl names for omap4 and 5 (git-fixes). - configfs: fix a race in configfs_{,un}register_subsystem() (git-fixes). - cpufreq: zynq: Fix refcount leak in zynq_get_revision (git-fixes). - crypto: arm64/poly1305 - fix a read out-of-bound (git-fixes). - crypto: ccp - During shutdown, check SEV data pointer before using (git-fixes). - crypto: ccp - Use kzalloc for sev ioctl interfaces to prevent kernel memory leak (git-fixes). - crypto: hisilicon - Kunpeng916 crypto driver do not sleep when in softirq (git-fixes). - crypto: hisilicon/hpre - do not use GFP_KERNEL to alloc mem during softirq (git-fixes). - crypto: hisilicon/sec - do not sleep when in softirq (git-fixes). - crypto: hisilicon/sec - fix auth key size error (git-fixes). - crypto: inside-secure - Add missing MODULE_DEVICE_TABLE for of (git-fixes). - crypto: sun8i-ss - do not allocate memory when handling hash requests (git-fixes). - crypto: sun8i-ss - fix error codes in allocate_flows() (git-fixes). - crypto: sun8i-ss - fix infinite loop in sun8i_ss_setup_ivs() (git-fixes). - device property: Check fwnode->secondary when finding properties (git-fixes). - devlink: Fix use-after-free after a failed reload (git-fixes). - dm raid: fix KASAN warning in raid5_add_disks (git-fixes). - dma-debug: change allocation mode from GFP_NOWAIT to GFP_ATIOMIC (git-fixes). - dma-debug: make things less spammy under memory pressure (git-fixes). - dmaengine: dw-axi-dmac: do not print NULL LLI during error (git-fixes). - dmaengine: dw-axi-dmac: ignore interrupt if no descriptor (git-fixes). - dmaengine: dw-edma: Fix eDMA Rd/Wr-channels and DMA-direction semantics (git-fixes). - dmaengine: imx-dma: Cast of_device_get_match_data() with (uintptr_t) (git-fixes). - dmaengine: sf-pdma: Add multithread support for a DMA channel (git-fixes). - dmaengine: sprd: Cleanup in .remove() after pm_runtime_get_sync() failed (git-fixes). - dmaengine: stm32-mdma: Remove dead code in stm32_mdma_irq_handler() (git-fixes). - docs/kernel-parameters: Update descriptions for 'mitigations=' param with retbleed (git-fixes). - docs: i2c: i2c-sysfs: fix hyperlinks (git-fixes). - docs: zh_CN: fix a broken reference (git-fixes). - dpaa2-eth: fix ethtool statistics (git-fixes). - driver core: Do not probe devices after bus_type.match() probe deferral (git-fixes). - driver core: fix potential deadlock in __driver_attach (git-fixes). - drivers/iio: Remove all strcpy() uses (git-fixes). - drivers: usb: dwc3-qcom: Add sdm660 compatible (git-fixes). - drm/amd/amd_shared.h: Add missing doc for PP_GFX_DCS_MASK (git-fixes). - drm/amd/display: Add option to defer works of hpd_rx_irq (git-fixes). - drm/amd/display: Avoid MPC infinite loop (git-fixes). - drm/amd/display: Check correct bounds for stream encoder instances for DCN303 (git-fixes). - drm/amd/display: Enable building new display engine with KCOV enabled (git-fixes). - drm/amd/display: Fix HDMI VSIF V3 incorrect issue (git-fixes). - drm/amd/display: Fix pixel clock programming (git-fixes). - drm/amd/display: Fix surface optimization regression on Carrizo (git-fixes). - drm/amd/display: For stereo keep 'FLIP_ANY_FRAME' (git-fixes). - drm/amd/display: Ignore First MST Sideband Message Return Error (git-fixes). - drm/amd/display: Optimize bandwidth on following fast update (git-fixes). - drm/amd/display: Reset DMCUB before HW init (git-fixes). - drm/amd/display: Revert 'drm/amd/display: turn DPMS off on connector unplug' (git-fixes). - drm/amd/display: avoid doing vm_init multiple time (git-fixes). - drm/amd/display: clear optc underflow before turn off odm clock (git-fixes). - drm/amd/pm: add missing ->fini_microcode interface for Sienna Cichlid (git-fixes). - drm/amdgpu: Check BO's requested pinning domains against its preferred_domains (git-fixes). - drm/amdgpu: Increase tlb flush timeout for sriov (git-fixes). - drm/amdgpu: Remove one duplicated ef removal (git-fixes). - drm/amdgpu: remove useless condition in amdgpu_job_stop_all_jobs_on_sched() (git-fixes). - drm/bridge: lt9611uxc: Cancel only driver's work (git-fixes). - drm/bridge: tc358767: Fix (e)DP bridge endpoint parsing in dedicated function (git-fixes). - drm/bridge: tc358767: Make sure Refclk clock are enabled (git-fixes). - drm/bridge: tc358767: Move (e)DP bridge endpoint parsing into dedicated function (git-fixes). - drm/doc: Fix comment typo (git-fixes). - drm/exynos/exynos7_drm_decon: free resources when clk_set_parent() failed (git-fixes). - drm/gem: Properly annotate WW context on drm_gem_lock_reservations() error (git-fixes). - drm/i915/display: avoid warnings when registering dual panel backlight (git-fixes). - drm/i915/gt: Skip TLB invalidations once wedged (git-fixes). - drm/i915/reg: Fix spelling mistake 'Unsupport' -> 'Unsupported' (git-fixes). - drm/i915: fix null pointer dereference (git-fixes). - drm/mcde: Fix refcount leak in mcde_dsi_bind (git-fixes). - drm/mediatek: Add pull-down MIPI operation in mtk_dsi_poweroff function (git-fixes). - drm/mediatek: Allow commands to be sent during video mode (git-fixes). - drm/mediatek: Keep dsi as LP00 before dcs cmds transfer (git-fixes). - drm/mediatek: Modify dsi funcs to atomic operations (git-fixes). - drm/mediatek: Separate poweron/poweroff from enable/disable and define new funcs (git-fixes). - drm/mediatek: dpi: Only enable dpi after the bridge is enabled (git-fixes). - drm/mediatek: dpi: Remove output format of YUV (git-fixes). - drm/meson: Fix overflow implicit truncation warnings (git-fixes). - drm/meson: Fix refcount bugs in meson_vpu_has_available_connectors() (git-fixes). - drm/mipi-dbi: align max_chunk to 2 in spi_transfer (git-fixes). - drm/msm/dp: delete DP_RECOVERED_CLOCK_OUT_EN to fix tps4 (git-fixes). - drm/msm/dpu: Fix for non-visible planes (git-fixes). - drm/msm/dsi: Fix number of regulators for SDM660 (git-fixes). - drm/msm/dsi: Fix number of regulators for msm8996_dsi_cfg (git-fixes). - drm/msm/dsi: fix the inconsistent indenting (git-fixes). - drm/msm/hdmi: drop empty 'none' regulator lists (git-fixes). - drm/msm/hdmi: enable core-vcc/core-vdda-supply for 8996 platform (git-fixes). - drm/msm/mdp5: Fix global state lock backoff (git-fixes). - drm/msm: Avoid dirtyfb stalls on video mode displays (v2) (git-fixes). - drm/msm: Fix dirtyfb refcounting (git-fixes). - drm/nouveau/acpi: Do not print error when we get -EINPROGRESS from pm_runtime (git-fixes). - drm/nouveau/kms: Fix failure path for creating DP connectors (git-fixes). - drm/nouveau: Do not pm_runtime_put_sync(), only pm_runtime_put_autosuspend() (git-fixes). - drm/nouveau: fix another off-by-one in nvbios_addr (git-fixes). - drm/nouveau: recognise GA103 (git-fixes). - drm/radeon: fix incorrrect SPDX-License-Identifiers (git-fixes). - drm/radeon: fix potential buffer overflow in ni_set_mc_special_registers() (git-fixes). - drm/rockchip: Fix an error handling path rockchip_dp_probe() (git-fixes). - drm/rockchip: vop: Do not crash for invalid duplicate_state() (git-fixes). - drm/shmem-helper: Add missing vunmap on error (git-fixes). - drm/simpledrm: Fix return type of simpledrm_simple_display_pipe_mode_valid() (git-fixes). - drm/st7735r: Fix module autoloading for Okaya RH128128T (git-fixes). - drm/sun4i: dsi: Prevent underflow when computing packet sizes (git-fixes). - drm/ttm: Fix dummy res NULL ptr deref bug (git-fixes). - drm/udl: Add parameter to set number of URBs (bsc#1195917). - drm/udl: Add reset_resume (bsc#1195917) - drm/udl: Do not re-initialize stuff at retrying the URB list allocation (bsc#1195917). - drm/udl: Drop unneeded alignment (bsc#1195917). - drm/udl: Enable damage clipping (bsc#1195917). - drm/udl: Fix inconsistent urbs.count value during udl_free_urb_list() (bsc#1195917). - drm/udl: Fix potential URB leaks (bsc#1195917). - drm/udl: Increase the default URB list size to 20 (bsc#1195917). - drm/udl: Kill pending URBs at suspend and disconnect (bsc#1195917). - drm/udl: Replace BUG_ON() with WARN_ON() (bsc#1195917). - drm/udl: Replace semaphore with a simple wait queue (bsc#1195917). - drm/udl: Restore display mode on resume (bsc#1195917) - drm/udl: Suppress error print for -EPROTO at URB completion (bsc#1195917). - drm/udl: Sync pending URBs at suspend / disconnect (bsc#1195917). - drm/udl: Sync pending URBs at the end of suspend (bsc#1195917). - drm/vc4: change vc4_dma_range_matches from a global to static (git-fixes). - drm/vc4: drv: Adopt the dma configuration from the HVS or V3D component (git-fixes). - drm/vc4: dsi: Add correct stop condition to vc4_dsi_encoder_disable iteration (git-fixes). - drm/vc4: dsi: Correct DSI divider calculations (git-fixes). - drm/vc4: dsi: Correct pixel order for DSI0 (git-fixes). - drm/vc4: dsi: Fix dsi0 interrupt support (git-fixes). - drm/vc4: dsi: Register dsi0 as the correct vc4 encoder type (git-fixes). - drm/vc4: hdmi: Correct HDMI timing registers for interlaced modes (git-fixes). - drm/vc4: hdmi: Disable audio if dmas property is present but empty (git-fixes). - drm/vc4: hdmi: Fix timings for interlaced modes (git-fixes). - drm/vc4: hdmi: Reset HDMI MISC_CONTROL register (git-fixes). - drm/vc4: plane: Fix margin calculations for the right/bottom edges (git-fixes). - drm/vc4: plane: Remove subpixel positioning check (git-fixes). - drm: adv7511: override i2c address of cec before accessing it (git-fixes). - drm: bridge: adv7511: Add check for mipi_dsi_driver_register (git-fixes). - drm: bridge: sii8620: fix possible off-by-one (git-fixes). - dsa: mv88e6xxx: fix debug print for SPEED_UNFORCED (git-fixes). - dt-bindings: arm: qcom: fix MSM8916 MTP compatibles (git-fixes). - dt-bindings: arm: qcom: fix MSM8994 boards compatibles (git-fixes). - dt-bindings: bluetooth: broadcom: Add BCM4349B1 DT binding (git-fixes). - dt-bindings: clock: qcom,gcc-msm8996: add more GCC clock sources (git-fixes). - dt-bindings: gpio: zynq: Add missing compatible strings (git-fixes). - dt-bindings: iio: accel: Add DT binding doc for ADXL355 (git-fixes). - dt-bindings: usb: mtk-xhci: Allow wakeup interrupt-names to be optional (git-fixes). - eeprom: idt_89hpesx: uninitialized data in idt_dbgfs_csr_write() (git-fixes). - erofs: fix deadlock when shrink erofs slab (git-fixes). - ethernet: rocker: fix sleep in atomic context bug in neigh_timer_handler (git-fies). - exfat: Define NLS_NAME_* as bit flags explicitly (bsc#1201725). - exfat: Downgrade ENAMETOOLONG error message to debug messages (bsc#1201725). - exfat: Drop superfluous new line for error messages (bsc#1201725). - exfat: Expand exfat_err() and co directly to pr_*() macro (bsc#1201725). - exfat: Return ENAMETOOLONG consistently for oversized paths (bsc#1201725). - exfat: fix i_blocks for files truncated over 4 GiB (git-fixes). - exfat: fix referencing wrong parent directory information after renaming (git-fixes). - exfat: reuse exfat_inode_info variable instead of calling EXFAT_I() (git-fixes). - exfat: use updated exfat_chain directly during renaming (git-fixes). - export: fix string handling of namespace in EXPORT_SYMBOL_NS (git-fixes). - ext4: Fix BUG_ON in ext4_bread when write quota data (bsc#1197755). - ext4: add new helper interface ext4_try_to_trim_range() (bsc#1202783). - ext4: add reserved GDT blocks check (bsc#1202712). - ext4: do not use the orphan list when migrating an inode (bsc#1197756). - ext4: fast commit may miss tracking unwritten range during ftruncate (bsc#1202759). - ext4: filter out EXT4_FC_REPLAY from on-disk superblock field s_state (bsc#1202771). - ext4: fix a possible ABBA deadlock due to busy PA (bsc#1202762). - ext4: fix bug_on in ext4_writepages (bsc#1200872). - ext4: fix error handling in ext4_fc_record_modified_inode() (bsc#1202767). - ext4: fix error handling in ext4_restore_inline_data() (bsc#1197757). - ext4: fix fallocate to use file_modified to update permissions consistently (bsc#1202769). - ext4: fix fast commit may miss tracking range for FALLOC_FL_ZERO_RANGE (bsc#1202757). - ext4: fix fs corruption when tring to remove a non-empty directory with IO error (bsc#1202768). - ext4: fix incorrect type issue during replay_del_range (bsc#1202867). - ext4: fix null-ptr-deref in '__ext4_journal_ensure_credits' (bsc#1202764). - ext4: fix overhead calculation to account for the reserved gdt blocks (bsc#1200869). - ext4: fix race when reusing xattr blocks (bsc#1198971). - ext4: fix super block checksum incorrect after mount (bsc#1202773). - ext4: fix symlink file size not match to file content (bsc#1200868). - ext4: fix use-after-free in ext4_rename_dir_prepare (bsc#1200871). - ext4: fix use-after-free in ext4_search_dir (bsc#1202710). - ext4: fix warning in ext4_handle_inode_extension (bsc#1202711). - ext4: force overhead calculation if the s_overhead_cluster makes no sense (bsc#1200870). - ext4: initialize err_blk before calling __ext4_get_inode_loc (bsc#1202763). - ext4: make sure quota gets properly shutdown on error (bsc#1195480). - ext4: make sure to reset inode lockdep class when quota enabling fails (bsc#1202761). - ext4: mark group as trimmed only if it was fully scanned (bsc#1202770). - ext4: modify the logic of ext4_mb_new_blocks_simple (bsc#1202766). - ext4: prevent used blocks from being allocated during fast commit replay (bsc#1202765). - ext4: recover csum seed of tmp_inode after migrating to extents (bsc#1202713). - ext4: remove EA inode entry from mbcache on inode eviction (bsc#1198971). - ext4: unindent codeblock in ext4_xattr_block_set() (bsc#1198971). - ext4: use ext4_ext_remove_space() for fast commit replay delete range (bsc#1202758). - fat: add ratelimit to fat*_ent_bread() (git-fixes). - fbcon: Fix boundary checks for fbcon=vc:n1-n2 parameters (git-fixes). - fbdev: fb_pm2fb: Avoid potential divide by zero error (git-fixes). - fbdev: fbcon: Properly revert changes when vc_resize() failed (git-fies). - filemap: Handle sibling entries in filemap_get_read_batch() (bsc#1202774). - firmware: arm_scpi: Ensure scpi_info is not assigned if the probe fails (git-fixes). - firmware: tegra: Fix error check return value of debugfs_create_file() (git-fixes). - firmware: tegra: bpmp: Do only aligned access to IPC memory area (git-fixes). - fix race between exit_itimers() and /proc/pid/timers (git-fixes). - fpga: altera-pr-ip: fix unsigned comparison with less than zero (git-fixes). - fs-writeback: writeback_sb_inodes: Recalculate 'wrote' according skipped pages (bsc#1200873). - ftrace/x86: Add back ftrace_expected assignment (git-fixes). - fuse: ioctl: translate ENOSYS (bsc#1203139). - fuse: limit nsec (bsc#1203138). - gadgetfs: ep_io - wait until IRQ finishes (git-fixes). - geneve: do not use RT_TOS for IPv6 flowlabel (git-fixes). - geneve: fix TOS inheriting for ipv4 (git-fixes). - gpio: gpiolib-of: Fix refcount bugs in of_mm_gpiochip_add_data() (git-fixes). - gpio: pca953x: Add mutex_lock for regcache sync in PM (git-fixes). - habanalabs/gaudi: fix shift out of bounds (git-fixes). - habanalabs/gaudi: mask constant value before cast (git-fixes). - hwmon: (dell-smm) Add Dell XPS 13 7390 to fan control whitelist (git-fixes). - hwmon: (drivetemp) Add module alias (git-fixes). - hwmon: (gpio-fan) Fix array out of bounds access (git-fixes). - hwmon: (sht15) Fix wrong assumptions in device remove callback (git-fixes). - i2c: Fix a potential use after free (git-fixes). - i2c: cadence: Support PEC for SMBus block read (git-fixes). - i2c: imx: Make sure to unregister adapter on remove() (git-fixes). - i2c: mux-gpmux: Add of_node_put() when breaking out of loop (git-fixes). - i2c: mxs: Silence a clang warning (git-fixes). - i2c: npcm: Capitalize the one-line comment (git-fixes). - i2c: npcm: Correct slave role behavior (git-fixes). - i2c: npcm: Remove own slave addresses 2:10 (git-fixes). - ice: fix 'scheduling while atomic' on aux critical err interrupt (git-fixes). - ieee80211: add EHT 1K aggregation definitions (bsc#1202131). - ieee80211: change HE nominal packet padding value defines (bsc#1202131). - ieee802154/adf7242: defer destroy_workqueue call (git-fixes). - iio: accel: bma220: Fix alignment for DMA safety (git-fixes). - iio: accel: bma400: Fix the scale min and max macro values (git-fixes). - iio: accel: bma400: Reordering of header files (git-fixes). - iio: accel: sca3000: Fix alignment for DMA safety (git-fixes). - iio: accel: sca3300: Fix alignment for DMA safety (git-fixes). - iio: ad7292: Prevent regulator double disable (git-fixes). - iio: adc: ad7266: Fix alignment for DMA safety (git-fixes). - iio: adc: ad7292: Fix alignment for DMA safety (git-fixes). - iio: adc: ad7298: Fix alignment for DMA safety (git-fixes). - iio: adc: ad7476: Fix alignment for DMA safety (git-fixes). - iio: adc: ad7766: Fix alignment for DMA safety (git-fixes). - iio: adc: ad7768-1: Fix alignment for DMA safety (git-fixes). - iio: adc: ad7887: Fix alignment for DMA safety (git-fixes). - iio: adc: ad7923: Fix alignment for DMA safety (git-fixes). - iio: adc: hi8435: Fix alignment for DMA safety (git-fixes). - iio: adc: ltc2496: Fix alignment for DMA safety (git-fixes). - iio: adc: ltc2497: Fix alignment for DMA safety (git-fixes). - iio: adc: max1027: Fix alignment for DMA safety (git-fixes). - iio: adc: max11100: Fix alignment for DMA safety (git-fixes). - iio: adc: max1118: Fix alignment for DMA safety (git-fixes). - iio: adc: max1241: Fix alignment for DMA safety (git-fixes). - iio: adc: mcp320x: Fix alignment for DMA safety (git-fixes). - iio: adc: mcp3911: make use of the sign bit (git-fixes). - iio: adc: mcp3911: use correct formula for AD conversion (git-fixes). - iio: adc: ti-adc0832: Fix alignment for DMA safety (git-fixes). - iio: adc: ti-adc084s021: Fix alignment for DMA safety (git-fixes). - iio: adc: ti-adc108s102: Fix alignment for DMA safety (git-fixes). - iio: adc: ti-adc12138: Fix alignment for DMA safety (git-fixes). - iio: adc: ti-adc128s052: Fix alignment for DMA safety (git-fixes). - iio: adc: ti-adc161s626: Fix alignment for DMA safety (git-fixes). - iio: adc: ti-ads124s08: Fix alignment for DMA safety (git-fixes). - iio: adc: ti-ads131e08: Fix alignment for DMA safety (git-fixes). - iio: adc: ti-ads7950: Fix alignment for DMA safety (git-fixes). - iio: adc: ti-ads8344: Fix alignment for DMA safety (git-fixes). - iio: adc: ti-ads8688: Fix alignment for DMA safety (git-fixes). - iio: adc: ti-tlc4541: Fix alignment for DMA safety (git-fixes). - iio: amplifiers: ad8366: Fix alignment for DMA safety (git-fixes). - iio: common: ssp: Fix alignment for DMA safety (git-fixes). - iio: core: Fix IIO_ALIGN and rename as it was not sufficiently large (git-fixes). - iio: dac: ad5064: Fix alignment for DMA safety (git-fixes). - iio: dac: ad5360: Fix alignment for DMA safety (git-fixes). - iio: dac: ad5421: Fix alignment for DMA safety (git-fixes). - iio: dac: ad5449: Fix alignment for DMA safety (git-fixes). - iio: dac: ad5504: Fix alignment for DMA safety (git-fixes). - iio: dac: ad5755: Fix alignment for DMA safety (git-fixes). - iio: dac: ad5761: Fix alignment for DMA safety (git-fixes). - iio: dac: ad5764: Fix alignment for DMA safety (git-fixes). - iio: dac: ad5766: Fix alignment for DMA safety (git-fixes). - iio: dac: ad5770r: Fix alignment for DMA safety (git-fixes). - iio: dac: ad5791: Fix alignment for DMA saftey (git-fixes). - iio: dac: ad7303: Fix alignment for DMA safety (git-fixes). - iio: dac: ad8801: Fix alignment for DMA safety (git-fixes). - iio: dac: mcp4922: Fix alignment for DMA safety (git-fixes). - iio: dac: ti-dac082s085: Fix alignment for DMA safety (git-fixes). - iio: dac: ti-dac5571: Fix alignment for DMA safety (git-fixes). - iio: dac: ti-dac7311: Fix alignment for DMA safety (git-fixes). - iio: dac: ti-dac7612: Fix alignment for DMA safety (git-fixes). - iio: fix iio_format_avail_range() printing for none IIO_VAL_INT (git-fixes). - iio: frequency: ad9523: Fix alignment for DMA safety (git-fixes). - iio: frequency: adf4350: Fix alignment for DMA safety (git-fixes). - iio: frequency: adf4371: Fix alignment for DMA safety (git-fixes). - iio: gyro: adis16080: Fix alignment for DMA safety (git-fixes). - iio: gyro: adis16130: Fix alignment for DMA safety (git-fixes). - iio: gyro: adxrs450: Fix alignment for DMA safety (git-fixes). - iio: gyro: fxas210002c: Fix alignment for DMA safety (git-fixes). - iio: imu: fxos8700: Fix alignment for DMA safety (git-fixes). - iio: light: isl29028: Fix the warning in isl29028_remove() (git-fixes). - iio: potentiometer: ad5272: Fix alignment for DMA safety (git-fixes). - iio: potentiometer: max5481: Fix alignment for DMA safety (git-fixes). - iio: potentiometer: mcp41010: Fix alignment for DMA safety (git-fixes). - iio: potentiometer: mcp4131: Fix alignment for DMA safety (git-fixes). - iio: proximity: as3935: Fix alignment for DMA safety (git-fixes). - iio: resolver: ad2s1200: Fix alignment for DMA safety (git-fixes). - iio: resolver: ad2s90: Fix alignment for DMA safety (git-fixes). - iio: temp: ltc2983: Fix alignment for DMA safety (git-fixes). - iio: temp: maxim_thermocouple: Fix alignment for DMA safety (git-fixes). - inet_diag: fix kernel-infoleak for UDP sockets (git-fixes). - intel_th: Fix a resource leak in an error handling path (git-fixes). - intel_th: msu-sink: Potential dereference of null pointer (git-fixes). - intel_th: msu: Fix vmalloced buffers (git-fixes). - intel_th: pci: Add Meteor Lake-P support (git-fixes). - intel_th: pci: Add Raptor Lake-S CPU support (git-fixes). - intel_th: pci: Add Raptor Lake-S PCH support (git-fixes). - interconnect: imx: fix max_node_id (git-fixes). - io_uring: add a schedule point in io_add_buffers() (git-fixes). - io_uring: terminate manual loop iterator loop correctly for non-vecs (git-fixes). - iommu/amd: Clarify AMD IOMMUv2 initialization messages (git-fixes). - iommu/amd: Enable swiotlb in all cases (git-fixes). - iommu/amd: Fix I/O page table memory leak (git-fixes). - iommu/amd: Recover from event log overflow (git-fixes). - iommu/amd: Simplify and Consolidate Virtual APIC (AVIC) Enablement (git-fixes). - iommu/arm-smmu-v3-sva: Fix mm use-after-free (git-fixes). - iommu/arm-smmu-v3: Fix size calculation in arm_smmu_mm_invalidate_range() (git-fixes). - iommu/arm-smmu: qcom_iommu: Add of_node_put() when breaking out of loop (git-fixes). - iommu/dart: Add missing module owner to ops structure (git-fixes). - iommu/dart: check return value after calling platform_get_resource() (git-fixes). - iommu/exynos: Handle failed IOMMU device registration properly (git-fixes). - iommu/iova: Improve 32-bit free space estimate (git-fixes). - iommu/ipmmu-vmsa: Check for error num after setting mask (git-fixes). - iommu/mediatek: Add list_del in mtk_iommu_remove (git-fixes). - iommu/mediatek: Add mutex for m4u_group and m4u_dom in data (git-fixes). - iommu/mediatek: Fix 2 HW sharing pgtable issue (git-fixes). - iommu/mediatek: Fix NULL pointer dereference when printing dev_name (git-fixes). - iommu/mediatek: Remove clk_disable in mtk_iommu_remove (git-fixes). - iommu/msm: Fix an incorrect NULL check on list iterator (git-fixes). - iommu/omap: Fix regression in probe for NULL pointer dereference (git-fixes). - iommu/tegra-smmu: Fix missing put_device() call in tegra_smmu_find (git-fixes). - iommu/vt-d: Acquiring lock in domain ID allocation helpers (bsc#1200301). - iommu/vt-d: Calculate mask for non-aligned flushes (git-fixes). - iommu/vt-d: Drop stop marker messages (git-fixes). - iommu/vt-d: Fix PCI bus rescan device hot add (git-fixes). - iommu/vt-d: Fix RID2PASID setup/teardown failure (git-fixes). - iommu/vt-d: Make DMAR_UNITS_SUPPORTED default 1024 (bsc#1200301). - iommu/vt-d: Refactor iommu information of each domain (bsc#1200301). - iommu/vt-d: Remove global g_iommus array (bsc#1200301). - iommu/vt-d: Remove intel_iommu::domains (bsc#1200301). - iommu/vt-d: Remove unnecessary check in intel_iommu_add() (bsc#1200301). - iommu/vt-d: Use IDA interface to manage iommu sequence id (bsc#1200301). - iommu/vt-d: avoid invalid memory access via node_online(NUMA_NO_NODE) (git-fixes). - iommu: Fix potential use-after-free during probe (git-fixes). - iov_iter: Fix iter_xarray_get_pages{,_alloc}() (git-fixes). - iov_iter: fix build issue due to possible type mis-match (git-fixes). - ipmi: fix initialization when workqueue allocation fails (git-fixes). - irqchip/sifive-plic: Add missing thead,c900-plic match string (git-fixes). - irqchip/tegra: Fix overflow implicit truncation warnings (git-fixes). - iwlwifi/fw: use struct_size over open coded arithmetic (bsc#1202131). - iwlwifi: ACPI: support revision 3 WGDS tables (bsc#1202131). - iwlwifi: Add support for getting rf id with blank otp (bsc#1202131). - iwlwifi: Add support for more BZ HWs (bsc#1202131). - iwlwifi: BZ Family BUS_MASTER_DISABLE_REQ code duplication (bsc#1202131). - iwlwifi: BZ Family SW reset support (bsc#1202131). - iwlwifi: Configure FW debug preset via module param (bsc#1202131). - iwlwifi: Fix FW name for gl (bsc#1202131). - iwlwifi: Fix missing error code in iwl_pci_probe() (bsc#1202131). - iwlwifi: Fix syntax errors in comments (bsc#1202131). - iwlwifi: Make use of the helper macro LIST_HEAD() (bsc#1202131). - iwlwifi: Read the correct addresses when getting the crf id (bsc#1202131). - iwlwifi: Start scratch debug register for Bz family (bsc#1202131). - iwlwifi: acpi: fix wgds rev 3 size (bsc#1202131). - iwlwifi: acpi: move ppag code from mvm to fw/acpi (bsc#1202131). - iwlwifi: add missing entries for Gf4 with So and SoF (bsc#1202131). - iwlwifi: add new Qu-Hr device (bsc#1202131). - iwlwifi: add new ax1650 killer device (bsc#1202131). - iwlwifi: add new device id 7F70 (bsc#1202131). - iwlwifi: add new pci SoF with JF (bsc#1202131). - iwlwifi: add some missing kernel-doc in struct iwl_fw (bsc#1202131). - iwlwifi: add support for BNJ HW (bsc#1202131). - iwlwifi: add support for BZ-U and BZ-L HW (bsc#1202131). - iwlwifi: add support for Bz-Z HW (bsc#1202131). - iwlwifi: add vendor specific capabilities for some RFs (bsc#1202131). - iwlwifi: advertise support for HE - DCM BPSK RX/TX (bsc#1202131). - iwlwifi: allow rate-limited error messages (bsc#1202131). - iwlwifi: api: fix struct iwl_wowlan_status_v7 kernel-doc (bsc#1202131). - iwlwifi: api: remove ttl field from TX command (bsc#1202131). - iwlwifi: api: remove unused RX status bits (bsc#1202131). - iwlwifi: avoid variable shadowing (bsc#1202131). - iwlwifi: avoid void pointer arithmetic (bsc#1202131). - iwlwifi: bump FW API to 67 for AX devices (bsc#1202131). - iwlwifi: bump FW API to 68 for AX devices (bsc#1202131). - iwlwifi: bump FW API to 69 for AX devices (bsc#1202131). - iwlwifi: bump FW API to 70 for AX devices (bsc#1202131). - iwlwifi: bump FW API to 71 for AX devices (bsc#1202131). - iwlwifi: bump FW API to 72 for AX devices (bsc#1202131). - iwlwifi: cfg: add support for 1K BA queue (bsc#1202131). - iwlwifi: dbg-tlv: clean up iwl_dbg_tlv_update_drams() (bsc#1202131). - iwlwifi: dbg: add infra for tracking free buffer size (bsc#1202131). - iwlwifi: dbg: check trigger data before access (bsc#1202131). - iwlwifi: dbg: disable ini debug in 8000 family and below (bsc#1202131). - iwlwifi: dbg: in sync mode do not call schedule (bsc#1202131). - iwlwifi: dbg: treat dbgc allocation failure when tlv is missing (bsc#1202131). - iwlwifi: dbg: treat non active regions as unsupported regions (bsc#1202131). - iwlwifi: dbg_ini: Split memcpy() to avoid multi-field write (bsc#1202131). - iwlwifi: de-const properly where needed (bsc#1202131). - iwlwifi: debugfs: remove useless double condition (bsc#1202131). - iwlwifi: do not dump_stack() when we get an unexpected interrupt (bsc#1202131). - iwlwifi: do not use __unused as variable name (bsc#1202131). - iwlwifi: drv: load tlv debug data earlier (bsc#1202131). - iwlwifi: dump CSR scratch from outer function (bsc#1202131). - iwlwifi: dump RCM error tables (bsc#1202131). - iwlwifi: dump both TCM error tables if present (bsc#1202131). - iwlwifi: dump host monitor data when NIC does not init (bsc#1202131). - iwlwifi: dvm: use struct_size over open coded arithmetic (bsc#1202131). - iwlwifi: eeprom: clean up macros (bsc#1202131). - iwlwifi: fix LED dependencies (bsc#1202131). - iwlwifi: fix debug TLV parsing (bsc#1202131). - iwlwifi: fix fw/img.c license statement (bsc#1202131). - iwlwifi: fix iwl_legacy_rate_to_fw_idx (bsc#1202131). - iwlwifi: fix small doc mistake for iwl_fw_ini_addr_val (bsc#1202131). - iwlwifi: fix various more -Wcast-qual warnings (bsc#1202131). - iwlwifi: fw dump: add infrastructure for dump scrubbing (bsc#1202131). - iwlwifi: fw: add support for splitting region type bits (bsc#1202131). - iwlwifi: fw: api: add link to PHY context command struct v1 (bsc#1202131). - iwlwifi: fw: correctly detect HW-SMEM region subtype (bsc#1202131). - iwlwifi: fw: fix some scan kernel-doc (bsc#1202131). - iwlwifi: fw: init SAR GEO table only if data is present (bsc#1202131). - iwlwifi: fw: make dump_start callback void (bsc#1202131). - iwlwifi: fw: remove dead error log code (bsc#1202131). - iwlwifi: implement reset flow for Bz devices (bsc#1202131). - iwlwifi: iwl-eeprom-parse: mostly dvm only (bsc#1202131). - iwlwifi: make iwl_fw_lookup_cmd_ver() take a cmd_id (bsc#1202131). - iwlwifi: make iwl_txq_dyn_alloc_dma() return the txq (bsc#1202131). - iwlwifi: make some functions friendly to sparse (bsc#1202131). - iwlwifi: move symbols into a separate namespace (bsc#1202131). - iwlwifi: mvm/api: define system control command (bsc#1202131). - iwlwifi: mvm: Add RTS and CTS flags to iwl_tx_cmd_flags (bsc#1202131). - iwlwifi: mvm: Add list of OEMs allowed to use TAS (bsc#1202131). - iwlwifi: mvm: Add support for a new version of scan request command (bsc#1202131). - iwlwifi: mvm: Add support for new rate_n_flags in tx_cmd (bsc#1202131). - iwlwifi: mvm: Consider P2P GO operation during scan (bsc#1202131). - iwlwifi: mvm: Disable WiFi bands selectively with BIOS (bsc#1202131). - iwlwifi: mvm: Do not fail if PPAG isn't supported (bsc#1202131). - iwlwifi: mvm: Fix wrong documentation for scan request command (bsc#1202131). - iwlwifi: mvm: Passively scan non PSC channels only when requested so (bsc#1202131). - iwlwifi: mvm: Read acpi dsm to get channel activation bitmap (bsc#1202131). - iwlwifi: mvm: Remove antenna c references (bsc#1202131). - iwlwifi: mvm: Support new TX_RSP and COMPRESSED_BA_RES versions (bsc#1202131). - iwlwifi: mvm: Support new rate_n_flags for REPLY_RX_MPDU_CMD and RX_NO_DATA_NOTIF (bsc#1202131). - iwlwifi: mvm: Support new version of BEACON_TEMPLATE_CMD (bsc#1202131). - iwlwifi: mvm: Support new version of ranging response notification (bsc#1202131). - iwlwifi: mvm: Support version 3 of tlc_update_notif (bsc#1202131). - iwlwifi: mvm: Unify the scan iteration functions (bsc#1202131). - iwlwifi: mvm: Use all Rx chains for roaming scan (bsc#1202131). - iwlwifi: mvm: add US/CA to TAS block list if OEM isn't allowed (bsc#1202131). - iwlwifi: mvm: add a flag to reduce power command (bsc#1202131). - iwlwifi: mvm: add additional info for boot info failures (bsc#1202131). - iwlwifi: mvm: add additional info for boot info failures (bsc#1202131). - iwlwifi: mvm: add dbg_time_point to debugfs (bsc#1202131). - iwlwifi: mvm: add definitions for new rate & flags (bsc#1202131). - iwlwifi: mvm: add lmac/umac PC info in case of error (bsc#1202131). - iwlwifi: mvm: add missing min_size to kernel-doc (bsc#1202131). - iwlwifi: mvm: add some missing command strings (bsc#1202131). - iwlwifi: mvm: add support for 160Mhz in ranging measurements (bsc#1202131). - iwlwifi: mvm: add support for CT-KILL notification version 2 (bsc#1202131). - iwlwifi: mvm: add support for IMR based on platform (bsc#1202131). - iwlwifi: mvm: add support for OCE scan (bsc#1202131). - iwlwifi: mvm: add support for PHY context command v4 (bsc#1202131). - iwlwifi: mvm: add support for statistics update version 15 (bsc#1202131). - iwlwifi: mvm: allow enabling UHB TAS in the USA via ACPI setting (bsc#1202131). - iwlwifi: mvm: always remove the session protection after association (bsc#1202131). - iwlwifi: mvm: always store the PPAG table as the latest version (bsc#1202131). - iwlwifi: mvm: always use 4K RB size by default (bsc#1202131). - iwlwifi: mvm: change old-SN drop threshold (bsc#1202131). - iwlwifi: mvm: clean up indenting in iwl_mvm_tlc_update_notif() (bsc#1202131). - iwlwifi: mvm: convert old rate & flags to the new format (bsc#1202131). - iwlwifi: mvm: correct sta-state logic for TDLS (bsc#1202131). - iwlwifi: mvm: correctly set channel flags (bsc#1202131). - iwlwifi: mvm: correctly set schedule scan profiles (bsc#1202131). - iwlwifi: mvm: d3: move GTK rekeys condition (bsc#1202131). - iwlwifi: mvm: d3: support v12 wowlan status (bsc#1202131). - iwlwifi: mvm: d3: use internal data representation (bsc#1202131). - iwlwifi: mvm: demote non-compliant kernel-doc header (bsc#1202131). - iwlwifi: mvm: do not get address of mvm->fwrt just to dereference as a pointer (bsc#1202131). - iwlwifi: mvm: do not send BAID removal to the FW during hw_restart (bsc#1202131). - iwlwifi: mvm: do not trust hardware queue number (bsc#1202131). - iwlwifi: mvm: drop too short packets silently (bsc#1202131). - iwlwifi: mvm: extend session protection on association (bsc#1202131). - iwlwifi: mvm: fix WGDS table print in iwl_mvm_chub_update_mcc() (bsc#1202131). - iwlwifi: mvm: fix a stray tab (bsc#1202131). - iwlwifi: mvm: fix condition which checks the version of rate_n_flags (bsc#1202131). - iwlwifi: mvm: fix delBA vs. NSSN queue sync race (bsc#1202131). - iwlwifi: mvm: fix ieee80211_get_he_iftype_cap() iftype (bsc#1202131). - iwlwifi: mvm: fix off by one in iwl_mvm_stat_iterator_all_macs() (bsc#1202131). - iwlwifi: mvm: fw: clean up hcmd struct creation (bsc#1202131). - iwlwifi: mvm: handle RX checksum on Bz devices (bsc#1202131). - iwlwifi: mvm: improve log when processing CSA (bsc#1202131). - iwlwifi: mvm: isolate offload assist (checksum) calculation (bsc#1202131). - iwlwifi: mvm: make iwl_mvm_reconfig_scd() static (bsc#1202131). - iwlwifi: mvm: offload channel switch timing to FW (bsc#1202131). - iwlwifi: mvm: only enable HE DCM if we also support TX (bsc#1202131). - iwlwifi: mvm: optionally suppress assert log (bsc#1202131). - iwlwifi: mvm: parse firmware alive message version 6 (bsc#1202131). - iwlwifi: mvm: read 6E enablement flags from DSM and pass to FW (bsc#1202131). - iwlwifi: mvm: reduce WARN_ON() in TX status path (bsc#1202131). - iwlwifi: mvm: refactor iwl_mvm_sta_rx_agg() (bsc#1202131). - iwlwifi: mvm: refactor setting PPE thresholds in STA_HE_CTXT_CMD (bsc#1202131). - iwlwifi: mvm: remove card state notification code (bsc#1202131). - iwlwifi: mvm: remove cipher scheme support (bsc#1202131). - iwlwifi: mvm: remove csi from iwl_mvm_pass_packet_to_mac80211() (bsc#1202131). - iwlwifi: mvm: remove iwl_mvm_disable_txq() flags argument (bsc#1202131). - iwlwifi: mvm: remove session protection after auth/assoc (bsc#1202131). - iwlwifi: mvm: remove session protection on disassoc (bsc#1202131). - iwlwifi: mvm: remove session protection upon station removal (bsc#1202131). - iwlwifi: mvm: rfi: handle deactivation notification (bsc#1202131). - iwlwifi: mvm: rfi: update rfi table (bsc#1202131). - iwlwifi: mvm: rfi: use kmemdup() to replace kzalloc + memcpy (bsc#1202131). - iwlwifi: mvm: scrub key material in firmware dumps (bsc#1202131). - iwlwifi: mvm: set BT-coex high priority for 802.1X/4-way-HS (bsc#1202131). - iwlwifi: mvm: set inactivity timeouts also for PS-poll (bsc#1202131). - iwlwifi: mvm: starting from 22000 we have 32 Rx AMPDU sessions (bsc#1202131). - iwlwifi: mvm: support Bz TX checksum offload (bsc#1202131). - iwlwifi: mvm: support RLC configuration command (bsc#1202131). - iwlwifi: mvm: support new BAID allocation command (bsc#1202131). - iwlwifi: mvm: support revision 1 of WTAS table (bsc#1202131). - iwlwifi: mvm: support v3 of station HE context command (bsc#1202131). - iwlwifi: mvm: update BAID allocation command again (bsc#1202131). - iwlwifi: mvm: update RFI TLV (bsc#1202131). - iwlwifi: mvm: update definitions due to new rate & flags (bsc#1202131). - iwlwifi: mvm: update rate scale in moving back to assoc state (bsc#1202131). - iwlwifi: mvm: use a define for checksum flags mask (bsc#1202131). - iwlwifi: mvm: use debug print instead of WARN_ON() (bsc#1202131). - iwlwifi: nvm: Correct HE capability (bsc#1202131). - iwlwifi: parse debug exclude data from firmware file (bsc#1202131). - iwlwifi: parse error tables from debug TLVs (bsc#1202131). - iwlwifi: pcie: Adapt rx queue write pointer for Bz family (bsc#1202131). - iwlwifi: pcie: add jacket bit to device configuration parsing (bsc#1202131). - iwlwifi: pcie: add support for MS devices (bsc#1202131). - iwlwifi: pcie: adjust to Bz completion descriptor (bsc#1202131). - iwlwifi: pcie: fix SW error MSI-X mapping (bsc#1202131). - iwlwifi: pcie: fix constant-conversion warning (bsc#1202131). - iwlwifi: pcie: fix killer name matching for AX200 (bsc#1202131). - iwlwifi: pcie: iwlwifi: fix device id 7F70 struct (bsc#1202131). - iwlwifi: pcie: make sure iwl_rx_packet_payload_len() will not underflow (bsc#1202131). - iwlwifi: pcie: refactor dev_info lookup (bsc#1202131). - iwlwifi: pcie: remove duplicate entry (bsc#1202131). - iwlwifi: pcie: remove two duplicate PNJ device entries (bsc#1202131). - iwlwifi: pcie: retake ownership after reset (bsc#1202131). - iwlwifi: pcie: simplify iwl_pci_find_dev_info() (bsc#1202131). - iwlwifi: pcie: support Bz suspend/resume trigger (bsc#1202131). - iwlwifi: pcie: try to grab NIC access early (bsc#1202131). - iwlwifi: pcie: update sw error interrupt for BZ family (bsc#1202131). - iwlwifi: pnvm: print out the version properly (bsc#1202131). - iwlwifi: prefer WIDE_ID() over iwl_cmd_id() (bsc#1202131). - iwlwifi: propagate (const) type qualifier (bsc#1202131). - iwlwifi: recognize missing PNVM data and then log filename (bsc#1202131). - iwlwifi: remove MODULE_AUTHOR() statements (bsc#1202131). - iwlwifi: remove command ID argument from queue allocation (bsc#1202131). - iwlwifi: remove contact information (bsc#1202131). - iwlwifi: remove deprecated broadcast filtering feature (bsc#1202131). - iwlwifi: remove redundant iwl_finish_nic_init() argument (bsc#1202131). - iwlwifi: remove unused DC2DC_CONFIG_CMD definitions (bsc#1202131). - iwlwifi: remove unused iwlax210_2ax_cfg_so_hr_a0 structure (bsc#1202131). - iwlwifi: remove unused macros (bsc#1202131). - iwlwifi: rename CHANNEL_SWITCH_NOA_NOTIF to CHANNEL_SWITCH_START_NOTIF (bsc#1202131). - iwlwifi: rename GEO_TX_POWER_LIMIT to PER_CHAIN_LIMIT_OFFSET_CMD (bsc#1202131). - iwlwifi: rs: add support for TLC config command ver 4 (bsc#1202131). - iwlwifi: scan: Modify return value of a function (bsc#1202131). - iwlwifi: support 4-bits in MAC step value (bsc#1202131). - iwlwifi: support SAR GEO Offset Mapping override via BIOS (bsc#1202131). - iwlwifi: support new queue allocation command (bsc#1202131). - iwlwifi: swap 1650i and 1650s killer struct names (bsc#1202131). - iwlwifi: tlc: Add logs in rs_fw_rate_init func to print TLC configuration (bsc#1202131). - iwlwifi: use 4k queue size for Bz A-step (bsc#1202131). - iwlwifi: yoyo: Avoid using dram data if allocation failed (bsc#1202131). - iwlwifi: yoyo: add IMR DRAM dump support (bsc#1202131). - iwlwifi: yoyo: disable IMR DRAM region if IMR is disabled (bsc#1202131). - iwlwifi: yoyo: dump IMR DRAM only for HW and FW error (bsc#1202131). - iwlwifi: yoyo: fix DBGC allocation flow (bsc#1202131). - iwlwifi: yoyo: fix DBGI_SRAM ini dump header (bsc#1202131). - iwlwifi: yoyo: fix issue with new DBGI_SRAM region read (bsc#1202131). - iwlwifi: yoyo: fw debug config from context info and preset (bsc#1202131). - iwlwifi: yoyo: send hcmd to fw after dump collection completes (bsc#1202131). - iwlwifi: yoyo: support TLV-based firmware reset (bsc#1202131). - iwlwifi: yoyo: support dump policy for the dump size (bsc#1202131). - iwlwifi: yoyo: support for DBGC4 for dram (bsc#1202131). - iwlwifi: yoyo: support for ROM usniffer (bsc#1202131). - jbd2: export jbd2_journal_[grab|put]_journal_head (bsc#1202775). - jbd2: fix assertion 'jh->b_frozen_data == NULL' failure when journal aborted (bsc#1202716). - jbd2: fix outstanding credits assert in jbd2_journal_commit_transaction() (bsc#1202715). - kABI: scsi: libiscsi: fix removal of iscsi_create_conn (bsc#1198410). - kabi/severities: Exclude ppc kvm - kabi/severities: add Qlogic qed symbols - kabi/severities: add drivers/scsi/hisi_sas for bsc#1202471 - kabi/severities: add hisilicon hns3 symbols - kabi/severities: add microchip dsa drivers - kabi/severities: ignore kABI changes in mwifiex drivers Those symbols are used only locally in mwifiex (sub-)modules. - kabi/severities: octeontx2 driver (jsc#SLE-24682) - kbuild: dummy-tools: avoid tmpdir leak in dummy gcc (git-fixes). - kbuild: fix the modules order between drivers and libs (git-fixes). - kbuild: link vmlinux only once for CONFIG_TRIM_UNUSED_KSYMS (2nd attempt) (git-fixes). - kcm: fix strp_init() order and cleanup (git-fies). - kernel-binary: move @NOSOURCE@ to @SOURCES@ as in other packages - kfifo: fix kfifo_to_user() return type (git-fixes). - kselftest/cgroup: fix test_stress.sh to use OUTPUT dir (git-fixes). - kselftest/vm: fix tests build with old libc (git-fixes). - kselftest: Fix vdso_test_abi return status (git-fixes). - kselftest: signal all child processes (git-fixes). - kvm: selftests: do not use bitfields larger than 32-bits for PTEs (git-fixes). - l3mdev: l3mdev_master_upper_ifindex_by_index_rcu should be using netdev_master_upper_dev_get_rcu (git-fixes). - landlock: Add clang-format exceptions (git-fixes). - landlock: Change landlock_add_rule(2) argument check ordering (git-fixes). - landlock: Change landlock_restrict_self(2) check ordering (git-fixes). - landlock: Create find_rule() from unmask_layers() (git-fixes). - landlock: Define access_mask_t to enforce a consistent access mask size (git-fixes). - landlock: Fix landlock_add_rule(2) documentation (git-fixes). - landlock: Fix same-layer rule unions (git-fixes). - landlock: Format with clang-format (git-fixes). - landlock: Reduce the maximum number of layers to 16 (git-fixes). - landlock: Use square brackets around 'landlock-ruleset' (git-fixes). - lib/list_debug.c: Detect uninitialized lists (git-fixes). - lib/raid6/test: fix multiple definition linking error (git-fixes). - lib/smp_processor_id: fix imbalanced instrumentation_end() call (git-fixes). - lkdtm: Disable return thunks in rodata.c (bsc#1190497). - lockdep: Correct lock_classes index mapping (git-fixes). - locking/lockdep: Avoid potential access of invalid memory in lock_class (git-fixes). - locking/lockdep: Fix lockdep_init_map_*() confusion (git-fixes). - locking/lockdep: Iterate lock_classes directly when reading lockdep files (git-fixes). - loop: Check for overflow while configuring loop (git-fies). - loop: Use pr_warn_once() for loop_control_remove() warning (git-fixes). - loop: use sysfs_emit() in the sysfs xxx show() (git-fixes). - mac80211: fix a memory leak where sta_info is not freed (git-fixes). - mac80211: introduce channel switch disconnect function (bsc#1202131). - macsec: always read MACSEC_SA_ATTR_PN as a u64 (git-fixes). - macsec: fix NULL deref in macsec_add_rxsa (git-fixes). - macsec: fix error message in macsec_add_rxsa and _txsa (git-fixes). - macsec: limit replay window size with XPN (git-fixes). - marvell: octeontx2: build error: unknown type name 'u64' (jsc#SLE-24682). - mbcache: add functions to delete entry if unused (bsc#1198971). - mbcache: do not reclaim used entries (bsc#1198971). - md/bitmap: do not set sb values if can't pass sanity check (bsc#1197158). - md/raid0: Ignore RAID0 layout if the second zone has only one device (git-fixes). - md/raid1: fix missing bitmap update w/o WriteMostly devices (bsc#1203036). - media: [PATCH] pci: atomisp_cmd: fix three missing checks on list iterator (git-fixes). - media: atmel: atmel-sama7g5-isc: fix warning in configs without OF (git-fixes). - media: cedrus: h265: Fix flag name (git-fixes). - media: cedrus: hevc: Add check for invalid timestamp (git-fixes). - media: driver/nxp/imx-jpeg: fix a unexpected return value problem (git-fixes). - media: hantro: postproc: Fix motion vector space size (git-fixes). - media: hdpvr: fix error value returns in hdpvr_read (git-fixes). - media: hevc: Embedded indexes in RPS (git-fixes). - media: imx-jpeg: Add pm-runtime support for imx-jpeg (git-fixes). - media: imx-jpeg: use NV12M to represent non contiguous NV12 (git-fixes). - media: pvrusb2: fix memory leak in pvr_probe (git-fixes). - media: tw686x: Fix memory leak in tw686x_video_init (git-fixes). - media: tw686x: Register the irq at the end of probe (git-fixes). - media: v4l2-mem2mem: prevent pollerr when last_buffer_dequeued is set (git-fixes). - mediatek: mt76: eeprom: fix missing of_node_put() in mt76_find_power_limits_node() (git-fixes). - mediatek: mt76: mac80211: Fix missing of_node_put() in mt76_led_init() (git-fixes). - memstick/ms_block: Fix a memory leak (git-fixes). - memstick/ms_block: Fix some incorrect memory allocation (git-fixes). - meson-mx-socinfo: Fix refcount leak in meson_mx_socinfo_init (git-fixes). - mfd: max77620: Fix refcount leak in max77620_initialise_fps (git-fixes). - mfd: t7l66xb: Drop platform disable callback (git-fixes). - minix: fix bug when opening a file with O_DIRECT (git-fixes). - misc: fastrpc: fix memory corruption on open (git-fixes). - misc: fastrpc: fix memory corruption on probe (git-fixes). - misc: rtsx: Fix an error handling path in rtsx_pci_probe() (git-fixes). - mkspec: eliminate @NOSOURCE@ macro This should be alsways used with @SOURCES@, just include the content there. - mm/rmap: Fix anon_vma->degree ambiguity leading to double-reuse (git-fixes). - mm: bdi: initialize bdi_min_ratio when bdi is unregistered (bsc#1197763). - mm: memcontrol: fix potential oom_lock recursion deadlock (bsc#1202447). - mm: pagewalk: Fix race between unmap and page walker (git-fixes, bsc#1203159). - mmc: block: Add single read for 4k sector cards (git-fixes). - mmc: cavium-octeon: Add of_node_put() when breaking out of loop (git-fixes). - mmc: cavium-thunderx: Add of_node_put() when breaking out of loop (git-fixes). - mmc: core: Fix UHS-I SD 1.8V workaround branch (git-fixes). - mmc: meson-gx: Fix an error handling path in meson_mmc_probe() (git-fixes). - mmc: mxcmmc: Silence a clang warning (git-fixes). - mmc: pxamci: Fix an error handling path in pxamci_probe() (git-fixes). - mmc: pxamci: Fix another error handling path in pxamci_probe() (git-fixes). - mmc: renesas_sdhi: Get the reset handle early in the probe (git-fixes). - mmc: sdhci-of-at91: fix set_uhs_signaling rewriting of MC1R (git-fixes). - mmc: sdhci-of-esdhc: Fix refcount leak in esdhc_signal_voltage_switch (git-fixes). - mmc: tmio: avoid glitches when resetting (git-fixes). - msft-hv-2570-hv_netvsc: Add support for XDP_REDIRECT (bsc#1199364). - mt76: mt7615: do not update pm stats in case of error (git-fixes). - mt76: mt76x02u: fix possible memory leak in __mt76x02u_mcu_send_msg (git-fixes). - mt76: mt7921: enlarge maximum VHT MPDU length to 11454 (git-fixes). - mt76: mt7921: fix aggregation subframes setting to HE max (git-fixes). - mtd: dataflash: Add SPI ID table (git-fixes). - mtd: maps: Fix refcount leak in ap_flash_init (git-fixes). - mtd: maps: Fix refcount leak in of_flash_probe_versatile (git-fixes). - mtd: parsers: ofpart: Fix refcount leak in bcm4908_partitions_fw_offset (git-fixes). - mtd: partitions: Fix refcount leak in parse_redboot_of (git-fixes). - mtd: rawnand: arasan: Fix clock rate in NV-DDR (git-fixes). - mtd: rawnand: arasan: Update NAND bus clock instead of system clock (git-fixes). - mtd: rawnand: gpmi: Set WAIT_FOR_READY timeout based on program/erase times (git-fixes). - mtd: rawnand: gpmi: validate controller clock rate (git-fixes). - mtd: rawnand: meson: Fix a potential double free issue (git-fixes). - mtd: sm_ftl: Fix deadlock caused by cancel_work_sync in sm_release (git-fixes). - mtd: spi-nor: fix spi_nor_spimem_setup_op() call in spi_nor_erase_{sector,chip}() (git-fixes). - mtd: st_spi_fsm: Add a clk_disable_unprepare() in .probe()'s error path (git-fixes). - musb: fix USB_MUSB_TUSB6010 dependency (git-fixes). - mwifiex: Ignore BTCOEX events from the 88W8897 firmware (git-fixes). - n_gsm: remove unused parameters from gsm_error() (git-fixes). - net: asix: fix 'can't send until first packet is send' issue (git-fixes). - net: bcmgenet: Use stronger register read/writes to assure ordering (git-fixes). - net: dsa: b53: Add SPI ID table (git-fixes). - net: dsa: felix: Fix memory leak in felix_setup_mmio_filtering (git-fixes). - net: dsa: felix: purge skb from TX timestamping queue if it cannot be sent (git-fies). - net: dsa: hellcreek: Add STP forwarding rule (git-fixes). - net: dsa: hellcreek: Add missing PTP via UDP rules (git-fixes). - net: dsa: hellcreek: Allow PTP P2P measurements on blocked ports (git-fixes). - net: dsa: hellcreek: Fix insertion of static FDB entries (git-fixes). - net: dsa: microchip: implement multi-bridge support (git-fixes). - net: dsa: mv88e6xxx: Add fix for erratum 5.2 of 88E6393X family (git-fixes). - net: dsa: mv88e6xxx: Drop unnecessary check in mv88e6393x_serdes_erratum_4_6() (git-fixes). - net: dsa: mv88e6xxx: Enable port policy support on 6097 (git-fixes). - net: dsa: mv88e6xxx: Fix application of erratum 4.8 for 88E6393X (git-fixes). - net: dsa: mv88e6xxx: Fix inband AN for 2500base-x on 88E6393X family (git-fixes). - net: dsa: mv88e6xxx: Link in pcs_get_state() if AN is bypassed (git-fixes). - net: dsa: mv88e6xxx: Save power by disabling SerDes trasmitter and receiver (git-fixes). - net: dsa: mv88e6xxx: Unforce speed & duplex in mac_link_down() (git-fixes). - net: dsa: mv88e6xxx: allow use of PHYs on CPU and DSA ports (git-fixes). - net: dsa: mv88e6xxx: error handling for serdes_power functions (git-fixes). - net: dsa: mv88e6xxx: fix 'do not use PHY_DETECT on internal PHY's' (git-fixes). - net: dsa: ocelot: seville: utilize of_mdiobus_register (git-fixes). - net: dsa: qca8k: fix MTU calculation (git-fixes). - net: dsa: seville: register the mdiobus under devres (git-fixes). - net: dsa: tag_ocelot_8021q: break circular dependency with ocelot switch lib (git-fies). - net: enetc: report software timestamping via SO_TIMESTAMPING (git-fixes). - net: hns3: clean residual vf config after disable sriov (git-fixes). - net: macsec: fix potential resource leak in macsec_add_rxsa() and macsec_add_txsa() (git-fixes). - net: marvell: prestera: fix incorrect structure access (git-fixes). - net: mscc: ocelot: correctly report the timestamping RX filters in ethtool (git-fixes). - net: mscc: ocelot: create a function that replaces an existing VCAP filter (git-fixes). - net: mscc: ocelot: do not dereference NULL pointers with shared tc filters (git-fixes). - net: mscc: ocelot: do not downgrade timestamping RX filters in SIOCSHWTSTAMP (git-fixes). - net: mscc: ocelot: fix incorrect balancing with down LAG ports (git-fixes). - net: mscc: ocelot: set up traps for PTP packets (git-fixes). - net: openvswitch: do not send internal clone attribute to the userspace (git-fixes). - net: openvswitch: fix leak of nested actions (git-fixes). - net: openvswitch: fix misuse of the cached connection on tuple changes (git-fixes). - net: openvswitch: fix parsing of nw_proto for IPv6 fragments (git-fixes). - net: phy: Do not WARN for PHY_READY state in mdio_bus_phy_resume() (git-fixes). - net: phy: Warn about incorrect mdio_bus_phy_resume() state (git-fixes). - net: phy: smsc: Disable Energy Detect Power-Down in interrupt mode (git-fixes). - net: ptp: add a definition for the UDP port for IEEE 1588 general messages (git-fixes). - net: rose: fix netdev reference changes (git-fixes). - net: sock: tracing: Fix sock_exceed_buf_limit not to dereference stale pointer (git-fixes). - net: stmmac: clean up impossible condition (git-fixes). - net: stmmac: disable Split Header (SPH) for Intel platforms (bsc#1194904). - net: stmmac: dwc-qos: Disable split header for Tegra194 (bsc#1194904). - net: stmmac: fix off-by-one error in sanity check (git-fixes). - net: usb: Correct PHY handling of smsc95xx (git-fixes). - net: usb: Correct reset handling of smsc95xx (git-fixes). - net: usb: ax88179_178a needs FLAG_SEND_ZLP (git-fixes). - net: usb: ax88179_178a: add Allied Telesis AT-UMCs (git-fixes). - net: usb: make USB_RTL8153_ECM non user configurable (git-fixes). - net: vmxnet3: fix possible NULL pointer dereference in vmxnet3_rq_cleanup() (bsc#1200431). - net: vmxnet3: fix possible use-after-free bugs in vmxnet3_rq_alloc_rx_buf() (bsc#1200431). - net: vmxnet3: remove multiple false checks in vmxnet3_ethtool.c (bsc#1200431). - net:enetc: allocate CBD ring data memory using DMA coherent methods (git-fixes). - net_sched: cls_route: disallow handle of 0 (bsc#1202393). - nfc: pn533: Fix use-after-free bugs caused by pn532_cmd_timeout (git-fixes). - nfsd: fix use-after-free due to delegation race (git-fixes). - nilfs2: fix incorrect masking of permission flags for symlinks (git-fixes). - nilfs2: fix lockdep warnings during disk space reclamation (git-fixes). - nilfs2: fix lockdep warnings in page operations for btree nodes (git-fixes). - nohz/full, sched/rt: Fix missed tick-reenabling bug in dequeue_task_rt() (bnc#1189999 (Scheduler functional and performance backports)). - nouveau/svm: Fix to migrate all requested pages (git-fixes). - nouveau: explicitly wait on the fence in nouveau_bo_move_m2mf (git-fies). - ntb_hw_amd: Add NTB PCI ID for new gen CPU (bsc#1202113). - nvme-auth: align to pre-upstream FFDHE implementation (bsc#1202265). - nvme-auth: retry command if DNR bit is not set (bsc#1201675). - nvme-fabrics: parse nvme connect Linux error codes (bsc#1201865). - nvme-rdma: Handle number of queue changes (bsc#1201865). - nvme-tcp: Handle number of queue changes (bsc#1201865). - nvme-tcp: fix UAF when detecting digest errors (bsc#1200313 bsc#1201489). - nvme: consider also host_iface when checking ip options (bsc#1199670). - nvme: fix RCU hole that allowed for endless looping in multipath round robin (bsc#1202636). - nvme: implement In-Band authentication (jsc#SLE-20183). - nvme: kabi fixes for in-band authentication (bsc#1199086). - nvmet-auth: expire authentication sessions (jsc#SLE-20183). - nvmet: Expose max queues to configfs (bsc#1201865). - nvmet: implement basic In-Band Authentication (jsc#SLE-20183). - ocfs2: dlmfs: fix error handling of user_dlm_destroy_lock (bsc#1202778). - ocfs2: fix a deadlock when commit trans (bsc#1202776). - octeontx2-af: Add KPU changes to parse NGIO as separate layer (jsc#SLE-24682). - octeontx2-af: Add PTP device id for CN10K and 95O silcons (jsc#SLE-24682). - octeontx2-af: Add SDP interface support (jsc#SLE-24682). - octeontx2-af: Add debug messages for failures (jsc#SLE-24682). - octeontx2-af: Add external ptp input clock (jsc#SLE-24682). - octeontx2-af: Add free rsrc count mbox msg (jsc#SLE-24682). - octeontx2-af: Add mbox to retrieve bandwidth profile free count (jsc#SLE-24682). - octeontx2-af: Add support to flush full CPT CTX cache (jsc#SLE-24682). - octeontx2-af: Adjust LA pointer for cpt parse header (jsc#SLE-24682). - octeontx2-af: Allocate low priority entries for PF (jsc#SLE-24682). - octeontx2-af: Allow to configure flow tag LSB byte as RSS adder (jsc#SLE-24682). - octeontx2-af: Change the order of queue work and interrupt disable (jsc#SLE-24682). - octeontx2-af: Do not enable Pause frames by default (jsc#SLE-24682). - octeontx2-af: Enable CPT HW interrupts (jsc#SLE-24682). - octeontx2-af: Enhance mailbox trace entry (jsc#SLE-24682). - octeontx2-af: Fix LBK backpressure id count (jsc#SLE-24682). - octeontx2-af: Fix inconsistent license text (jsc#SLE-24682). - octeontx2-af: Fix interrupt name strings (jsc#SLE-24682). - octeontx2-af: Fix spelling mistake 'Makesure' -> 'Make sure' (jsc#SLE-24682). - octeontx2-af: Fix uninitialized variable val (jsc#SLE-24682). - octeontx2-af: Flow control resource management (jsc#SLE-24682). - octeontx2-af: Handle return value in block reset (jsc#SLE-24682). - octeontx2-af: Hardware configuration for inline IPsec (jsc#SLE-24682). - octeontx2-af: Increase link credit restore polling timeout (jsc#SLE-24682). - octeontx2-af: Increase number of reserved entries in KPU (jsc#SLE-24682). - octeontx2-af: Increment ptp refcount before use (jsc#SLE-24682). - octeontx2-af: Limit KPU parsing for GTPU packets (jsc#SLE-24682). - octeontx2-af: Modify install flow error codes (jsc#SLE-24682). - octeontx2-af: Optimize KPU1 processing for variable-length headers (jsc#SLE-24682). - octeontx2-af: Perform cpt lf teardown in non FLR path (jsc#SLE-24682). - octeontx2-af: Priority flow control configuration support (jsc#SLE-24682). - octeontx2-af: Remove channel verification while installing MCAM rules (jsc#SLE-24682). - octeontx2-af: Remove redundant initialization of variable blkaddr (jsc#SLE-24682). - octeontx2-af: Remove redundant initialization of variable pin (jsc#SLE-24682). - octeontx2-af: Reset PTP config in FLR handler (jsc#SLE-24682). - octeontx2-af: Retry until RVU block reset complete (jsc#SLE-24682). - octeontx2-af: Use DMA_ATTR_FORCE_CONTIGUOUS attribute in DMA alloc (jsc#SLE-24682). - octeontx2-af: Use NDC TX for transmit packet data (jsc#SLE-24682). - octeontx2-af: Use ptp input clock info from firmware data (jsc#SLE-24682). - octeontx2-af: Wait for TX link idle for credits change (jsc#SLE-24682). - octeontx2-af: add proper return codes for AF mailbox handlers (jsc#SLE-24682). - octeontx2-af: cn10K: Get NPC counters value (jsc#SLE-24682). - octeontx2-af: cn10K: support for sched lmtst and other features (jsc#SLE-24682). - octeontx2-af: cn10k: DWRR MTU configuration (jsc#SLE-24682). - octeontx2-af: cn10k: RPM hardware timestamp configuration (jsc#SLE-24682). - octeontx2-af: cn10k: Set cache lines for NPA batch alloc (jsc#SLE-24682). - octeontx2-af: cn10k: Use appropriate register for LMAC enable (jsc#SLE-24682). - octeontx2-af: cn10k: add workaround for ptp errata (jsc#SLE-24682). - octeontx2-af: cn10k: debugfs for dumping LMTST map table (jsc#SLE-24682). - octeontx2-af: configure npc for cn10k to allow packets from cpt (jsc#SLE-24682). - octeontx2-af: debugfs: Add channel and channel mask (jsc#SLE-24682). - octeontx2-af: debugfs: Minor changes (jsc#SLE-24682). - octeontx2-af: debugfs: do not corrupt user memory (jsc#SLE-24682). - octeontx2-af: debugfs: fix error return of allocations (jsc#SLE-24682). - octeontx2-af: enable tx shaping feature for 96xx C0 (jsc#SLE-24682). - octeontx2-af: fix array bound error (jsc#SLE-24682). - octeontx2-af: fix error code in is_valid_offset() (jsc#SLE-24682). - octeontx2-af: initialize action variable (jsc#SLE-24682). - octeontx2-af: nix and lbk in loop mode in 98xx (jsc#SLE-24682). - octeontx2-af: remove redudant second error check on variable err (jsc#SLE-24682). - octeontx2-af: use swap() to make code cleaner (jsc#SLE-24682). - octeontx2-af: verify CQ context updates (jsc#SLE-24682). - octeontx2-nic: fix mixed module build (jsc#SLE-24682). - octeontx2-nicvf: Add PTP hardware clock support to NIX VF (jsc#SLE-24682). - octeontx2-nicvf: Free VF PTP resources (jsc#SLE-24682). - octeontx2-pf: Add TC feature for VFs (jsc#SLE-24682). - octeontx2-pf: Add XDP support to netdev PF (jsc#SLE-24682). - octeontx2-pf: Add check for non zero mcam flows (jsc#SLE-24682). - octeontx2-pf: Add support for adaptive interrupt coalescing (jsc#SLE-24682). - octeontx2-pf: Add vlan-etype to ntuple filters (jsc#SLE-24682). - octeontx2-pf: Allow VLAN priority also in ntuple filters (jsc#SLE-24682). - octeontx2-pf: CN10K: Hide RPM stats over ethtool (jsc#SLE-24682). - octeontx2-pf: Do not mask out supported link modes (jsc#SLE-24682). - octeontx2-pf: Enable NETIF_F_RXALL support for VF driver (jsc#SLE-24682). - octeontx2-pf: Fix inconsistent license text (jsc#SLE-24682). - octeontx2-pf: Ntuple filters support for VF netdev (jsc#SLE-24682). - octeontx2-pf: PFC config support with DCBx (jsc#SLE-24682). - octeontx2-pf: Remove unnecessary synchronize_irq() before free_irq() (jsc#SLE-24682). - octeontx2-pf: Simplify the receive buffer size calculation (jsc#SLE-24682). - octeontx2-pf: Sort the allocated MCAM entry indices (jsc#SLE-24682). - octeontx2-pf: Unify flow management variables (jsc#SLE-24682). - octeontx2-pf: Use hardware register for CQE count (jsc#SLE-24682). - octeontx2-pf: cn10K: Reserve LMTST lines per core (jsc#SLE-24682). - octeontx2-pf: cn10k: Config DWRR weight based on MTU (jsc#SLE-24682). - octeontx2-pf: cn10k: Ensure valid pointers are freed to aura (jsc#SLE-24682). - octeontx2-pf: cn10k: add support for new ptp timestamp format (jsc#SLE-24682). - octeontx2-pf: devlink params support to set mcam entry count (jsc#SLE-24682). - octeontx2-pf: replace bitmap_weight with bitmap_empty where appropriate (jsc#SLE-24682). - octeontx2-pf: select CONFIG_NET_DEVLINK (jsc#SLE-24682). - octeontx2-vf: Add support for adaptive interrupt coalescing (jsc#SLE-24682). - octeontx2: Move devlink registration to be last devlink command (jsc#SLE-24682). - openvswitch: Fix setting ipv6 fields causing hw csum failure (git-fixes). - openvswitch: Fixed nd target mask field in the flow dump (git-fixes). - openvswitch: always update flow key after nat (git-fixes). - optee: add error checks in optee_ffa_do_call_with_arg() (git-fixes). - perf bench futex: Fix memory leak of perf_cpu_map__new() (git-fixes). - phy: samsung: phy-exynos-pcie: sanitize init/power_on callbacks (git-fixes). - phy: stm32: fix error return in stm32_usbphyc_phy_init (git-fixes). - pinctrl: amd: Do not save/restore interrupt status and wake status bits (git-fixes). - pinctrl: armada-37xx: Convert to use dev_err_probe() (git-fixes). - pinctrl: armada-37xx: Make use of the devm_platform_ioremap_resource() (git-fixes). - pinctrl: armada-37xx: Use temporary variable for struct device (git-fixes). - pinctrl: intel: Check against matching data instead of ACPI companion (git-fixes). - pinctrl: nomadik: Fix refcount leak in nmk_pinctrl_dt_subnode_to_map (git-fixes). - pinctrl: qcom: msm8916: Allow CAMSS GP clocks to be muxed (git-fixes). - pinctrl: qcom: sm8250: Fix PDC map (git-fixes). - pinctrl: sunxi: Add I/O bias setting for H6 R-PIO (git-fixes). - platform/chrome: cros_ec: Always expose last resume result (git-fixes). - platform/chrome: cros_ec_proto: do not show MKBP version if unsupported (git-fixes). - platform/olpc: Fix uninitialized data in debugfs write (git-fixes). - platform/x86: pmc_atom: Fix SLP_TYPx bitfield mask (git-fixes). - platform/x86: pmc_atom: Match all Lex BayTrail boards with critclk_systems DMI table (git-fixes). - powerpc/perf: Optimize clearing the pending PMI and remove WARN_ON for PMI check in power_pmu_disable (bsc#1156395). - powerpc/powernv/kvm: Use darn for H_RANDOM on Power9 (bsc#1065729). - powerpc/powernv: Avoid crashing if rng is NULL (bsc#1065729). - powerpc/powernv: delay rng platform device creation until later in boot (bsc#1065729). - powerpc/powernv: rename remaining rng powernv_ functions to pnv_ (bsc#1065729). - powerpc/powernv: wire up rng during setup_arch (bsc#1065729). - powerpc/pseries: Interface to represent PAPR firmware attributes (bsc#1200465 ltc#197256 jsc#SLE-18130). - powerpc/pseries: Rename TYPE1_AFFINITY to FORM1_AFFINITY (bsc#1200465 ltc#197256 jsc#SLE-18130). - powerpc/pseries: rename min_common_depth to primary_domain_index (bsc#1200465 ltc#197256 jsc#SLE-18130). - powerpc/pseries: wire up rng during setup_arch() (bsc#1065729). - powerpc/xive: Fix refcount leak in xive_get_max_prio (git-fixess). - powerpc: Avoid discarding flags in system_call_exception() (bsc#1194869). - powerpc: Enable execve syscall exit tracepoint (bsc#1065729). - powerpc: powernv: kABI: add back powernv_get_random_long (bsc#1065729). - proc: fix a dentry lock race between release_task and lookup (git-fixes). - proc: fix dentry/inode overinstantiating under /proc/${pid}/net (git-fixes). - profiling: fix shift too large makes kernel panic (git-fixes). - pwm: lpc18xx-sct: Reduce number of devm memory allocations (git-fixes). - pwm: lpc18xx-sct: Simplify driver by not using pwm_[gs]et_chip_data() (git-fixes). - pwm: lpc18xx: Fix period handling (git-fixes). - qed: validate and restrict untrusted VFs vlan promisc mode (git-fixes). - r8152: fix the RX FIFO settings when suspending (git-fixes). - r8152: fix the units of some registers for RTL8156A (git-fixes). - random: remove useless header comment (git-fixes). - ratelimit: Fix data-races in ___ratelimit() (git-fixes). - regulator: of: Fix refcount leak bug in of_get_regulation_constraints() (git-fixes). - regulator: pca9450: Remove restrictions for regulator-name (git-fixes). - regulator: qcom_smd: Fix pm8916_pldo range (git-fixes). - remoteproc: imx_rproc: Fix refcount leak in imx_rproc_addr_init (git-fixes). - remoteproc: k3-r5: Fix refcount leak in k3_r5_cluster_of_init (git-fixes). - remoteproc: qcom: pas: Check if coredump is enabled (git-fixes). - remoteproc: qcom: pas: Mark devices as wakeup capable (git-fixes). - remoteproc: qcom: q6v5-mss: add powerdomains to MSM8996 config (git-fixes). - remoteproc: qcom: wcnss: Fix handling of IRQs (git-fixes). - remoteproc: sysmon: Wait for SSCTL service to come up (git-fixes). - rose: check NULL rose_loopback_neigh->loopback (git-fixes). - rpm/kernel-binary.spec.in: move vdso to a separate package (bsc#1202385) - rpmsg: char: Add mutex protection for rpmsg_eptdev_open() (git-fixes). - rpmsg: mtk_rpmsg: Fix circular locking dependency (git-fixes). - rpmsg: qcom_smd: Fix refcount leak in qcom_smd_parse_edge (git-fixes). - s390/cpumf: Handle events cycles and instructions identical (git-fixes). - s390/crash: fix incorrect number of bytes to copy to user space (git-fixes). - s390/crash: make copy_oldmem_page() return number of bytes copied (git-fixes). - s390/hugetlb: fix prepare_hugepage_range() check for 2 GB hugepages (git-fixes). - s390/hypfs: avoid error message under KVM (bsc#1032323). - s390/kexec: handle R_390_PLT32DBL rela in arch_kexec_apply_relocations_add() (git-fixes). - s390/mm: do not trigger write fault when vma does not allow VM_WRITE (git-fixes). - s390/mm: use non-quiescing sske for KVM switch to keyed guest (git-fixes). - s390/qeth: cache link_info for ethtool (bsc#1202262 LTC#199322). - s390/stp: clock_delta should be signed (git-fixes). - s390/zcore: fix race when reading from hardware system area (git-fixes). - samples/landlock: Add clang-format exceptions (git-fixes). - samples/landlock: Fix path_list memory leak (git-fixes). - samples/landlock: Format with clang-format (git-fixes). - sched/core: Always flush pending blk_plug (bnc#1189999 (Scheduler functional and performance backports)). - sched/deadline: Fix BUG_ON condition for deboosted tasks (git-fixes) - sched/fair: Fix cfs_rq_clock_pelt() for throttled cfs_rq (bnc#1189999 (Scheduler functional and performance backports)). - sched/fair: Fix cfs_rq_clock_pelt() for throttled cfs_rq -kabi (git fixes (sched/fair)). - sched/fair: Remove redundant word ' *' (bnc#1189999 (Scheduler functional and performance backports)). - sched/uclamp: Fix iowait boost escaping uclamp restriction (git-fixes) - sched/uclamp: Fix rq->uclamp_max not set on first enqueue (git-fixes) - sched: Allow newidle balancing to bail out of load_balance (bnc#1189999 (Scheduler functional and performance backports)). - sched: Fix the check of nr_running at queue wakelist (bnc#1189999 (Scheduler functional and performance backports)). - sched: Remove the limitation of WF_ON_CPU on wakelist if wakee cpu is idle (bnc#1189999 (Scheduler functional and performance backports)). Refresh - sched: Remove unused function group_first_cpu() (bnc#1189999 (Scheduler functional and performance backports)). - scripts/dtc: Call pkg-config POSIXly correct (git-fixes). - scripts/faddr2line: Fix vmlinux detection on arm64 (git-fixes). - scripts/gdb: change kernel config dumping method (git-fixes). - scripts: sphinx-pre-install: Fix ctex support on Debian (git-fixes). - scripts: sphinx-pre-install: add required ctex dependency (git-fixes). - scsi: hisi_sas: Keep controller active between ISR of phyup and the event being processed (bsc#1202471). - scsi: hisi_sas: Use autosuspend for the host controller (bsc#1202471). - scsi: libiscsi: Add iscsi_cls_conn to sysfs after initialization (bsc#1198410). - scsi: lpfc: Add warning notification period to CMF_SYNC_WQE (bsc#1203063). - scsi: lpfc: Check the return value of alloc_workqueue() (bsc#1203063). - scsi: lpfc: Copyright updates for 14.2.0.5 patches (bsc#1201956). - scsi: lpfc: Copyright updates for 14.2.0.6 patches (bsc#1203063). - scsi: lpfc: Fix attempted FA-PWWN usage after feature disable (bsc#1201956). - scsi: lpfc: Fix lost NVMe paths during LIF bounce stress test (bsc#1201956). - scsi: lpfc: Fix null ndlp ptr dereference in abnormal exit path for GFT_ID (bsc#1203063). - scsi: lpfc: Fix possible memory leak when failing to issue CMF WQE (bsc#1201956). - scsi: lpfc: Fix uninitialized cqe field in lpfc_nvme_cancel_iocb() (bsc#1201956). - scsi: lpfc: Fix unsolicited FLOGI receive handling during PT2PT discovery (bsc#1203063). - scsi: lpfc: Prevent buffer overflow crashes in debugfs with malformed user input (bsc#1201956). - scsi: lpfc: Refactor lpfc_nvmet_prep_abort_wqe() into lpfc_sli_prep_abort_xri() (bsc#1201956). - scsi: lpfc: Remove Menlo/Hornet related code (bsc#1201956). - scsi: lpfc: Remove SANDiags related code (bsc#1203063). - scsi: lpfc: Remove extra atomic_inc on cmd_pending in queuecommand after VMID (bsc#1201956). - scsi: lpfc: Revert RSCN_MEMENTO workaround for misbehaved configuration (bsc#1201956). - scsi: lpfc: Rework MIB Rx Monitor debug info logic (bsc#1203063). - scsi: lpfc: Set PU field when providing D_ID in XMIT_ELS_RSP64_CX iocb (bsc#1201956). - scsi: lpfc: Update lpfc version to 14.2.0.5 (bsc#1201956). - scsi: lpfc: Update lpfc version to 14.2.0.6 (bsc#1203063). - scsi: megaraid: Clear READ queue map's nr_queues (git-fixes). - scsi: mpt3sas: Stop fw fault watchdog work item during system shutdown (git-fixes). - scsi: qla2xxx: Check correct variable in qla24xx_async_gffid() (bsc#1201958). - scsi: qla2xxx: Fix discovery issues in FC-AL topology (bsc#1201958). - scsi: qla2xxx: Fix imbalance vha->vref_count (bsc#1201958). - scsi: qla2xxx: Fix incorrect display of max frame size (bsc#1201958). - scsi: qla2xxx: Fix response queue handler reading stale packets (bsc#1201958). - scsi: qla2xxx: Fix sparse warning for dport_data (bsc#1201958). - scsi: qla2xxx: Update manufacturer details (bsc#1201958). - scsi: qla2xxx: Update version to 10.02.07.800-k (bsc#1201958). - scsi: qla2xxx: Zero undefined mailbox IN registers (bsc#1201958). - scsi: qla2xxx: edif: Fix dropped IKE message (bsc#1201958). - scsi: sg: Allow waiting for commands to complete on removed device (git-fixes). - scsi: smartpqi: Fix DMA direction for RAID requests (git-fixes). - scsi: ufs: core: Fix another task management completion race (git-fixes). - scsi: ufs: core: Fix task management completion timeout race (git-fixes). - scsi: zfcp: Fix missing auto port scan and thus missing target ports (git-fixes). - seccomp: Invalidate seccomp mode to catch death failures (git-fixes). - selftest/net/forwarding: declare NETIFS p9 p10 (git-fixes). - selftest/powerpc: Add PAPR sysfs attributes sniff test (bsc#1200465 ltc#197256 jsc#SLE-18130). - selftest/vm: fix map_fixed_noreplace test failure (git-fixes). - selftest/vm: verify mmap addr in mremap_test (git-fixes). - selftest/vm: verify remap destination address in mremap_test (git-fixes). - selftests, x86: fix how check_cc.sh is being invoked (git-fixes). - selftests/exec: Add non-regular to TEST_GEN_PROGS (git-fixes). - selftests/exec: Remove pipe from TEST_GEN_FILES (git-fixes). - selftests/fib_tests: Rework fib_rp_filter_test() (git-fixes). - selftests/ftrace: Do not trace do_softirq because of PREEMPT_RT (git-fixes). - selftests/ftrace: make kprobe profile testcase description unique (git-fixes). - selftests/landlock: Add clang-format exceptions (git-fixes). - selftests/landlock: Add tests for O_PATH (git-fixes). - selftests/landlock: Add tests for unknown access rights (git-fixes). - selftests/landlock: Extend access right tests to directories (git-fixes). - selftests/landlock: Extend tests for minimal valid attribute size (git-fixes). - selftests/landlock: Format with clang-format (git-fixes). - selftests/landlock: Fully test file rename with 'remove' access (git-fixes). - selftests/landlock: Make tests build with old libc (git-fixes). - selftests/landlock: Normalize array assignment (git-fixes). - selftests/landlock: Test landlock_create_ruleset(2) argument check ordering (git-fixes). - selftests/memfd: clean up mapping in mfd_fail_write (git-fixes). - selftests/memfd: remove unused variable (git-fixes). - selftests/net: pass ipv6_args to udpgso_bench's IPv6 TCP test (git-fixes). - selftests/net: so_txtime: fix parsing of start time stamp on 32 bit systems (git-fixes). - selftests/net: so_txtime: usage(): fix documentation of default clock (git-fixes). - selftests/net: timestamping: Fix bind_phc check (git-fixes). - selftests/net: udpgso_bench_tx: fix dst ip argument (git-fixes). - selftests/powerpc/spectre_v2: Return skip code when miss_percent is high (git-fixes). - selftests/powerpc: Add a test of sigreturning to the kernel (git-fixes). - selftests/resctrl: Fix null pointer dereference on open failed (git-fixes). - selftests/rseq: Change type of rseq_offset to ptrdiff_t (git-fixes). - selftests/rseq: Fix ppc32 missing instruction selection 'u' and 'x' for load/store (git-fixes). - selftests/rseq: Fix ppc32 offsets by using long rather than off_t (git-fixes). - selftests/rseq: Fix ppc32: wrong rseq_cs 32-bit field pointer on big endian (git-fixes). - selftests/rseq: Fix warnings about #if checks of undefined tokens (git-fixes). - selftests/rseq: Fix: work-around asm goto compiler bugs (git-fixes). - selftests/rseq: Introduce rseq_get_abi() helper (git-fixes). - selftests/rseq: Introduce thread pointer getters (git-fixes). - selftests/rseq: Remove arm/mips asm goto compiler work-around (git-fixes). - selftests/rseq: Remove useless assignment to cpu variable (git-fixes). - selftests/rseq: Remove volatile from __rseq_abi (git-fixes). - selftests/rseq: Uplift rseq selftests for compatibility with glibc-2.35 (git-fixes). - selftests/rseq: introduce own copy of rseq uapi header (git-fixes). - selftests/rseq: remove ARRAY_SIZE define from individual tests (git-fixes). - selftests/rseq: x86-32: use %gs segment selector for accessing rseq thread area (git-fixes). - selftests/rseq: x86-64: use %fs segment selector for accessing rseq thread area (git-fixes). - selftests/seccomp: Do not call read() on TTY from background pgrp (git-fixes). - selftests/seccomp: Fix compile warning when CC=clang (git-fixes). - selftests/seccomp: Fix seccomp failure by adding missing headers (git-fixes). - selftests/sgx: Treat CC as one argument (git-fixes). - selftests/vm/transhuge-stress: fix ram size thinko (git-fixes). - selftests/vm: make charge_reserved_hugetlb.sh work with existing cgroup setting (git-fixes). - selftests/x86: Add validity check and allow field splitting (git-fixes). - selftests/zram01.sh: Fix compression ratio calculation (git-fixes). - selftests/zram: Adapt the situation that /dev/zram0 is being used (git-fixes). - selftests/zram: Skip max_comp_streams interface on newer kernel (git-fixes). - selftests: Add duplicate config only for MD5 VRF tests (git-fixes). - selftests: Fix IPv6 address bind tests (git-fixes). - selftests: Fix raw socket bind tests with VRF (git-fixes). - selftests: add ping test with ping_group_range tuned (git-fixes). - selftests: cgroup: Make cg_create() use 0755 for permission instead of 0644 (git-fixes). - selftests: cgroup: Test open-time cgroup namespace usage for migration checks (git-fixes). - selftests: cgroup: Test open-time credential usage for migration checks (git-fixes). - selftests: clone3: clone3: add case CLONE3_ARGS_NO_TEST (git-fixes). - selftests: fixup build warnings in pidfd / clone3 tests (git-fixes). - selftests: forwarding: fix error message in learning_test (git-fixes). - selftests: forwarding: fix flood_unicast_test when h2 supports IFF_UNICAST_FLT (git-fixes). - selftests: forwarding: fix learning_test when h1 supports IFF_UNICAST_FLT (git-fixes). - selftests: futex: Use variable MAKE instead of make (git-fixes). - selftests: gpio: fix gpio compiling error (git-fixes). - selftests: harness: avoid false negatives if test has no ASSERTs (git-fixes). - selftests: icmp_redirect: pass xfail=0 to log_test() (git-fixes). - selftests: kvm: set rax before vmcall (git-fixes). - selftests: mirror_gre_bridge_1q: Avoid changing PVID while interface is operational (git-fixes). - selftests: mlxsw: resource_scale: Fix return value (git-fixes). - selftests: mlxsw: tc_police_scale: Make test more robust (git-fixes). - selftests: mlxsw: vxlan_flooding: Prevent flooding of unwanted packets (git-fixes). - selftests: mptcp: add csum mib check for mptcp_connect (git-fixes). - selftests: mptcp: fix diag instability (git-fixes). - selftests: mptcp: fix ipv6 routing setup (git-fixes). - selftests: mptcp: more stable diag tests (git-fixes). - selftests: net: Correct case name (git-fixes). - selftests: net: Correct ping6 expected rc from 2 to 1 (git-fixes). - selftests: net: Fix a typo in udpgro_fwd.sh (git-fixes). - selftests: net: tls: remove unused variable and code (git-fixes). - selftests: net: udpgro_fwd.sh: explicitly checking the available ping feature (git-fixes). - selftests: net: using ping6 for IPv6 in udpgro_fwd.sh (git-fixes). - selftests: netfilter: add a vrf+conntrack testcase (git-fixes). - selftests: netfilter: correct PKTGEN_SCRIPT_PATHS in nft_concat_range.sh (git-fixes). - selftests: netfilter: disable rp_filter on router (git-fixes). - selftests: netfilter: fix exit value for nft_concat_range (git-fixes). - selftests: nft_concat_range: add test for reload with no element add/del (git-fixes). - selftests: ocelot: tc_flower_chains: specify conform-exceed action for policer (git-fixes). - selftests: openat2: Add missing dependency in Makefile (git-fixes). - selftests: openat2: Print also errno in failure messages (git-fixes). - selftests: openat2: Skip testcases that fail with EOPNOTSUPP (git-fixes). - selftests: pmtu.sh: Kill nettest processes launched in subshell (git-fixes). - selftests: pmtu.sh: Kill tcpdump processes launched by subshell (git-fixes). - selftests: rtc: Increase test timeout so that all tests run (git-fixes). - selftests: skip mincore.check_file_mmap when fs lacks needed support (git-fixes). - selftests: test_vxlan_under_vrf: Fix broken test case (git-fixes). - selftests: timers: clocksource-switch: fix passing errors from child (git-fixes). - selftests: timers: valid-adjtimex: build fix for newer toolchains (git-fixes). - selftests: vm: Makefile: rename TARGETS to VMTARGETS (git-fixes). - selftests: vm: fix clang build error multiple output files (git-fixes). - selftests: x86: fix [-Wstringop-overread] warn in test_process_vm_readv() (git-fixes). - selinux: Add boundary check in put_entry() (git-fixes). - selinux: access superblock_security_struct in LSM blob way (git-fixes). - selinux: check return value of sel_make_avc_files (git-fixes). - selinux: fix bad cleanup on error in hashtab_duplicate() (git-fixes). - selinux: fix double free of cond_list on error paths (git-fixes). - selinux: fix memleak in security_read_state_kernel() (git-fixes). - selinux: fix misuse of mutex_is_locked() (git-fixes). - selinux: use correct type for context length (git-fixes). - serial: 8250: Add proper clock handling for OxSemi PCIe devices (git-fixes). - serial: 8250: Export ICR access helpers for internal use (git-fixes). - serial: 8250: Fold EndRun device support into OxSemi Tornado code (git-fixes). - serial: 8250_bcm7271: Save/restore RTS in suspend/resume (git-fixes). - serial: 8250_dw: Store LSR into lsr_saved_flags in dw8250_tx_wait_empty() (git-fixes). - serial: 8250_fsl: Do not report FE, PE and OE twice (git-fixes). - serial: 8250_pci: Refactor the loop in pci_ite887x_init() (git-fixes). - serial: 8250_pci: Replace dev_*() by pci_*() macros (git-fixes). - serial: fsl_lpuart: RS485 RTS polariy is inverse (git-fixes). - serial: mvebu-uart: uart2 error bits clearing (git-fixes). - smsc95xx: Ignore -ENODEV errors when device is unplugged (git-fixes). - soc: amlogic: Fix refcount leak in meson-secure-pwrc.c (git-fixes). - soc: brcmstb: pm-arm: Fix refcount leak and __iomem leak bugs (git-fixes). - soc: fsl: guts: machine variable might be unset (git-fixes). - soc: fsl: select FSL_GUTS driver for DPIO (git-fixes). - soc: imx: gpcv2: Assert reset before ungating clock (git-fixes). - soc: qcom: Make QCOM_RPMPD depend on PM (git-fixes). - soc: qcom: aoss: Fix refcount leak in qmp_cooling_devices_register (git-fixes). - soc: qcom: ocmem: Fix refcount leak in of_get_ocmem (git-fixes). - soc: renesas: r8a779a0-sysc: Fix A2DP1 and A2CV[2357] PDR values (git-fixes). - soundwire: bus_type: fix remove and shutdown support (git-fixes). - soundwire: qcom: Check device status before reading devid (git-fixes). - soundwire: qcom: fix device status array range (git-fixes). - spi: Fix incorrect cs_setup delay handling (git-fixes). - spi: Fix simplification of devm_spi_register_controller (git-fixes). - spi: dt-bindings: cadence: add missing 'required' (git-fixes). - spi: dt-bindings: zynqmp-qspi: add missing 'required' (git-fixes). - spi: meson-spicc: add local pow2 clock ops to preserve rate between messages (git-fixes). - spi: spi-altera-dfl: Fix an error handling path (git-fixes). - spi: spi-rspi: Fix PIO fallback on RZ platforms (git-fixes). - spi: synquacer: Add missing clk_disable_unprepare() (git-fixes). - spi: tegra20-slink: fix UAF in tegra_slink_remove() (git-fixes). - spmi: trace: fix stack-out-of-bound access in SPMI tracing functions (git-fixes). - staging: rtl8192u: Fix sleep in atomic context bug in dm_fsync_timer_callback (git-fixes). - staging: rtl8712: fix use after free bugs (git-fixes). - tee: optee: do not check memref size on return from Secure World (git-fixes). - tee: tee_get_drvdata(): fix description of return value (git-fixes). - testing/selftests/mqueue: Fix mq_perf_tests to free the allocated cpu set (git-fixes). - testing: nvdimm: asm/mce.h is not needed in nfit.c (git-fixes). - testing: nvdimm: iomap: make __nfit_test_ioremap a macro (git-fixes). - tests: fix idmapped mount_setattr test (git-fixes). - thermal/int340x_thermal: handle data_vault when the value is ZERO_SIZE_PTR (bsc#1201308). - thermal/tools/tmon: Include pthread and time headers in tmon.h (git-fixes). - thermal: sysfs: Fix cooling_device_stats_setup() error code path (git-fixes). - thunderbolt: Use the actual buffer in tb_async_error() (git-fixes). - tools include UAPI: Sync sound/asound.h copy with the kernel sources (git-fixes). - tools/nolibc: fix incorrect truncation of exit code (git-fixes). - tools/nolibc: i386: fix initial stack alignment (git-fixes). - tools/nolibc: x86-64: Fix startup code bug (git-fixes). - tools/testing/scatterlist: add missing defines (git-fixes). - tools/thermal: Fix possible path truncations (git-fixes). - tpm: eventlog: Fix section mismatch for DEBUG_SECTION_MISMATCH (git-fixes). - trace/osnoise: Add migrate-disabled field to the osnoise header (git-fixes). - trace/timerlat: Add migrate-disabled field to the timerlat header (git-fixes). - tracing/histograms: Fix memory leak problem (git-fixes). - tracing/kprobes: Check whether get_kretprobe() returns NULL in kretprobe_dispatcher() (git-fixes). - tracing/probes: Have kprobes and uprobes use $COMM too (git-fixes). - tracing: Add ustring operation to filtering string pointers (git-fixes). - tracing: Fix sleeping while atomic in kdb ftdump (git-fixes). - tracing: Have filter accept 'common_cpu' to be consistent (git-fixes). - tracing: Use a struct alignof to determine trace event field alignment (git-fixes). - tty: 8250: Add support for Brainboxes PX cards (git-fixes). - tty: n_gsm: Delete gsm_disconnect when config requester (git-fixes). - tty: n_gsm: Delete gsmtty open SABM frame when config requester (git-fixes). - tty: n_gsm: Modify CR,PF bit printk info when config requester (git-fixes). - tty: n_gsm: Modify CR,PF bit when config requester (git-fixes). - tty: n_gsm: Modify cr bit value when config requester (git-fixes). - tty: n_gsm: Modify gsmtty driver register method when config requester (git-fixes). - tty: n_gsm: Save dlci address open status when config requester (git-fixes). - tty: n_gsm: add sanity check for gsm->receive in gsm_receive_buf() (git-fixes). - tty: n_gsm: avoid call of sleeping functions from atomic context (git-fixes). - tty: n_gsm: clean up dead code in gsm_queue() (git-fixes). - tty: n_gsm: clean up implicit CR bit encoding in address field (git-fixes). - tty: n_gsm: clean up indenting in gsm_queue() (git-fixes). - tty: n_gsm: fix DM command (git-fixes). - tty: n_gsm: fix broken virtual tty handling (git-fixes). - tty: n_gsm: fix buffer over-read in gsm_dlci_data() (git-fixes). - tty: n_gsm: fix deadlock and link starvation in outgoing data path (git-fixes). - tty: n_gsm: fix decoupled mux resource (git-fixes). - tty: n_gsm: fix encoding of command/response bit (git-fixes). - tty: n_gsm: fix flow control handling in tx path (git-fixes). - tty: n_gsm: fix frame reception handling (git-fixes). - tty: n_gsm: fix incorrect UA handling (git-fixes). - tty: n_gsm: fix insufficient txframe size (git-fixes). - tty: n_gsm: fix invalid gsmtty_write_room() result (git-fixes). - tty: n_gsm: fix invalid use of MSC in advanced option (git-fixes). - tty: n_gsm: fix malformed counter for out of frame data (git-fixes). - tty: n_gsm: fix missing corner cases in gsmld_poll() (git-fixes). - tty: n_gsm: fix missing explicit ldisc flush (git-fixes). - tty: n_gsm: fix missing mux reset on config change at responder (git-fixes). - tty: n_gsm: fix missing timer to handle stalled links (git-fixes). - tty: n_gsm: fix missing tty wakeup in convergence layer type 2 (git-fixes). - tty: n_gsm: fix missing update of modem controls after DLCI open (git-fixes). - tty: n_gsm: fix mux activation issues in gsm_config() (git-fixes). - tty: n_gsm: fix mux cleanup after unregister tty device (git-fixes). - tty: n_gsm: fix non flow control frames during mux flow off (git-fixes). - tty: n_gsm: fix packet re-transmission without open control channel (git-fixes). - tty: n_gsm: fix race condition in gsmld_write() (git-fixes). - tty: n_gsm: fix reset fifo race condition (git-fixes). - tty: n_gsm: fix resource allocation order in gsm_activate_mux() (git-fixes). - tty: n_gsm: fix restart handling via CLD command (git-fixes). - tty: n_gsm: fix software flow control handling (git-fixes). - tty: n_gsm: fix sometimes uninitialized warning in gsm_dlci_modem_output() (git-fixes). - tty: n_gsm: fix tty registration before control channel open (git-fixes). - tty: n_gsm: fix user open not possible at responder until initiator open (git-fixes). - tty: n_gsm: fix wrong DLCI release order (git-fixes). - tty: n_gsm: fix wrong T1 retry count handling (git-fixes). - tty: n_gsm: fix wrong command frame length field encoding (git-fixes). - tty: n_gsm: fix wrong command retry handling (git-fixes). - tty: n_gsm: fix wrong queuing behavior in gsm_dlci_data_output() (git-fixes). - tty: n_gsm: fix wrong signal octet encoding in convergence layer type 2 (git-fixes). - tty: n_gsm: fix wrong signal octets encoding in MSC (git-fixes). - tty: n_gsm: initialize more members at gsm_alloc_mux() (git-fixes). - tty: n_gsm: replace kicktimer with delayed_work (git-fixes). - tty: serial: Fix refcount leak bug in ucc_uart.c (git-fixes). - tty: serial: fsl_lpuart: correct the count of break characters (git-fixes). - tty: serial: lpuart: disable flow control while waiting for the transmit engine to complete (git-fixes). - tty: vt: initialize unicode screen buffer (git-fixes). - tun: avoid double free in tun_free_netdev (git-fixes). - tunnels: do not assume mac header is set in skb_tunnel_check_pmtu() (git-fixes). - tuntap: add sanity checks about msg_controllen in sendmsg (git-fixes). - uaccess: fix type mismatch warnings from access_ok() (git-fixes). - ucounts: Base set_cred_ucounts changes on the real user (git-fixes). - ucounts: Fix rlimit max values check (git-fixes). - ucounts: Fix systemd LimitNPROC with private users regression (git-fixes). - ucounts: Handle wrapping in is_ucounts_overlimit (git-fixes). - ucounts: In set_cred_ucounts assume new->ucounts is non-NULL (git-fixes). - udf: Fix crash after seekdir (bsc#1194592). - udmabuf: Set the DMA mask for the udmabuf device (v2) (git-fixes). - udmabuf: add back sanity check (git-fixes). - usb: aspeed-vhub: Fix refcount leak bug in ast_vhub_init_desc() (git-fixes). - usb: cdns3 fix use-after-free at workaround 2 (git-fixes). - usb: cdns3: Do not use priv_dev uninitialized in cdns3_gadget_ep_enable() (git-fixes). - usb: cdns3: change place of 'priv_ep' assignment in cdns3_gadget_ep_dequeue(), cdns3_gadget_ep_enable() (git-fixes). - usb: cdns3: fix incorrect handling TRB_SMM flag for ISOC transfer (git-fixes). - usb: cdns3: fix issue with rearming ISO OUT endpoint (git-fixes). - usb: cdns3: fix random warning message when driver load (git-fixes). - usb: dwc2: fix wrong order of phy_power_on and phy_init (git-fixes). - usb: dwc2: gadget: remove D+ pull-up while no vbus with usb-role-switch (git-fixes). - usb: dwc3: core: Deprecate GCTL.CORESOFTRESET (git-fixes). - usb: dwc3: core: Do not perform GCTL_CORE_SOFTRESET during bootup (git-fixes). - usb: dwc3: dwc3-qcom: Add missing platform_device_put() in dwc3_qcom_acpi_register_core (git-fixes). - usb: dwc3: dwc3-qcom: Fix typo in the dwc3 vbus override API (git-fixes). - usb: dwc3: gadget: Avoid duplicate requests to enable Run/Stop (git-fixes). - usb: dwc3: gadget: fix high speed multiplier setting (git-fixes). - usb: dwc3: gadget: refactor dwc3_repare_one_trb (git-fixes). - usb: dwc3: qcom: Add helper functions to enable,disable wake irqs (git-fixes). - usb: dwc3: qcom: fix missing optional irq warnings (git-fixes). - usb: dwc3: qcom: fix use-after-free on runtime-PM wakeup (git-fixes). - usb: gadget: f_uac2: clean up some inconsistent indenting (git-fixes). - usb: gadget: f_uac2: fix superspeed transfer (git-fixes). - usb: gadget: mass_storage: Fix cdrom data transfers on MAC-OS (git-fixes). - usb: gadget: tegra-xudc: Fix error check in tegra_xudc_powerdomain_init() (git-fixes). - usb: gadget: udc-xilinx: replace memcpy with memcpy_toio (git-fixes). - usb: gadget: udc: amd5536 depends on HAS_DMA (git-fixes). - usb: gadget: uvc: call uvc uvcg_warn on completed status instead of uvcg_info (git-fixes). - usb: host: Fix refcount leak in ehci_hcd_ppc_of_probe (git-fixes). - usb: host: ohci-ppc-of: Fix refcount leak bug (git-fixes). - usb: host: xhci: use snprintf() in xhci_decode_trb() (git-fixes). - usb: ohci-nxp: Fix refcount leak in ohci_hcd_nxp_probe (git-fixes). - usb: renesas: Fix refcount leak bug (git-fixes). - usb: typec: altmodes/displayport: correct pin assignment for UFP receptacles (git-fixes). - usb: typec: tcpm: Return ENOTSUPP for power supply prop writes (git-fixes). - usb: typec: ucsi: Acknowledge the GET_ERROR_STATUS command completion (git-fixes). - usb: xhci: tegra: Fix error check (git-fixes). - usbnet: Fix linkwatch use-after-free on disconnect (git-fixes). - usbnet: Run unregister_netdev() before unbind() again (git-fixes). - usbnet: smsc95xx: Avoid link settings race on interrupt reception (git-fixes). - usbnet: smsc95xx: Do not clear read-only PHY interrupt (git-fixes). - usbnet: smsc95xx: Fix deadlock on runtime resume (git-fixes). - usbnet: smsc95xx: Forward PHY interrupts to PHY driver to avoid polling (git-fixes). - userfaultfd/selftests: fix hugetlb area allocations (git-fixes). - vboxguest: Do not use devm for irq (git-fixes). - vdpa_sim: avoid putting an uninitialized iova_domain (git-fixes). - venus: pm_helpers: Fix warning in OPP during probe (git-fixes). - vfio/ccw: Do not change FSM state in subchannel event (git-fixes). - vfio/ccw: Remove UUID from s390 debug log (git-fixes). - vfio: Clear the caps->buf to NULL after free (git-fixes). - video: fbdev: amba-clcd: Fix refcount leak bugs (git-fixes). - video: fbdev: arkfb: Check the size of screen before memset_io() (git-fixes). - video: fbdev: arkfb: Fix a divide-by-zero bug in ark_set_pixclock() (git-fixes). - video: fbdev: i740fb: Check the argument of i740_calc_vclk() (git-fixes). - video: fbdev: s3fb: Check the size of screen before memset_io() (git-fixes). - video: fbdev: sis: fix typos in SiS_GetModeID() (git-fixes). - video: fbdev: vt8623fb: Check the size of screen before memset_io() (git-fixes). - virtio-gpu: fix a missing check to avoid NULL dereference (git-fixes). - virtio-net: fix the race between refill work and close (git-fixes). - virtio_net: fix memory leak inside XPD_TX with mergeable (git-fixes). - vmxnet3: Implement ethtool's get_channels command (bsc#1200431). - vmxnet3: Record queue number to incoming packets (bsc#1200431). - vmxnet3: Remove useless DMA-32 fallback configuration (bsc#1200431). - vmxnet3: add command to set ring buffer sizes (bsc#1200431). - vmxnet3: add support for capability registers (bsc#1200431). - vmxnet3: add support for large passthrough BAR register (bsc#1200431). - vmxnet3: add support for out of order rx completion (bsc#1200431). - vmxnet3: disable overlay offloads if UPT device does not support (bsc#1200431). - vmxnet3: do not reschedule napi for rx processing (bsc#1200431). - vmxnet3: limit number of TXDs used for TSO packet (bsc#1200431). - vmxnet3: prepare for version 7 changes (bsc#1200431). - vmxnet3: switch from 'pci_' to 'dma_' API (bsc#1200431). - vmxnet3: update to version 7 (bsc#1200431). - vmxnet3: use ext1 field to indicate encapsulated packet (bsc#1200431). - vrf: do not run conntrack on vrf with !dflt qdisc (git-fixes). - vsock/virtio: enable VQs early on probe (git-fixes). - vsock/virtio: initialize vdev->priv before using VQs (git-fixes). - vsock/virtio: read the negotiated features before using VQs (git-fixes). - vsock: Fix memory leak in vsock_connect() (git-fixes). - vsock: Set socket state back to SS_UNCONNECTED in vsock_connect_timeout() (git-fixes). - vsock: remove vsock from connected table when connect is interrupted by a signal (git-fixes). - watch-queue: remove spurious double semicolon (git-fixes). - watch_queue: Fix missing locking in add_watch_to_object() (git-fixes). - watch_queue: Fix missing rcu annotation (git-fixes). - watchdog: armada_37xx_wdt: check the return value of devm_ioremap() in armada_37xx_wdt_probe() (git-fixes). - watchdog: sp5100_tco: Fix a memory leak of EFCH MMIO resource (git-fixes). - watchqueue: make sure to serialize 'wqueue->defunct' properly (git-fixes). - wifi: cfg80211: debugfs: fix return type in ht40allow_map_read() (git-fixes). - wifi: iwlegacy: 4965: fix potential off-by-one overflow in il4965_rs_fill_link_cmd() (git-fixes). - wifi: iwlwifi: mvm: fix double list_add at iwl_mvm_mac_wake_tx_queue (git-fixes). - wifi: libertas: Fix possible refcount leak in if_usb_probe() (git-fixes). - wifi: mac80211: Do not finalize CSA in IBSS mode if state is disconnected (git-fixes). - wifi: mac80211: limit A-MSDU subframes for client too (git-fixes). - wifi: mac80211_hwsim: add back erroneously removed cast (git-fixes). - wifi: mac80211_hwsim: fix race condition in pending packet (git-fixes). - wifi: mac80211_hwsim: use 32-bit skb cookie (git-fixes). - wifi: p54: Fix an error handling path in p54spi_probe() (git-fixes). - wifi: p54: add missing parentheses in p54_flush() (git-fixes). - wifi: rtlwifi: fix error codes in rtl_debugfs_set_write_h2c() (git-fixes). - wifi: rtlwifi: remove always-true condition pointed out by GCC 12 (git-fies). - wifi: rtw88: check the return value of alloc_workqueue() (git-fixes). - wifi: rtw89: 8852a: rfk: fix div 0 exception (git-fixes). - wifi: wil6210: debugfs: fix info leak in wil_write_file_wmi() (git-fixes). - wifi: wil6210: debugfs: fix uninitialized variable use in `wil_write_file_wmi()` (git-fixes). - wireguard: device: check for metadata_dst with skb_valid_dst() (git-fixes). - wireless: Remove redundant 'flush_workqueue()' calls (bsc#1202131). - x86/Hyper-V: Add SEV negotiate protocol support in Isolation VM (bsc#1190497). - x86/olpc: fix 'logical not is only applied to the left hand side' (git-fixes). - x86/retbleed: Add fine grained Kconfig knobs (bsc#1190497). - x86/sev: Define the Linux-specific guest termination reasons (bsc#1190497). - x86/sev: Save the negotiated GHCB version (bsc#1190497). - xen/gntdev: fix unmap notification order (git-fixes). - xen/privcmd: fix error exit of privcmd_ioctl_dm_op() (git-fixes). - xen/xenbus: fix return type in xenbus_file_read() (git-fixes). - xen: detect uninitialized xenbus in xenbus_init (git-fixes). - xen: do not continue xenstore initialization in case of errors (git-fixes). - xfs: Fix the free logic of state in xfs_attr_node_hasname (git-fixes). - xfs: check sb_meta_uuid for dabuf buffer recovery (git-fixes). - xfs: fix soft lockup via spinning in filestream ag selection loop (git-fixes). - xfs: fix use-after-free in xattr node block inactivation (git-fixes). - xfs: fold perag loop iteration logic into helper function (git-fixes). - xfs: make xfs_rtalloc_query_range input parameters const (git-fixes). - xfs: only bother with sync_filesystem during readonly remount (git-fixes). - xfs: prevent UAF in xfs_log_item_in_current_chkpt (git-fixes). - xfs: prevent a UAF when log IO errors race with unmount (git-fixes). - xfs: remove incorrect ASSERT in xfs_rename (git-fixes). - xfs: rename the next_agno perag iteration variable (git-fixes). - xfs: reorder iunlink remove operation in xfs_ifree (git-fixes). - xfs: revert 'xfs: actually bump warning counts when we send warnings' (git-fixes). - xfs: terminate perag iteration reliably on agcount (git-fixes). - xfs: use invalidate_lock to check the state of mmap_lock (git-fixes). - xfs: use kmem_cache_free() for kmem_cache objects (git-fixes). - xfs: use setattr_copy to set vfs inode attributes (git-fixes). - xhci: Set HCD flag to defer primary roothub registration (git-fixes). - xhci: dbc: Rename xhci_dbc_init and xhci_dbc_exit (git-fixes). - xhci: dbc: create and remove dbc structure in dbgtty driver (git-fixes). - xhci: dbc: refactor xhci_dbc_init() (git-fixes). - xprtrdma: fix pointer derefs in error cases of rpcrdma_ep_create (git-fixes). - xprtrdma: treat all calls not a bcall when bc_serv is NULL (git-fixes). - zonefs: Clear inode information flags on inode creation (git-fixes). - zonefs: Fix management of open zones (git-fixes). - zonefs: add MODULE_ALIAS_FS (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3304-1 Released: Mon Sep 19 11:43:25 2022 Summary: Recommended update for libassuan Type: recommended Severity: moderate References: This update for libassuan fixes the following issues: - Add a timeout for writing to a SOCKS5 proxy - Add workaround for a problem with LD_LIBRARY_PATH on newer systems - Fix issue in the logging code - Fix some build trivialities - Upgrade autoconf ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3305-1 Released: Mon Sep 19 11:45:57 2022 Summary: Security update for libtirpc Type: security Severity: important References: 1201680,CVE-2021-46828 This update for libtirpc fixes the following issues: - CVE-2021-46828: Fixed denial of service vulnerability with lots of connections (bsc#1201680). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3307-1 Released: Mon Sep 19 13:26:51 2022 Summary: Security update for sqlite3 Type: security Severity: moderate References: 1189802,1195773,1201783,CVE-2021-36690,CVE-2022-35737 This update for sqlite3 fixes the following issues: - CVE-2022-35737: Fixed an array-bounds overflow if billions of bytes are used in a string argument to a C API (bnc#1201783). - CVE-2021-36690: Fixed an issue with the SQLite Expert extension when a column has no collating sequence (bsc#1189802). - Package the Tcl bindings here again so that we only ship one copy of SQLite (bsc#1195773). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3316-1 Released: Tue Sep 20 11:12:14 2022 Summary: Recommended update for gnutls Type: recommended Severity: moderate References: 1190698,1191021,1202146 This update for gnutls fixes the following issues: - FIPS: Zeroize the calculated hmac and new_hmac in the check_binary_integrity() function. [bsc#1191021] - FIPS: Additional modifications to the SLI. [bsc#1190698] * Mark CMAC and GMAC and non-approved in gnutls_pbkfd2(). * Mark HMAC keylength less than 112 bits as non-approved in gnutls_pbkfd2(). - FIPS: Port GnuTLS to use jitterentropy [bsc#1202146, jsc#SLE-24941] * Add new dependency on jitterentropy ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3327-1 Released: Wed Sep 21 12:47:17 2022 Summary: Security update for oniguruma Type: security Severity: important References: 1142847,1150130,1157805,1164550,1164569,1177179,CVE-2019-13224,CVE-2019-16163,CVE-2019-19203,CVE-2019-19204,CVE-2019-19246,CVE-2020-26159 This update for oniguruma fixes the following issues: - CVE-2019-19246: Fixed an out of bounds access during regular expression matching (bsc#1157805). - CVE-2019-19204: Fixed an out of bounds access when compiling a crafted regular expression (bsc#1164569). - CVE-2019-19203: Fixed an out of bounds access when performing a string search (bsc#1164550). - CVE-2019-16163: Fixed an uncontrolled recursion issue when compiling a crafted regular expression, which could lead to denial of service (bsc#1150130). - CVE-2020-26159: Fixed an off-by-one buffer overflow (bsc#1177179). - CVE-2019-13224: Fixed a potential use-after-free when handling multiple different encodings (bsc#1142847). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3328-1 Released: Wed Sep 21 12:48:56 2022 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: 1202870 This update for jitterentropy fixes the following issues: - Hide the non-GNUC constructs that are library internal from the exported header, to make it usable in builds with strict C99 compliance. (bsc#1202870) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3353-1 Released: Fri Sep 23 15:23:40 2022 Summary: Security update for permissions Type: security Severity: moderate References: 1203018,CVE-2022-31252 This update for permissions fixes the following issues: - CVE-2022-31252: Fixed chkstat group controlled paths (bsc#1203018). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3388-1 Released: Mon Sep 26 12:51:36 2022 Summary: Recommended update for google-guest-agent, google-guest-oslogin, google-osconfig-agent Type: recommended Severity: moderate References: 1191036,1194319,1195391,1202100,1202101,1202826 This update for google-guest-agent, google-guest-oslogin, google-osconfig-agent fixes the following issues: - Update to version 20220713.00 (bsc#1202100, bsc#1202101) - Use pam_moduledir (bsc#1191036) - Use install command in %post section to create state file (bsc#1202826) - Avoid bashim in post install scripts (bsc#1195391) - Don't restart daemon on package upgrade, create a state file instead (bsc#1194319) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3395-1 Released: Mon Sep 26 16:35:18 2022 Summary: Recommended update for ca-certificates-mozilla Type: recommended Severity: moderate References: 1181994,1188006,1199079,1202868 This update for ca-certificates-mozilla fixes the following issues: Updated to 2.56 state of Mozilla SSL root CAs (bsc#1202868) - Added: - Certainly Root E1 - Certainly Root R1 - DigiCert SMIME ECC P384 Root G5 - DigiCert SMIME RSA4096 Root G5 - DigiCert TLS ECC P384 Root G5 - DigiCert TLS RSA4096 Root G5 - E-Tugra Global Root CA ECC v3 - E-Tugra Global Root CA RSA v3 - Removed: - Hellenic Academic and Research Institutions RootCA 2011 Updated to 2.54 state of Mozilla SSL root CAs (bsc#1199079) - Added: - Autoridad de Certificacion Firmaprofesional CIF A62634068 - D-TRUST BR Root CA 1 2020 - D-TRUST EV Root CA 1 2020 - GlobalSign ECC Root CA R4 - GTS Root R1 - GTS Root R2 - GTS Root R3 - GTS Root R4 - HiPKI Root CA - G1 - ISRG Root X2 - Telia Root CA v2 - vTrus ECC Root CA - vTrus Root CA - Removed: - Cybertrust Global Root - DST Root CA X3 - DigiNotar PKIoverheid CA Organisatie - G2 - GlobalSign ECC Root CA R4 - GlobalSign Root CA R2 - GTS Root R1 - GTS Root R2 - GTS Root R3 - GTS Root R4 Updated to 2.50 state of the Mozilla NSS Certificate store (bsc#1188006) - Added: - HARICA Client ECC Root CA 2021 - HARICA Client RSA Root CA 2021 - HARICA TLS ECC Root CA 2021 - HARICA TLS RSA Root CA 2021 - TunTrust Root CA Updated to 2.46 state of the Mozilla NSS Certificate store (bsc#1181994) - Added new root CAs: - NAVER Global Root Certification Authority - Removed old root CAs: - GeoTrust Global CA - GeoTrust Primary Certification Authority - GeoTrust Primary Certification Authority - G3 - GeoTrust Universal CA - GeoTrust Universal CA 2 - thawte Primary Root CA - thawte Primary Root CA - G2 - thawte Primary Root CA - G3 - VeriSign Class 3 Public Primary Certification Authority - G4 - VeriSign Class 3 Public Primary Certification Authority - G5 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3435-1 Released: Tue Sep 27 14:55:38 2022 Summary: Recommended update for runc Type: recommended Severity: important References: 1202821 This update for runc fixes the following issues: - Fix mounting via wrong proc fd. When the user and mount namespaces are used, and the bind mount is followed by the cgroup mount in the spec, the cgroup was mounted using the bind mount's mount fd. - Fix 'permission denied' error from runc run on noexec fs - Fix regression causing a failed 'exec' error after systemctl daemon-reload (bsc#1202821) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3449-1 Released: Tue Sep 27 20:12:03 2022 Summary: Recommended update for perl-Bootloader Type: recommended Severity: moderate References: 1198197,1198828 This update for perl-Bootloader fixes the following issues: - Fix sysconfig parsing (bsc#1198828) - grub2/install: Reset error code when passing through recover code. (bsc#1198197) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3452-1 Released: Wed Sep 28 12:13:43 2022 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1201942 This update for glibc fixes the following issues: - Reversing calculation of __x86_shared_non_temporal_threshold (bsc#1201942) - powerpc: Optimized memcmp for power10 (jsc#PED-987) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3489-1 Released: Sat Oct 1 13:35:24 2022 Summary: Security update for expat Type: security Severity: important References: 1203438,CVE-2022-40674 This update for expat fixes the following issues: - CVE-2022-40674: Fixed use-after-free in the doContent function in xmlparse.c (bsc#1203438). ----------------------------------------------------------------- Advisory ID: SUSE-feature-2022:3520-1 Released: Tue Oct 4 14:18:34 2022 Summary: Feature update for dmidecode Type: feature Severity: moderate References: This feature update for dmidecode fixes the following issues: Update dmidecode from version 3.2 to version 3.4 (jsc#SLE-24502, jsc#SLE-24591, jsc#PED-411): - Add bios-revision, firmware-revision and system-sku-number to `-s` option - Decode HPE OEM records 194, 199, 203, 236, 237, 238 ans 240 - Decode system slot base bus width and peers - Document how the UUID fields are interpreted - Don't display the raw CPU ID in quiet mode - Don't use memcpy on /dev/mem on arm64 - Fix OEM vendor name matching - Fix small typo in NEWS file - Improve the formatting of the manual pages - Present HPE type 240 attributes as a proper list instead of packing them on a single line. This makes it more readable overall, and will also scale better if the number of attributes increases - Skip details of uninstalled memory modules - Support for SMBIOS 3.4.0. This includes new memory device types, new processor upgrades, new slot types and characteristics, decoding of memor module extended speed, new system slot types, new processor characteristic and new format of Processor ID - Support for SMBIOS 3.5.0. This includes new processor upgrades, BIOS characteristics, new slot characteristics, new on-board device types, new pointing device interface types, and a new record type (type 45 - Firmware Inventory Information) - Use the most appropriate unit for cache size ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3521-1 Released: Tue Oct 4 14:18:56 2022 Summary: Recommended update for lvm2 Type: recommended Severity: critical References: 1198523 This update for lvm2 fixes the following issues: - Add additional check in the package to prevent removal of device-mapper library files during install (bsc#1198523) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3525-1 Released: Wed Oct 5 12:17:14 2022 Summary: Security update for cifs-utils Type: security Severity: moderate References: 1198976,CVE-2022-29869 This update for cifs-utils fixes the following issues: - Fix changelog to include Bugzilla and CVE tracker id numbers missing from previous update ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3544-1 Released: Thu Oct 6 13:48:42 2022 Summary: Security update for python3 Type: security Severity: important References: 1202624,CVE-2021-28861 This update for python3 fixes the following issues: - CVE-2021-28861: Fixed an open redirection vulnerability in the HTTP server when an URI path starts with // (bsc#1202624). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3551-1 Released: Fri Oct 7 17:03:55 2022 Summary: Recommended update for libgcrypt Type: recommended Severity: moderate References: 1182983,1190700,1191020,1202117 This update for libgcrypt fixes the following issues: - FIPS: Fixed gpg/gpg2 gets out of core handler in FIPS mode while typing Tab key to Auto-Completion. [bsc#1182983] - FIPS: Ported libgcrypt to use jitterentropy [bsc#1202117, jsc#SLE-24941] * Enable the jitter based entropy generator by default in random.conf * Update the internal jitterentropy to version 3.4.0 - FIPS: Get most of the entropy from rndjent_poll [bsc#1202117] - FIPS: Check keylength in gcry_fips_indicator_kdf() [bsc#1190700] * Consider approved keylength greater or equal to 112 bits. - FIPS: Zeroize buffer and digest in check_binary_integrity() [bsc#1191020] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3555-1 Released: Mon Oct 10 14:05:12 2022 Summary: Recommended update for aaa_base Type: recommended Severity: important References: 1199492 This update for aaa_base fixes the following issues: - The wrapper rootsh is not a restricted shell. (bsc#1199492) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3564-1 Released: Tue Oct 11 16:15:57 2022 Summary: Recommended update for libzypp, zypper Type: recommended Severity: critical References: 1189282,1201972,1203649 This update for libzypp, zypper fixes the following issues: libzypp: - Enable 'zck' support for SUSE Linux Enterprise 15 Service Pack 4 and newer (bsc#1189282) - Fix regression leading to `-allow-vendor-change` and `no-allow-vendor-change` options being ignored (bsc#1201972) - Remove migration code that is no longer needed (bsc#1203649) - Store logrotate files in vendor specif directory '/usr/etc/logrotate.d' if so defined zypper: - Fix contradiction in the man page: `--download-in-advance` option is the default behavior - Fix regression leading to `-allow-vendor-change` and `no-allow-vendor-change` options being ignored (bsc#1201972) - Fix tests to use locale 'C.UTF-8' rather than 'en_US' - Make sure 'up' respects solver related CLI options (bsc#1201972) - Remove unneeded code to compute the PPP status because it is now auto established - Store logrotate files in vendor specif directory '/usr/etc/logrotate.d' if so defined The following package changes have been done: - aaa_base-84.87+git20180409.04c9dae-150300.10.3.1 updated - audit-3.0.6-150400.4.3.1 updated - ca-certificates-mozilla-2.56-150200.24.1 updated - cifs-utils-6.15-150400.3.9.1 updated - cups-config-2.2.7-150000.3.35.1 updated - curl-7.79.1-150400.5.6.1 updated - dmidecode-3.4-150400.16.3.1 updated - dracut-mkinitrd-deprecated-055+suse.294.gc5bc4bb5-150400.3.8.1 updated - dracut-055+suse.294.gc5bc4bb5-150400.3.8.1 updated - elfutils-0.185-150400.5.3.1 updated - glibc-locale-base-2.31-150300.41.1 updated - glibc-locale-2.31-150300.41.1 updated - glibc-2.31-150300.41.1 updated - google-guest-agent-20220713.00-150000.1.29.1 updated - google-guest-oslogin-20220721.00-150000.1.30.1 updated - google-osconfig-agent-20220801.00-150000.1.22.1 updated - hwinfo-21.83-150400.3.6.1 updated - kernel-default-5.14.21-150400.24.21.2 updated - libasm1-0.185-150400.5.3.1 updated - libassuan0-2.5.5-150000.4.3.1 updated - libblkid1-2.37.2-150400.8.3.1 updated - libcups2-2.2.7-150000.3.35.1 updated - libcurl4-7.79.1-150400.5.6.1 updated - libdevmapper1_03-1.02.163-150400.178.1 updated - libdw1-0.185-150400.5.3.1 updated - libelf1-0.185-150400.5.3.1 updated - libexpat1-2.4.4-150400.3.9.1 updated - libfdisk1-2.37.2-150400.8.3.1 updated - libfreetype6-2.10.4-150000.4.12.1 updated - libgcc_s1-11.3.0+git1637-150000.1.11.2 updated - libgcrypt20-1.9.4-150400.6.5.1 updated - libgnutls30-3.7.3-150400.4.13.1 updated - libjitterentropy3-3.4.0-150000.1.6.1 added - libldap-2_4-2-2.4.46-150200.14.11.2 updated - libldap-data-2.4.46-150200.14.11.2 updated - libmount1-2.37.2-150400.8.3.1 updated - libonig4-6.7.0-150000.3.3.1 updated - libopeniscsiusr0_2_0-2.1.7-150400.39.8.1 updated - libprocps7-3.3.15-150000.7.25.1 updated - libpython3_6m1_0-3.6.15-150300.10.30.1 updated - libsmartcols1-2.37.2-150400.8.3.1 updated - libsqlite3-0-3.39.3-150000.3.17.1 updated - libstdc++6-11.3.0+git1637-150000.1.11.2 updated - libsystemd0-249.12-150400.8.10.1 updated - libtirpc-netconfig-1.2.6-150300.3.14.1 updated - libtirpc3-1.2.6-150300.3.14.1 updated - libudev1-249.12-150400.8.10.1 updated - libuuid1-2.37.2-150400.8.3.1 updated - libyajl2-2.1.0-150000.4.3.1 updated - libz1-1.2.11-150000.3.33.1 updated - libzck1-1.1.16-150400.1.10 added - libzypp-17.31.2-150400.3.9.1 updated - open-iscsi-2.1.7-150400.39.8.1 updated - perl-Bootloader-0.939-150400.3.3.1 updated - perl-base-5.26.1-150300.17.11.1 updated - perl-5.26.1-150300.17.11.1 updated - permissions-20201225-150400.5.11.1 updated - procps-3.3.15-150000.7.25.1 updated - python3-base-3.6.15-150300.10.30.1 updated - python3-3.6.15-150300.10.30.1 updated - rpm-ndb-4.14.3-150300.49.1 updated - rsyslog-8.2106.0-150400.5.6.1 updated - runc-1.1.4-150000.33.4 updated - samba-client-libs-4.15.8+git.527.8d0c05d313e-150400.3.14.1 updated - sysconfig-netconfig-0.85.9-150200.12.1 updated - sysconfig-0.85.9-150200.12.1 updated - system-group-audit-3.0.6-150400.4.3.1 updated - systemd-presets-common-SUSE-15-150100.8.17.1 updated - systemd-sysvinit-249.12-150400.8.10.1 updated - systemd-249.12-150400.8.10.1 updated - timezone-2022a-150000.75.10.1 updated - udev-249.12-150400.8.10.1 updated - util-linux-systemd-2.37.2-150400.8.3.1 updated - util-linux-2.37.2-150400.8.3.1 updated - vim-data-common-9.0.0313-150000.5.25.1 updated - vim-9.0.0313-150000.5.25.1 updated - zypper-1.14.57-150400.3.9.1 updated - klogd-1.4.1-11.2 removed From sle-updates at lists.suse.com Thu Oct 20 07:33:01 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 20 Oct 2022 09:33:01 +0200 (CEST) Subject: SUSE-CU-2022:2603-1: Security update of bci/nodejs Message-ID: <20221020073301.A890CFBA8@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2603-1 Container Tags : bci/node:12 , bci/node:12-17.11 , bci/nodejs:12 , bci/nodejs:12-17.11 Container Release : 17.11 Severity : moderate Type : security References : 1201325 1203832 CVE-2022-32213 CVE-2022-35256 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3616-1 Released: Tue Oct 18 13:06:11 2022 Summary: Security update for nodejs12 Type: security Severity: moderate References: 1201325,1203832,CVE-2022-32213,CVE-2022-35256 This update for nodejs12 fixes the following issues: - CVE-2022-35256: Fixed incorrect parsing of header fields (bsc#1203832). - CVE-2022-32213: Fixed bypass via obs-fold mechanic (bsc#1201325). The following package changes have been done: - nodejs12-12.22.12-150200.4.38.1 updated - npm12-12.22.12-150200.4.38.1 updated From sle-updates at lists.suse.com Thu Oct 20 13:20:00 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 20 Oct 2022 15:20:00 +0200 (CEST) Subject: SUSE-SU-2022:3673-1: moderate: Security update for jasper Message-ID: <20221020132000.E04DAFBAE@maintenance.suse.de> SUSE Security Update: Security update for jasper ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3673-1 Rating: moderate References: #1202642 Cross-References: CVE-2022-2963 CVSS scores: CVE-2022-2963 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-2963 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Module for Desktop Applications 15-SP3 SUSE Linux Enterprise Module for Desktop Applications 15-SP4 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for jasper fixes the following issues: - CVE-2022-2963: Fixed memory leaks in function cmdopts_parse (bsc#1202642). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3673=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-3673=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2022-3673=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP3-2022-3673=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-3673=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-3673=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): jasper-2.0.14-150000.3.28.1 jasper-debuginfo-2.0.14-150000.3.28.1 jasper-debugsource-2.0.14-150000.3.28.1 libjasper-devel-2.0.14-150000.3.28.1 libjasper4-2.0.14-150000.3.28.1 libjasper4-debuginfo-2.0.14-150000.3.28.1 - openSUSE Leap 15.4 (x86_64): libjasper4-32bit-2.0.14-150000.3.28.1 libjasper4-32bit-debuginfo-2.0.14-150000.3.28.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): jasper-2.0.14-150000.3.28.1 jasper-debuginfo-2.0.14-150000.3.28.1 jasper-debugsource-2.0.14-150000.3.28.1 libjasper-devel-2.0.14-150000.3.28.1 libjasper4-2.0.14-150000.3.28.1 libjasper4-debuginfo-2.0.14-150000.3.28.1 - openSUSE Leap 15.3 (x86_64): libjasper4-32bit-2.0.14-150000.3.28.1 libjasper4-32bit-debuginfo-2.0.14-150000.3.28.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4 (aarch64 ppc64le s390x x86_64): jasper-debuginfo-2.0.14-150000.3.28.1 jasper-debugsource-2.0.14-150000.3.28.1 libjasper-devel-2.0.14-150000.3.28.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (aarch64 ppc64le s390x x86_64): jasper-debuginfo-2.0.14-150000.3.28.1 jasper-debugsource-2.0.14-150000.3.28.1 libjasper-devel-2.0.14-150000.3.28.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): jasper-debuginfo-2.0.14-150000.3.28.1 jasper-debugsource-2.0.14-150000.3.28.1 libjasper4-2.0.14-150000.3.28.1 libjasper4-debuginfo-2.0.14-150000.3.28.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): jasper-debuginfo-2.0.14-150000.3.28.1 jasper-debugsource-2.0.14-150000.3.28.1 libjasper4-2.0.14-150000.3.28.1 libjasper4-debuginfo-2.0.14-150000.3.28.1 References: https://www.suse.com/security/cve/CVE-2022-2963.html https://bugzilla.suse.com/1202642 From sle-updates at lists.suse.com Thu Oct 20 13:20:54 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 20 Oct 2022 15:20:54 +0200 (CEST) Subject: SUSE-SU-2022:3671-1: important: Security update for libostree Message-ID: <20221020132054.4CA58FBAE@maintenance.suse.de> SUSE Security Update: Security update for libostree ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3671-1 Rating: important References: #1201770 Cross-References: CVE-2014-9862 CVSS scores: CVE-2014-9862 (NVD) : 7.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2014-9862 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server for SAP 15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for libostree fixes the following issues: - CVE-2014-9862: Fixed arbitrary write on heap vulnerability (bsc#1201770). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-3671=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-3671=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-3671=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-3671=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): libostree-1-1-2018.1-150000.4.3.1 libostree-1-1-debuginfo-2018.1-150000.4.3.1 libostree-2018.1-150000.4.3.1 libostree-debuginfo-2018.1-150000.4.3.1 libostree-debugsource-2018.1-150000.4.3.1 libostree-devel-2018.1-150000.4.3.1 typelib-1_0-OSTree-1_0-2018.1-150000.4.3.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): libostree-1-1-2018.1-150000.4.3.1 libostree-1-1-debuginfo-2018.1-150000.4.3.1 libostree-2018.1-150000.4.3.1 libostree-debuginfo-2018.1-150000.4.3.1 libostree-debugsource-2018.1-150000.4.3.1 libostree-devel-2018.1-150000.4.3.1 typelib-1_0-OSTree-1_0-2018.1-150000.4.3.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): libostree-1-1-2018.1-150000.4.3.1 libostree-1-1-debuginfo-2018.1-150000.4.3.1 libostree-2018.1-150000.4.3.1 libostree-debuginfo-2018.1-150000.4.3.1 libostree-debugsource-2018.1-150000.4.3.1 libostree-devel-2018.1-150000.4.3.1 typelib-1_0-OSTree-1_0-2018.1-150000.4.3.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): libostree-1-1-2018.1-150000.4.3.1 libostree-1-1-debuginfo-2018.1-150000.4.3.1 libostree-2018.1-150000.4.3.1 libostree-debuginfo-2018.1-150000.4.3.1 libostree-debugsource-2018.1-150000.4.3.1 libostree-devel-2018.1-150000.4.3.1 typelib-1_0-OSTree-1_0-2018.1-150000.4.3.1 References: https://www.suse.com/security/cve/CVE-2014-9862.html https://bugzilla.suse.com/1201770 From sle-updates at lists.suse.com Thu Oct 20 13:21:40 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 20 Oct 2022 15:21:40 +0200 (CEST) Subject: SUSE-RU-2022:3670-1: moderate: Recommended update for zchunk Message-ID: <20221020132140.597ADFBAE@maintenance.suse.de> SUSE Recommended Update: Recommended update for zchunk ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:3670-1 Rating: moderate References: #1204244 Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for zchunk fixes the following issues: - Make sure to ship libzck1 to Micro 5.3 (bsc#1204244) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3670=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-3670=1 - SUSE Linux Enterprise Micro 5.3: zypper in -t patch SUSE-SLE-Micro-5.3-2022-3670=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): libzck-devel-1.1.16-150400.3.2.1 libzck1-1.1.16-150400.3.2.1 libzck1-debuginfo-1.1.16-150400.3.2.1 zchunk-1.1.16-150400.3.2.1 zchunk-debuginfo-1.1.16-150400.3.2.1 zchunk-debugsource-1.1.16-150400.3.2.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): libzck1-1.1.16-150400.3.2.1 libzck1-debuginfo-1.1.16-150400.3.2.1 zchunk-1.1.16-150400.3.2.1 zchunk-debuginfo-1.1.16-150400.3.2.1 zchunk-debugsource-1.1.16-150400.3.2.1 - SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64): libzck-devel-1.1.16-150400.3.2.1 libzck1-1.1.16-150400.3.2.1 libzck1-debuginfo-1.1.16-150400.3.2.1 zchunk-1.1.16-150400.3.2.1 zchunk-debuginfo-1.1.16-150400.3.2.1 zchunk-debugsource-1.1.16-150400.3.2.1 References: https://bugzilla.suse.com/1204244 From sle-updates at lists.suse.com Thu Oct 20 13:22:25 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 20 Oct 2022 15:22:25 +0200 (CEST) Subject: SUSE-SU-2022:3672-1: moderate: Security update for jasper Message-ID: <20221020132225.89297FBAE@maintenance.suse.de> SUSE Security Update: Security update for jasper ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3672-1 Rating: moderate References: #1202642 Cross-References: CVE-2022-2963 CVSS scores: CVE-2022-2963 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-2963 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for jasper fixes the following issues: - CVE-2022-2963: Fixed memory leaks in function cmdopts_parse (bsc#1202642). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-3672=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-3672=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): jasper-debuginfo-1.900.14-195.34.1 jasper-debugsource-1.900.14-195.34.1 libjasper-devel-1.900.14-195.34.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): jasper-debuginfo-1.900.14-195.34.1 jasper-debugsource-1.900.14-195.34.1 libjasper1-1.900.14-195.34.1 libjasper1-debuginfo-1.900.14-195.34.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): libjasper1-32bit-1.900.14-195.34.1 libjasper1-debuginfo-32bit-1.900.14-195.34.1 References: https://www.suse.com/security/cve/CVE-2022-2963.html https://bugzilla.suse.com/1202642 From sle-updates at lists.suse.com Thu Oct 20 16:19:50 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 20 Oct 2022 18:19:50 +0200 (CEST) Subject: SUSE-SU-2022:3679-1: important: Security update for tiff Message-ID: <20221020161950.83880FBAE@maintenance.suse.de> SUSE Security Update: Security update for tiff ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3679-1 Rating: important References: #1201723 #1201971 #1202026 #1202466 #1202467 #1202468 #1202968 #1202971 #1202973 Cross-References: CVE-2022-0561 CVE-2022-2519 CVE-2022-2520 CVE-2022-2521 CVE-2022-2867 CVE-2022-2868 CVE-2022-2869 CVE-2022-34266 CVE-2022-34526 CVSS scores: CVE-2022-0561 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2022-0561 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2022-2519 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2022-2519 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVE-2022-2520 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2022-2520 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2022-2521 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2022-2521 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-2867 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-2867 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2022-2868 (NVD) : 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H CVE-2022-2868 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2022-2869 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-2869 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2022-34266 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2022-34266 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-34526 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2022-34526 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that fixes 9 vulnerabilities is now available. Description: This update for tiff fixes the following issues: - CVE-2022-2519: Fixed a double free in rotateImage() (bsc#1202968). - CVE-2022-2520: Fixed a assertion failure in rotateImage() (bsc#1202973). - CVE-2022-2521: Fixed invalid free in TIFFClose() (bsc#1202971). - CVE-2022-2867: Fixed out of bounds read and write in tiffcrop.c (bsc#1202466). - CVE-2022-2868: Fixed out of bounds read in reverseSamples16bits() (bsc#1202467). - CVE-2022-2869: Fixed out of bounds read and write in extractContigSamples8bits() (bsc#1202468). - CVE-2022-34526: Fixed stack overflow in the _TIFFVGetField function of Tiffsplit (bsc#1202026). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-3679=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2022-3679=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-3679=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-3679=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-3679=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-3679=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2022-3679=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2022-3679=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): libtiff5-32bit-4.0.9-44.56.1 libtiff5-4.0.9-44.56.1 libtiff5-debuginfo-32bit-4.0.9-44.56.1 libtiff5-debuginfo-4.0.9-44.56.1 tiff-4.0.9-44.56.1 tiff-debuginfo-4.0.9-44.56.1 tiff-debugsource-4.0.9-44.56.1 - SUSE OpenStack Cloud 9 (x86_64): libtiff5-32bit-4.0.9-44.56.1 libtiff5-4.0.9-44.56.1 libtiff5-debuginfo-32bit-4.0.9-44.56.1 libtiff5-debuginfo-4.0.9-44.56.1 tiff-4.0.9-44.56.1 tiff-debuginfo-4.0.9-44.56.1 tiff-debugsource-4.0.9-44.56.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): libtiff-devel-4.0.9-44.56.1 tiff-debuginfo-4.0.9-44.56.1 tiff-debugsource-4.0.9-44.56.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): libtiff5-4.0.9-44.56.1 libtiff5-debuginfo-4.0.9-44.56.1 tiff-4.0.9-44.56.1 tiff-debuginfo-4.0.9-44.56.1 tiff-debugsource-4.0.9-44.56.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64): libtiff5-32bit-4.0.9-44.56.1 libtiff5-debuginfo-32bit-4.0.9-44.56.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libtiff5-4.0.9-44.56.1 libtiff5-debuginfo-4.0.9-44.56.1 tiff-4.0.9-44.56.1 tiff-debuginfo-4.0.9-44.56.1 tiff-debugsource-4.0.9-44.56.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): libtiff5-32bit-4.0.9-44.56.1 libtiff5-debuginfo-32bit-4.0.9-44.56.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): libtiff5-4.0.9-44.56.1 libtiff5-debuginfo-4.0.9-44.56.1 tiff-4.0.9-44.56.1 tiff-debuginfo-4.0.9-44.56.1 tiff-debugsource-4.0.9-44.56.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (s390x x86_64): libtiff5-32bit-4.0.9-44.56.1 libtiff5-debuginfo-32bit-4.0.9-44.56.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): libtiff5-32bit-4.0.9-44.56.1 libtiff5-4.0.9-44.56.1 libtiff5-debuginfo-32bit-4.0.9-44.56.1 libtiff5-debuginfo-4.0.9-44.56.1 tiff-4.0.9-44.56.1 tiff-debuginfo-4.0.9-44.56.1 tiff-debugsource-4.0.9-44.56.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): libtiff5-32bit-4.0.9-44.56.1 libtiff5-4.0.9-44.56.1 libtiff5-debuginfo-32bit-4.0.9-44.56.1 libtiff5-debuginfo-4.0.9-44.56.1 tiff-4.0.9-44.56.1 tiff-debuginfo-4.0.9-44.56.1 tiff-debugsource-4.0.9-44.56.1 References: https://www.suse.com/security/cve/CVE-2022-0561.html https://www.suse.com/security/cve/CVE-2022-2519.html https://www.suse.com/security/cve/CVE-2022-2520.html https://www.suse.com/security/cve/CVE-2022-2521.html https://www.suse.com/security/cve/CVE-2022-2867.html https://www.suse.com/security/cve/CVE-2022-2868.html https://www.suse.com/security/cve/CVE-2022-2869.html https://www.suse.com/security/cve/CVE-2022-34266.html https://www.suse.com/security/cve/CVE-2022-34526.html https://bugzilla.suse.com/1201723 https://bugzilla.suse.com/1201971 https://bugzilla.suse.com/1202026 https://bugzilla.suse.com/1202466 https://bugzilla.suse.com/1202467 https://bugzilla.suse.com/1202468 https://bugzilla.suse.com/1202968 https://bugzilla.suse.com/1202971 https://bugzilla.suse.com/1202973 From sle-updates at lists.suse.com Thu Oct 20 16:21:26 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 20 Oct 2022 18:21:26 +0200 (CEST) Subject: SUSE-SU-2022:3511-2: important: Security update for python3 Message-ID: <20221020162126.16780FBAE@maintenance.suse.de> SUSE Security Update: Security update for python3 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3511-2 Rating: important References: #1202624 Cross-References: CVE-2021-28861 CVSS scores: CVE-2021-28861 (NVD) : 7.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N CVE-2021-28861 (SUSE): 7.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server for SAP 12-SP4 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python3 fixes the following issues: - CVE-2021-28861: Fixed an open redirection vulnerability in the HTTP server when an URI path starts with // (bsc#1202624). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-3511=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2022-3511=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-3511=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-3511=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2022-3511=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2022-3511=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): libpython3_4m1_0-3.4.10-25.96.1 libpython3_4m1_0-debuginfo-3.4.10-25.96.1 python3-3.4.10-25.96.1 python3-base-3.4.10-25.96.1 python3-base-debuginfo-3.4.10-25.96.1 python3-base-debugsource-3.4.10-25.96.1 python3-curses-3.4.10-25.96.1 python3-curses-debuginfo-3.4.10-25.96.1 python3-debuginfo-3.4.10-25.96.1 python3-debugsource-3.4.10-25.96.1 python3-devel-3.4.10-25.96.1 python3-devel-debuginfo-3.4.10-25.96.1 - SUSE OpenStack Cloud 9 (x86_64): libpython3_4m1_0-3.4.10-25.96.1 libpython3_4m1_0-debuginfo-3.4.10-25.96.1 python3-3.4.10-25.96.1 python3-base-3.4.10-25.96.1 python3-base-debuginfo-3.4.10-25.96.1 python3-base-debugsource-3.4.10-25.96.1 python3-curses-3.4.10-25.96.1 python3-curses-debuginfo-3.4.10-25.96.1 python3-debuginfo-3.4.10-25.96.1 python3-debugsource-3.4.10-25.96.1 python3-devel-3.4.10-25.96.1 python3-devel-debuginfo-3.4.10-25.96.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): libpython3_4m1_0-3.4.10-25.96.1 libpython3_4m1_0-debuginfo-3.4.10-25.96.1 python3-3.4.10-25.96.1 python3-base-3.4.10-25.96.1 python3-base-debuginfo-3.4.10-25.96.1 python3-base-debugsource-3.4.10-25.96.1 python3-curses-3.4.10-25.96.1 python3-curses-debuginfo-3.4.10-25.96.1 python3-debuginfo-3.4.10-25.96.1 python3-debugsource-3.4.10-25.96.1 python3-devel-3.4.10-25.96.1 python3-devel-debuginfo-3.4.10-25.96.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): libpython3_4m1_0-3.4.10-25.96.1 libpython3_4m1_0-debuginfo-3.4.10-25.96.1 python3-3.4.10-25.96.1 python3-base-3.4.10-25.96.1 python3-base-debuginfo-3.4.10-25.96.1 python3-base-debugsource-3.4.10-25.96.1 python3-curses-3.4.10-25.96.1 python3-curses-debuginfo-3.4.10-25.96.1 python3-debuginfo-3.4.10-25.96.1 python3-debugsource-3.4.10-25.96.1 python3-devel-3.4.10-25.96.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (ppc64le s390x x86_64): python3-devel-debuginfo-3.4.10-25.96.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): libpython3_4m1_0-3.4.10-25.96.1 libpython3_4m1_0-debuginfo-3.4.10-25.96.1 python3-3.4.10-25.96.1 python3-base-3.4.10-25.96.1 python3-base-debuginfo-3.4.10-25.96.1 python3-base-debugsource-3.4.10-25.96.1 python3-curses-3.4.10-25.96.1 python3-curses-debuginfo-3.4.10-25.96.1 python3-debuginfo-3.4.10-25.96.1 python3-debugsource-3.4.10-25.96.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): libpython3_4m1_0-3.4.10-25.96.1 libpython3_4m1_0-debuginfo-3.4.10-25.96.1 python3-3.4.10-25.96.1 python3-base-3.4.10-25.96.1 python3-base-debuginfo-3.4.10-25.96.1 python3-base-debugsource-3.4.10-25.96.1 python3-curses-3.4.10-25.96.1 python3-curses-debuginfo-3.4.10-25.96.1 python3-debuginfo-3.4.10-25.96.1 python3-debugsource-3.4.10-25.96.1 References: https://www.suse.com/security/cve/CVE-2021-28861.html https://bugzilla.suse.com/1202624 From sle-updates at lists.suse.com Thu Oct 20 16:22:13 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 20 Oct 2022 18:22:13 +0200 (CEST) Subject: SUSE-SU-2022:3676-1: important: Security update for grafana Message-ID: <20221020162213.76E8CFBAE@maintenance.suse.de> SUSE Security Update: Security update for grafana ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3676-1 Rating: important References: #1188571 #1189520 #1192383 #1192763 #1193492 #1193686 #1194873 #1195726 #1195727 #1195728 #1201535 #1201539 #1203596 #1203597 PED-2145 SLE-23422 SLE-23439 SLE-24565 Cross-References: CVE-2021-36222 CVE-2021-3711 CVE-2021-41174 CVE-2021-41244 CVE-2021-43798 CVE-2021-43815 CVE-2022-21673 CVE-2022-21702 CVE-2022-21703 CVE-2022-21713 CVE-2022-31097 CVE-2022-31107 CVE-2022-35957 CVE-2022-36062 CVSS scores: CVE-2021-36222 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-36222 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-3711 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-3711 (SUSE): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-41174 (NVD) : 6.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:H/A:N CVE-2021-41174 (SUSE): 6.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:H/A:N CVE-2021-41244 (NVD) : 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-41244 (SUSE): 9.1 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2021-43798 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2021-43798 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2021-43815 (NVD) : 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2021-43815 (SUSE): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2022-21673 (NVD) : 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2022-21673 (SUSE): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2022-21702 (NVD) : 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2022-21702 (SUSE): 6.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N CVE-2022-21703 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-21703 (SUSE): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N CVE-2022-21713 (NVD) : 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2022-21713 (SUSE): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2022-31097 (NVD) : 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2022-31097 (SUSE): 7.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N CVE-2022-31107 (NVD) : 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-31107 (SUSE): 7.1 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L CVE-2022-35957 (NVD) : 6.6 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-35957 (SUSE): 6.6 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-36062 (NVD) : 3.8 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N CVE-2022-36062 (SUSE): 6.4 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:L Affected Products: SUSE Enterprise Storage 6 ______________________________________________________________________________ An update that fixes 14 vulnerabilities, contains four features is now available. Description: This update for grafana fixes the following issues: Updated to version 8.5.13 (jsc#PED-2145, jsc#SLE-23439, jsc#SLE-23422, jsc#SLE-24565): - CVE-2022-36062: Fixed RBAC folders/dashboards privilege escalation (bsc#1203596). - CVE-2022-35957: Fixed escalation from admin to server admin when auth proxy is used (bsc#1203597). - CVE-2022-31107: Fixed OAuth account takeover (bsc#1201539). - CVE-2022-31097: Fixed XSS vulnerability in the Unified Alerting (bsc#1201535). - CVE-2022-21702: Fixed XSS vulnerability in handling data sources (bsc#1195726). - CVE-2022-21703: Fixed cross-origin request forgery vulnerability (bsc#1195727). - CVE-2022-21713: Fixed Insecure Direct Object Reference vulnerability in Teams API (bsc#1195728). - CVE-2022-21673: Fixed missing error return in GetUserInfo if no user was found (bsc#1194873). - CVE-2021-43815: Fixed directory traversal for .csv files (bsc#1193686). - CVE-2021-41244: Fixed incorrect access control vulnerability(bsc#1192763). - CVE-2021-41174: Fixed XSS vulnerability on unauthenticated pages through interpolation binding expressions for AngularJS in URL (bsc#1192383). - CVE-2021-3711: Fixed SM2 Decryption Buffer Overflow (bsc#1189520). - CVE-2021-36222: Fixed a null pointer dereference in the KDC (bsc#1188571). - CVE-2021-43798: Fixed arbitrary file read in the graph native plugin (bsc#1193492). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-3676=1 Package List: - SUSE Enterprise Storage 6 (aarch64 x86_64): grafana-8.5.13-150100.3.12.1 grafana-debuginfo-8.5.13-150100.3.12.1 References: https://www.suse.com/security/cve/CVE-2021-36222.html https://www.suse.com/security/cve/CVE-2021-3711.html https://www.suse.com/security/cve/CVE-2021-41174.html https://www.suse.com/security/cve/CVE-2021-41244.html https://www.suse.com/security/cve/CVE-2021-43798.html https://www.suse.com/security/cve/CVE-2021-43815.html https://www.suse.com/security/cve/CVE-2022-21673.html https://www.suse.com/security/cve/CVE-2022-21702.html https://www.suse.com/security/cve/CVE-2022-21703.html https://www.suse.com/security/cve/CVE-2022-21713.html https://www.suse.com/security/cve/CVE-2022-31097.html https://www.suse.com/security/cve/CVE-2022-31107.html https://www.suse.com/security/cve/CVE-2022-35957.html https://www.suse.com/security/cve/CVE-2022-36062.html https://bugzilla.suse.com/1188571 https://bugzilla.suse.com/1189520 https://bugzilla.suse.com/1192383 https://bugzilla.suse.com/1192763 https://bugzilla.suse.com/1193492 https://bugzilla.suse.com/1193686 https://bugzilla.suse.com/1194873 https://bugzilla.suse.com/1195726 https://bugzilla.suse.com/1195727 https://bugzilla.suse.com/1195728 https://bugzilla.suse.com/1201535 https://bugzilla.suse.com/1201539 https://bugzilla.suse.com/1203596 https://bugzilla.suse.com/1203597 From sle-updates at lists.suse.com Thu Oct 20 16:24:05 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 20 Oct 2022 18:24:05 +0200 (CEST) Subject: SUSE-RU-2022:3678-1: moderate: Recommended update for kdump Message-ID: <20221020162405.085B6FBAE@maintenance.suse.de> SUSE Recommended Update: Recommended update for kdump ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:3678-1 Rating: moderate References: #1187312 #1201051 #1202981 Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for kdump fixes the following issues: - Fix broken URL in manpage (bsc#1187312) - Fix network-related dracut options handling for fadump case (bsc#1201051) - use inst_binary to install kdump-save (bsc#1202981) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3678=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-3678=1 - SUSE Linux Enterprise Micro 5.3: zypper in -t patch SUSE-SLE-Micro-5.3-2022-3678=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): kdump-1.0.2+git14.gb49d4a3-150400.3.5.1 kdump-debuginfo-1.0.2+git14.gb49d4a3-150400.3.5.1 kdump-debugsource-1.0.2+git14.gb49d4a3-150400.3.5.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): kdump-1.0.2+git14.gb49d4a3-150400.3.5.1 kdump-debuginfo-1.0.2+git14.gb49d4a3-150400.3.5.1 kdump-debugsource-1.0.2+git14.gb49d4a3-150400.3.5.1 - SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64): kdump-1.0.2+git14.gb49d4a3-150400.3.5.1 kdump-debuginfo-1.0.2+git14.gb49d4a3-150400.3.5.1 kdump-debugsource-1.0.2+git14.gb49d4a3-150400.3.5.1 References: https://bugzilla.suse.com/1187312 https://bugzilla.suse.com/1201051 https://bugzilla.suse.com/1202981 From sle-updates at lists.suse.com Thu Oct 20 16:24:59 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 20 Oct 2022 18:24:59 +0200 (CEST) Subject: SUSE-SU-2022:3674-1: moderate: Security update for clone-master-clean-up Message-ID: <20221020162459.2F143FBAE@maintenance.suse.de> SUSE Security Update: Security update for clone-master-clean-up ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3674-1 Rating: moderate References: #1181050 #1203651 Cross-References: CVE-2021-32000 CVSS scores: CVE-2021-32000 (NVD) : 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H CVE-2021-32000 (SUSE): 5 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for clone-master-clean-up fixes the following issues: - CVE-2021-32000: Fixed some potentially dangerous file system operations (bsc#1181050). Bugfixes: - Fixed failures to remove btrfs snapshots (bsc#1203651). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-3674=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (noarch): clone-master-clean-up-1.8-4.11.1 References: https://www.suse.com/security/cve/CVE-2021-32000.html https://bugzilla.suse.com/1181050 https://bugzilla.suse.com/1203651 From sle-updates at lists.suse.com Thu Oct 20 16:25:46 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 20 Oct 2022 18:25:46 +0200 (CEST) Subject: SUSE-RU-2022:3677-1: important: Recommended update for kiwi-templates-Minimal Message-ID: <20221020162546.58003FBAE@maintenance.suse.de> SUSE Recommended Update: Recommended update for kiwi-templates-Minimal ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:3677-1 Rating: important References: #1204227 Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Development Tools 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for kiwi-templates-Minimal fixes the following issues: - Mask systemd-firstboot on OpenStack (bsc#1204227) - Add %changelog tag in .spec Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3677=1 - SUSE Linux Enterprise Module for Development Tools 15-SP4: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2022-3677=1 Package List: - openSUSE Leap 15.4 (noarch): kiwi-templates-Minimal-15.4-150400.3.7.1 - SUSE Linux Enterprise Module for Development Tools 15-SP4 (noarch): kiwi-templates-Minimal-15.4-150400.3.7.1 References: https://bugzilla.suse.com/1204227 From sle-updates at lists.suse.com Fri Oct 21 07:45:31 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 21 Oct 2022 09:45:31 +0200 (CEST) Subject: SUSE-CU-2022:2624-1: Recommended update of suse/sle15 Message-ID: <20221021074531.EDFEDF78D@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2624-1 Container Tags : bci/bci-base:15.4 , bci/bci-base:15.4.27.14.3 , suse/sle15:15.4 , suse/sle15:15.4.27.14.3 Container Release : 27.14.3 Severity : moderate Type : recommended References : 1121365 1180995 1190651 1190653 1190888 1193859 1198471 1198472 1201293 1202148 1202870 1203046 1203069 1204244 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2796-1 Released: Fri Aug 12 14:34:31 2022 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: This update for jitterentropy fixes the following issues: jitterentropy is included in version 3.4.0 (jsc#SLE-24941): This is a FIPS 140-3 / NIST 800-90b compliant userspace jitter entropy generator library, used by other FIPS libraries. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3328-1 Released: Wed Sep 21 12:48:56 2022 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: 1202870 This update for jitterentropy fixes the following issues: - Hide the non-GNUC constructs that are library internal from the exported header, to make it usable in builds with strict C99 compliance. (bsc#1202870) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3663-1 Released: Wed Oct 19 19:05:21 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1121365,1180995,1190651,1190653,1190888,1193859,1198471,1198472,1201293,1202148,1203046,1203069 This update for openssl-1_1 fixes the following issues: - FIPS: Default to RFC-7919 groups for genparam and dhparam - FIPS: list only FIPS approved digest and public key algorithms [bsc#1121365, bsc#1190888, bsc#1193859, bsc#1198471, bsc#1198472] - FIPS: Add KAT for the RAND_DRBG implementation [bsc#1203069] - FIPS: openssl: RAND api should call into FIPS DRBG [bsc#1201293] * The FIPS_drbg implementation is not FIPS validated anymore. To provide backwards compatibility for applications that need FIPS compliant RNG number generation and use FIPS_drbg_generate, this function was re-wired to call the FIPS validated DRBG instance instead through the RAND_bytes() call. - FIPS: Fix minor memory leaks by FIPS patch [bsc#1203046] - FIPS: OpenSSL: Port openssl to use jitterentropy [bsc#1202148, jsc#SLE-24941] libcrypto.so now requires libjitterentropy3 library. - FIPS: OpenSSL Provide a service-level indicator [bsc#1190651] - FIPS: Add zeroization of temporary variables to the hmac integrity function FIPSCHECK_verify(). [bsc#1190653] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3670-1 Released: Thu Oct 20 10:44:13 2022 Summary: Recommended update for zchunk Type: recommended Severity: moderate References: 1204244 This update for zchunk fixes the following issues: - Make sure to ship libzck1 to Micro 5.3 (bsc#1204244) The following package changes have been done: - libjitterentropy3-3.4.0-150000.1.6.1 added - libopenssl1_1-hmac-1.1.1l-150400.7.10.5 updated - libopenssl1_1-1.1.1l-150400.7.10.5 updated - libzck1-1.1.16-150400.3.2.1 updated - openssl-1_1-1.1.1l-150400.7.10.5 updated From sle-updates at lists.suse.com Fri Oct 21 13:23:59 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 21 Oct 2022 15:23:59 +0200 (CEST) Subject: SUSE-SU-2022:3681-1: critical: Security update for libksba Message-ID: <20221021132359.02745FBAE@maintenance.suse.de> SUSE Security Update: Security update for libksba ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3681-1 Rating: critical References: #1204357 Cross-References: CVE-2022-3515 CVSS scores: CVE-2022-3515 (SUSE): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for libksba fixes the following issues: - CVE-2022-3515: Fixed a possible overflow in the TLV parser (bsc#1204357). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-3681=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2022-3681=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-3681=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-3681=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-3681=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-3681=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2022-3681=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2022-3681=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): libksba-debugsource-1.3.0-24.3.1 libksba8-1.3.0-24.3.1 libksba8-debuginfo-1.3.0-24.3.1 - SUSE OpenStack Cloud 9 (x86_64): libksba-debugsource-1.3.0-24.3.1 libksba8-1.3.0-24.3.1 libksba8-debuginfo-1.3.0-24.3.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): libksba-debugsource-1.3.0-24.3.1 libksba-devel-1.3.0-24.3.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): libksba-debugsource-1.3.0-24.3.1 libksba8-1.3.0-24.3.1 libksba8-debuginfo-1.3.0-24.3.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libksba-debugsource-1.3.0-24.3.1 libksba8-1.3.0-24.3.1 libksba8-debuginfo-1.3.0-24.3.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): libksba-debugsource-1.3.0-24.3.1 libksba8-1.3.0-24.3.1 libksba8-debuginfo-1.3.0-24.3.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): libksba-debugsource-1.3.0-24.3.1 libksba8-1.3.0-24.3.1 libksba8-debuginfo-1.3.0-24.3.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): libksba-debugsource-1.3.0-24.3.1 libksba8-1.3.0-24.3.1 libksba8-debuginfo-1.3.0-24.3.1 References: https://www.suse.com/security/cve/CVE-2022-3515.html https://bugzilla.suse.com/1204357 From sle-updates at lists.suse.com Fri Oct 21 13:25:48 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 21 Oct 2022 15:25:48 +0200 (CEST) Subject: SUSE-RU-2022:3684-1: Recommended update for celt, jack, libogg, libtheora Message-ID: <20221021132548.6BA6BFBAE@maintenance.suse.de> SUSE Recommended Update: Recommended update for celt, jack, libogg, libtheora ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:3684-1 Rating: low References: #1108981 #1132458 #1198925 Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Enterprise Storage 7 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Micro 5.3 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Module for Desktop Applications 15-SP3 SUSE Linux Enterprise Module for Desktop Applications 15-SP4 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.1 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.1 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 openSUSE Leap Micro 5.2 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for celt, jack, libogg, libtheora fixes the following issue: - celt, jack, libogg, libtheora 32bit base libraries are shipped to meet dependencies of the ffmpeg 32bit libraries (bsc#1198925). Also two bugs in jack were fixed (bsc#1132458 bsc#1108981). Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap Micro 5.2: zypper in -t patch openSUSE-Leap-Micro-5.2-2022-3684=1 - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3684=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-3684=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-3684=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-3684=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-3684=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-3684=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-3684=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-3684=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-3684=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-3684=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-3684=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-3684=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-3684=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2022-3684=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2022-3684=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2022-3684=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP3-2022-3684=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-3684=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-3684=1 - SUSE Linux Enterprise Micro 5.3: zypper in -t patch SUSE-SLE-Micro-5.3-2022-3684=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-3684=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-3684=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-3684=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-3684=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-3684=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-3684=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-3684=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-3684=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-3684=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - openSUSE Leap Micro 5.2 (aarch64 x86_64): libogg-debugsource-1.3.2-150000.3.4.1 libogg0-1.3.2-150000.3.4.1 libogg0-debuginfo-1.3.2-150000.3.4.1 libtheora-debugsource-1.1.1-150000.3.3.1 libtheoradec1-1.1.1-150000.3.3.1 libtheoradec1-debuginfo-1.1.1-150000.3.3.1 libtheoraenc1-1.1.1-150000.3.3.1 libtheoraenc1-debuginfo-1.1.1-150000.3.3.1 - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): celt-0.11.3-150000.3.3.1 celt-debuginfo-0.11.3-150000.3.3.1 celt-debugsource-0.11.3-150000.3.3.1 jack-1.9.12-150000.3.3.1 jack-debuginfo-1.9.12-150000.3.3.1 jack-debugsource-1.9.12-150000.3.3.1 libcelt-devel-0.11.3-150000.3.3.1 libcelt0-2-0.11.3-150000.3.3.1 libcelt0-2-debuginfo-0.11.3-150000.3.3.1 libjack-devel-1.9.12-150000.3.3.1 libjack0-1.9.12-150000.3.3.1 libjack0-debuginfo-1.9.12-150000.3.3.1 libjacknet0-1.9.12-150000.3.3.1 libjacknet0-debuginfo-1.9.12-150000.3.3.1 libjackserver0-1.9.12-150000.3.3.1 libjackserver0-debuginfo-1.9.12-150000.3.3.1 libogg-debugsource-1.3.2-150000.3.4.1 libogg-devel-1.3.2-150000.3.4.1 libogg0-1.3.2-150000.3.4.1 libogg0-debuginfo-1.3.2-150000.3.4.1 libtheora-debugsource-1.1.1-150000.3.3.1 libtheora-devel-1.1.1-150000.3.3.1 libtheora0-1.1.1-150000.3.3.1 libtheora0-debuginfo-1.1.1-150000.3.3.1 libtheoradec1-1.1.1-150000.3.3.1 libtheoradec1-debuginfo-1.1.1-150000.3.3.1 libtheoraenc1-1.1.1-150000.3.3.1 libtheoraenc1-debuginfo-1.1.1-150000.3.3.1 - openSUSE Leap 15.4 (x86_64): jack-32bit-1.9.12-150000.3.3.1 jack-32bit-debuginfo-1.9.12-150000.3.3.1 libcelt-devel-32bit-0.11.3-150000.3.3.1 libcelt0-2-32bit-0.11.3-150000.3.3.1 libcelt0-2-32bit-debuginfo-0.11.3-150000.3.3.1 libjack-devel-32bit-1.9.12-150000.3.3.1 libjack0-32bit-1.9.12-150000.3.3.1 libjack0-32bit-debuginfo-1.9.12-150000.3.3.1 libjacknet0-32bit-1.9.12-150000.3.3.1 libjacknet0-32bit-debuginfo-1.9.12-150000.3.3.1 libjackserver0-32bit-1.9.12-150000.3.3.1 libjackserver0-32bit-debuginfo-1.9.12-150000.3.3.1 libogg0-32bit-1.3.2-150000.3.4.1 libogg0-32bit-debuginfo-1.3.2-150000.3.4.1 libtheora0-32bit-1.1.1-150000.3.3.1 libtheora0-32bit-debuginfo-1.1.1-150000.3.3.1 libtheoradec1-32bit-1.1.1-150000.3.3.1 libtheoradec1-32bit-debuginfo-1.1.1-150000.3.3.1 libtheoraenc1-32bit-1.1.1-150000.3.3.1 libtheoraenc1-32bit-debuginfo-1.1.1-150000.3.3.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): celt-0.11.3-150000.3.3.1 celt-debuginfo-0.11.3-150000.3.3.1 celt-debugsource-0.11.3-150000.3.3.1 jack-1.9.12-150000.3.3.1 jack-debuginfo-1.9.12-150000.3.3.1 jack-debugsource-1.9.12-150000.3.3.1 libcelt-devel-0.11.3-150000.3.3.1 libcelt0-2-0.11.3-150000.3.3.1 libcelt0-2-debuginfo-0.11.3-150000.3.3.1 libjack-devel-1.9.12-150000.3.3.1 libjack0-1.9.12-150000.3.3.1 libjack0-debuginfo-1.9.12-150000.3.3.1 libjacknet0-1.9.12-150000.3.3.1 libjacknet0-debuginfo-1.9.12-150000.3.3.1 libjackserver0-1.9.12-150000.3.3.1 libjackserver0-debuginfo-1.9.12-150000.3.3.1 libogg-debugsource-1.3.2-150000.3.4.1 libogg-devel-1.3.2-150000.3.4.1 libogg0-1.3.2-150000.3.4.1 libogg0-debuginfo-1.3.2-150000.3.4.1 libtheora-debugsource-1.1.1-150000.3.3.1 libtheora-devel-1.1.1-150000.3.3.1 libtheora0-1.1.1-150000.3.3.1 libtheora0-debuginfo-1.1.1-150000.3.3.1 libtheoradec1-1.1.1-150000.3.3.1 libtheoradec1-debuginfo-1.1.1-150000.3.3.1 libtheoraenc1-1.1.1-150000.3.3.1 libtheoraenc1-debuginfo-1.1.1-150000.3.3.1 - openSUSE Leap 15.3 (x86_64): jack-32bit-1.9.12-150000.3.3.1 jack-32bit-debuginfo-1.9.12-150000.3.3.1 libcelt-devel-32bit-0.11.3-150000.3.3.1 libcelt0-2-32bit-0.11.3-150000.3.3.1 libcelt0-2-32bit-debuginfo-0.11.3-150000.3.3.1 libjack-devel-32bit-1.9.12-150000.3.3.1 libjack0-32bit-1.9.12-150000.3.3.1 libjack0-32bit-debuginfo-1.9.12-150000.3.3.1 libjacknet0-32bit-1.9.12-150000.3.3.1 libjacknet0-32bit-debuginfo-1.9.12-150000.3.3.1 libjackserver0-32bit-1.9.12-150000.3.3.1 libjackserver0-32bit-debuginfo-1.9.12-150000.3.3.1 libogg0-32bit-1.3.2-150000.3.4.1 libogg0-32bit-debuginfo-1.3.2-150000.3.4.1 libtheora0-32bit-1.1.1-150000.3.3.1 libtheora0-32bit-debuginfo-1.1.1-150000.3.3.1 libtheoradec1-32bit-1.1.1-150000.3.3.1 libtheoradec1-32bit-debuginfo-1.1.1-150000.3.3.1 libtheoraenc1-32bit-1.1.1-150000.3.3.1 libtheoraenc1-32bit-debuginfo-1.1.1-150000.3.3.1 - SUSE Manager Server 4.1 (ppc64le s390x x86_64): celt-0.11.3-150000.3.3.1 celt-debuginfo-0.11.3-150000.3.3.1 celt-debugsource-0.11.3-150000.3.3.1 jack-debuginfo-1.9.12-150000.3.3.1 jack-debugsource-1.9.12-150000.3.3.1 libcelt-devel-0.11.3-150000.3.3.1 libcelt0-2-0.11.3-150000.3.3.1 libcelt0-2-debuginfo-0.11.3-150000.3.3.1 libjack-devel-1.9.12-150000.3.3.1 libjack0-1.9.12-150000.3.3.1 libjack0-debuginfo-1.9.12-150000.3.3.1 libjacknet0-1.9.12-150000.3.3.1 libjacknet0-debuginfo-1.9.12-150000.3.3.1 libjackserver0-1.9.12-150000.3.3.1 libjackserver0-debuginfo-1.9.12-150000.3.3.1 libogg-debugsource-1.3.2-150000.3.4.1 libogg-devel-1.3.2-150000.3.4.1 libogg0-1.3.2-150000.3.4.1 libogg0-debuginfo-1.3.2-150000.3.4.1 libtheora-debugsource-1.1.1-150000.3.3.1 libtheora-devel-1.1.1-150000.3.3.1 libtheora0-1.1.1-150000.3.3.1 libtheora0-debuginfo-1.1.1-150000.3.3.1 libtheoradec1-1.1.1-150000.3.3.1 libtheoradec1-debuginfo-1.1.1-150000.3.3.1 libtheoraenc1-1.1.1-150000.3.3.1 libtheoraenc1-debuginfo-1.1.1-150000.3.3.1 - SUSE Manager Server 4.1 (x86_64): libcelt0-2-32bit-0.11.3-150000.3.3.1 libcelt0-2-32bit-debuginfo-0.11.3-150000.3.3.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): celt-0.11.3-150000.3.3.1 celt-debuginfo-0.11.3-150000.3.3.1 celt-debugsource-0.11.3-150000.3.3.1 jack-debuginfo-1.9.12-150000.3.3.1 jack-debugsource-1.9.12-150000.3.3.1 libcelt-devel-0.11.3-150000.3.3.1 libcelt0-2-0.11.3-150000.3.3.1 libcelt0-2-32bit-0.11.3-150000.3.3.1 libcelt0-2-32bit-debuginfo-0.11.3-150000.3.3.1 libcelt0-2-debuginfo-0.11.3-150000.3.3.1 libjack-devel-1.9.12-150000.3.3.1 libjack0-1.9.12-150000.3.3.1 libjack0-debuginfo-1.9.12-150000.3.3.1 libjacknet0-1.9.12-150000.3.3.1 libjacknet0-debuginfo-1.9.12-150000.3.3.1 libjackserver0-1.9.12-150000.3.3.1 libjackserver0-debuginfo-1.9.12-150000.3.3.1 libogg-debugsource-1.3.2-150000.3.4.1 libogg-devel-1.3.2-150000.3.4.1 libogg0-1.3.2-150000.3.4.1 libogg0-debuginfo-1.3.2-150000.3.4.1 libtheora-debugsource-1.1.1-150000.3.3.1 libtheora-devel-1.1.1-150000.3.3.1 libtheora0-1.1.1-150000.3.3.1 libtheora0-debuginfo-1.1.1-150000.3.3.1 libtheoradec1-1.1.1-150000.3.3.1 libtheoradec1-debuginfo-1.1.1-150000.3.3.1 libtheoraenc1-1.1.1-150000.3.3.1 libtheoraenc1-debuginfo-1.1.1-150000.3.3.1 - SUSE Manager Proxy 4.1 (x86_64): celt-0.11.3-150000.3.3.1 celt-debuginfo-0.11.3-150000.3.3.1 celt-debugsource-0.11.3-150000.3.3.1 jack-debuginfo-1.9.12-150000.3.3.1 jack-debugsource-1.9.12-150000.3.3.1 libcelt-devel-0.11.3-150000.3.3.1 libcelt0-2-0.11.3-150000.3.3.1 libcelt0-2-32bit-0.11.3-150000.3.3.1 libcelt0-2-32bit-debuginfo-0.11.3-150000.3.3.1 libcelt0-2-debuginfo-0.11.3-150000.3.3.1 libjack-devel-1.9.12-150000.3.3.1 libjack0-1.9.12-150000.3.3.1 libjack0-debuginfo-1.9.12-150000.3.3.1 libjacknet0-1.9.12-150000.3.3.1 libjacknet0-debuginfo-1.9.12-150000.3.3.1 libjackserver0-1.9.12-150000.3.3.1 libjackserver0-debuginfo-1.9.12-150000.3.3.1 libogg-debugsource-1.3.2-150000.3.4.1 libogg-devel-1.3.2-150000.3.4.1 libogg0-1.3.2-150000.3.4.1 libogg0-debuginfo-1.3.2-150000.3.4.1 libtheora-debugsource-1.1.1-150000.3.3.1 libtheora-devel-1.1.1-150000.3.3.1 libtheora0-1.1.1-150000.3.3.1 libtheora0-debuginfo-1.1.1-150000.3.3.1 libtheoradec1-1.1.1-150000.3.3.1 libtheoradec1-debuginfo-1.1.1-150000.3.3.1 libtheoraenc1-1.1.1-150000.3.3.1 libtheoraenc1-debuginfo-1.1.1-150000.3.3.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): celt-0.11.3-150000.3.3.1 celt-debuginfo-0.11.3-150000.3.3.1 celt-debugsource-0.11.3-150000.3.3.1 jack-debuginfo-1.9.12-150000.3.3.1 jack-debugsource-1.9.12-150000.3.3.1 libcelt-devel-0.11.3-150000.3.3.1 libcelt0-2-0.11.3-150000.3.3.1 libcelt0-2-debuginfo-0.11.3-150000.3.3.1 libjack-devel-1.9.12-150000.3.3.1 libjack0-1.9.12-150000.3.3.1 libjack0-debuginfo-1.9.12-150000.3.3.1 libjacknet0-1.9.12-150000.3.3.1 libjacknet0-debuginfo-1.9.12-150000.3.3.1 libjackserver0-1.9.12-150000.3.3.1 libjackserver0-debuginfo-1.9.12-150000.3.3.1 libogg-debugsource-1.3.2-150000.3.4.1 libogg-devel-1.3.2-150000.3.4.1 libogg0-1.3.2-150000.3.4.1 libogg0-debuginfo-1.3.2-150000.3.4.1 libtheora-debugsource-1.1.1-150000.3.3.1 libtheora-devel-1.1.1-150000.3.3.1 libtheora0-1.1.1-150000.3.3.1 libtheora0-debuginfo-1.1.1-150000.3.3.1 libtheoradec1-1.1.1-150000.3.3.1 libtheoradec1-debuginfo-1.1.1-150000.3.3.1 libtheoraenc1-1.1.1-150000.3.3.1 libtheoraenc1-debuginfo-1.1.1-150000.3.3.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (x86_64): libcelt0-2-32bit-0.11.3-150000.3.3.1 libcelt0-2-32bit-debuginfo-0.11.3-150000.3.3.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): celt-0.11.3-150000.3.3.1 celt-debuginfo-0.11.3-150000.3.3.1 celt-debugsource-0.11.3-150000.3.3.1 jack-debuginfo-1.9.12-150000.3.3.1 jack-debugsource-1.9.12-150000.3.3.1 libcelt-devel-0.11.3-150000.3.3.1 libcelt0-2-0.11.3-150000.3.3.1 libcelt0-2-debuginfo-0.11.3-150000.3.3.1 libjack-devel-1.9.12-150000.3.3.1 libjack0-1.9.12-150000.3.3.1 libjack0-debuginfo-1.9.12-150000.3.3.1 libjacknet0-1.9.12-150000.3.3.1 libjacknet0-debuginfo-1.9.12-150000.3.3.1 libjackserver0-1.9.12-150000.3.3.1 libjackserver0-debuginfo-1.9.12-150000.3.3.1 libogg-debugsource-1.3.2-150000.3.4.1 libogg-devel-1.3.2-150000.3.4.1 libogg0-1.3.2-150000.3.4.1 libogg0-debuginfo-1.3.2-150000.3.4.1 libtheora-debugsource-1.1.1-150000.3.3.1 libtheora-devel-1.1.1-150000.3.3.1 libtheora0-1.1.1-150000.3.3.1 libtheora0-debuginfo-1.1.1-150000.3.3.1 libtheoradec1-1.1.1-150000.3.3.1 libtheoradec1-debuginfo-1.1.1-150000.3.3.1 libtheoraenc1-1.1.1-150000.3.3.1 libtheoraenc1-debuginfo-1.1.1-150000.3.3.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (x86_64): libcelt0-2-32bit-0.11.3-150000.3.3.1 libcelt0-2-32bit-debuginfo-0.11.3-150000.3.3.1 libjack0-32bit-1.9.12-150000.3.3.1 libjack0-32bit-debuginfo-1.9.12-150000.3.3.1 libogg0-32bit-1.3.2-150000.3.4.1 libogg0-32bit-debuginfo-1.3.2-150000.3.4.1 libtheora0-32bit-1.1.1-150000.3.3.1 libtheora0-32bit-debuginfo-1.1.1-150000.3.3.1 libtheoradec1-32bit-1.1.1-150000.3.3.1 libtheoradec1-32bit-debuginfo-1.1.1-150000.3.3.1 libtheoraenc1-32bit-1.1.1-150000.3.3.1 libtheoraenc1-32bit-debuginfo-1.1.1-150000.3.3.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): celt-0.11.3-150000.3.3.1 celt-debuginfo-0.11.3-150000.3.3.1 celt-debugsource-0.11.3-150000.3.3.1 jack-debuginfo-1.9.12-150000.3.3.1 jack-debugsource-1.9.12-150000.3.3.1 libcelt-devel-0.11.3-150000.3.3.1 libcelt0-2-0.11.3-150000.3.3.1 libcelt0-2-debuginfo-0.11.3-150000.3.3.1 libjack0-1.9.12-150000.3.3.1 libjack0-debuginfo-1.9.12-150000.3.3.1 libogg-debugsource-1.3.2-150000.3.4.1 libogg-devel-1.3.2-150000.3.4.1 libogg0-1.3.2-150000.3.4.1 libogg0-debuginfo-1.3.2-150000.3.4.1 libtheora-debugsource-1.1.1-150000.3.3.1 libtheora-devel-1.1.1-150000.3.3.1 libtheora0-1.1.1-150000.3.3.1 libtheora0-debuginfo-1.1.1-150000.3.3.1 libtheoradec1-1.1.1-150000.3.3.1 libtheoradec1-debuginfo-1.1.1-150000.3.3.1 libtheoraenc1-1.1.1-150000.3.3.1 libtheoraenc1-debuginfo-1.1.1-150000.3.3.1 - SUSE Linux Enterprise Server for SAP 15 (x86_64): libcelt0-2-32bit-0.11.3-150000.3.3.1 libcelt0-2-32bit-debuginfo-0.11.3-150000.3.3.1 libjack0-32bit-1.9.12-150000.3.3.1 libjack0-32bit-debuginfo-1.9.12-150000.3.3.1 libogg0-32bit-1.3.2-150000.3.4.1 libogg0-32bit-debuginfo-1.3.2-150000.3.4.1 libtheora0-32bit-1.1.1-150000.3.3.1 libtheora0-32bit-debuginfo-1.1.1-150000.3.3.1 libtheoradec1-32bit-1.1.1-150000.3.3.1 libtheoradec1-32bit-debuginfo-1.1.1-150000.3.3.1 libtheoraenc1-32bit-1.1.1-150000.3.3.1 libtheoraenc1-32bit-debuginfo-1.1.1-150000.3.3.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): celt-0.11.3-150000.3.3.1 celt-debuginfo-0.11.3-150000.3.3.1 celt-debugsource-0.11.3-150000.3.3.1 jack-debuginfo-1.9.12-150000.3.3.1 jack-debugsource-1.9.12-150000.3.3.1 libcelt-devel-0.11.3-150000.3.3.1 libcelt0-2-0.11.3-150000.3.3.1 libcelt0-2-debuginfo-0.11.3-150000.3.3.1 libjack-devel-1.9.12-150000.3.3.1 libjack0-1.9.12-150000.3.3.1 libjack0-debuginfo-1.9.12-150000.3.3.1 libjacknet0-1.9.12-150000.3.3.1 libjacknet0-debuginfo-1.9.12-150000.3.3.1 libjackserver0-1.9.12-150000.3.3.1 libjackserver0-debuginfo-1.9.12-150000.3.3.1 libogg-debugsource-1.3.2-150000.3.4.1 libogg-devel-1.3.2-150000.3.4.1 libogg0-1.3.2-150000.3.4.1 libogg0-debuginfo-1.3.2-150000.3.4.1 libtheora-debugsource-1.1.1-150000.3.3.1 libtheora-devel-1.1.1-150000.3.3.1 libtheora0-1.1.1-150000.3.3.1 libtheora0-debuginfo-1.1.1-150000.3.3.1 libtheoradec1-1.1.1-150000.3.3.1 libtheoradec1-debuginfo-1.1.1-150000.3.3.1 libtheoraenc1-1.1.1-150000.3.3.1 libtheoraenc1-debuginfo-1.1.1-150000.3.3.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (x86_64): libcelt0-2-32bit-0.11.3-150000.3.3.1 libcelt0-2-32bit-debuginfo-0.11.3-150000.3.3.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): celt-0.11.3-150000.3.3.1 celt-debuginfo-0.11.3-150000.3.3.1 celt-debugsource-0.11.3-150000.3.3.1 jack-debuginfo-1.9.12-150000.3.3.1 jack-debugsource-1.9.12-150000.3.3.1 libcelt-devel-0.11.3-150000.3.3.1 libcelt0-2-0.11.3-150000.3.3.1 libcelt0-2-32bit-0.11.3-150000.3.3.1 libcelt0-2-32bit-debuginfo-0.11.3-150000.3.3.1 libcelt0-2-debuginfo-0.11.3-150000.3.3.1 libjack-devel-1.9.12-150000.3.3.1 libjack0-1.9.12-150000.3.3.1 libjack0-debuginfo-1.9.12-150000.3.3.1 libjacknet0-1.9.12-150000.3.3.1 libjacknet0-debuginfo-1.9.12-150000.3.3.1 libjackserver0-1.9.12-150000.3.3.1 libjackserver0-debuginfo-1.9.12-150000.3.3.1 libogg-debugsource-1.3.2-150000.3.4.1 libogg-devel-1.3.2-150000.3.4.1 libogg0-1.3.2-150000.3.4.1 libogg0-debuginfo-1.3.2-150000.3.4.1 libtheora-debugsource-1.1.1-150000.3.3.1 libtheora-devel-1.1.1-150000.3.3.1 libtheora0-1.1.1-150000.3.3.1 libtheora0-debuginfo-1.1.1-150000.3.3.1 libtheoradec1-1.1.1-150000.3.3.1 libtheoradec1-debuginfo-1.1.1-150000.3.3.1 libtheoraenc1-1.1.1-150000.3.3.1 libtheoraenc1-debuginfo-1.1.1-150000.3.3.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): celt-0.11.3-150000.3.3.1 celt-debuginfo-0.11.3-150000.3.3.1 celt-debugsource-0.11.3-150000.3.3.1 jack-debuginfo-1.9.12-150000.3.3.1 jack-debugsource-1.9.12-150000.3.3.1 libcelt-devel-0.11.3-150000.3.3.1 libcelt0-2-0.11.3-150000.3.3.1 libcelt0-2-debuginfo-0.11.3-150000.3.3.1 libjack-devel-1.9.12-150000.3.3.1 libjack0-1.9.12-150000.3.3.1 libjack0-debuginfo-1.9.12-150000.3.3.1 libjacknet0-1.9.12-150000.3.3.1 libjacknet0-debuginfo-1.9.12-150000.3.3.1 libjackserver0-1.9.12-150000.3.3.1 libjackserver0-debuginfo-1.9.12-150000.3.3.1 libogg-debugsource-1.3.2-150000.3.4.1 libogg-devel-1.3.2-150000.3.4.1 libogg0-1.3.2-150000.3.4.1 libogg0-debuginfo-1.3.2-150000.3.4.1 libtheora-debugsource-1.1.1-150000.3.3.1 libtheora-devel-1.1.1-150000.3.3.1 libtheora0-1.1.1-150000.3.3.1 libtheora0-debuginfo-1.1.1-150000.3.3.1 libtheoradec1-1.1.1-150000.3.3.1 libtheoradec1-debuginfo-1.1.1-150000.3.3.1 libtheoraenc1-1.1.1-150000.3.3.1 libtheoraenc1-debuginfo-1.1.1-150000.3.3.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (x86_64): libcelt0-2-32bit-0.11.3-150000.3.3.1 libcelt0-2-32bit-debuginfo-0.11.3-150000.3.3.1 libjack0-32bit-1.9.12-150000.3.3.1 libjack0-32bit-debuginfo-1.9.12-150000.3.3.1 libogg0-32bit-1.3.2-150000.3.4.1 libogg0-32bit-debuginfo-1.3.2-150000.3.4.1 libtheora0-32bit-1.1.1-150000.3.3.1 libtheora0-32bit-debuginfo-1.1.1-150000.3.3.1 libtheoradec1-32bit-1.1.1-150000.3.3.1 libtheoradec1-32bit-debuginfo-1.1.1-150000.3.3.1 libtheoraenc1-32bit-1.1.1-150000.3.3.1 libtheoraenc1-32bit-debuginfo-1.1.1-150000.3.3.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): celt-0.11.3-150000.3.3.1 celt-debuginfo-0.11.3-150000.3.3.1 celt-debugsource-0.11.3-150000.3.3.1 jack-debuginfo-1.9.12-150000.3.3.1 jack-debugsource-1.9.12-150000.3.3.1 libcelt-devel-0.11.3-150000.3.3.1 libcelt0-2-0.11.3-150000.3.3.1 libcelt0-2-32bit-0.11.3-150000.3.3.1 libcelt0-2-32bit-debuginfo-0.11.3-150000.3.3.1 libcelt0-2-debuginfo-0.11.3-150000.3.3.1 libjack-devel-1.9.12-150000.3.3.1 libjack0-1.9.12-150000.3.3.1 libjack0-32bit-1.9.12-150000.3.3.1 libjack0-32bit-debuginfo-1.9.12-150000.3.3.1 libjack0-debuginfo-1.9.12-150000.3.3.1 libjacknet0-1.9.12-150000.3.3.1 libjacknet0-debuginfo-1.9.12-150000.3.3.1 libjackserver0-1.9.12-150000.3.3.1 libjackserver0-debuginfo-1.9.12-150000.3.3.1 libogg-debugsource-1.3.2-150000.3.4.1 libogg-devel-1.3.2-150000.3.4.1 libogg0-1.3.2-150000.3.4.1 libogg0-32bit-1.3.2-150000.3.4.1 libogg0-32bit-debuginfo-1.3.2-150000.3.4.1 libogg0-debuginfo-1.3.2-150000.3.4.1 libtheora-debugsource-1.1.1-150000.3.3.1 libtheora-devel-1.1.1-150000.3.3.1 libtheora0-1.1.1-150000.3.3.1 libtheora0-32bit-1.1.1-150000.3.3.1 libtheora0-32bit-debuginfo-1.1.1-150000.3.3.1 libtheora0-debuginfo-1.1.1-150000.3.3.1 libtheoradec1-1.1.1-150000.3.3.1 libtheoradec1-32bit-1.1.1-150000.3.3.1 libtheoradec1-32bit-debuginfo-1.1.1-150000.3.3.1 libtheoradec1-debuginfo-1.1.1-150000.3.3.1 libtheoraenc1-1.1.1-150000.3.3.1 libtheoraenc1-32bit-1.1.1-150000.3.3.1 libtheoraenc1-32bit-debuginfo-1.1.1-150000.3.3.1 libtheoraenc1-debuginfo-1.1.1-150000.3.3.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): celt-0.11.3-150000.3.3.1 celt-debuginfo-0.11.3-150000.3.3.1 celt-debugsource-0.11.3-150000.3.3.1 jack-debuginfo-1.9.12-150000.3.3.1 jack-debugsource-1.9.12-150000.3.3.1 libcelt-devel-0.11.3-150000.3.3.1 libcelt0-2-0.11.3-150000.3.3.1 libcelt0-2-debuginfo-0.11.3-150000.3.3.1 libjack0-1.9.12-150000.3.3.1 libjack0-debuginfo-1.9.12-150000.3.3.1 libogg-debugsource-1.3.2-150000.3.4.1 libogg-devel-1.3.2-150000.3.4.1 libogg0-1.3.2-150000.3.4.1 libogg0-debuginfo-1.3.2-150000.3.4.1 libtheora-debugsource-1.1.1-150000.3.3.1 libtheora-devel-1.1.1-150000.3.3.1 libtheora0-1.1.1-150000.3.3.1 libtheora0-debuginfo-1.1.1-150000.3.3.1 libtheoradec1-1.1.1-150000.3.3.1 libtheoradec1-debuginfo-1.1.1-150000.3.3.1 libtheoraenc1-1.1.1-150000.3.3.1 libtheoraenc1-debuginfo-1.1.1-150000.3.3.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 (aarch64 ppc64le s390x x86_64): jack-1.9.12-150000.3.3.1 jack-debuginfo-1.9.12-150000.3.3.1 jack-debugsource-1.9.12-150000.3.3.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 (x86_64): libogg-debugsource-1.3.2-150000.3.4.1 libogg0-32bit-1.3.2-150000.3.4.1 libogg0-32bit-debuginfo-1.3.2-150000.3.4.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (aarch64 ppc64le s390x x86_64): jack-1.9.12-150000.3.3.1 jack-debuginfo-1.9.12-150000.3.3.1 jack-debugsource-1.9.12-150000.3.3.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (aarch64 ppc64le s390x): libcelt0-2-0.11.3-150000.3.3.1 libcelt0-2-debuginfo-0.11.3-150000.3.3.1 libogg0-1.3.2-150000.3.4.1 libogg0-debuginfo-1.3.2-150000.3.4.1 libtheora0-1.1.1-150000.3.3.1 libtheora0-debuginfo-1.1.1-150000.3.3.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (x86_64): libogg-debugsource-1.3.2-150000.3.4.1 libogg0-32bit-1.3.2-150000.3.4.1 libogg0-32bit-debuginfo-1.3.2-150000.3.4.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4 (aarch64 ppc64le s390x x86_64): celt-0.11.3-150000.3.3.1 celt-debuginfo-0.11.3-150000.3.3.1 celt-debugsource-0.11.3-150000.3.3.1 jack-debuginfo-1.9.12-150000.3.3.1 jack-debugsource-1.9.12-150000.3.3.1 libcelt-devel-0.11.3-150000.3.3.1 libcelt0-2-0.11.3-150000.3.3.1 libcelt0-2-debuginfo-0.11.3-150000.3.3.1 libjack-devel-1.9.12-150000.3.3.1 libjack0-1.9.12-150000.3.3.1 libjack0-debuginfo-1.9.12-150000.3.3.1 libjacknet0-1.9.12-150000.3.3.1 libjacknet0-debuginfo-1.9.12-150000.3.3.1 libjackserver0-1.9.12-150000.3.3.1 libjackserver0-debuginfo-1.9.12-150000.3.3.1 libtheora-debugsource-1.1.1-150000.3.3.1 libtheora-devel-1.1.1-150000.3.3.1 libtheora0-1.1.1-150000.3.3.1 libtheora0-debuginfo-1.1.1-150000.3.3.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (aarch64 ppc64le s390x x86_64): celt-0.11.3-150000.3.3.1 celt-debuginfo-0.11.3-150000.3.3.1 celt-debugsource-0.11.3-150000.3.3.1 jack-debuginfo-1.9.12-150000.3.3.1 jack-debugsource-1.9.12-150000.3.3.1 libcelt-devel-0.11.3-150000.3.3.1 libcelt0-2-0.11.3-150000.3.3.1 libcelt0-2-debuginfo-0.11.3-150000.3.3.1 libjack-devel-1.9.12-150000.3.3.1 libjack0-1.9.12-150000.3.3.1 libjack0-debuginfo-1.9.12-150000.3.3.1 libjacknet0-1.9.12-150000.3.3.1 libjacknet0-debuginfo-1.9.12-150000.3.3.1 libjackserver0-1.9.12-150000.3.3.1 libjackserver0-debuginfo-1.9.12-150000.3.3.1 libtheora-debugsource-1.1.1-150000.3.3.1 libtheora-devel-1.1.1-150000.3.3.1 libtheora0-1.1.1-150000.3.3.1 libtheora0-debuginfo-1.1.1-150000.3.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): libogg-debugsource-1.3.2-150000.3.4.1 libogg-devel-1.3.2-150000.3.4.1 libogg0-1.3.2-150000.3.4.1 libogg0-debuginfo-1.3.2-150000.3.4.1 libtheora-debugsource-1.1.1-150000.3.3.1 libtheoradec1-1.1.1-150000.3.3.1 libtheoradec1-debuginfo-1.1.1-150000.3.3.1 libtheoraenc1-1.1.1-150000.3.3.1 libtheoraenc1-debuginfo-1.1.1-150000.3.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): libogg-debugsource-1.3.2-150000.3.4.1 libogg-devel-1.3.2-150000.3.4.1 libogg0-1.3.2-150000.3.4.1 libogg0-debuginfo-1.3.2-150000.3.4.1 libtheora-debugsource-1.1.1-150000.3.3.1 libtheoradec1-1.1.1-150000.3.3.1 libtheoradec1-debuginfo-1.1.1-150000.3.3.1 libtheoraenc1-1.1.1-150000.3.3.1 libtheoraenc1-debuginfo-1.1.1-150000.3.3.1 - SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64): libogg-debugsource-1.3.2-150000.3.4.1 libogg0-1.3.2-150000.3.4.1 libogg0-debuginfo-1.3.2-150000.3.4.1 libtheora-debugsource-1.1.1-150000.3.3.1 libtheoradec1-1.1.1-150000.3.3.1 libtheoradec1-debuginfo-1.1.1-150000.3.3.1 libtheoraenc1-1.1.1-150000.3.3.1 libtheoraenc1-debuginfo-1.1.1-150000.3.3.1 - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): libogg-debugsource-1.3.2-150000.3.4.1 libogg0-1.3.2-150000.3.4.1 libogg0-debuginfo-1.3.2-150000.3.4.1 libtheora-debugsource-1.1.1-150000.3.3.1 libtheoradec1-1.1.1-150000.3.3.1 libtheoradec1-debuginfo-1.1.1-150000.3.3.1 libtheoraenc1-1.1.1-150000.3.3.1 libtheoraenc1-debuginfo-1.1.1-150000.3.3.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): celt-0.11.3-150000.3.3.1 celt-debuginfo-0.11.3-150000.3.3.1 celt-debugsource-0.11.3-150000.3.3.1 jack-debuginfo-1.9.12-150000.3.3.1 jack-debugsource-1.9.12-150000.3.3.1 libcelt-devel-0.11.3-150000.3.3.1 libcelt0-2-0.11.3-150000.3.3.1 libcelt0-2-debuginfo-0.11.3-150000.3.3.1 libjack-devel-1.9.12-150000.3.3.1 libjack0-1.9.12-150000.3.3.1 libjack0-debuginfo-1.9.12-150000.3.3.1 libjacknet0-1.9.12-150000.3.3.1 libjacknet0-debuginfo-1.9.12-150000.3.3.1 libjackserver0-1.9.12-150000.3.3.1 libjackserver0-debuginfo-1.9.12-150000.3.3.1 libogg-debugsource-1.3.2-150000.3.4.1 libogg-devel-1.3.2-150000.3.4.1 libogg0-1.3.2-150000.3.4.1 libogg0-debuginfo-1.3.2-150000.3.4.1 libtheora-debugsource-1.1.1-150000.3.3.1 libtheora-devel-1.1.1-150000.3.3.1 libtheora0-1.1.1-150000.3.3.1 libtheora0-debuginfo-1.1.1-150000.3.3.1 libtheoradec1-1.1.1-150000.3.3.1 libtheoradec1-debuginfo-1.1.1-150000.3.3.1 libtheoraenc1-1.1.1-150000.3.3.1 libtheoraenc1-debuginfo-1.1.1-150000.3.3.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (x86_64): libcelt0-2-32bit-0.11.3-150000.3.3.1 libcelt0-2-32bit-debuginfo-0.11.3-150000.3.3.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): celt-0.11.3-150000.3.3.1 celt-debuginfo-0.11.3-150000.3.3.1 celt-debugsource-0.11.3-150000.3.3.1 jack-debuginfo-1.9.12-150000.3.3.1 jack-debugsource-1.9.12-150000.3.3.1 libcelt-devel-0.11.3-150000.3.3.1 libcelt0-2-0.11.3-150000.3.3.1 libcelt0-2-debuginfo-0.11.3-150000.3.3.1 libjack-devel-1.9.12-150000.3.3.1 libjack0-1.9.12-150000.3.3.1 libjack0-debuginfo-1.9.12-150000.3.3.1 libjacknet0-1.9.12-150000.3.3.1 libjacknet0-debuginfo-1.9.12-150000.3.3.1 libjackserver0-1.9.12-150000.3.3.1 libjackserver0-debuginfo-1.9.12-150000.3.3.1 libogg-debugsource-1.3.2-150000.3.4.1 libogg-devel-1.3.2-150000.3.4.1 libogg0-1.3.2-150000.3.4.1 libogg0-debuginfo-1.3.2-150000.3.4.1 libtheora-debugsource-1.1.1-150000.3.3.1 libtheora-devel-1.1.1-150000.3.3.1 libtheora0-1.1.1-150000.3.3.1 libtheora0-debuginfo-1.1.1-150000.3.3.1 libtheoradec1-1.1.1-150000.3.3.1 libtheoradec1-debuginfo-1.1.1-150000.3.3.1 libtheoraenc1-1.1.1-150000.3.3.1 libtheoraenc1-debuginfo-1.1.1-150000.3.3.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (x86_64): libcelt0-2-32bit-0.11.3-150000.3.3.1 libcelt0-2-32bit-debuginfo-0.11.3-150000.3.3.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): celt-0.11.3-150000.3.3.1 celt-debuginfo-0.11.3-150000.3.3.1 celt-debugsource-0.11.3-150000.3.3.1 jack-debuginfo-1.9.12-150000.3.3.1 jack-debugsource-1.9.12-150000.3.3.1 libcelt-devel-0.11.3-150000.3.3.1 libcelt0-2-0.11.3-150000.3.3.1 libcelt0-2-debuginfo-0.11.3-150000.3.3.1 libjack-devel-1.9.12-150000.3.3.1 libjack0-1.9.12-150000.3.3.1 libjack0-debuginfo-1.9.12-150000.3.3.1 libjacknet0-1.9.12-150000.3.3.1 libjacknet0-debuginfo-1.9.12-150000.3.3.1 libjackserver0-1.9.12-150000.3.3.1 libjackserver0-debuginfo-1.9.12-150000.3.3.1 libogg-debugsource-1.3.2-150000.3.4.1 libogg-devel-1.3.2-150000.3.4.1 libogg0-1.3.2-150000.3.4.1 libogg0-debuginfo-1.3.2-150000.3.4.1 libtheora-debugsource-1.1.1-150000.3.3.1 libtheora-devel-1.1.1-150000.3.3.1 libtheora0-1.1.1-150000.3.3.1 libtheora0-debuginfo-1.1.1-150000.3.3.1 libtheoradec1-1.1.1-150000.3.3.1 libtheoradec1-debuginfo-1.1.1-150000.3.3.1 libtheoraenc1-1.1.1-150000.3.3.1 libtheoraenc1-debuginfo-1.1.1-150000.3.3.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (x86_64): libcelt0-2-32bit-0.11.3-150000.3.3.1 libcelt0-2-32bit-debuginfo-0.11.3-150000.3.3.1 libjack0-32bit-1.9.12-150000.3.3.1 libjack0-32bit-debuginfo-1.9.12-150000.3.3.1 libogg0-32bit-1.3.2-150000.3.4.1 libogg0-32bit-debuginfo-1.3.2-150000.3.4.1 libtheora0-32bit-1.1.1-150000.3.3.1 libtheora0-32bit-debuginfo-1.1.1-150000.3.3.1 libtheoradec1-32bit-1.1.1-150000.3.3.1 libtheoradec1-32bit-debuginfo-1.1.1-150000.3.3.1 libtheoraenc1-32bit-1.1.1-150000.3.3.1 libtheoraenc1-32bit-debuginfo-1.1.1-150000.3.3.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): celt-0.11.3-150000.3.3.1 celt-debuginfo-0.11.3-150000.3.3.1 celt-debugsource-0.11.3-150000.3.3.1 jack-debuginfo-1.9.12-150000.3.3.1 jack-debugsource-1.9.12-150000.3.3.1 libcelt-devel-0.11.3-150000.3.3.1 libcelt0-2-0.11.3-150000.3.3.1 libcelt0-2-debuginfo-0.11.3-150000.3.3.1 libjack-devel-1.9.12-150000.3.3.1 libjack0-1.9.12-150000.3.3.1 libjack0-debuginfo-1.9.12-150000.3.3.1 libjacknet0-1.9.12-150000.3.3.1 libjacknet0-debuginfo-1.9.12-150000.3.3.1 libjackserver0-1.9.12-150000.3.3.1 libjackserver0-debuginfo-1.9.12-150000.3.3.1 libogg-debugsource-1.3.2-150000.3.4.1 libogg-devel-1.3.2-150000.3.4.1 libogg0-1.3.2-150000.3.4.1 libogg0-debuginfo-1.3.2-150000.3.4.1 libtheora-debugsource-1.1.1-150000.3.3.1 libtheora-devel-1.1.1-150000.3.3.1 libtheora0-1.1.1-150000.3.3.1 libtheora0-debuginfo-1.1.1-150000.3.3.1 libtheoradec1-1.1.1-150000.3.3.1 libtheoradec1-debuginfo-1.1.1-150000.3.3.1 libtheoraenc1-1.1.1-150000.3.3.1 libtheoraenc1-debuginfo-1.1.1-150000.3.3.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (x86_64): libcelt0-2-32bit-0.11.3-150000.3.3.1 libcelt0-2-32bit-debuginfo-0.11.3-150000.3.3.1 libjack0-32bit-1.9.12-150000.3.3.1 libjack0-32bit-debuginfo-1.9.12-150000.3.3.1 libogg0-32bit-1.3.2-150000.3.4.1 libogg0-32bit-debuginfo-1.3.2-150000.3.4.1 libtheora0-32bit-1.1.1-150000.3.3.1 libtheora0-32bit-debuginfo-1.1.1-150000.3.3.1 libtheoradec1-32bit-1.1.1-150000.3.3.1 libtheoradec1-32bit-debuginfo-1.1.1-150000.3.3.1 libtheoraenc1-32bit-1.1.1-150000.3.3.1 libtheoraenc1-32bit-debuginfo-1.1.1-150000.3.3.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): celt-0.11.3-150000.3.3.1 celt-debuginfo-0.11.3-150000.3.3.1 celt-debugsource-0.11.3-150000.3.3.1 jack-debuginfo-1.9.12-150000.3.3.1 jack-debugsource-1.9.12-150000.3.3.1 libcelt-devel-0.11.3-150000.3.3.1 libcelt0-2-0.11.3-150000.3.3.1 libcelt0-2-debuginfo-0.11.3-150000.3.3.1 libjack0-1.9.12-150000.3.3.1 libjack0-debuginfo-1.9.12-150000.3.3.1 libogg-debugsource-1.3.2-150000.3.4.1 libogg-devel-1.3.2-150000.3.4.1 libogg0-1.3.2-150000.3.4.1 libogg0-debuginfo-1.3.2-150000.3.4.1 libtheora-debugsource-1.1.1-150000.3.3.1 libtheora-devel-1.1.1-150000.3.3.1 libtheora0-1.1.1-150000.3.3.1 libtheora0-debuginfo-1.1.1-150000.3.3.1 libtheoradec1-1.1.1-150000.3.3.1 libtheoradec1-debuginfo-1.1.1-150000.3.3.1 libtheoraenc1-1.1.1-150000.3.3.1 libtheoraenc1-debuginfo-1.1.1-150000.3.3.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (x86_64): libcelt0-2-32bit-0.11.3-150000.3.3.1 libcelt0-2-32bit-debuginfo-0.11.3-150000.3.3.1 libjack0-32bit-1.9.12-150000.3.3.1 libjack0-32bit-debuginfo-1.9.12-150000.3.3.1 libogg0-32bit-1.3.2-150000.3.4.1 libogg0-32bit-debuginfo-1.3.2-150000.3.4.1 libtheora0-32bit-1.1.1-150000.3.3.1 libtheora0-32bit-debuginfo-1.1.1-150000.3.3.1 libtheoradec1-32bit-1.1.1-150000.3.3.1 libtheoradec1-32bit-debuginfo-1.1.1-150000.3.3.1 libtheoraenc1-32bit-1.1.1-150000.3.3.1 libtheoraenc1-32bit-debuginfo-1.1.1-150000.3.3.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): celt-0.11.3-150000.3.3.1 celt-debuginfo-0.11.3-150000.3.3.1 celt-debugsource-0.11.3-150000.3.3.1 jack-debuginfo-1.9.12-150000.3.3.1 jack-debugsource-1.9.12-150000.3.3.1 libcelt-devel-0.11.3-150000.3.3.1 libcelt0-2-0.11.3-150000.3.3.1 libcelt0-2-debuginfo-0.11.3-150000.3.3.1 libjack0-1.9.12-150000.3.3.1 libjack0-debuginfo-1.9.12-150000.3.3.1 libogg-debugsource-1.3.2-150000.3.4.1 libogg-devel-1.3.2-150000.3.4.1 libogg0-1.3.2-150000.3.4.1 libogg0-debuginfo-1.3.2-150000.3.4.1 libtheora-debugsource-1.1.1-150000.3.3.1 libtheora-devel-1.1.1-150000.3.3.1 libtheora0-1.1.1-150000.3.3.1 libtheora0-debuginfo-1.1.1-150000.3.3.1 libtheoradec1-1.1.1-150000.3.3.1 libtheoradec1-debuginfo-1.1.1-150000.3.3.1 libtheoraenc1-1.1.1-150000.3.3.1 libtheoraenc1-debuginfo-1.1.1-150000.3.3.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (x86_64): libcelt0-2-32bit-0.11.3-150000.3.3.1 libcelt0-2-32bit-debuginfo-0.11.3-150000.3.3.1 libjack0-32bit-1.9.12-150000.3.3.1 libjack0-32bit-debuginfo-1.9.12-150000.3.3.1 libogg0-32bit-1.3.2-150000.3.4.1 libogg0-32bit-debuginfo-1.3.2-150000.3.4.1 libtheora0-32bit-1.1.1-150000.3.3.1 libtheora0-32bit-debuginfo-1.1.1-150000.3.3.1 libtheoradec1-32bit-1.1.1-150000.3.3.1 libtheoradec1-32bit-debuginfo-1.1.1-150000.3.3.1 libtheoraenc1-32bit-1.1.1-150000.3.3.1 libtheoraenc1-32bit-debuginfo-1.1.1-150000.3.3.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): celt-0.11.3-150000.3.3.1 celt-debuginfo-0.11.3-150000.3.3.1 celt-debugsource-0.11.3-150000.3.3.1 jack-debuginfo-1.9.12-150000.3.3.1 jack-debugsource-1.9.12-150000.3.3.1 libcelt-devel-0.11.3-150000.3.3.1 libcelt0-2-0.11.3-150000.3.3.1 libcelt0-2-debuginfo-0.11.3-150000.3.3.1 libjack-devel-1.9.12-150000.3.3.1 libjack0-1.9.12-150000.3.3.1 libjack0-debuginfo-1.9.12-150000.3.3.1 libjacknet0-1.9.12-150000.3.3.1 libjacknet0-debuginfo-1.9.12-150000.3.3.1 libjackserver0-1.9.12-150000.3.3.1 libjackserver0-debuginfo-1.9.12-150000.3.3.1 libogg-debugsource-1.3.2-150000.3.4.1 libogg-devel-1.3.2-150000.3.4.1 libogg0-1.3.2-150000.3.4.1 libogg0-debuginfo-1.3.2-150000.3.4.1 libtheora-debugsource-1.1.1-150000.3.3.1 libtheora-devel-1.1.1-150000.3.3.1 libtheora0-1.1.1-150000.3.3.1 libtheora0-debuginfo-1.1.1-150000.3.3.1 libtheoradec1-1.1.1-150000.3.3.1 libtheoradec1-debuginfo-1.1.1-150000.3.3.1 libtheoraenc1-1.1.1-150000.3.3.1 libtheoraenc1-debuginfo-1.1.1-150000.3.3.1 - SUSE Enterprise Storage 7 (x86_64): libcelt0-2-32bit-0.11.3-150000.3.3.1 libcelt0-2-32bit-debuginfo-0.11.3-150000.3.3.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): celt-0.11.3-150000.3.3.1 celt-debuginfo-0.11.3-150000.3.3.1 celt-debugsource-0.11.3-150000.3.3.1 jack-debuginfo-1.9.12-150000.3.3.1 jack-debugsource-1.9.12-150000.3.3.1 libcelt-devel-0.11.3-150000.3.3.1 libcelt0-2-0.11.3-150000.3.3.1 libcelt0-2-debuginfo-0.11.3-150000.3.3.1 libjack-devel-1.9.12-150000.3.3.1 libjack0-1.9.12-150000.3.3.1 libjack0-debuginfo-1.9.12-150000.3.3.1 libjacknet0-1.9.12-150000.3.3.1 libjacknet0-debuginfo-1.9.12-150000.3.3.1 libjackserver0-1.9.12-150000.3.3.1 libjackserver0-debuginfo-1.9.12-150000.3.3.1 libogg-debugsource-1.3.2-150000.3.4.1 libogg-devel-1.3.2-150000.3.4.1 libogg0-1.3.2-150000.3.4.1 libogg0-debuginfo-1.3.2-150000.3.4.1 libtheora-debugsource-1.1.1-150000.3.3.1 libtheora-devel-1.1.1-150000.3.3.1 libtheora0-1.1.1-150000.3.3.1 libtheora0-debuginfo-1.1.1-150000.3.3.1 libtheoradec1-1.1.1-150000.3.3.1 libtheoradec1-debuginfo-1.1.1-150000.3.3.1 libtheoraenc1-1.1.1-150000.3.3.1 libtheoraenc1-debuginfo-1.1.1-150000.3.3.1 - SUSE Enterprise Storage 6 (x86_64): libcelt0-2-32bit-0.11.3-150000.3.3.1 libcelt0-2-32bit-debuginfo-0.11.3-150000.3.3.1 libjack0-32bit-1.9.12-150000.3.3.1 libjack0-32bit-debuginfo-1.9.12-150000.3.3.1 libogg0-32bit-1.3.2-150000.3.4.1 libogg0-32bit-debuginfo-1.3.2-150000.3.4.1 libtheora0-32bit-1.1.1-150000.3.3.1 libtheora0-32bit-debuginfo-1.1.1-150000.3.3.1 libtheoradec1-32bit-1.1.1-150000.3.3.1 libtheoradec1-32bit-debuginfo-1.1.1-150000.3.3.1 libtheoraenc1-32bit-1.1.1-150000.3.3.1 libtheoraenc1-32bit-debuginfo-1.1.1-150000.3.3.1 - SUSE CaaS Platform 4.0 (x86_64): celt-0.11.3-150000.3.3.1 celt-debuginfo-0.11.3-150000.3.3.1 celt-debugsource-0.11.3-150000.3.3.1 jack-debuginfo-1.9.12-150000.3.3.1 jack-debugsource-1.9.12-150000.3.3.1 libcelt-devel-0.11.3-150000.3.3.1 libcelt0-2-0.11.3-150000.3.3.1 libcelt0-2-32bit-0.11.3-150000.3.3.1 libcelt0-2-32bit-debuginfo-0.11.3-150000.3.3.1 libcelt0-2-debuginfo-0.11.3-150000.3.3.1 libjack-devel-1.9.12-150000.3.3.1 libjack0-1.9.12-150000.3.3.1 libjack0-32bit-1.9.12-150000.3.3.1 libjack0-32bit-debuginfo-1.9.12-150000.3.3.1 libjack0-debuginfo-1.9.12-150000.3.3.1 libjacknet0-1.9.12-150000.3.3.1 libjacknet0-debuginfo-1.9.12-150000.3.3.1 libjackserver0-1.9.12-150000.3.3.1 libjackserver0-debuginfo-1.9.12-150000.3.3.1 libogg-debugsource-1.3.2-150000.3.4.1 libogg-devel-1.3.2-150000.3.4.1 libogg0-1.3.2-150000.3.4.1 libogg0-32bit-1.3.2-150000.3.4.1 libogg0-32bit-debuginfo-1.3.2-150000.3.4.1 libogg0-debuginfo-1.3.2-150000.3.4.1 libtheora-debugsource-1.1.1-150000.3.3.1 libtheora-devel-1.1.1-150000.3.3.1 libtheora0-1.1.1-150000.3.3.1 libtheora0-32bit-1.1.1-150000.3.3.1 libtheora0-32bit-debuginfo-1.1.1-150000.3.3.1 libtheora0-debuginfo-1.1.1-150000.3.3.1 libtheoradec1-1.1.1-150000.3.3.1 libtheoradec1-32bit-1.1.1-150000.3.3.1 libtheoradec1-32bit-debuginfo-1.1.1-150000.3.3.1 libtheoradec1-debuginfo-1.1.1-150000.3.3.1 libtheoraenc1-1.1.1-150000.3.3.1 libtheoraenc1-32bit-1.1.1-150000.3.3.1 libtheoraenc1-32bit-debuginfo-1.1.1-150000.3.3.1 libtheoraenc1-debuginfo-1.1.1-150000.3.3.1 References: https://bugzilla.suse.com/1108981 https://bugzilla.suse.com/1132458 https://bugzilla.suse.com/1198925 From sle-updates at lists.suse.com Fri Oct 21 13:28:17 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 21 Oct 2022 15:28:17 +0200 (CEST) Subject: SUSE-SU-2022:3683-1: critical: Security update for libksba Message-ID: <20221021132818.095D3FBAE@maintenance.suse.de> SUSE Security Update: Security update for libksba ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3683-1 Rating: critical References: #1204357 Cross-References: CVE-2022-3515 CVSS scores: CVE-2022-3515 (SUSE): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Enterprise Storage 7 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Micro 5.3 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.1 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.1 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 openSUSE Leap Micro 5.2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for libksba fixes the following issues: - CVE-2022-3515: Fixed a possible overflow in the TLV parser (bsc#1204357). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap Micro 5.2: zypper in -t patch openSUSE-Leap-Micro-5.2-2022-3683=1 - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3683=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-3683=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-3683=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-3683=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-3683=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-3683=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-3683=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-3683=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-3683=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-3683=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-3683=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-3683=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-3683=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-3683=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-3683=1 - SUSE Linux Enterprise Micro 5.3: zypper in -t patch SUSE-SLE-Micro-5.3-2022-3683=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-3683=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-3683=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-3683=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-3683=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-3683=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-3683=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-3683=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-3683=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-3683=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-3683=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - openSUSE Leap Micro 5.2 (aarch64 x86_64): libksba-debugsource-1.3.5-150000.4.3.1 libksba8-1.3.5-150000.4.3.1 libksba8-debuginfo-1.3.5-150000.4.3.1 - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): libksba-debugsource-1.3.5-150000.4.3.1 libksba-devel-1.3.5-150000.4.3.1 libksba8-1.3.5-150000.4.3.1 libksba8-debuginfo-1.3.5-150000.4.3.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): libksba-debugsource-1.3.5-150000.4.3.1 libksba-devel-1.3.5-150000.4.3.1 libksba8-1.3.5-150000.4.3.1 libksba8-debuginfo-1.3.5-150000.4.3.1 - SUSE Manager Server 4.1 (ppc64le s390x x86_64): libksba-debugsource-1.3.5-150000.4.3.1 libksba-devel-1.3.5-150000.4.3.1 libksba8-1.3.5-150000.4.3.1 libksba8-debuginfo-1.3.5-150000.4.3.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): libksba-debugsource-1.3.5-150000.4.3.1 libksba-devel-1.3.5-150000.4.3.1 libksba8-1.3.5-150000.4.3.1 libksba8-debuginfo-1.3.5-150000.4.3.1 - SUSE Manager Proxy 4.1 (x86_64): libksba-debugsource-1.3.5-150000.4.3.1 libksba-devel-1.3.5-150000.4.3.1 libksba8-1.3.5-150000.4.3.1 libksba8-debuginfo-1.3.5-150000.4.3.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): libksba-debugsource-1.3.5-150000.4.3.1 libksba-devel-1.3.5-150000.4.3.1 libksba8-1.3.5-150000.4.3.1 libksba8-debuginfo-1.3.5-150000.4.3.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): libksba-debugsource-1.3.5-150000.4.3.1 libksba-devel-1.3.5-150000.4.3.1 libksba8-1.3.5-150000.4.3.1 libksba8-debuginfo-1.3.5-150000.4.3.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): libksba-debugsource-1.3.5-150000.4.3.1 libksba-devel-1.3.5-150000.4.3.1 libksba8-1.3.5-150000.4.3.1 libksba8-debuginfo-1.3.5-150000.4.3.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): libksba-debugsource-1.3.5-150000.4.3.1 libksba-devel-1.3.5-150000.4.3.1 libksba8-1.3.5-150000.4.3.1 libksba8-debuginfo-1.3.5-150000.4.3.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): libksba-debugsource-1.3.5-150000.4.3.1 libksba-devel-1.3.5-150000.4.3.1 libksba8-1.3.5-150000.4.3.1 libksba8-debuginfo-1.3.5-150000.4.3.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): libksba-debugsource-1.3.5-150000.4.3.1 libksba-devel-1.3.5-150000.4.3.1 libksba8-1.3.5-150000.4.3.1 libksba8-debuginfo-1.3.5-150000.4.3.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): libksba-debugsource-1.3.5-150000.4.3.1 libksba-devel-1.3.5-150000.4.3.1 libksba8-1.3.5-150000.4.3.1 libksba8-debuginfo-1.3.5-150000.4.3.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): libksba-debugsource-1.3.5-150000.4.3.1 libksba-devel-1.3.5-150000.4.3.1 libksba8-1.3.5-150000.4.3.1 libksba8-debuginfo-1.3.5-150000.4.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): libksba-debugsource-1.3.5-150000.4.3.1 libksba-devel-1.3.5-150000.4.3.1 libksba8-1.3.5-150000.4.3.1 libksba8-debuginfo-1.3.5-150000.4.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): libksba-debugsource-1.3.5-150000.4.3.1 libksba-devel-1.3.5-150000.4.3.1 libksba8-1.3.5-150000.4.3.1 libksba8-debuginfo-1.3.5-150000.4.3.1 - SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64): libksba-debugsource-1.3.5-150000.4.3.1 libksba8-1.3.5-150000.4.3.1 libksba8-debuginfo-1.3.5-150000.4.3.1 - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): libksba-debugsource-1.3.5-150000.4.3.1 libksba8-1.3.5-150000.4.3.1 libksba8-debuginfo-1.3.5-150000.4.3.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): libksba-debugsource-1.3.5-150000.4.3.1 libksba8-1.3.5-150000.4.3.1 libksba8-debuginfo-1.3.5-150000.4.3.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): libksba-debugsource-1.3.5-150000.4.3.1 libksba-devel-1.3.5-150000.4.3.1 libksba8-1.3.5-150000.4.3.1 libksba8-debuginfo-1.3.5-150000.4.3.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): libksba-debugsource-1.3.5-150000.4.3.1 libksba-devel-1.3.5-150000.4.3.1 libksba8-1.3.5-150000.4.3.1 libksba8-debuginfo-1.3.5-150000.4.3.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): libksba-debugsource-1.3.5-150000.4.3.1 libksba-devel-1.3.5-150000.4.3.1 libksba8-1.3.5-150000.4.3.1 libksba8-debuginfo-1.3.5-150000.4.3.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): libksba-debugsource-1.3.5-150000.4.3.1 libksba-devel-1.3.5-150000.4.3.1 libksba8-1.3.5-150000.4.3.1 libksba8-debuginfo-1.3.5-150000.4.3.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): libksba-debugsource-1.3.5-150000.4.3.1 libksba-devel-1.3.5-150000.4.3.1 libksba8-1.3.5-150000.4.3.1 libksba8-debuginfo-1.3.5-150000.4.3.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): libksba-debugsource-1.3.5-150000.4.3.1 libksba-devel-1.3.5-150000.4.3.1 libksba8-1.3.5-150000.4.3.1 libksba8-debuginfo-1.3.5-150000.4.3.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): libksba-debugsource-1.3.5-150000.4.3.1 libksba-devel-1.3.5-150000.4.3.1 libksba8-1.3.5-150000.4.3.1 libksba8-debuginfo-1.3.5-150000.4.3.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): libksba-debugsource-1.3.5-150000.4.3.1 libksba-devel-1.3.5-150000.4.3.1 libksba8-1.3.5-150000.4.3.1 libksba8-debuginfo-1.3.5-150000.4.3.1 - SUSE CaaS Platform 4.0 (x86_64): libksba-debugsource-1.3.5-150000.4.3.1 libksba-devel-1.3.5-150000.4.3.1 libksba8-1.3.5-150000.4.3.1 libksba8-debuginfo-1.3.5-150000.4.3.1 References: https://www.suse.com/security/cve/CVE-2022-3515.html https://bugzilla.suse.com/1204357 From sle-updates at lists.suse.com Fri Oct 21 13:30:26 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 21 Oct 2022 15:30:26 +0200 (CEST) Subject: SUSE-OU-2022:3685-1: moderate: Optional update for monitoring-plugins and its dependencies Message-ID: <20221021133026.3CC73FBAE@maintenance.suse.de> SUSE Optional Update: Optional update for monitoring-plugins and its dependencies ______________________________________________________________________________ Announcement ID: SUSE-OU-2022:3685-1 Rating: moderate References: MSC-399 Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Availability 15 SUSE Linux Enterprise High Availability 15-SP1 SUSE Linux Enterprise High Availability 15-SP2 SUSE Linux Enterprise High Availability 15-SP3 SUSE Linux Enterprise High Availability 15-SP4 SUSE Linux Enterprise High Performance Computing 15 SUSE Linux Enterprise High Performance Computing 15-SP1 SUSE Linux Enterprise High Performance Computing 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Development Tools 15-SP3 SUSE Linux Enterprise Module for Development Tools 15-SP4 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 SUSE Linux Enterprise Module for Server Applications 15-SP4 SUSE Linux Enterprise Server 15 SUSE Linux Enterprise Server 15-SP1 SUSE Linux Enterprise Server 15-SP2 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15 SUSE Linux Enterprise Server for SAP Applications 15-SP1 SUSE Linux Enterprise Server for SAP Applications 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Linux Enterprise Storage 6 SUSE Linux Enterprise Storage 7 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.0 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.0 SUSE Manager Retail Branch Server 4.1 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.0 SUSE Manager Server 4.1 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has 0 optional fixes and contains one feature can now be installed. Description: This optional update for monitoring-plugins and its dependencies provides: freeradius-client: - Deliver missing freeradius-client to SUSE Package Hub 15 SP4 and solve migration issues from 15 SP3. (ijsc#MSC-399) - There are NO code changes. monitoring-plugins: - Deliver missing monitoring plugins to SUSE Package Hub 15 SP4 and solve migration issues from 15 SP3. (ijsc#MSC-399) - There are NO code changes. perl-Crypt-DES: - Deliver missing perl-Crypt-DES to SUSE Package Hub 15 SP4 and solve migration issues from 15 SP3. (ijsc#MSC-399) - There are NO code changes. perl-Crypt-Rijndael: - Deliver missing perl-Crypt-Rijndaelto SUSE Package Hub 15 SP4 and solve migration issues from 15 SP3. (ijsc#MSC-399) - There are NO code changes. perl-Net-SNMP: - Deliver missing perl-Net-SNMP to SUSE Package Hub 15 SP4 and solve migration issues from 15 SP3. (ijsc#MSC-399) - There are NO code changes. Patch Instructions: To install this SUSE Optional Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3685=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-3685=1 - SUSE Linux Enterprise Module for Server Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2022-3685=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2022-3685=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2022-3685=1 - SUSE Linux Enterprise Module for Development Tools 15-SP4: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2022-3685=1 - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2022-3685=1 - SUSE Linux Enterprise High Availability 15-SP4: zypper in -t patch SUSE-SLE-Product-HA-15-SP4-2022-3685=1 - SUSE Linux Enterprise High Availability 15-SP3: zypper in -t patch SUSE-SLE-Product-HA-15-SP3-2022-3685=1 - SUSE Linux Enterprise High Availability 15-SP2: zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2022-3685=1 - SUSE Linux Enterprise High Availability 15-SP1: zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2022-3685=1 - SUSE Linux Enterprise High Availability 15: zypper in -t patch SUSE-SLE-Product-HA-15-2022-3685=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): freeradius-client-1.1.7-150400.14.2.1 freeradius-client-debuginfo-1.1.7-150400.14.2.1 freeradius-client-debugsource-1.1.7-150400.14.2.1 freeradius-client-devel-1.1.7-150400.14.2.1 freeradius-client-libs-1.1.7-150400.14.2.1 freeradius-client-libs-debuginfo-1.1.7-150400.14.2.1 monitoring-plugins-2.3.1-150000.3.11.1 monitoring-plugins-all-2.3.1-150000.3.11.1 monitoring-plugins-breeze-2.3.1-150000.3.11.1 monitoring-plugins-by_ssh-2.3.1-150000.3.11.1 monitoring-plugins-by_ssh-debuginfo-2.3.1-150000.3.11.1 monitoring-plugins-cluster-2.3.1-150000.3.11.1 monitoring-plugins-cluster-debuginfo-2.3.1-150000.3.11.1 monitoring-plugins-common-2.3.1-150000.3.11.1 monitoring-plugins-common-debuginfo-2.3.1-150000.3.11.1 monitoring-plugins-cups-2.3.1-150000.3.11.1 monitoring-plugins-dbi-2.3.1-150000.3.11.1 monitoring-plugins-dbi-debuginfo-2.3.1-150000.3.11.1 monitoring-plugins-dbi-mysql-2.3.1-150000.3.11.1 monitoring-plugins-dbi-pgsql-2.3.1-150000.3.11.1 monitoring-plugins-dbi-sqlite3-2.3.1-150000.3.11.1 monitoring-plugins-debuginfo-2.3.1-150000.3.11.1 monitoring-plugins-debugsource-2.3.1-150000.3.11.1 monitoring-plugins-dhcp-2.3.1-150000.3.11.1 monitoring-plugins-dhcp-debuginfo-2.3.1-150000.3.11.1 monitoring-plugins-dig-2.3.1-150000.3.11.1 monitoring-plugins-dig-debuginfo-2.3.1-150000.3.11.1 monitoring-plugins-disk-2.3.1-150000.3.11.1 monitoring-plugins-disk-debuginfo-2.3.1-150000.3.11.1 monitoring-plugins-disk_smb-2.3.1-150000.3.11.1 monitoring-plugins-dns-2.3.1-150000.3.11.1 monitoring-plugins-dns-debuginfo-2.3.1-150000.3.11.1 monitoring-plugins-dummy-2.3.1-150000.3.11.1 monitoring-plugins-dummy-debuginfo-2.3.1-150000.3.11.1 monitoring-plugins-extras-2.3.1-150000.3.11.1 monitoring-plugins-file_age-2.3.1-150000.3.11.1 monitoring-plugins-flexlm-2.3.1-150000.3.11.1 monitoring-plugins-fping-2.3.1-150000.3.11.1 monitoring-plugins-fping-debuginfo-2.3.1-150000.3.11.1 monitoring-plugins-hpjd-2.3.1-150000.3.11.1 monitoring-plugins-hpjd-debuginfo-2.3.1-150000.3.11.1 monitoring-plugins-http-2.3.1-150000.3.11.1 monitoring-plugins-http-debuginfo-2.3.1-150000.3.11.1 monitoring-plugins-icmp-2.3.1-150000.3.11.1 monitoring-plugins-icmp-debuginfo-2.3.1-150000.3.11.1 monitoring-plugins-ide_smart-2.3.1-150000.3.11.1 monitoring-plugins-ide_smart-debuginfo-2.3.1-150000.3.11.1 monitoring-plugins-ifoperstatus-2.3.1-150000.3.11.1 monitoring-plugins-ifstatus-2.3.1-150000.3.11.1 monitoring-plugins-ircd-2.3.1-150000.3.11.1 monitoring-plugins-ldap-2.3.1-150000.3.11.1 monitoring-plugins-ldap-debuginfo-2.3.1-150000.3.11.1 monitoring-plugins-load-2.3.1-150000.3.11.1 monitoring-plugins-load-debuginfo-2.3.1-150000.3.11.1 monitoring-plugins-log-2.3.1-150000.3.11.1 monitoring-plugins-mailq-2.3.1-150000.3.11.1 monitoring-plugins-mrtg-2.3.1-150000.3.11.1 monitoring-plugins-mrtg-debuginfo-2.3.1-150000.3.11.1 monitoring-plugins-mrtgtraf-2.3.1-150000.3.11.1 monitoring-plugins-mrtgtraf-debuginfo-2.3.1-150000.3.11.1 monitoring-plugins-mysql-2.3.1-150000.3.11.1 monitoring-plugins-mysql-debuginfo-2.3.1-150000.3.11.1 monitoring-plugins-nagios-2.3.1-150000.3.11.1 monitoring-plugins-nagios-debuginfo-2.3.1-150000.3.11.1 monitoring-plugins-nt-2.3.1-150000.3.11.1 monitoring-plugins-nt-debuginfo-2.3.1-150000.3.11.1 monitoring-plugins-ntp_peer-2.3.1-150000.3.11.1 monitoring-plugins-ntp_peer-debuginfo-2.3.1-150000.3.11.1 monitoring-plugins-ntp_time-2.3.1-150000.3.11.1 monitoring-plugins-ntp_time-debuginfo-2.3.1-150000.3.11.1 monitoring-plugins-nwstat-2.3.1-150000.3.11.1 monitoring-plugins-nwstat-debuginfo-2.3.1-150000.3.11.1 monitoring-plugins-oracle-2.3.1-150000.3.11.1 monitoring-plugins-overcr-2.3.1-150000.3.11.1 monitoring-plugins-overcr-debuginfo-2.3.1-150000.3.11.1 monitoring-plugins-pgsql-2.3.1-150000.3.11.1 monitoring-plugins-pgsql-debuginfo-2.3.1-150000.3.11.1 monitoring-plugins-ping-2.3.1-150000.3.11.1 monitoring-plugins-ping-debuginfo-2.3.1-150000.3.11.1 monitoring-plugins-procs-2.3.1-150000.3.11.1 monitoring-plugins-procs-debuginfo-2.3.1-150000.3.11.1 monitoring-plugins-radius-2.3.1-150000.3.11.1 monitoring-plugins-radius-debuginfo-2.3.1-150000.3.11.1 monitoring-plugins-real-2.3.1-150000.3.11.1 monitoring-plugins-real-debuginfo-2.3.1-150000.3.11.1 monitoring-plugins-rpc-2.3.1-150000.3.11.1 monitoring-plugins-smtp-2.3.1-150000.3.11.1 monitoring-plugins-smtp-debuginfo-2.3.1-150000.3.11.1 monitoring-plugins-snmp-2.3.1-150000.3.11.1 monitoring-plugins-snmp-debuginfo-2.3.1-150000.3.11.1 monitoring-plugins-ssh-2.3.1-150000.3.11.1 monitoring-plugins-ssh-debuginfo-2.3.1-150000.3.11.1 monitoring-plugins-swap-2.3.1-150000.3.11.1 monitoring-plugins-swap-debuginfo-2.3.1-150000.3.11.1 monitoring-plugins-tcp-2.3.1-150000.3.11.1 monitoring-plugins-tcp-debuginfo-2.3.1-150000.3.11.1 monitoring-plugins-time-2.3.1-150000.3.11.1 monitoring-plugins-time-debuginfo-2.3.1-150000.3.11.1 monitoring-plugins-ups-2.3.1-150000.3.11.1 monitoring-plugins-ups-debuginfo-2.3.1-150000.3.11.1 monitoring-plugins-uptime-2.3.1-150000.3.11.1 monitoring-plugins-users-2.3.1-150000.3.11.1 monitoring-plugins-users-debuginfo-2.3.1-150000.3.11.1 monitoring-plugins-wave-2.3.1-150000.3.11.1 perl-Crypt-DES-2.07-150000.3.4.1 perl-Crypt-DES-debuginfo-2.07-150000.3.4.1 perl-Crypt-DES-debugsource-2.07-150000.3.4.1 perl-Crypt-Rijndael-1.13-150000.3.4.1 perl-Crypt-Rijndael-debuginfo-1.13-150000.3.4.1 perl-Crypt-Rijndael-debugsource-1.13-150000.3.4.1 - openSUSE Leap 15.4 (aarch64 ppc64le x86_64): monitoring-plugins-sensors-2.3.1-150000.3.11.1 - openSUSE Leap 15.4 (noarch): perl-Net-SNMP-6.0.1-150000.3.4.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): monitoring-plugins-2.3.1-150000.3.11.1 monitoring-plugins-all-2.3.1-150000.3.11.1 monitoring-plugins-breeze-2.3.1-150000.3.11.1 monitoring-plugins-by_ssh-2.3.1-150000.3.11.1 monitoring-plugins-by_ssh-debuginfo-2.3.1-150000.3.11.1 monitoring-plugins-cluster-2.3.1-150000.3.11.1 monitoring-plugins-cluster-debuginfo-2.3.1-150000.3.11.1 monitoring-plugins-common-2.3.1-150000.3.11.1 monitoring-plugins-common-debuginfo-2.3.1-150000.3.11.1 monitoring-plugins-cups-2.3.1-150000.3.11.1 monitoring-plugins-dbi-2.3.1-150000.3.11.1 monitoring-plugins-dbi-debuginfo-2.3.1-150000.3.11.1 monitoring-plugins-dbi-mysql-2.3.1-150000.3.11.1 monitoring-plugins-dbi-pgsql-2.3.1-150000.3.11.1 monitoring-plugins-dbi-sqlite3-2.3.1-150000.3.11.1 monitoring-plugins-debuginfo-2.3.1-150000.3.11.1 monitoring-plugins-debugsource-2.3.1-150000.3.11.1 monitoring-plugins-dhcp-2.3.1-150000.3.11.1 monitoring-plugins-dhcp-debuginfo-2.3.1-150000.3.11.1 monitoring-plugins-dig-2.3.1-150000.3.11.1 monitoring-plugins-dig-debuginfo-2.3.1-150000.3.11.1 monitoring-plugins-disk-2.3.1-150000.3.11.1 monitoring-plugins-disk-debuginfo-2.3.1-150000.3.11.1 monitoring-plugins-disk_smb-2.3.1-150000.3.11.1 monitoring-plugins-dns-2.3.1-150000.3.11.1 monitoring-plugins-dns-debuginfo-2.3.1-150000.3.11.1 monitoring-plugins-dummy-2.3.1-150000.3.11.1 monitoring-plugins-dummy-debuginfo-2.3.1-150000.3.11.1 monitoring-plugins-extras-2.3.1-150000.3.11.1 monitoring-plugins-file_age-2.3.1-150000.3.11.1 monitoring-plugins-flexlm-2.3.1-150000.3.11.1 monitoring-plugins-fping-2.3.1-150000.3.11.1 monitoring-plugins-fping-debuginfo-2.3.1-150000.3.11.1 monitoring-plugins-hpjd-2.3.1-150000.3.11.1 monitoring-plugins-hpjd-debuginfo-2.3.1-150000.3.11.1 monitoring-plugins-http-2.3.1-150000.3.11.1 monitoring-plugins-http-debuginfo-2.3.1-150000.3.11.1 monitoring-plugins-icmp-2.3.1-150000.3.11.1 monitoring-plugins-icmp-debuginfo-2.3.1-150000.3.11.1 monitoring-plugins-ide_smart-2.3.1-150000.3.11.1 monitoring-plugins-ide_smart-debuginfo-2.3.1-150000.3.11.1 monitoring-plugins-ifoperstatus-2.3.1-150000.3.11.1 monitoring-plugins-ifstatus-2.3.1-150000.3.11.1 monitoring-plugins-ircd-2.3.1-150000.3.11.1 monitoring-plugins-ldap-2.3.1-150000.3.11.1 monitoring-plugins-ldap-debuginfo-2.3.1-150000.3.11.1 monitoring-plugins-load-2.3.1-150000.3.11.1 monitoring-plugins-load-debuginfo-2.3.1-150000.3.11.1 monitoring-plugins-log-2.3.1-150000.3.11.1 monitoring-plugins-mailq-2.3.1-150000.3.11.1 monitoring-plugins-mrtg-2.3.1-150000.3.11.1 monitoring-plugins-mrtg-debuginfo-2.3.1-150000.3.11.1 monitoring-plugins-mrtgtraf-2.3.1-150000.3.11.1 monitoring-plugins-mrtgtraf-debuginfo-2.3.1-150000.3.11.1 monitoring-plugins-mysql-2.3.1-150000.3.11.1 monitoring-plugins-mysql-debuginfo-2.3.1-150000.3.11.1 monitoring-plugins-nagios-2.3.1-150000.3.11.1 monitoring-plugins-nagios-debuginfo-2.3.1-150000.3.11.1 monitoring-plugins-nt-2.3.1-150000.3.11.1 monitoring-plugins-nt-debuginfo-2.3.1-150000.3.11.1 monitoring-plugins-ntp_peer-2.3.1-150000.3.11.1 monitoring-plugins-ntp_peer-debuginfo-2.3.1-150000.3.11.1 monitoring-plugins-ntp_time-2.3.1-150000.3.11.1 monitoring-plugins-ntp_time-debuginfo-2.3.1-150000.3.11.1 monitoring-plugins-nwstat-2.3.1-150000.3.11.1 monitoring-plugins-nwstat-debuginfo-2.3.1-150000.3.11.1 monitoring-plugins-oracle-2.3.1-150000.3.11.1 monitoring-plugins-overcr-2.3.1-150000.3.11.1 monitoring-plugins-overcr-debuginfo-2.3.1-150000.3.11.1 monitoring-plugins-pgsql-2.3.1-150000.3.11.1 monitoring-plugins-pgsql-debuginfo-2.3.1-150000.3.11.1 monitoring-plugins-ping-2.3.1-150000.3.11.1 monitoring-plugins-ping-debuginfo-2.3.1-150000.3.11.1 monitoring-plugins-procs-2.3.1-150000.3.11.1 monitoring-plugins-procs-debuginfo-2.3.1-150000.3.11.1 monitoring-plugins-radius-2.3.1-150000.3.11.1 monitoring-plugins-radius-debuginfo-2.3.1-150000.3.11.1 monitoring-plugins-real-2.3.1-150000.3.11.1 monitoring-plugins-real-debuginfo-2.3.1-150000.3.11.1 monitoring-plugins-rpc-2.3.1-150000.3.11.1 monitoring-plugins-smtp-2.3.1-150000.3.11.1 monitoring-plugins-smtp-debuginfo-2.3.1-150000.3.11.1 monitoring-plugins-snmp-2.3.1-150000.3.11.1 monitoring-plugins-snmp-debuginfo-2.3.1-150000.3.11.1 monitoring-plugins-ssh-2.3.1-150000.3.11.1 monitoring-plugins-ssh-debuginfo-2.3.1-150000.3.11.1 monitoring-plugins-swap-2.3.1-150000.3.11.1 monitoring-plugins-swap-debuginfo-2.3.1-150000.3.11.1 monitoring-plugins-tcp-2.3.1-150000.3.11.1 monitoring-plugins-tcp-debuginfo-2.3.1-150000.3.11.1 monitoring-plugins-time-2.3.1-150000.3.11.1 monitoring-plugins-time-debuginfo-2.3.1-150000.3.11.1 monitoring-plugins-ups-2.3.1-150000.3.11.1 monitoring-plugins-ups-debuginfo-2.3.1-150000.3.11.1 monitoring-plugins-users-2.3.1-150000.3.11.1 monitoring-plugins-users-debuginfo-2.3.1-150000.3.11.1 monitoring-plugins-wave-2.3.1-150000.3.11.1 perl-Crypt-DES-2.07-150000.3.4.1 perl-Crypt-DES-debuginfo-2.07-150000.3.4.1 perl-Crypt-DES-debugsource-2.07-150000.3.4.1 perl-Crypt-Rijndael-1.13-150000.3.4.1 perl-Crypt-Rijndael-debuginfo-1.13-150000.3.4.1 perl-Crypt-Rijndael-debugsource-1.13-150000.3.4.1 - openSUSE Leap 15.3 (aarch64 ppc64le x86_64): monitoring-plugins-sensors-2.3.1-150000.3.11.1 - openSUSE Leap 15.3 (noarch): perl-Net-SNMP-6.0.1-150000.3.4.1 - SUSE Linux Enterprise Module for Server Applications 15-SP4 (aarch64 ppc64le s390x x86_64): freeradius-client-1.1.7-150400.14.2.1 freeradius-client-debuginfo-1.1.7-150400.14.2.1 freeradius-client-debugsource-1.1.7-150400.14.2.1 freeradius-client-devel-1.1.7-150400.14.2.1 freeradius-client-libs-1.1.7-150400.14.2.1 freeradius-client-libs-debuginfo-1.1.7-150400.14.2.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 (aarch64 ppc64le s390x x86_64): freeradius-client-libs-1.1.7-150400.14.2.1 freeradius-client-libs-debuginfo-1.1.7-150400.14.2.1 monitoring-plugins-2.3.1-150000.3.11.1 monitoring-plugins-all-2.3.1-150000.3.11.1 monitoring-plugins-breeze-2.3.1-150000.3.11.1 monitoring-plugins-by_ssh-2.3.1-150000.3.11.1 monitoring-plugins-by_ssh-debuginfo-2.3.1-150000.3.11.1 monitoring-plugins-cluster-2.3.1-150000.3.11.1 monitoring-plugins-cluster-debuginfo-2.3.1-150000.3.11.1 monitoring-plugins-common-2.3.1-150000.3.11.1 monitoring-plugins-common-debuginfo-2.3.1-150000.3.11.1 monitoring-plugins-cups-2.3.1-150000.3.11.1 monitoring-plugins-dbi-2.3.1-150000.3.11.1 monitoring-plugins-dbi-debuginfo-2.3.1-150000.3.11.1 monitoring-plugins-dbi-mysql-2.3.1-150000.3.11.1 monitoring-plugins-dbi-pgsql-2.3.1-150000.3.11.1 monitoring-plugins-dbi-sqlite3-2.3.1-150000.3.11.1 monitoring-plugins-debuginfo-2.3.1-150000.3.11.1 monitoring-plugins-debugsource-2.3.1-150000.3.11.1 monitoring-plugins-dhcp-2.3.1-150000.3.11.1 monitoring-plugins-dhcp-debuginfo-2.3.1-150000.3.11.1 monitoring-plugins-dig-2.3.1-150000.3.11.1 monitoring-plugins-dig-debuginfo-2.3.1-150000.3.11.1 monitoring-plugins-disk-2.3.1-150000.3.11.1 monitoring-plugins-disk-debuginfo-2.3.1-150000.3.11.1 monitoring-plugins-disk_smb-2.3.1-150000.3.11.1 monitoring-plugins-dns-2.3.1-150000.3.11.1 monitoring-plugins-dns-debuginfo-2.3.1-150000.3.11.1 monitoring-plugins-dummy-2.3.1-150000.3.11.1 monitoring-plugins-dummy-debuginfo-2.3.1-150000.3.11.1 monitoring-plugins-extras-2.3.1-150000.3.11.1 monitoring-plugins-file_age-2.3.1-150000.3.11.1 monitoring-plugins-flexlm-2.3.1-150000.3.11.1 monitoring-plugins-hpjd-2.3.1-150000.3.11.1 monitoring-plugins-hpjd-debuginfo-2.3.1-150000.3.11.1 monitoring-plugins-icmp-2.3.1-150000.3.11.1 monitoring-plugins-icmp-debuginfo-2.3.1-150000.3.11.1 monitoring-plugins-ide_smart-2.3.1-150000.3.11.1 monitoring-plugins-ide_smart-debuginfo-2.3.1-150000.3.11.1 monitoring-plugins-ifoperstatus-2.3.1-150000.3.11.1 monitoring-plugins-ifstatus-2.3.1-150000.3.11.1 monitoring-plugins-ircd-2.3.1-150000.3.11.1 monitoring-plugins-load-2.3.1-150000.3.11.1 monitoring-plugins-load-debuginfo-2.3.1-150000.3.11.1 monitoring-plugins-log-2.3.1-150000.3.11.1 monitoring-plugins-mailq-2.3.1-150000.3.11.1 monitoring-plugins-mrtg-2.3.1-150000.3.11.1 monitoring-plugins-mrtg-debuginfo-2.3.1-150000.3.11.1 monitoring-plugins-mrtgtraf-2.3.1-150000.3.11.1 monitoring-plugins-mrtgtraf-debuginfo-2.3.1-150000.3.11.1 monitoring-plugins-nagios-2.3.1-150000.3.11.1 monitoring-plugins-nagios-debuginfo-2.3.1-150000.3.11.1 monitoring-plugins-nt-2.3.1-150000.3.11.1 monitoring-plugins-nt-debuginfo-2.3.1-150000.3.11.1 monitoring-plugins-ntp_peer-2.3.1-150000.3.11.1 monitoring-plugins-ntp_peer-debuginfo-2.3.1-150000.3.11.1 monitoring-plugins-ntp_time-2.3.1-150000.3.11.1 monitoring-plugins-ntp_time-debuginfo-2.3.1-150000.3.11.1 monitoring-plugins-nwstat-2.3.1-150000.3.11.1 monitoring-plugins-nwstat-debuginfo-2.3.1-150000.3.11.1 monitoring-plugins-oracle-2.3.1-150000.3.11.1 monitoring-plugins-overcr-2.3.1-150000.3.11.1 monitoring-plugins-overcr-debuginfo-2.3.1-150000.3.11.1 monitoring-plugins-ping-2.3.1-150000.3.11.1 monitoring-plugins-ping-debuginfo-2.3.1-150000.3.11.1 monitoring-plugins-procs-2.3.1-150000.3.11.1 monitoring-plugins-procs-debuginfo-2.3.1-150000.3.11.1 monitoring-plugins-radius-2.3.1-150000.3.11.1 monitoring-plugins-radius-debuginfo-2.3.1-150000.3.11.1 monitoring-plugins-real-2.3.1-150000.3.11.1 monitoring-plugins-real-debuginfo-2.3.1-150000.3.11.1 monitoring-plugins-rpc-2.3.1-150000.3.11.1 monitoring-plugins-smtp-2.3.1-150000.3.11.1 monitoring-plugins-smtp-debuginfo-2.3.1-150000.3.11.1 monitoring-plugins-snmp-2.3.1-150000.3.11.1 monitoring-plugins-snmp-debuginfo-2.3.1-150000.3.11.1 monitoring-plugins-ssh-2.3.1-150000.3.11.1 monitoring-plugins-ssh-debuginfo-2.3.1-150000.3.11.1 monitoring-plugins-swap-2.3.1-150000.3.11.1 monitoring-plugins-swap-debuginfo-2.3.1-150000.3.11.1 monitoring-plugins-time-2.3.1-150000.3.11.1 monitoring-plugins-time-debuginfo-2.3.1-150000.3.11.1 monitoring-plugins-ups-2.3.1-150000.3.11.1 monitoring-plugins-ups-debuginfo-2.3.1-150000.3.11.1 monitoring-plugins-users-2.3.1-150000.3.11.1 monitoring-plugins-users-debuginfo-2.3.1-150000.3.11.1 monitoring-plugins-wave-2.3.1-150000.3.11.1 perl-Crypt-DES-2.07-150000.3.4.1 perl-Crypt-DES-debuginfo-2.07-150000.3.4.1 perl-Crypt-DES-debugsource-2.07-150000.3.4.1 perl-Crypt-Rijndael-1.13-150000.3.4.1 perl-Crypt-Rijndael-debuginfo-1.13-150000.3.4.1 perl-Crypt-Rijndael-debugsource-1.13-150000.3.4.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 (aarch64 ppc64le x86_64): monitoring-plugins-sensors-2.3.1-150000.3.11.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 (noarch): perl-Net-SNMP-6.0.1-150000.3.4.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (aarch64 ppc64le s390x x86_64): monitoring-plugins-2.3.1-150000.3.11.1 monitoring-plugins-all-2.3.1-150000.3.11.1 monitoring-plugins-breeze-2.3.1-150000.3.11.1 monitoring-plugins-by_ssh-2.3.1-150000.3.11.1 monitoring-plugins-by_ssh-debuginfo-2.3.1-150000.3.11.1 monitoring-plugins-cluster-2.3.1-150000.3.11.1 monitoring-plugins-cluster-debuginfo-2.3.1-150000.3.11.1 monitoring-plugins-common-2.3.1-150000.3.11.1 monitoring-plugins-common-debuginfo-2.3.1-150000.3.11.1 monitoring-plugins-cups-2.3.1-150000.3.11.1 monitoring-plugins-dbi-2.3.1-150000.3.11.1 monitoring-plugins-dbi-debuginfo-2.3.1-150000.3.11.1 monitoring-plugins-dbi-mysql-2.3.1-150000.3.11.1 monitoring-plugins-dbi-pgsql-2.3.1-150000.3.11.1 monitoring-plugins-dbi-sqlite3-2.3.1-150000.3.11.1 monitoring-plugins-debuginfo-2.3.1-150000.3.11.1 monitoring-plugins-debugsource-2.3.1-150000.3.11.1 monitoring-plugins-dhcp-2.3.1-150000.3.11.1 monitoring-plugins-dhcp-debuginfo-2.3.1-150000.3.11.1 monitoring-plugins-dig-2.3.1-150000.3.11.1 monitoring-plugins-dig-debuginfo-2.3.1-150000.3.11.1 monitoring-plugins-disk-2.3.1-150000.3.11.1 monitoring-plugins-disk-debuginfo-2.3.1-150000.3.11.1 monitoring-plugins-disk_smb-2.3.1-150000.3.11.1 monitoring-plugins-dns-2.3.1-150000.3.11.1 monitoring-plugins-dns-debuginfo-2.3.1-150000.3.11.1 monitoring-plugins-dummy-2.3.1-150000.3.11.1 monitoring-plugins-dummy-debuginfo-2.3.1-150000.3.11.1 monitoring-plugins-extras-2.3.1-150000.3.11.1 monitoring-plugins-file_age-2.3.1-150000.3.11.1 monitoring-plugins-flexlm-2.3.1-150000.3.11.1 monitoring-plugins-hpjd-2.3.1-150000.3.11.1 monitoring-plugins-hpjd-debuginfo-2.3.1-150000.3.11.1 monitoring-plugins-icmp-2.3.1-150000.3.11.1 monitoring-plugins-icmp-debuginfo-2.3.1-150000.3.11.1 monitoring-plugins-ide_smart-2.3.1-150000.3.11.1 monitoring-plugins-ide_smart-debuginfo-2.3.1-150000.3.11.1 monitoring-plugins-ifoperstatus-2.3.1-150000.3.11.1 monitoring-plugins-ifstatus-2.3.1-150000.3.11.1 monitoring-plugins-ircd-2.3.1-150000.3.11.1 monitoring-plugins-load-2.3.1-150000.3.11.1 monitoring-plugins-load-debuginfo-2.3.1-150000.3.11.1 monitoring-plugins-log-2.3.1-150000.3.11.1 monitoring-plugins-mailq-2.3.1-150000.3.11.1 monitoring-plugins-mrtg-2.3.1-150000.3.11.1 monitoring-plugins-mrtg-debuginfo-2.3.1-150000.3.11.1 monitoring-plugins-mrtgtraf-2.3.1-150000.3.11.1 monitoring-plugins-mrtgtraf-debuginfo-2.3.1-150000.3.11.1 monitoring-plugins-nagios-2.3.1-150000.3.11.1 monitoring-plugins-nagios-debuginfo-2.3.1-150000.3.11.1 monitoring-plugins-nt-2.3.1-150000.3.11.1 monitoring-plugins-nt-debuginfo-2.3.1-150000.3.11.1 monitoring-plugins-ntp_peer-2.3.1-150000.3.11.1 monitoring-plugins-ntp_peer-debuginfo-2.3.1-150000.3.11.1 monitoring-plugins-ntp_time-2.3.1-150000.3.11.1 monitoring-plugins-ntp_time-debuginfo-2.3.1-150000.3.11.1 monitoring-plugins-nwstat-2.3.1-150000.3.11.1 monitoring-plugins-nwstat-debuginfo-2.3.1-150000.3.11.1 monitoring-plugins-oracle-2.3.1-150000.3.11.1 monitoring-plugins-overcr-2.3.1-150000.3.11.1 monitoring-plugins-overcr-debuginfo-2.3.1-150000.3.11.1 monitoring-plugins-ping-2.3.1-150000.3.11.1 monitoring-plugins-ping-debuginfo-2.3.1-150000.3.11.1 monitoring-plugins-procs-2.3.1-150000.3.11.1 monitoring-plugins-procs-debuginfo-2.3.1-150000.3.11.1 monitoring-plugins-radius-2.3.1-150000.3.11.1 monitoring-plugins-radius-debuginfo-2.3.1-150000.3.11.1 monitoring-plugins-real-2.3.1-150000.3.11.1 monitoring-plugins-real-debuginfo-2.3.1-150000.3.11.1 monitoring-plugins-rpc-2.3.1-150000.3.11.1 monitoring-plugins-smtp-2.3.1-150000.3.11.1 monitoring-plugins-smtp-debuginfo-2.3.1-150000.3.11.1 monitoring-plugins-snmp-2.3.1-150000.3.11.1 monitoring-plugins-snmp-debuginfo-2.3.1-150000.3.11.1 monitoring-plugins-ssh-2.3.1-150000.3.11.1 monitoring-plugins-ssh-debuginfo-2.3.1-150000.3.11.1 monitoring-plugins-swap-2.3.1-150000.3.11.1 monitoring-plugins-swap-debuginfo-2.3.1-150000.3.11.1 monitoring-plugins-time-2.3.1-150000.3.11.1 monitoring-plugins-time-debuginfo-2.3.1-150000.3.11.1 monitoring-plugins-ups-2.3.1-150000.3.11.1 monitoring-plugins-ups-debuginfo-2.3.1-150000.3.11.1 monitoring-plugins-users-2.3.1-150000.3.11.1 monitoring-plugins-users-debuginfo-2.3.1-150000.3.11.1 monitoring-plugins-wave-2.3.1-150000.3.11.1 perl-Crypt-DES-2.07-150000.3.4.1 perl-Crypt-DES-debuginfo-2.07-150000.3.4.1 perl-Crypt-DES-debugsource-2.07-150000.3.4.1 perl-Crypt-Rijndael-1.13-150000.3.4.1 perl-Crypt-Rijndael-debuginfo-1.13-150000.3.4.1 perl-Crypt-Rijndael-debugsource-1.13-150000.3.4.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (aarch64 ppc64le x86_64): monitoring-plugins-sensors-2.3.1-150000.3.11.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (noarch): perl-Net-SNMP-6.0.1-150000.3.4.1 - SUSE Linux Enterprise Module for Development Tools 15-SP4 (aarch64 ppc64le s390x x86_64): perl-Crypt-DES-2.07-150000.3.4.1 perl-Crypt-DES-debuginfo-2.07-150000.3.4.1 perl-Crypt-DES-debugsource-2.07-150000.3.4.1 perl-Crypt-Rijndael-1.13-150000.3.4.1 perl-Crypt-Rijndael-debuginfo-1.13-150000.3.4.1 perl-Crypt-Rijndael-debugsource-1.13-150000.3.4.1 - SUSE Linux Enterprise Module for Development Tools 15-SP4 (noarch): perl-Net-SNMP-6.0.1-150000.3.4.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le s390x x86_64): perl-Crypt-DES-2.07-150000.3.4.1 perl-Crypt-DES-debuginfo-2.07-150000.3.4.1 perl-Crypt-DES-debugsource-2.07-150000.3.4.1 perl-Crypt-Rijndael-1.13-150000.3.4.1 perl-Crypt-Rijndael-debuginfo-1.13-150000.3.4.1 perl-Crypt-Rijndael-debugsource-1.13-150000.3.4.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (noarch): perl-Net-SNMP-6.0.1-150000.3.4.1 - SUSE Linux Enterprise High Availability 15-SP4 (aarch64 ppc64le s390x x86_64): monitoring-plugins-debuginfo-2.3.1-150000.3.11.1 monitoring-plugins-debugsource-2.3.1-150000.3.11.1 monitoring-plugins-fping-2.3.1-150000.3.11.1 monitoring-plugins-fping-debuginfo-2.3.1-150000.3.11.1 monitoring-plugins-http-2.3.1-150000.3.11.1 monitoring-plugins-http-debuginfo-2.3.1-150000.3.11.1 monitoring-plugins-ldap-2.3.1-150000.3.11.1 monitoring-plugins-ldap-debuginfo-2.3.1-150000.3.11.1 monitoring-plugins-mysql-2.3.1-150000.3.11.1 monitoring-plugins-mysql-debuginfo-2.3.1-150000.3.11.1 monitoring-plugins-pgsql-2.3.1-150000.3.11.1 monitoring-plugins-pgsql-debuginfo-2.3.1-150000.3.11.1 monitoring-plugins-tcp-2.3.1-150000.3.11.1 monitoring-plugins-tcp-debuginfo-2.3.1-150000.3.11.1 - SUSE Linux Enterprise High Availability 15-SP3 (aarch64 ppc64le s390x x86_64): monitoring-plugins-debuginfo-2.3.1-150000.3.11.1 monitoring-plugins-debugsource-2.3.1-150000.3.11.1 monitoring-plugins-fping-2.3.1-150000.3.11.1 monitoring-plugins-fping-debuginfo-2.3.1-150000.3.11.1 monitoring-plugins-http-2.3.1-150000.3.11.1 monitoring-plugins-http-debuginfo-2.3.1-150000.3.11.1 monitoring-plugins-ldap-2.3.1-150000.3.11.1 monitoring-plugins-ldap-debuginfo-2.3.1-150000.3.11.1 monitoring-plugins-mysql-2.3.1-150000.3.11.1 monitoring-plugins-mysql-debuginfo-2.3.1-150000.3.11.1 monitoring-plugins-pgsql-2.3.1-150000.3.11.1 monitoring-plugins-pgsql-debuginfo-2.3.1-150000.3.11.1 monitoring-plugins-tcp-2.3.1-150000.3.11.1 monitoring-plugins-tcp-debuginfo-2.3.1-150000.3.11.1 - SUSE Linux Enterprise High Availability 15-SP2 (aarch64 ppc64le s390x x86_64): monitoring-plugins-debuginfo-2.3.1-150000.3.11.1 monitoring-plugins-debugsource-2.3.1-150000.3.11.1 monitoring-plugins-fping-2.3.1-150000.3.11.1 monitoring-plugins-fping-debuginfo-2.3.1-150000.3.11.1 monitoring-plugins-http-2.3.1-150000.3.11.1 monitoring-plugins-http-debuginfo-2.3.1-150000.3.11.1 monitoring-plugins-ldap-2.3.1-150000.3.11.1 monitoring-plugins-ldap-debuginfo-2.3.1-150000.3.11.1 monitoring-plugins-mysql-2.3.1-150000.3.11.1 monitoring-plugins-mysql-debuginfo-2.3.1-150000.3.11.1 monitoring-plugins-pgsql-2.3.1-150000.3.11.1 monitoring-plugins-pgsql-debuginfo-2.3.1-150000.3.11.1 monitoring-plugins-tcp-2.3.1-150000.3.11.1 monitoring-plugins-tcp-debuginfo-2.3.1-150000.3.11.1 - SUSE Linux Enterprise High Availability 15-SP2 (ppc64le): monitoring-plugins-2.3.1-150000.3.11.1 monitoring-plugins-all-2.3.1-150000.3.11.1 monitoring-plugins-breeze-2.3.1-150000.3.11.1 monitoring-plugins-by_ssh-2.3.1-150000.3.11.1 monitoring-plugins-by_ssh-debuginfo-2.3.1-150000.3.11.1 monitoring-plugins-cluster-2.3.1-150000.3.11.1 monitoring-plugins-cluster-debuginfo-2.3.1-150000.3.11.1 monitoring-plugins-common-2.3.1-150000.3.11.1 monitoring-plugins-common-debuginfo-2.3.1-150000.3.11.1 monitoring-plugins-cups-2.3.1-150000.3.11.1 monitoring-plugins-dhcp-2.3.1-150000.3.11.1 monitoring-plugins-dhcp-debuginfo-2.3.1-150000.3.11.1 monitoring-plugins-dig-2.3.1-150000.3.11.1 monitoring-plugins-dig-debuginfo-2.3.1-150000.3.11.1 monitoring-plugins-disk-2.3.1-150000.3.11.1 monitoring-plugins-disk-debuginfo-2.3.1-150000.3.11.1 monitoring-plugins-disk_smb-2.3.1-150000.3.11.1 monitoring-plugins-dns-2.3.1-150000.3.11.1 monitoring-plugins-dns-debuginfo-2.3.1-150000.3.11.1 monitoring-plugins-dummy-2.3.1-150000.3.11.1 monitoring-plugins-dummy-debuginfo-2.3.1-150000.3.11.1 monitoring-plugins-extras-2.3.1-150000.3.11.1 monitoring-plugins-file_age-2.3.1-150000.3.11.1 monitoring-plugins-flexlm-2.3.1-150000.3.11.1 monitoring-plugins-hpjd-2.3.1-150000.3.11.1 monitoring-plugins-hpjd-debuginfo-2.3.1-150000.3.11.1 monitoring-plugins-icmp-2.3.1-150000.3.11.1 monitoring-plugins-icmp-debuginfo-2.3.1-150000.3.11.1 monitoring-plugins-ide_smart-2.3.1-150000.3.11.1 monitoring-plugins-ide_smart-debuginfo-2.3.1-150000.3.11.1 monitoring-plugins-ircd-2.3.1-150000.3.11.1 monitoring-plugins-load-2.3.1-150000.3.11.1 monitoring-plugins-load-debuginfo-2.3.1-150000.3.11.1 monitoring-plugins-log-2.3.1-150000.3.11.1 monitoring-plugins-mailq-2.3.1-150000.3.11.1 monitoring-plugins-mrtg-2.3.1-150000.3.11.1 monitoring-plugins-mrtg-debuginfo-2.3.1-150000.3.11.1 monitoring-plugins-mrtgtraf-2.3.1-150000.3.11.1 monitoring-plugins-mrtgtraf-debuginfo-2.3.1-150000.3.11.1 monitoring-plugins-nt-2.3.1-150000.3.11.1 monitoring-plugins-nt-debuginfo-2.3.1-150000.3.11.1 monitoring-plugins-ntp_peer-2.3.1-150000.3.11.1 monitoring-plugins-ntp_peer-debuginfo-2.3.1-150000.3.11.1 monitoring-plugins-ntp_time-2.3.1-150000.3.11.1 monitoring-plugins-ntp_time-debuginfo-2.3.1-150000.3.11.1 monitoring-plugins-nwstat-2.3.1-150000.3.11.1 monitoring-plugins-nwstat-debuginfo-2.3.1-150000.3.11.1 monitoring-plugins-oracle-2.3.1-150000.3.11.1 monitoring-plugins-overcr-2.3.1-150000.3.11.1 monitoring-plugins-overcr-debuginfo-2.3.1-150000.3.11.1 monitoring-plugins-ping-2.3.1-150000.3.11.1 monitoring-plugins-ping-debuginfo-2.3.1-150000.3.11.1 monitoring-plugins-procs-2.3.1-150000.3.11.1 monitoring-plugins-procs-debuginfo-2.3.1-150000.3.11.1 monitoring-plugins-radius-2.3.1-150000.3.11.1 monitoring-plugins-radius-debuginfo-2.3.1-150000.3.11.1 monitoring-plugins-real-2.3.1-150000.3.11.1 monitoring-plugins-real-debuginfo-2.3.1-150000.3.11.1 monitoring-plugins-rpc-2.3.1-150000.3.11.1 monitoring-plugins-sensors-2.3.1-150000.3.11.1 monitoring-plugins-smtp-2.3.1-150000.3.11.1 monitoring-plugins-smtp-debuginfo-2.3.1-150000.3.11.1 monitoring-plugins-snmp-2.3.1-150000.3.11.1 monitoring-plugins-snmp-debuginfo-2.3.1-150000.3.11.1 monitoring-plugins-ssh-2.3.1-150000.3.11.1 monitoring-plugins-ssh-debuginfo-2.3.1-150000.3.11.1 monitoring-plugins-swap-2.3.1-150000.3.11.1 monitoring-plugins-swap-debuginfo-2.3.1-150000.3.11.1 monitoring-plugins-time-2.3.1-150000.3.11.1 monitoring-plugins-time-debuginfo-2.3.1-150000.3.11.1 monitoring-plugins-ups-2.3.1-150000.3.11.1 monitoring-plugins-ups-debuginfo-2.3.1-150000.3.11.1 monitoring-plugins-users-2.3.1-150000.3.11.1 monitoring-plugins-users-debuginfo-2.3.1-150000.3.11.1 monitoring-plugins-wave-2.3.1-150000.3.11.1 - SUSE Linux Enterprise High Availability 15-SP1 (aarch64 ppc64le s390x x86_64): monitoring-plugins-debuginfo-2.3.1-150000.3.11.1 monitoring-plugins-debugsource-2.3.1-150000.3.11.1 monitoring-plugins-fping-2.3.1-150000.3.11.1 monitoring-plugins-fping-debuginfo-2.3.1-150000.3.11.1 monitoring-plugins-http-2.3.1-150000.3.11.1 monitoring-plugins-http-debuginfo-2.3.1-150000.3.11.1 monitoring-plugins-ldap-2.3.1-150000.3.11.1 monitoring-plugins-ldap-debuginfo-2.3.1-150000.3.11.1 monitoring-plugins-mysql-2.3.1-150000.3.11.1 monitoring-plugins-mysql-debuginfo-2.3.1-150000.3.11.1 monitoring-plugins-pgsql-2.3.1-150000.3.11.1 monitoring-plugins-pgsql-debuginfo-2.3.1-150000.3.11.1 monitoring-plugins-tcp-2.3.1-150000.3.11.1 monitoring-plugins-tcp-debuginfo-2.3.1-150000.3.11.1 - SUSE Linux Enterprise High Availability 15 (aarch64 ppc64le s390x x86_64): monitoring-plugins-debuginfo-2.3.1-150000.3.11.1 monitoring-plugins-debugsource-2.3.1-150000.3.11.1 monitoring-plugins-fping-2.3.1-150000.3.11.1 monitoring-plugins-fping-debuginfo-2.3.1-150000.3.11.1 monitoring-plugins-http-2.3.1-150000.3.11.1 monitoring-plugins-http-debuginfo-2.3.1-150000.3.11.1 monitoring-plugins-ldap-2.3.1-150000.3.11.1 monitoring-plugins-ldap-debuginfo-2.3.1-150000.3.11.1 monitoring-plugins-mysql-2.3.1-150000.3.11.1 monitoring-plugins-mysql-debuginfo-2.3.1-150000.3.11.1 monitoring-plugins-pgsql-2.3.1-150000.3.11.1 monitoring-plugins-pgsql-debuginfo-2.3.1-150000.3.11.1 monitoring-plugins-tcp-2.3.1-150000.3.11.1 monitoring-plugins-tcp-debuginfo-2.3.1-150000.3.11.1 References: From sle-updates at lists.suse.com Fri Oct 21 13:32:22 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 21 Oct 2022 15:32:22 +0200 (CEST) Subject: SUSE-SU-2022:3682-1: important: Security update for bind Message-ID: <20221021133222.EDE42FBAE@maintenance.suse.de> SUSE Security Update: Security update for bind ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3682-1 Rating: important References: #1201247 #1203614 #1203619 #1203620 Cross-References: CVE-2022-2795 CVE-2022-38177 CVE-2022-38178 CVSS scores: CVE-2022-2795 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-2795 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-38177 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-38177 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-38178 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-38178 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Module for Server Applications 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that solves three vulnerabilities and has one errata is now available. Description: This update for bind fixes the following issues: - CVE-2022-2795: Fixed potential performance degredation due to missing database lookup limits when processing large delegations (bsc#1203614). - CVE-2022-38177: Fixed a memory leak that could be externally triggered in the DNSSEC verification code for the ECDSA algorithm (bsc#1203619). - CVE-2022-38178: Fixed memory leaks that could be externally triggered in the DNSSEC verification code for the EdDSA algorithm (bsc#1203620). Bugfixes: - Changed ownership of /var/lib/named/master from named:named to root:root (bsc#1201247) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3682=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-3682=1 - SUSE Linux Enterprise Module for Server Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2022-3682=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-3682=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-3682=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): bind-chrootenv-9.16.6-150300.22.21.2 bind-devel-9.16.6-150300.22.21.2 libbind9-1600-9.16.6-150300.22.21.2 libbind9-1600-debuginfo-9.16.6-150300.22.21.2 libdns1605-9.16.6-150300.22.21.2 libdns1605-debuginfo-9.16.6-150300.22.21.2 libirs-devel-9.16.6-150300.22.21.2 libirs1601-9.16.6-150300.22.21.2 libirs1601-debuginfo-9.16.6-150300.22.21.2 libisc1606-9.16.6-150300.22.21.2 libisc1606-debuginfo-9.16.6-150300.22.21.2 libisccc1600-9.16.6-150300.22.21.2 libisccc1600-debuginfo-9.16.6-150300.22.21.2 libisccfg1600-9.16.6-150300.22.21.2 libisccfg1600-debuginfo-9.16.6-150300.22.21.2 libns1604-9.16.6-150300.22.21.2 libns1604-debuginfo-9.16.6-150300.22.21.2 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): bind-9.16.6-150300.22.21.2 bind-chrootenv-9.16.6-150300.22.21.2 bind-debuginfo-9.16.6-150300.22.21.2 bind-debugsource-9.16.6-150300.22.21.2 bind-devel-9.16.6-150300.22.21.2 bind-utils-9.16.6-150300.22.21.2 bind-utils-debuginfo-9.16.6-150300.22.21.2 libbind9-1600-9.16.6-150300.22.21.2 libbind9-1600-debuginfo-9.16.6-150300.22.21.2 libdns1605-9.16.6-150300.22.21.2 libdns1605-debuginfo-9.16.6-150300.22.21.2 libirs-devel-9.16.6-150300.22.21.2 libirs1601-9.16.6-150300.22.21.2 libirs1601-debuginfo-9.16.6-150300.22.21.2 libisc1606-9.16.6-150300.22.21.2 libisc1606-debuginfo-9.16.6-150300.22.21.2 libisccc1600-9.16.6-150300.22.21.2 libisccc1600-debuginfo-9.16.6-150300.22.21.2 libisccfg1600-9.16.6-150300.22.21.2 libisccfg1600-debuginfo-9.16.6-150300.22.21.2 libns1604-9.16.6-150300.22.21.2 libns1604-debuginfo-9.16.6-150300.22.21.2 - openSUSE Leap 15.3 (noarch): bind-doc-9.16.6-150300.22.21.2 python3-bind-9.16.6-150300.22.21.2 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (aarch64 ppc64le s390x x86_64): bind-9.16.6-150300.22.21.2 bind-chrootenv-9.16.6-150300.22.21.2 bind-debuginfo-9.16.6-150300.22.21.2 bind-debugsource-9.16.6-150300.22.21.2 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (noarch): bind-doc-9.16.6-150300.22.21.2 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): bind-debuginfo-9.16.6-150300.22.21.2 bind-debugsource-9.16.6-150300.22.21.2 libbind9-1600-9.16.6-150300.22.21.2 libbind9-1600-debuginfo-9.16.6-150300.22.21.2 libdns1605-9.16.6-150300.22.21.2 libdns1605-debuginfo-9.16.6-150300.22.21.2 libirs1601-9.16.6-150300.22.21.2 libirs1601-debuginfo-9.16.6-150300.22.21.2 libisc1606-9.16.6-150300.22.21.2 libisc1606-debuginfo-9.16.6-150300.22.21.2 libisccc1600-9.16.6-150300.22.21.2 libisccc1600-debuginfo-9.16.6-150300.22.21.2 libisccfg1600-9.16.6-150300.22.21.2 libisccfg1600-debuginfo-9.16.6-150300.22.21.2 libns1604-9.16.6-150300.22.21.2 libns1604-debuginfo-9.16.6-150300.22.21.2 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): bind-debuginfo-9.16.6-150300.22.21.2 bind-debugsource-9.16.6-150300.22.21.2 bind-devel-9.16.6-150300.22.21.2 bind-utils-9.16.6-150300.22.21.2 bind-utils-debuginfo-9.16.6-150300.22.21.2 libbind9-1600-9.16.6-150300.22.21.2 libbind9-1600-debuginfo-9.16.6-150300.22.21.2 libdns1605-9.16.6-150300.22.21.2 libdns1605-debuginfo-9.16.6-150300.22.21.2 libirs-devel-9.16.6-150300.22.21.2 libirs1601-9.16.6-150300.22.21.2 libirs1601-debuginfo-9.16.6-150300.22.21.2 libisc1606-9.16.6-150300.22.21.2 libisc1606-debuginfo-9.16.6-150300.22.21.2 libisccc1600-9.16.6-150300.22.21.2 libisccc1600-debuginfo-9.16.6-150300.22.21.2 libisccfg1600-9.16.6-150300.22.21.2 libisccfg1600-debuginfo-9.16.6-150300.22.21.2 libns1604-9.16.6-150300.22.21.2 libns1604-debuginfo-9.16.6-150300.22.21.2 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): python3-bind-9.16.6-150300.22.21.2 References: https://www.suse.com/security/cve/CVE-2022-2795.html https://www.suse.com/security/cve/CVE-2022-38177.html https://www.suse.com/security/cve/CVE-2022-38178.html https://bugzilla.suse.com/1201247 https://bugzilla.suse.com/1203614 https://bugzilla.suse.com/1203619 https://bugzilla.suse.com/1203620 From sle-updates at lists.suse.com Fri Oct 21 16:22:00 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 21 Oct 2022 18:22:00 +0200 (CEST) Subject: SUSE-SU-2022:3690-1: important: Security update for tiff Message-ID: <20221021162200.9ED17FBAE@maintenance.suse.de> SUSE Security Update: Security update for tiff ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3690-1 Rating: important References: #1201723 #1201971 #1202026 #1202466 #1202467 #1202468 #1202968 #1202971 #1202973 Cross-References: CVE-2022-0561 CVE-2022-2519 CVE-2022-2520 CVE-2022-2521 CVE-2022-2867 CVE-2022-2868 CVE-2022-2869 CVE-2022-34266 CVE-2022-34526 CVSS scores: CVE-2022-0561 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2022-0561 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2022-2519 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2022-2519 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVE-2022-2520 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2022-2520 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2022-2521 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2022-2521 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-2867 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-2867 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2022-2868 (NVD) : 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H CVE-2022-2868 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2022-2869 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-2869 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2022-34266 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2022-34266 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-34526 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2022-34526 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Enterprise Storage 7 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Micro 5.3 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Module for Desktop Applications 15-SP3 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.1 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.1 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 openSUSE Leap Micro 5.2 ______________________________________________________________________________ An update that fixes 9 vulnerabilities is now available. Description: This update for tiff fixes the following issues: - CVE-2022-2519: Fixed a double free in rotateImage() (bsc#1202968). - CVE-2022-2520: Fixed a assertion failure in rotateImage() (bsc#1202973). - CVE-2022-2521: Fixed invalid free in TIFFClose() (bsc#1202971). - CVE-2022-2867: Fixed out of bounds read and write in tiffcrop.c (bsc#1202466). - CVE-2022-2868: Fixed out of bounds read in reverseSamples16bits() (bsc#1202467). - CVE-2022-2869: Fixed out of bounds read and write in extractContigSamples8bits() (bsc#1202468). - CVE-2022-34526: Fixed stack overflow in the _TIFFVGetField function of Tiffsplit (bsc#1202026). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap Micro 5.2: zypper in -t patch openSUSE-Leap-Micro-5.2-2022-3690=1 - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3690=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-3690=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-3690=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-3690=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-3690=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-3690=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-3690=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-3690=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-3690=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-3690=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-3690=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-3690=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-3690=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2022-3690=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2022-3690=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP3-2022-3690=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-3690=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-3690=1 - SUSE Linux Enterprise Micro 5.3: zypper in -t patch SUSE-SLE-Micro-5.3-2022-3690=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-3690=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-3690=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-3690=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-3690=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-3690=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-3690=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-3690=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-3690=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-3690=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - openSUSE Leap Micro 5.2 (aarch64 x86_64): libtiff5-4.0.9-150000.45.16.1 libtiff5-debuginfo-4.0.9-150000.45.16.1 tiff-debuginfo-4.0.9-150000.45.16.1 tiff-debugsource-4.0.9-150000.45.16.1 - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): libtiff-devel-4.0.9-150000.45.16.1 libtiff5-4.0.9-150000.45.16.1 libtiff5-debuginfo-4.0.9-150000.45.16.1 tiff-4.0.9-150000.45.16.1 tiff-debuginfo-4.0.9-150000.45.16.1 tiff-debugsource-4.0.9-150000.45.16.1 - openSUSE Leap 15.4 (x86_64): libtiff-devel-32bit-4.0.9-150000.45.16.1 libtiff5-32bit-4.0.9-150000.45.16.1 libtiff5-32bit-debuginfo-4.0.9-150000.45.16.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): libtiff-devel-4.0.9-150000.45.16.1 libtiff5-4.0.9-150000.45.16.1 libtiff5-debuginfo-4.0.9-150000.45.16.1 tiff-4.0.9-150000.45.16.1 tiff-debuginfo-4.0.9-150000.45.16.1 tiff-debugsource-4.0.9-150000.45.16.1 - openSUSE Leap 15.3 (x86_64): libtiff-devel-32bit-4.0.9-150000.45.16.1 libtiff5-32bit-4.0.9-150000.45.16.1 libtiff5-32bit-debuginfo-4.0.9-150000.45.16.1 - SUSE Manager Server 4.1 (ppc64le s390x x86_64): libtiff-devel-4.0.9-150000.45.16.1 libtiff5-4.0.9-150000.45.16.1 libtiff5-debuginfo-4.0.9-150000.45.16.1 tiff-debuginfo-4.0.9-150000.45.16.1 tiff-debugsource-4.0.9-150000.45.16.1 - SUSE Manager Server 4.1 (x86_64): libtiff5-32bit-4.0.9-150000.45.16.1 libtiff5-32bit-debuginfo-4.0.9-150000.45.16.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): libtiff-devel-4.0.9-150000.45.16.1 libtiff5-32bit-4.0.9-150000.45.16.1 libtiff5-32bit-debuginfo-4.0.9-150000.45.16.1 libtiff5-4.0.9-150000.45.16.1 libtiff5-debuginfo-4.0.9-150000.45.16.1 tiff-debuginfo-4.0.9-150000.45.16.1 tiff-debugsource-4.0.9-150000.45.16.1 - SUSE Manager Proxy 4.1 (x86_64): libtiff-devel-4.0.9-150000.45.16.1 libtiff5-32bit-4.0.9-150000.45.16.1 libtiff5-32bit-debuginfo-4.0.9-150000.45.16.1 libtiff5-4.0.9-150000.45.16.1 libtiff5-debuginfo-4.0.9-150000.45.16.1 tiff-debuginfo-4.0.9-150000.45.16.1 tiff-debugsource-4.0.9-150000.45.16.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): libtiff-devel-4.0.9-150000.45.16.1 libtiff5-4.0.9-150000.45.16.1 libtiff5-debuginfo-4.0.9-150000.45.16.1 tiff-debuginfo-4.0.9-150000.45.16.1 tiff-debugsource-4.0.9-150000.45.16.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (x86_64): libtiff5-32bit-4.0.9-150000.45.16.1 libtiff5-32bit-debuginfo-4.0.9-150000.45.16.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): libtiff-devel-4.0.9-150000.45.16.1 libtiff5-4.0.9-150000.45.16.1 libtiff5-debuginfo-4.0.9-150000.45.16.1 tiff-debuginfo-4.0.9-150000.45.16.1 tiff-debugsource-4.0.9-150000.45.16.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (x86_64): libtiff5-32bit-4.0.9-150000.45.16.1 libtiff5-32bit-debuginfo-4.0.9-150000.45.16.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): libtiff-devel-4.0.9-150000.45.16.1 libtiff5-4.0.9-150000.45.16.1 libtiff5-debuginfo-4.0.9-150000.45.16.1 tiff-debuginfo-4.0.9-150000.45.16.1 tiff-debugsource-4.0.9-150000.45.16.1 - SUSE Linux Enterprise Server for SAP 15 (x86_64): libtiff5-32bit-4.0.9-150000.45.16.1 libtiff5-32bit-debuginfo-4.0.9-150000.45.16.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): libtiff-devel-4.0.9-150000.45.16.1 libtiff5-4.0.9-150000.45.16.1 libtiff5-debuginfo-4.0.9-150000.45.16.1 tiff-debuginfo-4.0.9-150000.45.16.1 tiff-debugsource-4.0.9-150000.45.16.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (x86_64): libtiff5-32bit-4.0.9-150000.45.16.1 libtiff5-32bit-debuginfo-4.0.9-150000.45.16.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): libtiff-devel-4.0.9-150000.45.16.1 libtiff5-32bit-4.0.9-150000.45.16.1 libtiff5-32bit-debuginfo-4.0.9-150000.45.16.1 libtiff5-4.0.9-150000.45.16.1 libtiff5-debuginfo-4.0.9-150000.45.16.1 tiff-debuginfo-4.0.9-150000.45.16.1 tiff-debugsource-4.0.9-150000.45.16.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): libtiff-devel-4.0.9-150000.45.16.1 libtiff5-4.0.9-150000.45.16.1 libtiff5-debuginfo-4.0.9-150000.45.16.1 tiff-debuginfo-4.0.9-150000.45.16.1 tiff-debugsource-4.0.9-150000.45.16.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (x86_64): libtiff5-32bit-4.0.9-150000.45.16.1 libtiff5-32bit-debuginfo-4.0.9-150000.45.16.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): libtiff-devel-4.0.9-150000.45.16.1 libtiff5-32bit-4.0.9-150000.45.16.1 libtiff5-32bit-debuginfo-4.0.9-150000.45.16.1 libtiff5-4.0.9-150000.45.16.1 libtiff5-debuginfo-4.0.9-150000.45.16.1 tiff-debuginfo-4.0.9-150000.45.16.1 tiff-debugsource-4.0.9-150000.45.16.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): libtiff-devel-4.0.9-150000.45.16.1 libtiff5-4.0.9-150000.45.16.1 libtiff5-debuginfo-4.0.9-150000.45.16.1 tiff-debuginfo-4.0.9-150000.45.16.1 tiff-debugsource-4.0.9-150000.45.16.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 (aarch64 ppc64le s390x x86_64): tiff-4.0.9-150000.45.16.1 tiff-debuginfo-4.0.9-150000.45.16.1 tiff-debugsource-4.0.9-150000.45.16.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (aarch64 ppc64le s390x x86_64): tiff-4.0.9-150000.45.16.1 tiff-debuginfo-4.0.9-150000.45.16.1 tiff-debugsource-4.0.9-150000.45.16.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (x86_64): libtiff5-32bit-4.0.9-150000.45.16.1 libtiff5-32bit-debuginfo-4.0.9-150000.45.16.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (x86_64): libtiff5-32bit-4.0.9-150000.45.16.1 libtiff5-32bit-debuginfo-4.0.9-150000.45.16.1 tiff-debugsource-4.0.9-150000.45.16.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): libtiff-devel-4.0.9-150000.45.16.1 libtiff5-4.0.9-150000.45.16.1 libtiff5-debuginfo-4.0.9-150000.45.16.1 tiff-debuginfo-4.0.9-150000.45.16.1 tiff-debugsource-4.0.9-150000.45.16.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (x86_64): libtiff5-32bit-4.0.9-150000.45.16.1 libtiff5-32bit-debuginfo-4.0.9-150000.45.16.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): libtiff-devel-4.0.9-150000.45.16.1 libtiff5-4.0.9-150000.45.16.1 libtiff5-debuginfo-4.0.9-150000.45.16.1 tiff-debuginfo-4.0.9-150000.45.16.1 tiff-debugsource-4.0.9-150000.45.16.1 - SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64): libtiff5-4.0.9-150000.45.16.1 libtiff5-debuginfo-4.0.9-150000.45.16.1 tiff-debuginfo-4.0.9-150000.45.16.1 tiff-debugsource-4.0.9-150000.45.16.1 - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): libtiff5-4.0.9-150000.45.16.1 libtiff5-debuginfo-4.0.9-150000.45.16.1 tiff-debuginfo-4.0.9-150000.45.16.1 tiff-debugsource-4.0.9-150000.45.16.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): libtiff-devel-4.0.9-150000.45.16.1 libtiff5-4.0.9-150000.45.16.1 libtiff5-debuginfo-4.0.9-150000.45.16.1 tiff-debuginfo-4.0.9-150000.45.16.1 tiff-debugsource-4.0.9-150000.45.16.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (x86_64): libtiff5-32bit-4.0.9-150000.45.16.1 libtiff5-32bit-debuginfo-4.0.9-150000.45.16.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): libtiff-devel-4.0.9-150000.45.16.1 libtiff5-4.0.9-150000.45.16.1 libtiff5-debuginfo-4.0.9-150000.45.16.1 tiff-debuginfo-4.0.9-150000.45.16.1 tiff-debugsource-4.0.9-150000.45.16.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (x86_64): libtiff5-32bit-4.0.9-150000.45.16.1 libtiff5-32bit-debuginfo-4.0.9-150000.45.16.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): libtiff-devel-4.0.9-150000.45.16.1 libtiff5-4.0.9-150000.45.16.1 libtiff5-debuginfo-4.0.9-150000.45.16.1 tiff-debuginfo-4.0.9-150000.45.16.1 tiff-debugsource-4.0.9-150000.45.16.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (x86_64): libtiff5-32bit-4.0.9-150000.45.16.1 libtiff5-32bit-debuginfo-4.0.9-150000.45.16.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): libtiff-devel-4.0.9-150000.45.16.1 libtiff5-4.0.9-150000.45.16.1 libtiff5-debuginfo-4.0.9-150000.45.16.1 tiff-debuginfo-4.0.9-150000.45.16.1 tiff-debugsource-4.0.9-150000.45.16.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (x86_64): libtiff5-32bit-4.0.9-150000.45.16.1 libtiff5-32bit-debuginfo-4.0.9-150000.45.16.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): libtiff-devel-4.0.9-150000.45.16.1 libtiff5-4.0.9-150000.45.16.1 libtiff5-debuginfo-4.0.9-150000.45.16.1 tiff-debuginfo-4.0.9-150000.45.16.1 tiff-debugsource-4.0.9-150000.45.16.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (x86_64): libtiff5-32bit-4.0.9-150000.45.16.1 libtiff5-32bit-debuginfo-4.0.9-150000.45.16.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): libtiff-devel-4.0.9-150000.45.16.1 libtiff5-4.0.9-150000.45.16.1 libtiff5-debuginfo-4.0.9-150000.45.16.1 tiff-debuginfo-4.0.9-150000.45.16.1 tiff-debugsource-4.0.9-150000.45.16.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (x86_64): libtiff5-32bit-4.0.9-150000.45.16.1 libtiff5-32bit-debuginfo-4.0.9-150000.45.16.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): libtiff-devel-4.0.9-150000.45.16.1 libtiff5-4.0.9-150000.45.16.1 libtiff5-debuginfo-4.0.9-150000.45.16.1 tiff-debuginfo-4.0.9-150000.45.16.1 tiff-debugsource-4.0.9-150000.45.16.1 - SUSE Enterprise Storage 7 (x86_64): libtiff5-32bit-4.0.9-150000.45.16.1 libtiff5-32bit-debuginfo-4.0.9-150000.45.16.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): libtiff-devel-4.0.9-150000.45.16.1 libtiff5-4.0.9-150000.45.16.1 libtiff5-debuginfo-4.0.9-150000.45.16.1 tiff-debuginfo-4.0.9-150000.45.16.1 tiff-debugsource-4.0.9-150000.45.16.1 - SUSE Enterprise Storage 6 (x86_64): libtiff5-32bit-4.0.9-150000.45.16.1 libtiff5-32bit-debuginfo-4.0.9-150000.45.16.1 - SUSE CaaS Platform 4.0 (x86_64): libtiff-devel-4.0.9-150000.45.16.1 libtiff5-32bit-4.0.9-150000.45.16.1 libtiff5-32bit-debuginfo-4.0.9-150000.45.16.1 libtiff5-4.0.9-150000.45.16.1 libtiff5-debuginfo-4.0.9-150000.45.16.1 tiff-debuginfo-4.0.9-150000.45.16.1 tiff-debugsource-4.0.9-150000.45.16.1 References: https://www.suse.com/security/cve/CVE-2022-0561.html https://www.suse.com/security/cve/CVE-2022-2519.html https://www.suse.com/security/cve/CVE-2022-2520.html https://www.suse.com/security/cve/CVE-2022-2521.html https://www.suse.com/security/cve/CVE-2022-2867.html https://www.suse.com/security/cve/CVE-2022-2868.html https://www.suse.com/security/cve/CVE-2022-2869.html https://www.suse.com/security/cve/CVE-2022-34266.html https://www.suse.com/security/cve/CVE-2022-34526.html https://bugzilla.suse.com/1201723 https://bugzilla.suse.com/1201971 https://bugzilla.suse.com/1202026 https://bugzilla.suse.com/1202466 https://bugzilla.suse.com/1202467 https://bugzilla.suse.com/1202468 https://bugzilla.suse.com/1202968 https://bugzilla.suse.com/1202971 https://bugzilla.suse.com/1202973 From sle-updates at lists.suse.com Fri Oct 21 16:24:26 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 21 Oct 2022 18:24:26 +0200 (CEST) Subject: SUSE-SU-2022:3687-1: important: Security update for bluez Message-ID: <20221021162426.54011FBAE@maintenance.suse.de> SUSE Security Update: Security update for bluez ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3687-1 Rating: important References: #1186463 #1188859 #1192394 #1193227 #1193237 Cross-References: CVE-2019-8921 CVE-2019-8922 CVE-2020-26558 CVE-2021-0129 CVE-2021-3658 CVE-2021-43400 CVSS scores: CVE-2019-8921 (NVD) : 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2019-8921 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2019-8922 (NVD) : 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2019-8922 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2020-26558 (NVD) : 4.2 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N CVE-2020-26558 (SUSE): 4.2 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N CVE-2021-0129 (NVD) : 5.7 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2021-0129 (SUSE): 6.4 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N CVE-2021-3658 (NVD) : 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2021-3658 (SUSE): 4.6 CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L CVE-2021-43400 (NVD) : 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVE-2021-43400 (SUSE): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server for SAP 15-SP1 ______________________________________________________________________________ An update that fixes 6 vulnerabilities is now available. Description: This update for bluez fixes the following issues: - CVE-2021-0129: Fixed improper access control (bsc#1186463). - CVE-2020-26558: Fixed vulnerability that may permit a nearby man-in-the-middle attacker to identify the Passkey (bsc#1186463). - CVE-2019-8921: Fixed heap-based buffer overflow via crafted request (bsc#1193237). - CVE-2019-8922: Fixed heap-based buffer overflow via crafted request (bsc#1193227). - CVE-2021-3658: Fixed adapter incorrectly restoring discoverable state after powered down (bsc#1188859). - CVE-2021-43400: Fixed use-after-free in gatt-database.c (bsc#1192394). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-3687=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-3687=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-3687=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-3687=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-3687=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-3687=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-3687=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-3687=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-3687=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-3687=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): bluez-5.48-150000.5.41.1 bluez-debuginfo-5.48-150000.5.41.1 bluez-debugsource-5.48-150000.5.41.1 bluez-devel-5.48-150000.5.41.1 libbluetooth3-5.48-150000.5.41.1 libbluetooth3-debuginfo-5.48-150000.5.41.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): bluez-5.48-150000.5.41.1 bluez-debuginfo-5.48-150000.5.41.1 bluez-debugsource-5.48-150000.5.41.1 bluez-devel-5.48-150000.5.41.1 libbluetooth3-5.48-150000.5.41.1 libbluetooth3-debuginfo-5.48-150000.5.41.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): bluez-5.48-150000.5.41.1 bluez-debuginfo-5.48-150000.5.41.1 bluez-debugsource-5.48-150000.5.41.1 bluez-devel-5.48-150000.5.41.1 libbluetooth3-5.48-150000.5.41.1 libbluetooth3-debuginfo-5.48-150000.5.41.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): bluez-5.48-150000.5.41.1 bluez-debuginfo-5.48-150000.5.41.1 bluez-debugsource-5.48-150000.5.41.1 bluez-devel-5.48-150000.5.41.1 libbluetooth3-5.48-150000.5.41.1 libbluetooth3-debuginfo-5.48-150000.5.41.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): bluez-5.48-150000.5.41.1 bluez-debuginfo-5.48-150000.5.41.1 bluez-debugsource-5.48-150000.5.41.1 bluez-devel-5.48-150000.5.41.1 libbluetooth3-5.48-150000.5.41.1 libbluetooth3-debuginfo-5.48-150000.5.41.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): bluez-5.48-150000.5.41.1 bluez-debuginfo-5.48-150000.5.41.1 bluez-debugsource-5.48-150000.5.41.1 bluez-devel-5.48-150000.5.41.1 libbluetooth3-5.48-150000.5.41.1 libbluetooth3-debuginfo-5.48-150000.5.41.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): bluez-5.48-150000.5.41.1 bluez-debuginfo-5.48-150000.5.41.1 bluez-debugsource-5.48-150000.5.41.1 bluez-devel-5.48-150000.5.41.1 libbluetooth3-5.48-150000.5.41.1 libbluetooth3-debuginfo-5.48-150000.5.41.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): bluez-5.48-150000.5.41.1 bluez-debuginfo-5.48-150000.5.41.1 bluez-debugsource-5.48-150000.5.41.1 bluez-devel-5.48-150000.5.41.1 libbluetooth3-5.48-150000.5.41.1 libbluetooth3-debuginfo-5.48-150000.5.41.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): bluez-5.48-150000.5.41.1 bluez-debuginfo-5.48-150000.5.41.1 bluez-debugsource-5.48-150000.5.41.1 bluez-devel-5.48-150000.5.41.1 libbluetooth3-5.48-150000.5.41.1 libbluetooth3-debuginfo-5.48-150000.5.41.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): bluez-5.48-150000.5.41.1 bluez-debuginfo-5.48-150000.5.41.1 bluez-debugsource-5.48-150000.5.41.1 bluez-devel-5.48-150000.5.41.1 libbluetooth3-5.48-150000.5.41.1 libbluetooth3-debuginfo-5.48-150000.5.41.1 - SUSE CaaS Platform 4.0 (x86_64): bluez-5.48-150000.5.41.1 bluez-debuginfo-5.48-150000.5.41.1 bluez-debugsource-5.48-150000.5.41.1 bluez-devel-5.48-150000.5.41.1 libbluetooth3-5.48-150000.5.41.1 libbluetooth3-debuginfo-5.48-150000.5.41.1 References: https://www.suse.com/security/cve/CVE-2019-8921.html https://www.suse.com/security/cve/CVE-2019-8922.html https://www.suse.com/security/cve/CVE-2020-26558.html https://www.suse.com/security/cve/CVE-2021-0129.html https://www.suse.com/security/cve/CVE-2021-3658.html https://www.suse.com/security/cve/CVE-2021-43400.html https://bugzilla.suse.com/1186463 https://bugzilla.suse.com/1188859 https://bugzilla.suse.com/1192394 https://bugzilla.suse.com/1193227 https://bugzilla.suse.com/1193237 From sle-updates at lists.suse.com Fri Oct 21 16:25:51 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 21 Oct 2022 18:25:51 +0200 (CEST) Subject: SUSE-SU-2022:3688-1: important: Security update for the Linux Kernel Message-ID: <20221021162551.19393FBAE@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3688-1 Rating: important References: #1201309 #1202385 #1202677 #1202960 #1203552 #1203769 #1203987 Cross-References: CVE-2022-2503 CVE-2022-3239 CVE-2022-3303 CVE-2022-41218 CVE-2022-41848 CVSS scores: CVE-2022-2503 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-2503 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-3239 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3239 (SUSE): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-3303 (NVD) : 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3303 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2022-41218 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-41218 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-41848 (NVD) : 4.2 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-41848 (SUSE): 6.4 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise High Availability 15 SUSE Linux Enterprise High Performance Computing 15 SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise Module for Live Patching 15 SUSE Linux Enterprise Server 15 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server for SAP Applications 15 ______________________________________________________________________________ An update that solves 5 vulnerabilities and has two fixes is now available. Description: The SUSE Linux Enterprise 15 kernel was updated. The following security bugs were fixed: - CVE-2022-3303: Fixed a race condition in the sound subsystem due to improper locking (bnc#1203769). - CVE-2022-41218: Fixed an use-after-free caused by refcount races in drivers/media/dvb-core/dmxdev.c (bnc#1202960). - CVE-2022-3239: Fixed an use-after-free in the video4linux driver that could lead a local user to able to crash the system or escalate their privileges (bnc#1203552). - CVE-2022-41848: Fixed a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling ioctl (bnc#1203987). - CVE-2022-2503: Fixed a bug in dm-verity, device-mapper table reloads allowed users with root privileges to switch out the target with an equivalent dm-linear target and bypass verification till reboot. This allowed root to bypass LoadPin and can be used to load untrusted and unverified kernel modules and firmware, which implies arbitrary kernel execution and persistence for peripherals that do not verify firmware updates (bnc#1202677). The following non-security bugs were fixed: - dtb: Do not include sources in src.rpm - refer to kernel-source Same as other kernel binary packages there is no need to carry duplicate sources in dtb packages. - net: mana: Add rmb after checking owner bits (git-fixes). - net: mana: Add the Linux MANA PF driver (bug#1201309, jsc#PED-529). - x86/bugs: Reenable retbleed=off While for older kernels the return thunks are statically built in and cannot be dynamically patched out, retbleed=off should still be possible to do so that the mitigation can still be disabled on Intel who do not use the return thunks but IBRS. Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-3688=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-3688=1 - SUSE Linux Enterprise Module for Live Patching 15: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-2022-3688=1 Please note that this is the initial kernel livepatch without fixes itself, this livepatch package is later updated by seperate standalone livepatch updates. - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-3688=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-3688=1 - SUSE Linux Enterprise High Availability 15: zypper in -t patch SUSE-SLE-Product-HA-15-2022-3688=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): kernel-default-4.12.14-150000.150.104.1 kernel-default-base-4.12.14-150000.150.104.1 kernel-default-debuginfo-4.12.14-150000.150.104.1 kernel-default-debugsource-4.12.14-150000.150.104.1 kernel-default-devel-4.12.14-150000.150.104.1 kernel-default-devel-debuginfo-4.12.14-150000.150.104.1 kernel-obs-build-4.12.14-150000.150.104.1 kernel-obs-build-debugsource-4.12.14-150000.150.104.1 kernel-syms-4.12.14-150000.150.104.1 kernel-vanilla-base-4.12.14-150000.150.104.1 kernel-vanilla-base-debuginfo-4.12.14-150000.150.104.1 kernel-vanilla-debuginfo-4.12.14-150000.150.104.1 kernel-vanilla-debugsource-4.12.14-150000.150.104.1 reiserfs-kmp-default-4.12.14-150000.150.104.1 reiserfs-kmp-default-debuginfo-4.12.14-150000.150.104.1 - SUSE Linux Enterprise Server for SAP 15 (noarch): kernel-devel-4.12.14-150000.150.104.1 kernel-docs-4.12.14-150000.150.104.1 kernel-macros-4.12.14-150000.150.104.1 kernel-source-4.12.14-150000.150.104.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): kernel-default-4.12.14-150000.150.104.1 kernel-default-base-4.12.14-150000.150.104.1 kernel-default-debuginfo-4.12.14-150000.150.104.1 kernel-default-debugsource-4.12.14-150000.150.104.1 kernel-default-devel-4.12.14-150000.150.104.1 kernel-default-devel-debuginfo-4.12.14-150000.150.104.1 kernel-obs-build-4.12.14-150000.150.104.1 kernel-obs-build-debugsource-4.12.14-150000.150.104.1 kernel-syms-4.12.14-150000.150.104.1 kernel-vanilla-base-4.12.14-150000.150.104.1 kernel-vanilla-base-debuginfo-4.12.14-150000.150.104.1 kernel-vanilla-debuginfo-4.12.14-150000.150.104.1 kernel-vanilla-debugsource-4.12.14-150000.150.104.1 reiserfs-kmp-default-4.12.14-150000.150.104.1 reiserfs-kmp-default-debuginfo-4.12.14-150000.150.104.1 - SUSE Linux Enterprise Server 15-LTSS (noarch): kernel-devel-4.12.14-150000.150.104.1 kernel-docs-4.12.14-150000.150.104.1 kernel-macros-4.12.14-150000.150.104.1 kernel-source-4.12.14-150000.150.104.1 - SUSE Linux Enterprise Server 15-LTSS (s390x): kernel-default-man-4.12.14-150000.150.104.1 kernel-zfcpdump-debuginfo-4.12.14-150000.150.104.1 kernel-zfcpdump-debugsource-4.12.14-150000.150.104.1 - SUSE Linux Enterprise Module for Live Patching 15 (ppc64le x86_64): kernel-default-debuginfo-4.12.14-150000.150.104.1 kernel-default-debugsource-4.12.14-150000.150.104.1 kernel-default-livepatch-4.12.14-150000.150.104.1 kernel-livepatch-4_12_14-150000_150_104-default-1-150000.1.3.1 kernel-livepatch-4_12_14-150000_150_104-default-debuginfo-1-150000.1.3.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): kernel-default-4.12.14-150000.150.104.1 kernel-default-base-4.12.14-150000.150.104.1 kernel-default-debuginfo-4.12.14-150000.150.104.1 kernel-default-debugsource-4.12.14-150000.150.104.1 kernel-default-devel-4.12.14-150000.150.104.1 kernel-default-devel-debuginfo-4.12.14-150000.150.104.1 kernel-obs-build-4.12.14-150000.150.104.1 kernel-obs-build-debugsource-4.12.14-150000.150.104.1 kernel-syms-4.12.14-150000.150.104.1 kernel-vanilla-base-4.12.14-150000.150.104.1 kernel-vanilla-base-debuginfo-4.12.14-150000.150.104.1 kernel-vanilla-debuginfo-4.12.14-150000.150.104.1 kernel-vanilla-debugsource-4.12.14-150000.150.104.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch): kernel-devel-4.12.14-150000.150.104.1 kernel-docs-4.12.14-150000.150.104.1 kernel-macros-4.12.14-150000.150.104.1 kernel-source-4.12.14-150000.150.104.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): kernel-default-4.12.14-150000.150.104.1 kernel-default-base-4.12.14-150000.150.104.1 kernel-default-debuginfo-4.12.14-150000.150.104.1 kernel-default-debugsource-4.12.14-150000.150.104.1 kernel-default-devel-4.12.14-150000.150.104.1 kernel-default-devel-debuginfo-4.12.14-150000.150.104.1 kernel-obs-build-4.12.14-150000.150.104.1 kernel-obs-build-debugsource-4.12.14-150000.150.104.1 kernel-syms-4.12.14-150000.150.104.1 kernel-vanilla-base-4.12.14-150000.150.104.1 kernel-vanilla-base-debuginfo-4.12.14-150000.150.104.1 kernel-vanilla-debuginfo-4.12.14-150000.150.104.1 kernel-vanilla-debugsource-4.12.14-150000.150.104.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch): kernel-devel-4.12.14-150000.150.104.1 kernel-docs-4.12.14-150000.150.104.1 kernel-macros-4.12.14-150000.150.104.1 kernel-source-4.12.14-150000.150.104.1 - SUSE Linux Enterprise High Availability 15 (aarch64 ppc64le s390x x86_64): cluster-md-kmp-default-4.12.14-150000.150.104.1 cluster-md-kmp-default-debuginfo-4.12.14-150000.150.104.1 dlm-kmp-default-4.12.14-150000.150.104.1 dlm-kmp-default-debuginfo-4.12.14-150000.150.104.1 gfs2-kmp-default-4.12.14-150000.150.104.1 gfs2-kmp-default-debuginfo-4.12.14-150000.150.104.1 kernel-default-debuginfo-4.12.14-150000.150.104.1 kernel-default-debugsource-4.12.14-150000.150.104.1 ocfs2-kmp-default-4.12.14-150000.150.104.1 ocfs2-kmp-default-debuginfo-4.12.14-150000.150.104.1 References: https://www.suse.com/security/cve/CVE-2022-2503.html https://www.suse.com/security/cve/CVE-2022-3239.html https://www.suse.com/security/cve/CVE-2022-3303.html https://www.suse.com/security/cve/CVE-2022-41218.html https://www.suse.com/security/cve/CVE-2022-41848.html https://bugzilla.suse.com/1201309 https://bugzilla.suse.com/1202385 https://bugzilla.suse.com/1202677 https://bugzilla.suse.com/1202960 https://bugzilla.suse.com/1203552 https://bugzilla.suse.com/1203769 https://bugzilla.suse.com/1203987 From sle-updates at lists.suse.com Fri Oct 21 16:27:18 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 21 Oct 2022 18:27:18 +0200 (CEST) Subject: SUSE-SU-2022:3691-1: important: Security update for bluez Message-ID: <20221021162718.E96F7FBAE@maintenance.suse.de> SUSE Security Update: Security update for bluez ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3691-1 Rating: important References: #1186463 #1188859 #1192394 #1193227 #1193237 Cross-References: CVE-2019-8921 CVE-2019-8922 CVE-2020-26558 CVE-2021-0129 CVE-2021-3658 CVE-2021-43400 CVSS scores: CVE-2019-8921 (NVD) : 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2019-8921 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2019-8922 (NVD) : 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2019-8922 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2020-26558 (NVD) : 4.2 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N CVE-2020-26558 (SUSE): 4.2 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N CVE-2021-0129 (NVD) : 5.7 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2021-0129 (SUSE): 6.4 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N CVE-2021-3658 (NVD) : 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2021-3658 (SUSE): 4.6 CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L CVE-2021-43400 (NVD) : 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVE-2021-43400 (SUSE): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N Affected Products: SUSE Enterprise Storage 7 SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Manager Proxy 4.1 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1 ______________________________________________________________________________ An update that fixes 6 vulnerabilities is now available. Description: This update for bluez fixes the following issues: - CVE-2019-8921: Fixed heap-based buffer overflow via crafted request (bsc#1193237). - CVE-2019-8922: Fixed heap-based buffer overflow via crafted request (bsc#1193227). - CVE-2020-26558: Fixed vulnerability that may permit a nearby man-in-the-middle attacker to identify the Passkey (bsc#1186463). - CVE-2021-0129: Fixed improper access control (bsc#1186463). - CVE-2021-3658: Fixed adapter incorrectly restoring discoverable state after powered down (bsc#1188859). - CVE-2021-43400: Fixed use-after-free in gatt-database.c (bsc#1192394). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-3691=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-3691=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-3691=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-3691=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-3691=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-3691=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-3691=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-3691=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-3691=1 Package List: - SUSE Manager Server 4.1 (ppc64le s390x x86_64): bluez-5.48-150200.13.17.1 bluez-debuginfo-5.48-150200.13.17.1 bluez-debugsource-5.48-150200.13.17.1 bluez-devel-5.48-150200.13.17.1 libbluetooth3-5.48-150200.13.17.1 libbluetooth3-debuginfo-5.48-150200.13.17.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): bluez-5.48-150200.13.17.1 bluez-debuginfo-5.48-150200.13.17.1 bluez-debugsource-5.48-150200.13.17.1 bluez-devel-5.48-150200.13.17.1 libbluetooth3-5.48-150200.13.17.1 libbluetooth3-debuginfo-5.48-150200.13.17.1 - SUSE Manager Proxy 4.1 (x86_64): bluez-5.48-150200.13.17.1 bluez-debuginfo-5.48-150200.13.17.1 bluez-debugsource-5.48-150200.13.17.1 bluez-devel-5.48-150200.13.17.1 libbluetooth3-5.48-150200.13.17.1 libbluetooth3-debuginfo-5.48-150200.13.17.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): bluez-5.48-150200.13.17.1 bluez-debuginfo-5.48-150200.13.17.1 bluez-debugsource-5.48-150200.13.17.1 bluez-devel-5.48-150200.13.17.1 libbluetooth3-5.48-150200.13.17.1 libbluetooth3-debuginfo-5.48-150200.13.17.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): bluez-5.48-150200.13.17.1 bluez-debuginfo-5.48-150200.13.17.1 bluez-debugsource-5.48-150200.13.17.1 bluez-devel-5.48-150200.13.17.1 libbluetooth3-5.48-150200.13.17.1 libbluetooth3-debuginfo-5.48-150200.13.17.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): bluez-5.48-150200.13.17.1 bluez-debuginfo-5.48-150200.13.17.1 bluez-debugsource-5.48-150200.13.17.1 bluez-devel-5.48-150200.13.17.1 libbluetooth3-5.48-150200.13.17.1 libbluetooth3-debuginfo-5.48-150200.13.17.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): bluez-5.48-150200.13.17.1 bluez-debuginfo-5.48-150200.13.17.1 bluez-debugsource-5.48-150200.13.17.1 bluez-devel-5.48-150200.13.17.1 libbluetooth3-5.48-150200.13.17.1 libbluetooth3-debuginfo-5.48-150200.13.17.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): bluez-5.48-150200.13.17.1 bluez-debuginfo-5.48-150200.13.17.1 bluez-debugsource-5.48-150200.13.17.1 bluez-devel-5.48-150200.13.17.1 libbluetooth3-5.48-150200.13.17.1 libbluetooth3-debuginfo-5.48-150200.13.17.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): bluez-5.48-150200.13.17.1 bluez-debuginfo-5.48-150200.13.17.1 bluez-debugsource-5.48-150200.13.17.1 bluez-devel-5.48-150200.13.17.1 libbluetooth3-5.48-150200.13.17.1 libbluetooth3-debuginfo-5.48-150200.13.17.1 References: https://www.suse.com/security/cve/CVE-2019-8921.html https://www.suse.com/security/cve/CVE-2019-8922.html https://www.suse.com/security/cve/CVE-2020-26558.html https://www.suse.com/security/cve/CVE-2021-0129.html https://www.suse.com/security/cve/CVE-2021-3658.html https://www.suse.com/security/cve/CVE-2021-43400.html https://bugzilla.suse.com/1186463 https://bugzilla.suse.com/1188859 https://bugzilla.suse.com/1192394 https://bugzilla.suse.com/1193227 https://bugzilla.suse.com/1193237 From sle-updates at lists.suse.com Fri Oct 21 16:29:11 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 21 Oct 2022 18:29:11 +0200 (CEST) Subject: SUSE-FU-2022:3689-1: moderate: Feature update for rpm Message-ID: <20221021162911.7718DFBAE@maintenance.suse.de> SUSE Feature Update: Feature update for rpm ______________________________________________________________________________ Announcement ID: SUSE-FU-2022:3689-1 Rating: moderate References: SLE-24714 SLE-24715 Affected Products: SUSE Enterprise Storage 7 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Development Tools 15-SP3 SUSE Linux Enterprise Module for Development Tools 15-SP4 SUSE Linux Enterprise Module for Public Cloud 15-SP2 SUSE Linux Enterprise Module for SUSE Manager Proxy 4.1 SUSE Linux Enterprise Module for SUSE Manager Proxy 4.2 SUSE Linux Enterprise Module for SUSE Manager Proxy 4.3 SUSE Linux Enterprise Module for SUSE Manager Server 4.1 SUSE Linux Enterprise Module for SUSE Manager Server 4.2 SUSE Linux Enterprise Module for SUSE Manager Server 4.3 SUSE Linux Enterprise Server 15-SP2 SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Linux Enterprise Storage 7 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.1 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.1 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has 0 feature fixes and contains two features can now be installed. Description: This feature update for rpm provides: - Support Ed25519 RPM signatures (jsc#SLE-24714, jsc#SLE-24715) Patch Instructions: To install this SUSE Feature Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3689=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-3689=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-3689=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-3689=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-3689=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-3689=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-3689=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-3689=1 - SUSE Linux Enterprise Module for SUSE Manager Server 4.3: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.3-2022-3689=1 - SUSE Linux Enterprise Module for SUSE Manager Server 4.2: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.2-2022-3689=1 - SUSE Linux Enterprise Module for SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.1-2022-3689=1 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.3: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.3-2022-3689=1 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.2: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.2-2022-3689=1 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.1-2022-3689=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP2: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP2-2022-3689=1 - SUSE Linux Enterprise Module for Development Tools 15-SP4: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2022-3689=1 - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2022-3689=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-3689=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-3689=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-3689=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): dwz-0.12-150000.3.2.1 dwz-debuginfo-0.12-150000.3.2.1 dwz-debugsource-0.12-150000.3.2.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): dwz-0.12-150000.3.2.1 dwz-debuginfo-0.12-150000.3.2.1 dwz-debugsource-0.12-150000.3.2.1 - SUSE Manager Server 4.1 (ppc64le s390x x86_64): dwz-0.12-150000.3.2.1 dwz-debuginfo-0.12-150000.3.2.1 dwz-debugsource-0.12-150000.3.2.1 python-rpm-debugsource-4.14.1-150200.22.10.1 python2-rpm-4.14.1-150200.22.10.1 python2-rpm-debuginfo-4.14.1-150200.22.10.1 python3-rpm-4.14.1-150200.22.10.1 python3-rpm-debuginfo-4.14.1-150200.22.10.1 rpm-4.14.1-150200.22.10.1 rpm-build-4.14.1-150200.22.10.1 rpm-build-debuginfo-4.14.1-150200.22.10.1 rpm-debuginfo-4.14.1-150200.22.10.1 rpm-debugsource-4.14.1-150200.22.10.1 rpm-devel-4.14.1-150200.22.10.1 - SUSE Manager Server 4.1 (x86_64): rpm-32bit-4.14.1-150200.22.10.1 rpm-32bit-debuginfo-4.14.1-150200.22.10.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): dwz-0.12-150000.3.2.1 dwz-debuginfo-0.12-150000.3.2.1 dwz-debugsource-0.12-150000.3.2.1 python-rpm-debugsource-4.14.1-150200.22.10.1 python2-rpm-4.14.1-150200.22.10.1 python2-rpm-debuginfo-4.14.1-150200.22.10.1 python3-rpm-4.14.1-150200.22.10.1 python3-rpm-debuginfo-4.14.1-150200.22.10.1 rpm-32bit-4.14.1-150200.22.10.1 rpm-32bit-debuginfo-4.14.1-150200.22.10.1 rpm-4.14.1-150200.22.10.1 rpm-build-4.14.1-150200.22.10.1 rpm-build-debuginfo-4.14.1-150200.22.10.1 rpm-debuginfo-4.14.1-150200.22.10.1 rpm-debugsource-4.14.1-150200.22.10.1 rpm-devel-4.14.1-150200.22.10.1 - SUSE Manager Proxy 4.1 (x86_64): dwz-0.12-150000.3.2.1 dwz-debuginfo-0.12-150000.3.2.1 dwz-debugsource-0.12-150000.3.2.1 python-rpm-debugsource-4.14.1-150200.22.10.1 python2-rpm-4.14.1-150200.22.10.1 python2-rpm-debuginfo-4.14.1-150200.22.10.1 python3-rpm-4.14.1-150200.22.10.1 python3-rpm-debuginfo-4.14.1-150200.22.10.1 rpm-32bit-4.14.1-150200.22.10.1 rpm-32bit-debuginfo-4.14.1-150200.22.10.1 rpm-4.14.1-150200.22.10.1 rpm-build-4.14.1-150200.22.10.1 rpm-build-debuginfo-4.14.1-150200.22.10.1 rpm-debuginfo-4.14.1-150200.22.10.1 rpm-debugsource-4.14.1-150200.22.10.1 rpm-devel-4.14.1-150200.22.10.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): dwz-0.12-150000.3.2.1 dwz-debuginfo-0.12-150000.3.2.1 dwz-debugsource-0.12-150000.3.2.1 python-rpm-debugsource-4.14.1-150200.22.10.1 python2-rpm-4.14.1-150200.22.10.1 python2-rpm-debuginfo-4.14.1-150200.22.10.1 python3-rpm-4.14.1-150200.22.10.1 python3-rpm-debuginfo-4.14.1-150200.22.10.1 rpm-4.14.1-150200.22.10.1 rpm-build-4.14.1-150200.22.10.1 rpm-build-debuginfo-4.14.1-150200.22.10.1 rpm-debuginfo-4.14.1-150200.22.10.1 rpm-debugsource-4.14.1-150200.22.10.1 rpm-devel-4.14.1-150200.22.10.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (x86_64): rpm-32bit-4.14.1-150200.22.10.1 rpm-32bit-debuginfo-4.14.1-150200.22.10.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): dwz-0.12-150000.3.2.1 dwz-debuginfo-0.12-150000.3.2.1 dwz-debugsource-0.12-150000.3.2.1 python-rpm-debugsource-4.14.1-150200.22.10.1 python2-rpm-4.14.1-150200.22.10.1 python2-rpm-debuginfo-4.14.1-150200.22.10.1 python3-rpm-4.14.1-150200.22.10.1 python3-rpm-debuginfo-4.14.1-150200.22.10.1 rpm-4.14.1-150200.22.10.1 rpm-build-4.14.1-150200.22.10.1 rpm-build-debuginfo-4.14.1-150200.22.10.1 rpm-debuginfo-4.14.1-150200.22.10.1 rpm-debugsource-4.14.1-150200.22.10.1 rpm-devel-4.14.1-150200.22.10.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (x86_64): rpm-32bit-4.14.1-150200.22.10.1 rpm-32bit-debuginfo-4.14.1-150200.22.10.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): dwz-0.12-150000.3.2.1 dwz-debuginfo-0.12-150000.3.2.1 dwz-debugsource-0.12-150000.3.2.1 python-rpm-debugsource-4.14.1-150200.22.10.1 python3-rpm-4.14.1-150200.22.10.1 python3-rpm-debuginfo-4.14.1-150200.22.10.1 rpm-32bit-4.14.1-150200.22.10.1 rpm-32bit-debuginfo-4.14.1-150200.22.10.1 rpm-4.14.1-150200.22.10.1 rpm-build-4.14.1-150200.22.10.1 rpm-build-debuginfo-4.14.1-150200.22.10.1 rpm-debuginfo-4.14.1-150200.22.10.1 rpm-debugsource-4.14.1-150200.22.10.1 rpm-devel-4.14.1-150200.22.10.1 - SUSE Linux Enterprise Module for SUSE Manager Server 4.3 (aarch64 ppc64le s390x x86_64): dwz-0.12-150000.3.2.1 dwz-debuginfo-0.12-150000.3.2.1 dwz-debugsource-0.12-150000.3.2.1 - SUSE Linux Enterprise Module for SUSE Manager Server 4.2 (aarch64 ppc64le s390x x86_64): dwz-0.12-150000.3.2.1 dwz-debuginfo-0.12-150000.3.2.1 dwz-debugsource-0.12-150000.3.2.1 - SUSE Linux Enterprise Module for SUSE Manager Server 4.1 (aarch64 ppc64le s390x x86_64): dwz-0.12-150000.3.2.1 dwz-debuginfo-0.12-150000.3.2.1 dwz-debugsource-0.12-150000.3.2.1 rpm-build-4.14.1-150200.22.10.1 rpm-build-debuginfo-4.14.1-150200.22.10.1 rpm-debuginfo-4.14.1-150200.22.10.1 rpm-debugsource-4.14.1-150200.22.10.1 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.3 (aarch64 ppc64le s390x x86_64): dwz-0.12-150000.3.2.1 dwz-debuginfo-0.12-150000.3.2.1 dwz-debugsource-0.12-150000.3.2.1 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.2 (aarch64 ppc64le s390x x86_64): dwz-0.12-150000.3.2.1 dwz-debuginfo-0.12-150000.3.2.1 dwz-debugsource-0.12-150000.3.2.1 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.1 (aarch64 ppc64le s390x x86_64): dwz-0.12-150000.3.2.1 dwz-debuginfo-0.12-150000.3.2.1 dwz-debugsource-0.12-150000.3.2.1 rpm-build-4.14.1-150200.22.10.1 rpm-build-debuginfo-4.14.1-150200.22.10.1 rpm-debuginfo-4.14.1-150200.22.10.1 rpm-debugsource-4.14.1-150200.22.10.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP2 (aarch64 ppc64le s390x x86_64): rpm-ndb-4.14.1-150200.22.10.1 rpm-ndb-debuginfo-4.14.1-150200.22.10.1 rpm-ndb-debugsource-4.14.1-150200.22.10.1 - SUSE Linux Enterprise Module for Development Tools 15-SP4 (aarch64 ppc64le s390x x86_64): dwz-0.12-150000.3.2.1 dwz-debuginfo-0.12-150000.3.2.1 dwz-debugsource-0.12-150000.3.2.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le s390x x86_64): dwz-0.12-150000.3.2.1 dwz-debuginfo-0.12-150000.3.2.1 dwz-debugsource-0.12-150000.3.2.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): dwz-0.12-150000.3.2.1 dwz-debuginfo-0.12-150000.3.2.1 dwz-debugsource-0.12-150000.3.2.1 python-rpm-debugsource-4.14.1-150200.22.10.1 python2-rpm-4.14.1-150200.22.10.1 python2-rpm-debuginfo-4.14.1-150200.22.10.1 python3-rpm-4.14.1-150200.22.10.1 python3-rpm-debuginfo-4.14.1-150200.22.10.1 rpm-4.14.1-150200.22.10.1 rpm-build-4.14.1-150200.22.10.1 rpm-build-debuginfo-4.14.1-150200.22.10.1 rpm-debuginfo-4.14.1-150200.22.10.1 rpm-debugsource-4.14.1-150200.22.10.1 rpm-devel-4.14.1-150200.22.10.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (x86_64): rpm-32bit-4.14.1-150200.22.10.1 rpm-32bit-debuginfo-4.14.1-150200.22.10.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): dwz-0.12-150000.3.2.1 dwz-debuginfo-0.12-150000.3.2.1 dwz-debugsource-0.12-150000.3.2.1 python-rpm-debugsource-4.14.1-150200.22.10.1 python2-rpm-4.14.1-150200.22.10.1 python2-rpm-debuginfo-4.14.1-150200.22.10.1 python3-rpm-4.14.1-150200.22.10.1 python3-rpm-debuginfo-4.14.1-150200.22.10.1 rpm-4.14.1-150200.22.10.1 rpm-build-4.14.1-150200.22.10.1 rpm-build-debuginfo-4.14.1-150200.22.10.1 rpm-debuginfo-4.14.1-150200.22.10.1 rpm-debugsource-4.14.1-150200.22.10.1 rpm-devel-4.14.1-150200.22.10.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (x86_64): rpm-32bit-4.14.1-150200.22.10.1 rpm-32bit-debuginfo-4.14.1-150200.22.10.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): dwz-0.12-150000.3.2.1 dwz-debuginfo-0.12-150000.3.2.1 dwz-debugsource-0.12-150000.3.2.1 python-rpm-debugsource-4.14.1-150200.22.10.1 python2-rpm-4.14.1-150200.22.10.1 python2-rpm-debuginfo-4.14.1-150200.22.10.1 python3-rpm-4.14.1-150200.22.10.1 python3-rpm-debuginfo-4.14.1-150200.22.10.1 rpm-4.14.1-150200.22.10.1 rpm-build-4.14.1-150200.22.10.1 rpm-build-debuginfo-4.14.1-150200.22.10.1 rpm-debuginfo-4.14.1-150200.22.10.1 rpm-debugsource-4.14.1-150200.22.10.1 rpm-devel-4.14.1-150200.22.10.1 - SUSE Enterprise Storage 7 (x86_64): rpm-32bit-4.14.1-150200.22.10.1 rpm-32bit-debuginfo-4.14.1-150200.22.10.1 References: From sle-updates at lists.suse.com Fri Oct 21 19:18:37 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 21 Oct 2022 21:18:37 +0200 (CEST) Subject: SUSE-SU-2022:3692-1: important: Security update for libxml2 Message-ID: <20221021191837.3168FFBAE@maintenance.suse.de> SUSE Security Update: Security update for libxml2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3692-1 Rating: important References: #1204366 #1204367 Cross-References: CVE-2022-40303 CVE-2022-40304 CVSS scores: CVE-2022-40303 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-40304 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for libxml2 fixes the following issues: - CVE-2022-40303: Fixed integer overflows with XML_PARSE_HUGE (bsc#1204366). - CVE-2022-40304: Fixed dict corruption caused by entity reference cycles (bsc#1204367). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3692=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-3692=1 - SUSE Linux Enterprise Micro 5.3: zypper in -t patch SUSE-SLE-Micro-5.3-2022-3692=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): libxml2-2-2.9.14-150400.5.10.1 libxml2-2-debuginfo-2.9.14-150400.5.10.1 libxml2-debugsource-2.9.14-150400.5.10.1 libxml2-devel-2.9.14-150400.5.10.1 libxml2-tools-2.9.14-150400.5.10.1 libxml2-tools-debuginfo-2.9.14-150400.5.10.1 python3-libxml2-2.9.14-150400.5.10.1 python3-libxml2-debuginfo-2.9.14-150400.5.10.1 - openSUSE Leap 15.4 (x86_64): libxml2-2-32bit-2.9.14-150400.5.10.1 libxml2-2-32bit-debuginfo-2.9.14-150400.5.10.1 libxml2-devel-32bit-2.9.14-150400.5.10.1 - openSUSE Leap 15.4 (noarch): libxml2-doc-2.9.14-150400.5.10.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): libxml2-2-2.9.14-150400.5.10.1 libxml2-2-debuginfo-2.9.14-150400.5.10.1 libxml2-debugsource-2.9.14-150400.5.10.1 libxml2-devel-2.9.14-150400.5.10.1 libxml2-tools-2.9.14-150400.5.10.1 libxml2-tools-debuginfo-2.9.14-150400.5.10.1 python3-libxml2-2.9.14-150400.5.10.1 python3-libxml2-debuginfo-2.9.14-150400.5.10.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (x86_64): libxml2-2-32bit-2.9.14-150400.5.10.1 libxml2-2-32bit-debuginfo-2.9.14-150400.5.10.1 - SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64): libxml2-2-2.9.14-150400.5.10.1 libxml2-2-debuginfo-2.9.14-150400.5.10.1 libxml2-debugsource-2.9.14-150400.5.10.1 libxml2-python-debugsource-2.9.14-150400.5.10.1 libxml2-tools-2.9.14-150400.5.10.1 libxml2-tools-debuginfo-2.9.14-150400.5.10.1 python3-libxml2-2.9.14-150400.5.10.1 python3-libxml2-debuginfo-2.9.14-150400.5.10.1 References: https://www.suse.com/security/cve/CVE-2022-40303.html https://www.suse.com/security/cve/CVE-2022-40304.html https://bugzilla.suse.com/1204366 https://bugzilla.suse.com/1204367 From sle-updates at lists.suse.com Sat Oct 22 07:04:30 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 22 Oct 2022 09:04:30 +0200 (CEST) Subject: SUSE-IU-2022:1116-1: Security update of suse-sles-15-sp3-chost-byos-v20221019-x86_64-gen2 Message-ID: <20221022070430.32642F78D@maintenance.suse.de> SUSE Image Update Advisory: suse-sles-15-sp3-chost-byos-v20221019-x86_64-gen2 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2022:1116-1 Image Tags : suse-sles-15-sp3-chost-byos-v20221019-x86_64-gen2:20221019 Image Release : Severity : critical Type : security References : 1027519 1142847 1150130 1157805 1164550 1164569 1167608 1177179 1181994 1185104 1186272 1188006 1189282 1189802 1195773 1197081 1199079 1199492 1200641 1200762 1200994 1201051 1201394 1201631 1201680 1201783 1201942 1201972 1202624 1202821 1202868 1203018 1203438 1203649 1203806 1203807 CVE-2019-13224 CVE-2019-16163 CVE-2019-19203 CVE-2019-19204 CVE-2019-19246 CVE-2020-26159 CVE-2021-28689 CVE-2021-28861 CVE-2021-36690 CVE-2021-46828 CVE-2022-26365 CVE-2022-31252 CVE-2022-33740 CVE-2022-33741 CVE-2022-33742 CVE-2022-33745 CVE-2022-33746 CVE-2022-33748 CVE-2022-35737 CVE-2022-40674 ----------------------------------------------------------------- The container suse-sles-15-sp3-chost-byos-v20221019-x86_64-gen2 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3304-1 Released: Mon Sep 19 11:43:25 2022 Summary: Recommended update for libassuan Type: recommended Severity: moderate References: This update for libassuan fixes the following issues: - Add a timeout for writing to a SOCKS5 proxy - Add workaround for a problem with LD_LIBRARY_PATH on newer systems - Fix issue in the logging code - Fix some build trivialities - Upgrade autoconf ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3305-1 Released: Mon Sep 19 11:45:57 2022 Summary: Security update for libtirpc Type: security Severity: important References: 1201680,CVE-2021-46828 This update for libtirpc fixes the following issues: - CVE-2021-46828: Fixed denial of service vulnerability with lots of connections (bsc#1201680). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3307-1 Released: Mon Sep 19 13:26:51 2022 Summary: Security update for sqlite3 Type: security Severity: moderate References: 1189802,1195773,1201783,CVE-2021-36690,CVE-2022-35737 This update for sqlite3 fixes the following issues: - CVE-2022-35737: Fixed an array-bounds overflow if billions of bytes are used in a string argument to a C API (bnc#1201783). - CVE-2021-36690: Fixed an issue with the SQLite Expert extension when a column has no collating sequence (bsc#1189802). - Package the Tcl bindings here again so that we only ship one copy of SQLite (bsc#1195773). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3327-1 Released: Wed Sep 21 12:47:17 2022 Summary: Security update for oniguruma Type: security Severity: important References: 1142847,1150130,1157805,1164550,1164569,1177179,CVE-2019-13224,CVE-2019-16163,CVE-2019-19203,CVE-2019-19204,CVE-2019-19246,CVE-2020-26159 This update for oniguruma fixes the following issues: - CVE-2019-19246: Fixed an out of bounds access during regular expression matching (bsc#1157805). - CVE-2019-19204: Fixed an out of bounds access when compiling a crafted regular expression (bsc#1164569). - CVE-2019-19203: Fixed an out of bounds access when performing a string search (bsc#1164550). - CVE-2019-16163: Fixed an uncontrolled recursion issue when compiling a crafted regular expression, which could lead to denial of service (bsc#1150130). - CVE-2020-26159: Fixed an off-by-one buffer overflow (bsc#1177179). - CVE-2019-13224: Fixed a potential use-after-free when handling multiple different encodings (bsc#1142847). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3394-1 Released: Mon Sep 26 16:05:19 2022 Summary: Security update for permissions Type: security Severity: moderate References: 1203018,CVE-2022-31252 This update for permissions fixes the following issues: - CVE-2022-31252: Fixed chkstat group controlled paths (bsc#1203018). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3395-1 Released: Mon Sep 26 16:35:18 2022 Summary: Recommended update for ca-certificates-mozilla Type: recommended Severity: moderate References: 1181994,1188006,1199079,1202868 This update for ca-certificates-mozilla fixes the following issues: Updated to 2.56 state of Mozilla SSL root CAs (bsc#1202868) - Added: - Certainly Root E1 - Certainly Root R1 - DigiCert SMIME ECC P384 Root G5 - DigiCert SMIME RSA4096 Root G5 - DigiCert TLS ECC P384 Root G5 - DigiCert TLS RSA4096 Root G5 - E-Tugra Global Root CA ECC v3 - E-Tugra Global Root CA RSA v3 - Removed: - Hellenic Academic and Research Institutions RootCA 2011 Updated to 2.54 state of Mozilla SSL root CAs (bsc#1199079) - Added: - Autoridad de Certificacion Firmaprofesional CIF A62634068 - D-TRUST BR Root CA 1 2020 - D-TRUST EV Root CA 1 2020 - GlobalSign ECC Root CA R4 - GTS Root R1 - GTS Root R2 - GTS Root R3 - GTS Root R4 - HiPKI Root CA - G1 - ISRG Root X2 - Telia Root CA v2 - vTrus ECC Root CA - vTrus Root CA - Removed: - Cybertrust Global Root - DST Root CA X3 - DigiNotar PKIoverheid CA Organisatie - G2 - GlobalSign ECC Root CA R4 - GlobalSign Root CA R2 - GTS Root R1 - GTS Root R2 - GTS Root R3 - GTS Root R4 Updated to 2.50 state of the Mozilla NSS Certificate store (bsc#1188006) - Added: - HARICA Client ECC Root CA 2021 - HARICA Client RSA Root CA 2021 - HARICA TLS ECC Root CA 2021 - HARICA TLS RSA Root CA 2021 - TunTrust Root CA Updated to 2.46 state of the Mozilla NSS Certificate store (bsc#1181994) - Added new root CAs: - NAVER Global Root Certification Authority - Removed old root CAs: - GeoTrust Global CA - GeoTrust Primary Certification Authority - GeoTrust Primary Certification Authority - G3 - GeoTrust Universal CA - GeoTrust Universal CA 2 - thawte Primary Root CA - thawte Primary Root CA - G2 - thawte Primary Root CA - G3 - VeriSign Class 3 Public Primary Certification Authority - G4 - VeriSign Class 3 Public Primary Certification Authority - G5 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3435-1 Released: Tue Sep 27 14:55:38 2022 Summary: Recommended update for runc Type: recommended Severity: important References: 1202821 This update for runc fixes the following issues: - Fix mounting via wrong proc fd. When the user and mount namespaces are used, and the bind mount is followed by the cgroup mount in the spec, the cgroup was mounted using the bind mount's mount fd. - Fix 'permission denied' error from runc run on noexec fs - Fix regression causing a failed 'exec' error after systemctl daemon-reload (bsc#1202821) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3452-1 Released: Wed Sep 28 12:13:43 2022 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1201942 This update for glibc fixes the following issues: - Reversing calculation of __x86_shared_non_temporal_threshold (bsc#1201942) - powerpc: Optimized memcmp for power10 (jsc#PED-987) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3544-1 Released: Thu Oct 6 13:48:42 2022 Summary: Security update for python3 Type: security Severity: important References: 1202624,CVE-2021-28861 This update for python3 fixes the following issues: - CVE-2021-28861: Fixed an open redirection vulnerability in the HTTP server when an URI path starts with // (bsc#1202624). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3555-1 Released: Mon Oct 10 14:05:12 2022 Summary: Recommended update for aaa_base Type: recommended Severity: important References: 1199492 This update for aaa_base fixes the following issues: - The wrapper rootsh is not a restricted shell. (bsc#1199492) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3565-1 Released: Tue Oct 11 16:17:38 2022 Summary: Recommended update for libzypp, zypper Type: recommended Severity: critical References: 1189282,1201972,1203649 This update for libzypp, zypper fixes the following issues: libzypp: - Enable 'zck' support for SUSE Linux Enterprise 15 Service Pack 4 and newer (bsc#1189282) - Fix regression leading to `-allow-vendor-change` and `no-allow-vendor-change` options being ignored (bsc#1201972) - Remove migration code that is no longer needed (bsc#1203649) - Store logrotate files in vendor specif directory '/usr/etc/logrotate.d' if so defined zypper: - Fix contradiction in the man page: `--download-in-advance` option is the default behavior - Fix regression leading to `-allow-vendor-change` and `no-allow-vendor-change` options being ignored (bsc#1201972) - Fix tests to use locale 'C.UTF-8' rather than 'en_US' - Make sure 'up' respects solver related CLI options (bsc#1201972) - Remove unneeded code to compute the PPP status because it is now auto established - Store logrotate files in vendor specif directory '/usr/etc/logrotate.d' if so defined ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3591-1 Released: Fri Oct 14 11:38:04 2022 Summary: Recommended update for kdump Type: recommended Severity: moderate References: 1186272,1201051 This update for kdump fixes the following issues: - Fix unload issue when secure boot enabled (bsc#1186272) - Fix network-related dracut options handling for fadump case (bsc#1201051) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3597-1 Released: Mon Oct 17 13:13:16 2022 Summary: Security update for expat Type: security Severity: important References: 1203438,CVE-2022-40674 This update for expat fixes the following issues: - CVE-2022-40674: Fixed use-after-free in the doContent function in xmlparse.c (bsc#1203438). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3612-1 Released: Tue Oct 18 12:21:03 2022 Summary: Recommended update for SUSEConnect Type: recommended Severity: moderate References: 1200641,1200994 This update for SUSEConnect fixes the following issues: - Allow suseconnect-keepalive.service to recognize a configured proxy. (bsc#1200994) - Remove the `WantedBy` statement from suseconnect-keepalive.service since it's only to be triggered by a systemd timer. - SUSEConnect will now ensure that the `PROXY_ENABLED` environment variable is honored. - Write services with ssl_verify=no when using connect with insecure - Rely on system-wide defaults for enabling the keepalive timer by systemd-presets-branding-SLE. (bsc#1200641) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3665-1 Released: Wed Oct 19 20:29:16 2022 Summary: Security update for xen Type: security Severity: important References: 1027519,1167608,1185104,1197081,1200762,1201394,1201631,1203806,1203807,CVE-2021-28689,CVE-2022-26365,CVE-2022-33740,CVE-2022-33741,CVE-2022-33742,CVE-2022-33745,CVE-2022-33746,CVE-2022-33748 This update for xen fixes the following issues: - CVE-2022-33746: Fixed DoS due to excessively long P2M pool freeing (bsc#1203806). - CVE-2022-33748: Fixed DoS due to race in locking (bsc#1203807). - CVE-2022-26365: Fixed issue where Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (bsc#1200762). - CVE-2022-33740: Fixed issue where Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (bsc#1200762). - CVE-2022-33741: Fixed issue where data residing in the same 4K page as data shared with a backend was being accessible by such backend (bsc#1200762). - CVE-2022-33742: Fixed issue where data residing in the same 4K page as data shared with a backend was being accessible by such backend (bsc#1200762). - CVE-2022-33745: Fixed an insufficient TLB flush for x86 PV guests in shadow mode (bsc#1201394). - CVE-2021-28689: Fixed speculative vulnerabilities with bare (non-shim) 32-bit PV guests (bsc#1185104). Bugfixes: - Fixed logic error in built-in default of max_event_channels (bsc#1167608, bsc#1201631). - Fixed issue where dom0 fails to boot with constrained vcpus and nodes (bsc#1197081). - Included upstream bugfixes (bsc#1027519). The following package changes have been done: - SUSEConnect-0.3.36-150300.20.6.1 updated - aaa_base-84.87+git20180409.04c9dae-150300.10.3.1 updated - ca-certificates-mozilla-2.56-150200.24.1 updated - glibc-locale-base-2.31-150300.41.1 updated - glibc-locale-2.31-150300.41.1 updated - glibc-2.31-150300.41.1 updated - kdump-0.9.0-150300.18.15.1 updated - libassuan0-2.5.5-150000.4.3.1 updated - libexpat1-2.2.5-150000.3.22.1 updated - libonig4-6.7.0-150000.3.3.1 updated - libpython3_6m1_0-3.6.15-150300.10.30.1 updated - libsqlite3-0-3.39.3-150000.3.17.1 updated - libtirpc-netconfig-1.2.6-150300.3.14.1 updated - libtirpc3-1.2.6-150300.3.14.1 updated - libzypp-17.31.2-150200.45.1 updated - permissions-20181225-150200.23.15.1 updated - python3-base-3.6.15-150300.10.30.1 updated - python3-3.6.15-150300.10.30.1 updated - runc-1.1.4-150000.33.4 updated - xen-libs-4.14.5_06-150300.3.35.1 updated - zypper-1.14.57-150200.39.1 updated From sle-updates at lists.suse.com Sat Oct 22 07:07:39 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 22 Oct 2022 09:07:39 +0200 (CEST) Subject: SUSE-IU-2022:1117-1: Security update of suse-sles-15-sp3-chost-byos-v20221019-hvm-ssd-x86_64 Message-ID: <20221022070739.06E1EF78D@maintenance.suse.de> SUSE Image Update Advisory: suse-sles-15-sp3-chost-byos-v20221019-hvm-ssd-x86_64 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2022:1117-1 Image Tags : suse-sles-15-sp3-chost-byos-v20221019-hvm-ssd-x86_64:20221019 Image Release : Severity : critical Type : security References : 1027519 1142847 1150130 1157805 1164550 1164569 1167608 1177179 1181994 1185104 1186272 1188006 1189282 1189802 1195773 1197081 1199079 1199492 1200641 1200762 1200994 1201051 1201394 1201631 1201680 1201783 1201942 1201972 1202624 1202821 1202868 1203018 1203438 1203649 1203806 1203807 CVE-2019-13224 CVE-2019-16163 CVE-2019-19203 CVE-2019-19204 CVE-2019-19246 CVE-2020-26159 CVE-2021-28689 CVE-2021-28861 CVE-2021-36690 CVE-2021-46828 CVE-2022-26365 CVE-2022-31252 CVE-2022-33740 CVE-2022-33741 CVE-2022-33742 CVE-2022-33745 CVE-2022-33746 CVE-2022-33748 CVE-2022-35737 CVE-2022-40674 ----------------------------------------------------------------- The container suse-sles-15-sp3-chost-byos-v20221019-hvm-ssd-x86_64 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3304-1 Released: Mon Sep 19 11:43:25 2022 Summary: Recommended update for libassuan Type: recommended Severity: moderate References: This update for libassuan fixes the following issues: - Add a timeout for writing to a SOCKS5 proxy - Add workaround for a problem with LD_LIBRARY_PATH on newer systems - Fix issue in the logging code - Fix some build trivialities - Upgrade autoconf ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3305-1 Released: Mon Sep 19 11:45:57 2022 Summary: Security update for libtirpc Type: security Severity: important References: 1201680,CVE-2021-46828 This update for libtirpc fixes the following issues: - CVE-2021-46828: Fixed denial of service vulnerability with lots of connections (bsc#1201680). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3307-1 Released: Mon Sep 19 13:26:51 2022 Summary: Security update for sqlite3 Type: security Severity: moderate References: 1189802,1195773,1201783,CVE-2021-36690,CVE-2022-35737 This update for sqlite3 fixes the following issues: - CVE-2022-35737: Fixed an array-bounds overflow if billions of bytes are used in a string argument to a C API (bnc#1201783). - CVE-2021-36690: Fixed an issue with the SQLite Expert extension when a column has no collating sequence (bsc#1189802). - Package the Tcl bindings here again so that we only ship one copy of SQLite (bsc#1195773). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3327-1 Released: Wed Sep 21 12:47:17 2022 Summary: Security update for oniguruma Type: security Severity: important References: 1142847,1150130,1157805,1164550,1164569,1177179,CVE-2019-13224,CVE-2019-16163,CVE-2019-19203,CVE-2019-19204,CVE-2019-19246,CVE-2020-26159 This update for oniguruma fixes the following issues: - CVE-2019-19246: Fixed an out of bounds access during regular expression matching (bsc#1157805). - CVE-2019-19204: Fixed an out of bounds access when compiling a crafted regular expression (bsc#1164569). - CVE-2019-19203: Fixed an out of bounds access when performing a string search (bsc#1164550). - CVE-2019-16163: Fixed an uncontrolled recursion issue when compiling a crafted regular expression, which could lead to denial of service (bsc#1150130). - CVE-2020-26159: Fixed an off-by-one buffer overflow (bsc#1177179). - CVE-2019-13224: Fixed a potential use-after-free when handling multiple different encodings (bsc#1142847). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3394-1 Released: Mon Sep 26 16:05:19 2022 Summary: Security update for permissions Type: security Severity: moderate References: 1203018,CVE-2022-31252 This update for permissions fixes the following issues: - CVE-2022-31252: Fixed chkstat group controlled paths (bsc#1203018). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3395-1 Released: Mon Sep 26 16:35:18 2022 Summary: Recommended update for ca-certificates-mozilla Type: recommended Severity: moderate References: 1181994,1188006,1199079,1202868 This update for ca-certificates-mozilla fixes the following issues: Updated to 2.56 state of Mozilla SSL root CAs (bsc#1202868) - Added: - Certainly Root E1 - Certainly Root R1 - DigiCert SMIME ECC P384 Root G5 - DigiCert SMIME RSA4096 Root G5 - DigiCert TLS ECC P384 Root G5 - DigiCert TLS RSA4096 Root G5 - E-Tugra Global Root CA ECC v3 - E-Tugra Global Root CA RSA v3 - Removed: - Hellenic Academic and Research Institutions RootCA 2011 Updated to 2.54 state of Mozilla SSL root CAs (bsc#1199079) - Added: - Autoridad de Certificacion Firmaprofesional CIF A62634068 - D-TRUST BR Root CA 1 2020 - D-TRUST EV Root CA 1 2020 - GlobalSign ECC Root CA R4 - GTS Root R1 - GTS Root R2 - GTS Root R3 - GTS Root R4 - HiPKI Root CA - G1 - ISRG Root X2 - Telia Root CA v2 - vTrus ECC Root CA - vTrus Root CA - Removed: - Cybertrust Global Root - DST Root CA X3 - DigiNotar PKIoverheid CA Organisatie - G2 - GlobalSign ECC Root CA R4 - GlobalSign Root CA R2 - GTS Root R1 - GTS Root R2 - GTS Root R3 - GTS Root R4 Updated to 2.50 state of the Mozilla NSS Certificate store (bsc#1188006) - Added: - HARICA Client ECC Root CA 2021 - HARICA Client RSA Root CA 2021 - HARICA TLS ECC Root CA 2021 - HARICA TLS RSA Root CA 2021 - TunTrust Root CA Updated to 2.46 state of the Mozilla NSS Certificate store (bsc#1181994) - Added new root CAs: - NAVER Global Root Certification Authority - Removed old root CAs: - GeoTrust Global CA - GeoTrust Primary Certification Authority - GeoTrust Primary Certification Authority - G3 - GeoTrust Universal CA - GeoTrust Universal CA 2 - thawte Primary Root CA - thawte Primary Root CA - G2 - thawte Primary Root CA - G3 - VeriSign Class 3 Public Primary Certification Authority - G4 - VeriSign Class 3 Public Primary Certification Authority - G5 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3435-1 Released: Tue Sep 27 14:55:38 2022 Summary: Recommended update for runc Type: recommended Severity: important References: 1202821 This update for runc fixes the following issues: - Fix mounting via wrong proc fd. When the user and mount namespaces are used, and the bind mount is followed by the cgroup mount in the spec, the cgroup was mounted using the bind mount's mount fd. - Fix 'permission denied' error from runc run on noexec fs - Fix regression causing a failed 'exec' error after systemctl daemon-reload (bsc#1202821) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3452-1 Released: Wed Sep 28 12:13:43 2022 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1201942 This update for glibc fixes the following issues: - Reversing calculation of __x86_shared_non_temporal_threshold (bsc#1201942) - powerpc: Optimized memcmp for power10 (jsc#PED-987) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3544-1 Released: Thu Oct 6 13:48:42 2022 Summary: Security update for python3 Type: security Severity: important References: 1202624,CVE-2021-28861 This update for python3 fixes the following issues: - CVE-2021-28861: Fixed an open redirection vulnerability in the HTTP server when an URI path starts with // (bsc#1202624). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3555-1 Released: Mon Oct 10 14:05:12 2022 Summary: Recommended update for aaa_base Type: recommended Severity: important References: 1199492 This update for aaa_base fixes the following issues: - The wrapper rootsh is not a restricted shell. (bsc#1199492) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3565-1 Released: Tue Oct 11 16:17:38 2022 Summary: Recommended update for libzypp, zypper Type: recommended Severity: critical References: 1189282,1201972,1203649 This update for libzypp, zypper fixes the following issues: libzypp: - Enable 'zck' support for SUSE Linux Enterprise 15 Service Pack 4 and newer (bsc#1189282) - Fix regression leading to `-allow-vendor-change` and `no-allow-vendor-change` options being ignored (bsc#1201972) - Remove migration code that is no longer needed (bsc#1203649) - Store logrotate files in vendor specif directory '/usr/etc/logrotate.d' if so defined zypper: - Fix contradiction in the man page: `--download-in-advance` option is the default behavior - Fix regression leading to `-allow-vendor-change` and `no-allow-vendor-change` options being ignored (bsc#1201972) - Fix tests to use locale 'C.UTF-8' rather than 'en_US' - Make sure 'up' respects solver related CLI options (bsc#1201972) - Remove unneeded code to compute the PPP status because it is now auto established - Store logrotate files in vendor specif directory '/usr/etc/logrotate.d' if so defined ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3591-1 Released: Fri Oct 14 11:38:04 2022 Summary: Recommended update for kdump Type: recommended Severity: moderate References: 1186272,1201051 This update for kdump fixes the following issues: - Fix unload issue when secure boot enabled (bsc#1186272) - Fix network-related dracut options handling for fadump case (bsc#1201051) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3597-1 Released: Mon Oct 17 13:13:16 2022 Summary: Security update for expat Type: security Severity: important References: 1203438,CVE-2022-40674 This update for expat fixes the following issues: - CVE-2022-40674: Fixed use-after-free in the doContent function in xmlparse.c (bsc#1203438). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3612-1 Released: Tue Oct 18 12:21:03 2022 Summary: Recommended update for SUSEConnect Type: recommended Severity: moderate References: 1200641,1200994 This update for SUSEConnect fixes the following issues: - Allow suseconnect-keepalive.service to recognize a configured proxy. (bsc#1200994) - Remove the `WantedBy` statement from suseconnect-keepalive.service since it's only to be triggered by a systemd timer. - SUSEConnect will now ensure that the `PROXY_ENABLED` environment variable is honored. - Write services with ssl_verify=no when using connect with insecure - Rely on system-wide defaults for enabling the keepalive timer by systemd-presets-branding-SLE. (bsc#1200641) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3665-1 Released: Wed Oct 19 20:29:16 2022 Summary: Security update for xen Type: security Severity: important References: 1027519,1167608,1185104,1197081,1200762,1201394,1201631,1203806,1203807,CVE-2021-28689,CVE-2022-26365,CVE-2022-33740,CVE-2022-33741,CVE-2022-33742,CVE-2022-33745,CVE-2022-33746,CVE-2022-33748 This update for xen fixes the following issues: - CVE-2022-33746: Fixed DoS due to excessively long P2M pool freeing (bsc#1203806). - CVE-2022-33748: Fixed DoS due to race in locking (bsc#1203807). - CVE-2022-26365: Fixed issue where Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (bsc#1200762). - CVE-2022-33740: Fixed issue where Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (bsc#1200762). - CVE-2022-33741: Fixed issue where data residing in the same 4K page as data shared with a backend was being accessible by such backend (bsc#1200762). - CVE-2022-33742: Fixed issue where data residing in the same 4K page as data shared with a backend was being accessible by such backend (bsc#1200762). - CVE-2022-33745: Fixed an insufficient TLB flush for x86 PV guests in shadow mode (bsc#1201394). - CVE-2021-28689: Fixed speculative vulnerabilities with bare (non-shim) 32-bit PV guests (bsc#1185104). Bugfixes: - Fixed logic error in built-in default of max_event_channels (bsc#1167608, bsc#1201631). - Fixed issue where dom0 fails to boot with constrained vcpus and nodes (bsc#1197081). - Included upstream bugfixes (bsc#1027519). The following package changes have been done: - SUSEConnect-0.3.36-150300.20.6.1 updated - aaa_base-84.87+git20180409.04c9dae-150300.10.3.1 updated - ca-certificates-mozilla-2.56-150200.24.1 updated - glibc-locale-base-2.31-150300.41.1 updated - glibc-locale-2.31-150300.41.1 updated - glibc-2.31-150300.41.1 updated - kdump-0.9.0-150300.18.15.1 updated - libassuan0-2.5.5-150000.4.3.1 updated - libexpat1-2.2.5-150000.3.22.1 updated - libonig4-6.7.0-150000.3.3.1 updated - libpython3_6m1_0-3.6.15-150300.10.30.1 updated - libsqlite3-0-3.39.3-150000.3.17.1 updated - libtirpc-netconfig-1.2.6-150300.3.14.1 updated - libtirpc3-1.2.6-150300.3.14.1 updated - libzypp-17.31.2-150200.45.1 updated - permissions-20181225-150200.23.15.1 updated - python3-base-3.6.15-150300.10.30.1 updated - python3-3.6.15-150300.10.30.1 updated - runc-1.1.4-150000.33.4 updated - xen-libs-4.14.5_06-150300.3.35.1 updated - xen-tools-domU-4.14.5_06-150300.3.35.1 updated - zypper-1.14.57-150200.39.1 updated From sle-updates at lists.suse.com Sat Oct 22 07:10:09 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 22 Oct 2022 09:10:09 +0200 (CEST) Subject: SUSE-IU-2022:1118-1: Security update of sles-15-sp3-chost-byos-v20221019-x86-64 Message-ID: <20221022071009.87913F78D@maintenance.suse.de> SUSE Image Update Advisory: sles-15-sp3-chost-byos-v20221019-x86-64 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2022:1118-1 Image Tags : sles-15-sp3-chost-byos-v20221019-x86-64:20221019 Image Release : Severity : critical Type : security References : 1023051 1027519 1047178 1065729 1142847 1150130 1156395 1157805 1164550 1164569 1167608 1177179 1178134 1179722 1179723 1181475 1181862 1181994 1185104 1185882 1186272 1188006 1189282 1189802 1191036 1191662 1191667 1191881 1192594 1192968 1193081 1194272 1194319 1194535 1194557 1195059 1195391 1195773 1196616 1197081 1197158 1197178 1197755 1197756 1197757 1197760 1197763 1197920 1198341 1198405 1198731 1198752 1198823 1198829 1198830 1198832 1198925 1198971 1199079 1199093 1199140 1199283 1199291 1199364 1199492 1199524 1199647 1199665 1199670 1199895 1200015 1200270 1200431 1200485 1200521 1200570 1200598 1200641 1200644 1200651 1200697 1200698 1200700 1200701 1200732 1200762 1200762 1200800 1200842 1200845 1200868 1200869 1200870 1200871 1200872 1200873 1200884 1200902 1200903 1200904 1200910 1200993 1200994 1201019 1201051 1201092 1201132 1201133 1201134 1201135 1201136 1201150 1201151 1201152 1201153 1201154 1201155 1201196 1201206 1201249 1201251 1201356 1201359 1201363 1201381 1201394 1201420 1201429 1201442 1201458 1201511 1201576 1201610 1201620 1201631 1201635 1201636 1201638 1201644 1201645 1201664 1201672 1201673 1201676 1201680 1201705 1201726 1201783 1201846 1201863 1201930 1201940 1201942 1201948 1201954 1201956 1201958 1201972 1202020 1202046 1202049 1202050 1202051 1202096 1202097 1202100 1202101 1202154 1202175 1202310 1202346 1202347 1202393 1202396 1202414 1202420 1202421 1202447 1202511 1202512 1202515 1202552 1202564 1202577 1202593 1202599 1202624 1202636 1202672 1202687 1202689 1202701 1202708 1202709 1202710 1202711 1202712 1202713 1202714 1202715 1202716 1202717 1202718 1202720 1202722 1202745 1202756 1202810 1202811 1202821 1202826 1202860 1202862 1202868 1202895 1202898 1203018 1203063 1203098 1203107 1203116 1203117 1203135 1203136 1203137 1203438 1203649 1203806 1203807 CVE-2016-3695 CVE-2017-6512 CVE-2019-13224 CVE-2019-16163 CVE-2019-19203 CVE-2019-19204 CVE-2019-19246 CVE-2020-26159 CVE-2020-27784 CVE-2020-36516 CVE-2020-36557 CVE-2020-36558 CVE-2021-28689 CVE-2021-28861 CVE-2021-33655 CVE-2021-33656 CVE-2021-36690 CVE-2021-4155 CVE-2021-41819 CVE-2021-4203 CVE-2021-46828 CVE-2022-1116 CVE-2022-1462 CVE-2022-1706 CVE-2022-1720 CVE-2022-1968 CVE-2022-20166 CVE-2022-20368 CVE-2022-20369 CVE-2022-2124 CVE-2022-2125 CVE-2022-2126 CVE-2022-2129 CVE-2022-21505 CVE-2022-2175 CVE-2022-2182 CVE-2022-2183 CVE-2022-2206 CVE-2022-2207 CVE-2022-2208 CVE-2022-2210 CVE-2022-2231 CVE-2022-2257 CVE-2022-2264 CVE-2022-2284 CVE-2022-2285 CVE-2022-2286 CVE-2022-2287 CVE-2022-2304 CVE-2022-2318 CVE-2022-2343 CVE-2022-2344 CVE-2022-2345 CVE-2022-24795 CVE-2022-2509 CVE-2022-2522 CVE-2022-2571 CVE-2022-2580 CVE-2022-2581 CVE-2022-2588 CVE-2022-2598 CVE-2022-26365 CVE-2022-26365 CVE-2022-26373 CVE-2022-2639 CVE-2022-2663 CVE-2022-27404 CVE-2022-27405 CVE-2022-27406 CVE-2022-2816 CVE-2022-2817 CVE-2022-2819 CVE-2022-2845 CVE-2022-2849 CVE-2022-2862 CVE-2022-2874 CVE-2022-2889 CVE-2022-2905 CVE-2022-2923 CVE-2022-2946 CVE-2022-29581 CVE-2022-2977 CVE-2022-3016 CVE-2022-3028 CVE-2022-31252 CVE-2022-32250 CVE-2022-33740 CVE-2022-33740 CVE-2022-33741 CVE-2022-33741 CVE-2022-33742 CVE-2022-33742 CVE-2022-33745 CVE-2022-33746 CVE-2022-33748 CVE-2022-35252 CVE-2022-35737 CVE-2022-36879 CVE-2022-36946 CVE-2022-37434 CVE-2022-39188 CVE-2022-39190 CVE-2022-40674 ----------------------------------------------------------------- The container sles-15-sp3-chost-byos-v20221019-x86-64 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2866-1 Released: Mon Aug 22 15:36:30 2022 Summary: Security update for systemd-presets-common-SUSE Type: security Severity: moderate References: 1199524,1200485,CVE-2022-1706 This update for systemd-presets-common-SUSE fixes the following issues: - CVE-2022-1706: Fixed accessible configs from unprivileged containers in VMs running on VMware products (bsc#1199524). The following non-security bugs were fixed: - Modify branding-preset-states to fix systemd-presets-common-SUSE not enabling new user systemd service preset configuration just as it handles system service presets. By passing an (optional) second parameter 'user', the save/apply-changes commands now work with user services instead of system ones (bsc#1200485) - Add the wireplumber user service preset to enable it by default in SLE15-SP4 where it replaced pipewire-media-session, but keep pipewire-media-session preset so we don't have to branch the systemd-presets-common-SUSE package for SP4 (bsc#1200485) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2875-1 Released: Tue Aug 23 13:19:13 2022 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1178134,1196616,1198829,1199364,1199647,1199665,1199670,1200015,1200521,1200598,1200644,1200651,1200762,1200910,1201196,1201206,1201251,1201381,1201429,1201442,1201458,1201635,1201636,1201644,1201645,1201664,1201672,1201673,1201676,1201846,1201930,1201940,1201954,1201956,1201958,1202154,CVE-2020-36516,CVE-2020-36557,CVE-2020-36558,CVE-2021-33655,CVE-2021-33656,CVE-2022-1116,CVE-2022-1462,CVE-2022-20166,CVE-2022-21505,CVE-2022-2318,CVE-2022-26365,CVE-2022-2639,CVE-2022-29581,CVE-2022-32250,CVE-2022-33740,CVE-2022-33741,CVE-2022-33742,CVE-2022-36946 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-36516: Fixed TCP session data injection vulnerability via the mixed IPID assignment method (bnc#1196616). - CVE-2020-36557: Fixed race condition between the VT_DISALLOCATE ioctl and closing/opening of ttys that could lead to a use-after-free (bnc#1201429). - CVE-2020-36558: Fixed race condition involving VT_RESIZEX that could lead to a NULL pointer dereference and general protection fault (bnc#1200910). - CVE-2021-33655: Fixed out of bounds write with ioctl FBIOPUT_VSCREENINFO (bnc#1201635). - CVE-2021-33656: Fixed out of bounds write with ioctl PIO_FONT (bnc#1201636). - CVE-2022-1116: Fixed a integer overflow vulnerability in io_uring which allowed a local attacker to cause memory corruption and escalate privileges to root (bnc#1199647). - CVE-2022-1462: Fixed an out-of-bounds read flaw in the TeleTYpe subsystem (bnc#1198829). - CVE-2022-2318: Fixed a use-after-free vulnerabilities in the timer handler in net/rose/rose_timer.c that allow attackers to crash the system without any privileges (bsc#1201251). - CVE-2022-2639: Fixed integer underflow that could lead to out-of-bounds write in reserve_sfa_size() (bsc#1202154). - CVE-2022-20166: Fixed possible out of bounds write due to sprintf unsafety that could cause local escalation of privilege (bnc#1200598) - CVE-2022-21505: Fixed kexec lockdown bypass with IMA policy (bsc#1201458). - CVE-2022-26365, CVE-2022-33740, CVE-2022-33741, CVE-2022-33742: Fixed multiple potential data leaks with Block and Network devices when using untrusted backends (bsc#1200762). - CVE-2022-29581: Fixed improper update of Reference Count in net/sched that could cause root privilege escalation (bnc#1199665). - CVE-2022-32250: Fixed user-after-free in net/netfilter/nf_tables_api.c that could allow local privilege escalation (bnc#1200015). - CVE-2022-36946: Fixed incorrect packet truncation in nfqnl_mangle() that could lead to remote DoS (bnc#1201940). The following non-security bugs were fixed: - ACPI: APEI: Better fix to avoid spamming the console with old error logs (git-fixes). - ACPI: CPPC: Do not prevent CPPC from working in the future (git-fixes). - ACPI: video: Shortening quirk list by identifying Clevo by board_name only (git-fixes). - ALSA: hda - Add fixup for Dell Latitidue E5430 (git-fixes). - ALSA: hda/conexant: Apply quirk for another HP ProDesk 600 G3 model (git-fixes). - ALSA: hda/realtek - Enable the headset-mic on a Xiaomi's laptop (git-fixes). - ALSA: hda/realtek - Fix headset mic problem for a HP machine with alc221 (git-fixes). - ALSA: hda/realtek - Fix headset mic problem for a HP machine with alc671 (git-fixes). - ASoC: Intel: Skylake: Correct the handling of fmt_config flexible array (git-fixes). - ASoC: Intel: Skylake: Correct the ssp rate discovery in skl_get_ssp_clks() (git-fixes). - ASoC: Remove unused hw_write_t type (git-fixes). - ASoC: cs47l15: Fix event generation for low power mux control (git-fixes). - ASoC: madera: Fix event generation for OUT1 demux (git-fixes). - ASoC: madera: Fix event generation for rate controls (git-fixes). - ASoC: ops: Fix off by one in range control validation (git-fixes). - ASoC: sgtl5000: Fix noise on shutdown/remove (git-fixes). - ASoC: wm5110: Fix DRE control (git-fixes). - Bluetooth: L2CAP: Fix use-after-free caused by l2cap_chan_put (git-fixes). - Bluetooth: hci_intel: Add check for platform_driver_register (git-fixes). - FDDI: defxx: Bail out gracefully with unassigned PCI resource for CSR (git-fixes). - FDDI: defxx: Make MMIO the configuration default except for EISA (git-fixes). - Fixed a system crash related to the recent RETBLEED mitigation (bsc#1201644, bsc#1201664, bsc#1201672, bsc#1201673, bsc#1201676). - Fixed battery detection problem on macbooks (bnc#1201206). - HID: cp2112: prevent a buffer overflow in cp2112_xfer() (git-fixes). - KVM/emulate: Fix SETcc emulation function offsets with SLS (bsc#1201930). - KVM: VMX: Add non-canonical check on writes to RTIT address MSRs (git-fixes). - KVM: VMX: Do not freeze guest when event delivery causes an APIC-access exit (git-fixes). - KVM: apic: avoid calculating pending eoi from an uninitialized val (git-fixes). - KVM: arm64: Avoid setting the upper 32 bits of TCR_EL2 and CPTR_EL2 (bsc#1201442) - KVM: arm64: Fix definition of PAGE_HYP_DEVICE (git-fixes) - KVM: emulate: do not adjust size of fastop and setcc subroutines (bsc#1201930). - KVM: nVMX: avoid NULL pointer dereference with incorrect EVMCS GPAs (git-fixes). - KVM: nVMX: handle nested posted interrupts when apicv is disabled for L1 (git-fixes). - KVM: x86/pmu: Fix UBSAN shift-out-of-bounds warning in intel_pmu_refresh() (git-fixes). - KVM: x86: Do not let userspace set host-reserved cr4 bits (git-fixes). - KVM: x86: Fix split-irqchip vs interrupt injection window request (git-fixes). - KVM: x86: Refactor prefix decoding to prevent Spectre-v1/L1TF attacks (git-fixes). - KVM: x86: Update vCPU's hv_clock before back to guest when tsc_offset is adjusted (git-fixes). - KVM: x86: handle !lapic_in_kernel case in kvm_cpu_*_extint (git-fixes). - NFC: nxp-nci: do not print header length mismatch on i2c error (git-fixes). - PCI/portdrv: Do not disable AER reporting in get_port_device_capability() (git-fixes). - PCI: dwc: Add unroll iATU space support to dw_pcie_disable_atu() (git-fixes). - PCI: dwc: Always enable CDM check if 'snps,enable-cdm-check' exists (git-fixes). - PCI: dwc: Deallocate EPC memory on dw_pcie_ep_init() errors (git-fixes). - PCI: dwc: Disable outbound windows only for controllers using iATU (git-fixes). - PCI: dwc: Stop link on host_init errors and de-initialization (git-fixes). - PCI: qcom: Power on PHY before IPQ8074 DBI register accesses (git-fixes). - PCI: qcom: Set up rev 2.1.0 PARF_PHY before enabling clocks (git-fixes). - PCI: tegra194: Fix PM error handling in tegra_pcie_config_ep() (git-fixes). - PCI: tegra194: Fix Root Port interrupt handling (git-fixes). - PCI: tegra194: Fix link up retry sequence (git-fixes). - PM: runtime: Remove link state checks in rpm_get/put_supplier() (git-fixes). - Sort in RETbleed backport into the sorted section Now that it is upstream.. - USB: Follow-up to SPDX identifiers addition - remove now useless comments (git-fixes). - USB: serial: fix tty-port initialized comments (git-fixes). - USB: serial: ftdi_sio: add Belimo device ids (git-fixes). - amd-xgbe: Update DMA coherency values (git-fixes). - arm64 module: set plt* section addresses to 0x0 (git-fixes) - arm64: Extend workaround for erratum 1024718 to all versions of (git-fixes) - arm64: asm: Add new-style position independent function annotations (git-fixes) - arm64: compat: Ensure upper 32 bits of x0 are zero on syscall return (git-fixes) - arm64: dts: marvell: armada-37xx: Set pcie_reset_pin to gpio function (git-fixes) - arm64: dts: marvell: espressobin: Add ethernet switch aliases (git-fixes) - arm64: dts: marvell: espressobin: add ethernet alias (git-fixes) - arm64: dts: mcbin: support 2W SFP modules (git-fixes) - arm64: fix compat syscall return truncation (git-fixes) - arm64: fix inline asm in load_unaligned_zeropad() (git-fixes) - arm64: mm: Do not invalidate FROM_DEVICE buffers at start of DMA (git-fixes) - arm64: module: remove (NOLOAD) from linker script (git-fixes) - arm64: module: rework special section handling (git-fixes) - arm64: perf: Report the PC value in REGS_ABI_32 mode (git-fixes) - arm64: ptrace: Consistently use pseudo-singlestep exceptions (git-fixes) - arm64: ptrace: Override SPSR.SS when single-stepping is enabled (git-fixes) - arm64: stackleak: fix current_top_of_stack() (git-fixes) - arm64: uprobe: Return EOPNOTSUPP for AARCH32 instruction probing (git-fixes) - arm64: vdso: Avoid ISB after reading from cntvct_el0 (git-fixes) - ath10k: Fix error handling in ath10k_setup_msa_resources (git-fixes). - ath10k: do not enforce interrupt trigger type (git-fixes). - ax88179_178a: add ethtool_op_get_ts_info() (git-fixes). - blk-zoned: allow BLKREPORTZONE without CAP_SYS_ADMIN (git-fixes). - blk-zoned: allow zone management send operations without CAP_SYS_ADMIN (git-fixes). - block/compat_ioctl: fix range check in BLKGETSIZE (git-fixes). - block: Fix fsync always failed if once failed (git-fixes). - block: Fix wrong offset in bio_truncate() (git-fixes). - block: bio-integrity: Advance seed correctly for larger interval sizes (git-fixes). - block: do not delete queue kobject before its children (git-fixes). - block: drbd: drbd_nl: Make conversion to 'enum drbd_ret_code' explicit (git-fixes). - bpf, cpumap: Remove rcpu pointer from cpu_map_build_skb signature (bsc#1199364). - bpf: Add config to allow loading modules with BTF mismatches (jsc#SLE-24559). - bpf: Add in-kernel split BTF support (jsc#SLE-24559). - bpf: Assign ID to vmlinux BTF and return extra info for BTF in GET_OBJ_INFO (jsc#SLE-24559). - bpf: Keep module's btf_data_size intact after load (jsc#SLE-24559). - bpf: Load and verify kernel module BTFs (jsc#SLE-24559). - bpf: Provide function to get vmlinux BTF information (jsc#SLE-24559). - bpf: Sanitize BTF data pointer after module is loaded (jsc#SLE-24559). - bus: hisi_lpc: fix missing platform_device_put() in hisi_lpc_acpi_probe() (git-fixes). - can: Break loopback loop on loopback documentation (git-fixes). - can: error: specify the values of data[5..7] of CAN error frames (git-fixes). - can: gs_usb: gs_usb_open/close(): fix memory leak (git-fixes). - can: hi311x: do not report txerr and rxerr during bus-off (git-fixes). - can: kvaser_usb_hydra: do not report txerr and rxerr during bus-off (git-fixes). - can: kvaser_usb_leaf: do not report txerr and rxerr during bus-off (git-fixes). - can: pch_can: do not report txerr and rxerr during bus-off (git-fixes). - can: pch_can: pch_can_error(): initialize errc before using it (git-fixes). - can: rcar_can: do not report txerr and rxerr during bus-off (git-fixes). - can: sja1000: do not report txerr and rxerr during bus-off (git-fixes). - can: sun4i_can: do not report txerr and rxerr during bus-off (git-fixes). - can: usb_8dev: do not report txerr and rxerr during bus-off (git-fixes). - clk: qcom: camcc-sdm845: Fix topology around titan_top power domain (git-fixes). - clk: qcom: clk-krait: unlock spin after mux completion (git-fixes). - clk: qcom: ipq8074: SW workaround for UBI32 PLL lock (git-fixes). - clk: qcom: ipq8074: fix NSS core PLL-s (git-fixes). - clk: qcom: ipq8074: fix NSS port frequency tables (git-fixes). - clk: qcom: ipq8074: set BRANCH_HALT_DELAY flag for UBI clocks (git-fixes). - clk: renesas: r9a06g032: Fix UART clkgrp bitsel (git-fixes). - config: enable DEBUG_INFO_BTF This option allows users to access the btf type information for vmlinux but not kernel modules. - cpuidle: PSCI: Move the `has_lpi` check to the beginning of the (git-fixes) - crypto: qat - disable registration of algorithms (git-fixes). - crypto: qat - fix memory leak in RSA (git-fixes). - crypto: qat - remove dma_free_coherent() for DH (git-fixes). - crypto: qat - remove dma_free_coherent() for RSA (git-fixes). - crypto: qat - set to zero DH parameters before free (git-fixes). - cxgb4: Fix the -Wmisleading-indentation warning (git-fixes). - dm btree remove: assign new_root only when removal succeeds (git-fixes). - dm btree remove: fix use after free in rebalance_children() (git-fixes). - dm bufio: subtract the number of initial sectors in dm_bufio_get_device_size (git-fixes). - dm crypt: Avoid percpu_counter spinlock contention in crypt_page_alloc() (git-fixes). - dm crypt: fix get_key_size compiler warning if !CONFIG_KEYS (git-fixes). - dm crypt: make printing of the key constant-time (git-fixes). - dm integrity: conditionally disable 'recalculate' feature (git-fixes). - dm integrity: fix a crash if 'recalculate' used without 'internal_hash' (git-fixes). - dm integrity: fix error code in dm_integrity_ctr() (git-fixes). - dm integrity: fix memory corruption when tag_size is less than digest size (git-fixes). - dm integrity: fix the maximum number of arguments (git-fixes). - dm mirror log: round up region bitmap size to BITS_PER_LONG (git-fixes). - dm persistent data: packed struct should have an aligned() attribute too (git-fixes). - dm raid: fix inconclusive reshape layout on fast raid4/5/6 table reload sequences (git-fixes). - dm snapshot: fix crash with transient storage and zero chunk size (git-fixes). - dm snapshot: flush merged data before committing metadata (git-fixes). - dm snapshot: properly fix a crash when an origin has no snapshots (git-fixes). - dm space map common: fix division bug in sm_ll_find_free_block() (git-fixes). - dm stats: add cond_resched when looping over entries (git-fixes). - dm verity: fix FEC for RS roots unaligned to block size (git-fixes). - dm: fix mempool NULL pointer race when completing IO (git-fixes). - dmaengine: at_xdma: handle errors of at_xdmac_alloc_desc() correctly (git-fixes). - dmaengine: imx-sdma: Allow imx8m for imx7 FW revs (git-fixes). - dmaengine: pl330: Fix lockdep warning about non-static key (git-fixes). - dmaengine: ti: Add missing put_device in ti_dra7_xbar_route_allocate (git-fixes). - dmaengine: ti: Fix refcount leak in ti_dra7_xbar_route_allocate (git-fixes). - do not call utsname() after ->nsproxy is NULL (bsc#1201196). - drbd: fix potential silent data corruption (git-fixes). - driver core: fix potential deadlock in __driver_attach (git-fixes). - drivers/net: Fix kABI in tun.c (git-fixes). - drivers: net: fix memory leak in atusb_probe (git-fixes). - drivers: net: fix memory leak in peak_usb_create_dev (git-fixes). - drm/amd/display: Enable building new display engine with KCOV enabled (git-fixes). - drm/bridge: tc358767: Make sure Refclk clock are enabled (git-fixes). - drm/doc: Fix comment typo (git-fixes). - drm/exynos/exynos7_drm_decon: free resources when clk_set_parent() failed (git-fixes). - drm/i915/gt: Serialize TLB invalidates with GT resets (git-fixes). - drm/i915/selftests: fix a couple IS_ERR() vs NULL tests (git-fixes). - drm/i915: fix a possible refcount leak in intel_dp_add_mst_connector() (git-fixes). - drm/mcde: Fix refcount leak in mcde_dsi_bind (git-fixes). - drm/mediatek: Add pull-down MIPI operation in mtk_dsi_poweroff function (git-fixes). - drm/mediatek: dpi: Only enable dpi after the bridge is enabled (git-fixes). - drm/mediatek: dpi: Remove output format of YUV (git-fixes). - drm/mipi-dbi: align max_chunk to 2 in spi_transfer (git-fixes). - drm/msm/hdmi: enable core-vcc/core-vdda-supply for 8996 platform (git-fixes). - drm/msm/mdp5: Fix global state lock backoff (git-fixes). - drm/nouveau: fix another off-by-one in nvbios_addr (git-fixes). - drm/panfrost: Fix shrinker list corruption by madvise IOCTL (git-fixes). - drm/panfrost: Put mapping instead of shmem obj on panfrost_mmu_map_fault_addr() error (git-fixes). - drm/radeon: fix incorrrect SPDX-License-Identifiers (git-fixes). - drm/radeon: fix potential buffer overflow in ni_set_mc_special_registers() (git-fixes). - drm/rockchip: Fix an error handling path rockchip_dp_probe() (git-fixes). - drm/rockchip: vop: Do not crash for invalid duplicate_state() (git-fixes). - drm/st7735r: Fix module autoloading for Okaya RH128128T (git-fixes). - drm/vc4: dsi: Add correct stop condition to vc4_dsi_encoder_disable iteration (git-fixes). - drm/vc4: dsi: Correct DSI divider calculations (git-fixes). - drm/vc4: dsi: Correct pixel order for DSI0 (git-fixes). - drm/vc4: hdmi: Correct HDMI timing registers for interlaced modes (git-fixes). - drm/vc4: hdmi: Fix timings for interlaced modes (git-fixes). - drm/vc4: plane: Fix margin calculations for the right/bottom edges (git-fixes). - drm/vc4: plane: Remove subpixel positioning check (git-fixes). - drm: adv7511: override i2c address of cec before accessing it (git-fixes). - drm: bridge: adv7511: Add check for mipi_dsi_driver_register (git-fixes). - drm: bridge: sii8620: fix possible off-by-one (git-fixes). - fbcon: Disallow setting font bigger than screen size (git-fixes). - fbcon: Prevent that screen size is smaller than font size (git-fixes). - fbdev: fbmem: Fix logo center image dx issue (git-fixes). - fbmem: Check virtual screen sizes in fb_set_var() (git-fixes). - fpga: altera-pr-ip: fix unsigned comparison with less than zero (git-fixes). - ftgmac100: Restart MAC HW once (git-fixes). - gpio: gpiolib-of: Fix refcount bugs in of_mm_gpiochip_add_data() (git-fixes). - gpio: pca953x: only use single read/write for No AI mode (git-fixes). - gpio: pca953x: use the correct range when do regmap sync (git-fixes). - gpio: pca953x: use the correct register address when regcache sync during init (git-fixes). - hex2bin: make the function hex_to_bin constant-time (git-fixes). - hv_netvsc: Add (more) validation for untrusted Hyper-V values (bsc#1199364). - hv_netvsc: Add comment of netvsc_xdp_xmit() (bsc#1199364). - hv_netvsc: Add support for XDP_REDIRECT (bsc#1199364). - hv_netvsc: Copy packets sent by Hyper-V out of the receive buffer (bsc#1199364). - hv_netvsc: Fix validation in netvsc_linkstatus_callback() (bsc#1199364). - i2c: Fix a potential use after free (git-fixes). - i2c: cadence: Change large transfer count reset logic to be unconditional (git-fixes). - i2c: cadence: Support PEC for SMBus block read (git-fixes). - i2c: cadence: Unregister the clk notifier in error path (git-fixes). - i2c: mux-gpmux: Add of_node_put() when breaking out of loop (git-fixes). - ida: do not use BUG_ON() for debugging (git-fixes). - igb: Enable RSS for Intel I211 Ethernet Controller (git-fixes). - iio: accel: bma220: Fix alignment for DMA safety (git-fixes). - iio: accel: sca3000: Fix alignment for DMA safety (git-fixes). - iio: adc: ad7266: Fix alignment for DMA safety (git-fixes). - iio: adc: ad7298: Fix alignment for DMA safety (git-fixes). - iio: adc: ad7476: Fix alignment for DMA safety (git-fixes). - iio: adc: ad7766: Fix alignment for DMA safety (git-fixes). - iio: adc: ad7768-1: Fix alignment for DMA safety (git-fixes). - iio: adc: ad7887: Fix alignment for DMA safety (git-fixes). - iio: adc: hi8435: Fix alignment for DMA safety (git-fixes). - iio: adc: ltc2497: Fix alignment for DMA safety (git-fixes). - iio: adc: max1027: Fix alignment for DMA safety (git-fixes). - iio: adc: max11100: Fix alignment for DMA safety (git-fixes). - iio: adc: max1118: Fix alignment for DMA safety (git-fixes). - iio: adc: mcp320x: Fix alignment for DMA safety (git-fixes). - iio: adc: ti-adc0832: Fix alignment for DMA safety (git-fixes). - iio: adc: ti-adc084s021: Fix alignment for DMA safety (git-fixes). - iio: adc: ti-adc12138: Fix alignment for DMA safety (git-fixes). - iio: adc: ti-adc128s052: Fix alignment for DMA safety (git-fixes). - iio: adc: ti-adc161s626: Fix alignment for DMA safety (git-fixes). - iio: adc: ti-ads124s08: Fix alignment for DMA safety (git-fixes). - iio: adc: ti-ads7950: Fix alignment for DMA safety (git-fixes). - iio: adc: ti-ads8344: Fix alignment for DMA safety (git-fixes). - iio: adc: ti-ads8688: Fix alignment for DMA safety (git-fixes). - iio: adc: ti-tlc4541: Fix alignment for DMA safety (git-fixes). - iio: amplifiers: ad8366: Fix alignment for DMA safety (git-fixes). - iio: core: Fix IIO_ALIGN and rename as it was not sufficiently large (git-fixes). - iio: dac: ad5064: Fix alignment for DMA safety (git-fixes). - iio: dac: ad5360: Fix alignment for DMA safety (git-fixes). - iio: dac: ad5421: Fix alignment for DMA safety (git-fixes). - iio: dac: ad5449: Fix alignment for DMA safety (git-fixes). - iio: dac: ad5504: Fix alignment for DMA safety (git-fixes). - iio: dac: ad5755: Fix alignment for DMA safety (git-fixes). - iio: dac: ad5761: Fix alignment for DMA safety (git-fixes). - iio: dac: ad5764: Fix alignment for DMA safety (git-fixes). - iio: dac: ad5791: Fix alignment for DMA saftey (git-fixes). - iio: dac: ad7303: Fix alignment for DMA safety (git-fixes). - iio: dac: ad8801: Fix alignment for DMA safety (git-fixes). - iio: dac: mcp4922: Fix alignment for DMA safety (git-fixes). - iio: dac: ti-dac082s085: Fix alignment for DMA safety (git-fixes). - iio: dac: ti-dac5571: Fix alignment for DMA safety (git-fixes). - iio: dac: ti-dac7311: Fix alignment for DMA safety (git-fixes). - iio: dac: ti-dac7612: Fix alignment for DMA safety (git-fixes). - iio: frequency: ad9523: Fix alignment for DMA safety (git-fixes). - iio: frequency: adf4350: Fix alignment for DMA safety (git-fixes). - iio: frequency: adf4371: Fix alignment for DMA safety (git-fixes). - iio: gyro: adis16080: Fix alignment for DMA safety (git-fixes). - iio: gyro: adis16130: Fix alignment for DMA safety (git-fixes). - iio: gyro: adxrs450: Fix alignment for DMA safety (git-fixes). - iio: gyro: fxas210002c: Fix alignment for DMA safety (git-fixes). - iio: light: isl29028: Fix the warning in isl29028_remove() (git-fixes). - iio: potentiometer: ad5272: Fix alignment for DMA safety (git-fixes). - iio: potentiometer: max5481: Fix alignment for DMA safety (git-fixes). - iio: potentiometer: mcp41010: Fix alignment for DMA safety (git-fixes). - iio: potentiometer: mcp4131: Fix alignment for DMA safety (git-fixes). - iio: proximity: as3935: Fix alignment for DMA safety (git-fixes). - iio: resolver: ad2s1200: Fix alignment for DMA safety (git-fixes). - iio: resolver: ad2s90: Fix alignment for DMA safety (git-fixes). - ima: Fix a potential integer overflow in ima_appraise_measurement (git-fixes). - ima: Fix potential memory leak in ima_init_crypto() (git-fixes). - intel_th: Fix a resource leak in an error handling path (git-fixes). - intel_th: msu-sink: Potential dereference of null pointer (git-fixes). - intel_th: msu: Fix vmalloced buffers (git-fixes). - kABI workaround for rtsx_usb (git-fixes). - kabi: create module private struct to hold btf size/data (jsc#SLE-24559). - kbuild: Build kernel module BTFs if BTF is enabled and pahole supports it (jsc#SLE-24559). - kbuild: Skip module BTF generation for out-of-tree external modules (jsc#SLE-24559). - kbuild: add marker for build log of *.mod.o (jsc#SLE-24559). - kbuild: drop $(wildcard $^) check in if_changed* for faster rebuild (jsc#SLE-24559). - kbuild: rebuild modules when module linker scripts are updated (jsc#SLE-24559). - kbuild: rename any-prereq to newer-prereqs (jsc#SLE-24559). - kbuild: split final module linking out into Makefile.modfinal (jsc#SLE-24559). - lib/string.c: implement stpcpy (git-fixes). - linux/random.h: Mark CONFIG_ARCH_RANDOM functions __must_check (git-fixes). - linux/random.h: Remove arch_has_random, arch_has_random_seed (git-fixes). - linux/random.h: Use false with bool (git-fixes). - lkdtm: Disable return thunks in rodata.c (bsc#1178134). - macvlan: remove redundant null check on data (git-fixes). - md/bitmap: wait for external bitmap writes to complete during tear down (git-fixes). - md/raid0: Ignore RAID0 layout if the second zone has only one device (git-fixes). - md: Set prev_flush_start and flush_bio in an atomic way (git-fixes). - md: bcache: check the return value of kzalloc() in detached_dev_do_request() (git-fixes). - media: hdpvr: fix error value returns in hdpvr_read (git-fixes). - media: rc: increase rc-mm tolerance and add debug message (git-fixes). - media: rtl28xxu: Add support for PROlectrix DV107669 DVB-T dongle (git-fixes). - media: rtl28xxu: add missing sleep before probing slave demod (git-fixes). - media: rtl28xxu: set keymap for Astrometa DVB-T2 (git-fixes). - media: smipcie: fix interrupt handling and IR timeout (git-fixes). - media: tw686x: Register the irq at the end of probe (git-fixes). - media: usb: dvb-usb-v2: rtl28xxu: convert to use i2c_new_client_device() (git-fixes). - media: v4l2-mem2mem: always consider OUTPUT queue during poll (git-fixes). - media: v4l2-mem2mem: reorder checks in v4l2_m2m_poll() (git-fixes). - mediatek: mt76: mac80211: Fix missing of_node_put() in mt76_led_init() (git-fixes). - memregion: Fix memregion_free() fallback definition (git-fixes). - memstick/ms_block: Fix a memory leak (git-fixes). - memstick/ms_block: Fix some incorrect memory allocation (git-fixes). - meson-mx-socinfo: Fix refcount leak in meson_mx_socinfo_init (git-fixes). - misc: rtsx: Fix an error handling path in rtsx_pci_probe() (git-fixes). - misc: rtsx_usb: fix use of dma mapped buffer for usb bulk transfer (git-fixes). - misc: rtsx_usb: set return value in rsp_buf alloc err path (git-fixes). - misc: rtsx_usb: use separate command and response buffers (git-fixes). - mm/slub: add missing TID updates on slab deactivation (git-fixes). - mm: fix page reference leak in soft_offline_page() (git fixes (mm/memory-failure)). - mmc: cavium-octeon: Add of_node_put() when breaking out of loop (git-fixes). - mmc: cavium-thunderx: Add of_node_put() when breaking out of loop (git-fixes). - mmc: sdhci-of-at91: fix set_uhs_signaling rewriting of MC1R (git-fixes). - mmc: sdhci-of-esdhc: Fix refcount leak in esdhc_signal_voltage_switch (git-fixes). - mt7601u: add USB device ID for some versions of XiaoDu WiFi Dongle (git-fixes). - mt76: mt76x02u: fix possible memory leak in __mt76x02u_mcu_send_msg (git-fixes). - net, xdp: Introduce __xdp_build_skb_from_frame utility routine (bsc#1199364). - net, xdp: Introduce xdp_build_skb_from_frame utility routine (bsc#1199364). - net/mlx5e: When changing XDP program without reset, take refs for XSK RQs (git-fixes). - net/sonic: Fix some resource leaks in error handling paths (git-fixes). - net: ag71xx: remove unnecessary MTU reservation (git-fixes). - net: allwinner: Fix some resources leak in the error handling path of the probe and in the remove function (git-fixes). - net: amd-xgbe: Fix NETDEV WATCHDOG transmit queue timeout warning (git-fixes). - net: amd-xgbe: Fix network fluctuations when using 1G BELFUSE SFP (git-fixes). - net: amd-xgbe: Reset link when the link never comes back (git-fixes). - net: amd-xgbe: Reset the PHY rx data path when mailbox command timeout (git-fixes). - net: axienet: Handle deferred probe on clock properly (git-fixes). - net: dsa: bcm_sf2: Qualify phydev->dev_flags based on port (git-fixes). - net: dsa: bcm_sf2: put device node before return (git-fixes). - net: dsa: lantiq_gswip: Exclude RMII from modes that report 1 GbE (git-fixes). - net: dsa: lantiq_gswip: Let GSWIP automatically set the xMII clock (git-fixes). - net: enetc: fix incorrect TPID when receiving 802.1ad tagged packets (git-fixes). - net: enetc: keep RX ring consumer index in sync with hardware (git-fixes). - net: evaluate net.ipv4.conf.all.proxy_arp_pvlan (git-fixes). - net: evaluate net.ipvX.conf.all.ignore_routes_with_linkdown (git-fixes). - net: hns3: fix error mask definition of flow director (git-fixes). - net: hso: bail out on interrupt URB allocation failure (git-fixes). - net: lapbether: Remove netif_start_queue / netif_stop_queue (git-fixes). - net: ll_temac: Fix potential NULL dereference in temac_probe() (git-fixes). - net: ll_temac: Use devm_platform_ioremap_resource_byname() (git-fixes). - net: macb: add function to disable all macb clocks (git-fixes). - net: macb: restore cmp registers on resume path (git-fixes). - net: macb: unprepare clocks in case of failure (git-fixes). - net: mscc: Fix OF_MDIO config check (git-fixes). - net: mvneta: Remove per-cpu queue mapping for Armada 3700 (git-fixes). - net: rose: fix UAF bug caused by rose_t0timer_expiry (git-fixes). - net: stmmac: dwmac-sun8i: Provide TX and RX fifo sizes (git-fixes). - net: stmmac: dwmac1000: provide multicast filter fallback (git-fixes). - net: stmmac: fix CBS idleslope and sendslope calculation (git-fixes). - net: stmmac: fix incorrect DMA channel intr enable setting of EQoS v4.10 (git-fixes). - net: stmmac: fix watchdog timeout during suspend/resume stress test (git-fixes). - net: stmmac: stop each tx channel independently (git-fixes). - net: tun: set tun->dev->addr_len during TUNSETLINK processing (git-fixes). - net: usb: ax88179_178a: add Allied Telesis AT-UMCs (git-fixes). - net: usb: ax88179_178a: add MCT usb 3.0 adapter (git-fixes). - net: usb: ax88179_178a: add Toshiba usb 3.0 adapter (git-fixes). - net: usb: ax88179_178a: remove redundant assignment to variable ret (git-fixes). - net: usb: ax88179_178a: write mac to hardware in get_mac_addr (git-fixes). - net: usb: qmi_wwan: add Telit 0x1060 composition (git-fixes). - net: usb: qmi_wwan: add Telit 0x1070 composition (git-fixes). - net: usb: use eth_hw_addr_set() (git-fixes). - nvme: consider also host_iface when checking ip options (bsc#1199670). - octeontx2-af: fix memory leak of lmac and lmac->name (git-fixes). - pinctrl: sunxi: a83t: Fix NAND function name for some pins (git-fixes). - pinctrl: sunxi: sunxi_pconf_set: use correct offset (git-fixes). - platform/olpc: Fix uninitialized data in debugfs write (git-fixes). - platform/x86: hp-wmi: Ignore Sanitization Mode event (git-fixes). - power/reset: arm-versatile: Fix refcount leak in versatile_reboot_probe (git-fixes). - powerpc/mobility: wait for memory transfer to complete (bsc#1201846 ltc#198761). - powerpc/pseries/mobility: set NMI watchdog factor during an LPM (bsc#1201846 ltc#198761). - powerpc/watchdog: introduce a NMI watchdog's factor (bsc#1201846 ltc#198761). - profiling: fix shift-out-of-bounds bugs (git fixes). - qla2xxx: drop patch which prevented nvme port discovery (bsc#1200651 bsc#1200644 bsc#1201954 bsc#1201958). - r8169: fix accessing unset transport header (git-fixes). - random: document add_hwgenerator_randomness() with other input functions (git-fixes). - random: fix typo in comments (git-fixes). - random: remove useless header comment (git fixes). - raw: Fix a data-race around sysctl_raw_l3mdev_accept (git-fixes). - regulator: of: Fix refcount leak bug in of_get_regulation_constraints() (git-fixes). - rpm/kernel-binary.spec.in: Require dwarves >= 1.22 on SLE15-SP3 or newer Dwarves 1.22 or newer is required to build kernels with BTF information embedded in modules. - sched/debug: Remove mpol_get/put and task_lock/unlock from (git-fixes) - sched/fair: Revise comment about lb decision matrix (git fixes (sched/fair)). - sched/membarrier: fix missing local execution of ipi_sync_rq_state() (git fixes (sched/membarrier)). - scripts: dummy-tools, add pahole (jsc#SLE-24559). - scsi: core: Fix error handling of scsi_host_alloc() (git-fixes). - scsi: core: Fix failure handling of scsi_add_host_with_dma() (git-fixes). - scsi: core: Only put parent device if host state differs from SHOST_CREATED (git-fixes). - scsi: core: Put .shost_dev in failure path if host state changes to RUNNING (git-fixes). - scsi: core: Put LLD module refcnt after SCSI device is released (git-fixes). - scsi: core: Retry I/O for Notify (Enable Spinup) Required error (git-fixes). - scsi: lpfc: Copyright updates for 14.2.0.5 patches (bsc#1201956). - scsi: lpfc: Fix attempted FA-PWWN usage after feature disable (bsc#1201956). - scsi: lpfc: Fix lost NVMe paths during LIF bounce stress test (bsc#1201956 bsc#1200521). - scsi: lpfc: Fix possible memory leak when failing to issue CMF WQE (bsc#1201956). - scsi: lpfc: Fix uninitialized cqe field in lpfc_nvme_cancel_iocb() (bsc#1201956). - scsi: lpfc: Prevent buffer overflow crashes in debugfs with malformed user input (bsc#1201956). - scsi: lpfc: Refactor lpfc_nvmet_prep_abort_wqe() into lpfc_sli_prep_abort_xri() (bsc#1201956). - scsi: lpfc: Remove Menlo/Hornet related code (bsc#1201956). - scsi: lpfc: Remove extra atomic_inc on cmd_pending in queuecommand after VMID (bsc#1201956). - scsi: lpfc: Revert RSCN_MEMENTO workaround for misbehaved configuration (bsc#1201956). - scsi: lpfc: Set PU field when providing D_ID in XMIT_ELS_RSP64_CX iocb (bsc#1201956). - scsi: lpfc: Update lpfc version to 14.2.0.5 (bsc#1201956). - scsi: qla2xxx: Check correct variable in qla24xx_async_gffid() (bsc#1201958). - scsi: qla2xxx: Fix discovery issues in FC-AL topology (bsc#1201958). - scsi: qla2xxx: Fix imbalance vha->vref_count (bsc#1201958). - scsi: qla2xxx: Fix incorrect display of max frame size (bsc#1201958). - scsi: qla2xxx: Fix response queue handler reading stale packets (bsc#1201958). - scsi: qla2xxx: Fix sparse warning for dport_data (bsc#1201958). - scsi: qla2xxx: Update manufacturer details (bsc#1201958). - scsi: qla2xxx: Update version to 10.02.07.800-k (bsc#1201958). - scsi: qla2xxx: Zero undefined mailbox IN registers (bsc#1201958). - scsi: qla2xxx: edif: Fix dropped IKE message (bsc#1201958). - scsi: scsi_debug: Sanity check block descriptor length in resp_mode_select() (git-fixes). - scsi: sd: Fix potential NULL pointer dereference (git-fixes). - scsi: ufs: Release clock if DMA map fails (git-fixes). - scsi: ufs: handle cleanup correctly on devm_reset_control_get error (git-fixes). - serial: 8250: fix return error code in serial8250_request_std_resource() (git-fixes). - serial: pl011: UPSTAT_AUTORTS requires .throttle/unthrottle (git-fixes). - serial: stm32: Clear prev values before setting RTS delays (git-fixes). - soc: fsl: guts: machine variable might be unset (git-fixes). - soc: ixp4xx/npe: Fix unused match warning (git-fixes). - soundwire: bus_type: fix remove and shutdown support (git-fixes). - spi: <linux/spi/spi.h>: add missing struct kernel-doc entry (git-fixes). - spi: amd: Limit max transfer and message size (git-fixes). - staging: rtl8192u: Fix sleep in atomic context bug in dm_fsync_timer_callback (git-fixes). - sysctl: Fix data races in proc_dointvec() (git-fixes). - sysctl: Fix data races in proc_dointvec_jiffies() (git-fixes). - sysctl: Fix data races in proc_dointvec_minmax() (git-fixes). - sysctl: Fix data races in proc_douintvec() (git-fixes). - sysctl: Fix data races in proc_douintvec_minmax() (git-fixes). - sysctl: Fix data-races in proc_dointvec_ms_jiffies() (git-fixes). - thermal/tools/tmon: Include pthread and time headers in tmon.h (git-fixes). - tick/nohz: Use WARN_ON_ONCE() to prevent console saturation (git fixes (kernel/time)). - usb: dwc3: add cancelled reasons for dwc3 requests (git-fixes). - usb: dwc3: gadget: Fix event pending check (git-fixes). - usb: gadget: udc: amd5536 depends on HAS_DMA (git-fixes). - usb: host: Fix refcount leak in ehci_hcd_ppc_of_probe (git-fixes). - usb: host: xhci: use snprintf() in xhci_decode_trb() (git-fixes). - usb: ohci-nxp: Fix refcount leak in ohci_hcd_nxp_probe (git-fixes). - usb: typec: add missing uevent when partner support PD (git-fixes). - usb: typec: ucsi: Acknowledge the GET_ERROR_STATUS command completion (git-fixes). - usb: xhci: tegra: Fix error check (git-fixes). - usbnet: fix memory leak in error case (git-fixes). - video: of_display_timing.h: include errno.h (git-fixes). - virtio-gpu: fix a missing check to avoid NULL dereference (git-fixes). - virtio-net: fix the race between refill work and close (git-fixes). - virtio_mmio: Add missing PM calls to freeze/restore (git-fixes). - virtio_mmio: Restore guest page size on resume (git-fixes). - watchdog: export lockup_detector_reconfigure (bsc#1201846 ltc#198761). - wifi: iwlegacy: 4965: fix potential off-by-one overflow in il4965_rs_fill_link_cmd() (git-fixes). - wifi: iwlwifi: mvm: fix double list_add at iwl_mvm_mac_wake_tx_queue (git-fixes). - wifi: libertas: Fix possible refcount leak in if_usb_probe() (git-fixes). - wifi: mac80211: fix queue selection for mesh/OCB interfaces (git-fixes). - wifi: p54: Fix an error handling path in p54spi_probe() (git-fixes). - wifi: p54: add missing parentheses in p54_flush() (git-fixes). - wifi: rtlwifi: fix error codes in rtl_debugfs_set_write_h2c() (git-fixes). - wifi: wil6210: debugfs: fix info leak in wil_write_file_wmi() (git-fixes). - wifi: wil6210: debugfs: fix uninitialized variable use in `wil_write_file_wmi()` (git-fixes). - x86/bugs: Remove apostrophe typo (bsc#1178134). - x86/kvmclock: Move this_cpu_pvti into kvmclock.h (git-fixes). - x86/retbleed: Add fine grained Kconfig knobs (bsc#1178134). - xen/netback: avoid entering xenvif_rx_next_skb() with an empty rx queue (bsc#1201381). - xen: detect uninitialized xenbus in xenbus_init (git-fixes). - xen: do not continue xenstore initialization in case of errors (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2882-1 Released: Wed Aug 24 10:34:31 2022 Summary: Security update for gnutls Type: security Severity: important References: 1202020,CVE-2022-2509 This update for gnutls fixes the following issues: - CVE-2022-2509: Fixed a double free issue during PKCS7 verification (bsc#1202020). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2904-1 Released: Fri Aug 26 05:28:34 2022 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1198341 This update for openldap2 fixes the following issues: - Prevent memory reuse which may lead to instability (bsc#1198341) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2921-1 Released: Fri Aug 26 15:17:43 2022 Summary: Recommended update for systemd Type: recommended Severity: important References: 1195059 This update for systemd fixes the following issues: - Drop or soften some of the deprecation warnings (jsc#PED-944) - Ensure root user can login even if systemd-user-sessions.service is not activated yet (bsc#1195059) - tmpfiles: check for the correct directory ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2929-1 Released: Mon Aug 29 11:21:47 2022 Summary: Recommended update for timezone Type: recommended Severity: important References: 1202310 This update for timezone fixes the following issue: - Reflect new Chile DST change (bsc#1202310) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2944-1 Released: Wed Aug 31 05:39:14 2022 Summary: Recommended update for procps Type: recommended Severity: important References: 1181475 This update for procps fixes the following issues: - Fix 'free' command reporting misleading 'used' value (bsc#1181475) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2947-1 Released: Wed Aug 31 09:16:21 2022 Summary: Security update for zlib Type: security Severity: important References: 1202175,CVE-2022-37434 This update for zlib fixes the following issues: - CVE-2022-37434: Fixed heap-based buffer over-read or buffer overflow via large gzip header extra field (bsc#1202175). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2982-1 Released: Thu Sep 1 12:33:47 2022 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1197178,1198731,1200842 This update for util-linux fixes the following issues: - su: Change owner and mode for pty (bsc#1200842) - agetty: Resolve tty name even if stdin is specified (bsc#1197178) - libmount: When moving a mount point, update all sub mount entries in utab (bsc#1198731) - mesg: use only stat() to get the current terminal status (bsc#1200842) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2994-1 Released: Fri Sep 2 10:44:54 2022 Summary: Recommended update for lame, libass, libcdio-paranoia, libdc1394, libgsm, libva, libvdpau, libvorbis, libvpx, libwebp, openjpeg, opus, speex, twolame Type: recommended Severity: moderate References: 1198925 This update for lame, libass, libcdio-paranoia, libdc1394, libgsm, libva, libvdpau, libvorbis, libvpx, libwebp, openjpeg, opus, speex, twolame adds some missing 32bit libraries to some products. (bsc#1198925) No codechanges were done in this update. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3004-1 Released: Fri Sep 2 15:02:14 2022 Summary: Security update for curl Type: security Severity: low References: 1202593,CVE-2022-35252 This update for curl fixes the following issues: - CVE-2022-35252: Fixed a potential injection of control characters into cookies, which could be exploited by sister sites to cause a denial of service (bsc#1202593). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3008-1 Released: Mon Sep 5 04:49:14 2022 Summary: Recommended update for rsyslog Type: recommended Severity: moderate References: 1199283 This update for rsyslog fixes the following issues: - Fix memory access violation issue in qDeqLinkedList during shutdown (bsc#1199283) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3127-1 Released: Wed Sep 7 04:36:10 2022 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1198752,1200800 This update for libtirpc fixes the following issues: - Exclude ipv6 addresses in client protocol version 2 code (bsc#1200800) - Fix memory leak in params.r_addr assignement (bsc#1198752) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3151-1 Released: Wed Sep 7 12:20:53 2022 Summary: Recommended update for open-iscsi Type: recommended Severity: moderate References: 1200570 This update for open-iscsi fixes the following issues: - Modify SPEC file so systemd unit files are mode 644 (not 755) (bsc#1200570) - On Tumbleweed, moved logrotate files from user-specific directory /etc/logrotate.d to vendor-specific /usr/etc/logrotate.d ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3162-1 Released: Wed Sep 7 15:07:31 2022 Summary: Security update for libyajl Type: security Severity: moderate References: 1198405,CVE-2022-24795 This update for libyajl fixes the following issues: - CVE-2022-24795: Fixed heap-based buffer overflow when handling large inputs (bsc#1198405). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3215-1 Released: Thu Sep 8 15:58:27 2022 Summary: Recommended update for rpm Type: recommended Severity: moderate References: This update for rpm fixes the following issues: - Support Ed25519 RPM signatures [jsc#SLE-24714] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3219-1 Released: Thu Sep 8 21:15:24 2022 Summary: Recommended update for sysconfig Type: recommended Severity: moderate References: 1185882,1194557,1199093 This update for sysconfig fixes the following issues: - netconfig: remove sed dependency - netconfig/dns-resolver: remove search limit of 6 domains (bsc#1199093) - netconfig: cleanup /var/run leftovers (bsc#1194557) - netconfig: update ntp man page documentation, fix typos - netconfig: revert NM default policy change change (bsc#1185882) With the change to the default policy, netconfig with NetworkManager as network.service accepted settings from all services/programs directly instead only from NetworkManager, where plugins/services have to deliver their settings to apply them. - Also support service(network) provides ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3223-1 Released: Fri Sep 9 04:33:35 2022 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1199895,1200993,1201092,1201576,1201638 This update for libzypp, zypper fixes the following issues: libzypp: - Improve handling of package locks, allowing to reset the status of its initial state (bsc#1199895) - Fix issues when receiving exceptions from curl_easy_cleanup (bsc#1201092) - Don't auto-flag kernel-firmware as 'reboot-needed' (bsc#1200993) - Remove Medianetwork and its dependent code. First reason for this is that MediaNetwork was just meant as a way to test the new CURL based downloaded. Second the Provide API is going to completely replace the current media backend. zypper: - Truncate the 'Name' column when using `zypper lr`, if the table is wider than the terminal (bsc#1201638) - Reject install/remove modifier without argument (bsc#1201576) - zypper-download: Handle unresolvable arguments as errors - Put signing key supplying repository name in quotes ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3229-1 Released: Fri Sep 9 14:46:01 2022 Summary: Security update for vim Type: security Severity: important References: 1200270,1200697,1200698,1200700,1200701,1200732,1200884,1200902,1200903,1200904,1201132,1201133,1201134,1201135,1201136,1201150,1201151,1201152,1201153,1201154,1201155,1201249,1201356,1201359,1201363,1201620,1201863,1202046,1202049,1202050,1202051,1202414,1202420,1202421,1202511,1202512,1202515,1202552,1202599,1202687,1202689,1202862,CVE-2022-1720,CVE-2022-1968,CVE-2022-2124,CVE-2022-2125,CVE-2022-2126,CVE-2022-2129,CVE-2022-2175,CVE-2022-2182,CVE-2022-2183,CVE-2022-2206,CVE-2022-2207,CVE-2022-2208,CVE-2022-2210,CVE-2022-2231,CVE-2022-2257,CVE-2022-2264,CVE-2022-2284,CVE-2022-2285,CVE-2022-2286,CVE-2022-2287,CVE-2022-2304,CVE-2022-2343,CVE-2022-2344,CVE-2022-2345,CVE-2022-2522,CVE-2022-2571,CVE-2022-2580,CVE-2022-2581,CVE-2022-2598,CVE-2022-2816,CVE-2022-2817,CVE-2022-2819,CVE-2022-2845,CVE-2022-2849,CVE-2022-2862,CVE-2022-2874,CVE-2022-2889,CVE-2022-2923,CVE-2022-2946,CVE-2022-3016 This update for vim fixes the following issues: Updated to version 9.0 with patch level 0313: - CVE-2022-2183: Fixed out-of-bounds read through get_lisp_indent() (bsc#1200902). - CVE-2022-2182: Fixed heap-based buffer overflow through parse_cmd_address() (bsc#1200903). - CVE-2022-2175: Fixed buffer over-read through cmdline_insert_reg() (bsc#1200904). - CVE-2022-2304: Fixed stack buffer overflow in spell_dump_compl() (bsc#1201249). - CVE-2022-2343: Fixed heap-based buffer overflow in GitHub repository vim prior to 9.0.0044 (bsc#1201356). - CVE-2022-2344: Fixed another heap-based buffer overflow vim prior to 9.0.0045 (bsc#1201359). - CVE-2022-2345: Fixed use after free in GitHub repository vim prior to 9.0.0046. (bsc#1201363). - CVE-2022-2819: Fixed heap-based Buffer Overflow in compile_lock_unlock() (bsc#1202414). - CVE-2022-2874: Fixed NULL Pointer Dereference in generate_loadvar() (bsc#1202552). - CVE-2022-1968: Fixed use after free in utf_ptr2char (bsc#1200270). - CVE-2022-2124: Fixed out of bounds read in current_quote() (bsc#1200697). - CVE-2022-2125: Fixed out of bounds read in get_lisp_indent() (bsc#1200698). - CVE-2022-2126: Fixed out of bounds read in suggest_trie_walk() (bsc#1200700). - CVE-2022-2129: Fixed out of bounds write in vim_regsub_both() (bsc#1200701). - CVE-2022-1720: Fixed out of bounds read in grab_file_name() (bsc#1200732). - CVE-2022-2264: Fixed out of bounds read in inc() (bsc#1201132). - CVE-2022-2284: Fixed out of bounds read in utfc_ptr2len() (bsc#1201133). - CVE-2022-2285: Fixed negative size passed to memmove() due to integer overflow (bsc#1201134). - CVE-2022-2286: Fixed out of bounds read in ins_bytes() (bsc#1201135). - CVE-2022-2287: Fixed out of bounds read in suggest_trie_walk() (bsc#1201136). - CVE-2022-2231: Fixed null pointer dereference skipwhite() (bsc#1201150). - CVE-2022-2210: Fixed out of bounds read in ml_append_int() (bsc#1201151). - CVE-2022-2208: Fixed null pointer dereference in diff_check() (bsc#1201152). - CVE-2022-2207: Fixed out of bounds read in ins_bs() (bsc#1201153). - CVE-2022-2257: Fixed out of bounds read in msg_outtrans_special() (bsc#1201154). - CVE-2022-2206: Fixed out of bounds read in msg_outtrans_attr() (bsc#1201155). - CVE-2022-2522: Fixed out of bounds read via nested autocommand (bsc#1201863). - CVE-2022-2571: Fixed heap-based buffer overflow related to ins_comp_get_next_word_or_line() (bsc#1202046). - CVE-2022-2580: Fixed heap-based buffer overflow related to eval_string() (bsc#1202049). - CVE-2022-2581: Fixed out-of-bounds read related to cstrchr() (bsc#1202050). - CVE-2022-2598: Fixed undefined behavior for Input to API related to diff_mark_adjust_tp() and ex_diffgetput() (bsc#1202051). - CVE-2022-2817: Fixed use after gree in f_assert_fails() (bsc#1202420). - CVE-2022-2816: Fixed out-of-bounds Read in check_vim9_unlet() (bsc#1202421). - CVE-2022-2862: Fixed use-after-free in compile_nested_function() (bsc#1202511). - CVE-2022-2849: Fixed invalid memory access related to mb_ptr2len() (bsc#1202512). - CVE-2022-2845: Fixed buffer Over-read related to display_dollar() (bsc#1202515). - CVE-2022-2889: Fixed use-after-free in find_var_also_in_script() in evalvars.c (bsc#1202599). - CVE-2022-2923: Fixed NULL pointer dereference in GitHub repository vim/vim prior to 9.0.0240 (bsc#1202687). - CVE-2022-2946: Fixed use after free in function vim_vsnprintf_typval (bsc#1202689). - CVE-2022-3016: Fixed use after free in vim prior to 9.0.0285 (bsc#1202862). Bugfixes: - Fixing vim error on startup (bsc#1200884). - Fixing vim SUSE Linux Enterprise Server 15 SP4 Basesystem plugin-tlib issue (bsc#1201620). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3241-1 Released: Mon Sep 12 07:21:04 2022 Summary: Recommended update for cups Type: recommended Severity: moderate References: 1201511 This update for cups fixes the following issues: - Stuck print jobs being cancelled immediately, despite MaxJobTime being set to 0 (bsc#1201511) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3252-1 Released: Mon Sep 12 09:07:53 2022 Summary: Security update for freetype2 Type: security Severity: moderate References: 1198823,1198830,1198832,CVE-2022-27404,CVE-2022-27405,CVE-2022-27406 This update for freetype2 fixes the following issues: - CVE-2022-27404 Fixed a segmentation fault via a crafted typeface (bsc#1198830). - CVE-2022-27405 Fixed a buffer overflow via a crafted typeface (bsc#1198832). - CVE-2022-27406 Fixed a segmentation fault via a crafted typeface (bsc#1198823). Non-security fixes: - Updated to version 2.10.4 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3262-1 Released: Tue Sep 13 15:34:29 2022 Summary: Recommended update for gcc11 Type: recommended Severity: moderate References: 1199140 This update for gcc11 ships some missing 32bit libraries for s390x. (bsc#1199140) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3264-1 Released: Wed Sep 14 06:23:17 2022 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1023051,1065729,1156395,1179722,1179723,1181862,1191662,1191667,1191881,1192594,1192968,1194272,1194535,1197158,1197755,1197756,1197757,1197760,1197763,1197920,1198971,1199291,1200431,1200845,1200868,1200869,1200870,1200871,1200872,1200873,1201019,1201420,1201610,1201705,1201726,1201948,1202096,1202097,1202346,1202347,1202393,1202396,1202447,1202564,1202577,1202636,1202672,1202701,1202708,1202709,1202710,1202711,1202712,1202713,1202714,1202715,1202716,1202717,1202718,1202720,1202722,1202745,1202756,1202810,1202811,1202860,1202895,1202898,1203063,1203098,1203107,1203116,1203117,1203135,1203136,1203137,CVE-2016-3695,CVE-2020-27784,CVE-2021-4155,CVE-2021-4203,CVE-2022-20368,CVE-2022-20369,CVE-2022-2588,CVE-2022-26373,CVE-2022-2663,CVE-2022-2905,CVE-2022-2977,CVE-2022-3028,CVE-2022-36879,CVE-2022-39188,CVE-2022-39190 The SUSE Linux Enterprise 15 SP3 kernel was updated receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-39190: Fixed an issue that was discovered in net/netfilter/nf_tables_api.c and could cause a denial of service upon binding to an already bound chain (bnc#1203117). - CVE-2022-39188: Fixed race condition in include/asm-generic/tlb.h where a device driver can free a page while it still has stale TLB entries (bnc#1203107). - CVE-2022-36879: Fixed an issue in xfrm_expand_policies in net/xfrm/xfrm_policy.c where a refcount could be dropped twice (bnc#1201948). - CVE-2022-3028: Fixed race condition that was found in the IP framework for transforming packets (XFRM subsystem) (bnc#1202898). - CVE-2022-2977: Fixed reference counting for struct tpm_chip (bsc#1202672). - CVE-2022-2905: Fixed tnum_range usage on array range checking for poke descriptors (bsc#1202564, bsc#1202860). - CVE-2022-2663: Fixed an issue that was found in nf_conntrack_irc where the message handling could be confused and incorrectly matches the message (bnc#1202097). - CVE-2022-26373: Fixed non-transparent sharing of return predictor targets between contexts in some Intel Processors (bnc#1201726). - CVE-2022-2588: Fixed use-after-free in cls_route (bsc#1202096). - CVE-2022-20369: Fixed out of bounds write in v4l2_m2m_querybuf of v4l2-mem2mem.c (bnc#1202347). - CVE-2022-20368: Fixed slab-out-of-bounds access in packet_recvmsg() (bsc#1202346). - CVE-2021-4203: Fixed use-after-free read flaw that was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and SO_PEERGROUPS race with listen() (bnc#1194535). - CVE-2021-4155: Fixed a data leak flaw that was found in the way XFS_IOC_ALLOCSP IOCTL in the XFS filesystem (bnc#1194272). - CVE-2020-27784: Fixed a vulnerability that was found in printer_ioctl() printer_ioctl() when accessing a deallocated instance (bnc#1202895). - CVE-2016-3695: Fixed an issue inside the einj_error_inject function in drivers/acpi/apei/einj.c that allowed users to simulate hardware errors and consequently cause a denial of service (bnc#1023051). The following non-security bugs were fixed: - ACPI: EC: Remove duplicate ThinkPad X1 Carbon 6th entry from DMI quirks (git-fixes). - ACPI: LPSS: Fix missing check in register_device_clock() (git-fixes). - ACPI: PM: save NVS memory for Lenovo G40-45 (git-fixes). - ACPI: processor: Remove freq Qos request for all CPUs (git-fixes). - ACPI: property: Return type of acpi_add_nondev_subnodes() should be bool (git-fixes). - ACPI: video: Force backlight native for some TongFang devices (git-fixes). - ALSA: bcd2000: Fix a UAF bug on the error path of probing (git-fixes). - ALSA: hda/cirrus - support for iMac 12,1 model (git-fixes). - ALSA: hda/conexant: Add quirk for LENOVO 20149 Notebook model (git-fixes). - ALSA: hda/realtek: Add a quirk for HP OMEN 15 (8786) mute LED (git-fixes). - ALSA: hda/realtek: Add mute LED quirk for HP Omen laptop (git-fixes). - ALSA: hda/realtek: Add new alc285-hp-amp-init model (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo L140PU (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo NP50PNJ (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo NP70PNJ (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo NP70PNP (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo NS50PU (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo NV45PZ (git-fixes). - ALSA: hda/realtek: Add quirk for Dell Latitude 7520 (git-fixes). - ALSA: hda/realtek: Add quirk for HP Dev One (git-fixes). - ALSA: hda/realtek: Add quirk for HP Spectre x360 15-eb0xxx (git-fixes). - ALSA: hda/realtek: Add quirk for TongFang devices with pop noise (git-fixes). - ALSA: hda/realtek: Add quirk for another Asus K42JZ model (git-fixes). - ALSA: hda/realtek: Add quirk for the Framework Laptop (git-fixes). - ALSA: hda/realtek: Fix LED on HP ProBook 435 G7 (git-fixes). - ALSA: hda/realtek: Fix deadlock by COEF mutex (git-fixes). - ALSA: hda/realtek: Fix headset mic for Acer SF313-51 (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs for HP machines (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs for a HP ProBook (git-fixes). - ALSA: hda/realtek: fix right sounds and mute/micmute LEDs for HP machine (git-fixes). - ALSA: hda/realtek: fix right sounds and mute/micmute LEDs for HP machines (git-fixes). - ALSA: info: Fix llseek return value when using callback (git-fixes). - ALSA: usb-audio: More comprehensive mixer map for ASUS ROG Zenith II (git-fixes). - ARM: 9077/1: PLT: Move struct plt_entries definition to header (git-fixes). - ARM: 9078/1: Add warn suppress parameter to arm_gen_branch_link() (git-fixes). - ARM: 9079/1: ftrace: Add MODULE_PLTS support (git-fixes). - ARM: 9098/1: ftrace: MODULE_PLT: Fix build problem without DYNAMIC_FTRACE (git-fixes). - ASoC: SOF: debug: Fix potential buffer overflow by snprintf() (git-fixes). - ASoC: audio-graph-card: Add of_node_put() in fail path (git-fixes). - ASoC: codecs: da7210: add check for i2c_add_driver (git-fixes). - ASoC: codecs: msm8916-wcd-digital: move gains from SX_TLV to S8_TLV (git-fixes). - ASoC: codecs: wcd9335: move gains from SX_TLV to S8_TLV (git-fixes). - ASoC: mt6797-mt6351: Fix refcount leak in mt6797_mt6351_dev_probe (git-fixes). - ASoC: qcom: q6dsp: Fix an off-by-one in q6adm_alloc_copp() (git-fixes). - ASoC: tas2770: Allow mono streams (git-fixes). - Bluetooth: L2CAP: Fix build errors in some archs (git-fixes). - Bluetooth: L2CAP: Fix l2cap_global_chan_by_psm regression (git-fixes). - Bluetooth: MGMT: Fixes build warnings with C=1 (git-fixes). - Fix parsing of rpm/macros.kernel-source on SLE12 (bsc#1201019). - HID: alps: Declare U1_UNICORN_LEGACY support (git-fixes). - HID: steam: Prevent NULL pointer dereference in steam_{recv,send}_report (git-fixes). - HID: wacom: Do not register pad_input for touch switch (git-fixes). - HID: wacom: Only report rotation for art pen (git-fixes). - Input: iforce - wake up after clearing IFORCE_XMIT_RUNNING flag (git-fixes). - Input: rk805-pwrkey - fix module autoloading (git-fixes). - KABI: cgroup: Restore KABI of css_set (bsc#1201610). - KVM: PPC: Book3S HV: Context tracking exit guest context before enabling irqs (bsc#1065729). - KVM: PPC: Book3S HV: Prevent POWER7/8 TLB flush flushing SLB (bsc#1156395). - KVM: PPC: Book3S HV: Use GLOBAL_TOC for kvmppc_h_set_dabr/xdabr() (bsc#1156395). - KVM: PPC: Fix vmx/vsx mixup in mmio emulation (bsc#1156395). - KVM: PPC: Use arch_get_random_seed_long instead of powernv variant (bsc#1156395). - KVM: VMX: Refuse to load kvm_intel if EPT and NX are disabled (git-fixes). - KVM: nVMX: Snapshot pre-VM-Enter BNDCFGS for !nested_run_pending case (git-fixes). - KVM: nVMX: Snapshot pre-VM-Enter DEBUGCTL for !nested_run_pending case (git-fixes). - KVM: x86: accept userspace interrupt only if no event is injected (git-fixes). - NFS: fix nfs_path in case of a rename retry (git-fixes). - NFSD: Add missing NFSv2 .pc_func methods (git-fixes). - NFSD: Clamp WRITE offsets (git-fixes). - NFSD: Fix possible sleep during nfsd4_release_lockowner() (git-fixes). - NFSD: prevent integer overflow on 32 bit systems (git-fixes). - NFSD: prevent underflow in nfssvc_decode_writeargs() (git-fixes). - NFSv4.2: support EXCHGID4_FLAG_SUPP_FENCE_OPS 4.2 EXCHANGE_ID flag (git-fixes). - NFSv4: Fix second deadlock in nfs4_evict_inode() (git-fixes). - NFSv4: nfs4_proc_set_acl needs to restore NFS_CAP_UIDGID_NOMAP on error (git-fixes). - NTB: ntb_tool: uninitialized heap data in tool_fn_write() (git-fixes). - PCI/ACPI: Guard ARM64-specific mcfg_quirks (git-fixes). - PCI: Add ACS quirk for Broadcom BCM5750x NICs (git-fixes). - PCI: hv: Fix hv_arch_irq_unmask() for multi-MSI (bsc#1200845). - PCI: hv: Fix interrupt mapping for multi-MSI (bsc#1200845). - PCI: hv: Fix multi-MSI to allow more than one MSI vector (bsc#1200845). - PCI: hv: Make the code arch neutral by adding arch specific interfaces (bsc#1200845). - PCI: hv: Only reuse existing IRTE allocation for Multi-MSI (bsc#1200845). - PCI: hv: Reuse existing IRTE allocation in compose_msi_msg() (bsc#1200845). - PCI: qcom: Fix pipe clock imbalance (git-fixes). - SUNRPC reverting d03727b248d0 ('NFSv4 fix CLOSE not waiting for direct IO compeletion') (git-fixes). - SUNRPC: Clean up scheduling of autoclose (git-fixes). - SUNRPC: Do not dereference xprt->snd_task if it's a cookie (git-fixes). - SUNRPC: Fix READ_PLUS crasher (git-fixes). - SUNRPC: Prevent immediate close+reconnect (git-fixes). - VMCI: Add support for ARM64 (bsc#1199291, jsc#SLE-24635). - VMCI: Check exclusive_vectors when freeing interrupt 1 (bsc#1199291, jsc#SLE-24635). - VMCI: Enforce queuepair max size for IOCTL_VMCI_QUEUEPAIR_ALLOC (bsc#1199291, jsc#SLE-24635). - VMCI: Fix some error handling paths in vmci_guest_probe_device() (bsc#1199291, jsc#SLE-24635). - VMCI: Release notification_bitmap in error path (bsc#1199291, jsc#SLE-24635). - VMCI: dma dg: add MMIO access to registers (bsc#1199291, jsc#SLE-24635). - VMCI: dma dg: add support for DMA datagrams receive (bsc#1199291, jsc#SLE-24635). - VMCI: dma dg: add support for DMA datagrams sends (bsc#1199291, jsc#SLE-24635). - VMCI: dma dg: allocate send and receive buffers for DMA datagrams (bsc#1199291, jsc#SLE-24635). - VMCI: dma dg: detect DMA datagram capability (bsc#1199291, jsc#SLE-24635). - VMCI: dma dg: register dummy IRQ handlers for DMA datagrams (bsc#1199291, jsc#SLE-24635). - VMCI: dma dg: set OS page size (bsc#1199291, jsc#SLE-24635). - VMCI: dma dg: whitespace formatting change for vmci register defines (bsc#1199291, jsc#SLE-24635). - arm64: signal: nofpsimd: Do not allocate fp/simd context when not available (git-fixes). - asm-generic: sections: refactor memory_intersects (git-fixes). - ata: libata-eh: Add missing command name (git-fixes). - atm: idt77252: fix use-after-free bugs caused by tst_timer (git-fixes). - blk-iocost: clamp inuse and skip noops in __propagate_weights() (bsc#1202722). - blk-iocost: fix operation ordering in iocg_wake_fn() (bsc#1202720). - blk-iocost: fix weight updates of inner active iocgs (bsc#1202717). - blk-iocost: rename propagate_active_weights() to propagate_weights() (bsc#1202722). - blktrace: fix blk_rq_merge documentation (git-fixes). - can: ems_usb: fix clang's -Wunaligned-access warning (git-fixes). - can: m_can: process interrupt only when not runtime suspended (git-fixes). - ceph: do not leak snap_rwsem in handle_cap_grant (bsc#1202810). - ceph: do not truncate file in atomic_open (bsc#1202811). - cgroup: Trace event cgroup id fields should be u64 (git-fixes). - cgroup: Use separate src/dst nodes when preloading css_sets for migration (bsc#1201610). - clk: bcm: rpi: Fix error handling of raspberrypi_fw_get_rate (git-fixes). - clk: core: Fix runtime PM sequence in clk_core_unprepare() (git-fixes). - clk: core: Honor CLK_OPS_PARENT_ENABLE for clk gate ops (git-fixes). - clk: qcom: ipq8074: dont disable gcc_sleep_clk_src (git-fixes). - clk: rockchip: add sclk_mac_lbtest to rk3188_critical_clocks (git-fixes). - coresight: cti: Correct the parameter for pm_runtime_put (git-fixes). - devlink: Fix use-after-free after a failed reload (git-fixes). - dm raid: fix KASAN warning in raid5_add_disks (git-fixes). - dmaengine: sprd: Cleanup in .remove() after pm_runtime_get_sync() failed (git-fixes). - dpaa2-eth: unregister the netdev before disconnecting from the PHY (git-fixes). - driver core: Do not probe devices after bus_type.match() probe deferral (git-fixes). - drm/amdgpu: Check BO's requested pinning domains against its preferred_domains (git-fixes). - drm/amdgpu: remove useless condition in amdgpu_job_stop_all_jobs_on_sched() (git-fixes). - drm/gem: Properly annotate WW context on drm_gem_lock_reservations() error (git-fixes). - drm/i915/reg: Fix spelling mistake 'Unsupport' -> 'Unsupported' (git-fixes). - drm/meson: Fix overflow implicit truncation warnings (git-fixes). - drm/meson: Fix refcount bugs in meson_vpu_has_available_connectors() (git-fixes). - drm/msm/dsi: Fix number of regulators for SDM660 (git-fixes). - drm/msm/dsi: Fix number of regulators for msm8996_dsi_cfg (git-fixes). - drm/msm/dsi: fix the inconsistent indenting (git-fixes). - drm/sun4i: dsi: Prevent underflow when computing packet sizes (git-fixes). - ehea: fix error return code in ehea_restart_qps() (git-fixes). - enetc: Fix endianness issues for enetc_qos (git-fixes). - ethernet: sun: niu: fix missing checks of niu_pci_eeprom_read() (git-fixes). - ext4: Fix BUG_ON in ext4_bread when write quota data (bsc#1197755). - ext4: add reserved GDT blocks check (bsc#1202712). - ext4: do not set SB_ACTIVE in ext4_orphan_cleanup() (bsc#1202708). - ext4: do not use the orphan list when migrating an inode (bsc#1197756). - ext4: fix bug_on in ext4_writepages (bsc#1200872). - ext4: fix error handling code in add_new_gdb (bsc#1179722). - ext4: fix error handling in ext4_restore_inline_data() (bsc#1197757). - ext4: fix invalid inode checksum (bsc#1179723). - ext4: fix loff_t overflow in ext4_max_bitmap_size() (bsc#1202709). - ext4: fix overhead calculation to account for the reserved gdt blocks (bsc#1200869). - ext4: fix potential infinite loop in ext4_dx_readdir() (bsc#1191662). - ext4: fix race when reusing xattr blocks (bsc#1198971). - ext4: fix symlink file size not match to file content (bsc#1200868). - ext4: fix use-after-free in ext4_rename_dir_prepare (bsc#1200871). - ext4: fix use-after-free in ext4_search_dir (bsc#1202710). - ext4: fix warning in ext4_handle_inode_extension (bsc#1202711). - ext4: force overhead calculation if the s_overhead_cluster makes no sense (bsc#1200870). - ext4: recover csum seed of tmp_inode after migrating to extents (bsc#1202713). - ext4: remove EA inode entry from mbcache on inode eviction (bsc#1198971). - ext4: unindent codeblock in ext4_xattr_block_set() (bsc#1198971). - fbcon: Fix boundary checks for fbcon=vc:n1-n2 parameters (git-fixes). - firmware: tegra: bpmp: Do only aligned access to IPC memory area (git-fixes). - fs-writeback: writeback_sb_inodes: Recalculate 'wrote' according skipped pages (bsc#1200873). - fuse: Remove the control interface for virtio-fs (bsc#1203137). - fuse: ioctl: translate ENOSYS (bsc#1203136). - fuse: limit nsec (bsc#1203135). - gadgetfs: ep_io - wait until IRQ finishes (git-fixes). - geneve: do not use RT_TOS for IPv6 flowlabel (git-fixes). - geneve: fix TOS inheriting for ipv4 (git-fixes). - gpio: pca953x: Add mutex_lock for regcache sync in PM (git-fixes). - hv_netvsc: Load and store the proper (NBL_HASH_INFO) per-packet info (bsc#1202701). - hwmon: (gpio-fan) Fix array out of bounds access (git-fixes). - i2c: imx: Make sure to unregister adapter on remove() (git-fixes). - ice: report supported and advertised autoneg using PHY capabilities (git-fixes). - ieee802154/adf7242: defer destroy_workqueue call (git-fixes). - iio: adc: mcp3911: make use of the sign bit (git-fixes). - iio: adc: mcp3911: use correct formula for AD conversion (git-fixes). - intel_th: pci: Add Meteor Lake-P support (git-fixes). - intel_th: pci: Add Raptor Lake-S CPU support (git-fixes). - intel_th: pci: Add Raptor Lake-S PCH support (git-fixes). - iommu/amd: Simplify and Consolidate Virtual APIC (AVIC) Enablement (git-fixes). - iommu/arm-smmu: qcom_iommu: Add of_node_put() when breaking out of loop (git-fixes). - iommu/exynos: Handle failed IOMMU device registration properly (git-fixes). - iommu/iova: Improve 32-bit free space estimate (git-fixes). - iommu/ipmmu-vmsa: Check for error num after setting mask (git-fixes). - iommu/mediatek: Add list_del in mtk_iommu_remove (git-fixes). - iommu/msm: Fix an incorrect NULL check on list iterator (git-fixes). - iommu/omap: Fix regression in probe for NULL pointer dereference (git-fixes). - iommu/vt-d: Calculate mask for non-aligned flushes (git-fixes). - iommu/vt-d: Fix PCI bus rescan device hot add (git-fixes). - iommu/vt-d: Fix RID2PASID setup/teardown failure (git-fixes). - iommu/vt-d: avoid invalid memory access via node_online(NUMA_NO_NODE) (git-fixes). - ipheth: fix EOVERFLOW in ipheth_rcvbulk_callback (git-fixes). - ipmi: ssif: initialize ssif_info->client early (git-fixes). - ixgbevf: add correct exception tracing for XDP (git-fixes). - jbd2: fix assertion 'jh->b_frozen_data == NULL' failure when journal aborted (bsc#1202716). - jbd2: fix outstanding credits assert in jbd2_journal_commit_transaction() (bsc#1202715). - kabi/severities: add stmmac driver local sumbols - kbuild: do not create built-in objects for external module builds (jsc#SLE-24559 bsc#1202756). - kbuild: dummy-tools: avoid tmpdir leak in dummy gcc (bsc#1181862 git-fixes). - kbuild: dummy-tools: avoid tmpdir leak in dummy gcc (git-fixes). - kernel-obs-build: include qemu_fw_cfg (boo#1201705) - kfifo: fix kfifo_to_user() return type (git-fixes). - kfifo: fix ternary sign extension bugs (git-fixes). - lib/list_debug.c: Detect uninitialized lists (git-fixes). - lib: bitmap: provide devm_bitmap_alloc() and devm_bitmap_zalloc() (git-fixes). - lightnvm: Remove lightnvm implemenation (bsc#1191881 bsc#1201420 ZDI-CAN-17325). - list: add 'list_del_init_careful()' to go with 'list_empty_careful()' (bsc#1202745). - locking/lockdep: Avoid potential access of invalid memory in lock_class (git-fixes). - loop: Fix missing discard support when using LOOP_CONFIGURE (bsc#1202718). - mbcache: add functions to delete entry if unused (bsc#1198971). - mbcache: do not reclaim used entries (bsc#1198971). - md/bitmap: do not set sb values if can't pass sanity check (bsc#1197158). - mfd: max77620: Fix refcount leak in max77620_initialise_fps (git-fixes). - mfd: t7l66xb: Drop platform disable callback (git-fixes). - misc: fastrpc: fix memory corruption on open (git-fixes). - misc: fastrpc: fix memory corruption on probe (git-fixes). - mm/rmap: Fix anon_vma->degree ambiguity leading to double-reuse (git-fixes, bsc#1203098). - mm: bdi: initialize bdi_min_ratio when bdi is unregistered (bsc#1197763). - mm: memcontrol: fix potential oom_lock recursion deadlock (bsc#1202447). - mmc: pxamci: Fix an error handling path in pxamci_probe() (git-fixes). - mmc: pxamci: Fix another error handling path in pxamci_probe() (git-fixes). - module: Ignore _GLOBAL_OFFSET_TABLE_ when warning for undefined symbols (git-fixes). - mtd: maps: Fix refcount leak in ap_flash_init (git-fixes). - mtd: maps: Fix refcount leak in of_flash_probe_versatile (git-fixes). - mtd: partitions: Fix refcount leak in parse_redboot_of (git-fixes). - mtd: rawnand: meson: Fix a potential double free issue (git-fixes). - mtd: sm_ftl: Fix deadlock caused by cancel_work_sync in sm_release (git-fixes). - mtd: st_spi_fsm: Add a clk_disable_unprepare() in .probe()'s error path (git-fixes). - net/mlx5e: Check for needed capability for cvlan matching (git-fixes). - net/sonic: Fix a resource leak in an error handling path in 'jazz_sonic_probe()' (git-fixes). - net: bcmgenet: Add mdio-bcm-unimac soft dependency (git-fixes). - net: cpsw: Properly initialise struct page_pool_params (git-fixes). - net: cpsw: add missing of_node_put() in cpsw_probe_dt() (git-fixes). - net: davinci_emac: Fix incorrect masking of tx and rx error channel (git-fixes). - net: dsa: b53: fix an off by one in checking 'vlan->vid' (git-fixes). - net: dsa: felix: suppress -EPROBE_DEFER errors (git-fixes). - net: dsa: mt7530: fix VLAN traffic leaks (git-fixes). - net: enetc: Use pci_release_region() to release some resources (git-fixes). - net: enetc: report software timestamping via SO_TIMESTAMPING (git-fixes). - net: enetc: unmap DMA in enetc_send_cmd() (git-fixes). - net: ethernet: aeroflex: fix UAF in greth_of_remove (git-fixes). - net: ethernet: ezchip: fix UAF in nps_enet_remove (git-fixes). - net: ethernet: ezchip: fix error handling (git-fixes). - net: ethernet: ezchip: remove redundant check (git-fixes). - net: ethernet: fix potential use-after-free in ec_bhf_remove (git-fixes). - net: ethernet: ti: cpsw_ale: Fix access to un-initialized memory (git-fixes). - net: fec: fix the potential memory leak in fec_enet_init() (git-fixes). - net: fec_ptp: add clock rate zero check (git-fixes). - net: ftgmac100: Fix crash when removing driver (git-fixes). - net: hdlc_x25: Return meaningful error code in x25_open (git-fixes). - net: hns: Fix kernel-doc (git-fixes). - net: lantiq: fix memory corruption in RX ring (git-fixes). - net: lapbether: Prevent racing when checking whether the netif is running (git-fixes). - net: moxa: Use devm_platform_get_and_ioremap_resource() (git-fixes). - net: mscc: ocelot: correctly report the timestamping RX filters in ethtool (git-fixes). - net: mscc: ocelot: do not downgrade timestamping RX filters in SIOCSHWTSTAMP (git-fixes). - net: mvpp2: fix interrupt mask/unmask skip condition (git-fixes). - net: netcp: Fix an error message (git-fixes). - net: pch_gbe: Propagate error from devm_gpio_request_one() (git-fixes). - net: rose: fix netdev reference changes (git-fixes). - net: sock: tracing: Fix sock_exceed_buf_limit not to dereference stale pointer (git-fixes). - net: stmicro: handle clk_prepare() failure during init (git-fixes). - net: stmmac: Modify configuration method of EEE timers (git-fixes). - net: stmmac: Use resolved link config in mac_link_up() (git-fixes). - net: stmmac: disable clocks in stmmac_remove_config_dt() (git-fixes). - net: stmmac: dwmac1000: Fix extended MAC address registers definition (git-fixes). - net: vmxnet3: fix possible NULL pointer dereference in vmxnet3_rq_cleanup() (bsc#1200431). - net: vmxnet3: fix possible use-after-free bugs in vmxnet3_rq_alloc_rx_buf() (bsc#1200431). - net: vmxnet3: remove multiple false checks in vmxnet3_ethtool.c (bsc#1200431). - net:emac/emac-mac: Fix a use after free in emac_mac_tx_buf_send (git-fixes). - net:enetc: allocate CBD ring data memory using DMA coherent methods (git-fixes). - net_sched: cls_route: disallow handle of 0 (bsc#1202393). - nfsd: fix use-after-free due to delegation race (git-fixes). - nvme: fix RCU hole that allowed for endless looping in multipath round robin (bsc#1202636). - objtool: Add support for intra-function calls (bsc#1202396). - objtool: Make handle_insn_ops() unconditional (bsc#1202396). - objtool: Remove INSN_STACK (bsc#1202396). - objtool: Rework allocating stack_ops on decode (bsc#1202396). - objtool: Support multiple stack_op per instruction (bsc#1202396). - ocfs2: drop acl cache for directories too (bsc#1191667). - ocfs2: fix crash when initialize filecheck kobj fails (bsc#1197920). - ocfs2: mount fails with buffer overflow in strlen (bsc#1197760). - octeontx2-af: fix infinite loop in unmapping NPC counter (git-fixes). - perf bench: Share some global variables to fix build with gcc 10 (git-fixes). - pinctrl/rockchip: fix gpio device creation (git-fixes). - pinctrl: nomadik: Fix refcount leak in nmk_pinctrl_dt_subnode_to_map (git-fixes). - pinctrl: qcom: msm8916: Allow CAMSS GP clocks to be muxed (git-fixes). - pinctrl: sunxi: Add I/O bias setting for H6 R-PIO (git-fixes). - platform/x86: pmc_atom: Fix SLP_TYPx bitfield mask (git-fixes). - powerpc/perf: Optimize clearing the pending PMI and remove WARN_ON for PMI check in power_pmu_disable (bsc#1156395). - powerpc/powernv/kvm: Use darn for H_RANDOM on Power9 (bsc#1065729). - powerpc/powernv: Avoid crashing if rng is NULL (bsc#1065729). - powerpc/powernv: Staticify functions without prototypes (bsc#1065729). - powerpc/powernv: delay rng platform device creation until later in boot (bsc#1065729). - powerpc/powernv: rename remaining rng powernv_ functions to pnv_ (bsc#1065729). - powerpc/powernv: wire up rng during setup_arch (bsc#1065729). - powerpc/pseries: wire up rng during setup_arch() (bsc#1065729). - powerpc/xive: Fix refcount leak in xive_get_max_prio (git-fixess). - powerpc: Enable execve syscall exit tracepoint (bsc#1065729). - powerpc: define get_cycles macro for arch-override (bsc#1065729). - powerpc: powernv: kABI: add back powernv_get_random_long (bsc#1065729). - profiling: fix shift too large makes kernel panic (git-fixes). - qlcnic: Add null check after calling netdev_alloc_skb (git-fixes). - random: fix crash on multiple early calls to add_bootloader_randomness() (git-fixes). - ratelimit: Fix data-races in ___ratelimit() (git-fixes). - reiserfs: fix handling of -EOPNOTSUPP in reiserfs_for_each_xattr (bsc#1202714). - remoteproc: qcom: q6v5-mss: add powerdomains to MSM8996 config (git-fixes). - remoteproc: qcom: wcnss: Fix handling of IRQs (git-fixes). - s390/crash: fix incorrect number of bytes to copy to user space (git-fixes). - s390/crash: make copy_oldmem_page() return number of bytes copied (git-fixes). - s390/mm: do not trigger write fault when vma does not allow VM_WRITE (git-fixes). - s390/mm: fix 2KB pgtable release race (git-fixes). - s390/ptrace: pass invalid syscall numbers to tracing (bsc#1192594 LTC#197522). - scsi: lpfc: Add warning notification period to CMF_SYNC_WQE (bsc#1203063). - scsi: lpfc: Check the return value of alloc_workqueue() (bsc#1203063). - scsi: lpfc: Copyright updates for 14.2.0.6 patches (bsc#1203063). - scsi: lpfc: Fix null ndlp ptr dereference in abnormal exit path for GFT_ID (bsc#1203063). - scsi: lpfc: Fix unsolicited FLOGI receive handling during PT2PT discovery (bsc#1203063). - scsi: lpfc: Remove SANDiags related code (bsc#1203063). - scsi: lpfc: Rework MIB Rx Monitor debug info logic (bsc#1203063). - scsi: lpfc: Update lpfc version to 14.2.0.6 (bsc#1203063). - selftests: futex: Use variable MAKE instead of make (git-fixes). - serial: 8250_dw: Store LSR into lsr_saved_flags in dw8250_tx_wait_empty() (git-fixes). - serial: fsl_lpuart: RS485 RTS polariy is inverse (git-fixes). - serial: mvebu-uart: uart2 error bits clearing (git-fixes). - serial: tegra: Change lower tolerance baud rate limit for tegra20 and tegra30 (git-fixes). - silence nfscache allocation warnings with kvzalloc (git-fixes). - spi: Fix incorrect cs_setup delay handling (git-fixes). - spi: spi-rspi: Fix PIO fallback on RZ platforms (git-fixes). - spi: synquacer: Add missing clk_disable_unprepare() (git-fixes). - spmi: trace: fix stack-out-of-bound access in SPMI tracing functions (git-fixes). - staging: rtl8712: fix use after free bugs (git-fixes). - tee: optee: Fix incorrect page free bug (git-fixes). - thermal: Fix NULL pointer dereferences in of_thermal_ functions (git-fixes). - thermal: sysfs: Fix cooling_device_stats_setup() error code path (git-fixes). - thunderbolt: Use the actual buffer in tb_async_error() (git-fixes). - tools/thermal: Fix possible path truncations (git-fixes). - tracing/histogram: Fix a potential memory leak for kstrdup() (git-fixes). - tracing/histograms: Fix memory leak problem (git-fixes). - tracing/probes: Have kprobes and uprobes use $COMM too (git-fixes). - tracing: Add ustring operation to filtering string pointers (git-fixes). - tty: serial: Fix refcount leak bug in ucc_uart.c (git-fixes). - tty: serial: lpuart: disable flow control while waiting for the transmit engine to complete (git-fixes). - tty: vt: initialize unicode screen buffer (git-fixes). - usb: dwc2: fix wrong order of phy_power_on and phy_init (git-fixes). - usb: dwc3: Switch to platform_get_irq_byname_optional() (git-fixes). - usb: dwc3: ep0: Fix delay status handling (git-fixes). - usb: dwc3: gadget: END_TRANSFER before CLEAR_STALL command (git-fixes). - usb: dwc3: gadget: Fix IN endpoint max packet size allocation (git-fixes). - usb: dwc3: gadget: Refactor dwc3_gadget_ep_dequeue (git-fixes). - usb: dwc3: gadget: Remove FS bInterval_m1 limitation (git-fixes). - usb: dwc3: gadget: Remove unnecessary checks (git-fixes). - usb: dwc3: gadget: Replace list_for_each_entry_safe() if using giveback (git-fixes). - usb: dwc3: gadget: Store resource index of start cmd (git-fixes). - usb: dwc3: qcom: fix missing optional irq warnings. - usb: gadget: mass_storage: Fix cdrom data transfers on MAC-OS (git-fixes). - usb: gadget: u_audio: fix race condition on endpoint stop (git-fixes). - usb: gadget: udc-xilinx: replace memcpy with memcpy_toio (git-fixes). - usb: gadget: uvc: call uvc uvcg_warn on completed status instead of uvcg_info (git-fixes). - usb: host: ohci-ppc-of: Fix refcount leak bug (git-fixes). - usb: renesas: Fix refcount leak bug (git-fixes). - usb: typec: altmodes/displayport: correct pin assignment for UFP receptacles (git-fixes). - usbnet: Fix linkwatch use-after-free on disconnect (git-fixes). - usbnet: smsc95xx: Fix deadlock on runtime resume (git-fixes). - vboxguest: Do not use devm for irq (git-fixes). - vfio/ccw: Remove UUID from s390 debug log (git-fixes). - video: fbdev: amba-clcd: Fix refcount leak bugs (git-fixes). - video: fbdev: arkfb: Check the size of screen before memset_io() (git-fixes). - video: fbdev: arkfb: Fix a divide-by-zero bug in ark_set_pixclock() (git-fixes). - video: fbdev: i740fb: Check the argument of i740_calc_vclk() (git-fixes). - video: fbdev: s3fb: Check the size of screen before memset_io() (git-fixes). - video: fbdev: sis: fix typos in SiS_GetModeID() (git-fixes). - video: fbdev: vt8623fb: Check the size of screen before memset_io() (git-fixes). - virtio_net: fix memory leak inside XPD_TX with mergeable (git-fixes). - vmxnet3: Implement ethtool's get_channels command (bsc#1200431). - vmxnet3: Record queue number to incoming packets (bsc#1200431). - vmxnet3: Remove useless DMA-32 fallback configuration (bsc#1200431). - vmxnet3: add command to set ring buffer sizes (bsc#1200431). - vmxnet3: add support for capability registers (bsc#1200431). - vmxnet3: add support for large passthrough BAR register (bsc#1200431). - vmxnet3: add support for out of order rx completion (bsc#1200431). - vmxnet3: disable overlay offloads if UPT device does not support (bsc#1200431). - vmxnet3: do not reschedule napi for rx processing (bsc#1200431). - vmxnet3: do not stop tx queues after netif_device_detach() (bsc#1200431). - vmxnet3: limit number of TXDs used for TSO packet (bsc#1200431). - vmxnet3: prepare for version 7 changes (bsc#1200431). - vmxnet3: switch from 'pci_' to 'dma_' API (bsc#1200431). - vmxnet3: update to version 7 (bsc#1200431). - vmxnet3: use ext1 field to indicate encapsulated packet (bsc#1200431). - vsock: Fix memory leak in vsock_connect() (git-fixes). - vsock: Set socket state back to SS_UNCONNECTED in vsock_connect_timeout() (git-fixes). - watchdog: armada_37xx_wdt: check the return value of devm_ioremap() in armada_37xx_wdt_probe() (git-fixes). - wifi: cfg80211: debugfs: fix return type in ht40allow_map_read() (git-fixes). - wifi: mac80211: Do not finalize CSA in IBSS mode if state is disconnected (git-fixes). - wifi: mac80211_hwsim: add back erroneously removed cast (git-fixes). - wifi: mac80211_hwsim: fix race condition in pending packet (git-fixes). - wifi: mac80211_hwsim: use 32-bit skb cookie (git-fixes). - x86/olpc: fix 'logical not is only applied to the left hand side' (git-fixes). - xfs: Fix assert failure in xfs_setattr_size() (git-fixes). - xfs: bunmapi has unnecessary AG lock ordering issues (git-fixes). - xfs: check sb_meta_uuid for dabuf buffer recovery (bsc#1202577). - xfs: make xfs_rtalloc_query_range input parameters const (git-fixes). - xfs: mark a data structure sick if there are cross-referencing errors (git-fixes). - xfs: only reset incore inode health state flags when reclaiming an inode (git-fixes). - xfs: prevent a UAF when log IO errors race with unmount (git-fixes). - xfs: use kmem_cache_free() for kmem_cache objects (git-fixes). - xprtrdma: Fix XDRBUF_SPARSE_PAGES support (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3271-1 Released: Wed Sep 14 06:45:39 2022 Summary: Security update for perl Type: security Severity: moderate References: 1047178,CVE-2017-6512 This update for perl fixes the following issues: - CVE-2017-6512: Fixed File::Path rmtree/remove_tree race condition (bsc#1047178). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3276-1 Released: Thu Sep 15 06:15:29 2022 Summary: This update fixes the following issues: Type: recommended Severity: moderate References: Implement ECO jsc#SLE-20950 to fix the channel configuration for libeconf-devel having L3 support (instead of unsupported). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3292-1 Released: Fri Sep 16 17:06:20 2022 Summary: Security update for ruby2.5 Type: security Severity: moderate References: 1193081,CVE-2021-41819 This update for ruby2.5 fixes the following issues: - CVE-2021-41819: Fixed cookie prefix spoofing in CGI::Cookie.parse (bsc#1193081). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3304-1 Released: Mon Sep 19 11:43:25 2022 Summary: Recommended update for libassuan Type: recommended Severity: moderate References: This update for libassuan fixes the following issues: - Add a timeout for writing to a SOCKS5 proxy - Add workaround for a problem with LD_LIBRARY_PATH on newer systems - Fix issue in the logging code - Fix some build trivialities - Upgrade autoconf ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3305-1 Released: Mon Sep 19 11:45:57 2022 Summary: Security update for libtirpc Type: security Severity: important References: 1201680,CVE-2021-46828 This update for libtirpc fixes the following issues: - CVE-2021-46828: Fixed denial of service vulnerability with lots of connections (bsc#1201680). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3307-1 Released: Mon Sep 19 13:26:51 2022 Summary: Security update for sqlite3 Type: security Severity: moderate References: 1189802,1195773,1201783,CVE-2021-36690,CVE-2022-35737 This update for sqlite3 fixes the following issues: - CVE-2022-35737: Fixed an array-bounds overflow if billions of bytes are used in a string argument to a C API (bnc#1201783). - CVE-2021-36690: Fixed an issue with the SQLite Expert extension when a column has no collating sequence (bsc#1189802). - Package the Tcl bindings here again so that we only ship one copy of SQLite (bsc#1195773). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3327-1 Released: Wed Sep 21 12:47:17 2022 Summary: Security update for oniguruma Type: security Severity: important References: 1142847,1150130,1157805,1164550,1164569,1177179,CVE-2019-13224,CVE-2019-16163,CVE-2019-19203,CVE-2019-19204,CVE-2019-19246,CVE-2020-26159 This update for oniguruma fixes the following issues: - CVE-2019-19246: Fixed an out of bounds access during regular expression matching (bsc#1157805). - CVE-2019-19204: Fixed an out of bounds access when compiling a crafted regular expression (bsc#1164569). - CVE-2019-19203: Fixed an out of bounds access when performing a string search (bsc#1164550). - CVE-2019-16163: Fixed an uncontrolled recursion issue when compiling a crafted regular expression, which could lead to denial of service (bsc#1150130). - CVE-2020-26159: Fixed an off-by-one buffer overflow (bsc#1177179). - CVE-2019-13224: Fixed a potential use-after-free when handling multiple different encodings (bsc#1142847). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3388-1 Released: Mon Sep 26 12:51:36 2022 Summary: Recommended update for google-guest-agent, google-guest-oslogin, google-osconfig-agent Type: recommended Severity: moderate References: 1191036,1194319,1195391,1202100,1202101,1202826 This update for google-guest-agent, google-guest-oslogin, google-osconfig-agent fixes the following issues: - Update to version 20220713.00 (bsc#1202100, bsc#1202101) - Use pam_moduledir (bsc#1191036) - Use install command in %post section to create state file (bsc#1202826) - Avoid bashim in post install scripts (bsc#1195391) - Don't restart daemon on package upgrade, create a state file instead (bsc#1194319) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3394-1 Released: Mon Sep 26 16:05:19 2022 Summary: Security update for permissions Type: security Severity: moderate References: 1203018,CVE-2022-31252 This update for permissions fixes the following issues: - CVE-2022-31252: Fixed chkstat group controlled paths (bsc#1203018). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3395-1 Released: Mon Sep 26 16:35:18 2022 Summary: Recommended update for ca-certificates-mozilla Type: recommended Severity: moderate References: 1181994,1188006,1199079,1202868 This update for ca-certificates-mozilla fixes the following issues: Updated to 2.56 state of Mozilla SSL root CAs (bsc#1202868) - Added: - Certainly Root E1 - Certainly Root R1 - DigiCert SMIME ECC P384 Root G5 - DigiCert SMIME RSA4096 Root G5 - DigiCert TLS ECC P384 Root G5 - DigiCert TLS RSA4096 Root G5 - E-Tugra Global Root CA ECC v3 - E-Tugra Global Root CA RSA v3 - Removed: - Hellenic Academic and Research Institutions RootCA 2011 Updated to 2.54 state of Mozilla SSL root CAs (bsc#1199079) - Added: - Autoridad de Certificacion Firmaprofesional CIF A62634068 - D-TRUST BR Root CA 1 2020 - D-TRUST EV Root CA 1 2020 - GlobalSign ECC Root CA R4 - GTS Root R1 - GTS Root R2 - GTS Root R3 - GTS Root R4 - HiPKI Root CA - G1 - ISRG Root X2 - Telia Root CA v2 - vTrus ECC Root CA - vTrus Root CA - Removed: - Cybertrust Global Root - DST Root CA X3 - DigiNotar PKIoverheid CA Organisatie - G2 - GlobalSign ECC Root CA R4 - GlobalSign Root CA R2 - GTS Root R1 - GTS Root R2 - GTS Root R3 - GTS Root R4 Updated to 2.50 state of the Mozilla NSS Certificate store (bsc#1188006) - Added: - HARICA Client ECC Root CA 2021 - HARICA Client RSA Root CA 2021 - HARICA TLS ECC Root CA 2021 - HARICA TLS RSA Root CA 2021 - TunTrust Root CA Updated to 2.46 state of the Mozilla NSS Certificate store (bsc#1181994) - Added new root CAs: - NAVER Global Root Certification Authority - Removed old root CAs: - GeoTrust Global CA - GeoTrust Primary Certification Authority - GeoTrust Primary Certification Authority - G3 - GeoTrust Universal CA - GeoTrust Universal CA 2 - thawte Primary Root CA - thawte Primary Root CA - G2 - thawte Primary Root CA - G3 - VeriSign Class 3 Public Primary Certification Authority - G4 - VeriSign Class 3 Public Primary Certification Authority - G5 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3435-1 Released: Tue Sep 27 14:55:38 2022 Summary: Recommended update for runc Type: recommended Severity: important References: 1202821 This update for runc fixes the following issues: - Fix mounting via wrong proc fd. When the user and mount namespaces are used, and the bind mount is followed by the cgroup mount in the spec, the cgroup was mounted using the bind mount's mount fd. - Fix 'permission denied' error from runc run on noexec fs - Fix regression causing a failed 'exec' error after systemctl daemon-reload (bsc#1202821) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3452-1 Released: Wed Sep 28 12:13:43 2022 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1201942 This update for glibc fixes the following issues: - Reversing calculation of __x86_shared_non_temporal_threshold (bsc#1201942) - powerpc: Optimized memcmp for power10 (jsc#PED-987) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3544-1 Released: Thu Oct 6 13:48:42 2022 Summary: Security update for python3 Type: security Severity: important References: 1202624,CVE-2021-28861 This update for python3 fixes the following issues: - CVE-2021-28861: Fixed an open redirection vulnerability in the HTTP server when an URI path starts with // (bsc#1202624). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3555-1 Released: Mon Oct 10 14:05:12 2022 Summary: Recommended update for aaa_base Type: recommended Severity: important References: 1199492 This update for aaa_base fixes the following issues: - The wrapper rootsh is not a restricted shell. (bsc#1199492) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3565-1 Released: Tue Oct 11 16:17:38 2022 Summary: Recommended update for libzypp, zypper Type: recommended Severity: critical References: 1189282,1201972,1203649 This update for libzypp, zypper fixes the following issues: libzypp: - Enable 'zck' support for SUSE Linux Enterprise 15 Service Pack 4 and newer (bsc#1189282) - Fix regression leading to `-allow-vendor-change` and `no-allow-vendor-change` options being ignored (bsc#1201972) - Remove migration code that is no longer needed (bsc#1203649) - Store logrotate files in vendor specif directory '/usr/etc/logrotate.d' if so defined zypper: - Fix contradiction in the man page: `--download-in-advance` option is the default behavior - Fix regression leading to `-allow-vendor-change` and `no-allow-vendor-change` options being ignored (bsc#1201972) - Fix tests to use locale 'C.UTF-8' rather than 'en_US' - Make sure 'up' respects solver related CLI options (bsc#1201972) - Remove unneeded code to compute the PPP status because it is now auto established - Store logrotate files in vendor specif directory '/usr/etc/logrotate.d' if so defined ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3591-1 Released: Fri Oct 14 11:38:04 2022 Summary: Recommended update for kdump Type: recommended Severity: moderate References: 1186272,1201051 This update for kdump fixes the following issues: - Fix unload issue when secure boot enabled (bsc#1186272) - Fix network-related dracut options handling for fadump case (bsc#1201051) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3597-1 Released: Mon Oct 17 13:13:16 2022 Summary: Security update for expat Type: security Severity: important References: 1203438,CVE-2022-40674 This update for expat fixes the following issues: - CVE-2022-40674: Fixed use-after-free in the doContent function in xmlparse.c (bsc#1203438). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3612-1 Released: Tue Oct 18 12:21:03 2022 Summary: Recommended update for SUSEConnect Type: recommended Severity: moderate References: 1200641,1200994 This update for SUSEConnect fixes the following issues: - Allow suseconnect-keepalive.service to recognize a configured proxy. (bsc#1200994) - Remove the `WantedBy` statement from suseconnect-keepalive.service since it's only to be triggered by a systemd timer. - SUSEConnect will now ensure that the `PROXY_ENABLED` environment variable is honored. - Write services with ssl_verify=no when using connect with insecure - Rely on system-wide defaults for enabling the keepalive timer by systemd-presets-branding-SLE. (bsc#1200641) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3665-1 Released: Wed Oct 19 20:29:16 2022 Summary: Security update for xen Type: security Severity: important References: 1027519,1167608,1185104,1197081,1200762,1201394,1201631,1203806,1203807,CVE-2021-28689,CVE-2022-26365,CVE-2022-33740,CVE-2022-33741,CVE-2022-33742,CVE-2022-33745,CVE-2022-33746,CVE-2022-33748 This update for xen fixes the following issues: - CVE-2022-33746: Fixed DoS due to excessively long P2M pool freeing (bsc#1203806). - CVE-2022-33748: Fixed DoS due to race in locking (bsc#1203807). - CVE-2022-26365: Fixed issue where Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (bsc#1200762). - CVE-2022-33740: Fixed issue where Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (bsc#1200762). - CVE-2022-33741: Fixed issue where data residing in the same 4K page as data shared with a backend was being accessible by such backend (bsc#1200762). - CVE-2022-33742: Fixed issue where data residing in the same 4K page as data shared with a backend was being accessible by such backend (bsc#1200762). - CVE-2022-33745: Fixed an insufficient TLB flush for x86 PV guests in shadow mode (bsc#1201394). - CVE-2021-28689: Fixed speculative vulnerabilities with bare (non-shim) 32-bit PV guests (bsc#1185104). Bugfixes: - Fixed logic error in built-in default of max_event_channels (bsc#1167608, bsc#1201631). - Fixed issue where dom0 fails to boot with constrained vcpus and nodes (bsc#1197081). - Included upstream bugfixes (bsc#1027519). The following package changes have been done: - SUSEConnect-0.3.36-150300.20.6.1 updated - aaa_base-84.87+git20180409.04c9dae-150300.10.3.1 updated - ca-certificates-mozilla-2.56-150200.24.1 updated - cups-config-2.2.7-150000.3.35.1 updated - curl-7.66.0-150200.4.39.1 updated - glibc-locale-base-2.31-150300.41.1 updated - glibc-locale-2.31-150300.41.1 updated - glibc-2.31-150300.41.1 updated - google-guest-agent-20220713.00-150000.1.29.1 updated - google-guest-oslogin-20220721.00-150000.1.30.1 updated - google-osconfig-agent-20220801.00-150000.1.22.1 updated - kdump-0.9.0-150300.18.15.1 updated - kernel-default-5.3.18-150300.59.93.1 updated - libassuan0-2.5.5-150000.4.3.1 updated - libblkid1-2.36.2-150300.4.23.1 updated - libcups2-2.2.7-150000.3.35.1 updated - libcurl4-7.66.0-150200.4.39.1 updated - libeconf0-0.4.4+git20220104.962774f-150300.3.8.1 updated - libexpat1-2.2.5-150000.3.22.1 updated - libfdisk1-2.36.2-150300.4.23.1 updated - libfreetype6-2.10.4-150000.4.12.1 updated - libgcc_s1-11.3.0+git1637-150000.1.11.2 updated - libgnutls30-3.6.7-150200.14.19.2 updated - libldap-2_4-2-2.4.46-150200.14.11.2 updated - libldap-data-2.4.46-150200.14.11.2 updated - libmount1-2.36.2-150300.4.23.1 updated - libonig4-6.7.0-150000.3.3.1 updated - libopeniscsiusr0_2_0-2.1.7-150300.32.21.1 updated - libprocps7-3.3.15-150000.7.25.1 updated - libpython3_6m1_0-3.6.15-150300.10.30.1 updated - libruby2_5-2_5-2.5.9-150000.4.26.1 updated - libsmartcols1-2.36.2-150300.4.23.1 updated - libsqlite3-0-3.39.3-150000.3.17.1 updated - libstdc++6-11.3.0+git1637-150000.1.11.2 updated - libsystemd0-246.16-150300.7.51.1 updated - libtirpc-netconfig-1.2.6-150300.3.14.1 updated - libtirpc3-1.2.6-150300.3.14.1 updated - libudev1-246.16-150300.7.51.1 updated - libusb-1_0-0-1.0.21-150000.3.5.1 updated - libuuid1-2.36.2-150300.4.23.1 updated - libyajl2-2.1.0-150000.4.3.1 updated - libz1-1.2.11-150000.3.33.1 updated - libzypp-17.31.2-150200.45.1 updated - open-iscsi-2.1.7-150300.32.21.1 updated - perl-base-5.26.1-150300.17.11.1 updated - perl-5.26.1-150300.17.11.1 updated - permissions-20181225-150200.23.15.1 updated - procps-3.3.15-150000.7.25.1 updated - python3-base-3.6.15-150300.10.30.1 updated - python3-3.6.15-150300.10.30.1 updated - rpm-ndb-4.14.3-150300.49.1 updated - rsyslog-8.2106.0-150200.4.32.1 updated - ruby2.5-stdlib-2.5.9-150000.4.26.1 updated - ruby2.5-2.5.9-150000.4.26.1 updated - runc-1.1.4-150000.33.4 updated - sysconfig-netconfig-0.85.9-150200.12.1 updated - sysconfig-0.85.9-150200.12.1 updated - systemd-presets-common-SUSE-15-150100.8.17.1 updated - systemd-sysvinit-246.16-150300.7.51.1 updated - systemd-246.16-150300.7.51.1 updated - timezone-2022a-150000.75.10.1 updated - udev-246.16-150300.7.51.1 updated - util-linux-systemd-2.36.2-150300.4.23.1 updated - util-linux-2.36.2-150300.4.23.1 updated - vim-data-common-9.0.0313-150000.5.25.1 updated - vim-9.0.0313-150000.5.25.1 updated - xen-libs-4.14.5_06-150300.3.35.1 updated - zypper-1.14.57-150200.39.1 updated From sle-updates at lists.suse.com Sat Oct 22 07:38:35 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 22 Oct 2022 09:38:35 +0200 (CEST) Subject: SUSE-CU-2022:2627-1: Security update of suse/sles12sp4 Message-ID: <20221022073835.E7FACF78D@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp4 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2627-1 Container Tags : suse/sles12sp4:26.516 , suse/sles12sp4:latest Container Release : 26.516 Severity : critical Type : security References : 1204357 CVE-2022-3515 ----------------------------------------------------------------- The container suse/sles12sp4 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3681-1 Released: Fri Oct 21 10:46:51 2022 Summary: Security update for libksba Type: security Severity: critical References: 1204357,CVE-2022-3515 This update for libksba fixes the following issues: - CVE-2022-3515: Fixed a possible overflow in the TLV parser (bsc#1204357). The following package changes have been done: - base-container-licenses-3.0-1.319 updated - container-suseconnect-2.0.0-1.205 updated - libksba8-1.3.0-24.3.1 updated From sle-updates at lists.suse.com Sat Oct 22 07:45:56 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 22 Oct 2022 09:45:56 +0200 (CEST) Subject: SUSE-CU-2022:2628-1: Security update of suse/sles12sp5 Message-ID: <20221022074556.0B344F78D@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp5 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2628-1 Container Tags : suse/sles12sp5:6.5.388 , suse/sles12sp5:latest Container Release : 6.5.388 Severity : critical Type : security References : 1204357 CVE-2022-3515 ----------------------------------------------------------------- The container suse/sles12sp5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3681-1 Released: Fri Oct 21 10:46:51 2022 Summary: Security update for libksba Type: security Severity: critical References: 1204357,CVE-2022-3515 This update for libksba fixes the following issues: - CVE-2022-3515: Fixed a possible overflow in the TLV parser (bsc#1204357). The following package changes have been done: - libksba8-1.3.0-24.3.1 updated From sle-updates at lists.suse.com Sat Oct 22 07:47:34 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 22 Oct 2022 09:47:34 +0200 (CEST) Subject: SUSE-CU-2022:2629-1: Security update of bci/dotnet-aspnet Message-ID: <20221022074734.4C2A9F78D@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2629-1 Container Tags : bci/dotnet-aspnet:3.1 , bci/dotnet-aspnet:3.1-42.7 , bci/dotnet-aspnet:3.1.30 , bci/dotnet-aspnet:3.1.30-42.7 Container Release : 42.7 Severity : important Type : security References : 1121365 1180995 1182983 1190651 1190653 1190700 1190888 1191020 1193859 1198471 1198472 1199492 1201293 1202117 1202148 1202870 1203046 1203069 1204366 1204367 CVE-2022-40303 CVE-2022-40304 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2796-1 Released: Fri Aug 12 14:34:31 2022 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: This update for jitterentropy fixes the following issues: jitterentropy is included in version 3.4.0 (jsc#SLE-24941): This is a FIPS 140-3 / NIST 800-90b compliant userspace jitter entropy generator library, used by other FIPS libraries. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3328-1 Released: Wed Sep 21 12:48:56 2022 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: 1202870 This update for jitterentropy fixes the following issues: - Hide the non-GNUC constructs that are library internal from the exported header, to make it usable in builds with strict C99 compliance. (bsc#1202870) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3551-1 Released: Fri Oct 7 17:03:55 2022 Summary: Recommended update for libgcrypt Type: recommended Severity: moderate References: 1182983,1190700,1191020,1202117 This update for libgcrypt fixes the following issues: - FIPS: Fixed gpg/gpg2 gets out of core handler in FIPS mode while typing Tab key to Auto-Completion. [bsc#1182983] - FIPS: Ported libgcrypt to use jitterentropy [bsc#1202117, jsc#SLE-24941] * Enable the jitter based entropy generator by default in random.conf * Update the internal jitterentropy to version 3.4.0 - FIPS: Get most of the entropy from rndjent_poll [bsc#1202117] - FIPS: Check keylength in gcry_fips_indicator_kdf() [bsc#1190700] * Consider approved keylength greater or equal to 112 bits. - FIPS: Zeroize buffer and digest in check_binary_integrity() [bsc#1191020] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3555-1 Released: Mon Oct 10 14:05:12 2022 Summary: Recommended update for aaa_base Type: recommended Severity: important References: 1199492 This update for aaa_base fixes the following issues: - The wrapper rootsh is not a restricted shell. (bsc#1199492) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3663-1 Released: Wed Oct 19 19:05:21 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1121365,1180995,1190651,1190653,1190888,1193859,1198471,1198472,1201293,1202148,1203046,1203069 This update for openssl-1_1 fixes the following issues: - FIPS: Default to RFC-7919 groups for genparam and dhparam - FIPS: list only FIPS approved digest and public key algorithms [bsc#1121365, bsc#1190888, bsc#1193859, bsc#1198471, bsc#1198472] - FIPS: Add KAT for the RAND_DRBG implementation [bsc#1203069] - FIPS: openssl: RAND api should call into FIPS DRBG [bsc#1201293] * The FIPS_drbg implementation is not FIPS validated anymore. To provide backwards compatibility for applications that need FIPS compliant RNG number generation and use FIPS_drbg_generate, this function was re-wired to call the FIPS validated DRBG instance instead through the RAND_bytes() call. - FIPS: Fix minor memory leaks by FIPS patch [bsc#1203046] - FIPS: OpenSSL: Port openssl to use jitterentropy [bsc#1202148, jsc#SLE-24941] libcrypto.so now requires libjitterentropy3 library. - FIPS: OpenSSL Provide a service-level indicator [bsc#1190651] - FIPS: Add zeroization of temporary variables to the hmac integrity function FIPSCHECK_verify(). [bsc#1190653] ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3692-1 Released: Fri Oct 21 16:15:07 2022 Summary: Security update for libxml2 Type: security Severity: important References: 1204366,1204367,CVE-2022-40303,CVE-2022-40304 This update for libxml2 fixes the following issues: - CVE-2022-40303: Fixed integer overflows with XML_PARSE_HUGE (bsc#1204366). - CVE-2022-40304: Fixed dict corruption caused by entity reference cycles (bsc#1204367). The following package changes have been done: - file-magic-5.32-7.14.1 added - system-user-root-20190513-3.3.1 added - filesystem-15.0-11.8.1 added - cracklib-dict-small-2.9.7-11.6.1 added - libldap-data-2.4.46-150200.14.11.2 added - libtirpc-netconfig-1.2.6-150300.3.14.1 added - glibc-2.31-150300.41.1 added - libsasl2-3-2.1.27-150300.4.6.1 added - libcrypt1-4.4.15-150300.4.4.3 added - perl-base-5.26.1-150300.17.11.1 added - libssh-config-0.9.6-150400.1.5 added - libzstd1-1.5.0-150400.1.71 added - libsepol1-3.1-150400.1.70 added - liblz4-1-1.9.3-150400.1.7 added - libgpg-error0-1.42-150400.1.101 added - libeconf0-0.4.4+git20220104.962774f-150400.1.38 added - libcap2-2.63-150400.1.7 added - libbz2-1-1.0.8-150400.1.122 added - libaudit1-3.0.6-150400.2.13 added - libnghttp2-14-1.40.0-6.1 added - libbrotlicommon1-1.0.7-3.3.1 added - libbrotlidec1-1.0.7-3.3.1 added - libuuid1-2.37.2-150400.8.3.1 added - libsmartcols1-2.37.2-150400.8.3.1 added - libcom_err2-1.46.4-150400.3.3.1 added - libblkid1-2.37.2-150400.8.3.1 added - libgcrypt20-1.9.4-150400.6.5.1 added - libgcrypt20-hmac-1.9.4-150400.6.5.1 added - libfdisk1-2.37.2-150400.8.3.1 added - libcap-ng0-0.7.9-4.37 added - libunistring2-0.9.10-1.1 added - libz1-1.2.11-150000.3.33.1 added - libpcre1-8.45-150000.20.13.1 added - liblzma5-5.2.3-150000.4.7.1 added - liblua5_3-5-5.3.6-3.6.1 added - libkeyutils1-1.6.3-5.6.1 added - libjitterentropy3-3.4.0-150000.1.6.1 added - libgmp10-6.1.2-4.9.1 added - libgcc_s1-11.3.0+git1637-150000.1.11.2 added - libidn2-0-2.2.0-3.6.1 added - libmagic1-5.32-7.14.1 added - libstdc++6-11.3.0+git1637-150000.1.11.2 added - libpsl5-0.20.1-150000.3.3.1 added - libncurses6-6.1-150000.5.12.1 added - terminfo-base-6.1-150000.5.12.1 added - ncurses-utils-6.1-150000.5.12.1 added - libverto1-0.2.6-3.20 added - libpopt0-1.16-3.22 added - libattr1-2.4.47-2.19 added - fillup-1.42-2.18 added - libzio1-1.06-2.20 added - libselinux1-3.1-150400.1.69 added - libreadline7-7.0-150400.25.22 added - libsemanage1-3.1-150400.1.65 added - bash-4.4-150400.25.22 added - bash-sh-4.4-150400.25.22 added - login_defs-4.8.1-150400.8.57 added - cpio-2.13-150400.1.98 added - libelf1-0.185-150400.5.3.1 added - libxml2-2-2.9.14-150400.5.10.1 added - libsystemd0-249.12-150400.8.10.1 added - libopenssl1_1-1.1.1l-150400.7.10.5 added - libopenssl1_1-hmac-1.1.1l-150400.7.10.5 added - libmount1-2.37.2-150400.8.3.1 added - libdw1-0.185-150400.5.3.1 added - libcrack2-2.9.7-11.6.1 added - cracklib-2.9.7-11.6.1 added - libldap-2_4-2-2.4.46-150200.14.11.2 added - libacl1-2.2.52-4.3.1 added - findutils-4.8.0-1.20 added - info-6.5-4.17 added - patterns-base-fips-20200124-150400.18.4 added - krb5-1.19.2-150400.1.9 added - coreutils-8.32-150400.7.5 added - libssh4-0.9.6-150400.1.5 added - sles-release-15.4-150400.55.1 added - sed-4.4-11.6 added - grep-3.1-150000.4.6.1 added - diffutils-3.6-4.3.1 added - libtirpc3-1.2.6-150300.3.14.1 added - libcurl4-7.79.1-150400.5.6.1 added - rpm-config-SUSE-1-150400.14.3.1 added - permissions-20201225-150400.5.11.1 added - libnsl2-1.2.0-2.44 added - rpm-ndb-4.14.3-150300.49.1 added - pam-1.3.0-150000.6.58.3 added - shadow-4.8.1-150400.8.57 added - sysuser-shadow-3.1-150400.1.35 added - system-group-hardware-20170617-150400.22.33 added - libutempter0-1.1.6-3.42 added - util-linux-2.37.2-150400.8.3.1 added - aaa_base-84.87+git20180409.04c9dae-150300.10.3.1 added - timezone-2022a-150000.75.10.1 added - container:sles15-image-15.0.0-27.14.5 updated From sle-updates at lists.suse.com Sat Oct 22 07:48:40 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 22 Oct 2022 09:48:40 +0200 (CEST) Subject: SUSE-CU-2022:2630-1: Security update of bci/dotnet-aspnet Message-ID: <20221022074840.3FD98F78D@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2630-1 Container Tags : bci/dotnet-aspnet:5.0 , bci/dotnet-aspnet:5.0-27.22 , bci/dotnet-aspnet:5.0.17 , bci/dotnet-aspnet:5.0.17-27.22 Container Release : 27.22 Severity : important Type : security References : 1121365 1180995 1182983 1190651 1190653 1190700 1190888 1191020 1193859 1198471 1198472 1199492 1201293 1202117 1202148 1202870 1203046 1203069 1204366 1204367 CVE-2022-40303 CVE-2022-40304 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2796-1 Released: Fri Aug 12 14:34:31 2022 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: This update for jitterentropy fixes the following issues: jitterentropy is included in version 3.4.0 (jsc#SLE-24941): This is a FIPS 140-3 / NIST 800-90b compliant userspace jitter entropy generator library, used by other FIPS libraries. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3328-1 Released: Wed Sep 21 12:48:56 2022 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: 1202870 This update for jitterentropy fixes the following issues: - Hide the non-GNUC constructs that are library internal from the exported header, to make it usable in builds with strict C99 compliance. (bsc#1202870) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3551-1 Released: Fri Oct 7 17:03:55 2022 Summary: Recommended update for libgcrypt Type: recommended Severity: moderate References: 1182983,1190700,1191020,1202117 This update for libgcrypt fixes the following issues: - FIPS: Fixed gpg/gpg2 gets out of core handler in FIPS mode while typing Tab key to Auto-Completion. [bsc#1182983] - FIPS: Ported libgcrypt to use jitterentropy [bsc#1202117, jsc#SLE-24941] * Enable the jitter based entropy generator by default in random.conf * Update the internal jitterentropy to version 3.4.0 - FIPS: Get most of the entropy from rndjent_poll [bsc#1202117] - FIPS: Check keylength in gcry_fips_indicator_kdf() [bsc#1190700] * Consider approved keylength greater or equal to 112 bits. - FIPS: Zeroize buffer and digest in check_binary_integrity() [bsc#1191020] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3555-1 Released: Mon Oct 10 14:05:12 2022 Summary: Recommended update for aaa_base Type: recommended Severity: important References: 1199492 This update for aaa_base fixes the following issues: - The wrapper rootsh is not a restricted shell. (bsc#1199492) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3663-1 Released: Wed Oct 19 19:05:21 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1121365,1180995,1190651,1190653,1190888,1193859,1198471,1198472,1201293,1202148,1203046,1203069 This update for openssl-1_1 fixes the following issues: - FIPS: Default to RFC-7919 groups for genparam and dhparam - FIPS: list only FIPS approved digest and public key algorithms [bsc#1121365, bsc#1190888, bsc#1193859, bsc#1198471, bsc#1198472] - FIPS: Add KAT for the RAND_DRBG implementation [bsc#1203069] - FIPS: openssl: RAND api should call into FIPS DRBG [bsc#1201293] * The FIPS_drbg implementation is not FIPS validated anymore. To provide backwards compatibility for applications that need FIPS compliant RNG number generation and use FIPS_drbg_generate, this function was re-wired to call the FIPS validated DRBG instance instead through the RAND_bytes() call. - FIPS: Fix minor memory leaks by FIPS patch [bsc#1203046] - FIPS: OpenSSL: Port openssl to use jitterentropy [bsc#1202148, jsc#SLE-24941] libcrypto.so now requires libjitterentropy3 library. - FIPS: OpenSSL Provide a service-level indicator [bsc#1190651] - FIPS: Add zeroization of temporary variables to the hmac integrity function FIPSCHECK_verify(). [bsc#1190653] ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3692-1 Released: Fri Oct 21 16:15:07 2022 Summary: Security update for libxml2 Type: security Severity: important References: 1204366,1204367,CVE-2022-40303,CVE-2022-40304 This update for libxml2 fixes the following issues: - CVE-2022-40303: Fixed integer overflows with XML_PARSE_HUGE (bsc#1204366). - CVE-2022-40304: Fixed dict corruption caused by entity reference cycles (bsc#1204367). The following package changes have been done: - file-magic-5.32-7.14.1 added - system-user-root-20190513-3.3.1 added - filesystem-15.0-11.8.1 added - cracklib-dict-small-2.9.7-11.6.1 added - libldap-data-2.4.46-150200.14.11.2 added - libtirpc-netconfig-1.2.6-150300.3.14.1 added - glibc-2.31-150300.41.1 added - libsasl2-3-2.1.27-150300.4.6.1 added - libcrypt1-4.4.15-150300.4.4.3 added - perl-base-5.26.1-150300.17.11.1 added - libssh-config-0.9.6-150400.1.5 added - libzstd1-1.5.0-150400.1.71 added - libsepol1-3.1-150400.1.70 added - liblz4-1-1.9.3-150400.1.7 added - libgpg-error0-1.42-150400.1.101 added - libeconf0-0.4.4+git20220104.962774f-150400.1.38 added - libcap2-2.63-150400.1.7 added - libbz2-1-1.0.8-150400.1.122 added - libaudit1-3.0.6-150400.2.13 added - libnghttp2-14-1.40.0-6.1 added - libbrotlicommon1-1.0.7-3.3.1 added - libbrotlidec1-1.0.7-3.3.1 added - libuuid1-2.37.2-150400.8.3.1 added - libsmartcols1-2.37.2-150400.8.3.1 added - libcom_err2-1.46.4-150400.3.3.1 added - libblkid1-2.37.2-150400.8.3.1 added - libgcrypt20-1.9.4-150400.6.5.1 added - libgcrypt20-hmac-1.9.4-150400.6.5.1 added - libfdisk1-2.37.2-150400.8.3.1 added - libcap-ng0-0.7.9-4.37 added - libunistring2-0.9.10-1.1 added - libz1-1.2.11-150000.3.33.1 added - libpcre1-8.45-150000.20.13.1 added - liblzma5-5.2.3-150000.4.7.1 added - liblua5_3-5-5.3.6-3.6.1 added - libkeyutils1-1.6.3-5.6.1 added - libjitterentropy3-3.4.0-150000.1.6.1 added - libgmp10-6.1.2-4.9.1 added - libgcc_s1-11.3.0+git1637-150000.1.11.2 added - libidn2-0-2.2.0-3.6.1 added - libmagic1-5.32-7.14.1 added - libstdc++6-11.3.0+git1637-150000.1.11.2 added - libpsl5-0.20.1-150000.3.3.1 added - libncurses6-6.1-150000.5.12.1 added - terminfo-base-6.1-150000.5.12.1 added - ncurses-utils-6.1-150000.5.12.1 added - libverto1-0.2.6-3.20 added - libpopt0-1.16-3.22 added - libattr1-2.4.47-2.19 added - fillup-1.42-2.18 added - libzio1-1.06-2.20 added - libselinux1-3.1-150400.1.69 added - libreadline7-7.0-150400.25.22 added - libsemanage1-3.1-150400.1.65 added - bash-4.4-150400.25.22 added - bash-sh-4.4-150400.25.22 added - login_defs-4.8.1-150400.8.57 added - cpio-2.13-150400.1.98 added - libelf1-0.185-150400.5.3.1 added - libxml2-2-2.9.14-150400.5.10.1 added - libsystemd0-249.12-150400.8.10.1 added - libopenssl1_1-1.1.1l-150400.7.10.5 added - libopenssl1_1-hmac-1.1.1l-150400.7.10.5 added - libmount1-2.37.2-150400.8.3.1 added - libdw1-0.185-150400.5.3.1 added - libcrack2-2.9.7-11.6.1 added - cracklib-2.9.7-11.6.1 added - libldap-2_4-2-2.4.46-150200.14.11.2 added - libacl1-2.2.52-4.3.1 added - findutils-4.8.0-1.20 added - info-6.5-4.17 added - patterns-base-fips-20200124-150400.18.4 added - krb5-1.19.2-150400.1.9 added - coreutils-8.32-150400.7.5 added - libssh4-0.9.6-150400.1.5 added - sles-release-15.4-150400.55.1 added - sed-4.4-11.6 added - grep-3.1-150000.4.6.1 added - diffutils-3.6-4.3.1 added - libtirpc3-1.2.6-150300.3.14.1 added - libcurl4-7.79.1-150400.5.6.1 added - rpm-config-SUSE-1-150400.14.3.1 added - permissions-20201225-150400.5.11.1 added - libnsl2-1.2.0-2.44 added - rpm-ndb-4.14.3-150300.49.1 added - pam-1.3.0-150000.6.58.3 added - shadow-4.8.1-150400.8.57 added - sysuser-shadow-3.1-150400.1.35 added - system-group-hardware-20170617-150400.22.33 added - libutempter0-1.1.6-3.42 added - util-linux-2.37.2-150400.8.3.1 added - aaa_base-84.87+git20180409.04c9dae-150300.10.3.1 added - timezone-2022a-150000.75.10.1 added - container:sles15-image-15.0.0-27.14.5 updated From sle-updates at lists.suse.com Sat Oct 22 07:49:52 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 22 Oct 2022 09:49:52 +0200 (CEST) Subject: SUSE-CU-2022:2631-1: Security update of bci/dotnet-aspnet Message-ID: <20221022074952.12AE1F78D@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2631-1 Container Tags : bci/dotnet-aspnet:6.0 , bci/dotnet-aspnet:6.0-22.22 , bci/dotnet-aspnet:6.0.9 , bci/dotnet-aspnet:6.0.9-22.22 Container Release : 22.22 Severity : important Type : security References : 1121365 1180995 1182983 1190651 1190653 1190700 1190888 1191020 1193859 1198471 1198472 1199492 1201293 1202117 1202148 1202870 1203046 1203069 1204366 1204367 CVE-2022-40303 CVE-2022-40304 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2796-1 Released: Fri Aug 12 14:34:31 2022 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: This update for jitterentropy fixes the following issues: jitterentropy is included in version 3.4.0 (jsc#SLE-24941): This is a FIPS 140-3 / NIST 800-90b compliant userspace jitter entropy generator library, used by other FIPS libraries. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3328-1 Released: Wed Sep 21 12:48:56 2022 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: 1202870 This update for jitterentropy fixes the following issues: - Hide the non-GNUC constructs that are library internal from the exported header, to make it usable in builds with strict C99 compliance. (bsc#1202870) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3551-1 Released: Fri Oct 7 17:03:55 2022 Summary: Recommended update for libgcrypt Type: recommended Severity: moderate References: 1182983,1190700,1191020,1202117 This update for libgcrypt fixes the following issues: - FIPS: Fixed gpg/gpg2 gets out of core handler in FIPS mode while typing Tab key to Auto-Completion. [bsc#1182983] - FIPS: Ported libgcrypt to use jitterentropy [bsc#1202117, jsc#SLE-24941] * Enable the jitter based entropy generator by default in random.conf * Update the internal jitterentropy to version 3.4.0 - FIPS: Get most of the entropy from rndjent_poll [bsc#1202117] - FIPS: Check keylength in gcry_fips_indicator_kdf() [bsc#1190700] * Consider approved keylength greater or equal to 112 bits. - FIPS: Zeroize buffer and digest in check_binary_integrity() [bsc#1191020] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3555-1 Released: Mon Oct 10 14:05:12 2022 Summary: Recommended update for aaa_base Type: recommended Severity: important References: 1199492 This update for aaa_base fixes the following issues: - The wrapper rootsh is not a restricted shell. (bsc#1199492) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3663-1 Released: Wed Oct 19 19:05:21 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1121365,1180995,1190651,1190653,1190888,1193859,1198471,1198472,1201293,1202148,1203046,1203069 This update for openssl-1_1 fixes the following issues: - FIPS: Default to RFC-7919 groups for genparam and dhparam - FIPS: list only FIPS approved digest and public key algorithms [bsc#1121365, bsc#1190888, bsc#1193859, bsc#1198471, bsc#1198472] - FIPS: Add KAT for the RAND_DRBG implementation [bsc#1203069] - FIPS: openssl: RAND api should call into FIPS DRBG [bsc#1201293] * The FIPS_drbg implementation is not FIPS validated anymore. To provide backwards compatibility for applications that need FIPS compliant RNG number generation and use FIPS_drbg_generate, this function was re-wired to call the FIPS validated DRBG instance instead through the RAND_bytes() call. - FIPS: Fix minor memory leaks by FIPS patch [bsc#1203046] - FIPS: OpenSSL: Port openssl to use jitterentropy [bsc#1202148, jsc#SLE-24941] libcrypto.so now requires libjitterentropy3 library. - FIPS: OpenSSL Provide a service-level indicator [bsc#1190651] - FIPS: Add zeroization of temporary variables to the hmac integrity function FIPSCHECK_verify(). [bsc#1190653] ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3692-1 Released: Fri Oct 21 16:15:07 2022 Summary: Security update for libxml2 Type: security Severity: important References: 1204366,1204367,CVE-2022-40303,CVE-2022-40304 This update for libxml2 fixes the following issues: - CVE-2022-40303: Fixed integer overflows with XML_PARSE_HUGE (bsc#1204366). - CVE-2022-40304: Fixed dict corruption caused by entity reference cycles (bsc#1204367). The following package changes have been done: - file-magic-5.32-7.14.1 added - system-user-root-20190513-3.3.1 added - filesystem-15.0-11.8.1 added - cracklib-dict-small-2.9.7-11.6.1 added - libldap-data-2.4.46-150200.14.11.2 added - libtirpc-netconfig-1.2.6-150300.3.14.1 added - glibc-2.31-150300.41.1 added - libsasl2-3-2.1.27-150300.4.6.1 added - libcrypt1-4.4.15-150300.4.4.3 added - perl-base-5.26.1-150300.17.11.1 added - libssh-config-0.9.6-150400.1.5 added - libzstd1-1.5.0-150400.1.71 added - libsepol1-3.1-150400.1.70 added - liblz4-1-1.9.3-150400.1.7 added - libgpg-error0-1.42-150400.1.101 added - libeconf0-0.4.4+git20220104.962774f-150400.1.38 added - libcap2-2.63-150400.1.7 added - libbz2-1-1.0.8-150400.1.122 added - libaudit1-3.0.6-150400.2.13 added - libnghttp2-14-1.40.0-6.1 added - libbrotlicommon1-1.0.7-3.3.1 added - libbrotlidec1-1.0.7-3.3.1 added - libuuid1-2.37.2-150400.8.3.1 added - libsmartcols1-2.37.2-150400.8.3.1 added - libcom_err2-1.46.4-150400.3.3.1 added - libblkid1-2.37.2-150400.8.3.1 added - libgcrypt20-1.9.4-150400.6.5.1 added - libgcrypt20-hmac-1.9.4-150400.6.5.1 added - libfdisk1-2.37.2-150400.8.3.1 added - libcap-ng0-0.7.9-4.37 added - libunistring2-0.9.10-1.1 added - libz1-1.2.11-150000.3.33.1 added - libpcre1-8.45-150000.20.13.1 added - liblzma5-5.2.3-150000.4.7.1 added - liblua5_3-5-5.3.6-3.6.1 added - libkeyutils1-1.6.3-5.6.1 added - libjitterentropy3-3.4.0-150000.1.6.1 added - libgmp10-6.1.2-4.9.1 added - libgcc_s1-11.3.0+git1637-150000.1.11.2 added - libidn2-0-2.2.0-3.6.1 added - libmagic1-5.32-7.14.1 added - libstdc++6-11.3.0+git1637-150000.1.11.2 added - libpsl5-0.20.1-150000.3.3.1 added - libncurses6-6.1-150000.5.12.1 added - terminfo-base-6.1-150000.5.12.1 added - ncurses-utils-6.1-150000.5.12.1 added - libverto1-0.2.6-3.20 added - libpopt0-1.16-3.22 added - libattr1-2.4.47-2.19 added - fillup-1.42-2.18 added - libzio1-1.06-2.20 added - libselinux1-3.1-150400.1.69 added - libreadline7-7.0-150400.25.22 added - libsemanage1-3.1-150400.1.65 added - bash-4.4-150400.25.22 added - bash-sh-4.4-150400.25.22 added - login_defs-4.8.1-150400.8.57 added - cpio-2.13-150400.1.98 added - libelf1-0.185-150400.5.3.1 added - libxml2-2-2.9.14-150400.5.10.1 added - libsystemd0-249.12-150400.8.10.1 added - libopenssl1_1-1.1.1l-150400.7.10.5 added - libopenssl1_1-hmac-1.1.1l-150400.7.10.5 added - libmount1-2.37.2-150400.8.3.1 added - libdw1-0.185-150400.5.3.1 added - libcrack2-2.9.7-11.6.1 added - cracklib-2.9.7-11.6.1 added - libldap-2_4-2-2.4.46-150200.14.11.2 added - libacl1-2.2.52-4.3.1 added - findutils-4.8.0-1.20 added - info-6.5-4.17 added - patterns-base-fips-20200124-150400.18.4 added - krb5-1.19.2-150400.1.9 added - coreutils-8.32-150400.7.5 added - libssh4-0.9.6-150400.1.5 added - sles-release-15.4-150400.55.1 added - sed-4.4-11.6 added - grep-3.1-150000.4.6.1 added - diffutils-3.6-4.3.1 added - libtirpc3-1.2.6-150300.3.14.1 added - libcurl4-7.79.1-150400.5.6.1 added - rpm-config-SUSE-1-150400.14.3.1 added - permissions-20201225-150400.5.11.1 added - libnsl2-1.2.0-2.44 added - rpm-ndb-4.14.3-150300.49.1 added - pam-1.3.0-150000.6.58.3 added - shadow-4.8.1-150400.8.57 added - sysuser-shadow-3.1-150400.1.35 added - system-group-hardware-20170617-150400.22.33 added - libutempter0-1.1.6-3.42 added - util-linux-2.37.2-150400.8.3.1 added - aaa_base-84.87+git20180409.04c9dae-150300.10.3.1 added - timezone-2022a-150000.75.10.1 added - container:sles15-image-15.0.0-27.14.5 updated From sle-updates at lists.suse.com Sat Oct 22 07:51:11 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 22 Oct 2022 09:51:11 +0200 (CEST) Subject: SUSE-CU-2022:2632-1: Security update of bci/dotnet-sdk Message-ID: <20221022075111.D7AD3F78D@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2632-1 Container Tags : bci/dotnet-sdk:6.0 , bci/dotnet-sdk:6.0-24.22 , bci/dotnet-sdk:6.0.9 , bci/dotnet-sdk:6.0.9-24.22 Container Release : 24.22 Severity : important Type : security References : 1121365 1180995 1182983 1190651 1190653 1190700 1190888 1191020 1193859 1198471 1198472 1199492 1201293 1202117 1202148 1202870 1203046 1203069 1204366 1204367 CVE-2022-40303 CVE-2022-40304 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2796-1 Released: Fri Aug 12 14:34:31 2022 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: This update for jitterentropy fixes the following issues: jitterentropy is included in version 3.4.0 (jsc#SLE-24941): This is a FIPS 140-3 / NIST 800-90b compliant userspace jitter entropy generator library, used by other FIPS libraries. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3328-1 Released: Wed Sep 21 12:48:56 2022 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: 1202870 This update for jitterentropy fixes the following issues: - Hide the non-GNUC constructs that are library internal from the exported header, to make it usable in builds with strict C99 compliance. (bsc#1202870) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3551-1 Released: Fri Oct 7 17:03:55 2022 Summary: Recommended update for libgcrypt Type: recommended Severity: moderate References: 1182983,1190700,1191020,1202117 This update for libgcrypt fixes the following issues: - FIPS: Fixed gpg/gpg2 gets out of core handler in FIPS mode while typing Tab key to Auto-Completion. [bsc#1182983] - FIPS: Ported libgcrypt to use jitterentropy [bsc#1202117, jsc#SLE-24941] * Enable the jitter based entropy generator by default in random.conf * Update the internal jitterentropy to version 3.4.0 - FIPS: Get most of the entropy from rndjent_poll [bsc#1202117] - FIPS: Check keylength in gcry_fips_indicator_kdf() [bsc#1190700] * Consider approved keylength greater or equal to 112 bits. - FIPS: Zeroize buffer and digest in check_binary_integrity() [bsc#1191020] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3555-1 Released: Mon Oct 10 14:05:12 2022 Summary: Recommended update for aaa_base Type: recommended Severity: important References: 1199492 This update for aaa_base fixes the following issues: - The wrapper rootsh is not a restricted shell. (bsc#1199492) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3663-1 Released: Wed Oct 19 19:05:21 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1121365,1180995,1190651,1190653,1190888,1193859,1198471,1198472,1201293,1202148,1203046,1203069 This update for openssl-1_1 fixes the following issues: - FIPS: Default to RFC-7919 groups for genparam and dhparam - FIPS: list only FIPS approved digest and public key algorithms [bsc#1121365, bsc#1190888, bsc#1193859, bsc#1198471, bsc#1198472] - FIPS: Add KAT for the RAND_DRBG implementation [bsc#1203069] - FIPS: openssl: RAND api should call into FIPS DRBG [bsc#1201293] * The FIPS_drbg implementation is not FIPS validated anymore. To provide backwards compatibility for applications that need FIPS compliant RNG number generation and use FIPS_drbg_generate, this function was re-wired to call the FIPS validated DRBG instance instead through the RAND_bytes() call. - FIPS: Fix minor memory leaks by FIPS patch [bsc#1203046] - FIPS: OpenSSL: Port openssl to use jitterentropy [bsc#1202148, jsc#SLE-24941] libcrypto.so now requires libjitterentropy3 library. - FIPS: OpenSSL Provide a service-level indicator [bsc#1190651] - FIPS: Add zeroization of temporary variables to the hmac integrity function FIPSCHECK_verify(). [bsc#1190653] ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3692-1 Released: Fri Oct 21 16:15:07 2022 Summary: Security update for libxml2 Type: security Severity: important References: 1204366,1204367,CVE-2022-40303,CVE-2022-40304 This update for libxml2 fixes the following issues: - CVE-2022-40303: Fixed integer overflows with XML_PARSE_HUGE (bsc#1204366). - CVE-2022-40304: Fixed dict corruption caused by entity reference cycles (bsc#1204367). The following package changes have been done: - file-magic-5.32-7.14.1 added - system-user-root-20190513-3.3.1 added - filesystem-15.0-11.8.1 added - cracklib-dict-small-2.9.7-11.6.1 added - libldap-data-2.4.46-150200.14.11.2 added - libtirpc-netconfig-1.2.6-150300.3.14.1 added - glibc-2.31-150300.41.1 added - libsasl2-3-2.1.27-150300.4.6.1 added - libcrypt1-4.4.15-150300.4.4.3 added - perl-base-5.26.1-150300.17.11.1 added - libssh-config-0.9.6-150400.1.5 added - libzstd1-1.5.0-150400.1.71 added - libsepol1-3.1-150400.1.70 added - liblz4-1-1.9.3-150400.1.7 added - libgpg-error0-1.42-150400.1.101 added - libeconf0-0.4.4+git20220104.962774f-150400.1.38 added - libcap2-2.63-150400.1.7 added - libbz2-1-1.0.8-150400.1.122 added - libaudit1-3.0.6-150400.2.13 added - libnghttp2-14-1.40.0-6.1 added - libbrotlicommon1-1.0.7-3.3.1 added - libbrotlidec1-1.0.7-3.3.1 added - libuuid1-2.37.2-150400.8.3.1 added - libsmartcols1-2.37.2-150400.8.3.1 added - libcom_err2-1.46.4-150400.3.3.1 added - libblkid1-2.37.2-150400.8.3.1 added - libgcrypt20-1.9.4-150400.6.5.1 added - libgcrypt20-hmac-1.9.4-150400.6.5.1 added - libfdisk1-2.37.2-150400.8.3.1 added - libcap-ng0-0.7.9-4.37 added - libunistring2-0.9.10-1.1 added - libz1-1.2.11-150000.3.33.1 added - libpcre1-8.45-150000.20.13.1 added - liblzma5-5.2.3-150000.4.7.1 added - liblua5_3-5-5.3.6-3.6.1 added - libkeyutils1-1.6.3-5.6.1 added - libjitterentropy3-3.4.0-150000.1.6.1 added - libgmp10-6.1.2-4.9.1 added - libgcc_s1-11.3.0+git1637-150000.1.11.2 added - libidn2-0-2.2.0-3.6.1 added - libmagic1-5.32-7.14.1 added - libstdc++6-11.3.0+git1637-150000.1.11.2 added - libpsl5-0.20.1-150000.3.3.1 added - libncurses6-6.1-150000.5.12.1 added - terminfo-base-6.1-150000.5.12.1 added - ncurses-utils-6.1-150000.5.12.1 added - libverto1-0.2.6-3.20 added - libpopt0-1.16-3.22 added - libattr1-2.4.47-2.19 added - fillup-1.42-2.18 added - libzio1-1.06-2.20 added - libselinux1-3.1-150400.1.69 added - libreadline7-7.0-150400.25.22 added - libsemanage1-3.1-150400.1.65 added - bash-4.4-150400.25.22 added - bash-sh-4.4-150400.25.22 added - login_defs-4.8.1-150400.8.57 added - cpio-2.13-150400.1.98 added - libelf1-0.185-150400.5.3.1 added - libxml2-2-2.9.14-150400.5.10.1 added - libsystemd0-249.12-150400.8.10.1 added - libopenssl1_1-1.1.1l-150400.7.10.5 added - libopenssl1_1-hmac-1.1.1l-150400.7.10.5 added - libmount1-2.37.2-150400.8.3.1 added - libdw1-0.185-150400.5.3.1 added - libcrack2-2.9.7-11.6.1 added - cracklib-2.9.7-11.6.1 added - libldap-2_4-2-2.4.46-150200.14.11.2 added - libacl1-2.2.52-4.3.1 added - findutils-4.8.0-1.20 added - info-6.5-4.17 added - patterns-base-fips-20200124-150400.18.4 added - krb5-1.19.2-150400.1.9 added - coreutils-8.32-150400.7.5 added - libssh4-0.9.6-150400.1.5 added - sles-release-15.4-150400.55.1 added - sed-4.4-11.6 added - grep-3.1-150000.4.6.1 added - diffutils-3.6-4.3.1 added - libtirpc3-1.2.6-150300.3.14.1 added - libcurl4-7.79.1-150400.5.6.1 added - rpm-config-SUSE-1-150400.14.3.1 added - permissions-20201225-150400.5.11.1 added - libnsl2-1.2.0-2.44 added - rpm-ndb-4.14.3-150300.49.1 added - pam-1.3.0-150000.6.58.3 added - shadow-4.8.1-150400.8.57 added - sysuser-shadow-3.1-150400.1.35 added - system-group-hardware-20170617-150400.22.33 added - libutempter0-1.1.6-3.42 added - util-linux-2.37.2-150400.8.3.1 added - aaa_base-84.87+git20180409.04c9dae-150300.10.3.1 added - timezone-2022a-150000.75.10.1 added - container:sles15-image-15.0.0-27.14.5 updated From sle-updates at lists.suse.com Sat Oct 22 07:52:31 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 22 Oct 2022 09:52:31 +0200 (CEST) Subject: SUSE-CU-2022:2633-1: Security update of bci/dotnet-runtime Message-ID: <20221022075231.5F026F78D@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2633-1 Container Tags : bci/dotnet-runtime:3.1 , bci/dotnet-runtime:3.1-48.6 , bci/dotnet-runtime:3.1.30 , bci/dotnet-runtime:3.1.30-48.6 Container Release : 48.6 Severity : important Type : security References : 1121365 1180995 1182983 1190651 1190653 1190700 1190888 1191020 1193859 1198471 1198472 1199492 1201293 1202117 1202148 1202870 1203046 1203069 1204366 1204367 CVE-2022-40303 CVE-2022-40304 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2796-1 Released: Fri Aug 12 14:34:31 2022 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: This update for jitterentropy fixes the following issues: jitterentropy is included in version 3.4.0 (jsc#SLE-24941): This is a FIPS 140-3 / NIST 800-90b compliant userspace jitter entropy generator library, used by other FIPS libraries. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3328-1 Released: Wed Sep 21 12:48:56 2022 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: 1202870 This update for jitterentropy fixes the following issues: - Hide the non-GNUC constructs that are library internal from the exported header, to make it usable in builds with strict C99 compliance. (bsc#1202870) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3551-1 Released: Fri Oct 7 17:03:55 2022 Summary: Recommended update for libgcrypt Type: recommended Severity: moderate References: 1182983,1190700,1191020,1202117 This update for libgcrypt fixes the following issues: - FIPS: Fixed gpg/gpg2 gets out of core handler in FIPS mode while typing Tab key to Auto-Completion. [bsc#1182983] - FIPS: Ported libgcrypt to use jitterentropy [bsc#1202117, jsc#SLE-24941] * Enable the jitter based entropy generator by default in random.conf * Update the internal jitterentropy to version 3.4.0 - FIPS: Get most of the entropy from rndjent_poll [bsc#1202117] - FIPS: Check keylength in gcry_fips_indicator_kdf() [bsc#1190700] * Consider approved keylength greater or equal to 112 bits. - FIPS: Zeroize buffer and digest in check_binary_integrity() [bsc#1191020] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3555-1 Released: Mon Oct 10 14:05:12 2022 Summary: Recommended update for aaa_base Type: recommended Severity: important References: 1199492 This update for aaa_base fixes the following issues: - The wrapper rootsh is not a restricted shell. (bsc#1199492) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3663-1 Released: Wed Oct 19 19:05:21 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1121365,1180995,1190651,1190653,1190888,1193859,1198471,1198472,1201293,1202148,1203046,1203069 This update for openssl-1_1 fixes the following issues: - FIPS: Default to RFC-7919 groups for genparam and dhparam - FIPS: list only FIPS approved digest and public key algorithms [bsc#1121365, bsc#1190888, bsc#1193859, bsc#1198471, bsc#1198472] - FIPS: Add KAT for the RAND_DRBG implementation [bsc#1203069] - FIPS: openssl: RAND api should call into FIPS DRBG [bsc#1201293] * The FIPS_drbg implementation is not FIPS validated anymore. To provide backwards compatibility for applications that need FIPS compliant RNG number generation and use FIPS_drbg_generate, this function was re-wired to call the FIPS validated DRBG instance instead through the RAND_bytes() call. - FIPS: Fix minor memory leaks by FIPS patch [bsc#1203046] - FIPS: OpenSSL: Port openssl to use jitterentropy [bsc#1202148, jsc#SLE-24941] libcrypto.so now requires libjitterentropy3 library. - FIPS: OpenSSL Provide a service-level indicator [bsc#1190651] - FIPS: Add zeroization of temporary variables to the hmac integrity function FIPSCHECK_verify(). [bsc#1190653] ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3692-1 Released: Fri Oct 21 16:15:07 2022 Summary: Security update for libxml2 Type: security Severity: important References: 1204366,1204367,CVE-2022-40303,CVE-2022-40304 This update for libxml2 fixes the following issues: - CVE-2022-40303: Fixed integer overflows with XML_PARSE_HUGE (bsc#1204366). - CVE-2022-40304: Fixed dict corruption caused by entity reference cycles (bsc#1204367). The following package changes have been done: - file-magic-5.32-7.14.1 added - system-user-root-20190513-3.3.1 added - filesystem-15.0-11.8.1 added - cracklib-dict-small-2.9.7-11.6.1 added - libldap-data-2.4.46-150200.14.11.2 added - libtirpc-netconfig-1.2.6-150300.3.14.1 added - glibc-2.31-150300.41.1 added - libsasl2-3-2.1.27-150300.4.6.1 added - libcrypt1-4.4.15-150300.4.4.3 added - perl-base-5.26.1-150300.17.11.1 added - libssh-config-0.9.6-150400.1.5 added - libzstd1-1.5.0-150400.1.71 added - libsepol1-3.1-150400.1.70 added - liblz4-1-1.9.3-150400.1.7 added - libgpg-error0-1.42-150400.1.101 added - libeconf0-0.4.4+git20220104.962774f-150400.1.38 added - libcap2-2.63-150400.1.7 added - libbz2-1-1.0.8-150400.1.122 added - libaudit1-3.0.6-150400.2.13 added - libnghttp2-14-1.40.0-6.1 added - libbrotlicommon1-1.0.7-3.3.1 added - libbrotlidec1-1.0.7-3.3.1 added - libuuid1-2.37.2-150400.8.3.1 added - libsmartcols1-2.37.2-150400.8.3.1 added - libcom_err2-1.46.4-150400.3.3.1 added - libblkid1-2.37.2-150400.8.3.1 added - libgcrypt20-1.9.4-150400.6.5.1 added - libgcrypt20-hmac-1.9.4-150400.6.5.1 added - libfdisk1-2.37.2-150400.8.3.1 added - libcap-ng0-0.7.9-4.37 added - libunistring2-0.9.10-1.1 added - libz1-1.2.11-150000.3.33.1 added - libpcre1-8.45-150000.20.13.1 added - liblzma5-5.2.3-150000.4.7.1 added - liblua5_3-5-5.3.6-3.6.1 added - libkeyutils1-1.6.3-5.6.1 added - libjitterentropy3-3.4.0-150000.1.6.1 added - libgmp10-6.1.2-4.9.1 added - libgcc_s1-11.3.0+git1637-150000.1.11.2 added - libidn2-0-2.2.0-3.6.1 added - libmagic1-5.32-7.14.1 added - libstdc++6-11.3.0+git1637-150000.1.11.2 added - libpsl5-0.20.1-150000.3.3.1 added - libncurses6-6.1-150000.5.12.1 added - terminfo-base-6.1-150000.5.12.1 added - ncurses-utils-6.1-150000.5.12.1 added - libverto1-0.2.6-3.20 added - libpopt0-1.16-3.22 added - libattr1-2.4.47-2.19 added - fillup-1.42-2.18 added - libzio1-1.06-2.20 added - libselinux1-3.1-150400.1.69 added - libreadline7-7.0-150400.25.22 added - libsemanage1-3.1-150400.1.65 added - bash-4.4-150400.25.22 added - bash-sh-4.4-150400.25.22 added - login_defs-4.8.1-150400.8.57 added - cpio-2.13-150400.1.98 added - libelf1-0.185-150400.5.3.1 added - libxml2-2-2.9.14-150400.5.10.1 added - libsystemd0-249.12-150400.8.10.1 added - libopenssl1_1-1.1.1l-150400.7.10.5 added - libopenssl1_1-hmac-1.1.1l-150400.7.10.5 added - libmount1-2.37.2-150400.8.3.1 added - libdw1-0.185-150400.5.3.1 added - libcrack2-2.9.7-11.6.1 added - cracklib-2.9.7-11.6.1 added - libldap-2_4-2-2.4.46-150200.14.11.2 added - libacl1-2.2.52-4.3.1 added - findutils-4.8.0-1.20 added - info-6.5-4.17 added - patterns-base-fips-20200124-150400.18.4 added - krb5-1.19.2-150400.1.9 added - coreutils-8.32-150400.7.5 added - libssh4-0.9.6-150400.1.5 added - sles-release-15.4-150400.55.1 added - sed-4.4-11.6 added - grep-3.1-150000.4.6.1 added - diffutils-3.6-4.3.1 added - libtirpc3-1.2.6-150300.3.14.1 added - libcurl4-7.79.1-150400.5.6.1 added - rpm-config-SUSE-1-150400.14.3.1 added - permissions-20201225-150400.5.11.1 added - libnsl2-1.2.0-2.44 added - rpm-ndb-4.14.3-150300.49.1 added - pam-1.3.0-150000.6.58.3 added - shadow-4.8.1-150400.8.57 added - sysuser-shadow-3.1-150400.1.35 added - system-group-hardware-20170617-150400.22.33 added - libutempter0-1.1.6-3.42 added - util-linux-2.37.2-150400.8.3.1 added - aaa_base-84.87+git20180409.04c9dae-150300.10.3.1 added - timezone-2022a-150000.75.10.1 added - container:sles15-image-15.0.0-27.14.5 updated From sle-updates at lists.suse.com Sat Oct 22 07:53:39 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 22 Oct 2022 09:53:39 +0200 (CEST) Subject: SUSE-CU-2022:2634-1: Security update of bci/dotnet-runtime Message-ID: <20221022075339.E51D3F78D@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2634-1 Container Tags : bci/dotnet-runtime:5.0 , bci/dotnet-runtime:5.0-34.22 , bci/dotnet-runtime:5.0.17 , bci/dotnet-runtime:5.0.17-34.22 Container Release : 34.22 Severity : important Type : security References : 1121365 1180995 1182983 1190651 1190653 1190700 1190888 1191020 1193859 1198471 1198472 1199492 1201293 1202117 1202148 1202870 1203046 1203069 1204366 1204367 CVE-2022-40303 CVE-2022-40304 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2796-1 Released: Fri Aug 12 14:34:31 2022 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: This update for jitterentropy fixes the following issues: jitterentropy is included in version 3.4.0 (jsc#SLE-24941): This is a FIPS 140-3 / NIST 800-90b compliant userspace jitter entropy generator library, used by other FIPS libraries. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3328-1 Released: Wed Sep 21 12:48:56 2022 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: 1202870 This update for jitterentropy fixes the following issues: - Hide the non-GNUC constructs that are library internal from the exported header, to make it usable in builds with strict C99 compliance. (bsc#1202870) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3551-1 Released: Fri Oct 7 17:03:55 2022 Summary: Recommended update for libgcrypt Type: recommended Severity: moderate References: 1182983,1190700,1191020,1202117 This update for libgcrypt fixes the following issues: - FIPS: Fixed gpg/gpg2 gets out of core handler in FIPS mode while typing Tab key to Auto-Completion. [bsc#1182983] - FIPS: Ported libgcrypt to use jitterentropy [bsc#1202117, jsc#SLE-24941] * Enable the jitter based entropy generator by default in random.conf * Update the internal jitterentropy to version 3.4.0 - FIPS: Get most of the entropy from rndjent_poll [bsc#1202117] - FIPS: Check keylength in gcry_fips_indicator_kdf() [bsc#1190700] * Consider approved keylength greater or equal to 112 bits. - FIPS: Zeroize buffer and digest in check_binary_integrity() [bsc#1191020] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3555-1 Released: Mon Oct 10 14:05:12 2022 Summary: Recommended update for aaa_base Type: recommended Severity: important References: 1199492 This update for aaa_base fixes the following issues: - The wrapper rootsh is not a restricted shell. (bsc#1199492) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3663-1 Released: Wed Oct 19 19:05:21 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1121365,1180995,1190651,1190653,1190888,1193859,1198471,1198472,1201293,1202148,1203046,1203069 This update for openssl-1_1 fixes the following issues: - FIPS: Default to RFC-7919 groups for genparam and dhparam - FIPS: list only FIPS approved digest and public key algorithms [bsc#1121365, bsc#1190888, bsc#1193859, bsc#1198471, bsc#1198472] - FIPS: Add KAT for the RAND_DRBG implementation [bsc#1203069] - FIPS: openssl: RAND api should call into FIPS DRBG [bsc#1201293] * The FIPS_drbg implementation is not FIPS validated anymore. To provide backwards compatibility for applications that need FIPS compliant RNG number generation and use FIPS_drbg_generate, this function was re-wired to call the FIPS validated DRBG instance instead through the RAND_bytes() call. - FIPS: Fix minor memory leaks by FIPS patch [bsc#1203046] - FIPS: OpenSSL: Port openssl to use jitterentropy [bsc#1202148, jsc#SLE-24941] libcrypto.so now requires libjitterentropy3 library. - FIPS: OpenSSL Provide a service-level indicator [bsc#1190651] - FIPS: Add zeroization of temporary variables to the hmac integrity function FIPSCHECK_verify(). [bsc#1190653] ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3692-1 Released: Fri Oct 21 16:15:07 2022 Summary: Security update for libxml2 Type: security Severity: important References: 1204366,1204367,CVE-2022-40303,CVE-2022-40304 This update for libxml2 fixes the following issues: - CVE-2022-40303: Fixed integer overflows with XML_PARSE_HUGE (bsc#1204366). - CVE-2022-40304: Fixed dict corruption caused by entity reference cycles (bsc#1204367). The following package changes have been done: - file-magic-5.32-7.14.1 added - system-user-root-20190513-3.3.1 added - filesystem-15.0-11.8.1 added - cracklib-dict-small-2.9.7-11.6.1 added - libldap-data-2.4.46-150200.14.11.2 added - libtirpc-netconfig-1.2.6-150300.3.14.1 added - glibc-2.31-150300.41.1 added - libsasl2-3-2.1.27-150300.4.6.1 added - libcrypt1-4.4.15-150300.4.4.3 added - perl-base-5.26.1-150300.17.11.1 added - libssh-config-0.9.6-150400.1.5 added - libzstd1-1.5.0-150400.1.71 added - libsepol1-3.1-150400.1.70 added - liblz4-1-1.9.3-150400.1.7 added - libgpg-error0-1.42-150400.1.101 added - libeconf0-0.4.4+git20220104.962774f-150400.1.38 added - libcap2-2.63-150400.1.7 added - libbz2-1-1.0.8-150400.1.122 added - libaudit1-3.0.6-150400.2.13 added - libnghttp2-14-1.40.0-6.1 added - libbrotlicommon1-1.0.7-3.3.1 added - libbrotlidec1-1.0.7-3.3.1 added - libuuid1-2.37.2-150400.8.3.1 added - libsmartcols1-2.37.2-150400.8.3.1 added - libcom_err2-1.46.4-150400.3.3.1 added - libblkid1-2.37.2-150400.8.3.1 added - libgcrypt20-1.9.4-150400.6.5.1 added - libgcrypt20-hmac-1.9.4-150400.6.5.1 added - libfdisk1-2.37.2-150400.8.3.1 added - libcap-ng0-0.7.9-4.37 added - libunistring2-0.9.10-1.1 added - libz1-1.2.11-150000.3.33.1 added - libpcre1-8.45-150000.20.13.1 added - liblzma5-5.2.3-150000.4.7.1 added - liblua5_3-5-5.3.6-3.6.1 added - libkeyutils1-1.6.3-5.6.1 added - libjitterentropy3-3.4.0-150000.1.6.1 added - libgmp10-6.1.2-4.9.1 added - libgcc_s1-11.3.0+git1637-150000.1.11.2 added - libidn2-0-2.2.0-3.6.1 added - libmagic1-5.32-7.14.1 added - libstdc++6-11.3.0+git1637-150000.1.11.2 added - libpsl5-0.20.1-150000.3.3.1 added - libncurses6-6.1-150000.5.12.1 added - terminfo-base-6.1-150000.5.12.1 added - ncurses-utils-6.1-150000.5.12.1 added - libverto1-0.2.6-3.20 added - libpopt0-1.16-3.22 added - libattr1-2.4.47-2.19 added - fillup-1.42-2.18 added - libzio1-1.06-2.20 added - libselinux1-3.1-150400.1.69 added - libreadline7-7.0-150400.25.22 added - libsemanage1-3.1-150400.1.65 added - bash-4.4-150400.25.22 added - bash-sh-4.4-150400.25.22 added - login_defs-4.8.1-150400.8.57 added - cpio-2.13-150400.1.98 added - libelf1-0.185-150400.5.3.1 added - libxml2-2-2.9.14-150400.5.10.1 added - libsystemd0-249.12-150400.8.10.1 added - libopenssl1_1-1.1.1l-150400.7.10.5 added - libopenssl1_1-hmac-1.1.1l-150400.7.10.5 added - libmount1-2.37.2-150400.8.3.1 added - libdw1-0.185-150400.5.3.1 added - libcrack2-2.9.7-11.6.1 added - cracklib-2.9.7-11.6.1 added - libldap-2_4-2-2.4.46-150200.14.11.2 added - libacl1-2.2.52-4.3.1 added - findutils-4.8.0-1.20 added - info-6.5-4.17 added - patterns-base-fips-20200124-150400.18.4 added - krb5-1.19.2-150400.1.9 added - coreutils-8.32-150400.7.5 added - libssh4-0.9.6-150400.1.5 added - sles-release-15.4-150400.55.1 added - sed-4.4-11.6 added - grep-3.1-150000.4.6.1 added - diffutils-3.6-4.3.1 added - libtirpc3-1.2.6-150300.3.14.1 added - libcurl4-7.79.1-150400.5.6.1 added - rpm-config-SUSE-1-150400.14.3.1 added - permissions-20201225-150400.5.11.1 added - libnsl2-1.2.0-2.44 added - rpm-ndb-4.14.3-150300.49.1 added - pam-1.3.0-150000.6.58.3 added - shadow-4.8.1-150400.8.57 added - sysuser-shadow-3.1-150400.1.35 added - system-group-hardware-20170617-150400.22.33 added - libutempter0-1.1.6-3.42 added - util-linux-2.37.2-150400.8.3.1 added - aaa_base-84.87+git20180409.04c9dae-150300.10.3.1 added - timezone-2022a-150000.75.10.1 added - container:sles15-image-15.0.0-27.14.5 updated From sle-updates at lists.suse.com Sat Oct 22 07:54:47 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 22 Oct 2022 09:54:47 +0200 (CEST) Subject: SUSE-CU-2022:2635-1: Security update of bci/dotnet-runtime Message-ID: <20221022075447.764ACF78D@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2635-1 Container Tags : bci/dotnet-runtime:6.0 , bci/dotnet-runtime:6.0-21.22 , bci/dotnet-runtime:6.0.9 , bci/dotnet-runtime:6.0.9-21.22 Container Release : 21.22 Severity : important Type : security References : 1121365 1180995 1182983 1190651 1190653 1190700 1190888 1191020 1193859 1198471 1198472 1199492 1201293 1202117 1202148 1202870 1203046 1203069 1204366 1204367 CVE-2022-40303 CVE-2022-40304 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2796-1 Released: Fri Aug 12 14:34:31 2022 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: This update for jitterentropy fixes the following issues: jitterentropy is included in version 3.4.0 (jsc#SLE-24941): This is a FIPS 140-3 / NIST 800-90b compliant userspace jitter entropy generator library, used by other FIPS libraries. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3328-1 Released: Wed Sep 21 12:48:56 2022 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: 1202870 This update for jitterentropy fixes the following issues: - Hide the non-GNUC constructs that are library internal from the exported header, to make it usable in builds with strict C99 compliance. (bsc#1202870) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3551-1 Released: Fri Oct 7 17:03:55 2022 Summary: Recommended update for libgcrypt Type: recommended Severity: moderate References: 1182983,1190700,1191020,1202117 This update for libgcrypt fixes the following issues: - FIPS: Fixed gpg/gpg2 gets out of core handler in FIPS mode while typing Tab key to Auto-Completion. [bsc#1182983] - FIPS: Ported libgcrypt to use jitterentropy [bsc#1202117, jsc#SLE-24941] * Enable the jitter based entropy generator by default in random.conf * Update the internal jitterentropy to version 3.4.0 - FIPS: Get most of the entropy from rndjent_poll [bsc#1202117] - FIPS: Check keylength in gcry_fips_indicator_kdf() [bsc#1190700] * Consider approved keylength greater or equal to 112 bits. - FIPS: Zeroize buffer and digest in check_binary_integrity() [bsc#1191020] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3555-1 Released: Mon Oct 10 14:05:12 2022 Summary: Recommended update for aaa_base Type: recommended Severity: important References: 1199492 This update for aaa_base fixes the following issues: - The wrapper rootsh is not a restricted shell. (bsc#1199492) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3663-1 Released: Wed Oct 19 19:05:21 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1121365,1180995,1190651,1190653,1190888,1193859,1198471,1198472,1201293,1202148,1203046,1203069 This update for openssl-1_1 fixes the following issues: - FIPS: Default to RFC-7919 groups for genparam and dhparam - FIPS: list only FIPS approved digest and public key algorithms [bsc#1121365, bsc#1190888, bsc#1193859, bsc#1198471, bsc#1198472] - FIPS: Add KAT for the RAND_DRBG implementation [bsc#1203069] - FIPS: openssl: RAND api should call into FIPS DRBG [bsc#1201293] * The FIPS_drbg implementation is not FIPS validated anymore. To provide backwards compatibility for applications that need FIPS compliant RNG number generation and use FIPS_drbg_generate, this function was re-wired to call the FIPS validated DRBG instance instead through the RAND_bytes() call. - FIPS: Fix minor memory leaks by FIPS patch [bsc#1203046] - FIPS: OpenSSL: Port openssl to use jitterentropy [bsc#1202148, jsc#SLE-24941] libcrypto.so now requires libjitterentropy3 library. - FIPS: OpenSSL Provide a service-level indicator [bsc#1190651] - FIPS: Add zeroization of temporary variables to the hmac integrity function FIPSCHECK_verify(). [bsc#1190653] ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3692-1 Released: Fri Oct 21 16:15:07 2022 Summary: Security update for libxml2 Type: security Severity: important References: 1204366,1204367,CVE-2022-40303,CVE-2022-40304 This update for libxml2 fixes the following issues: - CVE-2022-40303: Fixed integer overflows with XML_PARSE_HUGE (bsc#1204366). - CVE-2022-40304: Fixed dict corruption caused by entity reference cycles (bsc#1204367). The following package changes have been done: - file-magic-5.32-7.14.1 added - system-user-root-20190513-3.3.1 added - filesystem-15.0-11.8.1 added - cracklib-dict-small-2.9.7-11.6.1 added - libldap-data-2.4.46-150200.14.11.2 added - libtirpc-netconfig-1.2.6-150300.3.14.1 added - glibc-2.31-150300.41.1 added - libsasl2-3-2.1.27-150300.4.6.1 added - libcrypt1-4.4.15-150300.4.4.3 added - perl-base-5.26.1-150300.17.11.1 added - libssh-config-0.9.6-150400.1.5 added - libzstd1-1.5.0-150400.1.71 added - libsepol1-3.1-150400.1.70 added - liblz4-1-1.9.3-150400.1.7 added - libgpg-error0-1.42-150400.1.101 added - libeconf0-0.4.4+git20220104.962774f-150400.1.38 added - libcap2-2.63-150400.1.7 added - libbz2-1-1.0.8-150400.1.122 added - libaudit1-3.0.6-150400.2.13 added - libnghttp2-14-1.40.0-6.1 added - libbrotlicommon1-1.0.7-3.3.1 added - libbrotlidec1-1.0.7-3.3.1 added - libuuid1-2.37.2-150400.8.3.1 added - libsmartcols1-2.37.2-150400.8.3.1 added - libcom_err2-1.46.4-150400.3.3.1 added - libblkid1-2.37.2-150400.8.3.1 added - libgcrypt20-1.9.4-150400.6.5.1 added - libgcrypt20-hmac-1.9.4-150400.6.5.1 added - libfdisk1-2.37.2-150400.8.3.1 added - libcap-ng0-0.7.9-4.37 added - libunistring2-0.9.10-1.1 added - libz1-1.2.11-150000.3.33.1 added - libpcre1-8.45-150000.20.13.1 added - liblzma5-5.2.3-150000.4.7.1 added - liblua5_3-5-5.3.6-3.6.1 added - libkeyutils1-1.6.3-5.6.1 added - libjitterentropy3-3.4.0-150000.1.6.1 added - libgmp10-6.1.2-4.9.1 added - libgcc_s1-11.3.0+git1637-150000.1.11.2 added - libidn2-0-2.2.0-3.6.1 added - libmagic1-5.32-7.14.1 added - libstdc++6-11.3.0+git1637-150000.1.11.2 added - libpsl5-0.20.1-150000.3.3.1 added - libncurses6-6.1-150000.5.12.1 added - terminfo-base-6.1-150000.5.12.1 added - ncurses-utils-6.1-150000.5.12.1 added - libverto1-0.2.6-3.20 added - libpopt0-1.16-3.22 added - libattr1-2.4.47-2.19 added - fillup-1.42-2.18 added - libzio1-1.06-2.20 added - libselinux1-3.1-150400.1.69 added - libreadline7-7.0-150400.25.22 added - libsemanage1-3.1-150400.1.65 added - bash-4.4-150400.25.22 added - bash-sh-4.4-150400.25.22 added - login_defs-4.8.1-150400.8.57 added - cpio-2.13-150400.1.98 added - libelf1-0.185-150400.5.3.1 added - libxml2-2-2.9.14-150400.5.10.1 added - libsystemd0-249.12-150400.8.10.1 added - libopenssl1_1-1.1.1l-150400.7.10.5 added - libopenssl1_1-hmac-1.1.1l-150400.7.10.5 added - libmount1-2.37.2-150400.8.3.1 added - libdw1-0.185-150400.5.3.1 added - libcrack2-2.9.7-11.6.1 added - cracklib-2.9.7-11.6.1 added - libldap-2_4-2-2.4.46-150200.14.11.2 added - libacl1-2.2.52-4.3.1 added - findutils-4.8.0-1.20 added - info-6.5-4.17 added - patterns-base-fips-20200124-150400.18.4 added - krb5-1.19.2-150400.1.9 added - coreutils-8.32-150400.7.5 added - libssh4-0.9.6-150400.1.5 added - sles-release-15.4-150400.55.1 added - sed-4.4-11.6 added - grep-3.1-150000.4.6.1 added - diffutils-3.6-4.3.1 added - libtirpc3-1.2.6-150300.3.14.1 added - libcurl4-7.79.1-150400.5.6.1 added - rpm-config-SUSE-1-150400.14.3.1 added - permissions-20201225-150400.5.11.1 added - libnsl2-1.2.0-2.44 added - rpm-ndb-4.14.3-150300.49.1 added - pam-1.3.0-150000.6.58.3 added - shadow-4.8.1-150400.8.57 added - sysuser-shadow-3.1-150400.1.35 added - system-group-hardware-20170617-150400.22.33 added - libutempter0-1.1.6-3.42 added - util-linux-2.37.2-150400.8.3.1 added - aaa_base-84.87+git20180409.04c9dae-150300.10.3.1 added - timezone-2022a-150000.75.10.1 added - container:sles15-image-15.0.0-27.14.5 updated From sle-updates at lists.suse.com Sat Oct 22 07:55:56 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 22 Oct 2022 09:55:56 +0200 (CEST) Subject: SUSE-CU-2022:2636-1: Security update of suse/sle15 Message-ID: <20221022075556.A77FCF78D@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2636-1 Container Tags : bci/bci-base:15.4 , bci/bci-base:15.4.27.14.5 , suse/sle15:15.4 , suse/sle15:15.4.27.14.5 Container Release : 27.14.5 Severity : critical Type : security References : 1204357 1204366 1204367 CVE-2022-3515 CVE-2022-40303 CVE-2022-40304 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3683-1 Released: Fri Oct 21 11:48:39 2022 Summary: Security update for libksba Type: security Severity: critical References: 1204357,CVE-2022-3515 This update for libksba fixes the following issues: - CVE-2022-3515: Fixed a possible overflow in the TLV parser (bsc#1204357). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3692-1 Released: Fri Oct 21 16:15:07 2022 Summary: Security update for libxml2 Type: security Severity: important References: 1204366,1204367,CVE-2022-40303,CVE-2022-40304 This update for libxml2 fixes the following issues: - CVE-2022-40303: Fixed integer overflows with XML_PARSE_HUGE (bsc#1204366). - CVE-2022-40304: Fixed dict corruption caused by entity reference cycles (bsc#1204367). The following package changes have been done: - libksba8-1.3.5-150000.4.3.1 updated - libxml2-2-2.9.14-150400.5.10.1 updated From sle-updates at lists.suse.com Sat Oct 22 13:19:13 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 22 Oct 2022 15:19:13 +0200 (CEST) Subject: SUSE-SU-2022:3693-1: important: Security update for the Linux Kernel Message-ID: <20221022131913.388C1FBAE@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3693-1 Rating: important References: #1199564 #1200288 #1201309 #1202677 #1202960 #1203552 #1203769 #1203987 PED-529 Cross-References: CVE-2022-20008 CVE-2022-2503 CVE-2022-32296 CVE-2022-3239 CVE-2022-3303 CVE-2022-41218 CVE-2022-41848 CVSS scores: CVE-2022-20008 (NVD) : 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2022-20008 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2022-2503 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-2503 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-32296 (NVD) : 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2022-32296 (SUSE): 5.3 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-3239 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3239 (SUSE): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-3303 (NVD) : 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3303 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2022-41218 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-41218 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-41848 (NVD) : 4.2 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-41848 (SUSE): 6.4 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Linux Enterprise High Availability 15-SP1 SUSE Linux Enterprise High Performance Computing 15-SP1 SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise Module for Live Patching 15-SP1 SUSE Linux Enterprise Server 15-SP1 SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP Applications 15-SP1 SUSE Linux Enterprise Storage 6 SUSE Manager Proxy 4.0 SUSE Manager Retail Branch Server 4.0 SUSE Manager Server 4.0 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that solves 7 vulnerabilities, contains one feature and has one errata is now available. Description: The SUSE Linux Enterprise 15-SP1 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-20008: Fixed local information disclosure due to possibility to read kernel heap memory via mmc_blk_read_single of block.c (bnc#1199564). - CVE-2022-2503: Fixed a vulnerability that allowed root to bypass LoadPin and load untrusted and unverified kernel modules and firmware (bnc#1202677). - CVE-2022-32296: Fixed vulnerability where TCP servers were allowed to identify clients by observing what source ports are used (bnc#1200288). - CVE-2022-3239: Fixed an use-after-free in the video4linux driver that could lead a local user to able to crash the system or escalate their privileges (bnc#1203552). - CVE-2022-3303: Fixed a race condition in the sound subsystem due to improper locking (bnc#1203769). - CVE-2022-41218: Fixed an use-after-free caused by refcount races in drivers/media/dvb-core/dmxdev.c (bnc#1202960). - CVE-2022-41848: Fixed a race condition in drivers/char/pcmcia/synclink_cs.c mgslpc_ioctl and mgslpc_detach (bnc#1203987). The following non-security bugs were fixed: - dtb: Do not include sources in src.rpm - refer to kernel-source Same as other kernel binary packages there is no need to carry duplicate sources in dtb packages. - mkspec: eliminate @NOSOURCE@ macro This should be alsways used with @SOURCES@, just include the content there. - net: mana: Add rmb after checking owner bits (git-fixes). - net: mana: Add the Linux MANA PF driver (bnc#1201309, jsc#PED-529). - x86/bugs: Reenable retbleed=off While for older kernels the return thunks are statically built in and cannot be dynamically patched out, retbleed=off should still be possible to do so that the mitigation can still be disabled on Intel who do not use the return thunks but IBRS. Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3693=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-3693=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-3693=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-3693=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-3693=1 - SUSE Linux Enterprise Module for Live Patching 15-SP1: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2022-3693=1 Please note that this is the initial kernel livepatch without fixes itself, this livepatch package is later updated by seperate standalone livepatch updates. - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-3693=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-3693=1 - SUSE Linux Enterprise High Availability 15-SP1: zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2022-3693=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-3693=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): kernel-default-base-debuginfo-4.12.14-150100.197.126.1 kernel-vanilla-4.12.14-150100.197.126.1 kernel-vanilla-base-4.12.14-150100.197.126.1 kernel-vanilla-base-debuginfo-4.12.14-150100.197.126.1 kernel-vanilla-debuginfo-4.12.14-150100.197.126.1 kernel-vanilla-debugsource-4.12.14-150100.197.126.1 kernel-vanilla-devel-4.12.14-150100.197.126.1 kernel-vanilla-devel-debuginfo-4.12.14-150100.197.126.1 kernel-vanilla-livepatch-devel-4.12.14-150100.197.126.1 - openSUSE Leap 15.4 (ppc64le x86_64): kernel-debug-base-4.12.14-150100.197.126.1 kernel-debug-base-debuginfo-4.12.14-150100.197.126.1 - openSUSE Leap 15.4 (x86_64): kernel-kvmsmall-base-4.12.14-150100.197.126.1 kernel-kvmsmall-base-debuginfo-4.12.14-150100.197.126.1 - openSUSE Leap 15.4 (s390x): kernel-default-man-4.12.14-150100.197.126.1 kernel-zfcpdump-man-4.12.14-150100.197.126.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): kernel-default-base-debuginfo-4.12.14-150100.197.126.1 kernel-vanilla-4.12.14-150100.197.126.1 kernel-vanilla-base-4.12.14-150100.197.126.1 kernel-vanilla-base-debuginfo-4.12.14-150100.197.126.1 kernel-vanilla-debuginfo-4.12.14-150100.197.126.1 kernel-vanilla-debugsource-4.12.14-150100.197.126.1 kernel-vanilla-devel-4.12.14-150100.197.126.1 kernel-vanilla-devel-debuginfo-4.12.14-150100.197.126.1 kernel-vanilla-livepatch-devel-4.12.14-150100.197.126.1 - openSUSE Leap 15.3 (ppc64le x86_64): kernel-debug-base-4.12.14-150100.197.126.1 kernel-debug-base-debuginfo-4.12.14-150100.197.126.1 - openSUSE Leap 15.3 (x86_64): kernel-kvmsmall-base-4.12.14-150100.197.126.1 kernel-kvmsmall-base-debuginfo-4.12.14-150100.197.126.1 - openSUSE Leap 15.3 (s390x): kernel-default-man-4.12.14-150100.197.126.1 kernel-zfcpdump-man-4.12.14-150100.197.126.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): kernel-default-4.12.14-150100.197.126.1 kernel-default-base-4.12.14-150100.197.126.1 kernel-default-base-debuginfo-4.12.14-150100.197.126.1 kernel-default-debuginfo-4.12.14-150100.197.126.1 kernel-default-debugsource-4.12.14-150100.197.126.1 kernel-default-devel-4.12.14-150100.197.126.1 kernel-default-devel-debuginfo-4.12.14-150100.197.126.1 kernel-obs-build-4.12.14-150100.197.126.1 kernel-obs-build-debugsource-4.12.14-150100.197.126.1 kernel-syms-4.12.14-150100.197.126.1 reiserfs-kmp-default-4.12.14-150100.197.126.1 reiserfs-kmp-default-debuginfo-4.12.14-150100.197.126.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (noarch): kernel-devel-4.12.14-150100.197.126.1 kernel-docs-4.12.14-150100.197.126.1 kernel-macros-4.12.14-150100.197.126.1 kernel-source-4.12.14-150100.197.126.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): kernel-default-4.12.14-150100.197.126.1 kernel-default-base-4.12.14-150100.197.126.1 kernel-default-base-debuginfo-4.12.14-150100.197.126.1 kernel-default-debuginfo-4.12.14-150100.197.126.1 kernel-default-debugsource-4.12.14-150100.197.126.1 kernel-default-devel-4.12.14-150100.197.126.1 kernel-default-devel-debuginfo-4.12.14-150100.197.126.1 kernel-obs-build-4.12.14-150100.197.126.1 kernel-obs-build-debugsource-4.12.14-150100.197.126.1 kernel-syms-4.12.14-150100.197.126.1 reiserfs-kmp-default-4.12.14-150100.197.126.1 reiserfs-kmp-default-debuginfo-4.12.14-150100.197.126.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (noarch): kernel-devel-4.12.14-150100.197.126.1 kernel-docs-4.12.14-150100.197.126.1 kernel-macros-4.12.14-150100.197.126.1 kernel-source-4.12.14-150100.197.126.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (s390x): kernel-default-man-4.12.14-150100.197.126.1 kernel-zfcpdump-debuginfo-4.12.14-150100.197.126.1 kernel-zfcpdump-debugsource-4.12.14-150100.197.126.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): kernel-default-4.12.14-150100.197.126.1 kernel-default-base-4.12.14-150100.197.126.1 kernel-default-base-debuginfo-4.12.14-150100.197.126.1 kernel-default-debuginfo-4.12.14-150100.197.126.1 kernel-default-debugsource-4.12.14-150100.197.126.1 kernel-default-devel-4.12.14-150100.197.126.1 kernel-default-devel-debuginfo-4.12.14-150100.197.126.1 kernel-obs-build-4.12.14-150100.197.126.1 kernel-obs-build-debugsource-4.12.14-150100.197.126.1 kernel-syms-4.12.14-150100.197.126.1 reiserfs-kmp-default-4.12.14-150100.197.126.1 reiserfs-kmp-default-debuginfo-4.12.14-150100.197.126.1 - SUSE Linux Enterprise Server 15-SP1-BCL (noarch): kernel-devel-4.12.14-150100.197.126.1 kernel-docs-4.12.14-150100.197.126.1 kernel-macros-4.12.14-150100.197.126.1 kernel-source-4.12.14-150100.197.126.1 - SUSE Linux Enterprise Module for Live Patching 15-SP1 (ppc64le x86_64): kernel-default-debuginfo-4.12.14-150100.197.126.1 kernel-default-debugsource-4.12.14-150100.197.126.1 kernel-default-livepatch-4.12.14-150100.197.126.1 kernel-default-livepatch-devel-4.12.14-150100.197.126.1 kernel-livepatch-4_12_14-150100_197_126-default-1-150100.3.3.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): kernel-default-4.12.14-150100.197.126.1 kernel-default-base-4.12.14-150100.197.126.1 kernel-default-base-debuginfo-4.12.14-150100.197.126.1 kernel-default-debuginfo-4.12.14-150100.197.126.1 kernel-default-debugsource-4.12.14-150100.197.126.1 kernel-default-devel-4.12.14-150100.197.126.1 kernel-default-devel-debuginfo-4.12.14-150100.197.126.1 kernel-obs-build-4.12.14-150100.197.126.1 kernel-obs-build-debugsource-4.12.14-150100.197.126.1 kernel-syms-4.12.14-150100.197.126.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch): kernel-devel-4.12.14-150100.197.126.1 kernel-docs-4.12.14-150100.197.126.1 kernel-macros-4.12.14-150100.197.126.1 kernel-source-4.12.14-150100.197.126.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): kernel-default-4.12.14-150100.197.126.1 kernel-default-base-4.12.14-150100.197.126.1 kernel-default-base-debuginfo-4.12.14-150100.197.126.1 kernel-default-debuginfo-4.12.14-150100.197.126.1 kernel-default-debugsource-4.12.14-150100.197.126.1 kernel-default-devel-4.12.14-150100.197.126.1 kernel-default-devel-debuginfo-4.12.14-150100.197.126.1 kernel-obs-build-4.12.14-150100.197.126.1 kernel-obs-build-debugsource-4.12.14-150100.197.126.1 kernel-syms-4.12.14-150100.197.126.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (noarch): kernel-devel-4.12.14-150100.197.126.1 kernel-docs-4.12.14-150100.197.126.1 kernel-macros-4.12.14-150100.197.126.1 kernel-source-4.12.14-150100.197.126.1 - SUSE Linux Enterprise High Availability 15-SP1 (aarch64 ppc64le s390x x86_64): cluster-md-kmp-default-4.12.14-150100.197.126.1 cluster-md-kmp-default-debuginfo-4.12.14-150100.197.126.1 dlm-kmp-default-4.12.14-150100.197.126.1 dlm-kmp-default-debuginfo-4.12.14-150100.197.126.1 gfs2-kmp-default-4.12.14-150100.197.126.1 gfs2-kmp-default-debuginfo-4.12.14-150100.197.126.1 kernel-default-debuginfo-4.12.14-150100.197.126.1 kernel-default-debugsource-4.12.14-150100.197.126.1 ocfs2-kmp-default-4.12.14-150100.197.126.1 ocfs2-kmp-default-debuginfo-4.12.14-150100.197.126.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): kernel-default-4.12.14-150100.197.126.1 kernel-default-base-4.12.14-150100.197.126.1 kernel-default-base-debuginfo-4.12.14-150100.197.126.1 kernel-default-debuginfo-4.12.14-150100.197.126.1 kernel-default-debugsource-4.12.14-150100.197.126.1 kernel-default-devel-4.12.14-150100.197.126.1 kernel-default-devel-debuginfo-4.12.14-150100.197.126.1 kernel-obs-build-4.12.14-150100.197.126.1 kernel-obs-build-debugsource-4.12.14-150100.197.126.1 kernel-syms-4.12.14-150100.197.126.1 reiserfs-kmp-default-4.12.14-150100.197.126.1 reiserfs-kmp-default-debuginfo-4.12.14-150100.197.126.1 - SUSE Enterprise Storage 6 (noarch): kernel-devel-4.12.14-150100.197.126.1 kernel-docs-4.12.14-150100.197.126.1 kernel-macros-4.12.14-150100.197.126.1 kernel-source-4.12.14-150100.197.126.1 - SUSE CaaS Platform 4.0 (noarch): kernel-devel-4.12.14-150100.197.126.1 kernel-docs-4.12.14-150100.197.126.1 kernel-macros-4.12.14-150100.197.126.1 kernel-source-4.12.14-150100.197.126.1 - SUSE CaaS Platform 4.0 (x86_64): kernel-default-4.12.14-150100.197.126.1 kernel-default-base-4.12.14-150100.197.126.1 kernel-default-base-debuginfo-4.12.14-150100.197.126.1 kernel-default-debuginfo-4.12.14-150100.197.126.1 kernel-default-debugsource-4.12.14-150100.197.126.1 kernel-default-devel-4.12.14-150100.197.126.1 kernel-default-devel-debuginfo-4.12.14-150100.197.126.1 kernel-obs-build-4.12.14-150100.197.126.1 kernel-obs-build-debugsource-4.12.14-150100.197.126.1 kernel-syms-4.12.14-150100.197.126.1 reiserfs-kmp-default-4.12.14-150100.197.126.1 reiserfs-kmp-default-debuginfo-4.12.14-150100.197.126.1 References: https://www.suse.com/security/cve/CVE-2022-20008.html https://www.suse.com/security/cve/CVE-2022-2503.html https://www.suse.com/security/cve/CVE-2022-32296.html https://www.suse.com/security/cve/CVE-2022-3239.html https://www.suse.com/security/cve/CVE-2022-3303.html https://www.suse.com/security/cve/CVE-2022-41218.html https://www.suse.com/security/cve/CVE-2022-41848.html https://bugzilla.suse.com/1199564 https://bugzilla.suse.com/1200288 https://bugzilla.suse.com/1201309 https://bugzilla.suse.com/1202677 https://bugzilla.suse.com/1202960 https://bugzilla.suse.com/1203552 https://bugzilla.suse.com/1203769 https://bugzilla.suse.com/1203987 From sle-updates at lists.suse.com Sun Oct 23 07:43:17 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 23 Oct 2022 09:43:17 +0200 (CEST) Subject: SUSE-CU-2022:2639-1: Security update of suse/sle15 Message-ID: <20221023074317.D1648F78D@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2639-1 Container Tags : suse/sle15:15.0 , suse/sle15:15.0.4.22.628 Container Release : 4.22.628 Severity : critical Type : security References : 1204357 CVE-2022-3515 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3683-1 Released: Fri Oct 21 11:48:39 2022 Summary: Security update for libksba Type: security Severity: critical References: 1204357,CVE-2022-3515 This update for libksba fixes the following issues: - CVE-2022-3515: Fixed a possible overflow in the TLV parser (bsc#1204357). The following package changes have been done: - libksba8-1.3.5-150000.4.3.1 updated From sle-updates at lists.suse.com Sun Oct 23 08:02:58 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 23 Oct 2022 10:02:58 +0200 (CEST) Subject: SUSE-CU-2022:2640-1: Security update of suse/sle15 Message-ID: <20221023080258.85CD2F78D@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2640-1 Container Tags : suse/sle15:15.1 , suse/sle15:15.1.6.2.690 Container Release : 6.2.690 Severity : critical Type : security References : 1204357 CVE-2022-3515 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3683-1 Released: Fri Oct 21 11:48:39 2022 Summary: Security update for libksba Type: security Severity: critical References: 1204357,CVE-2022-3515 This update for libksba fixes the following issues: - CVE-2022-3515: Fixed a possible overflow in the TLV parser (bsc#1204357). The following package changes have been done: - libksba8-1.3.5-150000.4.3.1 updated From sle-updates at lists.suse.com Sun Oct 23 08:18:07 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 23 Oct 2022 10:18:07 +0200 (CEST) Subject: SUSE-CU-2022:2641-1: Security update of suse/sle15 Message-ID: <20221023081807.76B85F78D@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2641-1 Container Tags : suse/sle15:15.2 , suse/sle15:15.2.9.5.210 Container Release : 9.5.210 Severity : critical Type : security References : 1204357 CVE-2022-3515 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3683-1 Released: Fri Oct 21 11:48:39 2022 Summary: Security update for libksba Type: security Severity: critical References: 1204357,CVE-2022-3515 This update for libksba fixes the following issues: - CVE-2022-3515: Fixed a possible overflow in the TLV parser (bsc#1204357). ----------------------------------------------------------------- Advisory ID: SUSE-feature-2022:3689-1 Released: Fri Oct 21 14:19:56 2022 Summary: Feature update for rpm Type: feature Severity: moderate References: This feature update for rpm provides: - Support Ed25519 RPM signatures (jsc#SLE-24714, jsc#SLE-24715) The following package changes have been done: - libksba8-1.3.5-150000.4.3.1 updated - rpm-4.14.1-150200.22.10.1 updated From sle-updates at lists.suse.com Sun Oct 23 08:23:22 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 23 Oct 2022 10:23:22 +0200 (CEST) Subject: SUSE-CU-2022:2642-1: Security update of bci/nodejs Message-ID: <20221023082322.A0596F78D@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2642-1 Container Tags : bci/node:12 , bci/node:12-17.17 , bci/nodejs:12 , bci/nodejs:12-17.17 Container Release : 17.17 Severity : critical Type : security References : 1204357 CVE-2022-3515 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3683-1 Released: Fri Oct 21 11:48:39 2022 Summary: Security update for libksba Type: security Severity: critical References: 1204357,CVE-2022-3515 This update for libksba fixes the following issues: - CVE-2022-3515: Fixed a possible overflow in the TLV parser (bsc#1204357). The following package changes have been done: - libksba8-1.3.5-150000.4.3.1 updated - container:sles15-image-15.0.0-17.20.52 updated From sle-updates at lists.suse.com Sun Oct 23 08:28:45 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 23 Oct 2022 10:28:45 +0200 (CEST) Subject: SUSE-CU-2022:2643-1: Security update of bci/python Message-ID: <20221023082845.AFBB8F78D@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2643-1 Container Tags : bci/python:3 , bci/python:3.9 , bci/python:3.9-19.15 Container Release : 19.15 Severity : critical Type : security References : 1204357 CVE-2022-3515 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3683-1 Released: Fri Oct 21 11:48:39 2022 Summary: Security update for libksba Type: security Severity: critical References: 1204357,CVE-2022-3515 This update for libksba fixes the following issues: - CVE-2022-3515: Fixed a possible overflow in the TLV parser (bsc#1204357). The following package changes have been done: - libksba8-1.3.5-150000.4.3.1 updated - container:sles15-image-15.0.0-17.20.52 updated From sle-updates at lists.suse.com Sun Oct 23 08:37:52 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 23 Oct 2022 10:37:52 +0200 (CEST) Subject: SUSE-CU-2022:2644-1: Security update of suse/sle15 Message-ID: <20221023083752.07C68F78D@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2644-1 Container Tags : bci/bci-base:15.3 , bci/bci-base:15.3.17.20.52 , suse/sle15:15.3 , suse/sle15:15.3.17.20.52 Container Release : 17.20.52 Severity : critical Type : security References : 1204357 CVE-2022-3515 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3683-1 Released: Fri Oct 21 11:48:39 2022 Summary: Security update for libksba Type: security Severity: critical References: 1204357,CVE-2022-3515 This update for libksba fixes the following issues: - CVE-2022-3515: Fixed a possible overflow in the TLV parser (bsc#1204357). The following package changes have been done: - libksba8-1.3.5-150000.4.3.1 updated From sle-updates at lists.suse.com Sun Oct 23 08:39:06 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 23 Oct 2022 10:39:06 +0200 (CEST) Subject: SUSE-CU-2022:2645-1: Security update of suse/389-ds Message-ID: <20221023083906.1F5D3F78D@maintenance.suse.de> SUSE Container Update Advisory: suse/389-ds ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2645-1 Container Tags : suse/389-ds:2.0 , suse/389-ds:2.0-17.16 , suse/389-ds:latest Container Release : 17.16 Severity : important Type : security References : 1121365 1180995 1182983 1190651 1190653 1190700 1190888 1191020 1193859 1198471 1198472 1199492 1201293 1201942 1202117 1202148 1202870 1203046 1203069 1204366 1204367 CVE-2022-40303 CVE-2022-40304 ----------------------------------------------------------------- The container suse/389-ds was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2796-1 Released: Fri Aug 12 14:34:31 2022 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: This update for jitterentropy fixes the following issues: jitterentropy is included in version 3.4.0 (jsc#SLE-24941): This is a FIPS 140-3 / NIST 800-90b compliant userspace jitter entropy generator library, used by other FIPS libraries. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3328-1 Released: Wed Sep 21 12:48:56 2022 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: 1202870 This update for jitterentropy fixes the following issues: - Hide the non-GNUC constructs that are library internal from the exported header, to make it usable in builds with strict C99 compliance. (bsc#1202870) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3452-1 Released: Wed Sep 28 12:13:43 2022 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1201942 This update for glibc fixes the following issues: - Reversing calculation of __x86_shared_non_temporal_threshold (bsc#1201942) - powerpc: Optimized memcmp for power10 (jsc#PED-987) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3551-1 Released: Fri Oct 7 17:03:55 2022 Summary: Recommended update for libgcrypt Type: recommended Severity: moderate References: 1182983,1190700,1191020,1202117 This update for libgcrypt fixes the following issues: - FIPS: Fixed gpg/gpg2 gets out of core handler in FIPS mode while typing Tab key to Auto-Completion. [bsc#1182983] - FIPS: Ported libgcrypt to use jitterentropy [bsc#1202117, jsc#SLE-24941] * Enable the jitter based entropy generator by default in random.conf * Update the internal jitterentropy to version 3.4.0 - FIPS: Get most of the entropy from rndjent_poll [bsc#1202117] - FIPS: Check keylength in gcry_fips_indicator_kdf() [bsc#1190700] * Consider approved keylength greater or equal to 112 bits. - FIPS: Zeroize buffer and digest in check_binary_integrity() [bsc#1191020] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3555-1 Released: Mon Oct 10 14:05:12 2022 Summary: Recommended update for aaa_base Type: recommended Severity: important References: 1199492 This update for aaa_base fixes the following issues: - The wrapper rootsh is not a restricted shell. (bsc#1199492) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3663-1 Released: Wed Oct 19 19:05:21 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1121365,1180995,1190651,1190653,1190888,1193859,1198471,1198472,1201293,1202148,1203046,1203069 This update for openssl-1_1 fixes the following issues: - FIPS: Default to RFC-7919 groups for genparam and dhparam - FIPS: list only FIPS approved digest and public key algorithms [bsc#1121365, bsc#1190888, bsc#1193859, bsc#1198471, bsc#1198472] - FIPS: Add KAT for the RAND_DRBG implementation [bsc#1203069] - FIPS: openssl: RAND api should call into FIPS DRBG [bsc#1201293] * The FIPS_drbg implementation is not FIPS validated anymore. To provide backwards compatibility for applications that need FIPS compliant RNG number generation and use FIPS_drbg_generate, this function was re-wired to call the FIPS validated DRBG instance instead through the RAND_bytes() call. - FIPS: Fix minor memory leaks by FIPS patch [bsc#1203046] - FIPS: OpenSSL: Port openssl to use jitterentropy [bsc#1202148, jsc#SLE-24941] libcrypto.so now requires libjitterentropy3 library. - FIPS: OpenSSL Provide a service-level indicator [bsc#1190651] - FIPS: Add zeroization of temporary variables to the hmac integrity function FIPSCHECK_verify(). [bsc#1190653] ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3692-1 Released: Fri Oct 21 16:15:07 2022 Summary: Security update for libxml2 Type: security Severity: important References: 1204366,1204367,CVE-2022-40303,CVE-2022-40304 This update for libxml2 fixes the following issues: - CVE-2022-40303: Fixed integer overflows with XML_PARSE_HUGE (bsc#1204366). - CVE-2022-40304: Fixed dict corruption caused by entity reference cycles (bsc#1204367). The following package changes have been done: - file-magic-5.32-7.14.1 added - system-user-root-20190513-3.3.1 added - filesystem-15.0-11.8.1 added - cracklib-dict-small-2.9.7-11.6.1 added - libldap-data-2.4.46-150200.14.11.2 added - libtirpc-netconfig-1.2.6-150300.3.14.1 added - glibc-2.31-150300.41.1 added - libsasl2-3-2.1.27-150300.4.6.1 added - libcrypt1-4.4.15-150300.4.4.3 added - perl-base-5.26.1-150300.17.11.1 added - libssh-config-0.9.6-150400.1.5 added - libzstd1-1.5.0-150400.1.71 added - libsepol1-3.1-150400.1.70 added - liblz4-1-1.9.3-150400.1.7 added - libgpg-error0-1.42-150400.1.101 added - libeconf0-0.4.4+git20220104.962774f-150400.1.38 added - libcap2-2.63-150400.1.7 added - libbz2-1-1.0.8-150400.1.122 added - libaudit1-3.0.6-150400.2.13 added - libnghttp2-14-1.40.0-6.1 added - libbrotlicommon1-1.0.7-3.3.1 added - libbrotlidec1-1.0.7-3.3.1 added - libuuid1-2.37.2-150400.8.3.1 added - libsmartcols1-2.37.2-150400.8.3.1 added - libcom_err2-1.46.4-150400.3.3.1 added - libblkid1-2.37.2-150400.8.3.1 added - libgcrypt20-1.9.4-150400.6.5.1 added - libgcrypt20-hmac-1.9.4-150400.6.5.1 added - libfdisk1-2.37.2-150400.8.3.1 added - libcap-ng0-0.7.9-4.37 added - libunistring2-0.9.10-1.1 added - libz1-1.2.11-150000.3.33.1 added - libsqlite3-0-3.39.3-150000.3.17.1 added - libpcre1-8.45-150000.20.13.1 added - liblzma5-5.2.3-150000.4.7.1 added - liblua5_3-5-5.3.6-3.6.1 added - libkeyutils1-1.6.3-5.6.1 added - libjitterentropy3-3.4.0-150000.1.6.1 added - libgmp10-6.1.2-4.9.1 added - libgcc_s1-11.3.0+git1637-150000.1.11.2 added - libidn2-0-2.2.0-3.6.1 added - libmagic1-5.32-7.14.1 added - libstdc++6-11.3.0+git1637-150000.1.11.2 added - libpsl5-0.20.1-150000.3.3.1 added - libncurses6-6.1-150000.5.12.1 added - terminfo-base-6.1-150000.5.12.1 added - ncurses-utils-6.1-150000.5.12.1 added - libverto1-0.2.6-3.20 added - libpopt0-1.16-3.22 added - libattr1-2.4.47-2.19 added - fillup-1.42-2.18 added - libzio1-1.06-2.20 added - libselinux1-3.1-150400.1.69 added - libreadline7-7.0-150400.25.22 added - libsemanage1-3.1-150400.1.65 added - bash-4.4-150400.25.22 added - bash-sh-4.4-150400.25.22 added - login_defs-4.8.1-150400.8.57 added - cpio-2.13-150400.1.98 added - libelf1-0.185-150400.5.3.1 added - libxml2-2-2.9.14-150400.5.10.1 added - libsystemd0-249.12-150400.8.10.1 added - libopenssl1_1-1.1.1l-150400.7.10.5 added - libopenssl1_1-hmac-1.1.1l-150400.7.10.5 added - libmount1-2.37.2-150400.8.3.1 added - libdw1-0.185-150400.5.3.1 added - libcrack2-2.9.7-11.6.1 added - cracklib-2.9.7-11.6.1 added - libldap-2_4-2-2.4.46-150200.14.11.2 added - libacl1-2.2.52-4.3.1 added - findutils-4.8.0-1.20 added - info-6.5-4.17 added - patterns-base-fips-20200124-150400.18.4 added - krb5-1.19.2-150400.1.9 added - coreutils-8.32-150400.7.5 added - libssh4-0.9.6-150400.1.5 added - sles-release-15.4-150400.55.1 added - sed-4.4-11.6 added - grep-3.1-150000.4.6.1 added - diffutils-3.6-4.3.1 added - libtirpc3-1.2.6-150300.3.14.1 added - libcurl4-7.79.1-150400.5.6.1 added - rpm-config-SUSE-1-150400.14.3.1 added - permissions-20201225-150400.5.11.1 added - libnsl2-1.2.0-2.44 added - rpm-ndb-4.14.3-150300.49.1 added - pam-1.3.0-150000.6.58.3 added - shadow-4.8.1-150400.8.57 added - sysuser-shadow-3.1-150400.1.35 added - system-group-hardware-20170617-150400.22.33 added - libutempter0-1.1.6-3.42 added - util-linux-2.37.2-150400.8.3.1 added - aaa_base-84.87+git20180409.04c9dae-150300.10.3.1 added - timezone-2022a-150000.75.10.1 added - libffi7-3.2.1.git259-10.8 added - crypto-policies-20210917.c9d86d1-150400.1.7 added - openssl-1_1-1.1.1l-150400.7.10.5 added - container:sles15-image-15.0.0-27.14.5 updated From sle-updates at lists.suse.com Sun Oct 23 08:40:32 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 23 Oct 2022 10:40:32 +0200 (CEST) Subject: SUSE-CU-2022:2646-1: Security update of bci/dotnet-sdk Message-ID: <20221023084032.A3F19F78D@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2646-1 Container Tags : bci/dotnet-sdk:3.1 , bci/dotnet-sdk:3.1-47.6 , bci/dotnet-sdk:3.1.30 , bci/dotnet-sdk:3.1.30-47.6 Container Release : 47.6 Severity : important Type : security References : 1121365 1180995 1182983 1190651 1190653 1190700 1190888 1191020 1193859 1198471 1198472 1199492 1201293 1202117 1202148 1202870 1203046 1203069 1204366 1204367 CVE-2022-40303 CVE-2022-40304 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2796-1 Released: Fri Aug 12 14:34:31 2022 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: This update for jitterentropy fixes the following issues: jitterentropy is included in version 3.4.0 (jsc#SLE-24941): This is a FIPS 140-3 / NIST 800-90b compliant userspace jitter entropy generator library, used by other FIPS libraries. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3328-1 Released: Wed Sep 21 12:48:56 2022 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: 1202870 This update for jitterentropy fixes the following issues: - Hide the non-GNUC constructs that are library internal from the exported header, to make it usable in builds with strict C99 compliance. (bsc#1202870) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3551-1 Released: Fri Oct 7 17:03:55 2022 Summary: Recommended update for libgcrypt Type: recommended Severity: moderate References: 1182983,1190700,1191020,1202117 This update for libgcrypt fixes the following issues: - FIPS: Fixed gpg/gpg2 gets out of core handler in FIPS mode while typing Tab key to Auto-Completion. [bsc#1182983] - FIPS: Ported libgcrypt to use jitterentropy [bsc#1202117, jsc#SLE-24941] * Enable the jitter based entropy generator by default in random.conf * Update the internal jitterentropy to version 3.4.0 - FIPS: Get most of the entropy from rndjent_poll [bsc#1202117] - FIPS: Check keylength in gcry_fips_indicator_kdf() [bsc#1190700] * Consider approved keylength greater or equal to 112 bits. - FIPS: Zeroize buffer and digest in check_binary_integrity() [bsc#1191020] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3555-1 Released: Mon Oct 10 14:05:12 2022 Summary: Recommended update for aaa_base Type: recommended Severity: important References: 1199492 This update for aaa_base fixes the following issues: - The wrapper rootsh is not a restricted shell. (bsc#1199492) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3663-1 Released: Wed Oct 19 19:05:21 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1121365,1180995,1190651,1190653,1190888,1193859,1198471,1198472,1201293,1202148,1203046,1203069 This update for openssl-1_1 fixes the following issues: - FIPS: Default to RFC-7919 groups for genparam and dhparam - FIPS: list only FIPS approved digest and public key algorithms [bsc#1121365, bsc#1190888, bsc#1193859, bsc#1198471, bsc#1198472] - FIPS: Add KAT for the RAND_DRBG implementation [bsc#1203069] - FIPS: openssl: RAND api should call into FIPS DRBG [bsc#1201293] * The FIPS_drbg implementation is not FIPS validated anymore. To provide backwards compatibility for applications that need FIPS compliant RNG number generation and use FIPS_drbg_generate, this function was re-wired to call the FIPS validated DRBG instance instead through the RAND_bytes() call. - FIPS: Fix minor memory leaks by FIPS patch [bsc#1203046] - FIPS: OpenSSL: Port openssl to use jitterentropy [bsc#1202148, jsc#SLE-24941] libcrypto.so now requires libjitterentropy3 library. - FIPS: OpenSSL Provide a service-level indicator [bsc#1190651] - FIPS: Add zeroization of temporary variables to the hmac integrity function FIPSCHECK_verify(). [bsc#1190653] ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3692-1 Released: Fri Oct 21 16:15:07 2022 Summary: Security update for libxml2 Type: security Severity: important References: 1204366,1204367,CVE-2022-40303,CVE-2022-40304 This update for libxml2 fixes the following issues: - CVE-2022-40303: Fixed integer overflows with XML_PARSE_HUGE (bsc#1204366). - CVE-2022-40304: Fixed dict corruption caused by entity reference cycles (bsc#1204367). The following package changes have been done: - file-magic-5.32-7.14.1 added - system-user-root-20190513-3.3.1 added - filesystem-15.0-11.8.1 added - cracklib-dict-small-2.9.7-11.6.1 added - libldap-data-2.4.46-150200.14.11.2 added - libtirpc-netconfig-1.2.6-150300.3.14.1 added - glibc-2.31-150300.41.1 added - libsasl2-3-2.1.27-150300.4.6.1 added - libcrypt1-4.4.15-150300.4.4.3 added - perl-base-5.26.1-150300.17.11.1 added - libssh-config-0.9.6-150400.1.5 added - libzstd1-1.5.0-150400.1.71 added - libsepol1-3.1-150400.1.70 added - liblz4-1-1.9.3-150400.1.7 added - libgpg-error0-1.42-150400.1.101 added - libeconf0-0.4.4+git20220104.962774f-150400.1.38 added - libcap2-2.63-150400.1.7 added - libbz2-1-1.0.8-150400.1.122 added - libaudit1-3.0.6-150400.2.13 added - libnghttp2-14-1.40.0-6.1 added - libbrotlicommon1-1.0.7-3.3.1 added - libbrotlidec1-1.0.7-3.3.1 added - libuuid1-2.37.2-150400.8.3.1 added - libsmartcols1-2.37.2-150400.8.3.1 added - libcom_err2-1.46.4-150400.3.3.1 added - libblkid1-2.37.2-150400.8.3.1 added - libgcrypt20-1.9.4-150400.6.5.1 added - libgcrypt20-hmac-1.9.4-150400.6.5.1 added - libfdisk1-2.37.2-150400.8.3.1 added - libcap-ng0-0.7.9-4.37 added - libunistring2-0.9.10-1.1 added - libz1-1.2.11-150000.3.33.1 added - libpcre1-8.45-150000.20.13.1 added - liblzma5-5.2.3-150000.4.7.1 added - liblua5_3-5-5.3.6-3.6.1 added - libkeyutils1-1.6.3-5.6.1 added - libjitterentropy3-3.4.0-150000.1.6.1 added - libgmp10-6.1.2-4.9.1 added - libgcc_s1-11.3.0+git1637-150000.1.11.2 added - libidn2-0-2.2.0-3.6.1 added - libmagic1-5.32-7.14.1 added - libstdc++6-11.3.0+git1637-150000.1.11.2 added - libpsl5-0.20.1-150000.3.3.1 added - libncurses6-6.1-150000.5.12.1 added - terminfo-base-6.1-150000.5.12.1 added - ncurses-utils-6.1-150000.5.12.1 added - libverto1-0.2.6-3.20 added - libpopt0-1.16-3.22 added - libattr1-2.4.47-2.19 added - fillup-1.42-2.18 added - libzio1-1.06-2.20 added - libselinux1-3.1-150400.1.69 added - libreadline7-7.0-150400.25.22 added - libsemanage1-3.1-150400.1.65 added - bash-4.4-150400.25.22 added - bash-sh-4.4-150400.25.22 added - login_defs-4.8.1-150400.8.57 added - cpio-2.13-150400.1.98 added - libelf1-0.185-150400.5.3.1 added - libxml2-2-2.9.14-150400.5.10.1 added - libsystemd0-249.12-150400.8.10.1 added - libopenssl1_1-1.1.1l-150400.7.10.5 added - libopenssl1_1-hmac-1.1.1l-150400.7.10.5 added - libmount1-2.37.2-150400.8.3.1 added - libdw1-0.185-150400.5.3.1 added - libcrack2-2.9.7-11.6.1 added - cracklib-2.9.7-11.6.1 added - libldap-2_4-2-2.4.46-150200.14.11.2 added - libacl1-2.2.52-4.3.1 added - findutils-4.8.0-1.20 added - info-6.5-4.17 added - patterns-base-fips-20200124-150400.18.4 added - krb5-1.19.2-150400.1.9 added - coreutils-8.32-150400.7.5 added - libssh4-0.9.6-150400.1.5 added - sles-release-15.4-150400.55.1 added - sed-4.4-11.6 added - grep-3.1-150000.4.6.1 added - diffutils-3.6-4.3.1 added - libtirpc3-1.2.6-150300.3.14.1 added - libcurl4-7.79.1-150400.5.6.1 added - rpm-config-SUSE-1-150400.14.3.1 added - permissions-20201225-150400.5.11.1 added - libnsl2-1.2.0-2.44 added - rpm-ndb-4.14.3-150300.49.1 added - pam-1.3.0-150000.6.58.3 added - shadow-4.8.1-150400.8.57 added - sysuser-shadow-3.1-150400.1.35 added - system-group-hardware-20170617-150400.22.33 added - libutempter0-1.1.6-3.42 added - util-linux-2.37.2-150400.8.3.1 added - aaa_base-84.87+git20180409.04c9dae-150300.10.3.1 added - timezone-2022a-150000.75.10.1 added - container:sles15-image-15.0.0-27.14.5 updated From sle-updates at lists.suse.com Sun Oct 23 08:41:43 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 23 Oct 2022 10:41:43 +0200 (CEST) Subject: SUSE-CU-2022:2647-1: Security update of bci/dotnet-sdk Message-ID: <20221023084143.7E9ACF78D@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2647-1 Container Tags : bci/dotnet-sdk:5.0 , bci/dotnet-sdk:5.0-35.22 , bci/dotnet-sdk:5.0.17 , bci/dotnet-sdk:5.0.17-35.22 Container Release : 35.22 Severity : important Type : security References : 1121365 1180995 1182983 1190651 1190653 1190700 1190888 1191020 1193859 1198471 1198472 1199492 1201293 1202117 1202148 1202870 1203046 1203069 1204366 1204367 CVE-2022-40303 CVE-2022-40304 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2796-1 Released: Fri Aug 12 14:34:31 2022 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: This update for jitterentropy fixes the following issues: jitterentropy is included in version 3.4.0 (jsc#SLE-24941): This is a FIPS 140-3 / NIST 800-90b compliant userspace jitter entropy generator library, used by other FIPS libraries. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3328-1 Released: Wed Sep 21 12:48:56 2022 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: 1202870 This update for jitterentropy fixes the following issues: - Hide the non-GNUC constructs that are library internal from the exported header, to make it usable in builds with strict C99 compliance. (bsc#1202870) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3551-1 Released: Fri Oct 7 17:03:55 2022 Summary: Recommended update for libgcrypt Type: recommended Severity: moderate References: 1182983,1190700,1191020,1202117 This update for libgcrypt fixes the following issues: - FIPS: Fixed gpg/gpg2 gets out of core handler in FIPS mode while typing Tab key to Auto-Completion. [bsc#1182983] - FIPS: Ported libgcrypt to use jitterentropy [bsc#1202117, jsc#SLE-24941] * Enable the jitter based entropy generator by default in random.conf * Update the internal jitterentropy to version 3.4.0 - FIPS: Get most of the entropy from rndjent_poll [bsc#1202117] - FIPS: Check keylength in gcry_fips_indicator_kdf() [bsc#1190700] * Consider approved keylength greater or equal to 112 bits. - FIPS: Zeroize buffer and digest in check_binary_integrity() [bsc#1191020] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3555-1 Released: Mon Oct 10 14:05:12 2022 Summary: Recommended update for aaa_base Type: recommended Severity: important References: 1199492 This update for aaa_base fixes the following issues: - The wrapper rootsh is not a restricted shell. (bsc#1199492) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3663-1 Released: Wed Oct 19 19:05:21 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1121365,1180995,1190651,1190653,1190888,1193859,1198471,1198472,1201293,1202148,1203046,1203069 This update for openssl-1_1 fixes the following issues: - FIPS: Default to RFC-7919 groups for genparam and dhparam - FIPS: list only FIPS approved digest and public key algorithms [bsc#1121365, bsc#1190888, bsc#1193859, bsc#1198471, bsc#1198472] - FIPS: Add KAT for the RAND_DRBG implementation [bsc#1203069] - FIPS: openssl: RAND api should call into FIPS DRBG [bsc#1201293] * The FIPS_drbg implementation is not FIPS validated anymore. To provide backwards compatibility for applications that need FIPS compliant RNG number generation and use FIPS_drbg_generate, this function was re-wired to call the FIPS validated DRBG instance instead through the RAND_bytes() call. - FIPS: Fix minor memory leaks by FIPS patch [bsc#1203046] - FIPS: OpenSSL: Port openssl to use jitterentropy [bsc#1202148, jsc#SLE-24941] libcrypto.so now requires libjitterentropy3 library. - FIPS: OpenSSL Provide a service-level indicator [bsc#1190651] - FIPS: Add zeroization of temporary variables to the hmac integrity function FIPSCHECK_verify(). [bsc#1190653] ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3692-1 Released: Fri Oct 21 16:15:07 2022 Summary: Security update for libxml2 Type: security Severity: important References: 1204366,1204367,CVE-2022-40303,CVE-2022-40304 This update for libxml2 fixes the following issues: - CVE-2022-40303: Fixed integer overflows with XML_PARSE_HUGE (bsc#1204366). - CVE-2022-40304: Fixed dict corruption caused by entity reference cycles (bsc#1204367). The following package changes have been done: - file-magic-5.32-7.14.1 added - system-user-root-20190513-3.3.1 added - filesystem-15.0-11.8.1 added - cracklib-dict-small-2.9.7-11.6.1 added - libldap-data-2.4.46-150200.14.11.2 added - libtirpc-netconfig-1.2.6-150300.3.14.1 added - glibc-2.31-150300.41.1 added - libsasl2-3-2.1.27-150300.4.6.1 added - libcrypt1-4.4.15-150300.4.4.3 added - perl-base-5.26.1-150300.17.11.1 added - libssh-config-0.9.6-150400.1.5 added - libzstd1-1.5.0-150400.1.71 added - libsepol1-3.1-150400.1.70 added - liblz4-1-1.9.3-150400.1.7 added - libgpg-error0-1.42-150400.1.101 added - libeconf0-0.4.4+git20220104.962774f-150400.1.38 added - libcap2-2.63-150400.1.7 added - libbz2-1-1.0.8-150400.1.122 added - libaudit1-3.0.6-150400.2.13 added - libnghttp2-14-1.40.0-6.1 added - libbrotlicommon1-1.0.7-3.3.1 added - libbrotlidec1-1.0.7-3.3.1 added - libuuid1-2.37.2-150400.8.3.1 added - libsmartcols1-2.37.2-150400.8.3.1 added - libcom_err2-1.46.4-150400.3.3.1 added - libblkid1-2.37.2-150400.8.3.1 added - libgcrypt20-1.9.4-150400.6.5.1 added - libgcrypt20-hmac-1.9.4-150400.6.5.1 added - libfdisk1-2.37.2-150400.8.3.1 added - libcap-ng0-0.7.9-4.37 added - libunistring2-0.9.10-1.1 added - libz1-1.2.11-150000.3.33.1 added - libpcre1-8.45-150000.20.13.1 added - liblzma5-5.2.3-150000.4.7.1 added - liblua5_3-5-5.3.6-3.6.1 added - libkeyutils1-1.6.3-5.6.1 added - libjitterentropy3-3.4.0-150000.1.6.1 added - libgmp10-6.1.2-4.9.1 added - libgcc_s1-11.3.0+git1637-150000.1.11.2 added - libidn2-0-2.2.0-3.6.1 added - libmagic1-5.32-7.14.1 added - libstdc++6-11.3.0+git1637-150000.1.11.2 added - libpsl5-0.20.1-150000.3.3.1 added - libncurses6-6.1-150000.5.12.1 added - terminfo-base-6.1-150000.5.12.1 added - ncurses-utils-6.1-150000.5.12.1 added - libverto1-0.2.6-3.20 added - libpopt0-1.16-3.22 added - libattr1-2.4.47-2.19 added - fillup-1.42-2.18 added - libzio1-1.06-2.20 added - libselinux1-3.1-150400.1.69 added - libreadline7-7.0-150400.25.22 added - libsemanage1-3.1-150400.1.65 added - bash-4.4-150400.25.22 added - bash-sh-4.4-150400.25.22 added - login_defs-4.8.1-150400.8.57 added - cpio-2.13-150400.1.98 added - libelf1-0.185-150400.5.3.1 added - libxml2-2-2.9.14-150400.5.10.1 added - libsystemd0-249.12-150400.8.10.1 added - libopenssl1_1-1.1.1l-150400.7.10.5 added - libopenssl1_1-hmac-1.1.1l-150400.7.10.5 added - libmount1-2.37.2-150400.8.3.1 added - libdw1-0.185-150400.5.3.1 added - libcrack2-2.9.7-11.6.1 added - cracklib-2.9.7-11.6.1 added - libldap-2_4-2-2.4.46-150200.14.11.2 added - libacl1-2.2.52-4.3.1 added - findutils-4.8.0-1.20 added - info-6.5-4.17 added - patterns-base-fips-20200124-150400.18.4 added - krb5-1.19.2-150400.1.9 added - coreutils-8.32-150400.7.5 added - libssh4-0.9.6-150400.1.5 added - sles-release-15.4-150400.55.1 added - sed-4.4-11.6 added - grep-3.1-150000.4.6.1 added - diffutils-3.6-4.3.1 added - libtirpc3-1.2.6-150300.3.14.1 added - libcurl4-7.79.1-150400.5.6.1 added - rpm-config-SUSE-1-150400.14.3.1 added - permissions-20201225-150400.5.11.1 added - libnsl2-1.2.0-2.44 added - rpm-ndb-4.14.3-150300.49.1 added - pam-1.3.0-150000.6.58.3 added - shadow-4.8.1-150400.8.57 added - sysuser-shadow-3.1-150400.1.35 added - system-group-hardware-20170617-150400.22.33 added - libutempter0-1.1.6-3.42 added - util-linux-2.37.2-150400.8.3.1 added - aaa_base-84.87+git20180409.04c9dae-150300.10.3.1 added - timezone-2022a-150000.75.10.1 added - container:sles15-image-15.0.0-27.14.5 updated From sle-updates at lists.suse.com Sun Oct 23 08:43:48 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 23 Oct 2022 10:43:48 +0200 (CEST) Subject: SUSE-CU-2022:2648-1: Security update of bci/golang Message-ID: <20221023084348.8754FFBAE@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2648-1 Container Tags : bci/golang:1.16 , bci/golang:1.16-30.61 Container Release : 30.61 Severity : important Type : security References : 1121365 1180995 1182983 1190651 1190653 1190700 1190888 1191020 1193859 1198471 1198472 1199492 1201293 1202117 1202148 1202870 1203046 1203069 1204366 1204367 CVE-2022-40303 CVE-2022-40304 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2796-1 Released: Fri Aug 12 14:34:31 2022 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: This update for jitterentropy fixes the following issues: jitterentropy is included in version 3.4.0 (jsc#SLE-24941): This is a FIPS 140-3 / NIST 800-90b compliant userspace jitter entropy generator library, used by other FIPS libraries. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3328-1 Released: Wed Sep 21 12:48:56 2022 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: 1202870 This update for jitterentropy fixes the following issues: - Hide the non-GNUC constructs that are library internal from the exported header, to make it usable in builds with strict C99 compliance. (bsc#1202870) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3551-1 Released: Fri Oct 7 17:03:55 2022 Summary: Recommended update for libgcrypt Type: recommended Severity: moderate References: 1182983,1190700,1191020,1202117 This update for libgcrypt fixes the following issues: - FIPS: Fixed gpg/gpg2 gets out of core handler in FIPS mode while typing Tab key to Auto-Completion. [bsc#1182983] - FIPS: Ported libgcrypt to use jitterentropy [bsc#1202117, jsc#SLE-24941] * Enable the jitter based entropy generator by default in random.conf * Update the internal jitterentropy to version 3.4.0 - FIPS: Get most of the entropy from rndjent_poll [bsc#1202117] - FIPS: Check keylength in gcry_fips_indicator_kdf() [bsc#1190700] * Consider approved keylength greater or equal to 112 bits. - FIPS: Zeroize buffer and digest in check_binary_integrity() [bsc#1191020] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3555-1 Released: Mon Oct 10 14:05:12 2022 Summary: Recommended update for aaa_base Type: recommended Severity: important References: 1199492 This update for aaa_base fixes the following issues: - The wrapper rootsh is not a restricted shell. (bsc#1199492) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3663-1 Released: Wed Oct 19 19:05:21 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1121365,1180995,1190651,1190653,1190888,1193859,1198471,1198472,1201293,1202148,1203046,1203069 This update for openssl-1_1 fixes the following issues: - FIPS: Default to RFC-7919 groups for genparam and dhparam - FIPS: list only FIPS approved digest and public key algorithms [bsc#1121365, bsc#1190888, bsc#1193859, bsc#1198471, bsc#1198472] - FIPS: Add KAT for the RAND_DRBG implementation [bsc#1203069] - FIPS: openssl: RAND api should call into FIPS DRBG [bsc#1201293] * The FIPS_drbg implementation is not FIPS validated anymore. To provide backwards compatibility for applications that need FIPS compliant RNG number generation and use FIPS_drbg_generate, this function was re-wired to call the FIPS validated DRBG instance instead through the RAND_bytes() call. - FIPS: Fix minor memory leaks by FIPS patch [bsc#1203046] - FIPS: OpenSSL: Port openssl to use jitterentropy [bsc#1202148, jsc#SLE-24941] libcrypto.so now requires libjitterentropy3 library. - FIPS: OpenSSL Provide a service-level indicator [bsc#1190651] - FIPS: Add zeroization of temporary variables to the hmac integrity function FIPSCHECK_verify(). [bsc#1190653] ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3692-1 Released: Fri Oct 21 16:15:07 2022 Summary: Security update for libxml2 Type: security Severity: important References: 1204366,1204367,CVE-2022-40303,CVE-2022-40304 This update for libxml2 fixes the following issues: - CVE-2022-40303: Fixed integer overflows with XML_PARSE_HUGE (bsc#1204366). - CVE-2022-40304: Fixed dict corruption caused by entity reference cycles (bsc#1204367). The following package changes have been done: - file-magic-5.32-7.14.1 added - system-user-root-20190513-3.3.1 added - filesystem-15.0-11.8.1 added - cracklib-dict-small-2.9.7-11.6.1 added - libldap-data-2.4.46-150200.14.11.2 added - libtirpc-netconfig-1.2.6-150300.3.14.1 added - glibc-2.31-150300.41.1 added - libsasl2-3-2.1.27-150300.4.6.1 added - libcrypt1-4.4.15-150300.4.4.3 added - perl-base-5.26.1-150300.17.11.1 added - libssh-config-0.9.6-150400.1.5 added - libzstd1-1.5.0-150400.1.71 added - libsepol1-3.1-150400.1.70 added - liblz4-1-1.9.3-150400.1.7 added - libgpg-error0-1.42-150400.1.101 added - libeconf0-0.4.4+git20220104.962774f-150400.1.38 added - libcap2-2.63-150400.1.7 added - libbz2-1-1.0.8-150400.1.122 added - libaudit1-3.0.6-150400.2.13 added - libnghttp2-14-1.40.0-6.1 added - libbrotlicommon1-1.0.7-3.3.1 added - libbrotlidec1-1.0.7-3.3.1 added - libuuid1-2.37.2-150400.8.3.1 added - libudev1-249.12-150400.8.10.1 added - libsmartcols1-2.37.2-150400.8.3.1 added - libcom_err2-1.46.4-150400.3.3.1 added - libblkid1-2.37.2-150400.8.3.1 added - libgcrypt20-1.9.4-150400.6.5.1 added - libgcrypt20-hmac-1.9.4-150400.6.5.1 added - libfdisk1-2.37.2-150400.8.3.1 added - libcap-ng0-0.7.9-4.37 added - libunistring2-0.9.10-1.1 added - libz1-1.2.11-150000.3.33.1 added - libpcre1-8.45-150000.20.13.1 added - liblzma5-5.2.3-150000.4.7.1 added - liblua5_3-5-5.3.6-3.6.1 added - libkeyutils1-1.6.3-5.6.1 added - libjitterentropy3-3.4.0-150000.1.6.1 added - libgmp10-6.1.2-4.9.1 added - libgcc_s1-11.3.0+git1637-150000.1.11.2 added - libidn2-0-2.2.0-3.6.1 added - libmagic1-5.32-7.14.1 added - libstdc++6-11.3.0+git1637-150000.1.11.2 added - libpsl5-0.20.1-150000.3.3.1 added - libncurses6-6.1-150000.5.12.1 added - terminfo-base-6.1-150000.5.12.1 added - ncurses-utils-6.1-150000.5.12.1 added - libverto1-0.2.6-3.20 added - libpopt0-1.16-3.22 added - libattr1-2.4.47-2.19 added - fillup-1.42-2.18 added - libzio1-1.06-2.20 added - libselinux1-3.1-150400.1.69 added - libreadline7-7.0-150400.25.22 added - libsemanage1-3.1-150400.1.65 added - bash-4.4-150400.25.22 added - bash-sh-4.4-150400.25.22 added - login_defs-4.8.1-150400.8.57 added - cpio-2.13-150400.1.98 added - libelf1-0.185-150400.5.3.1 added - libxml2-2-2.9.14-150400.5.10.1 added - libsystemd0-249.12-150400.8.10.1 added - libopenssl1_1-1.1.1l-150400.7.10.5 added - libopenssl1_1-hmac-1.1.1l-150400.7.10.5 added - libmount1-2.37.2-150400.8.3.1 added - libdw1-0.185-150400.5.3.1 added - libcrack2-2.9.7-11.6.1 added - cracklib-2.9.7-11.6.1 added - libldap-2_4-2-2.4.46-150200.14.11.2 added - libacl1-2.2.52-4.3.1 added - findutils-4.8.0-1.20 added - info-6.5-4.17 added - patterns-base-fips-20200124-150400.18.4 added - krb5-1.19.2-150400.1.9 added - coreutils-8.32-150400.7.5 added - libssh4-0.9.6-150400.1.5 added - sles-release-15.4-150400.55.1 added - sed-4.4-11.6 added - grep-3.1-150000.4.6.1 added - diffutils-3.6-4.3.1 added - libtirpc3-1.2.6-150300.3.14.1 added - libcurl4-7.79.1-150400.5.6.1 added - rpm-config-SUSE-1-150400.14.3.1 added - permissions-20201225-150400.5.11.1 added - libnsl2-1.2.0-2.44 added - rpm-ndb-4.14.3-150300.49.1 added - pam-1.3.0-150000.6.58.3 added - shadow-4.8.1-150400.8.57 added - sysuser-shadow-3.1-150400.1.35 added - system-group-hardware-20170617-150400.22.33 added - libutempter0-1.1.6-3.42 added - util-linux-2.37.2-150400.8.3.1 added - aaa_base-84.87+git20180409.04c9dae-150300.10.3.1 added - timezone-2022a-150000.75.10.1 added - container:sles15-image-15.0.0-27.14.5 updated From sle-updates at lists.suse.com Sun Oct 23 08:45:58 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 23 Oct 2022 10:45:58 +0200 (CEST) Subject: SUSE-CU-2022:2649-1: Security update of bci/golang Message-ID: <20221023084558.4B2B8FBAE@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2649-1 Container Tags : bci/golang:1.17 , bci/golang:1.17-29.61 Container Release : 29.61 Severity : important Type : security References : 1121365 1180995 1182983 1190651 1190653 1190700 1190888 1191020 1193859 1198471 1198472 1199492 1201293 1202117 1202148 1202870 1203046 1203069 1204366 1204367 CVE-2022-40303 CVE-2022-40304 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2796-1 Released: Fri Aug 12 14:34:31 2022 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: This update for jitterentropy fixes the following issues: jitterentropy is included in version 3.4.0 (jsc#SLE-24941): This is a FIPS 140-3 / NIST 800-90b compliant userspace jitter entropy generator library, used by other FIPS libraries. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3328-1 Released: Wed Sep 21 12:48:56 2022 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: 1202870 This update for jitterentropy fixes the following issues: - Hide the non-GNUC constructs that are library internal from the exported header, to make it usable in builds with strict C99 compliance. (bsc#1202870) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3551-1 Released: Fri Oct 7 17:03:55 2022 Summary: Recommended update for libgcrypt Type: recommended Severity: moderate References: 1182983,1190700,1191020,1202117 This update for libgcrypt fixes the following issues: - FIPS: Fixed gpg/gpg2 gets out of core handler in FIPS mode while typing Tab key to Auto-Completion. [bsc#1182983] - FIPS: Ported libgcrypt to use jitterentropy [bsc#1202117, jsc#SLE-24941] * Enable the jitter based entropy generator by default in random.conf * Update the internal jitterentropy to version 3.4.0 - FIPS: Get most of the entropy from rndjent_poll [bsc#1202117] - FIPS: Check keylength in gcry_fips_indicator_kdf() [bsc#1190700] * Consider approved keylength greater or equal to 112 bits. - FIPS: Zeroize buffer and digest in check_binary_integrity() [bsc#1191020] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3555-1 Released: Mon Oct 10 14:05:12 2022 Summary: Recommended update for aaa_base Type: recommended Severity: important References: 1199492 This update for aaa_base fixes the following issues: - The wrapper rootsh is not a restricted shell. (bsc#1199492) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3663-1 Released: Wed Oct 19 19:05:21 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1121365,1180995,1190651,1190653,1190888,1193859,1198471,1198472,1201293,1202148,1203046,1203069 This update for openssl-1_1 fixes the following issues: - FIPS: Default to RFC-7919 groups for genparam and dhparam - FIPS: list only FIPS approved digest and public key algorithms [bsc#1121365, bsc#1190888, bsc#1193859, bsc#1198471, bsc#1198472] - FIPS: Add KAT for the RAND_DRBG implementation [bsc#1203069] - FIPS: openssl: RAND api should call into FIPS DRBG [bsc#1201293] * The FIPS_drbg implementation is not FIPS validated anymore. To provide backwards compatibility for applications that need FIPS compliant RNG number generation and use FIPS_drbg_generate, this function was re-wired to call the FIPS validated DRBG instance instead through the RAND_bytes() call. - FIPS: Fix minor memory leaks by FIPS patch [bsc#1203046] - FIPS: OpenSSL: Port openssl to use jitterentropy [bsc#1202148, jsc#SLE-24941] libcrypto.so now requires libjitterentropy3 library. - FIPS: OpenSSL Provide a service-level indicator [bsc#1190651] - FIPS: Add zeroization of temporary variables to the hmac integrity function FIPSCHECK_verify(). [bsc#1190653] ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3692-1 Released: Fri Oct 21 16:15:07 2022 Summary: Security update for libxml2 Type: security Severity: important References: 1204366,1204367,CVE-2022-40303,CVE-2022-40304 This update for libxml2 fixes the following issues: - CVE-2022-40303: Fixed integer overflows with XML_PARSE_HUGE (bsc#1204366). - CVE-2022-40304: Fixed dict corruption caused by entity reference cycles (bsc#1204367). The following package changes have been done: - file-magic-5.32-7.14.1 added - system-user-root-20190513-3.3.1 added - filesystem-15.0-11.8.1 added - cracklib-dict-small-2.9.7-11.6.1 added - libldap-data-2.4.46-150200.14.11.2 added - libtirpc-netconfig-1.2.6-150300.3.14.1 added - glibc-2.31-150300.41.1 added - libsasl2-3-2.1.27-150300.4.6.1 added - libcrypt1-4.4.15-150300.4.4.3 added - perl-base-5.26.1-150300.17.11.1 added - libssh-config-0.9.6-150400.1.5 added - libzstd1-1.5.0-150400.1.71 added - libsepol1-3.1-150400.1.70 added - liblz4-1-1.9.3-150400.1.7 added - libgpg-error0-1.42-150400.1.101 added - libeconf0-0.4.4+git20220104.962774f-150400.1.38 added - libcap2-2.63-150400.1.7 added - libbz2-1-1.0.8-150400.1.122 added - libaudit1-3.0.6-150400.2.13 added - libnghttp2-14-1.40.0-6.1 added - libbrotlicommon1-1.0.7-3.3.1 added - libbrotlidec1-1.0.7-3.3.1 added - libuuid1-2.37.2-150400.8.3.1 added - libudev1-249.12-150400.8.10.1 added - libsmartcols1-2.37.2-150400.8.3.1 added - libcom_err2-1.46.4-150400.3.3.1 added - libblkid1-2.37.2-150400.8.3.1 added - libgcrypt20-1.9.4-150400.6.5.1 added - libgcrypt20-hmac-1.9.4-150400.6.5.1 added - libfdisk1-2.37.2-150400.8.3.1 added - libcap-ng0-0.7.9-4.37 added - libunistring2-0.9.10-1.1 added - libz1-1.2.11-150000.3.33.1 added - libpcre1-8.45-150000.20.13.1 added - liblzma5-5.2.3-150000.4.7.1 added - liblua5_3-5-5.3.6-3.6.1 added - libkeyutils1-1.6.3-5.6.1 added - libjitterentropy3-3.4.0-150000.1.6.1 added - libgmp10-6.1.2-4.9.1 added - libgcc_s1-11.3.0+git1637-150000.1.11.2 added - libidn2-0-2.2.0-3.6.1 added - libmagic1-5.32-7.14.1 added - libstdc++6-11.3.0+git1637-150000.1.11.2 added - libpsl5-0.20.1-150000.3.3.1 added - libncurses6-6.1-150000.5.12.1 added - terminfo-base-6.1-150000.5.12.1 added - ncurses-utils-6.1-150000.5.12.1 added - libverto1-0.2.6-3.20 added - libpopt0-1.16-3.22 added - libattr1-2.4.47-2.19 added - fillup-1.42-2.18 added - libzio1-1.06-2.20 added - libselinux1-3.1-150400.1.69 added - libreadline7-7.0-150400.25.22 added - libsemanage1-3.1-150400.1.65 added - bash-4.4-150400.25.22 added - bash-sh-4.4-150400.25.22 added - login_defs-4.8.1-150400.8.57 added - cpio-2.13-150400.1.98 added - libelf1-0.185-150400.5.3.1 added - libxml2-2-2.9.14-150400.5.10.1 added - libsystemd0-249.12-150400.8.10.1 added - libopenssl1_1-1.1.1l-150400.7.10.5 added - libopenssl1_1-hmac-1.1.1l-150400.7.10.5 added - libmount1-2.37.2-150400.8.3.1 added - libdw1-0.185-150400.5.3.1 added - libcrack2-2.9.7-11.6.1 added - cracklib-2.9.7-11.6.1 added - libldap-2_4-2-2.4.46-150200.14.11.2 added - libacl1-2.2.52-4.3.1 added - findutils-4.8.0-1.20 added - info-6.5-4.17 added - patterns-base-fips-20200124-150400.18.4 added - krb5-1.19.2-150400.1.9 added - coreutils-8.32-150400.7.5 added - libssh4-0.9.6-150400.1.5 added - sles-release-15.4-150400.55.1 added - sed-4.4-11.6 added - grep-3.1-150000.4.6.1 added - diffutils-3.6-4.3.1 added - libtirpc3-1.2.6-150300.3.14.1 added - libcurl4-7.79.1-150400.5.6.1 added - rpm-config-SUSE-1-150400.14.3.1 added - permissions-20201225-150400.5.11.1 added - libnsl2-1.2.0-2.44 added - rpm-ndb-4.14.3-150300.49.1 added - pam-1.3.0-150000.6.58.3 added - shadow-4.8.1-150400.8.57 added - sysuser-shadow-3.1-150400.1.35 added - system-group-hardware-20170617-150400.22.33 added - libutempter0-1.1.6-3.42 added - util-linux-2.37.2-150400.8.3.1 added - aaa_base-84.87+git20180409.04c9dae-150300.10.3.1 added - timezone-2022a-150000.75.10.1 added - container:sles15-image-15.0.0-27.14.5 updated From sle-updates at lists.suse.com Sun Oct 23 08:47:38 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 23 Oct 2022 10:47:38 +0200 (CEST) Subject: SUSE-CU-2022:2650-1: Security update of suse/pcp Message-ID: <20221023084738.D8BD3FBAE@maintenance.suse.de> SUSE Container Update Advisory: suse/pcp ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2650-1 Container Tags : suse/pcp:5 , suse/pcp:5.2 , suse/pcp:5.2.2 , suse/pcp:5.2.2-11.24 , suse/pcp:latest Container Release : 11.24 Severity : critical Type : security References : 1121365 1180995 1182983 1190651 1190653 1190700 1190888 1191020 1193859 1198471 1198472 1198523 1199492 1201293 1202117 1202148 1202870 1203046 1203069 1203438 1204366 1204367 CVE-2022-40303 CVE-2022-40304 CVE-2022-40674 ----------------------------------------------------------------- The container suse/pcp was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2796-1 Released: Fri Aug 12 14:34:31 2022 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: This update for jitterentropy fixes the following issues: jitterentropy is included in version 3.4.0 (jsc#SLE-24941): This is a FIPS 140-3 / NIST 800-90b compliant userspace jitter entropy generator library, used by other FIPS libraries. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3328-1 Released: Wed Sep 21 12:48:56 2022 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: 1202870 This update for jitterentropy fixes the following issues: - Hide the non-GNUC constructs that are library internal from the exported header, to make it usable in builds with strict C99 compliance. (bsc#1202870) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3489-1 Released: Sat Oct 1 13:35:24 2022 Summary: Security update for expat Type: security Severity: important References: 1203438,CVE-2022-40674 This update for expat fixes the following issues: - CVE-2022-40674: Fixed use-after-free in the doContent function in xmlparse.c (bsc#1203438). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3521-1 Released: Tue Oct 4 14:18:56 2022 Summary: Recommended update for lvm2 Type: recommended Severity: critical References: 1198523 This update for lvm2 fixes the following issues: - Add additional check in the package to prevent removal of device-mapper library files during install (bsc#1198523) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3551-1 Released: Fri Oct 7 17:03:55 2022 Summary: Recommended update for libgcrypt Type: recommended Severity: moderate References: 1182983,1190700,1191020,1202117 This update for libgcrypt fixes the following issues: - FIPS: Fixed gpg/gpg2 gets out of core handler in FIPS mode while typing Tab key to Auto-Completion. [bsc#1182983] - FIPS: Ported libgcrypt to use jitterentropy [bsc#1202117, jsc#SLE-24941] * Enable the jitter based entropy generator by default in random.conf * Update the internal jitterentropy to version 3.4.0 - FIPS: Get most of the entropy from rndjent_poll [bsc#1202117] - FIPS: Check keylength in gcry_fips_indicator_kdf() [bsc#1190700] * Consider approved keylength greater or equal to 112 bits. - FIPS: Zeroize buffer and digest in check_binary_integrity() [bsc#1191020] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3555-1 Released: Mon Oct 10 14:05:12 2022 Summary: Recommended update for aaa_base Type: recommended Severity: important References: 1199492 This update for aaa_base fixes the following issues: - The wrapper rootsh is not a restricted shell. (bsc#1199492) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3663-1 Released: Wed Oct 19 19:05:21 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1121365,1180995,1190651,1190653,1190888,1193859,1198471,1198472,1201293,1202148,1203046,1203069 This update for openssl-1_1 fixes the following issues: - FIPS: Default to RFC-7919 groups for genparam and dhparam - FIPS: list only FIPS approved digest and public key algorithms [bsc#1121365, bsc#1190888, bsc#1193859, bsc#1198471, bsc#1198472] - FIPS: Add KAT for the RAND_DRBG implementation [bsc#1203069] - FIPS: openssl: RAND api should call into FIPS DRBG [bsc#1201293] * The FIPS_drbg implementation is not FIPS validated anymore. To provide backwards compatibility for applications that need FIPS compliant RNG number generation and use FIPS_drbg_generate, this function was re-wired to call the FIPS validated DRBG instance instead through the RAND_bytes() call. - FIPS: Fix minor memory leaks by FIPS patch [bsc#1203046] - FIPS: OpenSSL: Port openssl to use jitterentropy [bsc#1202148, jsc#SLE-24941] libcrypto.so now requires libjitterentropy3 library. - FIPS: OpenSSL Provide a service-level indicator [bsc#1190651] - FIPS: Add zeroization of temporary variables to the hmac integrity function FIPSCHECK_verify(). [bsc#1190653] ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3692-1 Released: Fri Oct 21 16:15:07 2022 Summary: Security update for libxml2 Type: security Severity: important References: 1204366,1204367,CVE-2022-40303,CVE-2022-40304 This update for libxml2 fixes the following issues: - CVE-2022-40303: Fixed integer overflows with XML_PARSE_HUGE (bsc#1204366). - CVE-2022-40304: Fixed dict corruption caused by entity reference cycles (bsc#1204367). The following package changes have been done: - file-magic-5.32-7.14.1 added - system-user-root-20190513-3.3.1 added - filesystem-15.0-11.8.1 added - cracklib-dict-small-2.9.7-11.6.1 added - libldap-data-2.4.46-150200.14.11.2 added - libtirpc-netconfig-1.2.6-150300.3.14.1 added - glibc-2.31-150300.41.1 added - libsasl2-3-2.1.27-150300.4.6.1 added - libcrypt1-4.4.15-150300.4.4.3 added - perl-base-5.26.1-150300.17.11.1 added - libssh-config-0.9.6-150400.1.5 added - libzstd1-1.5.0-150400.1.71 added - libsepol1-3.1-150400.1.70 added - liblz4-1-1.9.3-150400.1.7 added - libgpg-error0-1.42-150400.1.101 added - libeconf0-0.4.4+git20220104.962774f-150400.1.38 added - libcap2-2.63-150400.1.7 added - libbz2-1-1.0.8-150400.1.122 added - libaudit1-3.0.6-150400.2.13 added - libnghttp2-14-1.40.0-6.1 added - libbrotlicommon1-1.0.7-3.3.1 added - libbrotlidec1-1.0.7-3.3.1 added - libuuid1-2.37.2-150400.8.3.1 added - libudev1-249.12-150400.8.10.1 added - libsmartcols1-2.37.2-150400.8.3.1 added - libcom_err2-1.46.4-150400.3.3.1 added - libblkid1-2.37.2-150400.8.3.1 added - libgcrypt20-1.9.4-150400.6.5.1 added - libgcrypt20-hmac-1.9.4-150400.6.5.1 added - libfdisk1-2.37.2-150400.8.3.1 added - libcap-ng0-0.7.9-4.37 added - libunistring2-0.9.10-1.1 added - libz1-1.2.11-150000.3.33.1 added - libsqlite3-0-3.39.3-150000.3.17.1 added - libpcre1-8.45-150000.20.13.1 added - liblzma5-5.2.3-150000.4.7.1 added - liblua5_3-5-5.3.6-3.6.1 added - libkeyutils1-1.6.3-5.6.1 added - libjitterentropy3-3.4.0-150000.1.6.1 added - libgmp10-6.1.2-4.9.1 added - libgcc_s1-11.3.0+git1637-150000.1.11.2 added - libidn2-0-2.2.0-3.6.1 added - libmagic1-5.32-7.14.1 added - libstdc++6-11.3.0+git1637-150000.1.11.2 added - libpsl5-0.20.1-150000.3.3.1 added - libncurses6-6.1-150000.5.12.1 added - terminfo-base-6.1-150000.5.12.1 added - ncurses-utils-6.1-150000.5.12.1 added - libverto1-0.2.6-3.20 added - libpopt0-1.16-3.22 added - libattr1-2.4.47-2.19 added - fillup-1.42-2.18 added - libzio1-1.06-2.20 added - libselinux1-3.1-150400.1.69 added - libreadline7-7.0-150400.25.22 added - libsemanage1-3.1-150400.1.65 added - bash-4.4-150400.25.22 added - bash-sh-4.4-150400.25.22 added - login_defs-4.8.1-150400.8.57 added - cpio-2.13-150400.1.98 added - libelf1-0.185-150400.5.3.1 added - libxml2-2-2.9.14-150400.5.10.1 added - libsystemd0-249.12-150400.8.10.1 added - libopenssl1_1-1.1.1l-150400.7.10.5 added - libopenssl1_1-hmac-1.1.1l-150400.7.10.5 added - libmount1-2.37.2-150400.8.3.1 added - libdw1-0.185-150400.5.3.1 added - libcrack2-2.9.7-11.6.1 added - cracklib-2.9.7-11.6.1 added - libldap-2_4-2-2.4.46-150200.14.11.2 added - libacl1-2.2.52-4.3.1 added - findutils-4.8.0-1.20 added - info-6.5-4.17 added - patterns-base-fips-20200124-150400.18.4 added - krb5-1.19.2-150400.1.9 added - coreutils-8.32-150400.7.5 added - libssh4-0.9.6-150400.1.5 added - sles-release-15.4-150400.55.1 added - sed-4.4-11.6 added - grep-3.1-150000.4.6.1 added - diffutils-3.6-4.3.1 added - libtirpc3-1.2.6-150300.3.14.1 added - libcurl4-7.79.1-150400.5.6.1 added - rpm-config-SUSE-1-150400.14.3.1 added - permissions-20201225-150400.5.11.1 added - libnsl2-1.2.0-2.44 added - rpm-ndb-4.14.3-150300.49.1 added - pam-1.3.0-150000.6.58.3 added - shadow-4.8.1-150400.8.57 added - sysuser-shadow-3.1-150400.1.35 added - system-group-hardware-20170617-150400.22.33 added - libutempter0-1.1.6-3.42 added - util-linux-2.37.2-150400.8.3.1 added - aaa_base-84.87+git20180409.04c9dae-150300.10.3.1 added - netcfg-11.6-3.3.1 added - timezone-2022a-150000.75.10.1 added - libffi7-3.2.1.git259-10.8 added - libp11-kit0-0.23.22-150400.1.10 added - gzip-1.10-150200.10.1 added - kbd-legacy-2.4.0-150400.3.5 added - libapparmor1-3.0.4-150400.3.3 added - libargon2-1-0.0+git20171227.670229c-2.14 added - libdbus-1-3-1.12.2-150400.16.52 added - libdevmapper1_03-1.02.163-150400.178.1 added - libexpat1-2.4.4-150400.3.9.1 added - libip4tc2-1.8.7-1.1 added - libjson-c3-0.13-3.3.1 added - libkmod2-29-4.15.1 added - libseccomp2-2.5.3-150400.2.4 added - pam-config-1.1-3.3.1 added - pkg-config-0.29.2-1.436 added - systemd-default-settings-branding-SLE-0.7-3.2.1 added - systemd-default-settings-0.7-3.2.1 added - systemd-presets-common-SUSE-15-150100.8.17.1 added - update-alternatives-1.19.0.4-4.3.1 added - kbd-2.4.0-150400.3.5 added - libcryptsetup12-2.4.3-150400.1.110 added - libcryptsetup12-hmac-2.4.3-150400.1.110 added - systemd-presets-branding-SLE-15.1-150100.20.11.1 added - dbus-1-1.12.2-150400.16.52 added - systemd-249.12-150400.8.10.1 added - container:bci-bci-init-15.4-15.4-24.6 updated From sle-updates at lists.suse.com Sun Oct 23 08:48:57 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 23 Oct 2022 10:48:57 +0200 (CEST) Subject: SUSE-CU-2022:2651-1: Security update of bci/rust Message-ID: <20221023084857.9CA9FFBAE@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2651-1 Container Tags : bci/rust:1.59 , bci/rust:1.59-9.71 Container Release : 9.71 Severity : important Type : security References : 1121365 1180995 1182983 1190651 1190653 1190700 1190888 1191020 1193859 1198471 1198472 1199492 1201293 1202117 1202148 1202870 1203046 1203069 1204366 1204367 CVE-2022-40303 CVE-2022-40304 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2796-1 Released: Fri Aug 12 14:34:31 2022 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: This update for jitterentropy fixes the following issues: jitterentropy is included in version 3.4.0 (jsc#SLE-24941): This is a FIPS 140-3 / NIST 800-90b compliant userspace jitter entropy generator library, used by other FIPS libraries. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3328-1 Released: Wed Sep 21 12:48:56 2022 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: 1202870 This update for jitterentropy fixes the following issues: - Hide the non-GNUC constructs that are library internal from the exported header, to make it usable in builds with strict C99 compliance. (bsc#1202870) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3551-1 Released: Fri Oct 7 17:03:55 2022 Summary: Recommended update for libgcrypt Type: recommended Severity: moderate References: 1182983,1190700,1191020,1202117 This update for libgcrypt fixes the following issues: - FIPS: Fixed gpg/gpg2 gets out of core handler in FIPS mode while typing Tab key to Auto-Completion. [bsc#1182983] - FIPS: Ported libgcrypt to use jitterentropy [bsc#1202117, jsc#SLE-24941] * Enable the jitter based entropy generator by default in random.conf * Update the internal jitterentropy to version 3.4.0 - FIPS: Get most of the entropy from rndjent_poll [bsc#1202117] - FIPS: Check keylength in gcry_fips_indicator_kdf() [bsc#1190700] * Consider approved keylength greater or equal to 112 bits. - FIPS: Zeroize buffer and digest in check_binary_integrity() [bsc#1191020] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3555-1 Released: Mon Oct 10 14:05:12 2022 Summary: Recommended update for aaa_base Type: recommended Severity: important References: 1199492 This update for aaa_base fixes the following issues: - The wrapper rootsh is not a restricted shell. (bsc#1199492) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3663-1 Released: Wed Oct 19 19:05:21 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1121365,1180995,1190651,1190653,1190888,1193859,1198471,1198472,1201293,1202148,1203046,1203069 This update for openssl-1_1 fixes the following issues: - FIPS: Default to RFC-7919 groups for genparam and dhparam - FIPS: list only FIPS approved digest and public key algorithms [bsc#1121365, bsc#1190888, bsc#1193859, bsc#1198471, bsc#1198472] - FIPS: Add KAT for the RAND_DRBG implementation [bsc#1203069] - FIPS: openssl: RAND api should call into FIPS DRBG [bsc#1201293] * The FIPS_drbg implementation is not FIPS validated anymore. To provide backwards compatibility for applications that need FIPS compliant RNG number generation and use FIPS_drbg_generate, this function was re-wired to call the FIPS validated DRBG instance instead through the RAND_bytes() call. - FIPS: Fix minor memory leaks by FIPS patch [bsc#1203046] - FIPS: OpenSSL: Port openssl to use jitterentropy [bsc#1202148, jsc#SLE-24941] libcrypto.so now requires libjitterentropy3 library. - FIPS: OpenSSL Provide a service-level indicator [bsc#1190651] - FIPS: Add zeroization of temporary variables to the hmac integrity function FIPSCHECK_verify(). [bsc#1190653] ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3692-1 Released: Fri Oct 21 16:15:07 2022 Summary: Security update for libxml2 Type: security Severity: important References: 1204366,1204367,CVE-2022-40303,CVE-2022-40304 This update for libxml2 fixes the following issues: - CVE-2022-40303: Fixed integer overflows with XML_PARSE_HUGE (bsc#1204366). - CVE-2022-40304: Fixed dict corruption caused by entity reference cycles (bsc#1204367). The following package changes have been done: - file-magic-5.32-7.14.1 added - system-user-root-20190513-3.3.1 added - filesystem-15.0-11.8.1 added - cracklib-dict-small-2.9.7-11.6.1 added - libldap-data-2.4.46-150200.14.11.2 added - libtirpc-netconfig-1.2.6-150300.3.14.1 added - glibc-2.31-150300.41.1 added - libsasl2-3-2.1.27-150300.4.6.1 added - libcrypt1-4.4.15-150300.4.4.3 added - perl-base-5.26.1-150300.17.11.1 added - libssh-config-0.9.6-150400.1.5 added - libzstd1-1.5.0-150400.1.71 added - libsepol1-3.1-150400.1.70 added - liblz4-1-1.9.3-150400.1.7 added - libgpg-error0-1.42-150400.1.101 added - libeconf0-0.4.4+git20220104.962774f-150400.1.38 added - libcap2-2.63-150400.1.7 added - libbz2-1-1.0.8-150400.1.122 added - libaudit1-3.0.6-150400.2.13 added - libnghttp2-14-1.40.0-6.1 added - libbrotlicommon1-1.0.7-3.3.1 added - libbrotlidec1-1.0.7-3.3.1 added - libuuid1-2.37.2-150400.8.3.1 added - libsmartcols1-2.37.2-150400.8.3.1 added - libcom_err2-1.46.4-150400.3.3.1 added - libblkid1-2.37.2-150400.8.3.1 added - libgcrypt20-1.9.4-150400.6.5.1 added - libgcrypt20-hmac-1.9.4-150400.6.5.1 added - libfdisk1-2.37.2-150400.8.3.1 added - libcap-ng0-0.7.9-4.37 added - libunistring2-0.9.10-1.1 added - libz1-1.2.11-150000.3.33.1 added - libpcre1-8.45-150000.20.13.1 added - liblzma5-5.2.3-150000.4.7.1 added - liblua5_3-5-5.3.6-3.6.1 added - libkeyutils1-1.6.3-5.6.1 added - libjitterentropy3-3.4.0-150000.1.6.1 added - libgmp10-6.1.2-4.9.1 added - libgcc_s1-11.3.0+git1637-150000.1.11.2 added - libidn2-0-2.2.0-3.6.1 added - libmagic1-5.32-7.14.1 added - libstdc++6-11.3.0+git1637-150000.1.11.2 added - libpsl5-0.20.1-150000.3.3.1 added - libncurses6-6.1-150000.5.12.1 added - terminfo-base-6.1-150000.5.12.1 added - ncurses-utils-6.1-150000.5.12.1 added - libverto1-0.2.6-3.20 added - libpopt0-1.16-3.22 added - libattr1-2.4.47-2.19 added - fillup-1.42-2.18 added - libzio1-1.06-2.20 added - libselinux1-3.1-150400.1.69 added - libreadline7-7.0-150400.25.22 added - libsemanage1-3.1-150400.1.65 added - bash-4.4-150400.25.22 added - bash-sh-4.4-150400.25.22 added - login_defs-4.8.1-150400.8.57 added - cpio-2.13-150400.1.98 added - libelf1-0.185-150400.5.3.1 added - libxml2-2-2.9.14-150400.5.10.1 added - libsystemd0-249.12-150400.8.10.1 added - libopenssl1_1-1.1.1l-150400.7.10.5 added - libopenssl1_1-hmac-1.1.1l-150400.7.10.5 added - libmount1-2.37.2-150400.8.3.1 added - libdw1-0.185-150400.5.3.1 added - libcrack2-2.9.7-11.6.1 added - cracklib-2.9.7-11.6.1 added - libldap-2_4-2-2.4.46-150200.14.11.2 added - libacl1-2.2.52-4.3.1 added - findutils-4.8.0-1.20 added - info-6.5-4.17 added - patterns-base-fips-20200124-150400.18.4 added - krb5-1.19.2-150400.1.9 added - coreutils-8.32-150400.7.5 added - libssh4-0.9.6-150400.1.5 added - sles-release-15.4-150400.55.1 added - sed-4.4-11.6 added - grep-3.1-150000.4.6.1 added - diffutils-3.6-4.3.1 added - libtirpc3-1.2.6-150300.3.14.1 added - libcurl4-7.79.1-150400.5.6.1 added - rpm-config-SUSE-1-150400.14.3.1 added - permissions-20201225-150400.5.11.1 added - libnsl2-1.2.0-2.44 added - rpm-ndb-4.14.3-150300.49.1 added - pam-1.3.0-150000.6.58.3 added - shadow-4.8.1-150400.8.57 added - sysuser-shadow-3.1-150400.1.35 added - system-group-hardware-20170617-150400.22.33 added - libutempter0-1.1.6-3.42 added - util-linux-2.37.2-150400.8.3.1 added - aaa_base-84.87+git20180409.04c9dae-150300.10.3.1 added - timezone-2022a-150000.75.10.1 added - container:sles15-image-15.0.0-27.14.5 updated From sle-updates at lists.suse.com Sun Oct 23 08:50:13 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 23 Oct 2022 10:50:13 +0200 (CEST) Subject: SUSE-CU-2022:2652-1: Security update of bci/rust Message-ID: <20221023085013.A705AF78D@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2652-1 Container Tags : bci/rust:1.60 , bci/rust:1.60-6.11 Container Release : 6.11 Severity : important Type : security References : 1121365 1180995 1182983 1190651 1190653 1190700 1190888 1191020 1193859 1198471 1198472 1199492 1201293 1202117 1202148 1202870 1203046 1203069 1204366 1204367 CVE-2022-40303 CVE-2022-40304 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2796-1 Released: Fri Aug 12 14:34:31 2022 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: This update for jitterentropy fixes the following issues: jitterentropy is included in version 3.4.0 (jsc#SLE-24941): This is a FIPS 140-3 / NIST 800-90b compliant userspace jitter entropy generator library, used by other FIPS libraries. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3328-1 Released: Wed Sep 21 12:48:56 2022 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: 1202870 This update for jitterentropy fixes the following issues: - Hide the non-GNUC constructs that are library internal from the exported header, to make it usable in builds with strict C99 compliance. (bsc#1202870) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3551-1 Released: Fri Oct 7 17:03:55 2022 Summary: Recommended update for libgcrypt Type: recommended Severity: moderate References: 1182983,1190700,1191020,1202117 This update for libgcrypt fixes the following issues: - FIPS: Fixed gpg/gpg2 gets out of core handler in FIPS mode while typing Tab key to Auto-Completion. [bsc#1182983] - FIPS: Ported libgcrypt to use jitterentropy [bsc#1202117, jsc#SLE-24941] * Enable the jitter based entropy generator by default in random.conf * Update the internal jitterentropy to version 3.4.0 - FIPS: Get most of the entropy from rndjent_poll [bsc#1202117] - FIPS: Check keylength in gcry_fips_indicator_kdf() [bsc#1190700] * Consider approved keylength greater or equal to 112 bits. - FIPS: Zeroize buffer and digest in check_binary_integrity() [bsc#1191020] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3555-1 Released: Mon Oct 10 14:05:12 2022 Summary: Recommended update for aaa_base Type: recommended Severity: important References: 1199492 This update for aaa_base fixes the following issues: - The wrapper rootsh is not a restricted shell. (bsc#1199492) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3663-1 Released: Wed Oct 19 19:05:21 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1121365,1180995,1190651,1190653,1190888,1193859,1198471,1198472,1201293,1202148,1203046,1203069 This update for openssl-1_1 fixes the following issues: - FIPS: Default to RFC-7919 groups for genparam and dhparam - FIPS: list only FIPS approved digest and public key algorithms [bsc#1121365, bsc#1190888, bsc#1193859, bsc#1198471, bsc#1198472] - FIPS: Add KAT for the RAND_DRBG implementation [bsc#1203069] - FIPS: openssl: RAND api should call into FIPS DRBG [bsc#1201293] * The FIPS_drbg implementation is not FIPS validated anymore. To provide backwards compatibility for applications that need FIPS compliant RNG number generation and use FIPS_drbg_generate, this function was re-wired to call the FIPS validated DRBG instance instead through the RAND_bytes() call. - FIPS: Fix minor memory leaks by FIPS patch [bsc#1203046] - FIPS: OpenSSL: Port openssl to use jitterentropy [bsc#1202148, jsc#SLE-24941] libcrypto.so now requires libjitterentropy3 library. - FIPS: OpenSSL Provide a service-level indicator [bsc#1190651] - FIPS: Add zeroization of temporary variables to the hmac integrity function FIPSCHECK_verify(). [bsc#1190653] ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3692-1 Released: Fri Oct 21 16:15:07 2022 Summary: Security update for libxml2 Type: security Severity: important References: 1204366,1204367,CVE-2022-40303,CVE-2022-40304 This update for libxml2 fixes the following issues: - CVE-2022-40303: Fixed integer overflows with XML_PARSE_HUGE (bsc#1204366). - CVE-2022-40304: Fixed dict corruption caused by entity reference cycles (bsc#1204367). The following package changes have been done: - file-magic-5.32-7.14.1 added - system-user-root-20190513-3.3.1 added - filesystem-15.0-11.8.1 added - cracklib-dict-small-2.9.7-11.6.1 added - libldap-data-2.4.46-150200.14.11.2 added - libtirpc-netconfig-1.2.6-150300.3.14.1 added - glibc-2.31-150300.41.1 added - libsasl2-3-2.1.27-150300.4.6.1 added - libcrypt1-4.4.15-150300.4.4.3 added - perl-base-5.26.1-150300.17.11.1 added - libssh-config-0.9.6-150400.1.5 added - libzstd1-1.5.0-150400.1.71 added - libsepol1-3.1-150400.1.70 added - liblz4-1-1.9.3-150400.1.7 added - libgpg-error0-1.42-150400.1.101 added - libeconf0-0.4.4+git20220104.962774f-150400.1.38 added - libcap2-2.63-150400.1.7 added - libbz2-1-1.0.8-150400.1.122 added - libaudit1-3.0.6-150400.2.13 added - libnghttp2-14-1.40.0-6.1 added - libbrotlicommon1-1.0.7-3.3.1 added - libbrotlidec1-1.0.7-3.3.1 added - libuuid1-2.37.2-150400.8.3.1 added - libsmartcols1-2.37.2-150400.8.3.1 added - libcom_err2-1.46.4-150400.3.3.1 added - libblkid1-2.37.2-150400.8.3.1 added - libgcrypt20-1.9.4-150400.6.5.1 added - libgcrypt20-hmac-1.9.4-150400.6.5.1 added - libfdisk1-2.37.2-150400.8.3.1 added - libcap-ng0-0.7.9-4.37 added - libunistring2-0.9.10-1.1 added - libz1-1.2.11-150000.3.33.1 added - libpcre1-8.45-150000.20.13.1 added - liblzma5-5.2.3-150000.4.7.1 added - liblua5_3-5-5.3.6-3.6.1 added - libkeyutils1-1.6.3-5.6.1 added - libjitterentropy3-3.4.0-150000.1.6.1 added - libgmp10-6.1.2-4.9.1 added - libgcc_s1-11.3.0+git1637-150000.1.11.2 added - libidn2-0-2.2.0-3.6.1 added - libmagic1-5.32-7.14.1 added - libstdc++6-11.3.0+git1637-150000.1.11.2 added - libpsl5-0.20.1-150000.3.3.1 added - libncurses6-6.1-150000.5.12.1 added - terminfo-base-6.1-150000.5.12.1 added - ncurses-utils-6.1-150000.5.12.1 added - libverto1-0.2.6-3.20 added - libpopt0-1.16-3.22 added - libattr1-2.4.47-2.19 added - fillup-1.42-2.18 added - libzio1-1.06-2.20 added - libselinux1-3.1-150400.1.69 added - libreadline7-7.0-150400.25.22 added - libsemanage1-3.1-150400.1.65 added - bash-4.4-150400.25.22 added - bash-sh-4.4-150400.25.22 added - login_defs-4.8.1-150400.8.57 added - cpio-2.13-150400.1.98 added - libelf1-0.185-150400.5.3.1 added - libxml2-2-2.9.14-150400.5.10.1 added - libsystemd0-249.12-150400.8.10.1 added - libopenssl1_1-1.1.1l-150400.7.10.5 added - libopenssl1_1-hmac-1.1.1l-150400.7.10.5 added - libmount1-2.37.2-150400.8.3.1 added - libdw1-0.185-150400.5.3.1 added - libcrack2-2.9.7-11.6.1 added - cracklib-2.9.7-11.6.1 added - libldap-2_4-2-2.4.46-150200.14.11.2 added - libacl1-2.2.52-4.3.1 added - findutils-4.8.0-1.20 added - info-6.5-4.17 added - patterns-base-fips-20200124-150400.18.4 added - krb5-1.19.2-150400.1.9 added - coreutils-8.32-150400.7.5 added - libssh4-0.9.6-150400.1.5 added - sles-release-15.4-150400.55.1 added - sed-4.4-11.6 added - grep-3.1-150000.4.6.1 added - diffutils-3.6-4.3.1 added - libtirpc3-1.2.6-150300.3.14.1 added - libcurl4-7.79.1-150400.5.6.1 added - rpm-config-SUSE-1-150400.14.3.1 added - permissions-20201225-150400.5.11.1 added - libnsl2-1.2.0-2.44 added - rpm-ndb-4.14.3-150300.49.1 added - pam-1.3.0-150000.6.58.3 added - shadow-4.8.1-150400.8.57 added - sysuser-shadow-3.1-150400.1.35 added - system-group-hardware-20170617-150400.22.33 added - libutempter0-1.1.6-3.42 added - util-linux-2.37.2-150400.8.3.1 added - aaa_base-84.87+git20180409.04c9dae-150300.10.3.1 added - timezone-2022a-150000.75.10.1 added - container:sles15-image-15.0.0-27.14.5 updated From sle-updates at lists.suse.com Sun Oct 23 08:51:20 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 23 Oct 2022 10:51:20 +0200 (CEST) Subject: SUSE-CU-2022:2653-1: Security update of bci/rust Message-ID: <20221023085120.5C138F78D@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2653-1 Container Tags : bci/rust:1.61 , bci/rust:1.61-7.11 Container Release : 7.11 Severity : important Type : security References : 1121365 1180995 1182983 1190651 1190653 1190700 1190888 1191020 1193859 1198471 1198472 1199492 1201293 1202117 1202148 1202870 1203046 1203069 1204366 1204367 CVE-2022-40303 CVE-2022-40304 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2796-1 Released: Fri Aug 12 14:34:31 2022 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: This update for jitterentropy fixes the following issues: jitterentropy is included in version 3.4.0 (jsc#SLE-24941): This is a FIPS 140-3 / NIST 800-90b compliant userspace jitter entropy generator library, used by other FIPS libraries. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3328-1 Released: Wed Sep 21 12:48:56 2022 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: 1202870 This update for jitterentropy fixes the following issues: - Hide the non-GNUC constructs that are library internal from the exported header, to make it usable in builds with strict C99 compliance. (bsc#1202870) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3551-1 Released: Fri Oct 7 17:03:55 2022 Summary: Recommended update for libgcrypt Type: recommended Severity: moderate References: 1182983,1190700,1191020,1202117 This update for libgcrypt fixes the following issues: - FIPS: Fixed gpg/gpg2 gets out of core handler in FIPS mode while typing Tab key to Auto-Completion. [bsc#1182983] - FIPS: Ported libgcrypt to use jitterentropy [bsc#1202117, jsc#SLE-24941] * Enable the jitter based entropy generator by default in random.conf * Update the internal jitterentropy to version 3.4.0 - FIPS: Get most of the entropy from rndjent_poll [bsc#1202117] - FIPS: Check keylength in gcry_fips_indicator_kdf() [bsc#1190700] * Consider approved keylength greater or equal to 112 bits. - FIPS: Zeroize buffer and digest in check_binary_integrity() [bsc#1191020] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3555-1 Released: Mon Oct 10 14:05:12 2022 Summary: Recommended update for aaa_base Type: recommended Severity: important References: 1199492 This update for aaa_base fixes the following issues: - The wrapper rootsh is not a restricted shell. (bsc#1199492) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3663-1 Released: Wed Oct 19 19:05:21 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1121365,1180995,1190651,1190653,1190888,1193859,1198471,1198472,1201293,1202148,1203046,1203069 This update for openssl-1_1 fixes the following issues: - FIPS: Default to RFC-7919 groups for genparam and dhparam - FIPS: list only FIPS approved digest and public key algorithms [bsc#1121365, bsc#1190888, bsc#1193859, bsc#1198471, bsc#1198472] - FIPS: Add KAT for the RAND_DRBG implementation [bsc#1203069] - FIPS: openssl: RAND api should call into FIPS DRBG [bsc#1201293] * The FIPS_drbg implementation is not FIPS validated anymore. To provide backwards compatibility for applications that need FIPS compliant RNG number generation and use FIPS_drbg_generate, this function was re-wired to call the FIPS validated DRBG instance instead through the RAND_bytes() call. - FIPS: Fix minor memory leaks by FIPS patch [bsc#1203046] - FIPS: OpenSSL: Port openssl to use jitterentropy [bsc#1202148, jsc#SLE-24941] libcrypto.so now requires libjitterentropy3 library. - FIPS: OpenSSL Provide a service-level indicator [bsc#1190651] - FIPS: Add zeroization of temporary variables to the hmac integrity function FIPSCHECK_verify(). [bsc#1190653] ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3692-1 Released: Fri Oct 21 16:15:07 2022 Summary: Security update for libxml2 Type: security Severity: important References: 1204366,1204367,CVE-2022-40303,CVE-2022-40304 This update for libxml2 fixes the following issues: - CVE-2022-40303: Fixed integer overflows with XML_PARSE_HUGE (bsc#1204366). - CVE-2022-40304: Fixed dict corruption caused by entity reference cycles (bsc#1204367). The following package changes have been done: - file-magic-5.32-7.14.1 added - system-user-root-20190513-3.3.1 added - filesystem-15.0-11.8.1 added - cracklib-dict-small-2.9.7-11.6.1 added - libldap-data-2.4.46-150200.14.11.2 added - libtirpc-netconfig-1.2.6-150300.3.14.1 added - glibc-2.31-150300.41.1 added - libsasl2-3-2.1.27-150300.4.6.1 added - libcrypt1-4.4.15-150300.4.4.3 added - perl-base-5.26.1-150300.17.11.1 added - libssh-config-0.9.6-150400.1.5 added - libzstd1-1.5.0-150400.1.71 added - libsepol1-3.1-150400.1.70 added - liblz4-1-1.9.3-150400.1.7 added - libgpg-error0-1.42-150400.1.101 added - libeconf0-0.4.4+git20220104.962774f-150400.1.38 added - libcap2-2.63-150400.1.7 added - libbz2-1-1.0.8-150400.1.122 added - libaudit1-3.0.6-150400.2.13 added - libnghttp2-14-1.40.0-6.1 added - libbrotlicommon1-1.0.7-3.3.1 added - libbrotlidec1-1.0.7-3.3.1 added - libuuid1-2.37.2-150400.8.3.1 added - libsmartcols1-2.37.2-150400.8.3.1 added - libcom_err2-1.46.4-150400.3.3.1 added - libblkid1-2.37.2-150400.8.3.1 added - libgcrypt20-1.9.4-150400.6.5.1 added - libgcrypt20-hmac-1.9.4-150400.6.5.1 added - libfdisk1-2.37.2-150400.8.3.1 added - libcap-ng0-0.7.9-4.37 added - libunistring2-0.9.10-1.1 added - libz1-1.2.11-150000.3.33.1 added - libpcre1-8.45-150000.20.13.1 added - liblzma5-5.2.3-150000.4.7.1 added - liblua5_3-5-5.3.6-3.6.1 added - libkeyutils1-1.6.3-5.6.1 added - libjitterentropy3-3.4.0-150000.1.6.1 added - libgmp10-6.1.2-4.9.1 added - libgcc_s1-11.3.0+git1637-150000.1.11.2 added - libidn2-0-2.2.0-3.6.1 added - libmagic1-5.32-7.14.1 added - libstdc++6-11.3.0+git1637-150000.1.11.2 added - libpsl5-0.20.1-150000.3.3.1 added - libncurses6-6.1-150000.5.12.1 added - terminfo-base-6.1-150000.5.12.1 added - ncurses-utils-6.1-150000.5.12.1 added - libverto1-0.2.6-3.20 added - libpopt0-1.16-3.22 added - libattr1-2.4.47-2.19 added - fillup-1.42-2.18 added - libzio1-1.06-2.20 added - libselinux1-3.1-150400.1.69 added - libreadline7-7.0-150400.25.22 added - libsemanage1-3.1-150400.1.65 added - bash-4.4-150400.25.22 added - bash-sh-4.4-150400.25.22 added - login_defs-4.8.1-150400.8.57 added - cpio-2.13-150400.1.98 added - libelf1-0.185-150400.5.3.1 added - libxml2-2-2.9.14-150400.5.10.1 added - libsystemd0-249.12-150400.8.10.1 added - libopenssl1_1-1.1.1l-150400.7.10.5 added - libopenssl1_1-hmac-1.1.1l-150400.7.10.5 added - libmount1-2.37.2-150400.8.3.1 added - libdw1-0.185-150400.5.3.1 added - libcrack2-2.9.7-11.6.1 added - cracklib-2.9.7-11.6.1 added - libldap-2_4-2-2.4.46-150200.14.11.2 added - libacl1-2.2.52-4.3.1 added - findutils-4.8.0-1.20 added - info-6.5-4.17 added - patterns-base-fips-20200124-150400.18.4 added - krb5-1.19.2-150400.1.9 added - coreutils-8.32-150400.7.5 added - libssh4-0.9.6-150400.1.5 added - sles-release-15.4-150400.55.1 added - sed-4.4-11.6 added - grep-3.1-150000.4.6.1 added - diffutils-3.6-4.3.1 added - libtirpc3-1.2.6-150300.3.14.1 added - libcurl4-7.79.1-150400.5.6.1 added - rpm-config-SUSE-1-150400.14.3.1 added - permissions-20201225-150400.5.11.1 added - libnsl2-1.2.0-2.44 added - rpm-ndb-4.14.3-150300.49.1 added - pam-1.3.0-150000.6.58.3 added - shadow-4.8.1-150400.8.57 added - sysuser-shadow-3.1-150400.1.35 added - system-group-hardware-20170617-150400.22.33 added - libutempter0-1.1.6-3.42 added - util-linux-2.37.2-150400.8.3.1 added - aaa_base-84.87+git20180409.04c9dae-150300.10.3.1 added - timezone-2022a-150000.75.10.1 added - container:sles15-image-15.0.0-27.14.5 updated From sle-updates at lists.suse.com Sun Oct 23 08:52:15 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 23 Oct 2022 10:52:15 +0200 (CEST) Subject: SUSE-CU-2022:2654-1: Security update of bci/rust Message-ID: <20221023085215.036BFF78D@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2654-1 Container Tags : bci/rust:1.62 , bci/rust:1.62-3.11 , bci/rust:latest Container Release : 3.11 Severity : important Type : security References : 1121365 1180995 1182983 1190651 1190653 1190700 1190888 1191020 1193859 1198471 1198472 1199492 1201293 1202117 1202148 1202870 1203046 1203069 1204366 1204367 CVE-2022-40303 CVE-2022-40304 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2796-1 Released: Fri Aug 12 14:34:31 2022 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: This update for jitterentropy fixes the following issues: jitterentropy is included in version 3.4.0 (jsc#SLE-24941): This is a FIPS 140-3 / NIST 800-90b compliant userspace jitter entropy generator library, used by other FIPS libraries. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3328-1 Released: Wed Sep 21 12:48:56 2022 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: 1202870 This update for jitterentropy fixes the following issues: - Hide the non-GNUC constructs that are library internal from the exported header, to make it usable in builds with strict C99 compliance. (bsc#1202870) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3551-1 Released: Fri Oct 7 17:03:55 2022 Summary: Recommended update for libgcrypt Type: recommended Severity: moderate References: 1182983,1190700,1191020,1202117 This update for libgcrypt fixes the following issues: - FIPS: Fixed gpg/gpg2 gets out of core handler in FIPS mode while typing Tab key to Auto-Completion. [bsc#1182983] - FIPS: Ported libgcrypt to use jitterentropy [bsc#1202117, jsc#SLE-24941] * Enable the jitter based entropy generator by default in random.conf * Update the internal jitterentropy to version 3.4.0 - FIPS: Get most of the entropy from rndjent_poll [bsc#1202117] - FIPS: Check keylength in gcry_fips_indicator_kdf() [bsc#1190700] * Consider approved keylength greater or equal to 112 bits. - FIPS: Zeroize buffer and digest in check_binary_integrity() [bsc#1191020] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3555-1 Released: Mon Oct 10 14:05:12 2022 Summary: Recommended update for aaa_base Type: recommended Severity: important References: 1199492 This update for aaa_base fixes the following issues: - The wrapper rootsh is not a restricted shell. (bsc#1199492) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3663-1 Released: Wed Oct 19 19:05:21 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1121365,1180995,1190651,1190653,1190888,1193859,1198471,1198472,1201293,1202148,1203046,1203069 This update for openssl-1_1 fixes the following issues: - FIPS: Default to RFC-7919 groups for genparam and dhparam - FIPS: list only FIPS approved digest and public key algorithms [bsc#1121365, bsc#1190888, bsc#1193859, bsc#1198471, bsc#1198472] - FIPS: Add KAT for the RAND_DRBG implementation [bsc#1203069] - FIPS: openssl: RAND api should call into FIPS DRBG [bsc#1201293] * The FIPS_drbg implementation is not FIPS validated anymore. To provide backwards compatibility for applications that need FIPS compliant RNG number generation and use FIPS_drbg_generate, this function was re-wired to call the FIPS validated DRBG instance instead through the RAND_bytes() call. - FIPS: Fix minor memory leaks by FIPS patch [bsc#1203046] - FIPS: OpenSSL: Port openssl to use jitterentropy [bsc#1202148, jsc#SLE-24941] libcrypto.so now requires libjitterentropy3 library. - FIPS: OpenSSL Provide a service-level indicator [bsc#1190651] - FIPS: Add zeroization of temporary variables to the hmac integrity function FIPSCHECK_verify(). [bsc#1190653] ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3692-1 Released: Fri Oct 21 16:15:07 2022 Summary: Security update for libxml2 Type: security Severity: important References: 1204366,1204367,CVE-2022-40303,CVE-2022-40304 This update for libxml2 fixes the following issues: - CVE-2022-40303: Fixed integer overflows with XML_PARSE_HUGE (bsc#1204366). - CVE-2022-40304: Fixed dict corruption caused by entity reference cycles (bsc#1204367). The following package changes have been done: - file-magic-5.32-7.14.1 added - system-user-root-20190513-3.3.1 added - filesystem-15.0-11.8.1 added - cracklib-dict-small-2.9.7-11.6.1 added - libldap-data-2.4.46-150200.14.11.2 added - libtirpc-netconfig-1.2.6-150300.3.14.1 added - glibc-2.31-150300.41.1 added - libsasl2-3-2.1.27-150300.4.6.1 added - libcrypt1-4.4.15-150300.4.4.3 added - perl-base-5.26.1-150300.17.11.1 added - libssh-config-0.9.6-150400.1.5 added - libzstd1-1.5.0-150400.1.71 added - libsepol1-3.1-150400.1.70 added - liblz4-1-1.9.3-150400.1.7 added - libgpg-error0-1.42-150400.1.101 added - libeconf0-0.4.4+git20220104.962774f-150400.1.38 added - libcap2-2.63-150400.1.7 added - libbz2-1-1.0.8-150400.1.122 added - libaudit1-3.0.6-150400.2.13 added - libnghttp2-14-1.40.0-6.1 added - libbrotlicommon1-1.0.7-3.3.1 added - libbrotlidec1-1.0.7-3.3.1 added - libuuid1-2.37.2-150400.8.3.1 added - libsmartcols1-2.37.2-150400.8.3.1 added - libcom_err2-1.46.4-150400.3.3.1 added - libblkid1-2.37.2-150400.8.3.1 added - libgcrypt20-1.9.4-150400.6.5.1 added - libgcrypt20-hmac-1.9.4-150400.6.5.1 added - libfdisk1-2.37.2-150400.8.3.1 added - libcap-ng0-0.7.9-4.37 added - libunistring2-0.9.10-1.1 added - libz1-1.2.11-150000.3.33.1 added - libpcre1-8.45-150000.20.13.1 added - liblzma5-5.2.3-150000.4.7.1 added - liblua5_3-5-5.3.6-3.6.1 added - libkeyutils1-1.6.3-5.6.1 added - libjitterentropy3-3.4.0-150000.1.6.1 added - libgmp10-6.1.2-4.9.1 added - libgcc_s1-11.3.0+git1637-150000.1.11.2 added - libidn2-0-2.2.0-3.6.1 added - libmagic1-5.32-7.14.1 added - libstdc++6-11.3.0+git1637-150000.1.11.2 added - libpsl5-0.20.1-150000.3.3.1 added - libncurses6-6.1-150000.5.12.1 added - terminfo-base-6.1-150000.5.12.1 added - ncurses-utils-6.1-150000.5.12.1 added - libverto1-0.2.6-3.20 added - libpopt0-1.16-3.22 added - libattr1-2.4.47-2.19 added - fillup-1.42-2.18 added - libzio1-1.06-2.20 added - libselinux1-3.1-150400.1.69 added - libreadline7-7.0-150400.25.22 added - libsemanage1-3.1-150400.1.65 added - bash-4.4-150400.25.22 added - bash-sh-4.4-150400.25.22 added - login_defs-4.8.1-150400.8.57 added - cpio-2.13-150400.1.98 added - libelf1-0.185-150400.5.3.1 added - libxml2-2-2.9.14-150400.5.10.1 added - libsystemd0-249.12-150400.8.10.1 added - libopenssl1_1-1.1.1l-150400.7.10.5 added - libopenssl1_1-hmac-1.1.1l-150400.7.10.5 added - libmount1-2.37.2-150400.8.3.1 added - libdw1-0.185-150400.5.3.1 added - libcrack2-2.9.7-11.6.1 added - cracklib-2.9.7-11.6.1 added - libldap-2_4-2-2.4.46-150200.14.11.2 added - libacl1-2.2.52-4.3.1 added - findutils-4.8.0-1.20 added - info-6.5-4.17 added - patterns-base-fips-20200124-150400.18.4 added - krb5-1.19.2-150400.1.9 added - coreutils-8.32-150400.7.5 added - libssh4-0.9.6-150400.1.5 added - sles-release-15.4-150400.55.1 added - sed-4.4-11.6 added - grep-3.1-150000.4.6.1 added - diffutils-3.6-4.3.1 added - libtirpc3-1.2.6-150300.3.14.1 added - libcurl4-7.79.1-150400.5.6.1 added - rpm-config-SUSE-1-150400.14.3.1 added - permissions-20201225-150400.5.11.1 added - libnsl2-1.2.0-2.44 added - rpm-ndb-4.14.3-150300.49.1 added - pam-1.3.0-150000.6.58.3 added - shadow-4.8.1-150400.8.57 added - sysuser-shadow-3.1-150400.1.35 added - system-group-hardware-20170617-150400.22.33 added - libutempter0-1.1.6-3.42 added - util-linux-2.37.2-150400.8.3.1 added - aaa_base-84.87+git20180409.04c9dae-150300.10.3.1 added - timezone-2022a-150000.75.10.1 added - container:sles15-image-15.0.0-27.14.5 updated From sle-updates at lists.suse.com Sun Oct 23 08:52:29 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 23 Oct 2022 10:52:29 +0200 (CEST) Subject: SUSE-CU-2022:2655-1: Security update of bci/rust Message-ID: <20221023085229.A9761F78D@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2655-1 Container Tags : bci/rust:1.63 , bci/rust:1.63-3.4 , bci/rust:latest Container Release : 3.4 Severity : important Type : security References : 1029961 1040589 1040589 1047178 1047218 1071321 1073299 1078466 1093392 1096974 1096984 1103320 1103320 1104700 1110304 1110700 1112310 1113013 1113554 1115640 1115929 1120402 1121365 1123043 1126117 1126118 1126119 1129576 1130557 1134524 1135709 1136717 1137373 1137624 1138793 1140016 1141059 1146705 1150451 1152692 1154036 1154037 1154661 1154884 1154887 1155271 1155327 1156913 1164562 1166260 1166510 1166510 1166881 1168345 1169512 1169582 1172055 1172396 1172442 1172973 1172974 1174551 1174593 1174736 1175448 1175449 1175519 1175811 1175825 1175830 1175831 1176123 1176201 1177460 1177460 1177460 1177460 1177460 1177460 1177858 1178346 1178350 1178353 1178727 1178775 1179416 1180020 1180083 1180125 1180138 1180596 1180603 1180603 1180995 1181011 1181358 1181443 1181658 1181805 1181831 1182604 1182983 1183094 1183543 1183545 1183659 1184358 1185299 1185540 1185562 1185637 1186049 1186642 1187654 1187670 1188127 1188548 1189996 1190052 1190447 1190651 1190653 1190700 1190793 1190824 1190888 1191020 1191157 1191736 1191987 1192688 1192717 1193282 1193489 1193711 1193859 1194265 1194265 1194708 1194968 1195059 1195157 1196036 1196093 1196275 1196406 1196490 1196647 1197004 1197024 1197178 1197459 1197570 1197771 1197794 1198062 1198176 1198341 1198446 1198471 1198472 1198627 1198720 1198731 1198732 1198752 1199132 1199166 1199232 1199240 1199492 1200170 1200550 1200734 1200735 1200736 1200737 1200747 1200800 1201099 1201276 1201293 1201385 1201680 1201795 1202117 1202148 1202175 1202310 1202593 1202870 1203018 1203046 1203069 1204366 1204367 953659 CVE-2017-6512 CVE-2018-10360 CVE-2018-17953 CVE-2018-19211 CVE-2018-25032 CVE-2019-12290 CVE-2019-17594 CVE-2019-17595 CVE-2019-18218 CVE-2019-18224 CVE-2019-20838 CVE-2019-5021 CVE-2019-6706 CVE-2019-8905 CVE-2019-8906 CVE-2019-8907 CVE-2020-11080 CVE-2020-11501 CVE-2020-14155 CVE-2020-24370 CVE-2020-24371 CVE-2020-8927 CVE-2021-20266 CVE-2021-20271 CVE-2021-3421 CVE-2021-39537 CVE-2021-43618 CVE-2021-46828 CVE-2022-1271 CVE-2022-1292 CVE-2022-1304 CVE-2022-1586 CVE-2022-2068 CVE-2022-2097 CVE-2022-23308 CVE-2022-24407 CVE-2022-29155 CVE-2022-29458 CVE-2022-29824 CVE-2022-31252 CVE-2022-32205 CVE-2022-32206 CVE-2022-32207 CVE-2022-32208 CVE-2022-35252 CVE-2022-37434 CVE-2022-40303 CVE-2022-40304 SLE-5807 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:1332-1 Released: Tue Jul 17 09:01:19 2018 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1073299,1093392 This update for timezone provides the following fixes: - North Korea switches back from +0830 to +09 on 2018-05-05. - Ireland's standard time is in the summer, with negative DST offset to standard time used in Winter. (bsc#1073299) - yast2-country is no longer setting TIMEZONE in /etc/sysconfig/clock and is calling systemd timedatectl instead. Do not set /etc/localtime on timezone package updates to avoid setting an incorrect timezone. (bsc#1093392) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:1999-1 Released: Tue Sep 25 08:20:35 2018 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1071321 This update for zlib provides the following fixes: - Speedup zlib on power8. (fate#325307) - Add safeguard against negative values in uInt. (bsc#1071321) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:2463-1 Released: Thu Oct 25 14:48:34 2018 Summary: Recommended update for timezone, timezone-java Type: recommended Severity: moderate References: 1104700,1112310 This update for timezone, timezone-java fixes the following issues: The timezone database was updated to 2018f: - Volgograd moves from +03 to +04 on 2018-10-28. - Fiji ends DST 2019-01-13, not 2019-01-20. - Most of Chile changes DST dates, effective 2019-04-06 (bsc#1104700) - Corrections to past timestamps of DST transitions - Use 'PST' and 'PDT' for Philippine time - minor code changes to zic handling of the TZif format - documentation updates Other bugfixes: - Fixed a zic problem with the 1948-1951 DST transition in Japan (bsc#1112310) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:2550-1 Released: Wed Oct 31 16:16:56 2018 Summary: Recommended update for timezone, timezone-java Type: recommended Severity: moderate References: 1113554 This update provides the latest time zone definitions (2018g), including the following change: - Morocco switched from +00/+01 to permanent +01 effective 2018-10-28 (bsc#1113554) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:2569-1 Released: Fri Nov 2 19:00:18 2018 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1110700 This update for pam fixes the following issues: - Remove limits for nproc from /etc/security/limits.conf (bsc#1110700) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2018:2825-1 Released: Mon Dec 3 15:35:02 2018 Summary: Security update for pam Type: security Severity: important References: 1115640,CVE-2018-17953 This update for pam fixes the following issue: Security issue fixed: - CVE-2018-17953: Fixed IP address and subnet handling of pam_access.so that was not honoured correctly when a single host was specified (bsc#1115640). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2018:2861-1 Released: Thu Dec 6 14:32:01 2018 Summary: Security update for ncurses Type: security Severity: important References: 1103320,1115929,CVE-2018-19211 This update for ncurses fixes the following issues: Security issue fixed: - CVE-2018-19211: Fixed denial of service issue that was triggered by a NULL pointer dereference at function _nc_parse_entry (bsc#1115929). Non-security issue fixed: - Remove scree.xterm from terminfo data base as with this screen uses fallback TERM=screen (bsc#1103320). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:44-1 Released: Tue Jan 8 13:07:32 2019 Summary: Recommended update for acl Type: recommended Severity: low References: 953659 This update for acl fixes the following issues: - test: Add helper library to fake passwd/group files. - quote: Escape literal backslashes. (bsc#953659) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:102-1 Released: Tue Jan 15 18:02:58 2019 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1120402 This update for timezone fixes the following issues: - Update 2018i: S?o Tom? and Pr?ncipe switches from +01 to +00 on 2019-01-01. (bsc#1120402) - Update 2018h: Qyzylorda, Kazakhstan moved from +06 to +05 on 2018-12-21 New zone Asia/Qostanay because Qostanay, Kazakhstan didn't move Metlakatla, Alaska observes PST this winter only Guess Morocco will continue to adjust clocks around Ramadan Add predictions for Iran from 2038 through 2090 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:247-1 Released: Wed Feb 6 07:18:45 2019 Summary: Security update for lua53 Type: security Severity: moderate References: 1123043,CVE-2019-6706 This update for lua53 fixes the following issues: Security issue fixed: - CVE-2019-6706: Fixed a use-after-free bug in the lua_upvaluejoin function of lapi.c (bsc#1123043) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:571-1 Released: Thu Mar 7 18:13:46 2019 Summary: Security update for file Type: security Severity: moderate References: 1096974,1096984,1126117,1126118,1126119,CVE-2018-10360,CVE-2019-8905,CVE-2019-8906,CVE-2019-8907 This update for file fixes the following issues: The following security vulnerabilities were addressed: - CVE-2018-10360: Fixed an out-of-bounds read in the function do_core_note in readelf.c, which allowed remote attackers to cause a denial of service (application crash) via a crafted ELF file (bsc#1096974) - CVE-2019-8905: Fixed a stack-based buffer over-read in do_core_note in readelf.c (bsc#1126118) - CVE-2019-8906: Fixed an out-of-bounds read in do_core_note in readelf. c (bsc#1126119) - CVE-2019-8907: Fixed a stack corruption in do_core_note in readelf.c (bsc#1126117) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:790-1 Released: Thu Mar 28 12:06:17 2019 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1130557 This update for timezone fixes the following issues: timezone was updated 2019a: * Palestine 'springs forward' on 2019-03-30 instead of 2019-03-23 * Metlakatla 'fell back' to rejoin Alaska Time on 2019-01-20 at 02:00 * Israel observed DST in 1980 (08-02/09-13) and 1984 (05-05/08-25) * zic now has an -r option to limit the time range of output data ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:1002-1 Released: Wed Apr 24 10:13:34 2019 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1110304,1129576 This update for zlib fixes the following issues: - Fixes a segmentation fault error (bsc#1110304, bsc#1129576) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:1368-1 Released: Tue May 28 13:15:38 2019 Summary: Recommended update for sles12sp3-docker-image, sles12sp4-image, system-user-root Type: security Severity: important References: 1134524,CVE-2019-5021 This update for sles12sp3-docker-image, sles12sp4-image, system-user-root fixes the following issues: - CVE-2019-5021: Include an invalidated root password by default, not an empty one (bsc#1134524) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:1631-1 Released: Fri Jun 21 11:17:21 2019 Summary: Recommended update for xz Type: recommended Severity: low References: 1135709 This update for xz fixes the following issues: Add SUSE-Public-Domain licence as some parts of xz utils (liblzma, xz, xzdec, lzmadec, documentation, translated messages, tests, debug, extra directory) are in public domain licence [bsc#1135709] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:1815-1 Released: Thu Jul 11 07:47:55 2019 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1140016 This update for timezone fixes the following issues: - Timezone update 2019b. (bsc#1140016): - Brazil no longer observes DST. - 'zic -b slim' outputs smaller TZif files. - Palestine's 2019 spring-forward transition was on 03-29, not 03-30. - Add info about the Crimea situation. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:2134-1 Released: Wed Aug 14 11:54:56 2019 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1136717,1137624,1141059,SLE-5807 This update for zlib fixes the following issues: - Update the s390 patchset. (bsc#1137624) - Tweak zlib-power8 to have type of crc32_vpmsum conform to usage. (bsc#1141059) - Use FAT LTO objects in order to provide proper static library. - Do not enable the previous patchset on s390 but just s390x. (bsc#1137624) - Add patchset for s390 improvements. (jsc#SLE-5807, bsc#1136717) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:2762-1 Released: Thu Oct 24 07:08:44 2019 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1150451 This update for timezone fixes the following issues: - Fiji observes DST from 2019-11-10 to 2020-01-12. - Norfolk Island starts observing Australian-style DST. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:2997-1 Released: Mon Nov 18 15:16:38 2019 Summary: Security update for ncurses Type: security Severity: moderate References: 1103320,1154036,1154037,CVE-2019-17594,CVE-2019-17595 This update for ncurses fixes the following issues: Security issues fixed: - CVE-2019-17594: Fixed a heap-based buffer over-read in the _nc_find_entry function (bsc#1154036). - CVE-2019-17595: Fixed a heap-based buffer over-read in the fmt_entry function (bsc#1154037). Non-security issue fixed: - Removed screen.xterm from terminfo database (bsc#1103320). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:3086-1 Released: Thu Nov 28 10:02:24 2019 Summary: Security update for libidn2 Type: security Severity: moderate References: 1154884,1154887,CVE-2019-12290,CVE-2019-18224 This update for libidn2 to version 2.2.0 fixes the following issues: - CVE-2019-12290: Fixed an improper round-trip check when converting A-labels to U-labels (bsc#1154884). - CVE-2019-18224: Fixed a heap-based buffer overflow that was caused by long domain strings (bsc#1154887). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:525-1 Released: Fri Feb 28 11:49:36 2020 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1164562 This update for pam fixes the following issues: - Add libdb as build-time dependency to enable pam_userdb module. Enable pam_userdb.so (jsc#sle-7258, bsc#1164562) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:689-1 Released: Fri Mar 13 17:09:01 2020 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1166510 This update for PAM fixes the following issue: - The license of libdb linked against pam_userdb is not always wanted, so we temporary disabled pam_userdb again. It will be published in a different package at a later time. (bsc#1166510) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:917-1 Released: Fri Apr 3 15:02:25 2020 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1166510 This update for pam fixes the following issues: - Moved pam_userdb into a separate package pam-extra. (bsc#1166510) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:948-1 Released: Wed Apr 8 07:44:21 2020 Summary: Security update for gmp, gnutls, libnettle Type: security Severity: moderate References: 1152692,1155327,1166881,1168345,CVE-2020-11501 This update for gmp, gnutls, libnettle fixes the following issues: Security issue fixed: - CVE-2020-11501: Fixed zero random value in DTLS client hello (bsc#1168345) FIPS related bugfixes: - FIPS: Install checksums for binary integrity verification which are required when running in FIPS mode (bsc#1152692, jsc#SLE-9518) - FIPS: Fixed a cfb8 decryption issue, no longer truncate output IV if input is shorter than block size. (bsc#1166881) - FIPS: Added Diffie Hellman public key verification test. (bsc#1155327) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:1294-1 Released: Mon May 18 07:38:36 2020 Summary: Security update for file Type: security Severity: moderate References: 1154661,1169512,CVE-2019-18218 This update for file fixes the following issues: Security issues fixed: - CVE-2019-18218: Fixed a heap-based buffer overflow in cdf_read_property_info() (bsc#1154661). Non-security issue fixed: - Fixed broken '--help' output (bsc#1169512). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1303-1 Released: Mon May 18 09:40:36 2020 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1169582 This update for timezone fixes the following issues: - timezone update 2020a. (bsc#1169582) * Morocco springs forward on 2020-05-31, not 2020-05-24. * Canada's Yukon advanced to -07 year-round on 2020-03-08. * America/Nuuk renamed from America/Godthab. * zic now supports expiration dates for leap second lists. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1328-1 Released: Mon May 18 17:16:04 2020 Summary: Recommended update for grep Type: recommended Severity: moderate References: 1155271 This update for grep fixes the following issues: - Update testsuite expectations, no functional changes (bsc#1155271) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1404-1 Released: Mon May 25 15:32:34 2020 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1138793,1166260 This update for zlib fixes the following issues: - Including the latest fixes from IBM (bsc#1166260) IBM Z mainframes starting from version z15 provide DFLTCC instruction, which implements deflate algorithm in hardware with estimated compression and decompression performance orders of magnitude faster than the current zlib and ratio comparable with that of level 1. - Add SUSE specific fix to solve bsc#1138793. The fix will avoid to test if the app was linked with exactly same version of zlib like the one that is present on the runtime. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1542-1 Released: Thu Jun 4 13:24:37 2020 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1172055 This update for timezone fixes the following issue: - zdump --version reported 'unknown' (bsc#1172055) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1954-1 Released: Sat Jul 18 03:07:15 2020 Summary: Recommended update for cracklib Type: recommended Severity: moderate References: 1172396 This update for cracklib fixes the following issues: - Fixed a buffer overflow when processing long words. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2083-1 Released: Thu Jul 30 10:27:59 2020 Summary: Recommended update for diffutils Type: recommended Severity: moderate References: 1156913 This update for diffutils fixes the following issue: - Disable a sporadically failing test for ppc64 and ppc64le builds. (bsc#1156913) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2420-1 Released: Tue Sep 1 13:48:35 2020 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1174551,1174736 This update for zlib provides the following fixes: - Permit a deflateParams() parameter change as soon as possible. (bsc#1174736) - Fix DFLTCC not flushing EOBS when creating raw streams. (bsc#1174551) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2651-1 Released: Wed Sep 16 14:42:55 2020 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1175811,1175830,1175831 This update for zlib fixes the following issues: - Fix compression level switching (bsc#1175811, bsc#1175830, bsc#1175831) - Enable hardware compression on s390/s390x (jsc#SLE-13776) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2983-1 Released: Wed Oct 21 15:03:03 2020 Summary: Recommended update for file Type: recommended Severity: moderate References: 1176123 This update for file fixes the following issues: - Fixes an issue when file displays broken 'ELF' interpreter. (bsc#1176123) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3099-1 Released: Thu Oct 29 19:33:41 2020 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: - timezone update 2020b (bsc#1177460) * Revised predictions for Morocco's changes starting in 2023. * Canada's Yukon changes to -07 on 2020-11-01, not 2020-03-08. * Macquarie Island has stayed in sync with Tasmania since 2011. * Casey, Antarctica is at +08 in winter and +11 in summer. * zic no longer supports -y, nor the TYPE field of Rules. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3123-1 Released: Tue Nov 3 09:48:13 2020 Summary: Recommended update for timezone Type: recommended Severity: important References: 1177460,1178346,1178350,1178353 This update for timezone fixes the following issues: - Generate 'fat' timezone files (was default before 2020b). (bsc#1178346, bsc#1178350, bsc#1178353) - Palestine ends DST earlier than predicted, on 2020-10-24. (bsc#1177460) - Fiji starts DST later than usual, on 2020-12-20. (bsc#1177460) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3462-1 Released: Fri Nov 20 13:14:35 2020 Summary: Recommended update for pam and sudo Type: recommended Severity: moderate References: 1174593,1177858,1178727 This update for pam and sudo fixes the following issue: pam: - pam_xauth: do not *free* a string which has been successfully passed to *putenv*. (bsc#1177858) - Initialize the local variable *daysleft* to avoid a misleading warning for password expire days. (bsc#1178727) - Run /usr/bin/xauth using the old user's and group's identifiers. (bsc#1174593) sudo: - Fix a problem with pam_xauth which checks effective and real uids to get the real identity of the user. (bsc#1174593) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3620-1 Released: Thu Dec 3 17:03:55 2020 Summary: Recommended update for pam Type: recommended Severity: moderate References: This update for pam fixes the following issues: - Check if the password is part of the username. (jsc#SLE-16719, jsc#SLE-16720) - Check whether the password contains a substring of of the user's name of at least `` characters length in some form. This is enabled by the new parameter `usersubstr=` ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3942-1 Released: Tue Dec 29 12:22:01 2020 Summary: Recommended update for libidn2 Type: recommended Severity: moderate References: 1180138 This update for libidn2 fixes the following issues: - The library is actually dual licensed, GPL-2.0-or-later or LGPL-3.0-or-later, adjusted the RPM license tags (bsc#1180138) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:179-1 Released: Wed Jan 20 13:38:51 2021 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: - timezone update 2020f (bsc#1177460) * 'make rearguard_tarballs' no longer generates a bad rearguard.zi, fixing a 2020e bug. - timezone update 2020e (bsc#1177460) * Volgograd switches to Moscow time on 2020-12-27 at 02:00. - timezone update 2020f (bsc#1177460) * 'make rearguard_tarballs' no longer generates a bad rearguard.zi, fixing a 2020e bug. - timezone update 2020e (bsc#1177460) * Volgograd switches to Moscow time on 2020-12-27 at 02:00. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:220-1 Released: Tue Jan 26 14:00:51 2021 Summary: Recommended update for keyutils Type: recommended Severity: moderate References: 1180603 This update for keyutils fixes the following issues: - Adjust the library license to be LPGL-2.1+ only (the tools are GPL2+, the library is just LGPL-2.1+) (bsc#1180603) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:293-1 Released: Wed Feb 3 12:52:34 2021 Summary: Recommended update for gmp Type: recommended Severity: moderate References: 1180603 This update for gmp fixes the following issues: - correct license statements of packages (library itself is no GPL-3.0) (bsc#1180603) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:301-1 Released: Thu Feb 4 08:46:27 2021 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: - timezone update 2021a (bsc#1177460) * South Sudan changes from +03 to +02 on 2021-02-01 at 00:00. - timezone update 2021a (bsc#1177460) * South Sudan changes from +03 to +02 on 2021-02-01 at 00:00. ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:339-1 Released: Mon Feb 8 13:16:07 2021 Summary: Optional update for pam Type: optional Severity: low References: This update for pam fixes the following issues: - Added rpm macros for this package, so that other packages can make use of it This patch is optional to be installed - it doesn't fix any bugs. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:786-1 Released: Mon Mar 15 11:19:23 2021 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1176201 This update for zlib fixes the following issues: - Fixed hw compression on z15 (bsc#1176201) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:924-1 Released: Tue Mar 23 10:00:49 2021 Summary: Recommended update for filesystem Type: recommended Severity: moderate References: 1078466,1146705,1175519,1178775,1180020,1180083,1180596,1181011,1181831,1183094 This update for filesystem the following issues: - Remove duplicate line due to merge error - Add fix for 'mesa' creating cache with perm 0700. (bsc#1181011) - Fixed an issue causing failure during installation/upgrade a failure. (rh#1548403) (bsc#1146705) - Allows to override config to add cleanup options of '/var/tmp'. (bsc#1078466) - Create config to cleanup '/tmp' regular required with 'tmpfs'. (bsc#1175519) This update for systemd fixes the following issues: - Fix for a possible memory leak. (bsc#1180020) - Fix for a case when to a bind mounted directory results inactive mount units. (#7811) (bsc#1180596) - Fixed an issue when starting a container conflicts with another one. (bsc#1178775) - Drop most of the tmpfiles that deal with generic paths and avoid warnings. (bsc#1078466, bsc#1181831) - Don't use shell redirections when calling a rpm macro. (bsc#1183094) - 'systemd' requires 'aaa_base' >= 13.2. (bsc#1180083) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:930-1 Released: Wed Mar 24 12:09:23 2021 Summary: Security update for nghttp2 Type: security Severity: important References: 1172442,1181358,CVE-2020-11080 This update for nghttp2 fixes the following issues: - CVE-2020-11080: HTTP/2 Large Settings Frame DoS (bsc#1181358) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1643-1 Released: Wed May 19 13:51:48 2021 Summary: Recommended update for pam Type: recommended Severity: important References: 1181443,1184358,1185562 This update for pam fixes the following issues: - Fixed a bug, where the 'unlimited'/'-1' value was not interpreted correctly (bsc#1181443) - Fixed a bug, where pam_access interpreted the keyword 'LOCAL' incorrectly, leading to an attempt to resolve it as a hostname (bsc#1184358) - In the 32-bit compatibility package for 64-bit architectures, require 'systemd-32bit' to be also installed as it contains pam_systemd.so for 32 bit applications. (bsc#1185562) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1937-1 Released: Thu Jun 10 10:47:09 2021 Summary: Recommended update for nghttp2 Type: recommended Severity: moderate References: 1186642 This update for nghttp2 fixes the following issue: - The (lib)nghttp2 packages had a lower release number in SUSE Linux Enterprise 15 sp2 and sp3 than in 15 sp1, which could lead to migration issues. (bsc#1186642) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2173-1 Released: Mon Jun 28 14:59:45 2021 Summary: Recommended update for automake Type: recommended Severity: moderate References: 1040589,1047218,1182604,1185540,1186049 This update for automake fixes the following issues: - Implement generated autoconf makefiles reproducible (bsc#1182604) - Add fix to avoid date variations in docs. (bsc#1047218, jsc#SLE-17848) - Avoid bashisms in test-driver script. (bsc#1185540) This update for pcre fixes the following issues: - Do not run profiling 'check' in parallel to make package build reproducible. (bsc#1040589) This update for brp-check-suse fixes the following issues: - Add fixes to support reproducible builds. (bsc#1186049) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2196-1 Released: Tue Jun 29 09:41:39 2021 Summary: Security update for lua53 Type: security Severity: moderate References: 1175448,1175449,CVE-2020-24370,CVE-2020-24371 This update for lua53 fixes the following issues: Update to version 5.3.6: - CVE-2020-24371: lgc.c mishandles the interaction between barriers and the sweep phase, leading to a memory access violation involving collectgarbage (bsc#1175449) - CVE-2020-24370: ldebug.c allows a negation overflow and segmentation fault in getlocal and setlocal (bsc#1175448) - Long brackets with a huge number of '=' overflow some internal buffer arithmetic. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2573-1 Released: Thu Jul 29 14:21:52 2021 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1188127 This update for timezone fixes the following issue: - From systemd v249: when enumerating time zones the timedatectl tool will now consult the 'tzdata.zi' file shipped by the IANA time zone database package, in addition to 'zone1970.tab', as before. This makes sure time zone aliases are now correctly supported. This update adds the 'tzdata.zi' file (bsc#1188127). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2682-1 Released: Thu Aug 12 20:06:19 2021 Summary: Security update for rpm Type: security Severity: important References: 1179416,1181805,1183543,1183545,CVE-2021-20266,CVE-2021-20271,CVE-2021-3421 This update for rpm fixes the following issues: - Changed default package verification level to 'none' to be compatible to rpm-4.14.1 - Made illegal obsoletes a warning - Fixed a potential access of freed mem in ndb's glue code (bsc#1179416) - Added support for enforcing signature policy and payload verification step to transactions (jsc#SLE-17817) - Added :humansi and :hmaniec query formatters for human readable output - Added query selectors for whatobsoletes and whatconflicts - Added support for sorting caret higher than base version - rpm does no longer require the signature header to be in a contiguous region when signing (bsc#1181805) Security fixes: - CVE-2021-3421: A flaw was found in the RPM package in the read functionality. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package or compromise an RPM repository, to cause RPM database corruption. The highest threat from this vulnerability is to data integrity (bsc#1183543) - CVE-2021-20271: A flaw was found in RPM's signature check functionality when reading a package file. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package, whose signature header was modified, to cause RPM database corruption and execute code. The highest threat from this vulnerability is to data integrity, confidentiality, and system availability (bsc#1183545) - CVE-2021-20266: A flaw was found in RPM's hdrblobInit() in lib/header.c. This flaw allows an attacker who can modify the rpmdb to cause an out-of-bounds read. The highest threat from this vulnerability is to system availability. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3182-1 Released: Tue Sep 21 17:04:26 2021 Summary: Recommended update for file Type: recommended Severity: moderate References: 1189996 This update for file fixes the following issues: - Fixes exception thrown by memory allocation problem (bsc#1189996) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3445-1 Released: Fri Oct 15 09:03:39 2021 Summary: Security update for rpm Type: security Severity: important References: 1183659,1185299,1187670,1188548 This update for rpm fixes the following issues: Security issues fixed: - PGP hardening changes (bsc#1185299) Maintaince issues fixed: - Fixed zstd detection (bsc#1187670) - Added ndb rofs support (bsc#1188548) - Fixed deadlock when multiple rpm processes try tp acquire the database lock (bsc#1183659) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3490-1 Released: Wed Oct 20 16:31:55 2021 Summary: Security update for ncurses Type: security Severity: moderate References: 1190793,CVE-2021-39537 This update for ncurses fixes the following issues: - CVE-2021-39537: Fixed an heap-based buffer overflow in _nc_captoinfo. (bsc#1190793) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3494-1 Released: Wed Oct 20 16:48:46 2021 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1190052 This update for pam fixes the following issues: - Added pam_faillock to the set of available PAM modules. (jsc#SLE-20638) - Added new file macros.pam on request of systemd. (bsc#1190052) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3510-1 Released: Tue Oct 26 11:22:15 2021 Summary: Recommended update for pam Type: recommended Severity: important References: 1191987 This update for pam fixes the following issues: - Fixed a bad directive file which resulted in the 'securetty' file to be installed as 'macros.pam'. (bsc#1191987) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3529-1 Released: Wed Oct 27 09:23:32 2021 Summary: Security update for pcre Type: security Severity: moderate References: 1172973,1172974,CVE-2019-20838,CVE-2020-14155 This update for pcre fixes the following issues: Update pcre to version 8.45: - CVE-2020-14155: Fixed integer overflow via a large number after a '(?C' substring (bsc#1172974). - CVE-2019-20838: Fixed buffer over-read in JIT compiler (bsc#1172973) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3872-1 Released: Thu Dec 2 07:25:55 2021 Summary: Recommended update for cracklib Type: recommended Severity: moderate References: 1191736 This update for cracklib fixes the following issues: - Enable build time tests (bsc#1191736) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3883-1 Released: Thu Dec 2 11:47:07 2021 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: Update timezone to 2021e (bsc#1177460) - Palestine will fall back 10-29 (not 10-30) at 01:00 - Fiji suspends DST for the 2021/2022 season - 'zic -r' marks unspecified timestamps with '-00' - Fix a bug in 'zic -b fat' that caused old timestamps to be mishandled in 32-bit-only readers - Refresh timezone info for china ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3891-1 Released: Fri Dec 3 10:21:49 2021 Summary: Recommended update for keyutils Type: recommended Severity: moderate References: 1029961,1113013,1187654 This update for keyutils fixes the following issues: - Add /etc/keys/ and /usr/etc/keys/ directory (bsc#1187654) keyutils was updated to 1.6.3 (jsc#SLE-20016): * Revert the change notifications that were using /dev/watch_queue. * Apply the change notifications that use pipe2(O_NOTIFICATION_PIPE). * Allow 'keyctl supports' to retrieve raw capability data. * Allow 'keyctl id' to turn a symbolic key ID into a numeric ID. * Allow 'keyctl new_session' to name the keyring. * Allow 'keyctl add/padd/etc.' to take hex-encoded data. * Add 'keyctl watch*' to expose kernel change notifications on keys. * Add caps for namespacing and notifications. * Set a default TTL on keys that upcall for name resolution. * Explicitly clear memory after it's held sensitive information. * Various manual page fixes. * Fix C++-related errors. * Add support for keyctl_move(). * Add support for keyctl_capabilities(). * Make key=val list optional for various public-key ops. * Fix system call signature for KEYCTL_PKEY_QUERY. * Fix 'keyctl pkey_query' argument passing. * Use keyctl_read_alloc() in dump_key_tree_aux(). * Various manual page fixes. Updated to 1.6: * Apply various specfile cleanups from Fedora. * request-key: Provide a command line option to suppress helper execution. * request-key: Find least-wildcard match rather than first match. * Remove the dependency on MIT Kerberos. * Fix some error messages * keyctl_dh_compute.3: Suggest /proc/crypto for list of available hashes. * Fix doc and comment typos. * Add public key ops for encrypt, decrypt, sign and verify (needs linux-4.20). * Add pkg-config support for finding libkeyutils. * upstream isn't offering PGP signatures for the source tarballs anymore Updated to 1.5.11 (bsc#1113013) * Add keyring restriction support. * Add KDF support to the Diffie-Helman function. * DNS: Add support for AFS config files and SRV records ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3942-1 Released: Mon Dec 6 14:46:05 2021 Summary: Security update for brotli Type: security Severity: moderate References: 1175825,CVE-2020-8927 This update for brotli fixes the following issues: - CVE-2020-8927: Fixed integer overflow when input chunk is larger than 2GiB (bsc#1175825). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3946-1 Released: Mon Dec 6 14:57:42 2021 Summary: Security update for gmp Type: security Severity: moderate References: 1192717,CVE-2021-43618 This update for gmp fixes the following issues: - CVE-2021-43618: Fixed buffer overflow via crafted input in mpz/inp_raw.c (bsc#1192717). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:4182-1 Released: Thu Dec 23 11:51:51 2021 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1192688 This update for zlib fixes the following issues: - Fix hardware compression incorrect result on z15 hardware (bsc#1192688) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:96-1 Released: Tue Jan 18 05:14:44 2022 Summary: Recommended update for rpm Type: recommended Severity: important References: 1180125,1190824,1193711 This update for rpm fixes the following issues: - Fix header check so that old rpms no longer get rejected (bsc#1190824) - Add explicit requirement on python-rpm-macros (bsc#1180125, bsc#1193711) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:383-1 Released: Tue Feb 15 17:47:36 2022 Summary: Recommended update for cyrus-sasl Type: recommended Severity: moderate References: 1194265 This update for cyrus-sasl fixes the following issues: - Fixed an issue when in postfix 'sasl' authentication with password fails. (bsc#1194265) - Add config parameter '--with-dblib=gdbm' - Avoid converting of '/etc/sasldb2 by every update. Convert '/etc/sasldb2' only if it is a Berkeley DB. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:520-1 Released: Fri Feb 18 12:45:19 2022 Summary: Recommended update for rpm Type: recommended Severity: moderate References: 1194968 This update for rpm fixes the following issues: - Revert unwanted /usr/bin/python to /usr/bin/python2 change we got with the update to 4.14.3 (bsc#1194968) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:692-1 Released: Thu Mar 3 15:46:47 2022 Summary: Recommended update for filesystem Type: recommended Severity: moderate References: 1190447 This update for filesystem fixes the following issues: - Release ported filesystem to LTSS channels (bsc#1190447). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:743-1 Released: Mon Mar 7 22:08:12 2022 Summary: Security update for cyrus-sasl Type: security Severity: important References: 1194265,1196036,CVE-2022-24407 This update for cyrus-sasl fixes the following issues: - CVE-2022-24407: Fixed SQL injection in sql_auxprop_store in plugins/sql.c (bsc#1196036). The following non-security bugs were fixed: - postfix: sasl authentication with password fails (bsc#1194265). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:936-1 Released: Tue Mar 22 18:10:17 2022 Summary: Recommended update for filesystem and systemd-rpm-macros Type: recommended Severity: moderate References: 1196275,1196406 This update for filesystem and systemd-rpm-macros fixes the following issues: filesystem: - Add path /lib/modprobe.d (bsc#1196275, jsc#SLE-20639) systemd-rpm-macros: - Make %_modprobedir point to /lib/modprobe.d (bsc#1196275, bsc#1196406) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1047-1 Released: Wed Mar 30 16:20:56 2022 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1196093,1197024 This update for pam fixes the following issues: - Define _pam_vendordir as the variable is needed by systemd and others. (bsc#1196093) - Between allocating the variable 'ai' and free'ing them, there are two 'return NO' were we don't free this variable. This patch inserts freaddrinfo() calls before the 'return NO;'s. (bsc#1197024) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1061-1 Released: Wed Mar 30 18:27:06 2022 Summary: Security update for zlib Type: security Severity: important References: 1197459,CVE-2018-25032 This update for zlib fixes the following issues: - CVE-2018-25032: Fixed memory corruption on deflate (bsc#1197459). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1118-1 Released: Tue Apr 5 18:34:06 2022 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: - timezone update 2022a (bsc#1177460): * Palestine will spring forward on 2022-03-27, not on 03-26 * `zdump -v` now outputs better failure indications * Bug fixes for code that reads corrupted TZif data ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1158-1 Released: Tue Apr 12 14:44:43 2022 Summary: Security update for xz Type: security Severity: important References: 1198062,CVE-2022-1271 This update for xz fixes the following issues: - CVE-2022-1271: Fixed an incorrect escaping of malicious filenames (ZDI-CAN-16587). (bsc#1198062) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1281-1 Released: Wed Apr 20 12:26:38 2022 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1196647 This update for libtirpc fixes the following issues: - Add option to enforce connection via protocol version 2 first (bsc#1196647) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1374-1 Released: Mon Apr 25 15:02:13 2022 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1191157,1197004 This update for openldap2 fixes the following issues: - allow specification of max/min TLS version with TLS1.3 (bsc#1191157) - libldap was able to be out of step with openldap in some cases which could cause incorrect installations and symbol resolution failures. openldap2 and libldap now are locked to their related release versions. (bsc#1197004) - restore CLDAP functionality in CLI tools (jsc#PM-3288) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1451-1 Released: Thu Apr 28 10:47:22 2022 Summary: Recommended update for perl Type: recommended Severity: moderate References: 1193489 This update for perl fixes the following issues: - Fix Socket::VERSION evaluation and stabilize Socket:VERSION comparisons (bsc#1193489) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1655-1 Released: Fri May 13 15:36:10 2022 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1197794 This update for pam fixes the following issue: - Do not include obsolete header files (bsc#1197794) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1658-1 Released: Fri May 13 15:40:20 2022 Summary: Recommended update for libpsl Type: recommended Severity: important References: 1197771 This update for libpsl fixes the following issues: - Fix libpsl compilation issues (bsc#1197771) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1670-1 Released: Mon May 16 10:06:30 2022 Summary: Security update for openldap2 Type: security Severity: important References: 1199240,CVE-2022-29155 This update for openldap2 fixes the following issues: - CVE-2022-29155: Fixed SQL injection in back-sql (bsc#1199240). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1718-1 Released: Tue May 17 17:44:43 2022 Summary: Security update for e2fsprogs Type: security Severity: important References: 1198446,CVE-2022-1304 This update for e2fsprogs fixes the following issues: - CVE-2022-1304: Fixed out-of-bounds read/write leading to segmentation fault and possibly arbitrary code execution. (bsc#1198446) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1887-1 Released: Tue May 31 09:24:18 2022 Summary: Recommended update for grep Type: recommended Severity: moderate References: 1040589 This update for grep fixes the following issues: - Make profiling deterministic. (bsc#1040589, SLE-24115) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1899-1 Released: Wed Jun 1 10:43:22 2022 Summary: Recommended update for libtirpc Type: recommended Severity: important References: 1198176 This update for libtirpc fixes the following issues: - Add a check for nullpointer in check_address to prevent client from crashing (bsc#1198176) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2305-1 Released: Wed Jul 6 13:38:42 2022 Summary: Security update for curl Type: security Severity: important References: 1200734,1200735,1200736,1200737,CVE-2022-32205,CVE-2022-32206,CVE-2022-32207,CVE-2022-32208 This update for curl fixes the following issues: - CVE-2022-32205: Set-Cookie denial of service (bsc#1200734) - CVE-2022-32206: HTTP compression denial of service (bsc#1200735) - CVE-2022-32207: Unpreserved file permissions (bsc#1200736) - CVE-2022-32208: FTP-KRB bad message verification (bsc#1200737) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2308-1 Released: Wed Jul 6 14:15:13 2022 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1185637,1199166,1200550,1201099,CVE-2022-1292,CVE-2022-2068,CVE-2022-2097 This update for openssl-1_1 fixes the following issues: - CVE-2022-1292: Fixed command injection in c_rehash (bsc#1199166). - CVE-2022-2068: Fixed more shell code injection issues in c_rehash. (bsc#1200550) - CVE-2022-2097: Fixed partial missing encryption in AES OCB mode (bsc#1201099). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2361-1 Released: Tue Jul 12 12:05:01 2022 Summary: Security update for pcre Type: security Severity: important References: 1199232,CVE-2022-1586 This update for pcre fixes the following issues: - CVE-2022-1586: Fixed unicode property matching issue. (bsc#1199232) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2469-1 Released: Thu Jul 21 04:38:31 2022 Summary: Recommended update for systemd Type: recommended Severity: important References: 1137373,1181658,1194708,1195157,1197570,1198732,1200170,1201276 This update for systemd fixes the following issues: - Make {/etc,/usr/lib}/systemd/network owned by both udev and systemd-network. The configuration files put in these directories are read by both udevd and systemd-networkd (bsc#1201276) - Allow control characters in environment variable values (bsc#1200170) - Fix issues with multipath setup (bsc#1137373, bsc#1181658, bsc#1194708, bsc#1195157, bsc#1197570) - Fix parsing error in s390 udev rules conversion script (bsc#1198732) - core/device: device_coldplug(): don't set DEVICE_DEAD - core/device: do not downgrade device state if it is already enumerated - core/device: drop unnecessary condition ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2493-1 Released: Thu Jul 21 14:35:08 2022 Summary: Recommended update for rpm-config-SUSE Type: recommended Severity: moderate References: 1193282 This update for rpm-config-SUSE fixes the following issues: - Add SBAT values macros for other packages (bsc#1193282) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2552-1 Released: Tue Jul 26 14:55:40 2022 Summary: Security update for libxml2 Type: security Severity: important References: 1196490,1199132,CVE-2022-23308,CVE-2022-29824 This update for libxml2 fixes the following issues: Update to 2.9.14: - CVE-2022-29824: Fixed integer overflow that could have led to an out-of-bounds write in buf.c (xmlBuf*) and tree.c (xmlBuffer*) (bsc#1199132). Update to version 2.9.13: - CVE-2022-23308: Fixed a use-after-free of ID and IDREF attributes. (bsc#1196490) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2632-1 Released: Wed Aug 3 09:51:00 2022 Summary: Security update for permissions Type: security Severity: important References: 1198720,1200747,1201385 This update for permissions fixes the following issues: * apptainer: fix starter-suid location (bsc#1198720) * static permissions: remove deprecated bind / named chroot entries (bsc#1200747) * postfix: add postlog setgid for maildrop binary (bsc#1201385) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2717-1 Released: Tue Aug 9 12:54:16 2022 Summary: Security update for ncurses Type: security Severity: moderate References: 1198627,CVE-2022-29458 This update for ncurses fixes the following issues: - CVE-2022-29458: Fixed segfaulting out-of-bounds read in convert_strings in tinfo/read_entry.c (bsc#1198627). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2796-1 Released: Fri Aug 12 14:34:31 2022 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: This update for jitterentropy fixes the following issues: jitterentropy is included in version 3.4.0 (jsc#SLE-24941): This is a FIPS 140-3 / NIST 800-90b compliant userspace jitter entropy generator library, used by other FIPS libraries. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2901-1 Released: Fri Aug 26 03:34:23 2022 Summary: Recommended update for elfutils Type: recommended Severity: moderate References: This update for elfutils fixes the following issues: - Fix runtime dependency for devel package ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2904-1 Released: Fri Aug 26 05:28:34 2022 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1198341 This update for openldap2 fixes the following issues: - Prevent memory reuse which may lead to instability (bsc#1198341) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2920-1 Released: Fri Aug 26 15:17:02 2022 Summary: Recommended update for systemd Type: recommended Severity: important References: 1195059,1201795 This update for systemd fixes the following issues: - Don't replace /etc/systemd/system/tmp.mount symlink with a dangling one pointing to /usr/lib/systemd/ (bsc#1201795) - Drop or soften some of the deprecation warnings (jsc#PED-944) - Ensure root user can login even if systemd-user-sessions.service is not activated yet (bsc#1195059) - Avoid applying presets to any services shipped by the experimental sub-package, as they aren't enabled by default - analyze: Fix offline check for syscal filter - calendarspec: Fix timer skipping the next elapse - core: Allow command argument to be longer - hwdb: Add AV production controllers to hwdb and add uaccess - hwdb: Allow console users access to rfkill - hwdb: Allow end-users root-less access to TL866 EPROM readers - hwdb: Permit unsetting power/persist for USB devices - hwdb: Tag IR cameras as such - hwdb: Fix parsing issue - hwdb: Make usb match patterns uppercase - hwdb: Update the hardware database - journal-file: Stop using the event loop if it's already shutting down - journal-remote: Disable `--trust` option when gnutls is disabled and check_permission() should not be called - journald: Ensure resources are properly allocated for SIGTERM handling - kernel-install: Ensure modules.builtin.alias.bin is removed when no longer needed - macro: Account for negative values in DECIMAL_STR_WIDTH() - manager: Disallow clone3() function call in seccomp filters - missing-syscall: Define MOVE_MOUNT_T_EMPTY_PATH if missing - pid1,cgroup-show: Prevent failure if cgroup.procs in some subcgroups is not readable - resolve: Fix typo in dns_class_is_pseudo() - sd-event: Improve handling of process events and termination of processes - sd-ipv4acd: Fix ARP packet conflicts occurring when sender hardware is one of the host's interfaces - stdio-bridge: Improve the meaning of the error message - tmpfiles: Check for the correct directory ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2929-1 Released: Mon Aug 29 11:21:47 2022 Summary: Recommended update for timezone Type: recommended Severity: important References: 1202310 This update for timezone fixes the following issue: - Reflect new Chile DST change (bsc#1202310) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2947-1 Released: Wed Aug 31 09:16:21 2022 Summary: Security update for zlib Type: security Severity: important References: 1202175,CVE-2022-37434 This update for zlib fixes the following issues: - CVE-2022-37434: Fixed heap-based buffer over-read or buffer overflow via large gzip header extra field (bsc#1202175). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2977-1 Released: Thu Sep 1 12:30:19 2022 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1197178,1198731 This update for util-linux fixes the following issues: - agetty: Resolve tty name even if stdin is specified (bsc#1197178) - libmount: When moving a mount point, update all sub mount entries in utab (bsc#1198731) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3003-1 Released: Fri Sep 2 15:01:44 2022 Summary: Security update for curl Type: security Severity: low References: 1202593,CVE-2022-35252 This update for curl fixes the following issues: - CVE-2022-35252: Fixed a potential injection of control characters into cookies, which could be exploited by sister sites to cause a denial of service (bsc#1202593). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3127-1 Released: Wed Sep 7 04:36:10 2022 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1198752,1200800 This update for libtirpc fixes the following issues: - Exclude ipv6 addresses in client protocol version 2 code (bsc#1200800) - Fix memory leak in params.r_addr assignement (bsc#1198752) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3215-1 Released: Thu Sep 8 15:58:27 2022 Summary: Recommended update for rpm Type: recommended Severity: moderate References: This update for rpm fixes the following issues: - Support Ed25519 RPM signatures [jsc#SLE-24714] ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3271-1 Released: Wed Sep 14 06:45:39 2022 Summary: Security update for perl Type: security Severity: moderate References: 1047178,CVE-2017-6512 This update for perl fixes the following issues: - CVE-2017-6512: Fixed File::Path rmtree/remove_tree race condition (bsc#1047178). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3305-1 Released: Mon Sep 19 11:45:57 2022 Summary: Security update for libtirpc Type: security Severity: important References: 1201680,CVE-2021-46828 This update for libtirpc fixes the following issues: - CVE-2021-46828: Fixed denial of service vulnerability with lots of connections (bsc#1201680). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3328-1 Released: Wed Sep 21 12:48:56 2022 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: 1202870 This update for jitterentropy fixes the following issues: - Hide the non-GNUC constructs that are library internal from the exported header, to make it usable in builds with strict C99 compliance. (bsc#1202870) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3353-1 Released: Fri Sep 23 15:23:40 2022 Summary: Security update for permissions Type: security Severity: moderate References: 1203018,CVE-2022-31252 This update for permissions fixes the following issues: - CVE-2022-31252: Fixed chkstat group controlled paths (bsc#1203018). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3551-1 Released: Fri Oct 7 17:03:55 2022 Summary: Recommended update for libgcrypt Type: recommended Severity: moderate References: 1182983,1190700,1191020,1202117 This update for libgcrypt fixes the following issues: - FIPS: Fixed gpg/gpg2 gets out of core handler in FIPS mode while typing Tab key to Auto-Completion. [bsc#1182983] - FIPS: Ported libgcrypt to use jitterentropy [bsc#1202117, jsc#SLE-24941] * Enable the jitter based entropy generator by default in random.conf * Update the internal jitterentropy to version 3.4.0 - FIPS: Get most of the entropy from rndjent_poll [bsc#1202117] - FIPS: Check keylength in gcry_fips_indicator_kdf() [bsc#1190700] * Consider approved keylength greater or equal to 112 bits. - FIPS: Zeroize buffer and digest in check_binary_integrity() [bsc#1191020] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3555-1 Released: Mon Oct 10 14:05:12 2022 Summary: Recommended update for aaa_base Type: recommended Severity: important References: 1199492 This update for aaa_base fixes the following issues: - The wrapper rootsh is not a restricted shell. (bsc#1199492) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3663-1 Released: Wed Oct 19 19:05:21 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1121365,1180995,1190651,1190653,1190888,1193859,1198471,1198472,1201293,1202148,1203046,1203069 This update for openssl-1_1 fixes the following issues: - FIPS: Default to RFC-7919 groups for genparam and dhparam - FIPS: list only FIPS approved digest and public key algorithms [bsc#1121365, bsc#1190888, bsc#1193859, bsc#1198471, bsc#1198472] - FIPS: Add KAT for the RAND_DRBG implementation [bsc#1203069] - FIPS: openssl: RAND api should call into FIPS DRBG [bsc#1201293] * The FIPS_drbg implementation is not FIPS validated anymore. To provide backwards compatibility for applications that need FIPS compliant RNG number generation and use FIPS_drbg_generate, this function was re-wired to call the FIPS validated DRBG instance instead through the RAND_bytes() call. - FIPS: Fix minor memory leaks by FIPS patch [bsc#1203046] - FIPS: OpenSSL: Port openssl to use jitterentropy [bsc#1202148, jsc#SLE-24941] libcrypto.so now requires libjitterentropy3 library. - FIPS: OpenSSL Provide a service-level indicator [bsc#1190651] - FIPS: Add zeroization of temporary variables to the hmac integrity function FIPSCHECK_verify(). [bsc#1190653] ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3692-1 Released: Fri Oct 21 16:15:07 2022 Summary: Security update for libxml2 Type: security Severity: important References: 1204366,1204367,CVE-2022-40303,CVE-2022-40304 This update for libxml2 fixes the following issues: - CVE-2022-40303: Fixed integer overflows with XML_PARSE_HUGE (bsc#1204366). - CVE-2022-40304: Fixed dict corruption caused by entity reference cycles (bsc#1204367). The following package changes have been done: - file-magic-5.32-7.14.1 added - system-user-root-20190513-3.3.1 added - filesystem-15.0-11.8.1 added - cracklib-dict-small-2.9.7-11.6.1 added - libldap-data-2.4.46-150200.14.11.2 added - libtirpc-netconfig-1.2.6-150300.3.14.1 added - glibc-2.31-150300.41.1 added - libsasl2-3-2.1.27-150300.4.6.1 added - libcrypt1-4.4.15-150300.4.4.3 added - perl-base-5.26.1-150300.17.11.1 added - libssh-config-0.9.6-150400.1.5 added - libzstd1-1.5.0-150400.1.71 added - libsepol1-3.1-150400.1.70 added - liblz4-1-1.9.3-150400.1.7 added - libgpg-error0-1.42-150400.1.101 added - libeconf0-0.4.4+git20220104.962774f-150400.1.38 added - libcap2-2.63-150400.1.7 added - libbz2-1-1.0.8-150400.1.122 added - libaudit1-3.0.6-150400.2.13 added - libnghttp2-14-1.40.0-6.1 added - libbrotlicommon1-1.0.7-3.3.1 added - libbrotlidec1-1.0.7-3.3.1 added - libuuid1-2.37.2-150400.8.3.1 added - libsmartcols1-2.37.2-150400.8.3.1 added - libcom_err2-1.46.4-150400.3.3.1 added - libblkid1-2.37.2-150400.8.3.1 added - libgcrypt20-1.9.4-150400.6.5.1 added - libgcrypt20-hmac-1.9.4-150400.6.5.1 added - libfdisk1-2.37.2-150400.8.3.1 added - libcap-ng0-0.7.9-4.37 added - libunistring2-0.9.10-1.1 added - libz1-1.2.11-150000.3.33.1 added - libpcre1-8.45-150000.20.13.1 added - liblzma5-5.2.3-150000.4.7.1 added - liblua5_3-5-5.3.6-3.6.1 added - libkeyutils1-1.6.3-5.6.1 added - libjitterentropy3-3.4.0-150000.1.6.1 added - libgmp10-6.1.2-4.9.1 added - libgcc_s1-11.3.0+git1637-150000.1.11.2 added - libidn2-0-2.2.0-3.6.1 added - libmagic1-5.32-7.14.1 added - libstdc++6-11.3.0+git1637-150000.1.11.2 added - libpsl5-0.20.1-150000.3.3.1 added - libncurses6-6.1-150000.5.12.1 added - terminfo-base-6.1-150000.5.12.1 added - ncurses-utils-6.1-150000.5.12.1 added - libverto1-0.2.6-3.20 added - libpopt0-1.16-3.22 added - libattr1-2.4.47-2.19 added - fillup-1.42-2.18 added - libzio1-1.06-2.20 added - libselinux1-3.1-150400.1.69 added - libreadline7-7.0-150400.25.22 added - libsemanage1-3.1-150400.1.65 added - bash-4.4-150400.25.22 added - bash-sh-4.4-150400.25.22 added - login_defs-4.8.1-150400.8.57 added - cpio-2.13-150400.1.98 added - libelf1-0.185-150400.5.3.1 added - libxml2-2-2.9.14-150400.5.10.1 added - libsystemd0-249.12-150400.8.10.1 added - libopenssl1_1-1.1.1l-150400.7.10.5 added - libopenssl1_1-hmac-1.1.1l-150400.7.10.5 added - libmount1-2.37.2-150400.8.3.1 added - libdw1-0.185-150400.5.3.1 added - libcrack2-2.9.7-11.6.1 added - cracklib-2.9.7-11.6.1 added - libldap-2_4-2-2.4.46-150200.14.11.2 added - libacl1-2.2.52-4.3.1 added - findutils-4.8.0-1.20 added - info-6.5-4.17 added - patterns-base-fips-20200124-150400.18.4 added - krb5-1.19.2-150400.1.9 added - coreutils-8.32-150400.7.5 added - libssh4-0.9.6-150400.1.5 added - sles-release-15.4-150400.55.1 added - sed-4.4-11.6 added - grep-3.1-150000.4.6.1 added - diffutils-3.6-4.3.1 added - libtirpc3-1.2.6-150300.3.14.1 added - libcurl4-7.79.1-150400.5.6.1 added - rpm-config-SUSE-1-150400.14.3.1 added - permissions-20201225-150400.5.11.1 added - libnsl2-1.2.0-2.44 added - rpm-ndb-4.14.3-150300.49.1 added - pam-1.3.0-150000.6.58.3 added - shadow-4.8.1-150400.8.57 added - sysuser-shadow-3.1-150400.1.35 added - system-group-hardware-20170617-150400.22.33 added - libutempter0-1.1.6-3.42 added - util-linux-2.37.2-150400.8.3.1 added - aaa_base-84.87+git20180409.04c9dae-150300.10.3.1 added - timezone-2022a-150000.75.10.1 added - container:sles15-image-15.0.0-27.14.5 updated From sle-updates at lists.suse.com Mon Oct 24 01:18:39 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 24 Oct 2022 03:18:39 +0200 (CEST) Subject: SUSE-RU-2022:3694-1: moderate: Recommended update for lifecycle-data-sle-module-live-patching Message-ID: <20221024011839.D44A6FBAE@maintenance.suse.de> SUSE Recommended Update: Recommended update for lifecycle-data-sle-module-live-patching ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:3694-1 Rating: moderate References: #1020320 Affected Products: SUSE Linux Enterprise High Performance Computing 15 SUSE Linux Enterprise High Performance Computing 15-SP1 SUSE Linux Enterprise High Performance Computing 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Module for Live Patching 15 SUSE Linux Enterprise Module for Live Patching 15-SP1 SUSE Linux Enterprise Module for Live Patching 15-SP2 SUSE Linux Enterprise Module for Live Patching 15-SP3 SUSE Linux Enterprise Module for Live Patching 15-SP4 SUSE Linux Enterprise Server 15 SUSE Linux Enterprise Server 15-SP1 SUSE Linux Enterprise Server 15-SP2 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15 SUSE Linux Enterprise Server for SAP Applications 15-SP1 SUSE Linux Enterprise Server for SAP Applications 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for lifecycle-data-sle-module-live-patching fixes the following issues: Lifecycle data update. (bsc#1020320) - Added data for 4_12_14-150000_150_95, 4_12_14-150000_150_98, 4_12_14-150100_197_117, 4_12_14-150100_197_120, 5_14_21-150400_24_11, 5_14_21-150400_24_18, 5_3_18-150200_24_120, 5_3_18-150200_24_126, 5_3_18-150300_59_81, 5_3_18-150300_59_87, 5_3_18-150300_59_90. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15-SP4: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2022-3694=1 - SUSE Linux Enterprise Module for Live Patching 15-SP3: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2022-3694=1 - SUSE Linux Enterprise Module for Live Patching 15-SP2: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2022-3694=1 - SUSE Linux Enterprise Module for Live Patching 15-SP1: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2022-3694=1 - SUSE Linux Enterprise Module for Live Patching 15: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-2022-3694=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15-SP4 (noarch): lifecycle-data-sle-module-live-patching-15-150000.4.81.1 - SUSE Linux Enterprise Module for Live Patching 15-SP3 (noarch): lifecycle-data-sle-module-live-patching-15-150000.4.81.1 - SUSE Linux Enterprise Module for Live Patching 15-SP2 (noarch): lifecycle-data-sle-module-live-patching-15-150000.4.81.1 - SUSE Linux Enterprise Module for Live Patching 15-SP1 (noarch): lifecycle-data-sle-module-live-patching-15-150000.4.81.1 - SUSE Linux Enterprise Module for Live Patching 15 (noarch): lifecycle-data-sle-module-live-patching-15-150000.4.81.1 References: https://bugzilla.suse.com/1020320 From sle-updates at lists.suse.com Mon Oct 24 01:19:27 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 24 Oct 2022 03:19:27 +0200 (CEST) Subject: SUSE-RU-2022:3694-1: moderate: Recommended update for lifecycle-data-sle-module-live-patching Message-ID: <20221024011927.3AEC1FBAE@maintenance.suse.de> SUSE Recommended Update: Recommended update for lifecycle-data-sle-module-live-patching ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:3694-1 Rating: moderate References: #1020320 Affected Products: SUSE Linux Enterprise High Performance Computing 15 SUSE Linux Enterprise High Performance Computing 15-SP1 SUSE Linux Enterprise High Performance Computing 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Module for Live Patching 15 SUSE Linux Enterprise Module for Live Patching 15-SP1 SUSE Linux Enterprise Module for Live Patching 15-SP2 SUSE Linux Enterprise Module for Live Patching 15-SP3 SUSE Linux Enterprise Module for Live Patching 15-SP4 SUSE Linux Enterprise Server 15 SUSE Linux Enterprise Server 15-SP1 SUSE Linux Enterprise Server 15-SP2 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15 SUSE Linux Enterprise Server for SAP Applications 15-SP1 SUSE Linux Enterprise Server for SAP Applications 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for lifecycle-data-sle-module-live-patching fixes the following issues: Lifecycle data update. (bsc#1020320) - Added data for 4_12_14-150000_150_95, 4_12_14-150000_150_98, 4_12_14-150100_197_117, 4_12_14-150100_197_120, 5_14_21-150400_24_11, 5_14_21-150400_24_18, 5_3_18-150200_24_120, 5_3_18-150200_24_126, 5_3_18-150300_59_81, 5_3_18-150300_59_87, 5_3_18-150300_59_90. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3694=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-3694=1 - SUSE Linux Enterprise Module for Live Patching 15-SP4: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2022-3694=1 - SUSE Linux Enterprise Module for Live Patching 15-SP3: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2022-3694=1 - SUSE Linux Enterprise Module for Live Patching 15-SP2: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2022-3694=1 - SUSE Linux Enterprise Module for Live Patching 15-SP1: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2022-3694=1 - SUSE Linux Enterprise Module for Live Patching 15: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-2022-3694=1 Package List: - openSUSE Leap 15.4 (noarch): lifecycle-data-sle-module-live-patching-15-150000.4.81.1 - openSUSE Leap 15.3 (noarch): lifecycle-data-sle-module-live-patching-15-150000.4.81.1 - SUSE Linux Enterprise Module for Live Patching 15-SP4 (noarch): lifecycle-data-sle-module-live-patching-15-150000.4.81.1 - SUSE Linux Enterprise Module for Live Patching 15-SP3 (noarch): lifecycle-data-sle-module-live-patching-15-150000.4.81.1 - SUSE Linux Enterprise Module for Live Patching 15-SP2 (noarch): lifecycle-data-sle-module-live-patching-15-150000.4.81.1 - SUSE Linux Enterprise Module for Live Patching 15-SP1 (noarch): lifecycle-data-sle-module-live-patching-15-150000.4.81.1 - SUSE Linux Enterprise Module for Live Patching 15 (noarch): lifecycle-data-sle-module-live-patching-15-150000.4.81.1 References: https://bugzilla.suse.com/1020320 From sle-updates at lists.suse.com Mon Oct 24 10:19:11 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 24 Oct 2022 12:19:11 +0200 (CEST) Subject: SUSE-RU-2022:3696-1: moderate: Recommended update for drbd-utils Message-ID: <20221024101911.081B0FBAE@maintenance.suse.de> SUSE Recommended Update: Recommended update for drbd-utils ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:3696-1 Rating: moderate References: #1184122 #1190591 #1203220 Affected Products: SUSE Linux Enterprise High Availability 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.3 SUSE Linux Enterprise Module for SUSE Manager Server 4.3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for drbd-utils fixes the following issues: - Restore drbd scripts directory to /usr/lib/drbd from /lib/drbd (bsc#1203220) - Fix missing path /usr/var/run/drbd (bsc#1190591) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3696=1 - SUSE Linux Enterprise Module for SUSE Manager Server 4.3: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.3-2022-3696=1 - SUSE Linux Enterprise Micro 5.3: zypper in -t patch SUSE-SLE-Micro-5.3-2022-3696=1 - SUSE Linux Enterprise High Availability 15-SP4: zypper in -t patch SUSE-SLE-Product-HA-15-SP4-2022-3696=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): drbd-utils-9.19.0-150400.3.3.1 drbd-utils-debuginfo-9.19.0-150400.3.3.1 drbd-utils-debugsource-9.19.0-150400.3.3.1 - SUSE Linux Enterprise Module for SUSE Manager Server 4.3 (aarch64 ppc64le s390x x86_64): drbd-utils-9.19.0-150400.3.3.1 drbd-utils-debuginfo-9.19.0-150400.3.3.1 drbd-utils-debugsource-9.19.0-150400.3.3.1 - SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64): drbd-utils-9.19.0-150400.3.3.1 drbd-utils-debuginfo-9.19.0-150400.3.3.1 drbd-utils-debugsource-9.19.0-150400.3.3.1 - SUSE Linux Enterprise High Availability 15-SP4 (aarch64 ppc64le s390x x86_64): drbd-utils-9.19.0-150400.3.3.1 drbd-utils-debuginfo-9.19.0-150400.3.3.1 drbd-utils-debugsource-9.19.0-150400.3.3.1 References: https://bugzilla.suse.com/1184122 https://bugzilla.suse.com/1190591 https://bugzilla.suse.com/1203220 From sle-updates at lists.suse.com Mon Oct 24 10:20:01 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 24 Oct 2022 12:20:01 +0200 (CEST) Subject: SUSE-RU-2022:3695-1: moderate: Recommended update for pacemaker Message-ID: <20221024102001.93F4FFBAE@maintenance.suse.de> SUSE Recommended Update: Recommended update for pacemaker ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:3695-1 Rating: moderate References: #1093168 #1129707 #1191676 #1196340 Affected Products: SUSE Linux Enterprise High Availability 15 SUSE Linux Enterprise High Performance Computing 15 SUSE Linux Enterprise Server 15 SUSE Linux Enterprise Server for SAP Applications 15 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update for pacemaker fixes the following issues: - OCF: controld: Give warning when no-quorum-policy not set as freeze while using DLM (bsc#1129707) - attrd: check election status upon loss of a voter to prevent unexpected pending (bsc#1191676) - cts-scheduler: fix on_node attribute of lrm_rsc_op entries in the tests (bsc#1196340) - scheduler: compare ids of lrm_rsc_op entries case-sensitively (bsc#1196340) - scheduler: do not enforce resource stop if any new probe/monitor indicates the resource was not running on the target of a failed migrate_to (bsc#1196340) - scheduler: do not enforce resource stop on a rejoined node that was the target of a failed migrate_to (bsc#1196340) - scheduler: find_lrm_op() to be able to check against a specified target_rc (bsc#1196340) - scheduler: functionize comparing which lrm_rsc_op is newer (bsc#1196340) - scheduler: is_newer_op() to be able to compare lrm_rsc_op entries from different nodes (bsc#1196340) - spec: do not touch active service on uninstallation (bsc#1093168) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 15: zypper in -t patch SUSE-SLE-Product-HA-15-2022-3695=1 Package List: - SUSE Linux Enterprise High Availability 15 (aarch64 ppc64le s390x x86_64): libpacemaker-devel-1.1.18+20180430.b12c320f5-150000.3.36.2 libpacemaker3-1.1.18+20180430.b12c320f5-150000.3.36.2 libpacemaker3-debuginfo-1.1.18+20180430.b12c320f5-150000.3.36.2 pacemaker-1.1.18+20180430.b12c320f5-150000.3.36.2 pacemaker-cli-1.1.18+20180430.b12c320f5-150000.3.36.2 pacemaker-cli-debuginfo-1.1.18+20180430.b12c320f5-150000.3.36.2 pacemaker-debuginfo-1.1.18+20180430.b12c320f5-150000.3.36.2 pacemaker-debugsource-1.1.18+20180430.b12c320f5-150000.3.36.2 pacemaker-remote-1.1.18+20180430.b12c320f5-150000.3.36.2 pacemaker-remote-debuginfo-1.1.18+20180430.b12c320f5-150000.3.36.2 - SUSE Linux Enterprise High Availability 15 (noarch): pacemaker-cts-1.1.18+20180430.b12c320f5-150000.3.36.2 References: https://bugzilla.suse.com/1093168 https://bugzilla.suse.com/1129707 https://bugzilla.suse.com/1191676 https://bugzilla.suse.com/1196340 From sle-updates at lists.suse.com Mon Oct 24 13:19:15 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 24 Oct 2022 15:19:15 +0200 (CEST) Subject: SUSE-SU-2022:3698-1: important: Security update for MozillaFirefox Message-ID: <20221024131915.52AD4FBAE@maintenance.suse.de> SUSE Security Update: Security update for MozillaFirefox ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3698-1 Rating: important References: #1204421 Cross-References: CVE-2022-42927 CVE-2022-42928 CVE-2022-42929 CVE-2022-42932 CVSS scores: CVE-2022-42927 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-42928 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-42929 (SUSE): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVE-2022-42932 (SUSE): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server for SAP 15-SP1 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for MozillaFirefox fixes the following issues: - Updated to version 102.4.0 ESR (bsc#1204421) - CVE-2022-42927: Fixed same-origin policy violation that could have leaked cross-origin URLs. - CVE-2022-42928: Fixed memory Corruption in JS Engine. - CVE-2022-42929: Fixed denial of Service via window.print. - CVE-2022-42932: Fixed memory safety bugs. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-3698=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-3698=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-3698=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-3698=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-3698=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-3698=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-3698=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-3698=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-3698=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-3698=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): MozillaFirefox-102.4.0-150000.150.62.1 MozillaFirefox-debuginfo-102.4.0-150000.150.62.1 MozillaFirefox-debugsource-102.4.0-150000.150.62.1 MozillaFirefox-devel-102.4.0-150000.150.62.1 MozillaFirefox-translations-common-102.4.0-150000.150.62.1 MozillaFirefox-translations-other-102.4.0-150000.150.62.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): MozillaFirefox-102.4.0-150000.150.62.1 MozillaFirefox-debuginfo-102.4.0-150000.150.62.1 MozillaFirefox-debugsource-102.4.0-150000.150.62.1 MozillaFirefox-devel-102.4.0-150000.150.62.1 MozillaFirefox-translations-common-102.4.0-150000.150.62.1 MozillaFirefox-translations-other-102.4.0-150000.150.62.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): MozillaFirefox-102.4.0-150000.150.62.1 MozillaFirefox-debuginfo-102.4.0-150000.150.62.1 MozillaFirefox-debugsource-102.4.0-150000.150.62.1 MozillaFirefox-devel-102.4.0-150000.150.62.1 MozillaFirefox-translations-common-102.4.0-150000.150.62.1 MozillaFirefox-translations-other-102.4.0-150000.150.62.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): MozillaFirefox-102.4.0-150000.150.62.1 MozillaFirefox-debuginfo-102.4.0-150000.150.62.1 MozillaFirefox-debugsource-102.4.0-150000.150.62.1 MozillaFirefox-devel-102.4.0-150000.150.62.1 MozillaFirefox-translations-common-102.4.0-150000.150.62.1 MozillaFirefox-translations-other-102.4.0-150000.150.62.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): MozillaFirefox-102.4.0-150000.150.62.1 MozillaFirefox-debuginfo-102.4.0-150000.150.62.1 MozillaFirefox-debugsource-102.4.0-150000.150.62.1 MozillaFirefox-devel-102.4.0-150000.150.62.1 MozillaFirefox-translations-common-102.4.0-150000.150.62.1 MozillaFirefox-translations-other-102.4.0-150000.150.62.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): MozillaFirefox-102.4.0-150000.150.62.1 MozillaFirefox-debuginfo-102.4.0-150000.150.62.1 MozillaFirefox-debugsource-102.4.0-150000.150.62.1 MozillaFirefox-devel-102.4.0-150000.150.62.1 MozillaFirefox-translations-common-102.4.0-150000.150.62.1 MozillaFirefox-translations-other-102.4.0-150000.150.62.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): MozillaFirefox-102.4.0-150000.150.62.1 MozillaFirefox-debuginfo-102.4.0-150000.150.62.1 MozillaFirefox-debugsource-102.4.0-150000.150.62.1 MozillaFirefox-devel-102.4.0-150000.150.62.1 MozillaFirefox-translations-common-102.4.0-150000.150.62.1 MozillaFirefox-translations-other-102.4.0-150000.150.62.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): MozillaFirefox-102.4.0-150000.150.62.1 MozillaFirefox-debuginfo-102.4.0-150000.150.62.1 MozillaFirefox-debugsource-102.4.0-150000.150.62.1 MozillaFirefox-devel-102.4.0-150000.150.62.1 MozillaFirefox-translations-common-102.4.0-150000.150.62.1 MozillaFirefox-translations-other-102.4.0-150000.150.62.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): MozillaFirefox-102.4.0-150000.150.62.1 MozillaFirefox-debuginfo-102.4.0-150000.150.62.1 MozillaFirefox-debugsource-102.4.0-150000.150.62.1 MozillaFirefox-devel-102.4.0-150000.150.62.1 MozillaFirefox-translations-common-102.4.0-150000.150.62.1 MozillaFirefox-translations-other-102.4.0-150000.150.62.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): MozillaFirefox-102.4.0-150000.150.62.1 MozillaFirefox-debuginfo-102.4.0-150000.150.62.1 MozillaFirefox-debugsource-102.4.0-150000.150.62.1 MozillaFirefox-devel-102.4.0-150000.150.62.1 MozillaFirefox-translations-common-102.4.0-150000.150.62.1 MozillaFirefox-translations-other-102.4.0-150000.150.62.1 - SUSE CaaS Platform 4.0 (x86_64): MozillaFirefox-102.4.0-150000.150.62.1 MozillaFirefox-debuginfo-102.4.0-150000.150.62.1 MozillaFirefox-debugsource-102.4.0-150000.150.62.1 MozillaFirefox-devel-102.4.0-150000.150.62.1 MozillaFirefox-translations-common-102.4.0-150000.150.62.1 MozillaFirefox-translations-other-102.4.0-150000.150.62.1 References: https://www.suse.com/security/cve/CVE-2022-42927.html https://www.suse.com/security/cve/CVE-2022-42928.html https://www.suse.com/security/cve/CVE-2022-42929.html https://www.suse.com/security/cve/CVE-2022-42932.html https://bugzilla.suse.com/1204421 From sle-updates at lists.suse.com Mon Oct 24 16:20:32 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 24 Oct 2022 18:20:32 +0200 (CEST) Subject: SUSE-SU-2022:3704-1: important: Security update for the Linux Kernel Message-ID: <20221024162032.ABA24FBAE@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3704-1 Rating: important References: #1177471 #1199564 #1200288 #1201309 #1201310 #1202095 #1202385 #1202677 #1202960 #1203552 #1203622 #1203769 #1203770 #1203987 #1203992 #1204051 #1204059 #1204060 PED-529 Cross-References: CVE-2020-16119 CVE-2022-20008 CVE-2022-2503 CVE-2022-2586 CVE-2022-32296 CVE-2022-3239 CVE-2022-3303 CVE-2022-41218 CVE-2022-41222 CVE-2022-41674 CVE-2022-41848 CVE-2022-41849 CVE-2022-42719 CVE-2022-42720 CVE-2022-42721 CVSS scores: CVE-2020-16119 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2020-16119 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-20008 (NVD) : 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2022-20008 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2022-2503 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-2503 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-2586 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-32296 (NVD) : 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2022-32296 (SUSE): 5.3 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-3239 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3239 (SUSE): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-3303 (NVD) : 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3303 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2022-41218 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-41218 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-41222 (NVD) : 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-41222 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-41674 (NVD) : 8.1 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H CVE-2022-41674 (SUSE): 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-41848 (NVD) : 4.2 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-41848 (SUSE): 6.4 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-41849 (NVD) : 4.2 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-41849 (SUSE): 6.3 CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-42719 (NVD) : 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-42719 (SUSE): 7.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-42720 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-42720 (SUSE): 7.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-42721 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-42721 (SUSE): 7.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Enterprise Storage 7 SUSE Linux Enterprise High Availability 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise Module for Live Patching 15-SP2 SUSE Linux Enterprise Server 15-SP2 SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP2 SUSE Linux Enterprise Storage 7 SUSE Manager Proxy 4.1 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1 ______________________________________________________________________________ An update that solves 15 vulnerabilities, contains one feature and has three fixes is now available. Description: The SUSE Linux Enterprise 15 SP2 kernel was updated. The following security bugs were fixed: - CVE-2020-16119: Fixed a use-after-free vulnerability exploitable by a local attacker due to reuse of a DCCP socket. (bnc#1177471) - CVE-2022-20008: Fixed a bug which allowed to read kernel heap memory due to uninitialized data. This could lead to local information disclosure if reading from an SD card that triggers errors, with no additional execution privileges needed. (bnc#1199564) - CVE-2022-2503: Fixed a bug in dm-verity, device-mapper table reloads allowed users with root privileges to switch out the target with an equivalent dm-linear target and bypass verification till reboot. This allowed root to bypass LoadPin and can be used to load untrusted and unverified kernel modules and firmware, which implies arbitrary kernel execution and persistence for peripherals that do not verify firmware updates (bnc#1202677). - CVE-2022-2586: Fixed a use-after-free which can be triggered when a nft table is deleted (bnc#1202095). - CVE-2022-32296: Fixed a bug which allowed TCP servers to identify clients by observing what source ports are used (bnc#1200288). - CVE-2022-3239: Fixed an use-after-free in the video4linux driver that could lead a local user to able to crash the system or escalate their privileges (bnc#1203552). - CVE-2022-3303: Fixed a race condition in the sound subsystem due to improper locking (bnc#1203769). - CVE-2022-41218: Fixed an use-after-free caused by refcount races in drivers/media/dvb-core/dmxdev.c (bnc#1202960). - CVE-2022-41222: Fixed a use-after-free via a stale TLB because an rmap lock is not held during a PUD move (bnc#1203622). - CVE-2022-41674: Fixed a DoS issue where kernel can crash on the reception of specific WiFi Frames (bsc#1203770). - CVE-2022-41848: Fixed a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling ioctl (bnc#1203987). - CVE-2022-41849: Fixed a race condition and resultant use-after-free if a physically proximate attacker removes a USB device while calling open (bnc#1203992). - CVE-2022-42719: Fixed remote code execution with wlan frames when parsing a multi-BSSID element (bsc#1204051). - CVE-2022-42720: Fixed remote code execution due to refcounting bugs (bsc#1204059). - CVE-2022-42721: Fixed remote code execution due list corruption in the wlan stack (bsc#1204060). The following non-security bugs were fixed: - net: mana: Add support of XDP_REDIRECT action (bsc#1201310, jsc#PED-529). - net: mana: Add the Linux MANA PF driver (bsc#1201309, jsc#PED-529). - x86/bugs: Reenable retbleed=off While for older kernels the return thunks are statically built in and cannot be dynamically patched out, retbleed=off should still work so that it can be disabled. Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-3704=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-3704=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-3704=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-3704=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-3704=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-3704=1 - SUSE Linux Enterprise Module for Live Patching 15-SP2: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2022-3704=1 Please note that this is the initial kernel livepatch without fixes itself, this livepatch package is later updated by seperate standalone livepatch updates. - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-3704=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-3704=1 - SUSE Linux Enterprise High Availability 15-SP2: zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2022-3704=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-3704=1 Package List: - SUSE Manager Server 4.1 (ppc64le s390x x86_64): kernel-default-5.3.18-150200.24.134.1 kernel-default-base-5.3.18-150200.24.134.1.150200.9.63.2 kernel-default-debuginfo-5.3.18-150200.24.134.1 kernel-default-debugsource-5.3.18-150200.24.134.1 kernel-default-devel-5.3.18-150200.24.134.1 kernel-default-devel-debuginfo-5.3.18-150200.24.134.1 kernel-obs-build-5.3.18-150200.24.134.1 kernel-obs-build-debugsource-5.3.18-150200.24.134.1 kernel-syms-5.3.18-150200.24.134.1 reiserfs-kmp-default-5.3.18-150200.24.134.1 reiserfs-kmp-default-debuginfo-5.3.18-150200.24.134.1 - SUSE Manager Server 4.1 (noarch): kernel-devel-5.3.18-150200.24.134.1 kernel-docs-5.3.18-150200.24.134.1 kernel-macros-5.3.18-150200.24.134.1 kernel-source-5.3.18-150200.24.134.1 - SUSE Manager Server 4.1 (x86_64): kernel-preempt-5.3.18-150200.24.134.1 kernel-preempt-debuginfo-5.3.18-150200.24.134.1 kernel-preempt-debugsource-5.3.18-150200.24.134.1 kernel-preempt-devel-5.3.18-150200.24.134.1 kernel-preempt-devel-debuginfo-5.3.18-150200.24.134.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): kernel-default-5.3.18-150200.24.134.1 kernel-default-base-5.3.18-150200.24.134.1.150200.9.63.2 kernel-default-debuginfo-5.3.18-150200.24.134.1 kernel-default-debugsource-5.3.18-150200.24.134.1 kernel-default-devel-5.3.18-150200.24.134.1 kernel-default-devel-debuginfo-5.3.18-150200.24.134.1 kernel-obs-build-5.3.18-150200.24.134.1 kernel-obs-build-debugsource-5.3.18-150200.24.134.1 kernel-preempt-5.3.18-150200.24.134.1 kernel-preempt-debuginfo-5.3.18-150200.24.134.1 kernel-preempt-debugsource-5.3.18-150200.24.134.1 kernel-preempt-devel-5.3.18-150200.24.134.1 kernel-preempt-devel-debuginfo-5.3.18-150200.24.134.1 kernel-syms-5.3.18-150200.24.134.1 reiserfs-kmp-default-5.3.18-150200.24.134.1 reiserfs-kmp-default-debuginfo-5.3.18-150200.24.134.1 - SUSE Manager Retail Branch Server 4.1 (noarch): kernel-devel-5.3.18-150200.24.134.1 kernel-docs-5.3.18-150200.24.134.1 kernel-macros-5.3.18-150200.24.134.1 kernel-source-5.3.18-150200.24.134.1 - SUSE Manager Proxy 4.1 (noarch): kernel-devel-5.3.18-150200.24.134.1 kernel-docs-5.3.18-150200.24.134.1 kernel-macros-5.3.18-150200.24.134.1 kernel-source-5.3.18-150200.24.134.1 - SUSE Manager Proxy 4.1 (x86_64): kernel-default-5.3.18-150200.24.134.1 kernel-default-base-5.3.18-150200.24.134.1.150200.9.63.2 kernel-default-debuginfo-5.3.18-150200.24.134.1 kernel-default-debugsource-5.3.18-150200.24.134.1 kernel-default-devel-5.3.18-150200.24.134.1 kernel-default-devel-debuginfo-5.3.18-150200.24.134.1 kernel-obs-build-5.3.18-150200.24.134.1 kernel-obs-build-debugsource-5.3.18-150200.24.134.1 kernel-preempt-5.3.18-150200.24.134.1 kernel-preempt-debuginfo-5.3.18-150200.24.134.1 kernel-preempt-debugsource-5.3.18-150200.24.134.1 kernel-preempt-devel-5.3.18-150200.24.134.1 kernel-preempt-devel-debuginfo-5.3.18-150200.24.134.1 kernel-syms-5.3.18-150200.24.134.1 reiserfs-kmp-default-5.3.18-150200.24.134.1 reiserfs-kmp-default-debuginfo-5.3.18-150200.24.134.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): kernel-default-5.3.18-150200.24.134.1 kernel-default-base-5.3.18-150200.24.134.1.150200.9.63.2 kernel-default-debuginfo-5.3.18-150200.24.134.1 kernel-default-debugsource-5.3.18-150200.24.134.1 kernel-default-devel-5.3.18-150200.24.134.1 kernel-default-devel-debuginfo-5.3.18-150200.24.134.1 kernel-obs-build-5.3.18-150200.24.134.1 kernel-obs-build-debugsource-5.3.18-150200.24.134.1 kernel-syms-5.3.18-150200.24.134.1 reiserfs-kmp-default-5.3.18-150200.24.134.1 reiserfs-kmp-default-debuginfo-5.3.18-150200.24.134.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (noarch): kernel-devel-5.3.18-150200.24.134.1 kernel-docs-5.3.18-150200.24.134.1 kernel-macros-5.3.18-150200.24.134.1 kernel-source-5.3.18-150200.24.134.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (x86_64): kernel-preempt-5.3.18-150200.24.134.1 kernel-preempt-debuginfo-5.3.18-150200.24.134.1 kernel-preempt-debugsource-5.3.18-150200.24.134.1 kernel-preempt-devel-5.3.18-150200.24.134.1 kernel-preempt-devel-debuginfo-5.3.18-150200.24.134.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): kernel-default-5.3.18-150200.24.134.1 kernel-default-base-5.3.18-150200.24.134.1.150200.9.63.2 kernel-default-debuginfo-5.3.18-150200.24.134.1 kernel-default-debugsource-5.3.18-150200.24.134.1 kernel-default-devel-5.3.18-150200.24.134.1 kernel-default-devel-debuginfo-5.3.18-150200.24.134.1 kernel-obs-build-5.3.18-150200.24.134.1 kernel-obs-build-debugsource-5.3.18-150200.24.134.1 kernel-syms-5.3.18-150200.24.134.1 reiserfs-kmp-default-5.3.18-150200.24.134.1 reiserfs-kmp-default-debuginfo-5.3.18-150200.24.134.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 x86_64): kernel-preempt-5.3.18-150200.24.134.1 kernel-preempt-debuginfo-5.3.18-150200.24.134.1 kernel-preempt-debugsource-5.3.18-150200.24.134.1 kernel-preempt-devel-5.3.18-150200.24.134.1 kernel-preempt-devel-debuginfo-5.3.18-150200.24.134.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (noarch): kernel-devel-5.3.18-150200.24.134.1 kernel-docs-5.3.18-150200.24.134.1 kernel-macros-5.3.18-150200.24.134.1 kernel-source-5.3.18-150200.24.134.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): kernel-default-5.3.18-150200.24.134.1 kernel-default-base-5.3.18-150200.24.134.1.150200.9.63.2 kernel-default-debuginfo-5.3.18-150200.24.134.1 kernel-default-debugsource-5.3.18-150200.24.134.1 kernel-default-devel-5.3.18-150200.24.134.1 kernel-default-devel-debuginfo-5.3.18-150200.24.134.1 kernel-obs-build-5.3.18-150200.24.134.1 kernel-obs-build-debugsource-5.3.18-150200.24.134.1 kernel-preempt-5.3.18-150200.24.134.1 kernel-preempt-debuginfo-5.3.18-150200.24.134.1 kernel-preempt-debugsource-5.3.18-150200.24.134.1 kernel-preempt-devel-5.3.18-150200.24.134.1 kernel-preempt-devel-debuginfo-5.3.18-150200.24.134.1 kernel-syms-5.3.18-150200.24.134.1 - SUSE Linux Enterprise Server 15-SP2-BCL (noarch): kernel-devel-5.3.18-150200.24.134.1 kernel-docs-5.3.18-150200.24.134.1 kernel-macros-5.3.18-150200.24.134.1 kernel-source-5.3.18-150200.24.134.1 - SUSE Linux Enterprise Module for Live Patching 15-SP2 (ppc64le s390x x86_64): kernel-default-debuginfo-5.3.18-150200.24.134.1 kernel-default-debugsource-5.3.18-150200.24.134.1 kernel-default-livepatch-5.3.18-150200.24.134.1 kernel-default-livepatch-devel-5.3.18-150200.24.134.1 kernel-livepatch-5_3_18-150200_24_134-default-1-150200.5.3.2 kernel-livepatch-5_3_18-150200_24_134-default-debuginfo-1-150200.5.3.2 kernel-livepatch-SLE15-SP2_Update_31-debugsource-1-150200.5.3.2 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): kernel-default-5.3.18-150200.24.134.1 kernel-default-base-5.3.18-150200.24.134.1.150200.9.63.2 kernel-default-debuginfo-5.3.18-150200.24.134.1 kernel-default-debugsource-5.3.18-150200.24.134.1 kernel-default-devel-5.3.18-150200.24.134.1 kernel-default-devel-debuginfo-5.3.18-150200.24.134.1 kernel-obs-build-5.3.18-150200.24.134.1 kernel-obs-build-debugsource-5.3.18-150200.24.134.1 kernel-preempt-5.3.18-150200.24.134.1 kernel-preempt-debuginfo-5.3.18-150200.24.134.1 kernel-preempt-debugsource-5.3.18-150200.24.134.1 kernel-preempt-devel-5.3.18-150200.24.134.1 kernel-preempt-devel-debuginfo-5.3.18-150200.24.134.1 kernel-syms-5.3.18-150200.24.134.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (noarch): kernel-devel-5.3.18-150200.24.134.1 kernel-docs-5.3.18-150200.24.134.1 kernel-macros-5.3.18-150200.24.134.1 kernel-source-5.3.18-150200.24.134.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): kernel-default-5.3.18-150200.24.134.1 kernel-default-base-5.3.18-150200.24.134.1.150200.9.63.2 kernel-default-debuginfo-5.3.18-150200.24.134.1 kernel-default-debugsource-5.3.18-150200.24.134.1 kernel-default-devel-5.3.18-150200.24.134.1 kernel-default-devel-debuginfo-5.3.18-150200.24.134.1 kernel-obs-build-5.3.18-150200.24.134.1 kernel-obs-build-debugsource-5.3.18-150200.24.134.1 kernel-preempt-5.3.18-150200.24.134.1 kernel-preempt-debuginfo-5.3.18-150200.24.134.1 kernel-preempt-debugsource-5.3.18-150200.24.134.1 kernel-preempt-devel-5.3.18-150200.24.134.1 kernel-preempt-devel-debuginfo-5.3.18-150200.24.134.1 kernel-syms-5.3.18-150200.24.134.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (noarch): kernel-devel-5.3.18-150200.24.134.1 kernel-docs-5.3.18-150200.24.134.1 kernel-macros-5.3.18-150200.24.134.1 kernel-source-5.3.18-150200.24.134.1 - SUSE Linux Enterprise High Availability 15-SP2 (aarch64 ppc64le s390x x86_64): cluster-md-kmp-default-5.3.18-150200.24.134.1 cluster-md-kmp-default-debuginfo-5.3.18-150200.24.134.1 dlm-kmp-default-5.3.18-150200.24.134.1 dlm-kmp-default-debuginfo-5.3.18-150200.24.134.1 gfs2-kmp-default-5.3.18-150200.24.134.1 gfs2-kmp-default-debuginfo-5.3.18-150200.24.134.1 kernel-default-debuginfo-5.3.18-150200.24.134.1 kernel-default-debugsource-5.3.18-150200.24.134.1 ocfs2-kmp-default-5.3.18-150200.24.134.1 ocfs2-kmp-default-debuginfo-5.3.18-150200.24.134.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): kernel-default-5.3.18-150200.24.134.1 kernel-default-base-5.3.18-150200.24.134.1.150200.9.63.2 kernel-default-debuginfo-5.3.18-150200.24.134.1 kernel-default-debugsource-5.3.18-150200.24.134.1 kernel-default-devel-5.3.18-150200.24.134.1 kernel-default-devel-debuginfo-5.3.18-150200.24.134.1 kernel-obs-build-5.3.18-150200.24.134.1 kernel-obs-build-debugsource-5.3.18-150200.24.134.1 kernel-preempt-5.3.18-150200.24.134.1 kernel-preempt-debuginfo-5.3.18-150200.24.134.1 kernel-preempt-debugsource-5.3.18-150200.24.134.1 kernel-preempt-devel-5.3.18-150200.24.134.1 kernel-preempt-devel-debuginfo-5.3.18-150200.24.134.1 kernel-syms-5.3.18-150200.24.134.1 reiserfs-kmp-default-5.3.18-150200.24.134.1 reiserfs-kmp-default-debuginfo-5.3.18-150200.24.134.1 - SUSE Enterprise Storage 7 (noarch): kernel-devel-5.3.18-150200.24.134.1 kernel-docs-5.3.18-150200.24.134.1 kernel-macros-5.3.18-150200.24.134.1 kernel-source-5.3.18-150200.24.134.1 References: https://www.suse.com/security/cve/CVE-2020-16119.html https://www.suse.com/security/cve/CVE-2022-20008.html https://www.suse.com/security/cve/CVE-2022-2503.html https://www.suse.com/security/cve/CVE-2022-2586.html https://www.suse.com/security/cve/CVE-2022-32296.html https://www.suse.com/security/cve/CVE-2022-3239.html https://www.suse.com/security/cve/CVE-2022-3303.html https://www.suse.com/security/cve/CVE-2022-41218.html https://www.suse.com/security/cve/CVE-2022-41222.html https://www.suse.com/security/cve/CVE-2022-41674.html https://www.suse.com/security/cve/CVE-2022-41848.html https://www.suse.com/security/cve/CVE-2022-41849.html https://www.suse.com/security/cve/CVE-2022-42719.html https://www.suse.com/security/cve/CVE-2022-42720.html https://www.suse.com/security/cve/CVE-2022-42721.html https://bugzilla.suse.com/1177471 https://bugzilla.suse.com/1199564 https://bugzilla.suse.com/1200288 https://bugzilla.suse.com/1201309 https://bugzilla.suse.com/1201310 https://bugzilla.suse.com/1202095 https://bugzilla.suse.com/1202385 https://bugzilla.suse.com/1202677 https://bugzilla.suse.com/1202960 https://bugzilla.suse.com/1203552 https://bugzilla.suse.com/1203622 https://bugzilla.suse.com/1203769 https://bugzilla.suse.com/1203770 https://bugzilla.suse.com/1203987 https://bugzilla.suse.com/1203992 https://bugzilla.suse.com/1204051 https://bugzilla.suse.com/1204059 https://bugzilla.suse.com/1204060 From sle-updates at lists.suse.com Mon Oct 24 16:23:08 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 24 Oct 2022 18:23:08 +0200 (CEST) Subject: SUSE-SU-2022:3706-1: moderate: Security update for google-gson Message-ID: <20221024162308.57CC7FBAE@maintenance.suse.de> SUSE Security Update: Security update for google-gson ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3706-1 Rating: moderate References: #1199064 SLE-24261 Cross-References: CVE-2022-25647 CVSS scores: CVE-2022-25647 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-25647 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Module for SUSE Manager Server 4.1 SUSE Manager Server 4.1 ______________________________________________________________________________ An update that fixes one vulnerability, contains one feature is now available. Description: This update for google-gson fixes the following issues: Fixed security issue: - CVE-2022-25647: Deserialization of Untrusted Data (bsc#1199064) Other non security fixes: - Build with Java >= 9 in order to produce a modular jar by compiling the module-info.java sources with all other classes built with release 8 and still compatible with Java 8 - Upgrade to version 2.8.9 (jsc#SLE-24261) * Make OSGi bundle's dependency on sun.misc optional. * Deprecate Gson.excluder() exposing internal Excluder class. * Prevent Java deserialization of internal classes. * Improve number strategy implementation. * Fix LongSerializationPolicy null handling being inconsistent with Gson. * Support arbitrary Number implementation for Object and Number deserialization. * Bump proguard-maven-plugin from 2.4.0 to 2.5.1. * Don't exclude static local classes. * Fix RuntimeTypeAdapterFactory depending on internal Streams class. * Improve Maven build. * Make dependency on java.sql optional. * Fixed issue with recursive types. * Better behavior with Java 9+ and Unsafe if there is a security manager. * EnumTypeAdapter now works better when ProGuard has obfuscated enum fields. * make import of sun.misc optional since not all versions of jdk export it Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.1-2022-3706=1 Package List: - SUSE Linux Enterprise Module for SUSE Manager Server 4.1 (noarch): google-gson-2.8.9-150200.3.7.1 References: https://www.suse.com/security/cve/CVE-2022-25647.html https://bugzilla.suse.com/1199064 From sle-updates at lists.suse.com Mon Oct 24 16:23:46 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 24 Oct 2022 18:23:46 +0200 (CEST) Subject: SUSE-SU-2022:3701-1: moderate: Security update for python-Mako Message-ID: <20221024162346.09CC6FBAE@maintenance.suse.de> SUSE Security Update: Security update for python-Mako ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3701-1 Rating: moderate References: #1203246 Cross-References: CVE-2022-40023 CVSS scores: CVE-2022-40023 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-40023 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: HPE Helion Openstack 8 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud Crowbar 8 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python-Mako fixes the following issues: - CVE-2022-40023: Fixed regular expression Denial of Service when using the Lexer class to parse (bsc#1203246). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2022-3701=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2022-3701=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2022-3701=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (noarch): python-Mako-1.0.7-3.3.1 - SUSE OpenStack Cloud 8 (noarch): python-Mako-1.0.7-3.3.1 - HPE Helion Openstack 8 (noarch): python-Mako-1.0.7-3.3.1 References: https://www.suse.com/security/cve/CVE-2022-40023.html https://bugzilla.suse.com/1203246 From sle-updates at lists.suse.com Mon Oct 24 16:24:24 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 24 Oct 2022 18:24:24 +0200 (CEST) Subject: SUSE-SU-2022:3705-1: important: Security update for postgresql-jdbc Message-ID: <20221024162424.6FAEDFBAE@maintenance.suse.de> SUSE Security Update: Security update for postgresql-jdbc ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3705-1 Rating: important References: #1202170 Cross-References: CVE-2022-31197 CVSS scores: CVE-2022-31197 (NVD) : 8 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H CVE-2022-31197 (SUSE): 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N Affected Products: SUSE Linux Enterprise Module for SUSE Manager Server 4.1 SUSE Manager Server 4.1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for postgresql-jdbc fixes the following issues: - CVE-2022-31197: Fixed SQL injection vulnerability (bsc#1202170). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.1-2022-3705=1 Package List: - SUSE Linux Enterprise Module for SUSE Manager Server 4.1 (noarch): postgresql-jdbc-42.2.10-150200.3.11.1 References: https://www.suse.com/security/cve/CVE-2022-31197.html https://bugzilla.suse.com/1202170 From sle-updates at lists.suse.com Mon Oct 24 16:25:31 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 24 Oct 2022 18:25:31 +0200 (CEST) Subject: SUSE-SU-2022:3700-1: moderate: Security update for python-Mako Message-ID: <20221024162531.2DA27FBAE@maintenance.suse.de> SUSE Security Update: Security update for python-Mako ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3700-1 Rating: moderate References: #1203246 Cross-References: CVE-2022-40023 CVSS scores: CVE-2022-40023 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-40023 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python-Mako fixes the following issues: - CVE-2022-40023: Fixed regular expression Denial of Service when using the Lexer class to parse (bsc#1203246). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-3700=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2022-3700=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (noarch): python-Mako-1.0.7-4.3.1 - SUSE OpenStack Cloud 9 (noarch): python-Mako-1.0.7-4.3.1 References: https://www.suse.com/security/cve/CVE-2022-40023.html https://bugzilla.suse.com/1203246 From sle-updates at lists.suse.com Mon Oct 24 19:19:17 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 24 Oct 2022 21:19:17 +0200 (CEST) Subject: SUSE-SU-2022:3712-1: important: Security update for multipath-tools Message-ID: <20221024191917.52E0DFBAE@maintenance.suse.de> SUSE Security Update: Security update for multipath-tools ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3712-1 Rating: important References: #1202616 #1202739 #1204325 Cross-References: CVE-2022-41974 CVSS scores: CVE-2022-41974 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server for SAP 15 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that solves one vulnerability and has two fixes is now available. Description: This update for multipath-tools fixes the following issues: - CVE-2022-41974: Fixed an authorization bypass issue in multipathd. (bsc#1202739) - Avoid linking to libreadline to avoid licensing issue (bsc#1202616) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3712=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-3712=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-3712=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-3712=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-3712=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-3712=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): libdmmp0_1_0-0.7.3+173+suse.7dd1b01-150000.3.29.1 libdmmp0_1_0-debuginfo-0.7.3+173+suse.7dd1b01-150000.3.29.1 multipath-tools-rbd-0.7.3+173+suse.7dd1b01-150000.3.29.1 multipath-tools-rbd-debuginfo-0.7.3+173+suse.7dd1b01-150000.3.29.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): libdmmp0_1_0-0.7.3+173+suse.7dd1b01-150000.3.29.1 libdmmp0_1_0-debuginfo-0.7.3+173+suse.7dd1b01-150000.3.29.1 multipath-tools-rbd-0.7.3+173+suse.7dd1b01-150000.3.29.1 multipath-tools-rbd-debuginfo-0.7.3+173+suse.7dd1b01-150000.3.29.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): kpartx-0.7.3+173+suse.7dd1b01-150000.3.29.1 kpartx-debuginfo-0.7.3+173+suse.7dd1b01-150000.3.29.1 libdmmp-devel-0.7.3+173+suse.7dd1b01-150000.3.29.1 libdmmp0_1_0-0.7.3+173+suse.7dd1b01-150000.3.29.1 libdmmp0_1_0-debuginfo-0.7.3+173+suse.7dd1b01-150000.3.29.1 multipath-tools-0.7.3+173+suse.7dd1b01-150000.3.29.1 multipath-tools-debuginfo-0.7.3+173+suse.7dd1b01-150000.3.29.1 multipath-tools-debugsource-0.7.3+173+suse.7dd1b01-150000.3.29.1 multipath-tools-devel-0.7.3+173+suse.7dd1b01-150000.3.29.1 multipath-tools-rbd-0.7.3+173+suse.7dd1b01-150000.3.29.1 multipath-tools-rbd-debuginfo-0.7.3+173+suse.7dd1b01-150000.3.29.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): kpartx-0.7.3+173+suse.7dd1b01-150000.3.29.1 kpartx-debuginfo-0.7.3+173+suse.7dd1b01-150000.3.29.1 libdmmp-devel-0.7.3+173+suse.7dd1b01-150000.3.29.1 libdmmp0_1_0-0.7.3+173+suse.7dd1b01-150000.3.29.1 libdmmp0_1_0-debuginfo-0.7.3+173+suse.7dd1b01-150000.3.29.1 multipath-tools-0.7.3+173+suse.7dd1b01-150000.3.29.1 multipath-tools-debuginfo-0.7.3+173+suse.7dd1b01-150000.3.29.1 multipath-tools-debugsource-0.7.3+173+suse.7dd1b01-150000.3.29.1 multipath-tools-devel-0.7.3+173+suse.7dd1b01-150000.3.29.1 multipath-tools-rbd-0.7.3+173+suse.7dd1b01-150000.3.29.1 multipath-tools-rbd-debuginfo-0.7.3+173+suse.7dd1b01-150000.3.29.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): kpartx-0.7.3+173+suse.7dd1b01-150000.3.29.1 kpartx-debuginfo-0.7.3+173+suse.7dd1b01-150000.3.29.1 libdmmp-devel-0.7.3+173+suse.7dd1b01-150000.3.29.1 libdmmp0_1_0-0.7.3+173+suse.7dd1b01-150000.3.29.1 libdmmp0_1_0-debuginfo-0.7.3+173+suse.7dd1b01-150000.3.29.1 multipath-tools-0.7.3+173+suse.7dd1b01-150000.3.29.1 multipath-tools-debuginfo-0.7.3+173+suse.7dd1b01-150000.3.29.1 multipath-tools-debugsource-0.7.3+173+suse.7dd1b01-150000.3.29.1 multipath-tools-devel-0.7.3+173+suse.7dd1b01-150000.3.29.1 multipath-tools-rbd-0.7.3+173+suse.7dd1b01-150000.3.29.1 multipath-tools-rbd-debuginfo-0.7.3+173+suse.7dd1b01-150000.3.29.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): kpartx-0.7.3+173+suse.7dd1b01-150000.3.29.1 kpartx-debuginfo-0.7.3+173+suse.7dd1b01-150000.3.29.1 libdmmp-devel-0.7.3+173+suse.7dd1b01-150000.3.29.1 libdmmp0_1_0-0.7.3+173+suse.7dd1b01-150000.3.29.1 libdmmp0_1_0-debuginfo-0.7.3+173+suse.7dd1b01-150000.3.29.1 multipath-tools-0.7.3+173+suse.7dd1b01-150000.3.29.1 multipath-tools-debuginfo-0.7.3+173+suse.7dd1b01-150000.3.29.1 multipath-tools-debugsource-0.7.3+173+suse.7dd1b01-150000.3.29.1 multipath-tools-devel-0.7.3+173+suse.7dd1b01-150000.3.29.1 multipath-tools-rbd-0.7.3+173+suse.7dd1b01-150000.3.29.1 multipath-tools-rbd-debuginfo-0.7.3+173+suse.7dd1b01-150000.3.29.1 References: https://www.suse.com/security/cve/CVE-2022-41974.html https://bugzilla.suse.com/1202616 https://bugzilla.suse.com/1202739 https://bugzilla.suse.com/1204325 From sle-updates at lists.suse.com Mon Oct 24 19:20:10 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 24 Oct 2022 21:20:10 +0200 (CEST) Subject: SUSE-SU-2022:3713-1: important: Security update for multipath-tools Message-ID: <20221024192010.B33B2FBAE@maintenance.suse.de> SUSE Security Update: Security update for multipath-tools ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3713-1 Rating: important References: #1202616 #1202739 #1204325 Cross-References: CVE-2022-41974 CVSS scores: CVE-2022-41974 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server for SAP 12-SP4 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that solves one vulnerability and has two fixes is now available. Description: This update for multipath-tools fixes the following issues: - CVE-2022-41974: Fixed an authorization bypass issue in multipathd. (bsc#1202739) - Avoid linking to libreadline to avoid licensing issue (bsc#1202616) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-3713=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2022-3713=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-3713=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-3713=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): kpartx-0.7.3+177+suse.b16d5dc-2.23.1 kpartx-debuginfo-0.7.3+177+suse.b16d5dc-2.23.1 multipath-tools-0.7.3+177+suse.b16d5dc-2.23.1 multipath-tools-debuginfo-0.7.3+177+suse.b16d5dc-2.23.1 multipath-tools-debugsource-0.7.3+177+suse.b16d5dc-2.23.1 - SUSE OpenStack Cloud 9 (x86_64): kpartx-0.7.3+177+suse.b16d5dc-2.23.1 kpartx-debuginfo-0.7.3+177+suse.b16d5dc-2.23.1 multipath-tools-0.7.3+177+suse.b16d5dc-2.23.1 multipath-tools-debuginfo-0.7.3+177+suse.b16d5dc-2.23.1 multipath-tools-debugsource-0.7.3+177+suse.b16d5dc-2.23.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): kpartx-0.7.3+177+suse.b16d5dc-2.23.1 kpartx-debuginfo-0.7.3+177+suse.b16d5dc-2.23.1 multipath-tools-0.7.3+177+suse.b16d5dc-2.23.1 multipath-tools-debuginfo-0.7.3+177+suse.b16d5dc-2.23.1 multipath-tools-debugsource-0.7.3+177+suse.b16d5dc-2.23.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): kpartx-0.7.3+177+suse.b16d5dc-2.23.1 kpartx-debuginfo-0.7.3+177+suse.b16d5dc-2.23.1 multipath-tools-0.7.3+177+suse.b16d5dc-2.23.1 multipath-tools-debuginfo-0.7.3+177+suse.b16d5dc-2.23.1 multipath-tools-debugsource-0.7.3+177+suse.b16d5dc-2.23.1 References: https://www.suse.com/security/cve/CVE-2022-41974.html https://bugzilla.suse.com/1202616 https://bugzilla.suse.com/1202739 https://bugzilla.suse.com/1204325 From sle-updates at lists.suse.com Mon Oct 24 19:21:03 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 24 Oct 2022 21:21:03 +0200 (CEST) Subject: SUSE-SU-2022:3711-1: important: Security update for multipath-tools Message-ID: <20221024192103.E71CAFBAE@maintenance.suse.de> SUSE Security Update: Security update for multipath-tools ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3711-1 Rating: important References: #1197570 #1199342 #1199345 #1199346 #1199347 #1201483 #1202616 #1202739 Cross-References: CVE-2022-41973 CVE-2022-41974 CVSS scores: CVE-2022-41973 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVE-2022-41974 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that solves two vulnerabilities and has 6 fixes is now available. Description: This update for multipath-tools fixes the following issues: - CVE-2022-41973: Fixed a symlink attack in multipathd. (bsc#1202739) - CVE-2022-41974: Fixed an authorization bypass issue in multipathd. (bsc#1202739) - Avoid linking to libreadline to avoid licensing issue (bsc#1202616) - libmultipath: fix find_multipaths_timeout for unknown hardware (bsc#1201483) - multipath-tools: fix "multipath -ll" for Native NVME Multipath devices (bsc#1201483) - multipathd: don't switch to DAEMON_IDLE during startup (bsc#1199346, bsc#1197570) - multipathd: avoid delays during uevent processing (bsc#1199347) - multipathd: Don't keep starting TUR threads, if they always hang. (bsc#1199345) - Fix busy loop with delayed_reconfigure (bsc#1199342) - multipath.conf: add support for "protocol" subsection in "overrides" section to set certain config options by protocol. - Removed the previously deprecated options getuid_callout, config_dir, multipath_dir, pg_timeout - Add disclaimer about vendor support - Change built-in defaults for NVMe: group by prio, and immediate failback - Fixes for minor issues reported by coverity - Fix for memory leak with uid_attrs - Updates for built in hardware db - Logging improvements - multipathd: use remove_map_callback for delayed reconfigure - Fix handling of path addition in read-only arrays on NVMe - Updates of built-in hardware database - libmultipath: only warn once about unsupported dev_loss_tmo Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3711=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-3711=1 - SUSE Linux Enterprise Micro 5.3: zypper in -t patch SUSE-SLE-Micro-5.3-2022-3711=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): kpartx-0.9.0+62+suse.3e048d4-150400.4.7.1 kpartx-debuginfo-0.9.0+62+suse.3e048d4-150400.4.7.1 libdmmp-devel-0.9.0+62+suse.3e048d4-150400.4.7.1 libdmmp0_2_0-0.9.0+62+suse.3e048d4-150400.4.7.1 libdmmp0_2_0-debuginfo-0.9.0+62+suse.3e048d4-150400.4.7.1 libmpath0-0.9.0+62+suse.3e048d4-150400.4.7.1 libmpath0-debuginfo-0.9.0+62+suse.3e048d4-150400.4.7.1 multipath-tools-0.9.0+62+suse.3e048d4-150400.4.7.1 multipath-tools-debuginfo-0.9.0+62+suse.3e048d4-150400.4.7.1 multipath-tools-debugsource-0.9.0+62+suse.3e048d4-150400.4.7.1 multipath-tools-devel-0.9.0+62+suse.3e048d4-150400.4.7.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): kpartx-0.9.0+62+suse.3e048d4-150400.4.7.1 kpartx-debuginfo-0.9.0+62+suse.3e048d4-150400.4.7.1 libdmmp-devel-0.9.0+62+suse.3e048d4-150400.4.7.1 libdmmp0_2_0-0.9.0+62+suse.3e048d4-150400.4.7.1 libdmmp0_2_0-debuginfo-0.9.0+62+suse.3e048d4-150400.4.7.1 libmpath0-0.9.0+62+suse.3e048d4-150400.4.7.1 libmpath0-debuginfo-0.9.0+62+suse.3e048d4-150400.4.7.1 multipath-tools-0.9.0+62+suse.3e048d4-150400.4.7.1 multipath-tools-debuginfo-0.9.0+62+suse.3e048d4-150400.4.7.1 multipath-tools-debugsource-0.9.0+62+suse.3e048d4-150400.4.7.1 multipath-tools-devel-0.9.0+62+suse.3e048d4-150400.4.7.1 - SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64): kpartx-0.9.0+62+suse.3e048d4-150400.4.7.1 kpartx-debuginfo-0.9.0+62+suse.3e048d4-150400.4.7.1 libmpath0-0.9.0+62+suse.3e048d4-150400.4.7.1 libmpath0-debuginfo-0.9.0+62+suse.3e048d4-150400.4.7.1 multipath-tools-0.9.0+62+suse.3e048d4-150400.4.7.1 multipath-tools-debuginfo-0.9.0+62+suse.3e048d4-150400.4.7.1 multipath-tools-debugsource-0.9.0+62+suse.3e048d4-150400.4.7.1 References: https://www.suse.com/security/cve/CVE-2022-41973.html https://www.suse.com/security/cve/CVE-2022-41974.html https://bugzilla.suse.com/1197570 https://bugzilla.suse.com/1199342 https://bugzilla.suse.com/1199345 https://bugzilla.suse.com/1199346 https://bugzilla.suse.com/1199347 https://bugzilla.suse.com/1201483 https://bugzilla.suse.com/1202616 https://bugzilla.suse.com/1202739 From sle-updates at lists.suse.com Mon Oct 24 19:22:17 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 24 Oct 2022 21:22:17 +0200 (CEST) Subject: SUSE-SU-2022:3707-1: important: Security update for multipath-tools Message-ID: <20221024192217.8E579FBAE@maintenance.suse.de> SUSE Security Update: Security update for multipath-tools ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3707-1 Rating: important References: #1187534 #1202616 #1202739 Cross-References: CVE-2022-41973 CVE-2022-41974 CVSS scores: CVE-2022-41973 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVE-2022-41974 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: This update for multipath-tools fixes the following issues: - CVE-2022-41973: Fixed a symlink attack in multipathd. (bsc#1202739) - CVE-2022-41974: Fixed an authorization bypass issue in multipathd. (bsc#1202739) - Avoid linking to libreadline to avoid licensing issue (bsc#1202616) - Fix that some zfcp devices have large/negative LUN IDs (bsc#1187534) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-3707=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-3707=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): multipath-tools-debuginfo-0.7.9+232+suse.cbc3754-3.14.1 multipath-tools-debugsource-0.7.9+232+suse.cbc3754-3.14.1 multipath-tools-devel-0.7.9+232+suse.cbc3754-3.14.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): kpartx-0.7.9+232+suse.cbc3754-3.14.1 kpartx-debuginfo-0.7.9+232+suse.cbc3754-3.14.1 multipath-tools-0.7.9+232+suse.cbc3754-3.14.1 multipath-tools-debuginfo-0.7.9+232+suse.cbc3754-3.14.1 multipath-tools-debugsource-0.7.9+232+suse.cbc3754-3.14.1 References: https://www.suse.com/security/cve/CVE-2022-41973.html https://www.suse.com/security/cve/CVE-2022-41974.html https://bugzilla.suse.com/1187534 https://bugzilla.suse.com/1202616 https://bugzilla.suse.com/1202739 From sle-updates at lists.suse.com Mon Oct 24 19:23:04 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 24 Oct 2022 21:23:04 +0200 (CEST) Subject: SUSE-SU-2022:3715-1: important: Security update for multipath-tools Message-ID: <20221024192304.22D2CFBAE@maintenance.suse.de> SUSE Security Update: Security update for multipath-tools ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3715-1 Rating: important References: #1202616 #1202739 #1204325 Cross-References: CVE-2022-41974 CVSS scores: CVE-2022-41974 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that solves one vulnerability and has two fixes is now available. Description: This update for multipath-tools fixes the following issues: - CVE-2022-41974: Fixed an authorization bypass issue in multipathd. (bsc#1202739) - Avoid linking to libreadline to avoid licensing issue (bsc#1202616) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2022-3715=1 Package List: - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): kpartx-0.6.2+suse20221017.514d453-71.26.1 kpartx-debuginfo-0.6.2+suse20221017.514d453-71.26.1 multipath-tools-0.6.2+suse20221017.514d453-71.26.1 multipath-tools-debuginfo-0.6.2+suse20221017.514d453-71.26.1 multipath-tools-debugsource-0.6.2+suse20221017.514d453-71.26.1 References: https://www.suse.com/security/cve/CVE-2022-41974.html https://bugzilla.suse.com/1202616 https://bugzilla.suse.com/1202739 https://bugzilla.suse.com/1204325 From sle-updates at lists.suse.com Mon Oct 24 19:23:44 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 24 Oct 2022 21:23:44 +0200 (CEST) Subject: SUSE-SU-2022:3714-1: important: Security update for multipath-tools Message-ID: <20221024192344.6F40BFBAE@maintenance.suse.de> SUSE Security Update: Security update for multipath-tools ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3714-1 Rating: important References: #1118495 #1125145 #1125507 #1131789 #1134648 #1139369 #1202616 #1202739 #1204325 Cross-References: CVE-2022-41974 CVSS scores: CVE-2022-41974 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Server 12-SP3-BCL ______________________________________________________________________________ An update that solves one vulnerability and has 8 fixes is now available. Description: This update for multipath-tools fixes the following issues: - CVE-2022-41974: Fixed an authorization bypass issue in multipathd. (bsc#1202739) - Avoid linking to libreadline to avoid licensing issue (bsc#1202616) - Avoid device IO in "multipath -u" (bsc#1125145, bsc#1131789) - mpathpersist: optimize for setups with many LUNs (bsc#1134648) - mpathpersist: add option -f/--batch-file (bsc#1134648) - libmultipath: get_prio(): really don't reset prio for inaccessible paths (bsc#1118495) - Upstream bug fixes from dm-devel (bsc#1139369): multipath: call store_pathinfo with DI_BLACKLIST - hwtable: add Lenovo DE series (bsc#1125507) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2022-3714=1 Package List: - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): kpartx-0.7.1+125+suse.c18e287-2.23.1 kpartx-debuginfo-0.7.1+125+suse.c18e287-2.23.1 multipath-tools-0.7.1+125+suse.c18e287-2.23.1 multipath-tools-debuginfo-0.7.1+125+suse.c18e287-2.23.1 multipath-tools-debugsource-0.7.1+125+suse.c18e287-2.23.1 References: https://www.suse.com/security/cve/CVE-2022-41974.html https://bugzilla.suse.com/1118495 https://bugzilla.suse.com/1125145 https://bugzilla.suse.com/1125507 https://bugzilla.suse.com/1131789 https://bugzilla.suse.com/1134648 https://bugzilla.suse.com/1139369 https://bugzilla.suse.com/1202616 https://bugzilla.suse.com/1202739 https://bugzilla.suse.com/1204325 From sle-updates at lists.suse.com Mon Oct 24 19:25:07 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 24 Oct 2022 21:25:07 +0200 (CEST) Subject: SUSE-SU-2022:3708-1: important: Security update for multipath-tools Message-ID: <20221024192507.901C2FBAE@maintenance.suse.de> SUSE Security Update: Security update for multipath-tools ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3708-1 Rating: important References: #1187534 #1202616 #1202739 Cross-References: CVE-2022-41973 CVE-2022-41974 CVSS scores: CVE-2022-41973 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVE-2022-41974 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server for SAP 15-SP1 ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: This update for multipath-tools fixes the following issues: - CVE-2022-41973: Fixed a symlink attack in multipathd. (bsc#1202739) - CVE-2022-41974: Fixed an authorization bypass issue in multipathd. (bsc#1202739) - Avoid linking to libreadline to avoid licensing issue (bsc#1202616) - Fix that some zfcp devices have large/negative LUN IDs (bsc#1187534) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-3708=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-3708=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-3708=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-3708=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-3708=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-3708=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): kpartx-0.7.9+232+suse.cbc3754-150100.3.20.1 kpartx-debuginfo-0.7.9+232+suse.cbc3754-150100.3.20.1 libdmmp-devel-0.7.9+232+suse.cbc3754-150100.3.20.1 libdmmp0_2_0-0.7.9+232+suse.cbc3754-150100.3.20.1 libdmmp0_2_0-debuginfo-0.7.9+232+suse.cbc3754-150100.3.20.1 multipath-tools-0.7.9+232+suse.cbc3754-150100.3.20.1 multipath-tools-debuginfo-0.7.9+232+suse.cbc3754-150100.3.20.1 multipath-tools-debugsource-0.7.9+232+suse.cbc3754-150100.3.20.1 multipath-tools-devel-0.7.9+232+suse.cbc3754-150100.3.20.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): kpartx-0.7.9+232+suse.cbc3754-150100.3.20.1 kpartx-debuginfo-0.7.9+232+suse.cbc3754-150100.3.20.1 libdmmp-devel-0.7.9+232+suse.cbc3754-150100.3.20.1 libdmmp0_2_0-0.7.9+232+suse.cbc3754-150100.3.20.1 libdmmp0_2_0-debuginfo-0.7.9+232+suse.cbc3754-150100.3.20.1 multipath-tools-0.7.9+232+suse.cbc3754-150100.3.20.1 multipath-tools-debuginfo-0.7.9+232+suse.cbc3754-150100.3.20.1 multipath-tools-debugsource-0.7.9+232+suse.cbc3754-150100.3.20.1 multipath-tools-devel-0.7.9+232+suse.cbc3754-150100.3.20.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): kpartx-0.7.9+232+suse.cbc3754-150100.3.20.1 kpartx-debuginfo-0.7.9+232+suse.cbc3754-150100.3.20.1 libdmmp-devel-0.7.9+232+suse.cbc3754-150100.3.20.1 libdmmp0_2_0-0.7.9+232+suse.cbc3754-150100.3.20.1 libdmmp0_2_0-debuginfo-0.7.9+232+suse.cbc3754-150100.3.20.1 multipath-tools-0.7.9+232+suse.cbc3754-150100.3.20.1 multipath-tools-debuginfo-0.7.9+232+suse.cbc3754-150100.3.20.1 multipath-tools-debugsource-0.7.9+232+suse.cbc3754-150100.3.20.1 multipath-tools-devel-0.7.9+232+suse.cbc3754-150100.3.20.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): kpartx-0.7.9+232+suse.cbc3754-150100.3.20.1 kpartx-debuginfo-0.7.9+232+suse.cbc3754-150100.3.20.1 libdmmp-devel-0.7.9+232+suse.cbc3754-150100.3.20.1 libdmmp0_2_0-0.7.9+232+suse.cbc3754-150100.3.20.1 libdmmp0_2_0-debuginfo-0.7.9+232+suse.cbc3754-150100.3.20.1 multipath-tools-0.7.9+232+suse.cbc3754-150100.3.20.1 multipath-tools-debuginfo-0.7.9+232+suse.cbc3754-150100.3.20.1 multipath-tools-debugsource-0.7.9+232+suse.cbc3754-150100.3.20.1 multipath-tools-devel-0.7.9+232+suse.cbc3754-150100.3.20.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): kpartx-0.7.9+232+suse.cbc3754-150100.3.20.1 kpartx-debuginfo-0.7.9+232+suse.cbc3754-150100.3.20.1 libdmmp-devel-0.7.9+232+suse.cbc3754-150100.3.20.1 libdmmp0_2_0-0.7.9+232+suse.cbc3754-150100.3.20.1 libdmmp0_2_0-debuginfo-0.7.9+232+suse.cbc3754-150100.3.20.1 multipath-tools-0.7.9+232+suse.cbc3754-150100.3.20.1 multipath-tools-debuginfo-0.7.9+232+suse.cbc3754-150100.3.20.1 multipath-tools-debugsource-0.7.9+232+suse.cbc3754-150100.3.20.1 multipath-tools-devel-0.7.9+232+suse.cbc3754-150100.3.20.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): kpartx-0.7.9+232+suse.cbc3754-150100.3.20.1 kpartx-debuginfo-0.7.9+232+suse.cbc3754-150100.3.20.1 libdmmp-devel-0.7.9+232+suse.cbc3754-150100.3.20.1 libdmmp0_2_0-0.7.9+232+suse.cbc3754-150100.3.20.1 libdmmp0_2_0-debuginfo-0.7.9+232+suse.cbc3754-150100.3.20.1 multipath-tools-0.7.9+232+suse.cbc3754-150100.3.20.1 multipath-tools-debuginfo-0.7.9+232+suse.cbc3754-150100.3.20.1 multipath-tools-debugsource-0.7.9+232+suse.cbc3754-150100.3.20.1 multipath-tools-devel-0.7.9+232+suse.cbc3754-150100.3.20.1 - SUSE CaaS Platform 4.0 (x86_64): kpartx-0.7.9+232+suse.cbc3754-150100.3.20.1 kpartx-debuginfo-0.7.9+232+suse.cbc3754-150100.3.20.1 libdmmp-devel-0.7.9+232+suse.cbc3754-150100.3.20.1 libdmmp0_2_0-0.7.9+232+suse.cbc3754-150100.3.20.1 libdmmp0_2_0-debuginfo-0.7.9+232+suse.cbc3754-150100.3.20.1 multipath-tools-0.7.9+232+suse.cbc3754-150100.3.20.1 multipath-tools-debuginfo-0.7.9+232+suse.cbc3754-150100.3.20.1 multipath-tools-debugsource-0.7.9+232+suse.cbc3754-150100.3.20.1 multipath-tools-devel-0.7.9+232+suse.cbc3754-150100.3.20.1 References: https://www.suse.com/security/cve/CVE-2022-41973.html https://www.suse.com/security/cve/CVE-2022-41974.html https://bugzilla.suse.com/1187534 https://bugzilla.suse.com/1202616 https://bugzilla.suse.com/1202739 From sle-updates at lists.suse.com Mon Oct 24 19:26:10 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 24 Oct 2022 21:26:10 +0200 (CEST) Subject: SUSE-SU-2022:3710-1: important: Security update for multipath-tools Message-ID: <20221024192610.CDBE5FBAE@maintenance.suse.de> SUSE Security Update: Security update for multipath-tools ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3710-1 Rating: important References: #1189551 #1191900 #1195506 #1197570 #1202616 #1202739 PED-1448 Cross-References: CVE-2022-41973 CVE-2022-41974 CVSS scores: CVE-2022-41973 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVE-2022-41974 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap Micro 5.2 ______________________________________________________________________________ An update that solves two vulnerabilities, contains one feature and has four fixes is now available. Description: This update for multipath-tools fixes the following issues: - CVE-2022-41973: Fixed a symlink attack in multipathd. (bsc#1202739) - CVE-2022-41974: Fixed an authorization bypass issue in multipathd. (bsc#1202739) - multipathd: add "force_reconfigure" option (bsc#1189551) The command "multipathd -kreconfigure" changes behavior: instead of reloading every map, it checks map configuration and reloads only modified maps. This speeds up the reconfigure operation substantially. The old behavior can be reinstated by setting "force_reconfigure yes" in multipath.conf (not recommended). Note: "force_reconfigure yes" is not supported in SLE15-SP4 and beyond, which provide the command "multipathd -k'reconfigure all'" - multipathd: avoid stalled clients during reconfigure (bsc#1189551) - multipathd: handle client disconnect correctly (bsc#1189551) - Avoid linking to libreadline to avoid licensing issue (bsc#1202616) - multipathd: don't switch to DAEMON_IDLE during startup (bsc#1197570) - multipathd: disallow changing to/from fpin marginal paths on reconfig - multipathd handle fpin events (bsc#1195506,jsc#PED-1448) - multipath: fix exit status of multipath -T (bsc#1191900) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap Micro 5.2: zypper in -t patch openSUSE-Leap-Micro-5.2-2022-3710=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-3710=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-3710=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-3710=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-3710=1 Package List: - openSUSE Leap Micro 5.2 (aarch64 x86_64): kpartx-0.8.5+126+suse.8ce8da5-150300.2.14.1 kpartx-debuginfo-0.8.5+126+suse.8ce8da5-150300.2.14.1 libmpath0-0.8.5+126+suse.8ce8da5-150300.2.14.1 libmpath0-debuginfo-0.8.5+126+suse.8ce8da5-150300.2.14.1 multipath-tools-0.8.5+126+suse.8ce8da5-150300.2.14.1 multipath-tools-debuginfo-0.8.5+126+suse.8ce8da5-150300.2.14.1 multipath-tools-debugsource-0.8.5+126+suse.8ce8da5-150300.2.14.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): kpartx-0.8.5+126+suse.8ce8da5-150300.2.14.1 kpartx-debuginfo-0.8.5+126+suse.8ce8da5-150300.2.14.1 libdmmp-devel-0.8.5+126+suse.8ce8da5-150300.2.14.1 libdmmp0_2_0-0.8.5+126+suse.8ce8da5-150300.2.14.1 libdmmp0_2_0-debuginfo-0.8.5+126+suse.8ce8da5-150300.2.14.1 libmpath0-0.8.5+126+suse.8ce8da5-150300.2.14.1 libmpath0-debuginfo-0.8.5+126+suse.8ce8da5-150300.2.14.1 multipath-tools-0.8.5+126+suse.8ce8da5-150300.2.14.1 multipath-tools-debuginfo-0.8.5+126+suse.8ce8da5-150300.2.14.1 multipath-tools-debugsource-0.8.5+126+suse.8ce8da5-150300.2.14.1 multipath-tools-devel-0.8.5+126+suse.8ce8da5-150300.2.14.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): kpartx-0.8.5+126+suse.8ce8da5-150300.2.14.1 kpartx-debuginfo-0.8.5+126+suse.8ce8da5-150300.2.14.1 libdmmp-devel-0.8.5+126+suse.8ce8da5-150300.2.14.1 libdmmp0_2_0-0.8.5+126+suse.8ce8da5-150300.2.14.1 libdmmp0_2_0-debuginfo-0.8.5+126+suse.8ce8da5-150300.2.14.1 libmpath0-0.8.5+126+suse.8ce8da5-150300.2.14.1 libmpath0-debuginfo-0.8.5+126+suse.8ce8da5-150300.2.14.1 multipath-tools-0.8.5+126+suse.8ce8da5-150300.2.14.1 multipath-tools-debuginfo-0.8.5+126+suse.8ce8da5-150300.2.14.1 multipath-tools-debugsource-0.8.5+126+suse.8ce8da5-150300.2.14.1 multipath-tools-devel-0.8.5+126+suse.8ce8da5-150300.2.14.1 - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): kpartx-0.8.5+126+suse.8ce8da5-150300.2.14.1 kpartx-debuginfo-0.8.5+126+suse.8ce8da5-150300.2.14.1 libmpath0-0.8.5+126+suse.8ce8da5-150300.2.14.1 libmpath0-debuginfo-0.8.5+126+suse.8ce8da5-150300.2.14.1 multipath-tools-0.8.5+126+suse.8ce8da5-150300.2.14.1 multipath-tools-debuginfo-0.8.5+126+suse.8ce8da5-150300.2.14.1 multipath-tools-debugsource-0.8.5+126+suse.8ce8da5-150300.2.14.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): kpartx-0.8.5+126+suse.8ce8da5-150300.2.14.1 kpartx-debuginfo-0.8.5+126+suse.8ce8da5-150300.2.14.1 libmpath0-0.8.5+126+suse.8ce8da5-150300.2.14.1 libmpath0-debuginfo-0.8.5+126+suse.8ce8da5-150300.2.14.1 multipath-tools-0.8.5+126+suse.8ce8da5-150300.2.14.1 multipath-tools-debuginfo-0.8.5+126+suse.8ce8da5-150300.2.14.1 multipath-tools-debugsource-0.8.5+126+suse.8ce8da5-150300.2.14.1 References: https://www.suse.com/security/cve/CVE-2022-41973.html https://www.suse.com/security/cve/CVE-2022-41974.html https://bugzilla.suse.com/1189551 https://bugzilla.suse.com/1191900 https://bugzilla.suse.com/1195506 https://bugzilla.suse.com/1197570 https://bugzilla.suse.com/1202616 https://bugzilla.suse.com/1202739 From sle-updates at lists.suse.com Mon Oct 24 19:27:30 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 24 Oct 2022 21:27:30 +0200 (CEST) Subject: SUSE-SU-2022:3709-1: important: Security update for multipath-tools Message-ID: <20221024192730.D0E50FBAE@maintenance.suse.de> SUSE Security Update: Security update for multipath-tools ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3709-1 Rating: important References: #1189551 #1202616 #1202739 Cross-References: CVE-2022-41973 CVE-2022-41974 CVSS scores: CVE-2022-41973 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVE-2022-41974 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Enterprise Storage 7 SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Manager Proxy 4.1 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1 ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: This update for multipath-tools fixes the following issues: - CVE-2022-41973: Fixed a symlink attack in multipathd. (bsc#1202739) - CVE-2022-41974: Fixed an authorization bypass issue in multipathd. (bsc#1202739) - Avoid linking to libreadline to avoid licensing issue (bsc#1202616) - multipathd: add "force_reconfigure" option (bsc#1189551) The command "multipathd -kreconfigure" changes behavior: instead of reloading every map, it checks map configuration and reloads only modified maps. This speeds up the reconfigure operation substantially. The old behavior can be reinstated by setting "force_reconfigure yes" in multipath.conf (not recommended). Note: "force_reconfigure yes" is not supported in SLE15-SP4 and beyond, which provide the command "multipathd -k'reconfigure all'" - multipathd: avoid stalled clients during reconfigure (bsc#1189551) - multipathd: handle client disconnect correctly (bsc#1189551) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-3709=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-3709=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-3709=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-3709=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-3709=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-3709=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-3709=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-3709=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-3709=1 Package List: - SUSE Manager Server 4.1 (ppc64le s390x x86_64): kpartx-0.8.2+182.6d41865-150200.4.14.1 kpartx-debuginfo-0.8.2+182.6d41865-150200.4.14.1 libdmmp-devel-0.8.2+182.6d41865-150200.4.14.1 libdmmp0_2_0-0.8.2+182.6d41865-150200.4.14.1 libdmmp0_2_0-debuginfo-0.8.2+182.6d41865-150200.4.14.1 multipath-tools-0.8.2+182.6d41865-150200.4.14.1 multipath-tools-debuginfo-0.8.2+182.6d41865-150200.4.14.1 multipath-tools-debugsource-0.8.2+182.6d41865-150200.4.14.1 multipath-tools-devel-0.8.2+182.6d41865-150200.4.14.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): kpartx-0.8.2+182.6d41865-150200.4.14.1 kpartx-debuginfo-0.8.2+182.6d41865-150200.4.14.1 libdmmp-devel-0.8.2+182.6d41865-150200.4.14.1 libdmmp0_2_0-0.8.2+182.6d41865-150200.4.14.1 libdmmp0_2_0-debuginfo-0.8.2+182.6d41865-150200.4.14.1 multipath-tools-0.8.2+182.6d41865-150200.4.14.1 multipath-tools-debuginfo-0.8.2+182.6d41865-150200.4.14.1 multipath-tools-debugsource-0.8.2+182.6d41865-150200.4.14.1 multipath-tools-devel-0.8.2+182.6d41865-150200.4.14.1 - SUSE Manager Proxy 4.1 (x86_64): kpartx-0.8.2+182.6d41865-150200.4.14.1 kpartx-debuginfo-0.8.2+182.6d41865-150200.4.14.1 libdmmp-devel-0.8.2+182.6d41865-150200.4.14.1 libdmmp0_2_0-0.8.2+182.6d41865-150200.4.14.1 libdmmp0_2_0-debuginfo-0.8.2+182.6d41865-150200.4.14.1 multipath-tools-0.8.2+182.6d41865-150200.4.14.1 multipath-tools-debuginfo-0.8.2+182.6d41865-150200.4.14.1 multipath-tools-debugsource-0.8.2+182.6d41865-150200.4.14.1 multipath-tools-devel-0.8.2+182.6d41865-150200.4.14.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): kpartx-0.8.2+182.6d41865-150200.4.14.1 kpartx-debuginfo-0.8.2+182.6d41865-150200.4.14.1 libdmmp-devel-0.8.2+182.6d41865-150200.4.14.1 libdmmp0_2_0-0.8.2+182.6d41865-150200.4.14.1 libdmmp0_2_0-debuginfo-0.8.2+182.6d41865-150200.4.14.1 multipath-tools-0.8.2+182.6d41865-150200.4.14.1 multipath-tools-debuginfo-0.8.2+182.6d41865-150200.4.14.1 multipath-tools-debugsource-0.8.2+182.6d41865-150200.4.14.1 multipath-tools-devel-0.8.2+182.6d41865-150200.4.14.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): kpartx-0.8.2+182.6d41865-150200.4.14.1 kpartx-debuginfo-0.8.2+182.6d41865-150200.4.14.1 libdmmp-devel-0.8.2+182.6d41865-150200.4.14.1 libdmmp0_2_0-0.8.2+182.6d41865-150200.4.14.1 libdmmp0_2_0-debuginfo-0.8.2+182.6d41865-150200.4.14.1 multipath-tools-0.8.2+182.6d41865-150200.4.14.1 multipath-tools-debuginfo-0.8.2+182.6d41865-150200.4.14.1 multipath-tools-debugsource-0.8.2+182.6d41865-150200.4.14.1 multipath-tools-devel-0.8.2+182.6d41865-150200.4.14.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): kpartx-0.8.2+182.6d41865-150200.4.14.1 kpartx-debuginfo-0.8.2+182.6d41865-150200.4.14.1 libdmmp-devel-0.8.2+182.6d41865-150200.4.14.1 libdmmp0_2_0-0.8.2+182.6d41865-150200.4.14.1 libdmmp0_2_0-debuginfo-0.8.2+182.6d41865-150200.4.14.1 multipath-tools-0.8.2+182.6d41865-150200.4.14.1 multipath-tools-debuginfo-0.8.2+182.6d41865-150200.4.14.1 multipath-tools-debugsource-0.8.2+182.6d41865-150200.4.14.1 multipath-tools-devel-0.8.2+182.6d41865-150200.4.14.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): kpartx-0.8.2+182.6d41865-150200.4.14.1 kpartx-debuginfo-0.8.2+182.6d41865-150200.4.14.1 libdmmp-devel-0.8.2+182.6d41865-150200.4.14.1 libdmmp0_2_0-0.8.2+182.6d41865-150200.4.14.1 libdmmp0_2_0-debuginfo-0.8.2+182.6d41865-150200.4.14.1 multipath-tools-0.8.2+182.6d41865-150200.4.14.1 multipath-tools-debuginfo-0.8.2+182.6d41865-150200.4.14.1 multipath-tools-debugsource-0.8.2+182.6d41865-150200.4.14.1 multipath-tools-devel-0.8.2+182.6d41865-150200.4.14.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): kpartx-0.8.2+182.6d41865-150200.4.14.1 kpartx-debuginfo-0.8.2+182.6d41865-150200.4.14.1 libdmmp-devel-0.8.2+182.6d41865-150200.4.14.1 libdmmp0_2_0-0.8.2+182.6d41865-150200.4.14.1 libdmmp0_2_0-debuginfo-0.8.2+182.6d41865-150200.4.14.1 multipath-tools-0.8.2+182.6d41865-150200.4.14.1 multipath-tools-debuginfo-0.8.2+182.6d41865-150200.4.14.1 multipath-tools-debugsource-0.8.2+182.6d41865-150200.4.14.1 multipath-tools-devel-0.8.2+182.6d41865-150200.4.14.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): kpartx-0.8.2+182.6d41865-150200.4.14.1 kpartx-debuginfo-0.8.2+182.6d41865-150200.4.14.1 libdmmp-devel-0.8.2+182.6d41865-150200.4.14.1 libdmmp0_2_0-0.8.2+182.6d41865-150200.4.14.1 libdmmp0_2_0-debuginfo-0.8.2+182.6d41865-150200.4.14.1 multipath-tools-0.8.2+182.6d41865-150200.4.14.1 multipath-tools-debuginfo-0.8.2+182.6d41865-150200.4.14.1 multipath-tools-debugsource-0.8.2+182.6d41865-150200.4.14.1 multipath-tools-devel-0.8.2+182.6d41865-150200.4.14.1 References: https://www.suse.com/security/cve/CVE-2022-41973.html https://www.suse.com/security/cve/CVE-2022-41974.html https://bugzilla.suse.com/1189551 https://bugzilla.suse.com/1202616 https://bugzilla.suse.com/1202739 From sle-updates at lists.suse.com Tue Oct 25 07:18:56 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 25 Oct 2022 09:18:56 +0200 (CEST) Subject: SUSE-CU-2022:2658-1: Security update of ses/7.1/cephcsi/cephcsi Message-ID: <20221025071856.581FEF78D@maintenance.suse.de> SUSE Container Update Advisory: ses/7.1/cephcsi/cephcsi ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2658-1 Container Tags : ses/7.1/cephcsi/cephcsi:3.5.1 , ses/7.1/cephcsi/cephcsi:3.5.1.0.3.2.420 , ses/7.1/cephcsi/cephcsi:latest , ses/7.1/cephcsi/cephcsi:sle15.3.pacific , ses/7.1/cephcsi/cephcsi:v3.5.1 , ses/7.1/cephcsi/cephcsi:v3.5.1.0 Container Release : 3.2.420 Severity : critical Type : security References : 1047178 1181994 1188006 1189282 1189802 1195773 1199079 1199140 1199492 1199895 1200993 1201092 1201576 1201638 1201680 1201783 1201942 1201972 1202624 1202868 1203018 1203438 1203649 1204357 CVE-2017-6512 CVE-2021-28861 CVE-2021-36690 CVE-2021-46828 CVE-2022-31252 CVE-2022-3515 CVE-2022-35737 CVE-2022-40674 ----------------------------------------------------------------- The container ses/7.1/cephcsi/cephcsi was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3215-1 Released: Thu Sep 8 15:58:27 2022 Summary: Recommended update for rpm Type: recommended Severity: moderate References: This update for rpm fixes the following issues: - Support Ed25519 RPM signatures [jsc#SLE-24714] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3223-1 Released: Fri Sep 9 04:33:35 2022 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1199895,1200993,1201092,1201576,1201638 This update for libzypp, zypper fixes the following issues: libzypp: - Improve handling of package locks, allowing to reset the status of its initial state (bsc#1199895) - Fix issues when receiving exceptions from curl_easy_cleanup (bsc#1201092) - Don't auto-flag kernel-firmware as 'reboot-needed' (bsc#1200993) - Remove Medianetwork and its dependent code. First reason for this is that MediaNetwork was just meant as a way to test the new CURL based downloaded. Second the Provide API is going to completely replace the current media backend. zypper: - Truncate the 'Name' column when using `zypper lr`, if the table is wider than the terminal (bsc#1201638) - Reject install/remove modifier without argument (bsc#1201576) - zypper-download: Handle unresolvable arguments as errors - Put signing key supplying repository name in quotes ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3262-1 Released: Tue Sep 13 15:34:29 2022 Summary: Recommended update for gcc11 Type: recommended Severity: moderate References: 1199140 This update for gcc11 ships some missing 32bit libraries for s390x. (bsc#1199140) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3271-1 Released: Wed Sep 14 06:45:39 2022 Summary: Security update for perl Type: security Severity: moderate References: 1047178,CVE-2017-6512 This update for perl fixes the following issues: - CVE-2017-6512: Fixed File::Path rmtree/remove_tree race condition (bsc#1047178). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3276-1 Released: Thu Sep 15 06:15:29 2022 Summary: This update fixes the following issues: Type: recommended Severity: moderate References: Implement ECO jsc#SLE-20950 to fix the channel configuration for libeconf-devel having L3 support (instead of unsupported). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3304-1 Released: Mon Sep 19 11:43:25 2022 Summary: Recommended update for libassuan Type: recommended Severity: moderate References: This update for libassuan fixes the following issues: - Add a timeout for writing to a SOCKS5 proxy - Add workaround for a problem with LD_LIBRARY_PATH on newer systems - Fix issue in the logging code - Fix some build trivialities - Upgrade autoconf ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3305-1 Released: Mon Sep 19 11:45:57 2022 Summary: Security update for libtirpc Type: security Severity: important References: 1201680,CVE-2021-46828 This update for libtirpc fixes the following issues: - CVE-2021-46828: Fixed denial of service vulnerability with lots of connections (bsc#1201680). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3307-1 Released: Mon Sep 19 13:26:51 2022 Summary: Security update for sqlite3 Type: security Severity: moderate References: 1189802,1195773,1201783,CVE-2021-36690,CVE-2022-35737 This update for sqlite3 fixes the following issues: - CVE-2022-35737: Fixed an array-bounds overflow if billions of bytes are used in a string argument to a C API (bnc#1201783). - CVE-2021-36690: Fixed an issue with the SQLite Expert extension when a column has no collating sequence (bsc#1189802). - Package the Tcl bindings here again so that we only ship one copy of SQLite (bsc#1195773). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3394-1 Released: Mon Sep 26 16:05:19 2022 Summary: Security update for permissions Type: security Severity: moderate References: 1203018,CVE-2022-31252 This update for permissions fixes the following issues: - CVE-2022-31252: Fixed chkstat group controlled paths (bsc#1203018). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3395-1 Released: Mon Sep 26 16:35:18 2022 Summary: Recommended update for ca-certificates-mozilla Type: recommended Severity: moderate References: 1181994,1188006,1199079,1202868 This update for ca-certificates-mozilla fixes the following issues: Updated to 2.56 state of Mozilla SSL root CAs (bsc#1202868) - Added: - Certainly Root E1 - Certainly Root R1 - DigiCert SMIME ECC P384 Root G5 - DigiCert SMIME RSA4096 Root G5 - DigiCert TLS ECC P384 Root G5 - DigiCert TLS RSA4096 Root G5 - E-Tugra Global Root CA ECC v3 - E-Tugra Global Root CA RSA v3 - Removed: - Hellenic Academic and Research Institutions RootCA 2011 Updated to 2.54 state of Mozilla SSL root CAs (bsc#1199079) - Added: - Autoridad de Certificacion Firmaprofesional CIF A62634068 - D-TRUST BR Root CA 1 2020 - D-TRUST EV Root CA 1 2020 - GlobalSign ECC Root CA R4 - GTS Root R1 - GTS Root R2 - GTS Root R3 - GTS Root R4 - HiPKI Root CA - G1 - ISRG Root X2 - Telia Root CA v2 - vTrus ECC Root CA - vTrus Root CA - Removed: - Cybertrust Global Root - DST Root CA X3 - DigiNotar PKIoverheid CA Organisatie - G2 - GlobalSign ECC Root CA R4 - GlobalSign Root CA R2 - GTS Root R1 - GTS Root R2 - GTS Root R3 - GTS Root R4 Updated to 2.50 state of the Mozilla NSS Certificate store (bsc#1188006) - Added: - HARICA Client ECC Root CA 2021 - HARICA Client RSA Root CA 2021 - HARICA TLS ECC Root CA 2021 - HARICA TLS RSA Root CA 2021 - TunTrust Root CA Updated to 2.46 state of the Mozilla NSS Certificate store (bsc#1181994) - Added new root CAs: - NAVER Global Root Certification Authority - Removed old root CAs: - GeoTrust Global CA - GeoTrust Primary Certification Authority - GeoTrust Primary Certification Authority - G3 - GeoTrust Universal CA - GeoTrust Universal CA 2 - thawte Primary Root CA - thawte Primary Root CA - G2 - thawte Primary Root CA - G3 - VeriSign Class 3 Public Primary Certification Authority - G4 - VeriSign Class 3 Public Primary Certification Authority - G5 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3452-1 Released: Wed Sep 28 12:13:43 2022 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1201942 This update for glibc fixes the following issues: - Reversing calculation of __x86_shared_non_temporal_threshold (bsc#1201942) - powerpc: Optimized memcmp for power10 (jsc#PED-987) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3544-1 Released: Thu Oct 6 13:48:42 2022 Summary: Security update for python3 Type: security Severity: important References: 1202624,CVE-2021-28861 This update for python3 fixes the following issues: - CVE-2021-28861: Fixed an open redirection vulnerability in the HTTP server when an URI path starts with // (bsc#1202624). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3555-1 Released: Mon Oct 10 14:05:12 2022 Summary: Recommended update for aaa_base Type: recommended Severity: important References: 1199492 This update for aaa_base fixes the following issues: - The wrapper rootsh is not a restricted shell. (bsc#1199492) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3565-1 Released: Tue Oct 11 16:17:38 2022 Summary: Recommended update for libzypp, zypper Type: recommended Severity: critical References: 1189282,1201972,1203649 This update for libzypp, zypper fixes the following issues: libzypp: - Enable 'zck' support for SUSE Linux Enterprise 15 Service Pack 4 and newer (bsc#1189282) - Fix regression leading to `-allow-vendor-change` and `no-allow-vendor-change` options being ignored (bsc#1201972) - Remove migration code that is no longer needed (bsc#1203649) - Store logrotate files in vendor specif directory '/usr/etc/logrotate.d' if so defined zypper: - Fix contradiction in the man page: `--download-in-advance` option is the default behavior - Fix regression leading to `-allow-vendor-change` and `no-allow-vendor-change` options being ignored (bsc#1201972) - Fix tests to use locale 'C.UTF-8' rather than 'en_US' - Make sure 'up' respects solver related CLI options (bsc#1201972) - Remove unneeded code to compute the PPP status because it is now auto established - Store logrotate files in vendor specif directory '/usr/etc/logrotate.d' if so defined ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3597-1 Released: Mon Oct 17 13:13:16 2022 Summary: Security update for expat Type: security Severity: important References: 1203438,CVE-2022-40674 This update for expat fixes the following issues: - CVE-2022-40674: Fixed use-after-free in the doContent function in xmlparse.c (bsc#1203438). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3683-1 Released: Fri Oct 21 11:48:39 2022 Summary: Security update for libksba Type: security Severity: critical References: 1204357,CVE-2022-3515 This update for libksba fixes the following issues: - CVE-2022-3515: Fixed a possible overflow in the TLV parser (bsc#1204357). The following package changes have been done: - aaa_base-84.87+git20180409.04c9dae-150300.10.3.1 updated - ca-certificates-mozilla-2.56-150200.24.1 updated - glibc-locale-base-2.31-150300.41.1 updated - glibc-2.31-150300.41.1 updated - libassuan0-2.5.5-150000.4.3.1 updated - libeconf0-0.4.4+git20220104.962774f-150300.3.8.1 updated - libexpat1-2.2.5-150000.3.22.1 updated - libgcc_s1-11.3.0+git1637-150000.1.11.2 updated - libksba8-1.3.5-150000.4.3.1 updated - libpython3_6m1_0-3.6.15-150300.10.30.1 updated - libsqlite3-0-3.39.3-150000.3.17.1 updated - libstdc++6-11.3.0+git1637-150000.1.11.2 updated - libtirpc-netconfig-1.2.6-150300.3.14.1 updated - libtirpc3-1.2.6-150300.3.14.1 updated - libzypp-17.31.2-150200.45.1 updated - perl-base-5.26.1-150300.17.11.1 updated - permissions-20181225-150200.23.15.1 updated - python3-base-3.6.15-150300.10.30.1 updated - python3-curses-3.6.15-150300.10.30.1 updated - python3-3.6.15-150300.10.30.1 updated - rpm-ndb-4.14.3-150300.49.1 updated - zypper-1.14.57-150200.39.1 updated - container:ceph-image-1.0.0-3.2.274 updated From sle-updates at lists.suse.com Tue Oct 25 07:19:14 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 25 Oct 2022 09:19:14 +0200 (CEST) Subject: SUSE-CU-2022:2659-1: Security update of ses/7.1/ceph/grafana Message-ID: <20221025071914.31136F78D@maintenance.suse.de> SUSE Container Update Advisory: ses/7.1/ceph/grafana ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2659-1 Container Tags : ses/7.1/ceph/grafana:8.3.5 , ses/7.1/ceph/grafana:8.3.5.2.2.270 , ses/7.1/ceph/grafana:latest , ses/7.1/ceph/grafana:sle15.3.pacific Container Release : 2.2.270 Severity : critical Type : security References : 1047178 1189282 1189802 1195773 1199140 1199492 1199895 1200993 1201092 1201576 1201638 1201680 1201783 1201942 1201972 1203018 1203649 1204357 CVE-2017-6512 CVE-2021-36690 CVE-2021-46828 CVE-2022-31252 CVE-2022-3515 CVE-2022-35737 ----------------------------------------------------------------- The container ses/7.1/ceph/grafana was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3215-1 Released: Thu Sep 8 15:58:27 2022 Summary: Recommended update for rpm Type: recommended Severity: moderate References: This update for rpm fixes the following issues: - Support Ed25519 RPM signatures [jsc#SLE-24714] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3223-1 Released: Fri Sep 9 04:33:35 2022 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1199895,1200993,1201092,1201576,1201638 This update for libzypp, zypper fixes the following issues: libzypp: - Improve handling of package locks, allowing to reset the status of its initial state (bsc#1199895) - Fix issues when receiving exceptions from curl_easy_cleanup (bsc#1201092) - Don't auto-flag kernel-firmware as 'reboot-needed' (bsc#1200993) - Remove Medianetwork and its dependent code. First reason for this is that MediaNetwork was just meant as a way to test the new CURL based downloaded. Second the Provide API is going to completely replace the current media backend. zypper: - Truncate the 'Name' column when using `zypper lr`, if the table is wider than the terminal (bsc#1201638) - Reject install/remove modifier without argument (bsc#1201576) - zypper-download: Handle unresolvable arguments as errors - Put signing key supplying repository name in quotes ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3262-1 Released: Tue Sep 13 15:34:29 2022 Summary: Recommended update for gcc11 Type: recommended Severity: moderate References: 1199140 This update for gcc11 ships some missing 32bit libraries for s390x. (bsc#1199140) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3271-1 Released: Wed Sep 14 06:45:39 2022 Summary: Security update for perl Type: security Severity: moderate References: 1047178,CVE-2017-6512 This update for perl fixes the following issues: - CVE-2017-6512: Fixed File::Path rmtree/remove_tree race condition (bsc#1047178). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3276-1 Released: Thu Sep 15 06:15:29 2022 Summary: This update fixes the following issues: Type: recommended Severity: moderate References: Implement ECO jsc#SLE-20950 to fix the channel configuration for libeconf-devel having L3 support (instead of unsupported). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3304-1 Released: Mon Sep 19 11:43:25 2022 Summary: Recommended update for libassuan Type: recommended Severity: moderate References: This update for libassuan fixes the following issues: - Add a timeout for writing to a SOCKS5 proxy - Add workaround for a problem with LD_LIBRARY_PATH on newer systems - Fix issue in the logging code - Fix some build trivialities - Upgrade autoconf ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3305-1 Released: Mon Sep 19 11:45:57 2022 Summary: Security update for libtirpc Type: security Severity: important References: 1201680,CVE-2021-46828 This update for libtirpc fixes the following issues: - CVE-2021-46828: Fixed denial of service vulnerability with lots of connections (bsc#1201680). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3307-1 Released: Mon Sep 19 13:26:51 2022 Summary: Security update for sqlite3 Type: security Severity: moderate References: 1189802,1195773,1201783,CVE-2021-36690,CVE-2022-35737 This update for sqlite3 fixes the following issues: - CVE-2022-35737: Fixed an array-bounds overflow if billions of bytes are used in a string argument to a C API (bnc#1201783). - CVE-2021-36690: Fixed an issue with the SQLite Expert extension when a column has no collating sequence (bsc#1189802). - Package the Tcl bindings here again so that we only ship one copy of SQLite (bsc#1195773). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3394-1 Released: Mon Sep 26 16:05:19 2022 Summary: Security update for permissions Type: security Severity: moderate References: 1203018,CVE-2022-31252 This update for permissions fixes the following issues: - CVE-2022-31252: Fixed chkstat group controlled paths (bsc#1203018). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3452-1 Released: Wed Sep 28 12:13:43 2022 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1201942 This update for glibc fixes the following issues: - Reversing calculation of __x86_shared_non_temporal_threshold (bsc#1201942) - powerpc: Optimized memcmp for power10 (jsc#PED-987) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3555-1 Released: Mon Oct 10 14:05:12 2022 Summary: Recommended update for aaa_base Type: recommended Severity: important References: 1199492 This update for aaa_base fixes the following issues: - The wrapper rootsh is not a restricted shell. (bsc#1199492) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3565-1 Released: Tue Oct 11 16:17:38 2022 Summary: Recommended update for libzypp, zypper Type: recommended Severity: critical References: 1189282,1201972,1203649 This update for libzypp, zypper fixes the following issues: libzypp: - Enable 'zck' support for SUSE Linux Enterprise 15 Service Pack 4 and newer (bsc#1189282) - Fix regression leading to `-allow-vendor-change` and `no-allow-vendor-change` options being ignored (bsc#1201972) - Remove migration code that is no longer needed (bsc#1203649) - Store logrotate files in vendor specif directory '/usr/etc/logrotate.d' if so defined zypper: - Fix contradiction in the man page: `--download-in-advance` option is the default behavior - Fix regression leading to `-allow-vendor-change` and `no-allow-vendor-change` options being ignored (bsc#1201972) - Fix tests to use locale 'C.UTF-8' rather than 'en_US' - Make sure 'up' respects solver related CLI options (bsc#1201972) - Remove unneeded code to compute the PPP status because it is now auto established - Store logrotate files in vendor specif directory '/usr/etc/logrotate.d' if so defined ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3683-1 Released: Fri Oct 21 11:48:39 2022 Summary: Security update for libksba Type: security Severity: critical References: 1204357,CVE-2022-3515 This update for libksba fixes the following issues: - CVE-2022-3515: Fixed a possible overflow in the TLV parser (bsc#1204357). The following package changes have been done: - aaa_base-84.87+git20180409.04c9dae-150300.10.3.1 updated - glibc-2.31-150300.41.1 updated - libassuan0-2.5.5-150000.4.3.1 updated - libeconf0-0.4.4+git20220104.962774f-150300.3.8.1 updated - libgcc_s1-11.3.0+git1637-150000.1.11.2 updated - libksba8-1.3.5-150000.4.3.1 updated - libsqlite3-0-3.39.3-150000.3.17.1 updated - libstdc++6-11.3.0+git1637-150000.1.11.2 updated - libtirpc-netconfig-1.2.6-150300.3.14.1 updated - libtirpc3-1.2.6-150300.3.14.1 updated - libzypp-17.31.2-150200.45.1 updated - perl-base-5.26.1-150300.17.11.1 updated - permissions-20181225-150200.23.15.1 updated - rpm-ndb-4.14.3-150300.49.1 updated - zypper-1.14.57-150200.39.1 updated - container:sles15-image-15.0.0-17.20.52 updated From sle-updates at lists.suse.com Tue Oct 25 07:19:41 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 25 Oct 2022 09:19:41 +0200 (CEST) Subject: SUSE-CU-2022:2660-1: Security update of ses/7.1/ceph/haproxy Message-ID: <20221025071941.DE98DF78D@maintenance.suse.de> SUSE Container Update Advisory: ses/7.1/ceph/haproxy ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2660-1 Container Tags : ses/7.1/ceph/haproxy:2.0.14 , ses/7.1/ceph/haproxy:2.0.14.3.5.205 , ses/7.1/ceph/haproxy:latest , ses/7.1/ceph/haproxy:sle15.3.pacific Container Release : 3.5.205 Severity : critical Type : security References : 1047178 1189282 1189802 1195773 1199140 1199492 1199895 1200270 1200697 1200698 1200700 1200701 1200732 1200884 1200902 1200903 1200904 1200993 1201092 1201132 1201133 1201134 1201135 1201136 1201150 1201151 1201152 1201153 1201154 1201155 1201249 1201356 1201359 1201363 1201576 1201620 1201638 1201680 1201783 1201863 1201942 1201972 1202046 1202049 1202050 1202051 1202414 1202420 1202421 1202511 1202512 1202515 1202552 1202599 1202687 1202689 1202862 1203018 1203438 1203649 1204357 CVE-2017-6512 CVE-2021-36690 CVE-2021-46828 CVE-2022-1720 CVE-2022-1968 CVE-2022-2124 CVE-2022-2125 CVE-2022-2126 CVE-2022-2129 CVE-2022-2175 CVE-2022-2182 CVE-2022-2183 CVE-2022-2206 CVE-2022-2207 CVE-2022-2208 CVE-2022-2210 CVE-2022-2231 CVE-2022-2257 CVE-2022-2264 CVE-2022-2284 CVE-2022-2285 CVE-2022-2286 CVE-2022-2287 CVE-2022-2304 CVE-2022-2343 CVE-2022-2344 CVE-2022-2345 CVE-2022-2522 CVE-2022-2571 CVE-2022-2580 CVE-2022-2581 CVE-2022-2598 CVE-2022-2816 CVE-2022-2817 CVE-2022-2819 CVE-2022-2845 CVE-2022-2849 CVE-2022-2862 CVE-2022-2874 CVE-2022-2889 CVE-2022-2923 CVE-2022-2946 CVE-2022-3016 CVE-2022-31252 CVE-2022-3515 CVE-2022-35737 CVE-2022-40674 ----------------------------------------------------------------- The container ses/7.1/ceph/haproxy was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3215-1 Released: Thu Sep 8 15:58:27 2022 Summary: Recommended update for rpm Type: recommended Severity: moderate References: This update for rpm fixes the following issues: - Support Ed25519 RPM signatures [jsc#SLE-24714] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3223-1 Released: Fri Sep 9 04:33:35 2022 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1199895,1200993,1201092,1201576,1201638 This update for libzypp, zypper fixes the following issues: libzypp: - Improve handling of package locks, allowing to reset the status of its initial state (bsc#1199895) - Fix issues when receiving exceptions from curl_easy_cleanup (bsc#1201092) - Don't auto-flag kernel-firmware as 'reboot-needed' (bsc#1200993) - Remove Medianetwork and its dependent code. First reason for this is that MediaNetwork was just meant as a way to test the new CURL based downloaded. Second the Provide API is going to completely replace the current media backend. zypper: - Truncate the 'Name' column when using `zypper lr`, if the table is wider than the terminal (bsc#1201638) - Reject install/remove modifier without argument (bsc#1201576) - zypper-download: Handle unresolvable arguments as errors - Put signing key supplying repository name in quotes ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3229-1 Released: Fri Sep 9 14:46:01 2022 Summary: Security update for vim Type: security Severity: important References: 1200270,1200697,1200698,1200700,1200701,1200732,1200884,1200902,1200903,1200904,1201132,1201133,1201134,1201135,1201136,1201150,1201151,1201152,1201153,1201154,1201155,1201249,1201356,1201359,1201363,1201620,1201863,1202046,1202049,1202050,1202051,1202414,1202420,1202421,1202511,1202512,1202515,1202552,1202599,1202687,1202689,1202862,CVE-2022-1720,CVE-2022-1968,CVE-2022-2124,CVE-2022-2125,CVE-2022-2126,CVE-2022-2129,CVE-2022-2175,CVE-2022-2182,CVE-2022-2183,CVE-2022-2206,CVE-2022-2207,CVE-2022-2208,CVE-2022-2210,CVE-2022-2231,CVE-2022-2257,CVE-2022-2264,CVE-2022-2284,CVE-2022-2285,CVE-2022-2286,CVE-2022-2287,CVE-2022-2304,CVE-2022-2343,CVE-2022-2344,CVE-2022-2345,CVE-2022-2522,CVE-2022-2571,CVE-2022-2580,CVE-2022-2581,CVE-2022-2598,CVE-2022-2816,CVE-2022-2817,CVE-2022-2819,CVE-2022-2845,CVE-2022-2849,CVE-2022-2862,CVE-2022-2874,CVE-2022-2889,CVE-2022-2923,CVE-2022-2946,CVE-2022-3016 This update for vim fixes the following issues: Updated to version 9.0 with patch level 0313: - CVE-2022-2183: Fixed out-of-bounds read through get_lisp_indent() (bsc#1200902). - CVE-2022-2182: Fixed heap-based buffer overflow through parse_cmd_address() (bsc#1200903). - CVE-2022-2175: Fixed buffer over-read through cmdline_insert_reg() (bsc#1200904). - CVE-2022-2304: Fixed stack buffer overflow in spell_dump_compl() (bsc#1201249). - CVE-2022-2343: Fixed heap-based buffer overflow in GitHub repository vim prior to 9.0.0044 (bsc#1201356). - CVE-2022-2344: Fixed another heap-based buffer overflow vim prior to 9.0.0045 (bsc#1201359). - CVE-2022-2345: Fixed use after free in GitHub repository vim prior to 9.0.0046. (bsc#1201363). - CVE-2022-2819: Fixed heap-based Buffer Overflow in compile_lock_unlock() (bsc#1202414). - CVE-2022-2874: Fixed NULL Pointer Dereference in generate_loadvar() (bsc#1202552). - CVE-2022-1968: Fixed use after free in utf_ptr2char (bsc#1200270). - CVE-2022-2124: Fixed out of bounds read in current_quote() (bsc#1200697). - CVE-2022-2125: Fixed out of bounds read in get_lisp_indent() (bsc#1200698). - CVE-2022-2126: Fixed out of bounds read in suggest_trie_walk() (bsc#1200700). - CVE-2022-2129: Fixed out of bounds write in vim_regsub_both() (bsc#1200701). - CVE-2022-1720: Fixed out of bounds read in grab_file_name() (bsc#1200732). - CVE-2022-2264: Fixed out of bounds read in inc() (bsc#1201132). - CVE-2022-2284: Fixed out of bounds read in utfc_ptr2len() (bsc#1201133). - CVE-2022-2285: Fixed negative size passed to memmove() due to integer overflow (bsc#1201134). - CVE-2022-2286: Fixed out of bounds read in ins_bytes() (bsc#1201135). - CVE-2022-2287: Fixed out of bounds read in suggest_trie_walk() (bsc#1201136). - CVE-2022-2231: Fixed null pointer dereference skipwhite() (bsc#1201150). - CVE-2022-2210: Fixed out of bounds read in ml_append_int() (bsc#1201151). - CVE-2022-2208: Fixed null pointer dereference in diff_check() (bsc#1201152). - CVE-2022-2207: Fixed out of bounds read in ins_bs() (bsc#1201153). - CVE-2022-2257: Fixed out of bounds read in msg_outtrans_special() (bsc#1201154). - CVE-2022-2206: Fixed out of bounds read in msg_outtrans_attr() (bsc#1201155). - CVE-2022-2522: Fixed out of bounds read via nested autocommand (bsc#1201863). - CVE-2022-2571: Fixed heap-based buffer overflow related to ins_comp_get_next_word_or_line() (bsc#1202046). - CVE-2022-2580: Fixed heap-based buffer overflow related to eval_string() (bsc#1202049). - CVE-2022-2581: Fixed out-of-bounds read related to cstrchr() (bsc#1202050). - CVE-2022-2598: Fixed undefined behavior for Input to API related to diff_mark_adjust_tp() and ex_diffgetput() (bsc#1202051). - CVE-2022-2817: Fixed use after gree in f_assert_fails() (bsc#1202420). - CVE-2022-2816: Fixed out-of-bounds Read in check_vim9_unlet() (bsc#1202421). - CVE-2022-2862: Fixed use-after-free in compile_nested_function() (bsc#1202511). - CVE-2022-2849: Fixed invalid memory access related to mb_ptr2len() (bsc#1202512). - CVE-2022-2845: Fixed buffer Over-read related to display_dollar() (bsc#1202515). - CVE-2022-2889: Fixed use-after-free in find_var_also_in_script() in evalvars.c (bsc#1202599). - CVE-2022-2923: Fixed NULL pointer dereference in GitHub repository vim/vim prior to 9.0.0240 (bsc#1202687). - CVE-2022-2946: Fixed use after free in function vim_vsnprintf_typval (bsc#1202689). - CVE-2022-3016: Fixed use after free in vim prior to 9.0.0285 (bsc#1202862). Bugfixes: - Fixing vim error on startup (bsc#1200884). - Fixing vim SUSE Linux Enterprise Server 15 SP4 Basesystem plugin-tlib issue (bsc#1201620). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3262-1 Released: Tue Sep 13 15:34:29 2022 Summary: Recommended update for gcc11 Type: recommended Severity: moderate References: 1199140 This update for gcc11 ships some missing 32bit libraries for s390x. (bsc#1199140) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3271-1 Released: Wed Sep 14 06:45:39 2022 Summary: Security update for perl Type: security Severity: moderate References: 1047178,CVE-2017-6512 This update for perl fixes the following issues: - CVE-2017-6512: Fixed File::Path rmtree/remove_tree race condition (bsc#1047178). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3276-1 Released: Thu Sep 15 06:15:29 2022 Summary: This update fixes the following issues: Type: recommended Severity: moderate References: Implement ECO jsc#SLE-20950 to fix the channel configuration for libeconf-devel having L3 support (instead of unsupported). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3304-1 Released: Mon Sep 19 11:43:25 2022 Summary: Recommended update for libassuan Type: recommended Severity: moderate References: This update for libassuan fixes the following issues: - Add a timeout for writing to a SOCKS5 proxy - Add workaround for a problem with LD_LIBRARY_PATH on newer systems - Fix issue in the logging code - Fix some build trivialities - Upgrade autoconf ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3305-1 Released: Mon Sep 19 11:45:57 2022 Summary: Security update for libtirpc Type: security Severity: important References: 1201680,CVE-2021-46828 This update for libtirpc fixes the following issues: - CVE-2021-46828: Fixed denial of service vulnerability with lots of connections (bsc#1201680). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3307-1 Released: Mon Sep 19 13:26:51 2022 Summary: Security update for sqlite3 Type: security Severity: moderate References: 1189802,1195773,1201783,CVE-2021-36690,CVE-2022-35737 This update for sqlite3 fixes the following issues: - CVE-2022-35737: Fixed an array-bounds overflow if billions of bytes are used in a string argument to a C API (bnc#1201783). - CVE-2021-36690: Fixed an issue with the SQLite Expert extension when a column has no collating sequence (bsc#1189802). - Package the Tcl bindings here again so that we only ship one copy of SQLite (bsc#1195773). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3394-1 Released: Mon Sep 26 16:05:19 2022 Summary: Security update for permissions Type: security Severity: moderate References: 1203018,CVE-2022-31252 This update for permissions fixes the following issues: - CVE-2022-31252: Fixed chkstat group controlled paths (bsc#1203018). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3452-1 Released: Wed Sep 28 12:13:43 2022 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1201942 This update for glibc fixes the following issues: - Reversing calculation of __x86_shared_non_temporal_threshold (bsc#1201942) - powerpc: Optimized memcmp for power10 (jsc#PED-987) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3555-1 Released: Mon Oct 10 14:05:12 2022 Summary: Recommended update for aaa_base Type: recommended Severity: important References: 1199492 This update for aaa_base fixes the following issues: - The wrapper rootsh is not a restricted shell. (bsc#1199492) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3565-1 Released: Tue Oct 11 16:17:38 2022 Summary: Recommended update for libzypp, zypper Type: recommended Severity: critical References: 1189282,1201972,1203649 This update for libzypp, zypper fixes the following issues: libzypp: - Enable 'zck' support for SUSE Linux Enterprise 15 Service Pack 4 and newer (bsc#1189282) - Fix regression leading to `-allow-vendor-change` and `no-allow-vendor-change` options being ignored (bsc#1201972) - Remove migration code that is no longer needed (bsc#1203649) - Store logrotate files in vendor specif directory '/usr/etc/logrotate.d' if so defined zypper: - Fix contradiction in the man page: `--download-in-advance` option is the default behavior - Fix regression leading to `-allow-vendor-change` and `no-allow-vendor-change` options being ignored (bsc#1201972) - Fix tests to use locale 'C.UTF-8' rather than 'en_US' - Make sure 'up' respects solver related CLI options (bsc#1201972) - Remove unneeded code to compute the PPP status because it is now auto established - Store logrotate files in vendor specif directory '/usr/etc/logrotate.d' if so defined ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3597-1 Released: Mon Oct 17 13:13:16 2022 Summary: Security update for expat Type: security Severity: important References: 1203438,CVE-2022-40674 This update for expat fixes the following issues: - CVE-2022-40674: Fixed use-after-free in the doContent function in xmlparse.c (bsc#1203438). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3683-1 Released: Fri Oct 21 11:48:39 2022 Summary: Security update for libksba Type: security Severity: critical References: 1204357,CVE-2022-3515 This update for libksba fixes the following issues: - CVE-2022-3515: Fixed a possible overflow in the TLV parser (bsc#1204357). The following package changes have been done: - aaa_base-84.87+git20180409.04c9dae-150300.10.3.1 updated - glibc-2.31-150300.41.1 updated - libassuan0-2.5.5-150000.4.3.1 updated - libeconf0-0.4.4+git20220104.962774f-150300.3.8.1 updated - libexpat1-2.2.5-150000.3.22.1 updated - libgcc_s1-11.3.0+git1637-150000.1.11.2 updated - libksba8-1.3.5-150000.4.3.1 updated - libsqlite3-0-3.39.3-150000.3.17.1 updated - libstdc++6-11.3.0+git1637-150000.1.11.2 updated - libtirpc-netconfig-1.2.6-150300.3.14.1 updated - libtirpc3-1.2.6-150300.3.14.1 updated - libzypp-17.31.2-150200.45.1 updated - perl-base-5.26.1-150300.17.11.1 updated - perl-5.26.1-150300.17.11.1 updated - permissions-20181225-150200.23.15.1 updated - rpm-ndb-4.14.3-150300.49.1 updated - vim-data-common-9.0.0313-150000.5.25.1 updated - vim-9.0.0313-150000.5.25.1 updated - zypper-1.14.57-150200.39.1 updated - container:sles15-image-15.0.0-17.20.52 updated From sle-updates at lists.suse.com Tue Oct 25 07:20:09 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 25 Oct 2022 09:20:09 +0200 (CEST) Subject: SUSE-CU-2022:2661-1: Security update of ses/7.1/ceph/keepalived Message-ID: <20221025072009.D064EF78D@maintenance.suse.de> SUSE Container Update Advisory: ses/7.1/ceph/keepalived ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2661-1 Container Tags : ses/7.1/ceph/keepalived:2.0.19 , ses/7.1/ceph/keepalived:2.0.19.3.5.194 , ses/7.1/ceph/keepalived:latest , ses/7.1/ceph/keepalived:sle15.3.pacific Container Release : 3.5.194 Severity : critical Type : security References : 1047178 1189282 1189802 1195773 1199140 1199492 1199895 1200993 1201092 1201576 1201638 1201680 1201783 1201942 1201972 1203018 1203438 1203649 1204357 CVE-2017-6512 CVE-2021-36690 CVE-2021-46828 CVE-2022-31252 CVE-2022-3515 CVE-2022-35737 CVE-2022-40674 ----------------------------------------------------------------- The container ses/7.1/ceph/keepalived was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3215-1 Released: Thu Sep 8 15:58:27 2022 Summary: Recommended update for rpm Type: recommended Severity: moderate References: This update for rpm fixes the following issues: - Support Ed25519 RPM signatures [jsc#SLE-24714] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3223-1 Released: Fri Sep 9 04:33:35 2022 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1199895,1200993,1201092,1201576,1201638 This update for libzypp, zypper fixes the following issues: libzypp: - Improve handling of package locks, allowing to reset the status of its initial state (bsc#1199895) - Fix issues when receiving exceptions from curl_easy_cleanup (bsc#1201092) - Don't auto-flag kernel-firmware as 'reboot-needed' (bsc#1200993) - Remove Medianetwork and its dependent code. First reason for this is that MediaNetwork was just meant as a way to test the new CURL based downloaded. Second the Provide API is going to completely replace the current media backend. zypper: - Truncate the 'Name' column when using `zypper lr`, if the table is wider than the terminal (bsc#1201638) - Reject install/remove modifier without argument (bsc#1201576) - zypper-download: Handle unresolvable arguments as errors - Put signing key supplying repository name in quotes ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3262-1 Released: Tue Sep 13 15:34:29 2022 Summary: Recommended update for gcc11 Type: recommended Severity: moderate References: 1199140 This update for gcc11 ships some missing 32bit libraries for s390x. (bsc#1199140) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3271-1 Released: Wed Sep 14 06:45:39 2022 Summary: Security update for perl Type: security Severity: moderate References: 1047178,CVE-2017-6512 This update for perl fixes the following issues: - CVE-2017-6512: Fixed File::Path rmtree/remove_tree race condition (bsc#1047178). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3276-1 Released: Thu Sep 15 06:15:29 2022 Summary: This update fixes the following issues: Type: recommended Severity: moderate References: Implement ECO jsc#SLE-20950 to fix the channel configuration for libeconf-devel having L3 support (instead of unsupported). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3304-1 Released: Mon Sep 19 11:43:25 2022 Summary: Recommended update for libassuan Type: recommended Severity: moderate References: This update for libassuan fixes the following issues: - Add a timeout for writing to a SOCKS5 proxy - Add workaround for a problem with LD_LIBRARY_PATH on newer systems - Fix issue in the logging code - Fix some build trivialities - Upgrade autoconf ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3305-1 Released: Mon Sep 19 11:45:57 2022 Summary: Security update for libtirpc Type: security Severity: important References: 1201680,CVE-2021-46828 This update for libtirpc fixes the following issues: - CVE-2021-46828: Fixed denial of service vulnerability with lots of connections (bsc#1201680). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3307-1 Released: Mon Sep 19 13:26:51 2022 Summary: Security update for sqlite3 Type: security Severity: moderate References: 1189802,1195773,1201783,CVE-2021-36690,CVE-2022-35737 This update for sqlite3 fixes the following issues: - CVE-2022-35737: Fixed an array-bounds overflow if billions of bytes are used in a string argument to a C API (bnc#1201783). - CVE-2021-36690: Fixed an issue with the SQLite Expert extension when a column has no collating sequence (bsc#1189802). - Package the Tcl bindings here again so that we only ship one copy of SQLite (bsc#1195773). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3394-1 Released: Mon Sep 26 16:05:19 2022 Summary: Security update for permissions Type: security Severity: moderate References: 1203018,CVE-2022-31252 This update for permissions fixes the following issues: - CVE-2022-31252: Fixed chkstat group controlled paths (bsc#1203018). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3452-1 Released: Wed Sep 28 12:13:43 2022 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1201942 This update for glibc fixes the following issues: - Reversing calculation of __x86_shared_non_temporal_threshold (bsc#1201942) - powerpc: Optimized memcmp for power10 (jsc#PED-987) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3555-1 Released: Mon Oct 10 14:05:12 2022 Summary: Recommended update for aaa_base Type: recommended Severity: important References: 1199492 This update for aaa_base fixes the following issues: - The wrapper rootsh is not a restricted shell. (bsc#1199492) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3565-1 Released: Tue Oct 11 16:17:38 2022 Summary: Recommended update for libzypp, zypper Type: recommended Severity: critical References: 1189282,1201972,1203649 This update for libzypp, zypper fixes the following issues: libzypp: - Enable 'zck' support for SUSE Linux Enterprise 15 Service Pack 4 and newer (bsc#1189282) - Fix regression leading to `-allow-vendor-change` and `no-allow-vendor-change` options being ignored (bsc#1201972) - Remove migration code that is no longer needed (bsc#1203649) - Store logrotate files in vendor specif directory '/usr/etc/logrotate.d' if so defined zypper: - Fix contradiction in the man page: `--download-in-advance` option is the default behavior - Fix regression leading to `-allow-vendor-change` and `no-allow-vendor-change` options being ignored (bsc#1201972) - Fix tests to use locale 'C.UTF-8' rather than 'en_US' - Make sure 'up' respects solver related CLI options (bsc#1201972) - Remove unneeded code to compute the PPP status because it is now auto established - Store logrotate files in vendor specif directory '/usr/etc/logrotate.d' if so defined ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3597-1 Released: Mon Oct 17 13:13:16 2022 Summary: Security update for expat Type: security Severity: important References: 1203438,CVE-2022-40674 This update for expat fixes the following issues: - CVE-2022-40674: Fixed use-after-free in the doContent function in xmlparse.c (bsc#1203438). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3683-1 Released: Fri Oct 21 11:48:39 2022 Summary: Security update for libksba Type: security Severity: critical References: 1204357,CVE-2022-3515 This update for libksba fixes the following issues: - CVE-2022-3515: Fixed a possible overflow in the TLV parser (bsc#1204357). The following package changes have been done: - aaa_base-84.87+git20180409.04c9dae-150300.10.3.1 updated - glibc-2.31-150300.41.1 updated - libassuan0-2.5.5-150000.4.3.1 updated - libeconf0-0.4.4+git20220104.962774f-150300.3.8.1 updated - libexpat1-2.2.5-150000.3.22.1 updated - libgcc_s1-11.3.0+git1637-150000.1.11.2 updated - libksba8-1.3.5-150000.4.3.1 updated - libsqlite3-0-3.39.3-150000.3.17.1 updated - libstdc++6-11.3.0+git1637-150000.1.11.2 updated - libtirpc-netconfig-1.2.6-150300.3.14.1 updated - libtirpc3-1.2.6-150300.3.14.1 updated - libzypp-17.31.2-150200.45.1 updated - perl-base-5.26.1-150300.17.11.1 updated - perl-5.26.1-150300.17.11.1 updated - permissions-20181225-150200.23.15.1 updated - rpm-ndb-4.14.3-150300.49.1 updated - zypper-1.14.57-150200.39.1 updated - container:sles15-image-15.0.0-17.20.52 updated From sle-updates at lists.suse.com Tue Oct 25 07:20:27 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 25 Oct 2022 09:20:27 +0200 (CEST) Subject: SUSE-CU-2022:2662-1: Security update of ses/7.1/cephcsi/csi-attacher Message-ID: <20221025072027.B10FDF78D@maintenance.suse.de> SUSE Container Update Advisory: ses/7.1/cephcsi/csi-attacher ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2662-1 Container Tags : ses/7.1/cephcsi/csi-attacher:v3.4.0 , ses/7.1/cephcsi/csi-attacher:v3.4.0-rev1 , ses/7.1/cephcsi/csi-attacher:v3.4.0-rev1-build2.2.251 Container Release : 2.2.251 Severity : critical Type : security References : 1047178 1189282 1189802 1195773 1199140 1199492 1199895 1200993 1201092 1201576 1201638 1201680 1201783 1201942 1201972 1203018 1203649 1204357 CVE-2017-6512 CVE-2021-36690 CVE-2021-46828 CVE-2022-31252 CVE-2022-3515 CVE-2022-35737 ----------------------------------------------------------------- The container ses/7.1/cephcsi/csi-attacher was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3215-1 Released: Thu Sep 8 15:58:27 2022 Summary: Recommended update for rpm Type: recommended Severity: moderate References: This update for rpm fixes the following issues: - Support Ed25519 RPM signatures [jsc#SLE-24714] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3223-1 Released: Fri Sep 9 04:33:35 2022 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1199895,1200993,1201092,1201576,1201638 This update for libzypp, zypper fixes the following issues: libzypp: - Improve handling of package locks, allowing to reset the status of its initial state (bsc#1199895) - Fix issues when receiving exceptions from curl_easy_cleanup (bsc#1201092) - Don't auto-flag kernel-firmware as 'reboot-needed' (bsc#1200993) - Remove Medianetwork and its dependent code. First reason for this is that MediaNetwork was just meant as a way to test the new CURL based downloaded. Second the Provide API is going to completely replace the current media backend. zypper: - Truncate the 'Name' column when using `zypper lr`, if the table is wider than the terminal (bsc#1201638) - Reject install/remove modifier without argument (bsc#1201576) - zypper-download: Handle unresolvable arguments as errors - Put signing key supplying repository name in quotes ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3262-1 Released: Tue Sep 13 15:34:29 2022 Summary: Recommended update for gcc11 Type: recommended Severity: moderate References: 1199140 This update for gcc11 ships some missing 32bit libraries for s390x. (bsc#1199140) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3271-1 Released: Wed Sep 14 06:45:39 2022 Summary: Security update for perl Type: security Severity: moderate References: 1047178,CVE-2017-6512 This update for perl fixes the following issues: - CVE-2017-6512: Fixed File::Path rmtree/remove_tree race condition (bsc#1047178). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3276-1 Released: Thu Sep 15 06:15:29 2022 Summary: This update fixes the following issues: Type: recommended Severity: moderate References: Implement ECO jsc#SLE-20950 to fix the channel configuration for libeconf-devel having L3 support (instead of unsupported). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3304-1 Released: Mon Sep 19 11:43:25 2022 Summary: Recommended update for libassuan Type: recommended Severity: moderate References: This update for libassuan fixes the following issues: - Add a timeout for writing to a SOCKS5 proxy - Add workaround for a problem with LD_LIBRARY_PATH on newer systems - Fix issue in the logging code - Fix some build trivialities - Upgrade autoconf ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3305-1 Released: Mon Sep 19 11:45:57 2022 Summary: Security update for libtirpc Type: security Severity: important References: 1201680,CVE-2021-46828 This update for libtirpc fixes the following issues: - CVE-2021-46828: Fixed denial of service vulnerability with lots of connections (bsc#1201680). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3307-1 Released: Mon Sep 19 13:26:51 2022 Summary: Security update for sqlite3 Type: security Severity: moderate References: 1189802,1195773,1201783,CVE-2021-36690,CVE-2022-35737 This update for sqlite3 fixes the following issues: - CVE-2022-35737: Fixed an array-bounds overflow if billions of bytes are used in a string argument to a C API (bnc#1201783). - CVE-2021-36690: Fixed an issue with the SQLite Expert extension when a column has no collating sequence (bsc#1189802). - Package the Tcl bindings here again so that we only ship one copy of SQLite (bsc#1195773). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3394-1 Released: Mon Sep 26 16:05:19 2022 Summary: Security update for permissions Type: security Severity: moderate References: 1203018,CVE-2022-31252 This update for permissions fixes the following issues: - CVE-2022-31252: Fixed chkstat group controlled paths (bsc#1203018). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3452-1 Released: Wed Sep 28 12:13:43 2022 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1201942 This update for glibc fixes the following issues: - Reversing calculation of __x86_shared_non_temporal_threshold (bsc#1201942) - powerpc: Optimized memcmp for power10 (jsc#PED-987) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3555-1 Released: Mon Oct 10 14:05:12 2022 Summary: Recommended update for aaa_base Type: recommended Severity: important References: 1199492 This update for aaa_base fixes the following issues: - The wrapper rootsh is not a restricted shell. (bsc#1199492) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3565-1 Released: Tue Oct 11 16:17:38 2022 Summary: Recommended update for libzypp, zypper Type: recommended Severity: critical References: 1189282,1201972,1203649 This update for libzypp, zypper fixes the following issues: libzypp: - Enable 'zck' support for SUSE Linux Enterprise 15 Service Pack 4 and newer (bsc#1189282) - Fix regression leading to `-allow-vendor-change` and `no-allow-vendor-change` options being ignored (bsc#1201972) - Remove migration code that is no longer needed (bsc#1203649) - Store logrotate files in vendor specif directory '/usr/etc/logrotate.d' if so defined zypper: - Fix contradiction in the man page: `--download-in-advance` option is the default behavior - Fix regression leading to `-allow-vendor-change` and `no-allow-vendor-change` options being ignored (bsc#1201972) - Fix tests to use locale 'C.UTF-8' rather than 'en_US' - Make sure 'up' respects solver related CLI options (bsc#1201972) - Remove unneeded code to compute the PPP status because it is now auto established - Store logrotate files in vendor specif directory '/usr/etc/logrotate.d' if so defined ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3683-1 Released: Fri Oct 21 11:48:39 2022 Summary: Security update for libksba Type: security Severity: critical References: 1204357,CVE-2022-3515 This update for libksba fixes the following issues: - CVE-2022-3515: Fixed a possible overflow in the TLV parser (bsc#1204357). The following package changes have been done: - aaa_base-84.87+git20180409.04c9dae-150300.10.3.1 updated - glibc-2.31-150300.41.1 updated - libassuan0-2.5.5-150000.4.3.1 updated - libeconf0-0.4.4+git20220104.962774f-150300.3.8.1 updated - libgcc_s1-11.3.0+git1637-150000.1.11.2 updated - libksba8-1.3.5-150000.4.3.1 updated - libsqlite3-0-3.39.3-150000.3.17.1 updated - libstdc++6-11.3.0+git1637-150000.1.11.2 updated - libtirpc-netconfig-1.2.6-150300.3.14.1 updated - libtirpc3-1.2.6-150300.3.14.1 updated - libzypp-17.31.2-150200.45.1 updated - perl-base-5.26.1-150300.17.11.1 updated - permissions-20181225-150200.23.15.1 updated - rpm-ndb-4.14.3-150300.49.1 updated - zypper-1.14.57-150200.39.1 updated - container:sles15-image-15.0.0-17.20.52 updated From sle-updates at lists.suse.com Tue Oct 25 07:20:43 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 25 Oct 2022 09:20:43 +0200 (CEST) Subject: SUSE-CU-2022:2663-1: Security update of ses/7.1/cephcsi/csi-provisioner Message-ID: <20221025072043.7799AF78D@maintenance.suse.de> SUSE Container Update Advisory: ses/7.1/cephcsi/csi-provisioner ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2663-1 Container Tags : ses/7.1/cephcsi/csi-provisioner:v3.1.0 , ses/7.1/cephcsi/csi-provisioner:v3.1.0-rev1 , ses/7.1/cephcsi/csi-provisioner:v3.1.0-rev1-build2.2.253 Container Release : 2.2.253 Severity : critical Type : security References : 1047178 1189282 1189802 1195773 1199140 1199492 1199895 1200993 1201092 1201576 1201638 1201680 1201783 1201942 1201972 1203018 1203649 1204357 CVE-2017-6512 CVE-2021-36690 CVE-2021-46828 CVE-2022-31252 CVE-2022-3515 CVE-2022-35737 ----------------------------------------------------------------- The container ses/7.1/cephcsi/csi-provisioner was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3215-1 Released: Thu Sep 8 15:58:27 2022 Summary: Recommended update for rpm Type: recommended Severity: moderate References: This update for rpm fixes the following issues: - Support Ed25519 RPM signatures [jsc#SLE-24714] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3223-1 Released: Fri Sep 9 04:33:35 2022 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1199895,1200993,1201092,1201576,1201638 This update for libzypp, zypper fixes the following issues: libzypp: - Improve handling of package locks, allowing to reset the status of its initial state (bsc#1199895) - Fix issues when receiving exceptions from curl_easy_cleanup (bsc#1201092) - Don't auto-flag kernel-firmware as 'reboot-needed' (bsc#1200993) - Remove Medianetwork and its dependent code. First reason for this is that MediaNetwork was just meant as a way to test the new CURL based downloaded. Second the Provide API is going to completely replace the current media backend. zypper: - Truncate the 'Name' column when using `zypper lr`, if the table is wider than the terminal (bsc#1201638) - Reject install/remove modifier without argument (bsc#1201576) - zypper-download: Handle unresolvable arguments as errors - Put signing key supplying repository name in quotes ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3262-1 Released: Tue Sep 13 15:34:29 2022 Summary: Recommended update for gcc11 Type: recommended Severity: moderate References: 1199140 This update for gcc11 ships some missing 32bit libraries for s390x. (bsc#1199140) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3271-1 Released: Wed Sep 14 06:45:39 2022 Summary: Security update for perl Type: security Severity: moderate References: 1047178,CVE-2017-6512 This update for perl fixes the following issues: - CVE-2017-6512: Fixed File::Path rmtree/remove_tree race condition (bsc#1047178). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3276-1 Released: Thu Sep 15 06:15:29 2022 Summary: This update fixes the following issues: Type: recommended Severity: moderate References: Implement ECO jsc#SLE-20950 to fix the channel configuration for libeconf-devel having L3 support (instead of unsupported). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3304-1 Released: Mon Sep 19 11:43:25 2022 Summary: Recommended update for libassuan Type: recommended Severity: moderate References: This update for libassuan fixes the following issues: - Add a timeout for writing to a SOCKS5 proxy - Add workaround for a problem with LD_LIBRARY_PATH on newer systems - Fix issue in the logging code - Fix some build trivialities - Upgrade autoconf ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3305-1 Released: Mon Sep 19 11:45:57 2022 Summary: Security update for libtirpc Type: security Severity: important References: 1201680,CVE-2021-46828 This update for libtirpc fixes the following issues: - CVE-2021-46828: Fixed denial of service vulnerability with lots of connections (bsc#1201680). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3307-1 Released: Mon Sep 19 13:26:51 2022 Summary: Security update for sqlite3 Type: security Severity: moderate References: 1189802,1195773,1201783,CVE-2021-36690,CVE-2022-35737 This update for sqlite3 fixes the following issues: - CVE-2022-35737: Fixed an array-bounds overflow if billions of bytes are used in a string argument to a C API (bnc#1201783). - CVE-2021-36690: Fixed an issue with the SQLite Expert extension when a column has no collating sequence (bsc#1189802). - Package the Tcl bindings here again so that we only ship one copy of SQLite (bsc#1195773). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3394-1 Released: Mon Sep 26 16:05:19 2022 Summary: Security update for permissions Type: security Severity: moderate References: 1203018,CVE-2022-31252 This update for permissions fixes the following issues: - CVE-2022-31252: Fixed chkstat group controlled paths (bsc#1203018). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3452-1 Released: Wed Sep 28 12:13:43 2022 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1201942 This update for glibc fixes the following issues: - Reversing calculation of __x86_shared_non_temporal_threshold (bsc#1201942) - powerpc: Optimized memcmp for power10 (jsc#PED-987) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3555-1 Released: Mon Oct 10 14:05:12 2022 Summary: Recommended update for aaa_base Type: recommended Severity: important References: 1199492 This update for aaa_base fixes the following issues: - The wrapper rootsh is not a restricted shell. (bsc#1199492) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3565-1 Released: Tue Oct 11 16:17:38 2022 Summary: Recommended update for libzypp, zypper Type: recommended Severity: critical References: 1189282,1201972,1203649 This update for libzypp, zypper fixes the following issues: libzypp: - Enable 'zck' support for SUSE Linux Enterprise 15 Service Pack 4 and newer (bsc#1189282) - Fix regression leading to `-allow-vendor-change` and `no-allow-vendor-change` options being ignored (bsc#1201972) - Remove migration code that is no longer needed (bsc#1203649) - Store logrotate files in vendor specif directory '/usr/etc/logrotate.d' if so defined zypper: - Fix contradiction in the man page: `--download-in-advance` option is the default behavior - Fix regression leading to `-allow-vendor-change` and `no-allow-vendor-change` options being ignored (bsc#1201972) - Fix tests to use locale 'C.UTF-8' rather than 'en_US' - Make sure 'up' respects solver related CLI options (bsc#1201972) - Remove unneeded code to compute the PPP status because it is now auto established - Store logrotate files in vendor specif directory '/usr/etc/logrotate.d' if so defined ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3683-1 Released: Fri Oct 21 11:48:39 2022 Summary: Security update for libksba Type: security Severity: critical References: 1204357,CVE-2022-3515 This update for libksba fixes the following issues: - CVE-2022-3515: Fixed a possible overflow in the TLV parser (bsc#1204357). The following package changes have been done: - aaa_base-84.87+git20180409.04c9dae-150300.10.3.1 updated - glibc-2.31-150300.41.1 updated - libassuan0-2.5.5-150000.4.3.1 updated - libeconf0-0.4.4+git20220104.962774f-150300.3.8.1 updated - libgcc_s1-11.3.0+git1637-150000.1.11.2 updated - libksba8-1.3.5-150000.4.3.1 updated - libsqlite3-0-3.39.3-150000.3.17.1 updated - libstdc++6-11.3.0+git1637-150000.1.11.2 updated - libtirpc-netconfig-1.2.6-150300.3.14.1 updated - libtirpc3-1.2.6-150300.3.14.1 updated - libzypp-17.31.2-150200.45.1 updated - perl-base-5.26.1-150300.17.11.1 updated - permissions-20181225-150200.23.15.1 updated - rpm-ndb-4.14.3-150300.49.1 updated - zypper-1.14.57-150200.39.1 updated - container:sles15-image-15.0.0-17.20.52 updated From sle-updates at lists.suse.com Tue Oct 25 07:20:59 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 25 Oct 2022 09:20:59 +0200 (CEST) Subject: SUSE-CU-2022:2664-1: Security update of ses/7.1/cephcsi/csi-resizer Message-ID: <20221025072059.6BEF7F78D@maintenance.suse.de> SUSE Container Update Advisory: ses/7.1/cephcsi/csi-resizer ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2664-1 Container Tags : ses/7.1/cephcsi/csi-resizer:v1.4.0 , ses/7.1/cephcsi/csi-resizer:v1.4.0-rev1 , ses/7.1/cephcsi/csi-resizer:v1.4.0-rev1-build2.2.252 Container Release : 2.2.252 Severity : critical Type : security References : 1047178 1189282 1189802 1195773 1199140 1199492 1199895 1200993 1201092 1201576 1201638 1201680 1201783 1201942 1201972 1203018 1203649 1204357 CVE-2017-6512 CVE-2021-36690 CVE-2021-46828 CVE-2022-31252 CVE-2022-3515 CVE-2022-35737 ----------------------------------------------------------------- The container ses/7.1/cephcsi/csi-resizer was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3215-1 Released: Thu Sep 8 15:58:27 2022 Summary: Recommended update for rpm Type: recommended Severity: moderate References: This update for rpm fixes the following issues: - Support Ed25519 RPM signatures [jsc#SLE-24714] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3223-1 Released: Fri Sep 9 04:33:35 2022 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1199895,1200993,1201092,1201576,1201638 This update for libzypp, zypper fixes the following issues: libzypp: - Improve handling of package locks, allowing to reset the status of its initial state (bsc#1199895) - Fix issues when receiving exceptions from curl_easy_cleanup (bsc#1201092) - Don't auto-flag kernel-firmware as 'reboot-needed' (bsc#1200993) - Remove Medianetwork and its dependent code. First reason for this is that MediaNetwork was just meant as a way to test the new CURL based downloaded. Second the Provide API is going to completely replace the current media backend. zypper: - Truncate the 'Name' column when using `zypper lr`, if the table is wider than the terminal (bsc#1201638) - Reject install/remove modifier without argument (bsc#1201576) - zypper-download: Handle unresolvable arguments as errors - Put signing key supplying repository name in quotes ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3262-1 Released: Tue Sep 13 15:34:29 2022 Summary: Recommended update for gcc11 Type: recommended Severity: moderate References: 1199140 This update for gcc11 ships some missing 32bit libraries for s390x. (bsc#1199140) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3271-1 Released: Wed Sep 14 06:45:39 2022 Summary: Security update for perl Type: security Severity: moderate References: 1047178,CVE-2017-6512 This update for perl fixes the following issues: - CVE-2017-6512: Fixed File::Path rmtree/remove_tree race condition (bsc#1047178). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3276-1 Released: Thu Sep 15 06:15:29 2022 Summary: This update fixes the following issues: Type: recommended Severity: moderate References: Implement ECO jsc#SLE-20950 to fix the channel configuration for libeconf-devel having L3 support (instead of unsupported). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3304-1 Released: Mon Sep 19 11:43:25 2022 Summary: Recommended update for libassuan Type: recommended Severity: moderate References: This update for libassuan fixes the following issues: - Add a timeout for writing to a SOCKS5 proxy - Add workaround for a problem with LD_LIBRARY_PATH on newer systems - Fix issue in the logging code - Fix some build trivialities - Upgrade autoconf ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3305-1 Released: Mon Sep 19 11:45:57 2022 Summary: Security update for libtirpc Type: security Severity: important References: 1201680,CVE-2021-46828 This update for libtirpc fixes the following issues: - CVE-2021-46828: Fixed denial of service vulnerability with lots of connections (bsc#1201680). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3307-1 Released: Mon Sep 19 13:26:51 2022 Summary: Security update for sqlite3 Type: security Severity: moderate References: 1189802,1195773,1201783,CVE-2021-36690,CVE-2022-35737 This update for sqlite3 fixes the following issues: - CVE-2022-35737: Fixed an array-bounds overflow if billions of bytes are used in a string argument to a C API (bnc#1201783). - CVE-2021-36690: Fixed an issue with the SQLite Expert extension when a column has no collating sequence (bsc#1189802). - Package the Tcl bindings here again so that we only ship one copy of SQLite (bsc#1195773). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3394-1 Released: Mon Sep 26 16:05:19 2022 Summary: Security update for permissions Type: security Severity: moderate References: 1203018,CVE-2022-31252 This update for permissions fixes the following issues: - CVE-2022-31252: Fixed chkstat group controlled paths (bsc#1203018). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3452-1 Released: Wed Sep 28 12:13:43 2022 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1201942 This update for glibc fixes the following issues: - Reversing calculation of __x86_shared_non_temporal_threshold (bsc#1201942) - powerpc: Optimized memcmp for power10 (jsc#PED-987) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3555-1 Released: Mon Oct 10 14:05:12 2022 Summary: Recommended update for aaa_base Type: recommended Severity: important References: 1199492 This update for aaa_base fixes the following issues: - The wrapper rootsh is not a restricted shell. (bsc#1199492) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3565-1 Released: Tue Oct 11 16:17:38 2022 Summary: Recommended update for libzypp, zypper Type: recommended Severity: critical References: 1189282,1201972,1203649 This update for libzypp, zypper fixes the following issues: libzypp: - Enable 'zck' support for SUSE Linux Enterprise 15 Service Pack 4 and newer (bsc#1189282) - Fix regression leading to `-allow-vendor-change` and `no-allow-vendor-change` options being ignored (bsc#1201972) - Remove migration code that is no longer needed (bsc#1203649) - Store logrotate files in vendor specif directory '/usr/etc/logrotate.d' if so defined zypper: - Fix contradiction in the man page: `--download-in-advance` option is the default behavior - Fix regression leading to `-allow-vendor-change` and `no-allow-vendor-change` options being ignored (bsc#1201972) - Fix tests to use locale 'C.UTF-8' rather than 'en_US' - Make sure 'up' respects solver related CLI options (bsc#1201972) - Remove unneeded code to compute the PPP status because it is now auto established - Store logrotate files in vendor specif directory '/usr/etc/logrotate.d' if so defined ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3683-1 Released: Fri Oct 21 11:48:39 2022 Summary: Security update for libksba Type: security Severity: critical References: 1204357,CVE-2022-3515 This update for libksba fixes the following issues: - CVE-2022-3515: Fixed a possible overflow in the TLV parser (bsc#1204357). The following package changes have been done: - aaa_base-84.87+git20180409.04c9dae-150300.10.3.1 updated - glibc-2.31-150300.41.1 updated - libassuan0-2.5.5-150000.4.3.1 updated - libeconf0-0.4.4+git20220104.962774f-150300.3.8.1 updated - libgcc_s1-11.3.0+git1637-150000.1.11.2 updated - libksba8-1.3.5-150000.4.3.1 updated - libsqlite3-0-3.39.3-150000.3.17.1 updated - libstdc++6-11.3.0+git1637-150000.1.11.2 updated - libtirpc-netconfig-1.2.6-150300.3.14.1 updated - libtirpc3-1.2.6-150300.3.14.1 updated - libzypp-17.31.2-150200.45.1 updated - perl-base-5.26.1-150300.17.11.1 updated - permissions-20181225-150200.23.15.1 updated - rpm-ndb-4.14.3-150300.49.1 updated - zypper-1.14.57-150200.39.1 updated - container:sles15-image-15.0.0-17.20.52 updated From sle-updates at lists.suse.com Tue Oct 25 07:21:15 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 25 Oct 2022 09:21:15 +0200 (CEST) Subject: SUSE-CU-2022:2665-1: Security update of ses/7.1/ceph/prometheus-node-exporter Message-ID: <20221025072115.44033F78D@maintenance.suse.de> SUSE Container Update Advisory: ses/7.1/ceph/prometheus-node-exporter ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2665-1 Container Tags : ses/7.1/ceph/prometheus-node-exporter:1.3.0 , ses/7.1/ceph/prometheus-node-exporter:1.3.0.3.2.248 , ses/7.1/ceph/prometheus-node-exporter:latest , ses/7.1/ceph/prometheus-node-exporter:sle15.3.pacific Container Release : 3.2.248 Severity : critical Type : security References : 1047178 1189282 1189802 1195773 1196652 1199140 1199492 1199895 1200993 1201092 1201576 1201638 1201680 1201783 1201942 1201972 1203018 1203649 1204357 CVE-2017-6512 CVE-2021-36690 CVE-2021-46828 CVE-2022-31252 CVE-2022-3515 CVE-2022-35737 ----------------------------------------------------------------- The container ses/7.1/ceph/prometheus-node-exporter was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3179-1 Released: Thu Sep 8 09:37:41 2022 Summary: Recommended update for golang-github-prometheus-node_exporter Type: recommended Severity: moderate References: 1196652 This update for golang-github-prometheus-node_exporter fixes the following issues: - Exclude s390 arch. - Update spec file in order to make --version work (bsc#1196652) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3215-1 Released: Thu Sep 8 15:58:27 2022 Summary: Recommended update for rpm Type: recommended Severity: moderate References: This update for rpm fixes the following issues: - Support Ed25519 RPM signatures [jsc#SLE-24714] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3223-1 Released: Fri Sep 9 04:33:35 2022 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1199895,1200993,1201092,1201576,1201638 This update for libzypp, zypper fixes the following issues: libzypp: - Improve handling of package locks, allowing to reset the status of its initial state (bsc#1199895) - Fix issues when receiving exceptions from curl_easy_cleanup (bsc#1201092) - Don't auto-flag kernel-firmware as 'reboot-needed' (bsc#1200993) - Remove Medianetwork and its dependent code. First reason for this is that MediaNetwork was just meant as a way to test the new CURL based downloaded. Second the Provide API is going to completely replace the current media backend. zypper: - Truncate the 'Name' column when using `zypper lr`, if the table is wider than the terminal (bsc#1201638) - Reject install/remove modifier without argument (bsc#1201576) - zypper-download: Handle unresolvable arguments as errors - Put signing key supplying repository name in quotes ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3262-1 Released: Tue Sep 13 15:34:29 2022 Summary: Recommended update for gcc11 Type: recommended Severity: moderate References: 1199140 This update for gcc11 ships some missing 32bit libraries for s390x. (bsc#1199140) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3271-1 Released: Wed Sep 14 06:45:39 2022 Summary: Security update for perl Type: security Severity: moderate References: 1047178,CVE-2017-6512 This update for perl fixes the following issues: - CVE-2017-6512: Fixed File::Path rmtree/remove_tree race condition (bsc#1047178). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3276-1 Released: Thu Sep 15 06:15:29 2022 Summary: This update fixes the following issues: Type: recommended Severity: moderate References: Implement ECO jsc#SLE-20950 to fix the channel configuration for libeconf-devel having L3 support (instead of unsupported). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3304-1 Released: Mon Sep 19 11:43:25 2022 Summary: Recommended update for libassuan Type: recommended Severity: moderate References: This update for libassuan fixes the following issues: - Add a timeout for writing to a SOCKS5 proxy - Add workaround for a problem with LD_LIBRARY_PATH on newer systems - Fix issue in the logging code - Fix some build trivialities - Upgrade autoconf ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3305-1 Released: Mon Sep 19 11:45:57 2022 Summary: Security update for libtirpc Type: security Severity: important References: 1201680,CVE-2021-46828 This update for libtirpc fixes the following issues: - CVE-2021-46828: Fixed denial of service vulnerability with lots of connections (bsc#1201680). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3307-1 Released: Mon Sep 19 13:26:51 2022 Summary: Security update for sqlite3 Type: security Severity: moderate References: 1189802,1195773,1201783,CVE-2021-36690,CVE-2022-35737 This update for sqlite3 fixes the following issues: - CVE-2022-35737: Fixed an array-bounds overflow if billions of bytes are used in a string argument to a C API (bnc#1201783). - CVE-2021-36690: Fixed an issue with the SQLite Expert extension when a column has no collating sequence (bsc#1189802). - Package the Tcl bindings here again so that we only ship one copy of SQLite (bsc#1195773). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3394-1 Released: Mon Sep 26 16:05:19 2022 Summary: Security update for permissions Type: security Severity: moderate References: 1203018,CVE-2022-31252 This update for permissions fixes the following issues: - CVE-2022-31252: Fixed chkstat group controlled paths (bsc#1203018). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3452-1 Released: Wed Sep 28 12:13:43 2022 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1201942 This update for glibc fixes the following issues: - Reversing calculation of __x86_shared_non_temporal_threshold (bsc#1201942) - powerpc: Optimized memcmp for power10 (jsc#PED-987) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3555-1 Released: Mon Oct 10 14:05:12 2022 Summary: Recommended update for aaa_base Type: recommended Severity: important References: 1199492 This update for aaa_base fixes the following issues: - The wrapper rootsh is not a restricted shell. (bsc#1199492) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3565-1 Released: Tue Oct 11 16:17:38 2022 Summary: Recommended update for libzypp, zypper Type: recommended Severity: critical References: 1189282,1201972,1203649 This update for libzypp, zypper fixes the following issues: libzypp: - Enable 'zck' support for SUSE Linux Enterprise 15 Service Pack 4 and newer (bsc#1189282) - Fix regression leading to `-allow-vendor-change` and `no-allow-vendor-change` options being ignored (bsc#1201972) - Remove migration code that is no longer needed (bsc#1203649) - Store logrotate files in vendor specif directory '/usr/etc/logrotate.d' if so defined zypper: - Fix contradiction in the man page: `--download-in-advance` option is the default behavior - Fix regression leading to `-allow-vendor-change` and `no-allow-vendor-change` options being ignored (bsc#1201972) - Fix tests to use locale 'C.UTF-8' rather than 'en_US' - Make sure 'up' respects solver related CLI options (bsc#1201972) - Remove unneeded code to compute the PPP status because it is now auto established - Store logrotate files in vendor specif directory '/usr/etc/logrotate.d' if so defined ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3683-1 Released: Fri Oct 21 11:48:39 2022 Summary: Security update for libksba Type: security Severity: critical References: 1204357,CVE-2022-3515 This update for libksba fixes the following issues: - CVE-2022-3515: Fixed a possible overflow in the TLV parser (bsc#1204357). The following package changes have been done: - aaa_base-84.87+git20180409.04c9dae-150300.10.3.1 updated - glibc-2.31-150300.41.1 updated - golang-github-prometheus-node_exporter-1.3.0-150100.3.15.1 updated - libassuan0-2.5.5-150000.4.3.1 updated - libeconf0-0.4.4+git20220104.962774f-150300.3.8.1 updated - libgcc_s1-11.3.0+git1637-150000.1.11.2 updated - libksba8-1.3.5-150000.4.3.1 updated - libsqlite3-0-3.39.3-150000.3.17.1 updated - libstdc++6-11.3.0+git1637-150000.1.11.2 updated - libtirpc-netconfig-1.2.6-150300.3.14.1 updated - libtirpc3-1.2.6-150300.3.14.1 updated - libzypp-17.31.2-150200.45.1 updated - perl-base-5.26.1-150300.17.11.1 updated - permissions-20181225-150200.23.15.1 updated - rpm-ndb-4.14.3-150300.49.1 updated - zypper-1.14.57-150200.39.1 updated - container:sles15-image-15.0.0-17.20.52 updated From sle-updates at lists.suse.com Tue Oct 25 07:21:31 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 25 Oct 2022 09:21:31 +0200 (CEST) Subject: SUSE-CU-2022:2666-1: Security update of ses/7.1/ceph/prometheus-server Message-ID: <20221025072131.D4351F78D@maintenance.suse.de> SUSE Container Update Advisory: ses/7.1/ceph/prometheus-server ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2666-1 Container Tags : ses/7.1/ceph/prometheus-server:2.32.1 , ses/7.1/ceph/prometheus-server:2.32.1.3.2.240 , ses/7.1/ceph/prometheus-server:latest , ses/7.1/ceph/prometheus-server:sle15.3.pacific Container Release : 3.2.240 Severity : critical Type : security References : 1047178 1189282 1189802 1195773 1199140 1199492 1199895 1200993 1201092 1201576 1201638 1201680 1201783 1201942 1201972 1203018 1203649 1204357 CVE-2017-6512 CVE-2021-36690 CVE-2021-46828 CVE-2022-31252 CVE-2022-3515 CVE-2022-35737 ----------------------------------------------------------------- The container ses/7.1/ceph/prometheus-server was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3215-1 Released: Thu Sep 8 15:58:27 2022 Summary: Recommended update for rpm Type: recommended Severity: moderate References: This update for rpm fixes the following issues: - Support Ed25519 RPM signatures [jsc#SLE-24714] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3223-1 Released: Fri Sep 9 04:33:35 2022 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1199895,1200993,1201092,1201576,1201638 This update for libzypp, zypper fixes the following issues: libzypp: - Improve handling of package locks, allowing to reset the status of its initial state (bsc#1199895) - Fix issues when receiving exceptions from curl_easy_cleanup (bsc#1201092) - Don't auto-flag kernel-firmware as 'reboot-needed' (bsc#1200993) - Remove Medianetwork and its dependent code. First reason for this is that MediaNetwork was just meant as a way to test the new CURL based downloaded. Second the Provide API is going to completely replace the current media backend. zypper: - Truncate the 'Name' column when using `zypper lr`, if the table is wider than the terminal (bsc#1201638) - Reject install/remove modifier without argument (bsc#1201576) - zypper-download: Handle unresolvable arguments as errors - Put signing key supplying repository name in quotes ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3262-1 Released: Tue Sep 13 15:34:29 2022 Summary: Recommended update for gcc11 Type: recommended Severity: moderate References: 1199140 This update for gcc11 ships some missing 32bit libraries for s390x. (bsc#1199140) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3271-1 Released: Wed Sep 14 06:45:39 2022 Summary: Security update for perl Type: security Severity: moderate References: 1047178,CVE-2017-6512 This update for perl fixes the following issues: - CVE-2017-6512: Fixed File::Path rmtree/remove_tree race condition (bsc#1047178). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3276-1 Released: Thu Sep 15 06:15:29 2022 Summary: This update fixes the following issues: Type: recommended Severity: moderate References: Implement ECO jsc#SLE-20950 to fix the channel configuration for libeconf-devel having L3 support (instead of unsupported). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3304-1 Released: Mon Sep 19 11:43:25 2022 Summary: Recommended update for libassuan Type: recommended Severity: moderate References: This update for libassuan fixes the following issues: - Add a timeout for writing to a SOCKS5 proxy - Add workaround for a problem with LD_LIBRARY_PATH on newer systems - Fix issue in the logging code - Fix some build trivialities - Upgrade autoconf ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3305-1 Released: Mon Sep 19 11:45:57 2022 Summary: Security update for libtirpc Type: security Severity: important References: 1201680,CVE-2021-46828 This update for libtirpc fixes the following issues: - CVE-2021-46828: Fixed denial of service vulnerability with lots of connections (bsc#1201680). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3307-1 Released: Mon Sep 19 13:26:51 2022 Summary: Security update for sqlite3 Type: security Severity: moderate References: 1189802,1195773,1201783,CVE-2021-36690,CVE-2022-35737 This update for sqlite3 fixes the following issues: - CVE-2022-35737: Fixed an array-bounds overflow if billions of bytes are used in a string argument to a C API (bnc#1201783). - CVE-2021-36690: Fixed an issue with the SQLite Expert extension when a column has no collating sequence (bsc#1189802). - Package the Tcl bindings here again so that we only ship one copy of SQLite (bsc#1195773). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3394-1 Released: Mon Sep 26 16:05:19 2022 Summary: Security update for permissions Type: security Severity: moderate References: 1203018,CVE-2022-31252 This update for permissions fixes the following issues: - CVE-2022-31252: Fixed chkstat group controlled paths (bsc#1203018). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3452-1 Released: Wed Sep 28 12:13:43 2022 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1201942 This update for glibc fixes the following issues: - Reversing calculation of __x86_shared_non_temporal_threshold (bsc#1201942) - powerpc: Optimized memcmp for power10 (jsc#PED-987) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3555-1 Released: Mon Oct 10 14:05:12 2022 Summary: Recommended update for aaa_base Type: recommended Severity: important References: 1199492 This update for aaa_base fixes the following issues: - The wrapper rootsh is not a restricted shell. (bsc#1199492) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3565-1 Released: Tue Oct 11 16:17:38 2022 Summary: Recommended update for libzypp, zypper Type: recommended Severity: critical References: 1189282,1201972,1203649 This update for libzypp, zypper fixes the following issues: libzypp: - Enable 'zck' support for SUSE Linux Enterprise 15 Service Pack 4 and newer (bsc#1189282) - Fix regression leading to `-allow-vendor-change` and `no-allow-vendor-change` options being ignored (bsc#1201972) - Remove migration code that is no longer needed (bsc#1203649) - Store logrotate files in vendor specif directory '/usr/etc/logrotate.d' if so defined zypper: - Fix contradiction in the man page: `--download-in-advance` option is the default behavior - Fix regression leading to `-allow-vendor-change` and `no-allow-vendor-change` options being ignored (bsc#1201972) - Fix tests to use locale 'C.UTF-8' rather than 'en_US' - Make sure 'up' respects solver related CLI options (bsc#1201972) - Remove unneeded code to compute the PPP status because it is now auto established - Store logrotate files in vendor specif directory '/usr/etc/logrotate.d' if so defined ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3683-1 Released: Fri Oct 21 11:48:39 2022 Summary: Security update for libksba Type: security Severity: critical References: 1204357,CVE-2022-3515 This update for libksba fixes the following issues: - CVE-2022-3515: Fixed a possible overflow in the TLV parser (bsc#1204357). The following package changes have been done: - aaa_base-84.87+git20180409.04c9dae-150300.10.3.1 updated - glibc-2.31-150300.41.1 updated - libassuan0-2.5.5-150000.4.3.1 updated - libeconf0-0.4.4+git20220104.962774f-150300.3.8.1 updated - libgcc_s1-11.3.0+git1637-150000.1.11.2 updated - libksba8-1.3.5-150000.4.3.1 updated - libsqlite3-0-3.39.3-150000.3.17.1 updated - libstdc++6-11.3.0+git1637-150000.1.11.2 updated - libtirpc-netconfig-1.2.6-150300.3.14.1 updated - libtirpc3-1.2.6-150300.3.14.1 updated - libzypp-17.31.2-150200.45.1 updated - perl-base-5.26.1-150300.17.11.1 updated - permissions-20181225-150200.23.15.1 updated - rpm-ndb-4.14.3-150300.49.1 updated - zypper-1.14.57-150200.39.1 updated - container:sles15-image-15.0.0-17.20.52 updated From sle-updates at lists.suse.com Tue Oct 25 07:22:16 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 25 Oct 2022 09:22:16 +0200 (CEST) Subject: SUSE-CU-2022:2667-1: Security update of ses/7.1/rook/ceph Message-ID: <20221025072216.1C4C8F78D@maintenance.suse.de> SUSE Container Update Advisory: ses/7.1/rook/ceph ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2667-1 Container Tags : ses/7.1/rook/ceph:1.8.10 , ses/7.1/rook/ceph:1.8.10.0 , ses/7.1/rook/ceph:1.8.10.0.4.5.202 , ses/7.1/rook/ceph:latest , ses/7.1/rook/ceph:sle15.3.pacific Container Release : 4.5.202 Severity : critical Type : security References : 1181994 1188006 1189282 1189802 1195773 1199079 1199492 1201680 1201783 1201942 1201972 1202624 1202868 1203018 1203438 1203649 1204357 CVE-2021-28861 CVE-2021-36690 CVE-2021-46828 CVE-2022-31252 CVE-2022-3515 CVE-2022-35737 CVE-2022-40674 ----------------------------------------------------------------- The container ses/7.1/rook/ceph was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3276-1 Released: Thu Sep 15 06:15:29 2022 Summary: This update fixes the following issues: Type: recommended Severity: moderate References: Implement ECO jsc#SLE-20950 to fix the channel configuration for libeconf-devel having L3 support (instead of unsupported). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3304-1 Released: Mon Sep 19 11:43:25 2022 Summary: Recommended update for libassuan Type: recommended Severity: moderate References: This update for libassuan fixes the following issues: - Add a timeout for writing to a SOCKS5 proxy - Add workaround for a problem with LD_LIBRARY_PATH on newer systems - Fix issue in the logging code - Fix some build trivialities - Upgrade autoconf ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3305-1 Released: Mon Sep 19 11:45:57 2022 Summary: Security update for libtirpc Type: security Severity: important References: 1201680,CVE-2021-46828 This update for libtirpc fixes the following issues: - CVE-2021-46828: Fixed denial of service vulnerability with lots of connections (bsc#1201680). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3307-1 Released: Mon Sep 19 13:26:51 2022 Summary: Security update for sqlite3 Type: security Severity: moderate References: 1189802,1195773,1201783,CVE-2021-36690,CVE-2022-35737 This update for sqlite3 fixes the following issues: - CVE-2022-35737: Fixed an array-bounds overflow if billions of bytes are used in a string argument to a C API (bnc#1201783). - CVE-2021-36690: Fixed an issue with the SQLite Expert extension when a column has no collating sequence (bsc#1189802). - Package the Tcl bindings here again so that we only ship one copy of SQLite (bsc#1195773). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3394-1 Released: Mon Sep 26 16:05:19 2022 Summary: Security update for permissions Type: security Severity: moderate References: 1203018,CVE-2022-31252 This update for permissions fixes the following issues: - CVE-2022-31252: Fixed chkstat group controlled paths (bsc#1203018). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3395-1 Released: Mon Sep 26 16:35:18 2022 Summary: Recommended update for ca-certificates-mozilla Type: recommended Severity: moderate References: 1181994,1188006,1199079,1202868 This update for ca-certificates-mozilla fixes the following issues: Updated to 2.56 state of Mozilla SSL root CAs (bsc#1202868) - Added: - Certainly Root E1 - Certainly Root R1 - DigiCert SMIME ECC P384 Root G5 - DigiCert SMIME RSA4096 Root G5 - DigiCert TLS ECC P384 Root G5 - DigiCert TLS RSA4096 Root G5 - E-Tugra Global Root CA ECC v3 - E-Tugra Global Root CA RSA v3 - Removed: - Hellenic Academic and Research Institutions RootCA 2011 Updated to 2.54 state of Mozilla SSL root CAs (bsc#1199079) - Added: - Autoridad de Certificacion Firmaprofesional CIF A62634068 - D-TRUST BR Root CA 1 2020 - D-TRUST EV Root CA 1 2020 - GlobalSign ECC Root CA R4 - GTS Root R1 - GTS Root R2 - GTS Root R3 - GTS Root R4 - HiPKI Root CA - G1 - ISRG Root X2 - Telia Root CA v2 - vTrus ECC Root CA - vTrus Root CA - Removed: - Cybertrust Global Root - DST Root CA X3 - DigiNotar PKIoverheid CA Organisatie - G2 - GlobalSign ECC Root CA R4 - GlobalSign Root CA R2 - GTS Root R1 - GTS Root R2 - GTS Root R3 - GTS Root R4 Updated to 2.50 state of the Mozilla NSS Certificate store (bsc#1188006) - Added: - HARICA Client ECC Root CA 2021 - HARICA Client RSA Root CA 2021 - HARICA TLS ECC Root CA 2021 - HARICA TLS RSA Root CA 2021 - TunTrust Root CA Updated to 2.46 state of the Mozilla NSS Certificate store (bsc#1181994) - Added new root CAs: - NAVER Global Root Certification Authority - Removed old root CAs: - GeoTrust Global CA - GeoTrust Primary Certification Authority - GeoTrust Primary Certification Authority - G3 - GeoTrust Universal CA - GeoTrust Universal CA 2 - thawte Primary Root CA - thawte Primary Root CA - G2 - thawte Primary Root CA - G3 - VeriSign Class 3 Public Primary Certification Authority - G4 - VeriSign Class 3 Public Primary Certification Authority - G5 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3452-1 Released: Wed Sep 28 12:13:43 2022 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1201942 This update for glibc fixes the following issues: - Reversing calculation of __x86_shared_non_temporal_threshold (bsc#1201942) - powerpc: Optimized memcmp for power10 (jsc#PED-987) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3544-1 Released: Thu Oct 6 13:48:42 2022 Summary: Security update for python3 Type: security Severity: important References: 1202624,CVE-2021-28861 This update for python3 fixes the following issues: - CVE-2021-28861: Fixed an open redirection vulnerability in the HTTP server when an URI path starts with // (bsc#1202624). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3555-1 Released: Mon Oct 10 14:05:12 2022 Summary: Recommended update for aaa_base Type: recommended Severity: important References: 1199492 This update for aaa_base fixes the following issues: - The wrapper rootsh is not a restricted shell. (bsc#1199492) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3565-1 Released: Tue Oct 11 16:17:38 2022 Summary: Recommended update for libzypp, zypper Type: recommended Severity: critical References: 1189282,1201972,1203649 This update for libzypp, zypper fixes the following issues: libzypp: - Enable 'zck' support for SUSE Linux Enterprise 15 Service Pack 4 and newer (bsc#1189282) - Fix regression leading to `-allow-vendor-change` and `no-allow-vendor-change` options being ignored (bsc#1201972) - Remove migration code that is no longer needed (bsc#1203649) - Store logrotate files in vendor specif directory '/usr/etc/logrotate.d' if so defined zypper: - Fix contradiction in the man page: `--download-in-advance` option is the default behavior - Fix regression leading to `-allow-vendor-change` and `no-allow-vendor-change` options being ignored (bsc#1201972) - Fix tests to use locale 'C.UTF-8' rather than 'en_US' - Make sure 'up' respects solver related CLI options (bsc#1201972) - Remove unneeded code to compute the PPP status because it is now auto established - Store logrotate files in vendor specif directory '/usr/etc/logrotate.d' if so defined ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3597-1 Released: Mon Oct 17 13:13:16 2022 Summary: Security update for expat Type: security Severity: important References: 1203438,CVE-2022-40674 This update for expat fixes the following issues: - CVE-2022-40674: Fixed use-after-free in the doContent function in xmlparse.c (bsc#1203438). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3683-1 Released: Fri Oct 21 11:48:39 2022 Summary: Security update for libksba Type: security Severity: critical References: 1204357,CVE-2022-3515 This update for libksba fixes the following issues: - CVE-2022-3515: Fixed a possible overflow in the TLV parser (bsc#1204357). The following package changes have been done: - aaa_base-84.87+git20180409.04c9dae-150300.10.3.1 updated - ca-certificates-mozilla-2.56-150200.24.1 updated - glibc-locale-base-2.31-150300.41.1 updated - glibc-2.31-150300.41.1 updated - libassuan0-2.5.5-150000.4.3.1 updated - libeconf0-0.4.4+git20220104.962774f-150300.3.8.1 updated - libexpat1-2.2.5-150000.3.22.1 updated - libksba8-1.3.5-150000.4.3.1 updated - libpython3_6m1_0-3.6.15-150300.10.30.1 updated - libsqlite3-0-3.39.3-150000.3.17.1 updated - libtirpc-netconfig-1.2.6-150300.3.14.1 updated - libtirpc3-1.2.6-150300.3.14.1 updated - libzypp-17.31.2-150200.45.1 updated - permissions-20181225-150200.23.15.1 updated - python3-base-3.6.15-150300.10.30.1 updated - python3-curses-3.6.15-150300.10.30.1 updated - python3-3.6.15-150300.10.30.1 updated - zypper-1.14.57-150200.39.1 updated - container:sles15-image-15.0.0-17.20.52 updated From sle-updates at lists.suse.com Tue Oct 25 13:21:14 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 25 Oct 2022 15:21:14 +0200 (CEST) Subject: SUSE-RU-2022:3721-1: moderate: Recommended update for osinfo-db Message-ID: <20221025132114.DF370FDB8@maintenance.suse.de> SUSE Recommended Update: Recommended update for osinfo-db ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:3721-1 Rating: moderate References: Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server for SAP 15-SP1 ______________________________________________________________________________ An update that has 0 recommended fixes can now be installed. Description: This update for osinfo-db fixes the following issues: - Add support for openSUSE Leap 15.5, SLES 15.5, and SLE Micro 5.3 Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-3721=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-3721=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-3721=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-3721=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-3721=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-3721=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Server for SAP 15-SP1 (noarch): osinfo-db-20220214-150100.3.12.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (noarch): osinfo-db-20220214-150100.3.12.1 - SUSE Linux Enterprise Server 15-SP1-BCL (noarch): osinfo-db-20220214-150100.3.12.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch): osinfo-db-20220214-150100.3.12.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (noarch): osinfo-db-20220214-150100.3.12.1 - SUSE Enterprise Storage 6 (noarch): osinfo-db-20220214-150100.3.12.1 - SUSE CaaS Platform 4.0 (noarch): osinfo-db-20220214-150100.3.12.1 References: From sle-updates at lists.suse.com Tue Oct 25 13:22:09 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 25 Oct 2022 15:22:09 +0200 (CEST) Subject: SUSE-SU-2022:3547-1: important: Security update for jdom Message-ID: <20221025132209.DC052FDB8@maintenance.suse.de> SUSE Security Update: Security update for jdom ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3547-1 Rating: important References: #1187446 Cross-References: CVE-2021-33813 CVSS scores: CVE-2021-33813 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-33813 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server for SAP 15-SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for jdom fixes the following issues: - CVE-2021-33813: Fixed XXE issue in SAXBuilder can cause a denial of service via a crafted HTTP request (bsc#1187446). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-3547=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-3547=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-3547=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-3547=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-3547=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-3547=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-3547=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-3547=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-3547=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-3547=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Server for SAP 15-SP1 (noarch): jaxen-1.1.1-150000.5.3.1 jdom-1.1-150000.5.3.1 - SUSE Linux Enterprise Server for SAP 15 (noarch): jaxen-1.1.1-150000.5.3.1 jdom-1.1-150000.5.3.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (noarch): jaxen-1.1.1-150000.5.3.1 jdom-1.1-150000.5.3.1 - SUSE Linux Enterprise Server 15-SP1-BCL (noarch): jaxen-1.1.1-150000.5.3.1 jdom-1.1-150000.5.3.1 - SUSE Linux Enterprise Server 15-LTSS (noarch): jaxen-1.1.1-150000.5.3.1 jdom-1.1-150000.5.3.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch): jaxen-1.1.1-150000.5.3.1 jdom-1.1-150000.5.3.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (noarch): jaxen-1.1.1-150000.5.3.1 jdom-1.1-150000.5.3.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch): jaxen-1.1.1-150000.5.3.1 jdom-1.1-150000.5.3.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch): jaxen-1.1.1-150000.5.3.1 jdom-1.1-150000.5.3.1 - SUSE Enterprise Storage 6 (noarch): jaxen-1.1.1-150000.5.3.1 jdom-1.1-150000.5.3.1 - SUSE CaaS Platform 4.0 (noarch): jaxen-1.1.1-150000.5.3.1 jdom-1.1-150000.5.3.1 References: https://www.suse.com/security/cve/CVE-2021-33813.html https://bugzilla.suse.com/1187446 From sle-updates at lists.suse.com Tue Oct 25 13:23:16 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 25 Oct 2022 15:23:16 +0200 (CEST) Subject: SUSE-SU-2022:3718-1: important: Security update for bluez Message-ID: <20221025132316.BCC7FFDB8@maintenance.suse.de> SUSE Security Update: Security update for bluez ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3718-1 Rating: important References: #1013885 #1193237 Cross-References: CVE-2016-9803 CVE-2019-8921 CVSS scores: CVE-2016-9803 (NVD) : 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2016-9803 (SUSE): 2.5 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2019-8921 (NVD) : 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2019-8921 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Affected Products: SUSE Linux Enterprise Desktop 12-SP5 SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Workstation Extension 12-SP5 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for bluez fixes the following issues: - CVE-2019-8921: Fixed heap-based buffer overflow via crafted request (bsc#1193237). - CVE-2016-9803: Fixed memory leak (bsc#1013885). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-3718=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2022-3718=1 - SUSE Linux Enterprise Workstation Extension 12-SP5: zypper in -t patch SUSE-SLE-WE-12-SP5-2022-3718=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-3718=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-3718=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-3718=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-3718=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2022-3718=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2022-3718=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): bluez-5.13-5.31.1 bluez-debuginfo-5.13-5.31.1 bluez-debugsource-5.13-5.31.1 libbluetooth3-5.13-5.31.1 libbluetooth3-debuginfo-5.13-5.31.1 - SUSE OpenStack Cloud 9 (x86_64): bluez-5.13-5.31.1 bluez-debuginfo-5.13-5.31.1 bluez-debugsource-5.13-5.31.1 libbluetooth3-5.13-5.31.1 libbluetooth3-debuginfo-5.13-5.31.1 - SUSE Linux Enterprise Workstation Extension 12-SP5 (x86_64): bluez-cups-5.13-5.31.1 bluez-cups-debuginfo-5.13-5.31.1 bluez-debuginfo-5.13-5.31.1 bluez-debugsource-5.13-5.31.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): bluez-debuginfo-5.13-5.31.1 bluez-debugsource-5.13-5.31.1 bluez-devel-5.13-5.31.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): bluez-5.13-5.31.1 bluez-debuginfo-5.13-5.31.1 bluez-debugsource-5.13-5.31.1 libbluetooth3-5.13-5.31.1 libbluetooth3-debuginfo-5.13-5.31.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): bluez-5.13-5.31.1 bluez-debuginfo-5.13-5.31.1 bluez-debugsource-5.13-5.31.1 libbluetooth3-5.13-5.31.1 libbluetooth3-debuginfo-5.13-5.31.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): bluez-5.13-5.31.1 bluez-debuginfo-5.13-5.31.1 bluez-debugsource-5.13-5.31.1 libbluetooth3-5.13-5.31.1 libbluetooth3-debuginfo-5.13-5.31.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): bluez-5.13-5.31.1 bluez-debuginfo-5.13-5.31.1 bluez-debugsource-5.13-5.31.1 libbluetooth3-5.13-5.31.1 libbluetooth3-debuginfo-5.13-5.31.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): bluez-5.13-5.31.1 bluez-debuginfo-5.13-5.31.1 bluez-debugsource-5.13-5.31.1 libbluetooth3-5.13-5.31.1 libbluetooth3-debuginfo-5.13-5.31.1 References: https://www.suse.com/security/cve/CVE-2016-9803.html https://www.suse.com/security/cve/CVE-2019-8921.html https://bugzilla.suse.com/1013885 https://bugzilla.suse.com/1193237 From sle-updates at lists.suse.com Tue Oct 25 13:24:21 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 25 Oct 2022 15:24:21 +0200 (CEST) Subject: SUSE-SU-2022:3724-1: important: Security update for libosip2 Message-ID: <20221025132421.B9FA5FDB8@maintenance.suse.de> SUSE Security Update: Security update for libosip2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3724-1 Rating: important References: #1204225 Cross-References: CVE-2022-41550 CVSS scores: CVE-2022-41550 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2022-41550 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Desktop 12-SP5 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Workstation Extension 12-SP5 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for libosip2 fixes the following issues: - CVE-2022-41550: Fixed an integer overflow in osip_body_parse_header (bsc#1204225). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP5: zypper in -t patch SUSE-SLE-WE-12-SP5-2022-3724=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-3724=1 Package List: - SUSE Linux Enterprise Workstation Extension 12-SP5 (x86_64): libosip2-3.5.0-21.3.1 libosip2-debuginfo-3.5.0-21.3.1 libosip2-debugsource-3.5.0-21.3.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): libosip2-3.5.0-21.3.1 libosip2-debuginfo-3.5.0-21.3.1 libosip2-debugsource-3.5.0-21.3.1 libosip2-devel-3.5.0-21.3.1 References: https://www.suse.com/security/cve/CVE-2022-41550.html https://bugzilla.suse.com/1204225 From sle-updates at lists.suse.com Tue Oct 25 13:25:02 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 25 Oct 2022 15:25:02 +0200 (CEST) Subject: SUSE-RU-2022:3723-1: moderate: Recommended update for osinfo-db Message-ID: <20221025132502.50065FDB8@maintenance.suse.de> SUSE Recommended Update: Recommended update for osinfo-db ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:3723-1 Rating: moderate References: Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that has 0 recommended fixes can now be installed. Description: This update for osinfo-db fixes the following issues: - Add support for openSUSE Leap 15.5, SLES 15.5, and SLE Micro 5.2/3 Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-3723=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (noarch): osinfo-db-20210621-3.6.1 References: From sle-updates at lists.suse.com Tue Oct 25 13:25:47 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 25 Oct 2022 15:25:47 +0200 (CEST) Subject: SUSE-RU-2022:3722-1: moderate: Recommended update for osinfo-db Message-ID: <20221025132547.3C804FDB8@maintenance.suse.de> SUSE Recommended Update: Recommended update for osinfo-db ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:3722-1 Rating: moderate References: Affected Products: SUSE Enterprise Storage 7 SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Manager Proxy 4.1 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1 ______________________________________________________________________________ An update that has 0 recommended fixes can now be installed. Description: This update for osinfo-db fixes the following issues: - Add support for openSUSE Leap 15.5, SLES 15.5, and SLE Micro 5.3 Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-3722=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-3722=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-3722=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-3722=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-3722=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-3722=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-3722=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-3722=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-3722=1 Package List: - SUSE Manager Server 4.1 (noarch): osinfo-db-20220214-150200.5.9.1 - SUSE Manager Retail Branch Server 4.1 (noarch): osinfo-db-20220214-150200.5.9.1 - SUSE Manager Proxy 4.1 (noarch): osinfo-db-20220214-150200.5.9.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (noarch): osinfo-db-20220214-150200.5.9.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (noarch): osinfo-db-20220214-150200.5.9.1 - SUSE Linux Enterprise Server 15-SP2-BCL (noarch): osinfo-db-20220214-150200.5.9.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (noarch): osinfo-db-20220214-150200.5.9.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (noarch): osinfo-db-20220214-150200.5.9.1 - SUSE Enterprise Storage 7 (noarch): osinfo-db-20220214-150200.5.9.1 References: From sle-updates at lists.suse.com Tue Oct 25 13:26:31 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 25 Oct 2022 15:26:31 +0200 (CEST) Subject: SUSE-RU-2022:3720-1: important: Recommended update for ceph-csi, csi-external-attacher, csi-external-provisioner, csi-external-resizer, csi-external-snapshotter, csi-node-driver-registrar, rook, rook-helm Message-ID: <20221025132631.1E113FDB8@maintenance.suse.de> SUSE Recommended Update: Recommended update for ceph-csi, csi-external-attacher, csi-external-provisioner, csi-external-resizer, csi-external-snapshotter, csi-node-driver-registrar, rook, rook-helm ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:3720-1 Rating: important References: #1203599 #1204072 Affected Products: SUSE Enterprise Storage 7.1 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for ceph-csi, csi-external-attacher, csi-external-provisioner, csi-external-resizer, csi-external-snapshotter, csi-node-driver-registrar, rook, rook-helm fixes the following issues: - Regular upgarde bsc#1204072 - Due to bsc#1203599 we need to build with go1.18 - Update to v1.10.1 Rook v1.10.1 is a patch release limited in scope and focusing on feature additions and bug fixes to the Ceph operator. * nfs: Add support for NFS snapshots, restore clone & resize * docs: Warn to upgrade Helm chart to 1.9.10 before upgrading to K8s 1.25 * operator: Improve ProbeHandler error message * helm: Set OBC storageclass name to correct namespace. If the operator is in a different namespace from the cluster, will require deleting the OBC storage class before upgrade. * manifest: Fix unexpected end of stream * rbd-mirror: Move volume replication sidecar to CSI-Addons * csi: Trigger CSI driver reconcile for every update to the configmap rook-ceph-operator-config * csi: Use cephcsi image for nfs nodeserver + holder design * osd: Small refactor for maintainability * csi: Change the default fsgroup policy for CSI driver object to File * csi: Fix holder pod creation in openshift multus cluster * docs: Sharing a CephFS PVC across namespaces * docs: Add example for configuring pg_num and pgp_num * osd: Disallow to create OSDs on an LV with metadata device * docs: Add missed sssdConfigFile params for NFS CRD - Upgrade to v1.10 To upgrade from previous versions of Rook, see the Ceph upgrade guide. - Breaking Changes - Remove support for Ceph Octopus (v15). Before upgrading to v1.10 please confirm you are running on at least v16. - Minimum K8s version supported is v1.19. - Features - The Ceph-CSI driver v3.7 is the default driver configured with Rook. See all the new CSI features in the v3.7 release notes. - Added support for AWS Server Side Encryption with AWS-SSE:S3 for RGW. - Added customEndpoints setting to specify a list of custom endpoint list for Object Multi-site connections in the CephObjectZone CR. - Support OSDs on logical volumes in host-based clusters in addition to raw volumes and partitions. - The toolbox pod now uses the Ceph image directly instead of the Rook image. This allows the same version of Ceph to be available in the toolbox as in your cluster. - Krew Plugin v0.2 See the new tools in the Rook Krew Plugin released recently in v0.2 as well: - Show the health of the Rook cluster: kubectl rook-ceph health - Connect to a Mon or OSD pod in debug mode: kubectl rook-ceph debug rook-ceph-osd-0 - Update to 3.7.0 Features: * KMIP integration for RBD PVC encryption * The Key Management Interoperability Protocol (KMIP) is an extensible communication protocol that defines message formats for the manipulation of cryptographic keys on a key management server. Ceph-CSI can now be configured to connect to various KMS using KMIP for encrypting RBD volumes. * NFS * Added support for volume expansion, snapshot, restore and clone. * Added NFS nodeserver within CephCSI with support for pod networking with nsenter. * Support enabling PV and snapshot metadata on the RBD images and CephFS subvolumes * For persistent volumes, clones and volume restores we support adding PVName/PVCName/PVCNamespace and ClusterName details * For snapshot volumes we support adding snapshot-name/snapshot-namespace/snapshotcontent-name and ClusterName details * Shallow Read Only support for Ceph CSI driver: * cephfs-csi expose CephFS snapshots as shallow, read-only volumes, without needing to clone the underlying snapshot data which enables users to Restore snapshots selectively - users may want to traverse snapshots, restoring data to a writable volume more selectively instead of restoring the whole snapshot and this feature also help to perform more efficient Volume backup. Enhancements: * All kubernetes sidecars ( external provisioner,snapshotter, resizer..etc) are rebased to latest available versions. Along with other dependency module updates this release consume go-ceph v0.17.0 and kubernetes 1.24.4 version. * snapshot API support has been lifted to GA version in this release. * From this release onwards, the CSI driver make use of File fsgroup policy for its fsgroup based operations. * New feature gates are enabled ( HonorPVReclaimPolicy..etc) in the sidecar deployments. Bug Fixes: * While mounting the volume, CSI drivers no longer open world wide permission on mount path ( See ). * Support linux kernels <=4.11.0, /sys/bus/rbd/supported_features is part of Linux kernel v4.11.0, prepare the supported feature attributes and use them in case if supported_features file is missing (See #2678) * Fix volume healer for StagingTargetPath issue for Kubernetes 1.24 (See #3176) * RBACs are restricted to a great extend in this release version compared to previous. The CSI driver operate on least required RBAC in a cluster from now on. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Enterprise Storage 7.1: zypper in -t patch SUSE-Storage-7.1-2022-3720=1 Package List: - SUSE Enterprise Storage 7.1 (noarch): rook-ceph-helm-charts-1.10.1+git16.a83ed27c4-150300.3.6.1 rook-k8s-yaml-1.10.1+git16.a83ed27c4-150300.3.6.1 References: https://bugzilla.suse.com/1203599 https://bugzilla.suse.com/1204072 From sle-updates at lists.suse.com Tue Oct 25 13:27:23 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 25 Oct 2022 15:27:23 +0200 (CEST) Subject: SUSE-SU-2022:3717-1: important: Security update for libxml2 Message-ID: <20221025132723.C8D14FDB8@maintenance.suse.de> SUSE Security Update: Security update for libxml2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3717-1 Rating: important References: #1201978 #1204366 #1204367 Cross-References: CVE-2016-3709 CVE-2022-40303 CVE-2022-40304 CVSS scores: CVE-2016-3709 (NVD) : 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVE-2016-3709 (SUSE): 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N CVE-2022-40303 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-40304 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for libxml2 fixes the following issues: - CVE-2016-3709: Fixed possible XSS vulnerability (bsc#1201978). - CVE-2022-40303: Fixed integer overflows with XML_PARSE_HUGE (bsc#1204366). - CVE-2022-40304: Fixed dict corruption caused by entity reference cycles (bsc#1204367). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-3717=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2022-3717=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-3717=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-3717=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-3717=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-3717=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2022-3717=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2022-3717=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (noarch): libxml2-doc-2.9.4-46.59.2 - SUSE OpenStack Cloud Crowbar 9 (x86_64): libxml2-2-2.9.4-46.59.2 libxml2-2-32bit-2.9.4-46.59.2 libxml2-2-debuginfo-2.9.4-46.59.2 libxml2-2-debuginfo-32bit-2.9.4-46.59.2 libxml2-debugsource-2.9.4-46.59.2 libxml2-tools-2.9.4-46.59.2 libxml2-tools-debuginfo-2.9.4-46.59.2 python-libxml2-2.9.4-46.59.3 python-libxml2-debuginfo-2.9.4-46.59.3 python-libxml2-debugsource-2.9.4-46.59.3 - SUSE OpenStack Cloud 9 (noarch): libxml2-doc-2.9.4-46.59.2 - SUSE OpenStack Cloud 9 (x86_64): libxml2-2-2.9.4-46.59.2 libxml2-2-32bit-2.9.4-46.59.2 libxml2-2-debuginfo-2.9.4-46.59.2 libxml2-2-debuginfo-32bit-2.9.4-46.59.2 libxml2-debugsource-2.9.4-46.59.2 libxml2-tools-2.9.4-46.59.2 libxml2-tools-debuginfo-2.9.4-46.59.2 python-libxml2-2.9.4-46.59.3 python-libxml2-debuginfo-2.9.4-46.59.3 python-libxml2-debugsource-2.9.4-46.59.3 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): libxml2-debugsource-2.9.4-46.59.2 libxml2-devel-2.9.4-46.59.2 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): libxml2-2-2.9.4-46.59.2 libxml2-2-debuginfo-2.9.4-46.59.2 libxml2-debugsource-2.9.4-46.59.2 libxml2-tools-2.9.4-46.59.2 libxml2-tools-debuginfo-2.9.4-46.59.2 python-libxml2-2.9.4-46.59.3 python-libxml2-debuginfo-2.9.4-46.59.3 python-libxml2-debugsource-2.9.4-46.59.3 - SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64): libxml2-2-32bit-2.9.4-46.59.2 libxml2-2-debuginfo-32bit-2.9.4-46.59.2 - SUSE Linux Enterprise Server for SAP 12-SP4 (noarch): libxml2-doc-2.9.4-46.59.2 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libxml2-2-2.9.4-46.59.2 libxml2-2-debuginfo-2.9.4-46.59.2 libxml2-debugsource-2.9.4-46.59.2 libxml2-tools-2.9.4-46.59.2 libxml2-tools-debuginfo-2.9.4-46.59.2 python-libxml2-2.9.4-46.59.3 python-libxml2-debuginfo-2.9.4-46.59.3 python-libxml2-debugsource-2.9.4-46.59.3 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): libxml2-2-32bit-2.9.4-46.59.2 libxml2-2-debuginfo-32bit-2.9.4-46.59.2 - SUSE Linux Enterprise Server 12-SP5 (noarch): libxml2-doc-2.9.4-46.59.2 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): libxml2-2-2.9.4-46.59.2 libxml2-2-debuginfo-2.9.4-46.59.2 libxml2-debugsource-2.9.4-46.59.2 libxml2-tools-2.9.4-46.59.2 libxml2-tools-debuginfo-2.9.4-46.59.2 python-libxml2-2.9.4-46.59.3 python-libxml2-debuginfo-2.9.4-46.59.3 python-libxml2-debugsource-2.9.4-46.59.3 - SUSE Linux Enterprise Server 12-SP4-LTSS (s390x x86_64): libxml2-2-32bit-2.9.4-46.59.2 libxml2-2-debuginfo-32bit-2.9.4-46.59.2 - SUSE Linux Enterprise Server 12-SP4-LTSS (noarch): libxml2-doc-2.9.4-46.59.2 - SUSE Linux Enterprise Server 12-SP3-BCL (noarch): libxml2-doc-2.9.4-46.59.2 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): libxml2-2-2.9.4-46.59.2 libxml2-2-32bit-2.9.4-46.59.2 libxml2-2-debuginfo-2.9.4-46.59.2 libxml2-2-debuginfo-32bit-2.9.4-46.59.2 libxml2-debugsource-2.9.4-46.59.2 libxml2-tools-2.9.4-46.59.2 libxml2-tools-debuginfo-2.9.4-46.59.2 python-libxml2-2.9.4-46.59.3 python-libxml2-debuginfo-2.9.4-46.59.3 python-libxml2-debugsource-2.9.4-46.59.3 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): libxml2-2-2.9.4-46.59.2 libxml2-2-32bit-2.9.4-46.59.2 libxml2-2-debuginfo-2.9.4-46.59.2 libxml2-2-debuginfo-32bit-2.9.4-46.59.2 libxml2-debugsource-2.9.4-46.59.2 libxml2-tools-2.9.4-46.59.2 libxml2-tools-debuginfo-2.9.4-46.59.2 python-libxml2-2.9.4-46.59.3 python-libxml2-debuginfo-2.9.4-46.59.3 python-libxml2-debugsource-2.9.4-46.59.3 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): libxml2-doc-2.9.4-46.59.2 References: https://www.suse.com/security/cve/CVE-2016-3709.html https://www.suse.com/security/cve/CVE-2022-40303.html https://www.suse.com/security/cve/CVE-2022-40304.html https://bugzilla.suse.com/1201978 https://bugzilla.suse.com/1204366 https://bugzilla.suse.com/1204367 From sle-updates at lists.suse.com Tue Oct 25 13:28:39 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 25 Oct 2022 15:28:39 +0200 (CEST) Subject: SUSE-SU-2022:3719-1: important: Security update for MozillaFirefox Message-ID: <20221025132839.5836FFDB8@maintenance.suse.de> SUSE Security Update: Security update for MozillaFirefox ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3719-1 Rating: important References: #1204421 Cross-References: CVE-2022-42927 CVE-2022-42928 CVE-2022-42929 CVE-2022-42932 CVSS scores: CVE-2022-42927 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-42928 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-42929 (SUSE): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVE-2022-42932 (SUSE): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for MozillaFirefox fixes the following issues: Updated to version 102.4.0 ESR (bsc#1204421): - CVE-2022-42927: Fixed same-origin policy violation that could have leaked cross-origin URLs. - CVE-2022-42928: Fixed memory Corruption in JS Engine. - CVE-2022-42929: Fixed denial of Service via window.print. - CVE-2022-42932: Fixed memory safety bugs. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-3719=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2022-3719=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-3719=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-3719=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-3719=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-3719=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2022-3719=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2022-3719=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): MozillaFirefox-102.4.0-112.136.3 MozillaFirefox-debuginfo-102.4.0-112.136.3 MozillaFirefox-debugsource-102.4.0-112.136.3 MozillaFirefox-devel-102.4.0-112.136.3 MozillaFirefox-translations-common-102.4.0-112.136.3 - SUSE OpenStack Cloud 9 (x86_64): MozillaFirefox-102.4.0-112.136.3 MozillaFirefox-debuginfo-102.4.0-112.136.3 MozillaFirefox-debugsource-102.4.0-112.136.3 MozillaFirefox-devel-102.4.0-112.136.3 MozillaFirefox-translations-common-102.4.0-112.136.3 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): MozillaFirefox-debuginfo-102.4.0-112.136.3 MozillaFirefox-debugsource-102.4.0-112.136.3 MozillaFirefox-devel-102.4.0-112.136.3 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): MozillaFirefox-102.4.0-112.136.3 MozillaFirefox-debuginfo-102.4.0-112.136.3 MozillaFirefox-debugsource-102.4.0-112.136.3 MozillaFirefox-devel-102.4.0-112.136.3 MozillaFirefox-translations-common-102.4.0-112.136.3 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): MozillaFirefox-102.4.0-112.136.3 MozillaFirefox-debuginfo-102.4.0-112.136.3 MozillaFirefox-debugsource-102.4.0-112.136.3 MozillaFirefox-devel-102.4.0-112.136.3 MozillaFirefox-translations-common-102.4.0-112.136.3 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): MozillaFirefox-102.4.0-112.136.3 MozillaFirefox-debuginfo-102.4.0-112.136.3 MozillaFirefox-debugsource-102.4.0-112.136.3 MozillaFirefox-devel-102.4.0-112.136.3 MozillaFirefox-translations-common-102.4.0-112.136.3 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): MozillaFirefox-102.4.0-112.136.3 MozillaFirefox-debuginfo-102.4.0-112.136.3 MozillaFirefox-debugsource-102.4.0-112.136.3 MozillaFirefox-devel-102.4.0-112.136.3 MozillaFirefox-translations-common-102.4.0-112.136.3 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): MozillaFirefox-102.4.0-112.136.3 MozillaFirefox-debuginfo-102.4.0-112.136.3 MozillaFirefox-debugsource-102.4.0-112.136.3 MozillaFirefox-devel-102.4.0-112.136.3 MozillaFirefox-translations-common-102.4.0-112.136.3 References: https://www.suse.com/security/cve/CVE-2022-42927.html https://www.suse.com/security/cve/CVE-2022-42928.html https://www.suse.com/security/cve/CVE-2022-42929.html https://www.suse.com/security/cve/CVE-2022-42932.html https://bugzilla.suse.com/1204421 From sle-updates at lists.suse.com Tue Oct 25 16:21:19 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 25 Oct 2022 18:21:19 +0200 (CEST) Subject: SUSE-SU-2022:3725-1: important: Security update for icinga2 Message-ID: <20221025162120.022F3FDD6@maintenance.suse.de> SUSE Security Update: Security update for icinga2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3725-1 Rating: important References: #1172171 #1180147 #1189653 Cross-References: CVE-2020-14004 CVE-2020-29663 CVE-2021-37698 CVSS scores: CVE-2020-14004 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2020-14004 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2020-29663 (NVD) : 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVE-2020-29663 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2021-37698 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2021-37698 (SUSE): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N Affected Products: SUSE Linux Enterprise Module for HPC 12 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for icinga2 fixes the following issues: - CVE-2020-14004: prepare-dirs script allows for symlink attack in the icinga user context. (bsc#1172171) - CVE-2020-29663: ignoring CRL, where revoked certificates due for renewal will automatically be renewed. (bsc#281137) - CVE-2021-37698: Missing TLS server certificate validation in ElasticsearchWriter, GelfWriter, InfluxdbWriter and Influxdb2Writer. (bsc#281137) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for HPC 12: zypper in -t patch SUSE-SLE-Module-HPC-12-2022-3725=1 Package List: - SUSE Linux Enterprise Module for HPC 12 (aarch64 x86_64): icinga2-2.8.2-3.6.1 icinga2-bin-2.8.2-3.6.1 icinga2-bin-debuginfo-2.8.2-3.6.1 icinga2-common-2.8.2-3.6.1 icinga2-debugsource-2.8.2-3.6.1 icinga2-doc-2.8.2-3.6.1 icinga2-ido-mysql-2.8.2-3.6.1 icinga2-ido-mysql-debuginfo-2.8.2-3.6.1 icinga2-ido-pgsql-2.8.2-3.6.1 icinga2-ido-pgsql-debuginfo-2.8.2-3.6.1 icinga2-libs-2.8.2-3.6.1 icinga2-libs-debuginfo-2.8.2-3.6.1 vim-icinga2-2.8.2-3.6.1 References: https://www.suse.com/security/cve/CVE-2020-14004.html https://www.suse.com/security/cve/CVE-2020-29663.html https://www.suse.com/security/cve/CVE-2021-37698.html https://bugzilla.suse.com/1172171 https://bugzilla.suse.com/1180147 https://bugzilla.suse.com/1189653 From sle-updates at lists.suse.com Tue Oct 25 16:22:32 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 25 Oct 2022 18:22:32 +0200 (CEST) Subject: SUSE-SU-2022:3726-1: important: Security update for MozillaFirefox Message-ID: <20221025162232.9D7C5FDD6@maintenance.suse.de> SUSE Security Update: Security update for MozillaFirefox ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3726-1 Rating: important References: #1204421 Cross-References: CVE-2022-42927 CVE-2022-42928 CVE-2022-42929 CVE-2022-42932 CVSS scores: CVE-2022-42927 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-42928 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-42929 (SUSE): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVE-2022-42932 (SUSE): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Affected Products: SUSE Enterprise Storage 7 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Desktop Applications 15-SP3 SUSE Linux Enterprise Module for Desktop Applications 15-SP4 SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.1 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.1 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for MozillaFirefox fixes the following issues: - Updated to version 102.4.0 ESR (bsc#1204421) - CVE-2022-42927: Fixed same-origin policy violation that could have leaked cross-origin URLs. - CVE-2022-42928: Fixed memory Corruption in JS Engine. - CVE-2022-42929: Fixed denial of Service via window.print. - CVE-2022-42932: Fixed memory safety bugs. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3726=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-3726=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-3726=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-3726=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-3726=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-3726=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-3726=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-3726=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2022-3726=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP3-2022-3726=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-3726=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-3726=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-3726=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): MozillaFirefox-102.4.0-150200.152.64.1 MozillaFirefox-branding-upstream-102.4.0-150200.152.64.1 MozillaFirefox-debuginfo-102.4.0-150200.152.64.1 MozillaFirefox-debugsource-102.4.0-150200.152.64.1 MozillaFirefox-devel-102.4.0-150200.152.64.1 MozillaFirefox-translations-common-102.4.0-150200.152.64.1 MozillaFirefox-translations-other-102.4.0-150200.152.64.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): MozillaFirefox-102.4.0-150200.152.64.1 MozillaFirefox-branding-upstream-102.4.0-150200.152.64.1 MozillaFirefox-debuginfo-102.4.0-150200.152.64.1 MozillaFirefox-debugsource-102.4.0-150200.152.64.1 MozillaFirefox-devel-102.4.0-150200.152.64.1 MozillaFirefox-translations-common-102.4.0-150200.152.64.1 MozillaFirefox-translations-other-102.4.0-150200.152.64.1 - SUSE Manager Server 4.1 (ppc64le s390x x86_64): MozillaFirefox-102.4.0-150200.152.64.1 MozillaFirefox-debuginfo-102.4.0-150200.152.64.1 MozillaFirefox-debugsource-102.4.0-150200.152.64.1 MozillaFirefox-devel-102.4.0-150200.152.64.1 MozillaFirefox-translations-common-102.4.0-150200.152.64.1 MozillaFirefox-translations-other-102.4.0-150200.152.64.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): MozillaFirefox-102.4.0-150200.152.64.1 MozillaFirefox-debuginfo-102.4.0-150200.152.64.1 MozillaFirefox-debugsource-102.4.0-150200.152.64.1 MozillaFirefox-devel-102.4.0-150200.152.64.1 MozillaFirefox-translations-common-102.4.0-150200.152.64.1 MozillaFirefox-translations-other-102.4.0-150200.152.64.1 - SUSE Manager Proxy 4.1 (x86_64): MozillaFirefox-102.4.0-150200.152.64.1 MozillaFirefox-debuginfo-102.4.0-150200.152.64.1 MozillaFirefox-debugsource-102.4.0-150200.152.64.1 MozillaFirefox-devel-102.4.0-150200.152.64.1 MozillaFirefox-translations-common-102.4.0-150200.152.64.1 MozillaFirefox-translations-other-102.4.0-150200.152.64.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): MozillaFirefox-102.4.0-150200.152.64.1 MozillaFirefox-debuginfo-102.4.0-150200.152.64.1 MozillaFirefox-debugsource-102.4.0-150200.152.64.1 MozillaFirefox-devel-102.4.0-150200.152.64.1 MozillaFirefox-translations-common-102.4.0-150200.152.64.1 MozillaFirefox-translations-other-102.4.0-150200.152.64.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): MozillaFirefox-102.4.0-150200.152.64.1 MozillaFirefox-debuginfo-102.4.0-150200.152.64.1 MozillaFirefox-debugsource-102.4.0-150200.152.64.1 MozillaFirefox-devel-102.4.0-150200.152.64.1 MozillaFirefox-translations-common-102.4.0-150200.152.64.1 MozillaFirefox-translations-other-102.4.0-150200.152.64.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): MozillaFirefox-102.4.0-150200.152.64.1 MozillaFirefox-debuginfo-102.4.0-150200.152.64.1 MozillaFirefox-debugsource-102.4.0-150200.152.64.1 MozillaFirefox-devel-102.4.0-150200.152.64.1 MozillaFirefox-translations-common-102.4.0-150200.152.64.1 MozillaFirefox-translations-other-102.4.0-150200.152.64.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4 (aarch64 ppc64le s390x x86_64): MozillaFirefox-102.4.0-150200.152.64.1 MozillaFirefox-debuginfo-102.4.0-150200.152.64.1 MozillaFirefox-debugsource-102.4.0-150200.152.64.1 MozillaFirefox-translations-common-102.4.0-150200.152.64.1 MozillaFirefox-translations-other-102.4.0-150200.152.64.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4 (aarch64 ppc64le x86_64): MozillaFirefox-devel-102.4.0-150200.152.64.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (aarch64 ppc64le s390x x86_64): MozillaFirefox-102.4.0-150200.152.64.1 MozillaFirefox-debuginfo-102.4.0-150200.152.64.1 MozillaFirefox-debugsource-102.4.0-150200.152.64.1 MozillaFirefox-translations-common-102.4.0-150200.152.64.1 MozillaFirefox-translations-other-102.4.0-150200.152.64.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (aarch64 ppc64le x86_64): MozillaFirefox-devel-102.4.0-150200.152.64.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): MozillaFirefox-102.4.0-150200.152.64.1 MozillaFirefox-debuginfo-102.4.0-150200.152.64.1 MozillaFirefox-debugsource-102.4.0-150200.152.64.1 MozillaFirefox-devel-102.4.0-150200.152.64.1 MozillaFirefox-translations-common-102.4.0-150200.152.64.1 MozillaFirefox-translations-other-102.4.0-150200.152.64.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): MozillaFirefox-102.4.0-150200.152.64.1 MozillaFirefox-debuginfo-102.4.0-150200.152.64.1 MozillaFirefox-debugsource-102.4.0-150200.152.64.1 MozillaFirefox-devel-102.4.0-150200.152.64.1 MozillaFirefox-translations-common-102.4.0-150200.152.64.1 MozillaFirefox-translations-other-102.4.0-150200.152.64.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): MozillaFirefox-102.4.0-150200.152.64.1 MozillaFirefox-debuginfo-102.4.0-150200.152.64.1 MozillaFirefox-debugsource-102.4.0-150200.152.64.1 MozillaFirefox-devel-102.4.0-150200.152.64.1 MozillaFirefox-translations-common-102.4.0-150200.152.64.1 MozillaFirefox-translations-other-102.4.0-150200.152.64.1 References: https://www.suse.com/security/cve/CVE-2022-42927.html https://www.suse.com/security/cve/CVE-2022-42928.html https://www.suse.com/security/cve/CVE-2022-42929.html https://www.suse.com/security/cve/CVE-2022-42932.html https://bugzilla.suse.com/1204421 From sle-updates at lists.suse.com Tue Oct 25 19:19:55 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 25 Oct 2022 21:19:55 +0200 (CEST) Subject: SUSE-SU-2022:3727-1: moderate: Security update for xen Message-ID: <20221025191955.5F14EFDB8@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3727-1 Rating: moderate References: #1027519 #1167608 #1201631 #1201994 #1203806 #1203807 Cross-References: CVE-2022-33746 CVE-2022-33748 CVSS scores: CVE-2022-33746 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2022-33746 (SUSE): 5.3 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2022-33748 (NVD) : 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2022-33748 (SUSE): 5.3 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Module for Server Applications 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that solves two vulnerabilities and has four fixes is now available. Description: This update for xen fixes the following issues: Updated to version 4.16.2 (bsc#1027519): - CVE-2022-33746: Fixed DoS due to excessively long P2M pool freeing (bsc#1203806). - CVE-2022-33748: Fixed DoS due to race in locking (bsc#1203807). Bugfixes: - Fixed Xen DomU unable to emulate audio device (bsc#1201994). - Fixed logic error in built-in default of max_event_channels (bsc#1167608, bsc#1201631). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3727=1 - SUSE Linux Enterprise Module for Server Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2022-3727=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-3727=1 - SUSE Linux Enterprise Micro 5.3: zypper in -t patch SUSE-SLE-Micro-5.3-2022-3727=1 Package List: - openSUSE Leap 15.4 (aarch64 x86_64): xen-4.16.2_06-150400.4.11.1 xen-debugsource-4.16.2_06-150400.4.11.1 xen-devel-4.16.2_06-150400.4.11.1 xen-doc-html-4.16.2_06-150400.4.11.1 xen-libs-4.16.2_06-150400.4.11.1 xen-libs-debuginfo-4.16.2_06-150400.4.11.1 xen-tools-4.16.2_06-150400.4.11.1 xen-tools-debuginfo-4.16.2_06-150400.4.11.1 xen-tools-domU-4.16.2_06-150400.4.11.1 xen-tools-domU-debuginfo-4.16.2_06-150400.4.11.1 - openSUSE Leap 15.4 (x86_64): xen-libs-32bit-4.16.2_06-150400.4.11.1 xen-libs-32bit-debuginfo-4.16.2_06-150400.4.11.1 - openSUSE Leap 15.4 (noarch): xen-tools-xendomains-wait-disk-4.16.2_06-150400.4.11.1 - SUSE Linux Enterprise Module for Server Applications 15-SP4 (x86_64): xen-4.16.2_06-150400.4.11.1 xen-debugsource-4.16.2_06-150400.4.11.1 xen-devel-4.16.2_06-150400.4.11.1 xen-tools-4.16.2_06-150400.4.11.1 xen-tools-debuginfo-4.16.2_06-150400.4.11.1 - SUSE Linux Enterprise Module for Server Applications 15-SP4 (noarch): xen-tools-xendomains-wait-disk-4.16.2_06-150400.4.11.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (x86_64): xen-debugsource-4.16.2_06-150400.4.11.1 xen-libs-4.16.2_06-150400.4.11.1 xen-libs-debuginfo-4.16.2_06-150400.4.11.1 xen-tools-domU-4.16.2_06-150400.4.11.1 xen-tools-domU-debuginfo-4.16.2_06-150400.4.11.1 - SUSE Linux Enterprise Micro 5.3 (x86_64): xen-debugsource-4.16.2_06-150400.4.11.1 xen-libs-4.16.2_06-150400.4.11.1 xen-libs-debuginfo-4.16.2_06-150400.4.11.1 References: https://www.suse.com/security/cve/CVE-2022-33746.html https://www.suse.com/security/cve/CVE-2022-33748.html https://bugzilla.suse.com/1027519 https://bugzilla.suse.com/1167608 https://bugzilla.suse.com/1201631 https://bugzilla.suse.com/1201994 https://bugzilla.suse.com/1203806 https://bugzilla.suse.com/1203807 From sle-updates at lists.suse.com Tue Oct 25 19:21:40 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 25 Oct 2022 21:21:40 +0200 (CEST) Subject: SUSE-SU-2022:3731-1: important: Security update for python-waitress Message-ID: <20221025192140.7D1ACFDB8@maintenance.suse.de> SUSE Security Update: Security update for python-waitress ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3731-1 Rating: important References: #1197255 Cross-References: CVE-2022-24761 CVSS scores: CVE-2022-24761 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVE-2022-24761 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Enterprise Storage 7 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.1 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.1 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python-waitress fixes the following issues: - CVE-2022-24761: Fixed a bug to avoid inconsistent interpretation of HTTP requests leading to request smuggling. (bsc#1197255) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3731=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-3731=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-3731=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-3731=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-3731=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-3731=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-3731=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-3731=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-3731=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-3731=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-3731=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-3731=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-3731=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2022-3731=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2022-3731=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-3731=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-3731=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-3731=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-3731=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-3731=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-3731=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-3731=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-3731=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-3731=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-3731=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - openSUSE Leap 15.4 (noarch): python3-waitress-1.4.3-150000.3.6.1 - openSUSE Leap 15.3 (noarch): python2-waitress-1.4.3-150000.3.6.1 python3-waitress-1.4.3-150000.3.6.1 - SUSE Manager Server 4.1 (noarch): python3-waitress-1.4.3-150000.3.6.1 - SUSE Manager Retail Branch Server 4.1 (noarch): python3-waitress-1.4.3-150000.3.6.1 - SUSE Manager Proxy 4.1 (noarch): python3-waitress-1.4.3-150000.3.6.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (noarch): python3-waitress-1.4.3-150000.3.6.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (noarch): python3-waitress-1.4.3-150000.3.6.1 - SUSE Linux Enterprise Server for SAP 15 (noarch): python3-waitress-1.4.3-150000.3.6.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (noarch): python3-waitress-1.4.3-150000.3.6.1 - SUSE Linux Enterprise Server 15-SP2-BCL (noarch): python3-waitress-1.4.3-150000.3.6.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (noarch): python3-waitress-1.4.3-150000.3.6.1 - SUSE Linux Enterprise Server 15-SP1-BCL (noarch): python3-waitress-1.4.3-150000.3.6.1 - SUSE Linux Enterprise Server 15-LTSS (noarch): python3-waitress-1.4.3-150000.3.6.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 (noarch): python2-waitress-1.4.3-150000.3.6.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (noarch): python2-waitress-1.4.3-150000.3.6.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (noarch): python3-waitress-1.4.3-150000.3.6.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): python3-waitress-1.4.3-150000.3.6.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (noarch): python3-waitress-1.4.3-150000.3.6.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (noarch): python3-waitress-1.4.3-150000.3.6.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch): python3-waitress-1.4.3-150000.3.6.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (noarch): python3-waitress-1.4.3-150000.3.6.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch): python3-waitress-1.4.3-150000.3.6.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch): python3-waitress-1.4.3-150000.3.6.1 - SUSE Enterprise Storage 7 (noarch): python3-waitress-1.4.3-150000.3.6.1 - SUSE Enterprise Storage 6 (noarch): python3-waitress-1.4.3-150000.3.6.1 - SUSE CaaS Platform 4.0 (noarch): python3-waitress-1.4.3-150000.3.6.1 References: https://www.suse.com/security/cve/CVE-2022-24761.html https://bugzilla.suse.com/1197255 From sle-updates at lists.suse.com Tue Oct 25 19:23:32 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 25 Oct 2022 21:23:32 +0200 (CEST) Subject: SUSE-SU-2022:3730-1: important: Security update for python-paramiko Message-ID: <20221025192332.AC40DFDB8@maintenance.suse.de> SUSE Security Update: Security update for python-paramiko ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3730-1 Rating: important References: #1111151 #1200603 Cross-References: CVE-2018-1000805 CVSS scores: CVE-2018-1000805 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2018-1000805 (SUSE): 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Enterprise Storage 7 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Module for Python2 15-SP3 SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.1 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.1 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for python-paramiko fixes the following issues: Updated to version 2.4.3: - CVE-2018-1000805: Fixed authentication bypass (bsc#1111151). Bugfixes: - Fixed Ed25519 key handling for certain key comment lengths (bsc#1200603). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3730=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-3730=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-3730=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-3730=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-3730=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-3730=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-3730=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-3730=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-3730=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-3730=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-3730=1 - SUSE Linux Enterprise Module for Python2 15-SP3: zypper in -t patch SUSE-SLE-Module-Python2-15-SP3-2022-3730=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-3730=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-3730=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-3730=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-3730=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-3730=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-3730=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-3730=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-3730=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - openSUSE Leap 15.4 (noarch): python-paramiko-doc-2.4.3-150100.6.15.1 python3-paramiko-2.4.3-150100.6.15.1 - openSUSE Leap 15.3 (noarch): python-paramiko-doc-2.4.3-150100.6.15.1 python2-paramiko-2.4.3-150100.6.15.1 python3-paramiko-2.4.3-150100.6.15.1 - SUSE Manager Server 4.1 (noarch): python2-paramiko-2.4.3-150100.6.15.1 python3-paramiko-2.4.3-150100.6.15.1 - SUSE Manager Retail Branch Server 4.1 (noarch): python2-paramiko-2.4.3-150100.6.15.1 python3-paramiko-2.4.3-150100.6.15.1 - SUSE Manager Proxy 4.1 (noarch): python2-paramiko-2.4.3-150100.6.15.1 python3-paramiko-2.4.3-150100.6.15.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (noarch): python2-paramiko-2.4.3-150100.6.15.1 python3-paramiko-2.4.3-150100.6.15.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (noarch): python2-paramiko-2.4.3-150100.6.15.1 python3-paramiko-2.4.3-150100.6.15.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (noarch): python2-paramiko-2.4.3-150100.6.15.1 python3-paramiko-2.4.3-150100.6.15.1 - SUSE Linux Enterprise Server 15-SP2-BCL (noarch): python3-paramiko-2.4.3-150100.6.15.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (noarch): python2-paramiko-2.4.3-150100.6.15.1 python3-paramiko-2.4.3-150100.6.15.1 - SUSE Linux Enterprise Server 15-SP1-BCL (noarch): python2-paramiko-2.4.3-150100.6.15.1 python3-paramiko-2.4.3-150100.6.15.1 - SUSE Linux Enterprise Module for Python2 15-SP3 (noarch): python2-paramiko-2.4.3-150100.6.15.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (noarch): python3-paramiko-2.4.3-150100.6.15.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): python3-paramiko-2.4.3-150100.6.15.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (noarch): python2-paramiko-2.4.3-150100.6.15.1 python3-paramiko-2.4.3-150100.6.15.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (noarch): python2-paramiko-2.4.3-150100.6.15.1 python3-paramiko-2.4.3-150100.6.15.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch): python2-paramiko-2.4.3-150100.6.15.1 python3-paramiko-2.4.3-150100.6.15.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (noarch): python2-paramiko-2.4.3-150100.6.15.1 python3-paramiko-2.4.3-150100.6.15.1 - SUSE Enterprise Storage 7 (noarch): python2-paramiko-2.4.3-150100.6.15.1 python3-paramiko-2.4.3-150100.6.15.1 - SUSE Enterprise Storage 6 (noarch): python2-paramiko-2.4.3-150100.6.15.1 python3-paramiko-2.4.3-150100.6.15.1 - SUSE CaaS Platform 4.0 (noarch): python2-paramiko-2.4.3-150100.6.15.1 python3-paramiko-2.4.3-150100.6.15.1 References: https://www.suse.com/security/cve/CVE-2018-1000805.html https://bugzilla.suse.com/1111151 https://bugzilla.suse.com/1200603 From sle-updates at lists.suse.com Tue Oct 25 19:24:50 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 25 Oct 2022 21:24:50 +0200 (CEST) Subject: SUSE-SU-2022:3728-1: important: Security update for xen Message-ID: <20221025192450.28608FDB8@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3728-1 Rating: important References: #1185104 #1200762 #1203806 #1203807 Cross-References: CVE-2021-28689 CVE-2022-26365 CVE-2022-33740 CVE-2022-33741 CVE-2022-33742 CVE-2022-33746 CVE-2022-33748 CVSS scores: CVE-2021-28689 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2021-28689 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-26365 (NVD) : 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2022-26365 (SUSE): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H CVE-2022-33740 (NVD) : 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2022-33740 (SUSE): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H CVE-2022-33741 (NVD) : 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2022-33741 (SUSE): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H CVE-2022-33742 (NVD) : 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2022-33742 (SUSE): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H CVE-2022-33746 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2022-33746 (SUSE): 5.3 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2022-33748 (NVD) : 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2022-33748 (SUSE): 5.3 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 ______________________________________________________________________________ An update that fixes 7 vulnerabilities is now available. Description: This update for xen fixes the following issues: - CVE-2022-26365: Fixed issue where Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (bsc#1200762). - CVE-2022-33740: Fixed issue where Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (bsc#1200762). - CVE-2022-33741: Fixed issue where data residing in the same 4K page as data shared with a backend was being accessible by such backend (bsc#1200762). - CVE-2022-33742: Fixed issue where data residing in the same 4K page as data shared with a backend was being accessible by such backend (bsc#1200762). - CVE-2022-33746: Fixed DoS due to excessively long P2M pool freeing (bsc#1203806). - CVE-2021-28689: Fixed speculative vulnerabilities with bare (non-shim) 32-bit PV guests (bsc#1185104). - CVE-2022-33748: Fixed DoS due to race in locking (bsc#1203807). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-3728=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-3728=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 x86_64): xen-debugsource-4.12.4_28-3.77.1 xen-devel-4.12.4_28-3.77.1 - SUSE Linux Enterprise Server 12-SP5 (x86_64): xen-4.12.4_28-3.77.1 xen-debugsource-4.12.4_28-3.77.1 xen-doc-html-4.12.4_28-3.77.1 xen-libs-32bit-4.12.4_28-3.77.1 xen-libs-4.12.4_28-3.77.1 xen-libs-debuginfo-32bit-4.12.4_28-3.77.1 xen-libs-debuginfo-4.12.4_28-3.77.1 xen-tools-4.12.4_28-3.77.1 xen-tools-debuginfo-4.12.4_28-3.77.1 xen-tools-domU-4.12.4_28-3.77.1 xen-tools-domU-debuginfo-4.12.4_28-3.77.1 References: https://www.suse.com/security/cve/CVE-2021-28689.html https://www.suse.com/security/cve/CVE-2022-26365.html https://www.suse.com/security/cve/CVE-2022-33740.html https://www.suse.com/security/cve/CVE-2022-33741.html https://www.suse.com/security/cve/CVE-2022-33742.html https://www.suse.com/security/cve/CVE-2022-33746.html https://www.suse.com/security/cve/CVE-2022-33748.html https://bugzilla.suse.com/1185104 https://bugzilla.suse.com/1200762 https://bugzilla.suse.com/1203806 https://bugzilla.suse.com/1203807 From sle-updates at lists.suse.com Tue Oct 25 19:26:21 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 25 Oct 2022 21:26:21 +0200 (CEST) Subject: SUSE-SU-2022:3729-1: important: Security update for bind Message-ID: <20221025192621.EECF6FDB8@maintenance.suse.de> SUSE Security Update: Security update for bind ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3729-1 Rating: important References: #1203614 #1203619 #1203620 Cross-References: CVE-2022-2795 CVE-2022-38177 CVE-2022-38178 CVSS scores: CVE-2022-2795 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-2795 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-38177 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-38177 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-38178 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-38178 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Enterprise Storage 7 SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Manager Proxy 4.1 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for bind fixes the following issues: - CVE-2022-2795: Fixed potential performance degredation due to missing database lookup limits when processing large delegations (bsc#1203614). - CVE-2022-38177: Fixed a memory leak that could be externally triggered in the DNSSEC verification code for the ECDSA algorithm (bsc#1203619). - CVE-2022-38178: Fixed memory leaks that could be externally triggered in the DNSSEC verification code for the EdDSA algorithm (bsc#1203620). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3729=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-3729=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-3729=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-3729=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-3729=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-3729=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-3729=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-3729=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-3729=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-3729=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-3729=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-3729=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-3729=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-3729=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-3729=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-3729=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-3729=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-3729=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-3729=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-3729=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-3729=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - openSUSE Leap 15.4 (x86_64): bind-devel-32bit-9.16.6-150000.12.63.1 libbind9-1600-32bit-9.16.6-150000.12.63.1 libbind9-1600-32bit-debuginfo-9.16.6-150000.12.63.1 libdns1605-32bit-9.16.6-150000.12.63.1 libdns1605-32bit-debuginfo-9.16.6-150000.12.63.1 libirs1601-32bit-9.16.6-150000.12.63.1 libirs1601-32bit-debuginfo-9.16.6-150000.12.63.1 libisc1606-32bit-9.16.6-150000.12.63.1 libisc1606-32bit-debuginfo-9.16.6-150000.12.63.1 libisccc1600-32bit-9.16.6-150000.12.63.1 libisccc1600-32bit-debuginfo-9.16.6-150000.12.63.1 libisccfg1600-32bit-9.16.6-150000.12.63.1 libisccfg1600-32bit-debuginfo-9.16.6-150000.12.63.1 libns1604-32bit-9.16.6-150000.12.63.1 libns1604-32bit-debuginfo-9.16.6-150000.12.63.1 - openSUSE Leap 15.3 (x86_64): bind-devel-32bit-9.16.6-150000.12.63.1 libbind9-1600-32bit-9.16.6-150000.12.63.1 libbind9-1600-32bit-debuginfo-9.16.6-150000.12.63.1 libdns1605-32bit-9.16.6-150000.12.63.1 libdns1605-32bit-debuginfo-9.16.6-150000.12.63.1 libirs1601-32bit-9.16.6-150000.12.63.1 libirs1601-32bit-debuginfo-9.16.6-150000.12.63.1 libisc1606-32bit-9.16.6-150000.12.63.1 libisc1606-32bit-debuginfo-9.16.6-150000.12.63.1 libisccc1600-32bit-9.16.6-150000.12.63.1 libisccc1600-32bit-debuginfo-9.16.6-150000.12.63.1 libisccfg1600-32bit-9.16.6-150000.12.63.1 libisccfg1600-32bit-debuginfo-9.16.6-150000.12.63.1 libns1604-32bit-9.16.6-150000.12.63.1 libns1604-32bit-debuginfo-9.16.6-150000.12.63.1 - SUSE Manager Server 4.1 (ppc64le s390x x86_64): bind-9.16.6-150000.12.63.1 bind-chrootenv-9.16.6-150000.12.63.1 bind-debuginfo-9.16.6-150000.12.63.1 bind-debugsource-9.16.6-150000.12.63.1 bind-devel-9.16.6-150000.12.63.1 bind-utils-9.16.6-150000.12.63.1 bind-utils-debuginfo-9.16.6-150000.12.63.1 libbind9-1600-9.16.6-150000.12.63.1 libbind9-1600-debuginfo-9.16.6-150000.12.63.1 libdns1605-9.16.6-150000.12.63.1 libdns1605-debuginfo-9.16.6-150000.12.63.1 libirs-devel-9.16.6-150000.12.63.1 libirs1601-9.16.6-150000.12.63.1 libirs1601-debuginfo-9.16.6-150000.12.63.1 libisc1606-9.16.6-150000.12.63.1 libisc1606-debuginfo-9.16.6-150000.12.63.1 libisccc1600-9.16.6-150000.12.63.1 libisccc1600-debuginfo-9.16.6-150000.12.63.1 libisccfg1600-9.16.6-150000.12.63.1 libisccfg1600-debuginfo-9.16.6-150000.12.63.1 libns1604-9.16.6-150000.12.63.1 libns1604-debuginfo-9.16.6-150000.12.63.1 - SUSE Manager Server 4.1 (noarch): bind-doc-9.16.6-150000.12.63.1 python3-bind-9.16.6-150000.12.63.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): bind-9.16.6-150000.12.63.1 bind-chrootenv-9.16.6-150000.12.63.1 bind-debuginfo-9.16.6-150000.12.63.1 bind-debugsource-9.16.6-150000.12.63.1 bind-devel-9.16.6-150000.12.63.1 bind-utils-9.16.6-150000.12.63.1 bind-utils-debuginfo-9.16.6-150000.12.63.1 libbind9-1600-9.16.6-150000.12.63.1 libbind9-1600-debuginfo-9.16.6-150000.12.63.1 libdns1605-9.16.6-150000.12.63.1 libdns1605-debuginfo-9.16.6-150000.12.63.1 libirs-devel-9.16.6-150000.12.63.1 libirs1601-9.16.6-150000.12.63.1 libirs1601-debuginfo-9.16.6-150000.12.63.1 libisc1606-9.16.6-150000.12.63.1 libisc1606-debuginfo-9.16.6-150000.12.63.1 libisccc1600-9.16.6-150000.12.63.1 libisccc1600-debuginfo-9.16.6-150000.12.63.1 libisccfg1600-9.16.6-150000.12.63.1 libisccfg1600-debuginfo-9.16.6-150000.12.63.1 libns1604-9.16.6-150000.12.63.1 libns1604-debuginfo-9.16.6-150000.12.63.1 - SUSE Manager Retail Branch Server 4.1 (noarch): bind-doc-9.16.6-150000.12.63.1 python3-bind-9.16.6-150000.12.63.1 - SUSE Manager Proxy 4.1 (x86_64): bind-9.16.6-150000.12.63.1 bind-chrootenv-9.16.6-150000.12.63.1 bind-debuginfo-9.16.6-150000.12.63.1 bind-debugsource-9.16.6-150000.12.63.1 bind-devel-9.16.6-150000.12.63.1 bind-utils-9.16.6-150000.12.63.1 bind-utils-debuginfo-9.16.6-150000.12.63.1 libbind9-1600-9.16.6-150000.12.63.1 libbind9-1600-debuginfo-9.16.6-150000.12.63.1 libdns1605-9.16.6-150000.12.63.1 libdns1605-debuginfo-9.16.6-150000.12.63.1 libirs-devel-9.16.6-150000.12.63.1 libirs1601-9.16.6-150000.12.63.1 libirs1601-debuginfo-9.16.6-150000.12.63.1 libisc1606-9.16.6-150000.12.63.1 libisc1606-debuginfo-9.16.6-150000.12.63.1 libisccc1600-9.16.6-150000.12.63.1 libisccc1600-debuginfo-9.16.6-150000.12.63.1 libisccfg1600-9.16.6-150000.12.63.1 libisccfg1600-debuginfo-9.16.6-150000.12.63.1 libns1604-9.16.6-150000.12.63.1 libns1604-debuginfo-9.16.6-150000.12.63.1 - SUSE Manager Proxy 4.1 (noarch): bind-doc-9.16.6-150000.12.63.1 python3-bind-9.16.6-150000.12.63.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): bind-9.16.6-150000.12.63.1 bind-chrootenv-9.16.6-150000.12.63.1 bind-debuginfo-9.16.6-150000.12.63.1 bind-debugsource-9.16.6-150000.12.63.1 bind-devel-9.16.6-150000.12.63.1 bind-utils-9.16.6-150000.12.63.1 bind-utils-debuginfo-9.16.6-150000.12.63.1 libbind9-1600-9.16.6-150000.12.63.1 libbind9-1600-debuginfo-9.16.6-150000.12.63.1 libdns1605-9.16.6-150000.12.63.1 libdns1605-debuginfo-9.16.6-150000.12.63.1 libirs-devel-9.16.6-150000.12.63.1 libirs1601-9.16.6-150000.12.63.1 libirs1601-debuginfo-9.16.6-150000.12.63.1 libisc1606-9.16.6-150000.12.63.1 libisc1606-debuginfo-9.16.6-150000.12.63.1 libisccc1600-9.16.6-150000.12.63.1 libisccc1600-debuginfo-9.16.6-150000.12.63.1 libisccfg1600-9.16.6-150000.12.63.1 libisccfg1600-debuginfo-9.16.6-150000.12.63.1 libns1604-9.16.6-150000.12.63.1 libns1604-debuginfo-9.16.6-150000.12.63.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (noarch): bind-doc-9.16.6-150000.12.63.1 python3-bind-9.16.6-150000.12.63.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): bind-9.16.6-150000.12.63.1 bind-chrootenv-9.16.6-150000.12.63.1 bind-debuginfo-9.16.6-150000.12.63.1 bind-debugsource-9.16.6-150000.12.63.1 bind-devel-9.16.6-150000.12.63.1 bind-utils-9.16.6-150000.12.63.1 bind-utils-debuginfo-9.16.6-150000.12.63.1 libbind9-1600-9.16.6-150000.12.63.1 libbind9-1600-debuginfo-9.16.6-150000.12.63.1 libdns1605-9.16.6-150000.12.63.1 libdns1605-debuginfo-9.16.6-150000.12.63.1 libirs-devel-9.16.6-150000.12.63.1 libirs1601-9.16.6-150000.12.63.1 libirs1601-debuginfo-9.16.6-150000.12.63.1 libisc1606-9.16.6-150000.12.63.1 libisc1606-debuginfo-9.16.6-150000.12.63.1 libisccc1600-9.16.6-150000.12.63.1 libisccc1600-debuginfo-9.16.6-150000.12.63.1 libisccfg1600-9.16.6-150000.12.63.1 libisccfg1600-debuginfo-9.16.6-150000.12.63.1 libns1604-9.16.6-150000.12.63.1 libns1604-debuginfo-9.16.6-150000.12.63.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (noarch): bind-doc-9.16.6-150000.12.63.1 python3-bind-9.16.6-150000.12.63.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): bind-9.16.6-150000.12.63.1 bind-chrootenv-9.16.6-150000.12.63.1 bind-debuginfo-9.16.6-150000.12.63.1 bind-debugsource-9.16.6-150000.12.63.1 bind-devel-9.16.6-150000.12.63.1 bind-utils-9.16.6-150000.12.63.1 bind-utils-debuginfo-9.16.6-150000.12.63.1 libbind9-1600-9.16.6-150000.12.63.1 libbind9-1600-debuginfo-9.16.6-150000.12.63.1 libdns1605-9.16.6-150000.12.63.1 libdns1605-debuginfo-9.16.6-150000.12.63.1 libirs-devel-9.16.6-150000.12.63.1 libirs1601-9.16.6-150000.12.63.1 libirs1601-debuginfo-9.16.6-150000.12.63.1 libisc1606-9.16.6-150000.12.63.1 libisc1606-debuginfo-9.16.6-150000.12.63.1 libisccc1600-9.16.6-150000.12.63.1 libisccc1600-debuginfo-9.16.6-150000.12.63.1 libisccfg1600-9.16.6-150000.12.63.1 libisccfg1600-debuginfo-9.16.6-150000.12.63.1 libns1604-9.16.6-150000.12.63.1 libns1604-debuginfo-9.16.6-150000.12.63.1 - SUSE Linux Enterprise Server for SAP 15 (noarch): bind-doc-9.16.6-150000.12.63.1 python3-bind-9.16.6-150000.12.63.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): bind-9.16.6-150000.12.63.1 bind-chrootenv-9.16.6-150000.12.63.1 bind-debuginfo-9.16.6-150000.12.63.1 bind-debugsource-9.16.6-150000.12.63.1 bind-devel-9.16.6-150000.12.63.1 bind-utils-9.16.6-150000.12.63.1 bind-utils-debuginfo-9.16.6-150000.12.63.1 libbind9-1600-9.16.6-150000.12.63.1 libbind9-1600-debuginfo-9.16.6-150000.12.63.1 libdns1605-9.16.6-150000.12.63.1 libdns1605-debuginfo-9.16.6-150000.12.63.1 libirs-devel-9.16.6-150000.12.63.1 libirs1601-9.16.6-150000.12.63.1 libirs1601-debuginfo-9.16.6-150000.12.63.1 libisc1606-9.16.6-150000.12.63.1 libisc1606-debuginfo-9.16.6-150000.12.63.1 libisccc1600-9.16.6-150000.12.63.1 libisccc1600-debuginfo-9.16.6-150000.12.63.1 libisccfg1600-9.16.6-150000.12.63.1 libisccfg1600-debuginfo-9.16.6-150000.12.63.1 libns1604-9.16.6-150000.12.63.1 libns1604-debuginfo-9.16.6-150000.12.63.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (noarch): bind-doc-9.16.6-150000.12.63.1 python3-bind-9.16.6-150000.12.63.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): bind-9.16.6-150000.12.63.1 bind-chrootenv-9.16.6-150000.12.63.1 bind-debuginfo-9.16.6-150000.12.63.1 bind-debugsource-9.16.6-150000.12.63.1 bind-devel-9.16.6-150000.12.63.1 bind-utils-9.16.6-150000.12.63.1 bind-utils-debuginfo-9.16.6-150000.12.63.1 libbind9-1600-9.16.6-150000.12.63.1 libbind9-1600-debuginfo-9.16.6-150000.12.63.1 libdns1605-9.16.6-150000.12.63.1 libdns1605-debuginfo-9.16.6-150000.12.63.1 libirs-devel-9.16.6-150000.12.63.1 libirs1601-9.16.6-150000.12.63.1 libirs1601-debuginfo-9.16.6-150000.12.63.1 libisc1606-9.16.6-150000.12.63.1 libisc1606-debuginfo-9.16.6-150000.12.63.1 libisccc1600-9.16.6-150000.12.63.1 libisccc1600-debuginfo-9.16.6-150000.12.63.1 libisccfg1600-9.16.6-150000.12.63.1 libisccfg1600-debuginfo-9.16.6-150000.12.63.1 libns1604-9.16.6-150000.12.63.1 libns1604-debuginfo-9.16.6-150000.12.63.1 - SUSE Linux Enterprise Server 15-SP2-BCL (noarch): bind-doc-9.16.6-150000.12.63.1 python3-bind-9.16.6-150000.12.63.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): bind-9.16.6-150000.12.63.1 bind-chrootenv-9.16.6-150000.12.63.1 bind-debuginfo-9.16.6-150000.12.63.1 bind-debugsource-9.16.6-150000.12.63.1 bind-devel-9.16.6-150000.12.63.1 bind-utils-9.16.6-150000.12.63.1 bind-utils-debuginfo-9.16.6-150000.12.63.1 libbind9-1600-9.16.6-150000.12.63.1 libbind9-1600-debuginfo-9.16.6-150000.12.63.1 libdns1605-9.16.6-150000.12.63.1 libdns1605-debuginfo-9.16.6-150000.12.63.1 libirs-devel-9.16.6-150000.12.63.1 libirs1601-9.16.6-150000.12.63.1 libirs1601-debuginfo-9.16.6-150000.12.63.1 libisc1606-9.16.6-150000.12.63.1 libisc1606-debuginfo-9.16.6-150000.12.63.1 libisccc1600-9.16.6-150000.12.63.1 libisccc1600-debuginfo-9.16.6-150000.12.63.1 libisccfg1600-9.16.6-150000.12.63.1 libisccfg1600-debuginfo-9.16.6-150000.12.63.1 libns1604-9.16.6-150000.12.63.1 libns1604-debuginfo-9.16.6-150000.12.63.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (noarch): bind-doc-9.16.6-150000.12.63.1 python3-bind-9.16.6-150000.12.63.1 - SUSE Linux Enterprise Server 15-SP1-BCL (noarch): bind-doc-9.16.6-150000.12.63.1 python3-bind-9.16.6-150000.12.63.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): bind-9.16.6-150000.12.63.1 bind-chrootenv-9.16.6-150000.12.63.1 bind-debuginfo-9.16.6-150000.12.63.1 bind-debugsource-9.16.6-150000.12.63.1 bind-devel-9.16.6-150000.12.63.1 bind-utils-9.16.6-150000.12.63.1 bind-utils-debuginfo-9.16.6-150000.12.63.1 libbind9-1600-9.16.6-150000.12.63.1 libbind9-1600-debuginfo-9.16.6-150000.12.63.1 libdns1605-9.16.6-150000.12.63.1 libdns1605-debuginfo-9.16.6-150000.12.63.1 libirs-devel-9.16.6-150000.12.63.1 libirs1601-9.16.6-150000.12.63.1 libirs1601-debuginfo-9.16.6-150000.12.63.1 libisc1606-9.16.6-150000.12.63.1 libisc1606-debuginfo-9.16.6-150000.12.63.1 libisccc1600-9.16.6-150000.12.63.1 libisccc1600-debuginfo-9.16.6-150000.12.63.1 libisccfg1600-9.16.6-150000.12.63.1 libisccfg1600-debuginfo-9.16.6-150000.12.63.1 libns1604-9.16.6-150000.12.63.1 libns1604-debuginfo-9.16.6-150000.12.63.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): bind-9.16.6-150000.12.63.1 bind-chrootenv-9.16.6-150000.12.63.1 bind-debuginfo-9.16.6-150000.12.63.1 bind-debugsource-9.16.6-150000.12.63.1 bind-devel-9.16.6-150000.12.63.1 bind-utils-9.16.6-150000.12.63.1 bind-utils-debuginfo-9.16.6-150000.12.63.1 libbind9-1600-9.16.6-150000.12.63.1 libbind9-1600-debuginfo-9.16.6-150000.12.63.1 libdns1605-9.16.6-150000.12.63.1 libdns1605-debuginfo-9.16.6-150000.12.63.1 libirs-devel-9.16.6-150000.12.63.1 libirs1601-9.16.6-150000.12.63.1 libirs1601-debuginfo-9.16.6-150000.12.63.1 libisc1606-9.16.6-150000.12.63.1 libisc1606-debuginfo-9.16.6-150000.12.63.1 libisccc1600-9.16.6-150000.12.63.1 libisccc1600-debuginfo-9.16.6-150000.12.63.1 libisccfg1600-9.16.6-150000.12.63.1 libisccfg1600-debuginfo-9.16.6-150000.12.63.1 libns1604-9.16.6-150000.12.63.1 libns1604-debuginfo-9.16.6-150000.12.63.1 - SUSE Linux Enterprise Server 15-LTSS (noarch): bind-doc-9.16.6-150000.12.63.1 python3-bind-9.16.6-150000.12.63.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): bind-9.16.6-150000.12.63.1 bind-chrootenv-9.16.6-150000.12.63.1 bind-debuginfo-9.16.6-150000.12.63.1 bind-debugsource-9.16.6-150000.12.63.1 bind-devel-9.16.6-150000.12.63.1 bind-utils-9.16.6-150000.12.63.1 bind-utils-debuginfo-9.16.6-150000.12.63.1 libbind9-1600-9.16.6-150000.12.63.1 libbind9-1600-debuginfo-9.16.6-150000.12.63.1 libdns1605-9.16.6-150000.12.63.1 libdns1605-debuginfo-9.16.6-150000.12.63.1 libirs-devel-9.16.6-150000.12.63.1 libirs1601-9.16.6-150000.12.63.1 libirs1601-debuginfo-9.16.6-150000.12.63.1 libisc1606-9.16.6-150000.12.63.1 libisc1606-debuginfo-9.16.6-150000.12.63.1 libisccc1600-9.16.6-150000.12.63.1 libisccc1600-debuginfo-9.16.6-150000.12.63.1 libisccfg1600-9.16.6-150000.12.63.1 libisccfg1600-debuginfo-9.16.6-150000.12.63.1 libns1604-9.16.6-150000.12.63.1 libns1604-debuginfo-9.16.6-150000.12.63.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (noarch): bind-doc-9.16.6-150000.12.63.1 python3-bind-9.16.6-150000.12.63.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): bind-9.16.6-150000.12.63.1 bind-chrootenv-9.16.6-150000.12.63.1 bind-debuginfo-9.16.6-150000.12.63.1 bind-debugsource-9.16.6-150000.12.63.1 bind-devel-9.16.6-150000.12.63.1 bind-utils-9.16.6-150000.12.63.1 bind-utils-debuginfo-9.16.6-150000.12.63.1 libbind9-1600-9.16.6-150000.12.63.1 libbind9-1600-debuginfo-9.16.6-150000.12.63.1 libdns1605-9.16.6-150000.12.63.1 libdns1605-debuginfo-9.16.6-150000.12.63.1 libirs-devel-9.16.6-150000.12.63.1 libirs1601-9.16.6-150000.12.63.1 libirs1601-debuginfo-9.16.6-150000.12.63.1 libisc1606-9.16.6-150000.12.63.1 libisc1606-debuginfo-9.16.6-150000.12.63.1 libisccc1600-9.16.6-150000.12.63.1 libisccc1600-debuginfo-9.16.6-150000.12.63.1 libisccfg1600-9.16.6-150000.12.63.1 libisccfg1600-debuginfo-9.16.6-150000.12.63.1 libns1604-9.16.6-150000.12.63.1 libns1604-debuginfo-9.16.6-150000.12.63.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (noarch): bind-doc-9.16.6-150000.12.63.1 python3-bind-9.16.6-150000.12.63.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): bind-9.16.6-150000.12.63.1 bind-chrootenv-9.16.6-150000.12.63.1 bind-debuginfo-9.16.6-150000.12.63.1 bind-debugsource-9.16.6-150000.12.63.1 bind-devel-9.16.6-150000.12.63.1 bind-utils-9.16.6-150000.12.63.1 bind-utils-debuginfo-9.16.6-150000.12.63.1 libbind9-1600-9.16.6-150000.12.63.1 libbind9-1600-debuginfo-9.16.6-150000.12.63.1 libdns1605-9.16.6-150000.12.63.1 libdns1605-debuginfo-9.16.6-150000.12.63.1 libirs-devel-9.16.6-150000.12.63.1 libirs1601-9.16.6-150000.12.63.1 libirs1601-debuginfo-9.16.6-150000.12.63.1 libisc1606-9.16.6-150000.12.63.1 libisc1606-debuginfo-9.16.6-150000.12.63.1 libisccc1600-9.16.6-150000.12.63.1 libisccc1600-debuginfo-9.16.6-150000.12.63.1 libisccfg1600-9.16.6-150000.12.63.1 libisccfg1600-debuginfo-9.16.6-150000.12.63.1 libns1604-9.16.6-150000.12.63.1 libns1604-debuginfo-9.16.6-150000.12.63.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch): bind-doc-9.16.6-150000.12.63.1 python3-bind-9.16.6-150000.12.63.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): bind-9.16.6-150000.12.63.1 bind-chrootenv-9.16.6-150000.12.63.1 bind-debuginfo-9.16.6-150000.12.63.1 bind-debugsource-9.16.6-150000.12.63.1 bind-devel-9.16.6-150000.12.63.1 bind-utils-9.16.6-150000.12.63.1 bind-utils-debuginfo-9.16.6-150000.12.63.1 libbind9-1600-9.16.6-150000.12.63.1 libbind9-1600-debuginfo-9.16.6-150000.12.63.1 libdns1605-9.16.6-150000.12.63.1 libdns1605-debuginfo-9.16.6-150000.12.63.1 libirs-devel-9.16.6-150000.12.63.1 libirs1601-9.16.6-150000.12.63.1 libirs1601-debuginfo-9.16.6-150000.12.63.1 libisc1606-9.16.6-150000.12.63.1 libisc1606-debuginfo-9.16.6-150000.12.63.1 libisccc1600-9.16.6-150000.12.63.1 libisccc1600-debuginfo-9.16.6-150000.12.63.1 libisccfg1600-9.16.6-150000.12.63.1 libisccfg1600-debuginfo-9.16.6-150000.12.63.1 libns1604-9.16.6-150000.12.63.1 libns1604-debuginfo-9.16.6-150000.12.63.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (noarch): bind-doc-9.16.6-150000.12.63.1 python3-bind-9.16.6-150000.12.63.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): bind-9.16.6-150000.12.63.1 bind-chrootenv-9.16.6-150000.12.63.1 bind-debuginfo-9.16.6-150000.12.63.1 bind-debugsource-9.16.6-150000.12.63.1 bind-devel-9.16.6-150000.12.63.1 bind-utils-9.16.6-150000.12.63.1 bind-utils-debuginfo-9.16.6-150000.12.63.1 libbind9-1600-9.16.6-150000.12.63.1 libbind9-1600-debuginfo-9.16.6-150000.12.63.1 libdns1605-9.16.6-150000.12.63.1 libdns1605-debuginfo-9.16.6-150000.12.63.1 libirs-devel-9.16.6-150000.12.63.1 libirs1601-9.16.6-150000.12.63.1 libirs1601-debuginfo-9.16.6-150000.12.63.1 libisc1606-9.16.6-150000.12.63.1 libisc1606-debuginfo-9.16.6-150000.12.63.1 libisccc1600-9.16.6-150000.12.63.1 libisccc1600-debuginfo-9.16.6-150000.12.63.1 libisccfg1600-9.16.6-150000.12.63.1 libisccfg1600-debuginfo-9.16.6-150000.12.63.1 libns1604-9.16.6-150000.12.63.1 libns1604-debuginfo-9.16.6-150000.12.63.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch): bind-doc-9.16.6-150000.12.63.1 python3-bind-9.16.6-150000.12.63.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): bind-9.16.6-150000.12.63.1 bind-chrootenv-9.16.6-150000.12.63.1 bind-debuginfo-9.16.6-150000.12.63.1 bind-debugsource-9.16.6-150000.12.63.1 bind-devel-9.16.6-150000.12.63.1 bind-utils-9.16.6-150000.12.63.1 bind-utils-debuginfo-9.16.6-150000.12.63.1 libbind9-1600-9.16.6-150000.12.63.1 libbind9-1600-debuginfo-9.16.6-150000.12.63.1 libdns1605-9.16.6-150000.12.63.1 libdns1605-debuginfo-9.16.6-150000.12.63.1 libirs-devel-9.16.6-150000.12.63.1 libirs1601-9.16.6-150000.12.63.1 libirs1601-debuginfo-9.16.6-150000.12.63.1 libisc1606-9.16.6-150000.12.63.1 libisc1606-debuginfo-9.16.6-150000.12.63.1 libisccc1600-9.16.6-150000.12.63.1 libisccc1600-debuginfo-9.16.6-150000.12.63.1 libisccfg1600-9.16.6-150000.12.63.1 libisccfg1600-debuginfo-9.16.6-150000.12.63.1 libns1604-9.16.6-150000.12.63.1 libns1604-debuginfo-9.16.6-150000.12.63.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch): bind-doc-9.16.6-150000.12.63.1 python3-bind-9.16.6-150000.12.63.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): bind-9.16.6-150000.12.63.1 bind-chrootenv-9.16.6-150000.12.63.1 bind-debuginfo-9.16.6-150000.12.63.1 bind-debugsource-9.16.6-150000.12.63.1 bind-devel-9.16.6-150000.12.63.1 bind-utils-9.16.6-150000.12.63.1 bind-utils-debuginfo-9.16.6-150000.12.63.1 libbind9-1600-9.16.6-150000.12.63.1 libbind9-1600-debuginfo-9.16.6-150000.12.63.1 libdns1605-9.16.6-150000.12.63.1 libdns1605-debuginfo-9.16.6-150000.12.63.1 libirs-devel-9.16.6-150000.12.63.1 libirs1601-9.16.6-150000.12.63.1 libirs1601-debuginfo-9.16.6-150000.12.63.1 libisc1606-9.16.6-150000.12.63.1 libisc1606-debuginfo-9.16.6-150000.12.63.1 libisccc1600-9.16.6-150000.12.63.1 libisccc1600-debuginfo-9.16.6-150000.12.63.1 libisccfg1600-9.16.6-150000.12.63.1 libisccfg1600-debuginfo-9.16.6-150000.12.63.1 libns1604-9.16.6-150000.12.63.1 libns1604-debuginfo-9.16.6-150000.12.63.1 - SUSE Enterprise Storage 7 (noarch): bind-doc-9.16.6-150000.12.63.1 python3-bind-9.16.6-150000.12.63.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): bind-9.16.6-150000.12.63.1 bind-chrootenv-9.16.6-150000.12.63.1 bind-debuginfo-9.16.6-150000.12.63.1 bind-debugsource-9.16.6-150000.12.63.1 bind-devel-9.16.6-150000.12.63.1 bind-utils-9.16.6-150000.12.63.1 bind-utils-debuginfo-9.16.6-150000.12.63.1 libbind9-1600-9.16.6-150000.12.63.1 libbind9-1600-debuginfo-9.16.6-150000.12.63.1 libdns1605-9.16.6-150000.12.63.1 libdns1605-debuginfo-9.16.6-150000.12.63.1 libirs-devel-9.16.6-150000.12.63.1 libirs1601-9.16.6-150000.12.63.1 libirs1601-debuginfo-9.16.6-150000.12.63.1 libisc1606-9.16.6-150000.12.63.1 libisc1606-debuginfo-9.16.6-150000.12.63.1 libisccc1600-9.16.6-150000.12.63.1 libisccc1600-debuginfo-9.16.6-150000.12.63.1 libisccfg1600-9.16.6-150000.12.63.1 libisccfg1600-debuginfo-9.16.6-150000.12.63.1 libns1604-9.16.6-150000.12.63.1 libns1604-debuginfo-9.16.6-150000.12.63.1 - SUSE Enterprise Storage 6 (noarch): bind-doc-9.16.6-150000.12.63.1 python3-bind-9.16.6-150000.12.63.1 - SUSE CaaS Platform 4.0 (noarch): bind-doc-9.16.6-150000.12.63.1 python3-bind-9.16.6-150000.12.63.1 - SUSE CaaS Platform 4.0 (x86_64): bind-9.16.6-150000.12.63.1 bind-chrootenv-9.16.6-150000.12.63.1 bind-debuginfo-9.16.6-150000.12.63.1 bind-debugsource-9.16.6-150000.12.63.1 bind-devel-9.16.6-150000.12.63.1 bind-utils-9.16.6-150000.12.63.1 bind-utils-debuginfo-9.16.6-150000.12.63.1 libbind9-1600-9.16.6-150000.12.63.1 libbind9-1600-debuginfo-9.16.6-150000.12.63.1 libdns1605-9.16.6-150000.12.63.1 libdns1605-debuginfo-9.16.6-150000.12.63.1 libirs-devel-9.16.6-150000.12.63.1 libirs1601-9.16.6-150000.12.63.1 libirs1601-debuginfo-9.16.6-150000.12.63.1 libisc1606-9.16.6-150000.12.63.1 libisc1606-debuginfo-9.16.6-150000.12.63.1 libisccc1600-9.16.6-150000.12.63.1 libisccc1600-debuginfo-9.16.6-150000.12.63.1 libisccfg1600-9.16.6-150000.12.63.1 libisccfg1600-debuginfo-9.16.6-150000.12.63.1 libns1604-9.16.6-150000.12.63.1 libns1604-debuginfo-9.16.6-150000.12.63.1 References: https://www.suse.com/security/cve/CVE-2022-2795.html https://www.suse.com/security/cve/CVE-2022-38177.html https://www.suse.com/security/cve/CVE-2022-38178.html https://bugzilla.suse.com/1203614 https://bugzilla.suse.com/1203619 https://bugzilla.suse.com/1203620 From sle-updates at lists.suse.com Tue Oct 25 19:27:38 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 25 Oct 2022 21:27:38 +0200 (CEST) Subject: SUSE-FU-2022:3732-1: important: Feature update for patterns-wsl, yast2-registration and yast2-firstboot Message-ID: <20221025192738.3EDC8FDB8@maintenance.suse.de> SUSE Feature Update: Feature update for patterns-wsl, yast2-registration and yast2-firstboot ______________________________________________________________________________ Announcement ID: SUSE-FU-2022:3732-1 Rating: important References: PED-1380 PED-1670 Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has 0 feature fixes and contains two features can now be installed. Description: This update for patterns-wsl, yast2-registration and yast2-firstboot fixes the following issues: patterns-wsl: - Add patterns-wsl-base, patterns-wsl-system to basesystem. - Add patterns-wsl-gui to SLED. yast2-registration: - Allow forcing registration and configuring a YAML product as installed product. yast2-firstboot: - Add client to select product in WSL - Allow installing WSL GUI pattern Patch Instructions: To install this SUSE Feature Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3732=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-3732=1 Package List: - openSUSE Leap 15.4 (noarch): patterns-wsl-base-20221020-150400.3.5.1 patterns-wsl-gui-20221020-150400.3.5.1 yast2-firstboot-4.4.10-150400.3.6.1 yast2-firstboot-wsl-4.4.10-150400.3.6.1 yast2-registration-4.4.23-150400.3.6.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (noarch): patterns-wsl-base-20221020-150400.3.5.1 patterns-wsl-gui-20221020-150400.3.5.1 patterns-wsl-systemd-20221020-150400.3.5.1 yast2-firstboot-4.4.10-150400.3.6.1 yast2-firstboot-wsl-4.4.10-150400.3.6.1 yast2-registration-4.4.23-150400.3.6.1 References: From sle-updates at lists.suse.com Wed Oct 26 07:19:45 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 Oct 2022 09:19:45 +0200 (CEST) Subject: SUSE-CU-2022:2682-1: Recommended update of ses/7.1/cephcsi/cephcsi Message-ID: <20221026071945.DDAE1F78D@maintenance.suse.de> SUSE Container Update Advisory: ses/7.1/cephcsi/cephcsi ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2682-1 Container Tags : ses/7.1/cephcsi/cephcsi:3.7.0 , ses/7.1/cephcsi/cephcsi:3.7.0.0.3.2.425 , ses/7.1/cephcsi/cephcsi:latest , ses/7.1/cephcsi/cephcsi:sle15.3.pacific , ses/7.1/cephcsi/cephcsi:v3.7.0 , ses/7.1/cephcsi/cephcsi:v3.7.0.0 Container Release : 3.2.425 Severity : important Type : recommended References : 1203599 1204072 ----------------------------------------------------------------- The container ses/7.1/cephcsi/cephcsi was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3720-1 Released: Tue Oct 25 10:56:12 2022 Summary: Recommended update for ceph-csi, csi-external-attacher, csi-external-provisioner, csi-external-resizer, csi-external-snapshotter, csi-node-driver-registrar, rook, rook-helm Type: recommended Severity: important References: 1203599,1204072 This update for ceph-csi, csi-external-attacher, csi-external-provisioner, csi-external-resizer, csi-external-snapshotter, csi-node-driver-registrar, rook, rook-helm fixes the following issues: - Regular upgarde bsc#1204072 - Due to bsc#1203599 we need to build with go1.18 - Update to v1.10.1 Rook v1.10.1 is a patch release limited in scope and focusing on feature additions and bug fixes to the Ceph operator. * nfs: Add support for NFS snapshots, restore clone & resize * docs: Warn to upgrade Helm chart to 1.9.10 before upgrading to K8s 1.25 * operator: Improve ProbeHandler error message * helm: Set OBC storageclass name to correct namespace. If the operator is in a different namespace from the cluster, will require deleting the OBC storage class before upgrade. * manifest: Fix unexpected end of stream * rbd-mirror: Move volume replication sidecar to CSI-Addons * csi: Trigger CSI driver reconcile for every update to the configmap rook-ceph-operator-config * csi: Use cephcsi image for nfs nodeserver + holder design * osd: Small refactor for maintainability * csi: Change the default fsgroup policy for CSI driver object to File * csi: Fix holder pod creation in openshift multus cluster * docs: Sharing a CephFS PVC across namespaces * docs: Add example for configuring pg_num and pgp_num * osd: Disallow to create OSDs on an LV with metadata device * docs: Add missed sssdConfigFile params for NFS CRD - Upgrade to v1.10 To upgrade from previous versions of Rook, see the Ceph upgrade guide. - Breaking Changes - Remove support for Ceph Octopus (v15). Before upgrading to v1.10 please confirm you are running on at least v16. - Minimum K8s version supported is v1.19. - Features - The Ceph-CSI driver v3.7 is the default driver configured with Rook. See all the new CSI features in the v3.7 release notes. - Added support for AWS Server Side Encryption with AWS-SSE:S3 for RGW. - Added customEndpoints setting to specify a list of custom endpoint list for Object Multi-site connections in the CephObjectZone CR. - Support OSDs on logical volumes in host-based clusters in addition to raw volumes and partitions. - The toolbox pod now uses the Ceph image directly instead of the Rook image. This allows the same version of Ceph to be available in the toolbox as in your cluster. - Krew Plugin v0.2 See the new tools in the Rook Krew Plugin released recently in v0.2 as well: - Show the health of the Rook cluster: kubectl rook-ceph health - Connect to a Mon or OSD pod in debug mode: kubectl rook-ceph debug rook-ceph-osd-0 - Update to 3.7.0 Features: * KMIP integration for RBD PVC encryption * The Key Management Interoperability Protocol (KMIP) is an extensible communication protocol that defines message formats for the manipulation of cryptographic keys on a key management server. Ceph-CSI can now be configured to connect to various KMS using KMIP for encrypting RBD volumes. * NFS * Added support for volume expansion, snapshot, restore and clone. * Added NFS nodeserver within CephCSI with support for pod networking with nsenter. * Support enabling PV and snapshot metadata on the RBD images and CephFS subvolumes * For persistent volumes, clones and volume restores we support adding PVName/PVCName/PVCNamespace and ClusterName details * For snapshot volumes we support adding snapshot-name/snapshot-namespace/snapshotcontent-name and ClusterName details * Shallow Read Only support for Ceph CSI driver: * cephfs-csi expose CephFS snapshots as shallow, read-only volumes, without needing to clone the underlying snapshot data which enables users to Restore snapshots selectively - users may want to traverse snapshots, restoring data to a writable volume more selectively instead of restoring the whole snapshot and this feature also help to perform more efficient Volume backup. Enhancements: * All kubernetes sidecars ( external provisioner,snapshotter, resizer..etc) are rebased to latest available versions. Along with other dependency module updates this release consume go-ceph v0.17.0 and kubernetes 1.24.4 version. * snapshot API support has been lifted to GA version in this release. * From this release onwards, the CSI driver make use of File fsgroup policy for its fsgroup based operations. * New feature gates are enabled ( HonorPVReclaimPolicy..etc) in the sidecar deployments. Bug Fixes: * While mounting the volume, CSI drivers no longer open world wide permission on mount path ( See ). * Support linux kernels <=4.11.0, /sys/bus/rbd/supported_features is part of Linux kernel v4.11.0, prepare the supported feature attributes and use them in case if supported_features file is missing (See #2678) * Fix volume healer for StagingTargetPath issue for Kubernetes 1.24 (See #3176) * RBACs are restricted to a great extend in this release version compared to previous. The CSI driver operate on least required RBAC in a cluster from now on. The following package changes have been done: - ceph-csi-3.7.0+git0.34fd27bbd-150300.3.3.1 updated From sle-updates at lists.suse.com Wed Oct 26 07:21:37 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 Oct 2022 09:21:37 +0200 (CEST) Subject: SUSE-CU-2022:2687-1: Security update of ses/7.1/ceph/ceph Message-ID: <20221026072137.5DD70F78D@maintenance.suse.de> SUSE Container Update Advisory: ses/7.1/ceph/ceph ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2687-1 Container Tags : ses/7.1/ceph/ceph:16.2.9.536 , ses/7.1/ceph/ceph:16.2.9.536.3.2.277 , ses/7.1/ceph/ceph:latest , ses/7.1/ceph/ceph:sle15.3.pacific Container Release : 3.2.277 Severity : critical Type : security References : 1047178 1181994 1188006 1189282 1189802 1195773 1199079 1199140 1199492 1199895 1200993 1201092 1201576 1201638 1201680 1201783 1201942 1201972 1202624 1202868 1203018 1203438 1203649 1204357 CVE-2017-6512 CVE-2021-28861 CVE-2021-36690 CVE-2021-46828 CVE-2022-31252 CVE-2022-3515 CVE-2022-35737 CVE-2022-40674 ----------------------------------------------------------------- The container ses/7.1/ceph/ceph was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3215-1 Released: Thu Sep 8 15:58:27 2022 Summary: Recommended update for rpm Type: recommended Severity: moderate References: This update for rpm fixes the following issues: - Support Ed25519 RPM signatures [jsc#SLE-24714] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3223-1 Released: Fri Sep 9 04:33:35 2022 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1199895,1200993,1201092,1201576,1201638 This update for libzypp, zypper fixes the following issues: libzypp: - Improve handling of package locks, allowing to reset the status of its initial state (bsc#1199895) - Fix issues when receiving exceptions from curl_easy_cleanup (bsc#1201092) - Don't auto-flag kernel-firmware as 'reboot-needed' (bsc#1200993) - Remove Medianetwork and its dependent code. First reason for this is that MediaNetwork was just meant as a way to test the new CURL based downloaded. Second the Provide API is going to completely replace the current media backend. zypper: - Truncate the 'Name' column when using `zypper lr`, if the table is wider than the terminal (bsc#1201638) - Reject install/remove modifier without argument (bsc#1201576) - zypper-download: Handle unresolvable arguments as errors - Put signing key supplying repository name in quotes ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3262-1 Released: Tue Sep 13 15:34:29 2022 Summary: Recommended update for gcc11 Type: recommended Severity: moderate References: 1199140 This update for gcc11 ships some missing 32bit libraries for s390x. (bsc#1199140) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3271-1 Released: Wed Sep 14 06:45:39 2022 Summary: Security update for perl Type: security Severity: moderate References: 1047178,CVE-2017-6512 This update for perl fixes the following issues: - CVE-2017-6512: Fixed File::Path rmtree/remove_tree race condition (bsc#1047178). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3276-1 Released: Thu Sep 15 06:15:29 2022 Summary: This update fixes the following issues: Type: recommended Severity: moderate References: Implement ECO jsc#SLE-20950 to fix the channel configuration for libeconf-devel having L3 support (instead of unsupported). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3304-1 Released: Mon Sep 19 11:43:25 2022 Summary: Recommended update for libassuan Type: recommended Severity: moderate References: This update for libassuan fixes the following issues: - Add a timeout for writing to a SOCKS5 proxy - Add workaround for a problem with LD_LIBRARY_PATH on newer systems - Fix issue in the logging code - Fix some build trivialities - Upgrade autoconf ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3305-1 Released: Mon Sep 19 11:45:57 2022 Summary: Security update for libtirpc Type: security Severity: important References: 1201680,CVE-2021-46828 This update for libtirpc fixes the following issues: - CVE-2021-46828: Fixed denial of service vulnerability with lots of connections (bsc#1201680). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3307-1 Released: Mon Sep 19 13:26:51 2022 Summary: Security update for sqlite3 Type: security Severity: moderate References: 1189802,1195773,1201783,CVE-2021-36690,CVE-2022-35737 This update for sqlite3 fixes the following issues: - CVE-2022-35737: Fixed an array-bounds overflow if billions of bytes are used in a string argument to a C API (bnc#1201783). - CVE-2021-36690: Fixed an issue with the SQLite Expert extension when a column has no collating sequence (bsc#1189802). - Package the Tcl bindings here again so that we only ship one copy of SQLite (bsc#1195773). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3394-1 Released: Mon Sep 26 16:05:19 2022 Summary: Security update for permissions Type: security Severity: moderate References: 1203018,CVE-2022-31252 This update for permissions fixes the following issues: - CVE-2022-31252: Fixed chkstat group controlled paths (bsc#1203018). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3395-1 Released: Mon Sep 26 16:35:18 2022 Summary: Recommended update for ca-certificates-mozilla Type: recommended Severity: moderate References: 1181994,1188006,1199079,1202868 This update for ca-certificates-mozilla fixes the following issues: Updated to 2.56 state of Mozilla SSL root CAs (bsc#1202868) - Added: - Certainly Root E1 - Certainly Root R1 - DigiCert SMIME ECC P384 Root G5 - DigiCert SMIME RSA4096 Root G5 - DigiCert TLS ECC P384 Root G5 - DigiCert TLS RSA4096 Root G5 - E-Tugra Global Root CA ECC v3 - E-Tugra Global Root CA RSA v3 - Removed: - Hellenic Academic and Research Institutions RootCA 2011 Updated to 2.54 state of Mozilla SSL root CAs (bsc#1199079) - Added: - Autoridad de Certificacion Firmaprofesional CIF A62634068 - D-TRUST BR Root CA 1 2020 - D-TRUST EV Root CA 1 2020 - GlobalSign ECC Root CA R4 - GTS Root R1 - GTS Root R2 - GTS Root R3 - GTS Root R4 - HiPKI Root CA - G1 - ISRG Root X2 - Telia Root CA v2 - vTrus ECC Root CA - vTrus Root CA - Removed: - Cybertrust Global Root - DST Root CA X3 - DigiNotar PKIoverheid CA Organisatie - G2 - GlobalSign ECC Root CA R4 - GlobalSign Root CA R2 - GTS Root R1 - GTS Root R2 - GTS Root R3 - GTS Root R4 Updated to 2.50 state of the Mozilla NSS Certificate store (bsc#1188006) - Added: - HARICA Client ECC Root CA 2021 - HARICA Client RSA Root CA 2021 - HARICA TLS ECC Root CA 2021 - HARICA TLS RSA Root CA 2021 - TunTrust Root CA Updated to 2.46 state of the Mozilla NSS Certificate store (bsc#1181994) - Added new root CAs: - NAVER Global Root Certification Authority - Removed old root CAs: - GeoTrust Global CA - GeoTrust Primary Certification Authority - GeoTrust Primary Certification Authority - G3 - GeoTrust Universal CA - GeoTrust Universal CA 2 - thawte Primary Root CA - thawte Primary Root CA - G2 - thawte Primary Root CA - G3 - VeriSign Class 3 Public Primary Certification Authority - G4 - VeriSign Class 3 Public Primary Certification Authority - G5 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3452-1 Released: Wed Sep 28 12:13:43 2022 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1201942 This update for glibc fixes the following issues: - Reversing calculation of __x86_shared_non_temporal_threshold (bsc#1201942) - powerpc: Optimized memcmp for power10 (jsc#PED-987) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3544-1 Released: Thu Oct 6 13:48:42 2022 Summary: Security update for python3 Type: security Severity: important References: 1202624,CVE-2021-28861 This update for python3 fixes the following issues: - CVE-2021-28861: Fixed an open redirection vulnerability in the HTTP server when an URI path starts with // (bsc#1202624). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3555-1 Released: Mon Oct 10 14:05:12 2022 Summary: Recommended update for aaa_base Type: recommended Severity: important References: 1199492 This update for aaa_base fixes the following issues: - The wrapper rootsh is not a restricted shell. (bsc#1199492) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3565-1 Released: Tue Oct 11 16:17:38 2022 Summary: Recommended update for libzypp, zypper Type: recommended Severity: critical References: 1189282,1201972,1203649 This update for libzypp, zypper fixes the following issues: libzypp: - Enable 'zck' support for SUSE Linux Enterprise 15 Service Pack 4 and newer (bsc#1189282) - Fix regression leading to `-allow-vendor-change` and `no-allow-vendor-change` options being ignored (bsc#1201972) - Remove migration code that is no longer needed (bsc#1203649) - Store logrotate files in vendor specif directory '/usr/etc/logrotate.d' if so defined zypper: - Fix contradiction in the man page: `--download-in-advance` option is the default behavior - Fix regression leading to `-allow-vendor-change` and `no-allow-vendor-change` options being ignored (bsc#1201972) - Fix tests to use locale 'C.UTF-8' rather than 'en_US' - Make sure 'up' respects solver related CLI options (bsc#1201972) - Remove unneeded code to compute the PPP status because it is now auto established - Store logrotate files in vendor specif directory '/usr/etc/logrotate.d' if so defined ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3597-1 Released: Mon Oct 17 13:13:16 2022 Summary: Security update for expat Type: security Severity: important References: 1203438,CVE-2022-40674 This update for expat fixes the following issues: - CVE-2022-40674: Fixed use-after-free in the doContent function in xmlparse.c (bsc#1203438). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3683-1 Released: Fri Oct 21 11:48:39 2022 Summary: Security update for libksba Type: security Severity: critical References: 1204357,CVE-2022-3515 This update for libksba fixes the following issues: - CVE-2022-3515: Fixed a possible overflow in the TLV parser (bsc#1204357). The following package changes have been done: - aaa_base-84.87+git20180409.04c9dae-150300.10.3.1 updated - ca-certificates-mozilla-2.56-150200.24.1 updated - glibc-locale-base-2.31-150300.41.1 updated - glibc-2.31-150300.41.1 updated - libassuan0-2.5.5-150000.4.3.1 updated - libeconf0-0.4.4+git20220104.962774f-150300.3.8.1 updated - libexpat1-2.2.5-150000.3.22.1 updated - libgcc_s1-11.3.0+git1637-150000.1.11.2 updated - libksba8-1.3.5-150000.4.3.1 updated - libpython3_6m1_0-3.6.15-150300.10.30.1 updated - libsqlite3-0-3.39.3-150000.3.17.1 updated - libstdc++6-11.3.0+git1637-150000.1.11.2 updated - libtirpc-netconfig-1.2.6-150300.3.14.1 updated - libtirpc3-1.2.6-150300.3.14.1 updated - libzypp-17.31.2-150200.45.1 updated - perl-base-5.26.1-150300.17.11.1 updated - permissions-20181225-150200.23.15.1 updated - python3-base-3.6.15-150300.10.30.1 updated - python3-curses-3.6.15-150300.10.30.1 updated - python3-3.6.15-150300.10.30.1 updated - rpm-ndb-4.14.3-150300.49.1 updated - zypper-1.14.57-150200.39.1 updated - container:sles15-image-15.0.0-17.20.53 updated From sle-updates at lists.suse.com Wed Oct 26 07:22:57 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 Oct 2022 09:22:57 +0200 (CEST) Subject: SUSE-CU-2022:2692-1: Recommended update of ses/7.1/cephcsi/csi-attacher Message-ID: <20221026072257.35B0EF78D@maintenance.suse.de> SUSE Container Update Advisory: ses/7.1/cephcsi/csi-attacher ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2692-1 Container Tags : ses/7.1/cephcsi/csi-attacher:v3.5.0 , ses/7.1/cephcsi/csi-attacher:v3.5.0-rev1 , ses/7.1/cephcsi/csi-attacher:v3.5.0-rev1-build2.2.254 Container Release : 2.2.254 Severity : important Type : recommended References : 1203599 1204072 ----------------------------------------------------------------- The container ses/7.1/cephcsi/csi-attacher was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3720-1 Released: Tue Oct 25 10:56:12 2022 Summary: Recommended update for ceph-csi, csi-external-attacher, csi-external-provisioner, csi-external-resizer, csi-external-snapshotter, csi-node-driver-registrar, rook, rook-helm Type: recommended Severity: important References: 1203599,1204072 This update for ceph-csi, csi-external-attacher, csi-external-provisioner, csi-external-resizer, csi-external-snapshotter, csi-node-driver-registrar, rook, rook-helm fixes the following issues: - Regular upgarde bsc#1204072 - Due to bsc#1203599 we need to build with go1.18 - Update to v1.10.1 Rook v1.10.1 is a patch release limited in scope and focusing on feature additions and bug fixes to the Ceph operator. * nfs: Add support for NFS snapshots, restore clone & resize * docs: Warn to upgrade Helm chart to 1.9.10 before upgrading to K8s 1.25 * operator: Improve ProbeHandler error message * helm: Set OBC storageclass name to correct namespace. If the operator is in a different namespace from the cluster, will require deleting the OBC storage class before upgrade. * manifest: Fix unexpected end of stream * rbd-mirror: Move volume replication sidecar to CSI-Addons * csi: Trigger CSI driver reconcile for every update to the configmap rook-ceph-operator-config * csi: Use cephcsi image for nfs nodeserver + holder design * osd: Small refactor for maintainability * csi: Change the default fsgroup policy for CSI driver object to File * csi: Fix holder pod creation in openshift multus cluster * docs: Sharing a CephFS PVC across namespaces * docs: Add example for configuring pg_num and pgp_num * osd: Disallow to create OSDs on an LV with metadata device * docs: Add missed sssdConfigFile params for NFS CRD - Upgrade to v1.10 To upgrade from previous versions of Rook, see the Ceph upgrade guide. - Breaking Changes - Remove support for Ceph Octopus (v15). Before upgrading to v1.10 please confirm you are running on at least v16. - Minimum K8s version supported is v1.19. - Features - The Ceph-CSI driver v3.7 is the default driver configured with Rook. See all the new CSI features in the v3.7 release notes. - Added support for AWS Server Side Encryption with AWS-SSE:S3 for RGW. - Added customEndpoints setting to specify a list of custom endpoint list for Object Multi-site connections in the CephObjectZone CR. - Support OSDs on logical volumes in host-based clusters in addition to raw volumes and partitions. - The toolbox pod now uses the Ceph image directly instead of the Rook image. This allows the same version of Ceph to be available in the toolbox as in your cluster. - Krew Plugin v0.2 See the new tools in the Rook Krew Plugin released recently in v0.2 as well: - Show the health of the Rook cluster: kubectl rook-ceph health - Connect to a Mon or OSD pod in debug mode: kubectl rook-ceph debug rook-ceph-osd-0 - Update to 3.7.0 Features: * KMIP integration for RBD PVC encryption * The Key Management Interoperability Protocol (KMIP) is an extensible communication protocol that defines message formats for the manipulation of cryptographic keys on a key management server. Ceph-CSI can now be configured to connect to various KMS using KMIP for encrypting RBD volumes. * NFS * Added support for volume expansion, snapshot, restore and clone. * Added NFS nodeserver within CephCSI with support for pod networking with nsenter. * Support enabling PV and snapshot metadata on the RBD images and CephFS subvolumes * For persistent volumes, clones and volume restores we support adding PVName/PVCName/PVCNamespace and ClusterName details * For snapshot volumes we support adding snapshot-name/snapshot-namespace/snapshotcontent-name and ClusterName details * Shallow Read Only support for Ceph CSI driver: * cephfs-csi expose CephFS snapshots as shallow, read-only volumes, without needing to clone the underlying snapshot data which enables users to Restore snapshots selectively - users may want to traverse snapshots, restoring data to a writable volume more selectively instead of restoring the whole snapshot and this feature also help to perform more efficient Volume backup. Enhancements: * All kubernetes sidecars ( external provisioner,snapshotter, resizer..etc) are rebased to latest available versions. Along with other dependency module updates this release consume go-ceph v0.17.0 and kubernetes 1.24.4 version. * snapshot API support has been lifted to GA version in this release. * From this release onwards, the CSI driver make use of File fsgroup policy for its fsgroup based operations. * New feature gates are enabled ( HonorPVReclaimPolicy..etc) in the sidecar deployments. Bug Fixes: * While mounting the volume, CSI drivers no longer open world wide permission on mount path ( See ). * Support linux kernels <=4.11.0, /sys/bus/rbd/supported_features is part of Linux kernel v4.11.0, prepare the supported feature attributes and use them in case if supported_features file is missing (See #2678) * Fix volume healer for StagingTargetPath issue for Kubernetes 1.24 (See #3176) * RBACs are restricted to a great extend in this release version compared to previous. The CSI driver operate on least required RBAC in a cluster from now on. The following package changes have been done: - csi-external-attacher-3.5.0-150300.3.3.1 updated From sle-updates at lists.suse.com Wed Oct 26 07:23:14 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 Oct 2022 09:23:14 +0200 (CEST) Subject: SUSE-CU-2022:2693-1: Security update of ses/7.1/cephcsi/csi-node-driver-registrar Message-ID: <20221026072314.26AF4F78D@maintenance.suse.de> SUSE Container Update Advisory: ses/7.1/cephcsi/csi-node-driver-registrar ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2693-1 Container Tags : ses/7.1/cephcsi/csi-node-driver-registrar:v2.5.0 , ses/7.1/cephcsi/csi-node-driver-registrar:v2.5.0-rev1 , ses/7.1/cephcsi/csi-node-driver-registrar:v2.5.0-rev1-build2.2.263 Container Release : 2.2.263 Severity : critical Type : security References : 1047178 1189282 1189802 1195773 1199140 1199492 1199895 1200993 1201092 1201576 1201638 1201680 1201783 1201942 1201972 1203018 1203649 1204357 CVE-2017-6512 CVE-2021-36690 CVE-2021-46828 CVE-2022-31252 CVE-2022-3515 CVE-2022-35737 ----------------------------------------------------------------- The container ses/7.1/cephcsi/csi-node-driver-registrar was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3215-1 Released: Thu Sep 8 15:58:27 2022 Summary: Recommended update for rpm Type: recommended Severity: moderate References: This update for rpm fixes the following issues: - Support Ed25519 RPM signatures [jsc#SLE-24714] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3223-1 Released: Fri Sep 9 04:33:35 2022 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1199895,1200993,1201092,1201576,1201638 This update for libzypp, zypper fixes the following issues: libzypp: - Improve handling of package locks, allowing to reset the status of its initial state (bsc#1199895) - Fix issues when receiving exceptions from curl_easy_cleanup (bsc#1201092) - Don't auto-flag kernel-firmware as 'reboot-needed' (bsc#1200993) - Remove Medianetwork and its dependent code. First reason for this is that MediaNetwork was just meant as a way to test the new CURL based downloaded. Second the Provide API is going to completely replace the current media backend. zypper: - Truncate the 'Name' column when using `zypper lr`, if the table is wider than the terminal (bsc#1201638) - Reject install/remove modifier without argument (bsc#1201576) - zypper-download: Handle unresolvable arguments as errors - Put signing key supplying repository name in quotes ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3262-1 Released: Tue Sep 13 15:34:29 2022 Summary: Recommended update for gcc11 Type: recommended Severity: moderate References: 1199140 This update for gcc11 ships some missing 32bit libraries for s390x. (bsc#1199140) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3271-1 Released: Wed Sep 14 06:45:39 2022 Summary: Security update for perl Type: security Severity: moderate References: 1047178,CVE-2017-6512 This update for perl fixes the following issues: - CVE-2017-6512: Fixed File::Path rmtree/remove_tree race condition (bsc#1047178). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3276-1 Released: Thu Sep 15 06:15:29 2022 Summary: This update fixes the following issues: Type: recommended Severity: moderate References: Implement ECO jsc#SLE-20950 to fix the channel configuration for libeconf-devel having L3 support (instead of unsupported). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3304-1 Released: Mon Sep 19 11:43:25 2022 Summary: Recommended update for libassuan Type: recommended Severity: moderate References: This update for libassuan fixes the following issues: - Add a timeout for writing to a SOCKS5 proxy - Add workaround for a problem with LD_LIBRARY_PATH on newer systems - Fix issue in the logging code - Fix some build trivialities - Upgrade autoconf ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3305-1 Released: Mon Sep 19 11:45:57 2022 Summary: Security update for libtirpc Type: security Severity: important References: 1201680,CVE-2021-46828 This update for libtirpc fixes the following issues: - CVE-2021-46828: Fixed denial of service vulnerability with lots of connections (bsc#1201680). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3307-1 Released: Mon Sep 19 13:26:51 2022 Summary: Security update for sqlite3 Type: security Severity: moderate References: 1189802,1195773,1201783,CVE-2021-36690,CVE-2022-35737 This update for sqlite3 fixes the following issues: - CVE-2022-35737: Fixed an array-bounds overflow if billions of bytes are used in a string argument to a C API (bnc#1201783). - CVE-2021-36690: Fixed an issue with the SQLite Expert extension when a column has no collating sequence (bsc#1189802). - Package the Tcl bindings here again so that we only ship one copy of SQLite (bsc#1195773). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3394-1 Released: Mon Sep 26 16:05:19 2022 Summary: Security update for permissions Type: security Severity: moderate References: 1203018,CVE-2022-31252 This update for permissions fixes the following issues: - CVE-2022-31252: Fixed chkstat group controlled paths (bsc#1203018). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3452-1 Released: Wed Sep 28 12:13:43 2022 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1201942 This update for glibc fixes the following issues: - Reversing calculation of __x86_shared_non_temporal_threshold (bsc#1201942) - powerpc: Optimized memcmp for power10 (jsc#PED-987) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3555-1 Released: Mon Oct 10 14:05:12 2022 Summary: Recommended update for aaa_base Type: recommended Severity: important References: 1199492 This update for aaa_base fixes the following issues: - The wrapper rootsh is not a restricted shell. (bsc#1199492) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3565-1 Released: Tue Oct 11 16:17:38 2022 Summary: Recommended update for libzypp, zypper Type: recommended Severity: critical References: 1189282,1201972,1203649 This update for libzypp, zypper fixes the following issues: libzypp: - Enable 'zck' support for SUSE Linux Enterprise 15 Service Pack 4 and newer (bsc#1189282) - Fix regression leading to `-allow-vendor-change` and `no-allow-vendor-change` options being ignored (bsc#1201972) - Remove migration code that is no longer needed (bsc#1203649) - Store logrotate files in vendor specif directory '/usr/etc/logrotate.d' if so defined zypper: - Fix contradiction in the man page: `--download-in-advance` option is the default behavior - Fix regression leading to `-allow-vendor-change` and `no-allow-vendor-change` options being ignored (bsc#1201972) - Fix tests to use locale 'C.UTF-8' rather than 'en_US' - Make sure 'up' respects solver related CLI options (bsc#1201972) - Remove unneeded code to compute the PPP status because it is now auto established - Store logrotate files in vendor specif directory '/usr/etc/logrotate.d' if so defined ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3683-1 Released: Fri Oct 21 11:48:39 2022 Summary: Security update for libksba Type: security Severity: critical References: 1204357,CVE-2022-3515 This update for libksba fixes the following issues: - CVE-2022-3515: Fixed a possible overflow in the TLV parser (bsc#1204357). The following package changes have been done: - aaa_base-84.87+git20180409.04c9dae-150300.10.3.1 updated - glibc-2.31-150300.41.1 updated - libassuan0-2.5.5-150000.4.3.1 updated - libeconf0-0.4.4+git20220104.962774f-150300.3.8.1 updated - libgcc_s1-11.3.0+git1637-150000.1.11.2 updated - libksba8-1.3.5-150000.4.3.1 updated - libsqlite3-0-3.39.3-150000.3.17.1 updated - libstdc++6-11.3.0+git1637-150000.1.11.2 updated - libtirpc-netconfig-1.2.6-150300.3.14.1 updated - libtirpc3-1.2.6-150300.3.14.1 updated - libzypp-17.31.2-150200.45.1 updated - perl-base-5.26.1-150300.17.11.1 updated - permissions-20181225-150200.23.15.1 updated - rpm-ndb-4.14.3-150300.49.1 updated - zypper-1.14.57-150200.39.1 updated - container:sles15-image-15.0.0-17.20.53 updated From sle-updates at lists.suse.com Wed Oct 26 07:23:20 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 Oct 2022 09:23:20 +0200 (CEST) Subject: SUSE-CU-2022:2694-1: Recommended update of ses/7.1/cephcsi/csi-node-driver-registrar Message-ID: <20221026072320.2394FF78D@maintenance.suse.de> SUSE Container Update Advisory: ses/7.1/cephcsi/csi-node-driver-registrar ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2694-1 Container Tags : ses/7.1/cephcsi/csi-node-driver-registrar:v2.5.1 , ses/7.1/cephcsi/csi-node-driver-registrar:v2.5.1-rev1 , ses/7.1/cephcsi/csi-node-driver-registrar:v2.5.1-rev1-build2.2.264 Container Release : 2.2.264 Severity : important Type : recommended References : 1203599 1204072 ----------------------------------------------------------------- The container ses/7.1/cephcsi/csi-node-driver-registrar was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3720-1 Released: Tue Oct 25 10:56:12 2022 Summary: Recommended update for ceph-csi, csi-external-attacher, csi-external-provisioner, csi-external-resizer, csi-external-snapshotter, csi-node-driver-registrar, rook, rook-helm Type: recommended Severity: important References: 1203599,1204072 This update for ceph-csi, csi-external-attacher, csi-external-provisioner, csi-external-resizer, csi-external-snapshotter, csi-node-driver-registrar, rook, rook-helm fixes the following issues: - Regular upgarde bsc#1204072 - Due to bsc#1203599 we need to build with go1.18 - Update to v1.10.1 Rook v1.10.1 is a patch release limited in scope and focusing on feature additions and bug fixes to the Ceph operator. * nfs: Add support for NFS snapshots, restore clone & resize * docs: Warn to upgrade Helm chart to 1.9.10 before upgrading to K8s 1.25 * operator: Improve ProbeHandler error message * helm: Set OBC storageclass name to correct namespace. If the operator is in a different namespace from the cluster, will require deleting the OBC storage class before upgrade. * manifest: Fix unexpected end of stream * rbd-mirror: Move volume replication sidecar to CSI-Addons * csi: Trigger CSI driver reconcile for every update to the configmap rook-ceph-operator-config * csi: Use cephcsi image for nfs nodeserver + holder design * osd: Small refactor for maintainability * csi: Change the default fsgroup policy for CSI driver object to File * csi: Fix holder pod creation in openshift multus cluster * docs: Sharing a CephFS PVC across namespaces * docs: Add example for configuring pg_num and pgp_num * osd: Disallow to create OSDs on an LV with metadata device * docs: Add missed sssdConfigFile params for NFS CRD - Upgrade to v1.10 To upgrade from previous versions of Rook, see the Ceph upgrade guide. - Breaking Changes - Remove support for Ceph Octopus (v15). Before upgrading to v1.10 please confirm you are running on at least v16. - Minimum K8s version supported is v1.19. - Features - The Ceph-CSI driver v3.7 is the default driver configured with Rook. See all the new CSI features in the v3.7 release notes. - Added support for AWS Server Side Encryption with AWS-SSE:S3 for RGW. - Added customEndpoints setting to specify a list of custom endpoint list for Object Multi-site connections in the CephObjectZone CR. - Support OSDs on logical volumes in host-based clusters in addition to raw volumes and partitions. - The toolbox pod now uses the Ceph image directly instead of the Rook image. This allows the same version of Ceph to be available in the toolbox as in your cluster. - Krew Plugin v0.2 See the new tools in the Rook Krew Plugin released recently in v0.2 as well: - Show the health of the Rook cluster: kubectl rook-ceph health - Connect to a Mon or OSD pod in debug mode: kubectl rook-ceph debug rook-ceph-osd-0 - Update to 3.7.0 Features: * KMIP integration for RBD PVC encryption * The Key Management Interoperability Protocol (KMIP) is an extensible communication protocol that defines message formats for the manipulation of cryptographic keys on a key management server. Ceph-CSI can now be configured to connect to various KMS using KMIP for encrypting RBD volumes. * NFS * Added support for volume expansion, snapshot, restore and clone. * Added NFS nodeserver within CephCSI with support for pod networking with nsenter. * Support enabling PV and snapshot metadata on the RBD images and CephFS subvolumes * For persistent volumes, clones and volume restores we support adding PVName/PVCName/PVCNamespace and ClusterName details * For snapshot volumes we support adding snapshot-name/snapshot-namespace/snapshotcontent-name and ClusterName details * Shallow Read Only support for Ceph CSI driver: * cephfs-csi expose CephFS snapshots as shallow, read-only volumes, without needing to clone the underlying snapshot data which enables users to Restore snapshots selectively - users may want to traverse snapshots, restoring data to a writable volume more selectively instead of restoring the whole snapshot and this feature also help to perform more efficient Volume backup. Enhancements: * All kubernetes sidecars ( external provisioner,snapshotter, resizer..etc) are rebased to latest available versions. Along with other dependency module updates this release consume go-ceph v0.17.0 and kubernetes 1.24.4 version. * snapshot API support has been lifted to GA version in this release. * From this release onwards, the CSI driver make use of File fsgroup policy for its fsgroup based operations. * New feature gates are enabled ( HonorPVReclaimPolicy..etc) in the sidecar deployments. Bug Fixes: * While mounting the volume, CSI drivers no longer open world wide permission on mount path ( See ). * Support linux kernels <=4.11.0, /sys/bus/rbd/supported_features is part of Linux kernel v4.11.0, prepare the supported feature attributes and use them in case if supported_features file is missing (See #2678) * Fix volume healer for StagingTargetPath issue for Kubernetes 1.24 (See #3176) * RBACs are restricted to a great extend in this release version compared to previous. The CSI driver operate on least required RBAC in a cluster from now on. The following package changes have been done: - csi-node-driver-registrar-2.5.1-150300.3.3.1 updated From sle-updates at lists.suse.com Wed Oct 26 07:23:48 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 Oct 2022 09:23:48 +0200 (CEST) Subject: SUSE-CU-2022:2696-1: Recommended update of ses/7.1/cephcsi/csi-provisioner Message-ID: <20221026072348.1F427F78D@maintenance.suse.de> SUSE Container Update Advisory: ses/7.1/cephcsi/csi-provisioner ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2696-1 Container Tags : ses/7.1/cephcsi/csi-provisioner:v3.2.1 , ses/7.1/cephcsi/csi-provisioner:v3.2.1-rev1 , ses/7.1/cephcsi/csi-provisioner:v3.2.1-rev1-build2.2.257 Container Release : 2.2.257 Severity : important Type : recommended References : 1203599 1204072 ----------------------------------------------------------------- The container ses/7.1/cephcsi/csi-provisioner was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3720-1 Released: Tue Oct 25 10:56:12 2022 Summary: Recommended update for ceph-csi, csi-external-attacher, csi-external-provisioner, csi-external-resizer, csi-external-snapshotter, csi-node-driver-registrar, rook, rook-helm Type: recommended Severity: important References: 1203599,1204072 This update for ceph-csi, csi-external-attacher, csi-external-provisioner, csi-external-resizer, csi-external-snapshotter, csi-node-driver-registrar, rook, rook-helm fixes the following issues: - Regular upgarde bsc#1204072 - Due to bsc#1203599 we need to build with go1.18 - Update to v1.10.1 Rook v1.10.1 is a patch release limited in scope and focusing on feature additions and bug fixes to the Ceph operator. * nfs: Add support for NFS snapshots, restore clone & resize * docs: Warn to upgrade Helm chart to 1.9.10 before upgrading to K8s 1.25 * operator: Improve ProbeHandler error message * helm: Set OBC storageclass name to correct namespace. If the operator is in a different namespace from the cluster, will require deleting the OBC storage class before upgrade. * manifest: Fix unexpected end of stream * rbd-mirror: Move volume replication sidecar to CSI-Addons * csi: Trigger CSI driver reconcile for every update to the configmap rook-ceph-operator-config * csi: Use cephcsi image for nfs nodeserver + holder design * osd: Small refactor for maintainability * csi: Change the default fsgroup policy for CSI driver object to File * csi: Fix holder pod creation in openshift multus cluster * docs: Sharing a CephFS PVC across namespaces * docs: Add example for configuring pg_num and pgp_num * osd: Disallow to create OSDs on an LV with metadata device * docs: Add missed sssdConfigFile params for NFS CRD - Upgrade to v1.10 To upgrade from previous versions of Rook, see the Ceph upgrade guide. - Breaking Changes - Remove support for Ceph Octopus (v15). Before upgrading to v1.10 please confirm you are running on at least v16. - Minimum K8s version supported is v1.19. - Features - The Ceph-CSI driver v3.7 is the default driver configured with Rook. See all the new CSI features in the v3.7 release notes. - Added support for AWS Server Side Encryption with AWS-SSE:S3 for RGW. - Added customEndpoints setting to specify a list of custom endpoint list for Object Multi-site connections in the CephObjectZone CR. - Support OSDs on logical volumes in host-based clusters in addition to raw volumes and partitions. - The toolbox pod now uses the Ceph image directly instead of the Rook image. This allows the same version of Ceph to be available in the toolbox as in your cluster. - Krew Plugin v0.2 See the new tools in the Rook Krew Plugin released recently in v0.2 as well: - Show the health of the Rook cluster: kubectl rook-ceph health - Connect to a Mon or OSD pod in debug mode: kubectl rook-ceph debug rook-ceph-osd-0 - Update to 3.7.0 Features: * KMIP integration for RBD PVC encryption * The Key Management Interoperability Protocol (KMIP) is an extensible communication protocol that defines message formats for the manipulation of cryptographic keys on a key management server. Ceph-CSI can now be configured to connect to various KMS using KMIP for encrypting RBD volumes. * NFS * Added support for volume expansion, snapshot, restore and clone. * Added NFS nodeserver within CephCSI with support for pod networking with nsenter. * Support enabling PV and snapshot metadata on the RBD images and CephFS subvolumes * For persistent volumes, clones and volume restores we support adding PVName/PVCName/PVCNamespace and ClusterName details * For snapshot volumes we support adding snapshot-name/snapshot-namespace/snapshotcontent-name and ClusterName details * Shallow Read Only support for Ceph CSI driver: * cephfs-csi expose CephFS snapshots as shallow, read-only volumes, without needing to clone the underlying snapshot data which enables users to Restore snapshots selectively - users may want to traverse snapshots, restoring data to a writable volume more selectively instead of restoring the whole snapshot and this feature also help to perform more efficient Volume backup. Enhancements: * All kubernetes sidecars ( external provisioner,snapshotter, resizer..etc) are rebased to latest available versions. Along with other dependency module updates this release consume go-ceph v0.17.0 and kubernetes 1.24.4 version. * snapshot API support has been lifted to GA version in this release. * From this release onwards, the CSI driver make use of File fsgroup policy for its fsgroup based operations. * New feature gates are enabled ( HonorPVReclaimPolicy..etc) in the sidecar deployments. Bug Fixes: * While mounting the volume, CSI drivers no longer open world wide permission on mount path ( See ). * Support linux kernels <=4.11.0, /sys/bus/rbd/supported_features is part of Linux kernel v4.11.0, prepare the supported feature attributes and use them in case if supported_features file is missing (See #2678) * Fix volume healer for StagingTargetPath issue for Kubernetes 1.24 (See #3176) * RBACs are restricted to a great extend in this release version compared to previous. The CSI driver operate on least required RBAC in a cluster from now on. The following package changes have been done: - csi-external-provisioner-3.2.1-150300.3.3.1 updated From sle-updates at lists.suse.com Wed Oct 26 07:24:13 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 Oct 2022 09:24:13 +0200 (CEST) Subject: SUSE-CU-2022:2698-1: Recommended update of ses/7.1/cephcsi/csi-resizer Message-ID: <20221026072413.B63F7F78D@maintenance.suse.de> SUSE Container Update Advisory: ses/7.1/cephcsi/csi-resizer ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2698-1 Container Tags : ses/7.1/cephcsi/csi-resizer:v1.5.0 , ses/7.1/cephcsi/csi-resizer:v1.5.0-rev1 , ses/7.1/cephcsi/csi-resizer:v1.5.0-rev1-build2.2.256 Container Release : 2.2.256 Severity : important Type : recommended References : 1203599 1204072 ----------------------------------------------------------------- The container ses/7.1/cephcsi/csi-resizer was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3720-1 Released: Tue Oct 25 10:56:12 2022 Summary: Recommended update for ceph-csi, csi-external-attacher, csi-external-provisioner, csi-external-resizer, csi-external-snapshotter, csi-node-driver-registrar, rook, rook-helm Type: recommended Severity: important References: 1203599,1204072 This update for ceph-csi, csi-external-attacher, csi-external-provisioner, csi-external-resizer, csi-external-snapshotter, csi-node-driver-registrar, rook, rook-helm fixes the following issues: - Regular upgarde bsc#1204072 - Due to bsc#1203599 we need to build with go1.18 - Update to v1.10.1 Rook v1.10.1 is a patch release limited in scope and focusing on feature additions and bug fixes to the Ceph operator. * nfs: Add support for NFS snapshots, restore clone & resize * docs: Warn to upgrade Helm chart to 1.9.10 before upgrading to K8s 1.25 * operator: Improve ProbeHandler error message * helm: Set OBC storageclass name to correct namespace. If the operator is in a different namespace from the cluster, will require deleting the OBC storage class before upgrade. * manifest: Fix unexpected end of stream * rbd-mirror: Move volume replication sidecar to CSI-Addons * csi: Trigger CSI driver reconcile for every update to the configmap rook-ceph-operator-config * csi: Use cephcsi image for nfs nodeserver + holder design * osd: Small refactor for maintainability * csi: Change the default fsgroup policy for CSI driver object to File * csi: Fix holder pod creation in openshift multus cluster * docs: Sharing a CephFS PVC across namespaces * docs: Add example for configuring pg_num and pgp_num * osd: Disallow to create OSDs on an LV with metadata device * docs: Add missed sssdConfigFile params for NFS CRD - Upgrade to v1.10 To upgrade from previous versions of Rook, see the Ceph upgrade guide. - Breaking Changes - Remove support for Ceph Octopus (v15). Before upgrading to v1.10 please confirm you are running on at least v16. - Minimum K8s version supported is v1.19. - Features - The Ceph-CSI driver v3.7 is the default driver configured with Rook. See all the new CSI features in the v3.7 release notes. - Added support for AWS Server Side Encryption with AWS-SSE:S3 for RGW. - Added customEndpoints setting to specify a list of custom endpoint list for Object Multi-site connections in the CephObjectZone CR. - Support OSDs on logical volumes in host-based clusters in addition to raw volumes and partitions. - The toolbox pod now uses the Ceph image directly instead of the Rook image. This allows the same version of Ceph to be available in the toolbox as in your cluster. - Krew Plugin v0.2 See the new tools in the Rook Krew Plugin released recently in v0.2 as well: - Show the health of the Rook cluster: kubectl rook-ceph health - Connect to a Mon or OSD pod in debug mode: kubectl rook-ceph debug rook-ceph-osd-0 - Update to 3.7.0 Features: * KMIP integration for RBD PVC encryption * The Key Management Interoperability Protocol (KMIP) is an extensible communication protocol that defines message formats for the manipulation of cryptographic keys on a key management server. Ceph-CSI can now be configured to connect to various KMS using KMIP for encrypting RBD volumes. * NFS * Added support for volume expansion, snapshot, restore and clone. * Added NFS nodeserver within CephCSI with support for pod networking with nsenter. * Support enabling PV and snapshot metadata on the RBD images and CephFS subvolumes * For persistent volumes, clones and volume restores we support adding PVName/PVCName/PVCNamespace and ClusterName details * For snapshot volumes we support adding snapshot-name/snapshot-namespace/snapshotcontent-name and ClusterName details * Shallow Read Only support for Ceph CSI driver: * cephfs-csi expose CephFS snapshots as shallow, read-only volumes, without needing to clone the underlying snapshot data which enables users to Restore snapshots selectively - users may want to traverse snapshots, restoring data to a writable volume more selectively instead of restoring the whole snapshot and this feature also help to perform more efficient Volume backup. Enhancements: * All kubernetes sidecars ( external provisioner,snapshotter, resizer..etc) are rebased to latest available versions. Along with other dependency module updates this release consume go-ceph v0.17.0 and kubernetes 1.24.4 version. * snapshot API support has been lifted to GA version in this release. * From this release onwards, the CSI driver make use of File fsgroup policy for its fsgroup based operations. * New feature gates are enabled ( HonorPVReclaimPolicy..etc) in the sidecar deployments. Bug Fixes: * While mounting the volume, CSI drivers no longer open world wide permission on mount path ( See ). * Support linux kernels <=4.11.0, /sys/bus/rbd/supported_features is part of Linux kernel v4.11.0, prepare the supported feature attributes and use them in case if supported_features file is missing (See #2678) * Fix volume healer for StagingTargetPath issue for Kubernetes 1.24 (See #3176) * RBACs are restricted to a great extend in this release version compared to previous. The CSI driver operate on least required RBAC in a cluster from now on. The following package changes have been done: - csi-external-resizer-1.5.0-150300.3.3.1 updated From sle-updates at lists.suse.com Wed Oct 26 07:24:30 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 Oct 2022 09:24:30 +0200 (CEST) Subject: SUSE-CU-2022:2699-1: Security update of ses/7.1/cephcsi/csi-snapshotter Message-ID: <20221026072430.07E47F78D@maintenance.suse.de> SUSE Container Update Advisory: ses/7.1/cephcsi/csi-snapshotter ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2699-1 Container Tags : ses/7.1/cephcsi/csi-snapshotter:v5.0.1 , ses/7.1/cephcsi/csi-snapshotter:v5.0.1-rev1 , ses/7.1/cephcsi/csi-snapshotter:v5.0.1-rev1-build2.2.254 Container Release : 2.2.254 Severity : critical Type : security References : 1047178 1189282 1189802 1195773 1199140 1199492 1199895 1200993 1201092 1201576 1201638 1201680 1201783 1201942 1201972 1203018 1203649 1204357 CVE-2017-6512 CVE-2021-36690 CVE-2021-46828 CVE-2022-31252 CVE-2022-3515 CVE-2022-35737 ----------------------------------------------------------------- The container ses/7.1/cephcsi/csi-snapshotter was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3215-1 Released: Thu Sep 8 15:58:27 2022 Summary: Recommended update for rpm Type: recommended Severity: moderate References: This update for rpm fixes the following issues: - Support Ed25519 RPM signatures [jsc#SLE-24714] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3223-1 Released: Fri Sep 9 04:33:35 2022 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1199895,1200993,1201092,1201576,1201638 This update for libzypp, zypper fixes the following issues: libzypp: - Improve handling of package locks, allowing to reset the status of its initial state (bsc#1199895) - Fix issues when receiving exceptions from curl_easy_cleanup (bsc#1201092) - Don't auto-flag kernel-firmware as 'reboot-needed' (bsc#1200993) - Remove Medianetwork and its dependent code. First reason for this is that MediaNetwork was just meant as a way to test the new CURL based downloaded. Second the Provide API is going to completely replace the current media backend. zypper: - Truncate the 'Name' column when using `zypper lr`, if the table is wider than the terminal (bsc#1201638) - Reject install/remove modifier without argument (bsc#1201576) - zypper-download: Handle unresolvable arguments as errors - Put signing key supplying repository name in quotes ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3262-1 Released: Tue Sep 13 15:34:29 2022 Summary: Recommended update for gcc11 Type: recommended Severity: moderate References: 1199140 This update for gcc11 ships some missing 32bit libraries for s390x. (bsc#1199140) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3271-1 Released: Wed Sep 14 06:45:39 2022 Summary: Security update for perl Type: security Severity: moderate References: 1047178,CVE-2017-6512 This update for perl fixes the following issues: - CVE-2017-6512: Fixed File::Path rmtree/remove_tree race condition (bsc#1047178). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3276-1 Released: Thu Sep 15 06:15:29 2022 Summary: This update fixes the following issues: Type: recommended Severity: moderate References: Implement ECO jsc#SLE-20950 to fix the channel configuration for libeconf-devel having L3 support (instead of unsupported). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3304-1 Released: Mon Sep 19 11:43:25 2022 Summary: Recommended update for libassuan Type: recommended Severity: moderate References: This update for libassuan fixes the following issues: - Add a timeout for writing to a SOCKS5 proxy - Add workaround for a problem with LD_LIBRARY_PATH on newer systems - Fix issue in the logging code - Fix some build trivialities - Upgrade autoconf ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3305-1 Released: Mon Sep 19 11:45:57 2022 Summary: Security update for libtirpc Type: security Severity: important References: 1201680,CVE-2021-46828 This update for libtirpc fixes the following issues: - CVE-2021-46828: Fixed denial of service vulnerability with lots of connections (bsc#1201680). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3307-1 Released: Mon Sep 19 13:26:51 2022 Summary: Security update for sqlite3 Type: security Severity: moderate References: 1189802,1195773,1201783,CVE-2021-36690,CVE-2022-35737 This update for sqlite3 fixes the following issues: - CVE-2022-35737: Fixed an array-bounds overflow if billions of bytes are used in a string argument to a C API (bnc#1201783). - CVE-2021-36690: Fixed an issue with the SQLite Expert extension when a column has no collating sequence (bsc#1189802). - Package the Tcl bindings here again so that we only ship one copy of SQLite (bsc#1195773). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3394-1 Released: Mon Sep 26 16:05:19 2022 Summary: Security update for permissions Type: security Severity: moderate References: 1203018,CVE-2022-31252 This update for permissions fixes the following issues: - CVE-2022-31252: Fixed chkstat group controlled paths (bsc#1203018). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3452-1 Released: Wed Sep 28 12:13:43 2022 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1201942 This update for glibc fixes the following issues: - Reversing calculation of __x86_shared_non_temporal_threshold (bsc#1201942) - powerpc: Optimized memcmp for power10 (jsc#PED-987) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3555-1 Released: Mon Oct 10 14:05:12 2022 Summary: Recommended update for aaa_base Type: recommended Severity: important References: 1199492 This update for aaa_base fixes the following issues: - The wrapper rootsh is not a restricted shell. (bsc#1199492) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3565-1 Released: Tue Oct 11 16:17:38 2022 Summary: Recommended update for libzypp, zypper Type: recommended Severity: critical References: 1189282,1201972,1203649 This update for libzypp, zypper fixes the following issues: libzypp: - Enable 'zck' support for SUSE Linux Enterprise 15 Service Pack 4 and newer (bsc#1189282) - Fix regression leading to `-allow-vendor-change` and `no-allow-vendor-change` options being ignored (bsc#1201972) - Remove migration code that is no longer needed (bsc#1203649) - Store logrotate files in vendor specif directory '/usr/etc/logrotate.d' if so defined zypper: - Fix contradiction in the man page: `--download-in-advance` option is the default behavior - Fix regression leading to `-allow-vendor-change` and `no-allow-vendor-change` options being ignored (bsc#1201972) - Fix tests to use locale 'C.UTF-8' rather than 'en_US' - Make sure 'up' respects solver related CLI options (bsc#1201972) - Remove unneeded code to compute the PPP status because it is now auto established - Store logrotate files in vendor specif directory '/usr/etc/logrotate.d' if so defined ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3683-1 Released: Fri Oct 21 11:48:39 2022 Summary: Security update for libksba Type: security Severity: critical References: 1204357,CVE-2022-3515 This update for libksba fixes the following issues: - CVE-2022-3515: Fixed a possible overflow in the TLV parser (bsc#1204357). The following package changes have been done: - aaa_base-84.87+git20180409.04c9dae-150300.10.3.1 updated - glibc-2.31-150300.41.1 updated - libassuan0-2.5.5-150000.4.3.1 updated - libeconf0-0.4.4+git20220104.962774f-150300.3.8.1 updated - libgcc_s1-11.3.0+git1637-150000.1.11.2 updated - libksba8-1.3.5-150000.4.3.1 updated - libsqlite3-0-3.39.3-150000.3.17.1 updated - libstdc++6-11.3.0+git1637-150000.1.11.2 updated - libtirpc-netconfig-1.2.6-150300.3.14.1 updated - libtirpc3-1.2.6-150300.3.14.1 updated - libzypp-17.31.2-150200.45.1 updated - perl-base-5.26.1-150300.17.11.1 updated - permissions-20181225-150200.23.15.1 updated - rpm-ndb-4.14.3-150300.49.1 updated - zypper-1.14.57-150200.39.1 updated - container:sles15-image-15.0.0-17.20.53 updated From sle-updates at lists.suse.com Wed Oct 26 07:24:35 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 Oct 2022 09:24:35 +0200 (CEST) Subject: SUSE-CU-2022:2700-1: Recommended update of ses/7.1/cephcsi/csi-snapshotter Message-ID: <20221026072435.A6B0AF78D@maintenance.suse.de> SUSE Container Update Advisory: ses/7.1/cephcsi/csi-snapshotter ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2700-1 Container Tags : ses/7.1/cephcsi/csi-snapshotter:v6.0.1 , ses/7.1/cephcsi/csi-snapshotter:v6.0.1-rev1 , ses/7.1/cephcsi/csi-snapshotter:v6.0.1-rev1-build2.2.255 Container Release : 2.2.255 Severity : important Type : recommended References : 1203599 1204072 ----------------------------------------------------------------- The container ses/7.1/cephcsi/csi-snapshotter was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3720-1 Released: Tue Oct 25 10:56:12 2022 Summary: Recommended update for ceph-csi, csi-external-attacher, csi-external-provisioner, csi-external-resizer, csi-external-snapshotter, csi-node-driver-registrar, rook, rook-helm Type: recommended Severity: important References: 1203599,1204072 This update for ceph-csi, csi-external-attacher, csi-external-provisioner, csi-external-resizer, csi-external-snapshotter, csi-node-driver-registrar, rook, rook-helm fixes the following issues: - Regular upgarde bsc#1204072 - Due to bsc#1203599 we need to build with go1.18 - Update to v1.10.1 Rook v1.10.1 is a patch release limited in scope and focusing on feature additions and bug fixes to the Ceph operator. * nfs: Add support for NFS snapshots, restore clone & resize * docs: Warn to upgrade Helm chart to 1.9.10 before upgrading to K8s 1.25 * operator: Improve ProbeHandler error message * helm: Set OBC storageclass name to correct namespace. If the operator is in a different namespace from the cluster, will require deleting the OBC storage class before upgrade. * manifest: Fix unexpected end of stream * rbd-mirror: Move volume replication sidecar to CSI-Addons * csi: Trigger CSI driver reconcile for every update to the configmap rook-ceph-operator-config * csi: Use cephcsi image for nfs nodeserver + holder design * osd: Small refactor for maintainability * csi: Change the default fsgroup policy for CSI driver object to File * csi: Fix holder pod creation in openshift multus cluster * docs: Sharing a CephFS PVC across namespaces * docs: Add example for configuring pg_num and pgp_num * osd: Disallow to create OSDs on an LV with metadata device * docs: Add missed sssdConfigFile params for NFS CRD - Upgrade to v1.10 To upgrade from previous versions of Rook, see the Ceph upgrade guide. - Breaking Changes - Remove support for Ceph Octopus (v15). Before upgrading to v1.10 please confirm you are running on at least v16. - Minimum K8s version supported is v1.19. - Features - The Ceph-CSI driver v3.7 is the default driver configured with Rook. See all the new CSI features in the v3.7 release notes. - Added support for AWS Server Side Encryption with AWS-SSE:S3 for RGW. - Added customEndpoints setting to specify a list of custom endpoint list for Object Multi-site connections in the CephObjectZone CR. - Support OSDs on logical volumes in host-based clusters in addition to raw volumes and partitions. - The toolbox pod now uses the Ceph image directly instead of the Rook image. This allows the same version of Ceph to be available in the toolbox as in your cluster. - Krew Plugin v0.2 See the new tools in the Rook Krew Plugin released recently in v0.2 as well: - Show the health of the Rook cluster: kubectl rook-ceph health - Connect to a Mon or OSD pod in debug mode: kubectl rook-ceph debug rook-ceph-osd-0 - Update to 3.7.0 Features: * KMIP integration for RBD PVC encryption * The Key Management Interoperability Protocol (KMIP) is an extensible communication protocol that defines message formats for the manipulation of cryptographic keys on a key management server. Ceph-CSI can now be configured to connect to various KMS using KMIP for encrypting RBD volumes. * NFS * Added support for volume expansion, snapshot, restore and clone. * Added NFS nodeserver within CephCSI with support for pod networking with nsenter. * Support enabling PV and snapshot metadata on the RBD images and CephFS subvolumes * For persistent volumes, clones and volume restores we support adding PVName/PVCName/PVCNamespace and ClusterName details * For snapshot volumes we support adding snapshot-name/snapshot-namespace/snapshotcontent-name and ClusterName details * Shallow Read Only support for Ceph CSI driver: * cephfs-csi expose CephFS snapshots as shallow, read-only volumes, without needing to clone the underlying snapshot data which enables users to Restore snapshots selectively - users may want to traverse snapshots, restoring data to a writable volume more selectively instead of restoring the whole snapshot and this feature also help to perform more efficient Volume backup. Enhancements: * All kubernetes sidecars ( external provisioner,snapshotter, resizer..etc) are rebased to latest available versions. Along with other dependency module updates this release consume go-ceph v0.17.0 and kubernetes 1.24.4 version. * snapshot API support has been lifted to GA version in this release. * From this release onwards, the CSI driver make use of File fsgroup policy for its fsgroup based operations. * New feature gates are enabled ( HonorPVReclaimPolicy..etc) in the sidecar deployments. Bug Fixes: * While mounting the volume, CSI drivers no longer open world wide permission on mount path ( See ). * Support linux kernels <=4.11.0, /sys/bus/rbd/supported_features is part of Linux kernel v4.11.0, prepare the supported feature attributes and use them in case if supported_features file is missing (See #2678) * Fix volume healer for StagingTargetPath issue for Kubernetes 1.24 (See #3176) * RBACs are restricted to a great extend in this release version compared to previous. The CSI driver operate on least required RBAC in a cluster from now on. The following package changes have been done: - csi-external-snapshotter-6.0.1-150300.3.3.1 updated From sle-updates at lists.suse.com Wed Oct 26 07:24:49 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 Oct 2022 09:24:49 +0200 (CEST) Subject: SUSE-CU-2022:2701-1: Security update of ses/7.1/ceph/prometheus-alertmanager Message-ID: <20221026072449.93E11F78D@maintenance.suse.de> SUSE Container Update Advisory: ses/7.1/ceph/prometheus-alertmanager ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2701-1 Container Tags : ses/7.1/ceph/prometheus-alertmanager:0.23.0 , ses/7.1/ceph/prometheus-alertmanager:0.23.0.3.2.252 , ses/7.1/ceph/prometheus-alertmanager:latest , ses/7.1/ceph/prometheus-alertmanager:sle15.3.pacific Container Release : 3.2.252 Severity : critical Type : security References : 1047178 1189282 1189802 1195773 1199140 1199492 1199895 1200993 1201092 1201576 1201638 1201680 1201783 1201942 1201972 1203018 1203649 1204357 CVE-2017-6512 CVE-2021-36690 CVE-2021-46828 CVE-2022-31252 CVE-2022-3515 CVE-2022-35737 ----------------------------------------------------------------- The container ses/7.1/ceph/prometheus-alertmanager was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3215-1 Released: Thu Sep 8 15:58:27 2022 Summary: Recommended update for rpm Type: recommended Severity: moderate References: This update for rpm fixes the following issues: - Support Ed25519 RPM signatures [jsc#SLE-24714] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3223-1 Released: Fri Sep 9 04:33:35 2022 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1199895,1200993,1201092,1201576,1201638 This update for libzypp, zypper fixes the following issues: libzypp: - Improve handling of package locks, allowing to reset the status of its initial state (bsc#1199895) - Fix issues when receiving exceptions from curl_easy_cleanup (bsc#1201092) - Don't auto-flag kernel-firmware as 'reboot-needed' (bsc#1200993) - Remove Medianetwork and its dependent code. First reason for this is that MediaNetwork was just meant as a way to test the new CURL based downloaded. Second the Provide API is going to completely replace the current media backend. zypper: - Truncate the 'Name' column when using `zypper lr`, if the table is wider than the terminal (bsc#1201638) - Reject install/remove modifier without argument (bsc#1201576) - zypper-download: Handle unresolvable arguments as errors - Put signing key supplying repository name in quotes ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3262-1 Released: Tue Sep 13 15:34:29 2022 Summary: Recommended update for gcc11 Type: recommended Severity: moderate References: 1199140 This update for gcc11 ships some missing 32bit libraries for s390x. (bsc#1199140) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3271-1 Released: Wed Sep 14 06:45:39 2022 Summary: Security update for perl Type: security Severity: moderate References: 1047178,CVE-2017-6512 This update for perl fixes the following issues: - CVE-2017-6512: Fixed File::Path rmtree/remove_tree race condition (bsc#1047178). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3276-1 Released: Thu Sep 15 06:15:29 2022 Summary: This update fixes the following issues: Type: recommended Severity: moderate References: Implement ECO jsc#SLE-20950 to fix the channel configuration for libeconf-devel having L3 support (instead of unsupported). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3304-1 Released: Mon Sep 19 11:43:25 2022 Summary: Recommended update for libassuan Type: recommended Severity: moderate References: This update for libassuan fixes the following issues: - Add a timeout for writing to a SOCKS5 proxy - Add workaround for a problem with LD_LIBRARY_PATH on newer systems - Fix issue in the logging code - Fix some build trivialities - Upgrade autoconf ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3305-1 Released: Mon Sep 19 11:45:57 2022 Summary: Security update for libtirpc Type: security Severity: important References: 1201680,CVE-2021-46828 This update for libtirpc fixes the following issues: - CVE-2021-46828: Fixed denial of service vulnerability with lots of connections (bsc#1201680). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3307-1 Released: Mon Sep 19 13:26:51 2022 Summary: Security update for sqlite3 Type: security Severity: moderate References: 1189802,1195773,1201783,CVE-2021-36690,CVE-2022-35737 This update for sqlite3 fixes the following issues: - CVE-2022-35737: Fixed an array-bounds overflow if billions of bytes are used in a string argument to a C API (bnc#1201783). - CVE-2021-36690: Fixed an issue with the SQLite Expert extension when a column has no collating sequence (bsc#1189802). - Package the Tcl bindings here again so that we only ship one copy of SQLite (bsc#1195773). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3394-1 Released: Mon Sep 26 16:05:19 2022 Summary: Security update for permissions Type: security Severity: moderate References: 1203018,CVE-2022-31252 This update for permissions fixes the following issues: - CVE-2022-31252: Fixed chkstat group controlled paths (bsc#1203018). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3452-1 Released: Wed Sep 28 12:13:43 2022 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1201942 This update for glibc fixes the following issues: - Reversing calculation of __x86_shared_non_temporal_threshold (bsc#1201942) - powerpc: Optimized memcmp for power10 (jsc#PED-987) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3555-1 Released: Mon Oct 10 14:05:12 2022 Summary: Recommended update for aaa_base Type: recommended Severity: important References: 1199492 This update for aaa_base fixes the following issues: - The wrapper rootsh is not a restricted shell. (bsc#1199492) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3565-1 Released: Tue Oct 11 16:17:38 2022 Summary: Recommended update for libzypp, zypper Type: recommended Severity: critical References: 1189282,1201972,1203649 This update for libzypp, zypper fixes the following issues: libzypp: - Enable 'zck' support for SUSE Linux Enterprise 15 Service Pack 4 and newer (bsc#1189282) - Fix regression leading to `-allow-vendor-change` and `no-allow-vendor-change` options being ignored (bsc#1201972) - Remove migration code that is no longer needed (bsc#1203649) - Store logrotate files in vendor specif directory '/usr/etc/logrotate.d' if so defined zypper: - Fix contradiction in the man page: `--download-in-advance` option is the default behavior - Fix regression leading to `-allow-vendor-change` and `no-allow-vendor-change` options being ignored (bsc#1201972) - Fix tests to use locale 'C.UTF-8' rather than 'en_US' - Make sure 'up' respects solver related CLI options (bsc#1201972) - Remove unneeded code to compute the PPP status because it is now auto established - Store logrotate files in vendor specif directory '/usr/etc/logrotate.d' if so defined ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3683-1 Released: Fri Oct 21 11:48:39 2022 Summary: Security update for libksba Type: security Severity: critical References: 1204357,CVE-2022-3515 This update for libksba fixes the following issues: - CVE-2022-3515: Fixed a possible overflow in the TLV parser (bsc#1204357). The following package changes have been done: - aaa_base-84.87+git20180409.04c9dae-150300.10.3.1 updated - glibc-2.31-150300.41.1 updated - libassuan0-2.5.5-150000.4.3.1 updated - libeconf0-0.4.4+git20220104.962774f-150300.3.8.1 updated - libgcc_s1-11.3.0+git1637-150000.1.11.2 updated - libksba8-1.3.5-150000.4.3.1 updated - libsqlite3-0-3.39.3-150000.3.17.1 updated - libstdc++6-11.3.0+git1637-150000.1.11.2 updated - libtirpc-netconfig-1.2.6-150300.3.14.1 updated - libtirpc3-1.2.6-150300.3.14.1 updated - libzypp-17.31.2-150200.45.1 updated - perl-base-5.26.1-150300.17.11.1 updated - permissions-20181225-150200.23.15.1 updated - rpm-ndb-4.14.3-150300.49.1 updated - zypper-1.14.57-150200.39.1 updated - container:sles15-image-15.0.0-17.20.53 updated From sle-updates at lists.suse.com Wed Oct 26 07:25:59 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 Oct 2022 09:25:59 +0200 (CEST) Subject: SUSE-CU-2022:2707-1: Security update of ses/7.1/ceph/prometheus-snmp_notifier Message-ID: <20221026072559.EF547F78D@maintenance.suse.de> SUSE Container Update Advisory: ses/7.1/ceph/prometheus-snmp_notifier ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2707-1 Container Tags : ses/7.1/ceph/prometheus-snmp_notifier:1.2.1 , ses/7.1/ceph/prometheus-snmp_notifier:1.2.1.2.2.234 , ses/7.1/ceph/prometheus-snmp_notifier:latest , ses/7.1/ceph/prometheus-snmp_notifier:sle15.3.pacific Container Release : 2.2.234 Severity : critical Type : security References : 1047178 1189282 1189802 1195773 1199140 1199492 1199895 1200993 1201092 1201576 1201638 1201680 1201783 1201942 1201972 1203018 1203649 1204357 CVE-2017-6512 CVE-2021-36690 CVE-2021-46828 CVE-2022-31252 CVE-2022-3515 CVE-2022-35737 ----------------------------------------------------------------- The container ses/7.1/ceph/prometheus-snmp_notifier was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3215-1 Released: Thu Sep 8 15:58:27 2022 Summary: Recommended update for rpm Type: recommended Severity: moderate References: This update for rpm fixes the following issues: - Support Ed25519 RPM signatures [jsc#SLE-24714] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3223-1 Released: Fri Sep 9 04:33:35 2022 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1199895,1200993,1201092,1201576,1201638 This update for libzypp, zypper fixes the following issues: libzypp: - Improve handling of package locks, allowing to reset the status of its initial state (bsc#1199895) - Fix issues when receiving exceptions from curl_easy_cleanup (bsc#1201092) - Don't auto-flag kernel-firmware as 'reboot-needed' (bsc#1200993) - Remove Medianetwork and its dependent code. First reason for this is that MediaNetwork was just meant as a way to test the new CURL based downloaded. Second the Provide API is going to completely replace the current media backend. zypper: - Truncate the 'Name' column when using `zypper lr`, if the table is wider than the terminal (bsc#1201638) - Reject install/remove modifier without argument (bsc#1201576) - zypper-download: Handle unresolvable arguments as errors - Put signing key supplying repository name in quotes ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3262-1 Released: Tue Sep 13 15:34:29 2022 Summary: Recommended update for gcc11 Type: recommended Severity: moderate References: 1199140 This update for gcc11 ships some missing 32bit libraries for s390x. (bsc#1199140) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3271-1 Released: Wed Sep 14 06:45:39 2022 Summary: Security update for perl Type: security Severity: moderate References: 1047178,CVE-2017-6512 This update for perl fixes the following issues: - CVE-2017-6512: Fixed File::Path rmtree/remove_tree race condition (bsc#1047178). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3276-1 Released: Thu Sep 15 06:15:29 2022 Summary: This update fixes the following issues: Type: recommended Severity: moderate References: Implement ECO jsc#SLE-20950 to fix the channel configuration for libeconf-devel having L3 support (instead of unsupported). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3304-1 Released: Mon Sep 19 11:43:25 2022 Summary: Recommended update for libassuan Type: recommended Severity: moderate References: This update for libassuan fixes the following issues: - Add a timeout for writing to a SOCKS5 proxy - Add workaround for a problem with LD_LIBRARY_PATH on newer systems - Fix issue in the logging code - Fix some build trivialities - Upgrade autoconf ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3305-1 Released: Mon Sep 19 11:45:57 2022 Summary: Security update for libtirpc Type: security Severity: important References: 1201680,CVE-2021-46828 This update for libtirpc fixes the following issues: - CVE-2021-46828: Fixed denial of service vulnerability with lots of connections (bsc#1201680). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3307-1 Released: Mon Sep 19 13:26:51 2022 Summary: Security update for sqlite3 Type: security Severity: moderate References: 1189802,1195773,1201783,CVE-2021-36690,CVE-2022-35737 This update for sqlite3 fixes the following issues: - CVE-2022-35737: Fixed an array-bounds overflow if billions of bytes are used in a string argument to a C API (bnc#1201783). - CVE-2021-36690: Fixed an issue with the SQLite Expert extension when a column has no collating sequence (bsc#1189802). - Package the Tcl bindings here again so that we only ship one copy of SQLite (bsc#1195773). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3394-1 Released: Mon Sep 26 16:05:19 2022 Summary: Security update for permissions Type: security Severity: moderate References: 1203018,CVE-2022-31252 This update for permissions fixes the following issues: - CVE-2022-31252: Fixed chkstat group controlled paths (bsc#1203018). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3452-1 Released: Wed Sep 28 12:13:43 2022 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1201942 This update for glibc fixes the following issues: - Reversing calculation of __x86_shared_non_temporal_threshold (bsc#1201942) - powerpc: Optimized memcmp for power10 (jsc#PED-987) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3555-1 Released: Mon Oct 10 14:05:12 2022 Summary: Recommended update for aaa_base Type: recommended Severity: important References: 1199492 This update for aaa_base fixes the following issues: - The wrapper rootsh is not a restricted shell. (bsc#1199492) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3565-1 Released: Tue Oct 11 16:17:38 2022 Summary: Recommended update for libzypp, zypper Type: recommended Severity: critical References: 1189282,1201972,1203649 This update for libzypp, zypper fixes the following issues: libzypp: - Enable 'zck' support for SUSE Linux Enterprise 15 Service Pack 4 and newer (bsc#1189282) - Fix regression leading to `-allow-vendor-change` and `no-allow-vendor-change` options being ignored (bsc#1201972) - Remove migration code that is no longer needed (bsc#1203649) - Store logrotate files in vendor specif directory '/usr/etc/logrotate.d' if so defined zypper: - Fix contradiction in the man page: `--download-in-advance` option is the default behavior - Fix regression leading to `-allow-vendor-change` and `no-allow-vendor-change` options being ignored (bsc#1201972) - Fix tests to use locale 'C.UTF-8' rather than 'en_US' - Make sure 'up' respects solver related CLI options (bsc#1201972) - Remove unneeded code to compute the PPP status because it is now auto established - Store logrotate files in vendor specif directory '/usr/etc/logrotate.d' if so defined ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3683-1 Released: Fri Oct 21 11:48:39 2022 Summary: Security update for libksba Type: security Severity: critical References: 1204357,CVE-2022-3515 This update for libksba fixes the following issues: - CVE-2022-3515: Fixed a possible overflow in the TLV parser (bsc#1204357). The following package changes have been done: - aaa_base-84.87+git20180409.04c9dae-150300.10.3.1 updated - glibc-2.31-150300.41.1 updated - libassuan0-2.5.5-150000.4.3.1 updated - libeconf0-0.4.4+git20220104.962774f-150300.3.8.1 updated - libgcc_s1-11.3.0+git1637-150000.1.11.2 updated - libksba8-1.3.5-150000.4.3.1 updated - libsqlite3-0-3.39.3-150000.3.17.1 updated - libstdc++6-11.3.0+git1637-150000.1.11.2 updated - libtirpc-netconfig-1.2.6-150300.3.14.1 updated - libtirpc3-1.2.6-150300.3.14.1 updated - libzypp-17.31.2-150200.45.1 updated - perl-base-5.26.1-150300.17.11.1 updated - permissions-20181225-150200.23.15.1 updated - rpm-ndb-4.14.3-150300.49.1 updated - zypper-1.14.57-150200.39.1 updated - container:sles15-image-15.0.0-17.20.53 updated From sle-updates at lists.suse.com Wed Oct 26 07:27:01 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 Oct 2022 09:27:01 +0200 (CEST) Subject: SUSE-CU-2022:2710-1: Recommended update of ses/7.1/rook/ceph Message-ID: <20221026072701.3314FF78D@maintenance.suse.de> SUSE Container Update Advisory: ses/7.1/rook/ceph ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2710-1 Container Tags : ses/7.1/rook/ceph:1.10.1 , ses/7.1/rook/ceph:1.10.1.16 , ses/7.1/rook/ceph:1.10.1.16.4.5.206 , ses/7.1/rook/ceph:latest , ses/7.1/rook/ceph:sle15.3.pacific Container Release : 4.5.206 Severity : important Type : recommended References : 1203599 1204072 ----------------------------------------------------------------- The container ses/7.1/rook/ceph was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3720-1 Released: Tue Oct 25 10:56:12 2022 Summary: Recommended update for ceph-csi, csi-external-attacher, csi-external-provisioner, csi-external-resizer, csi-external-snapshotter, csi-node-driver-registrar, rook, rook-helm Type: recommended Severity: important References: 1203599,1204072 This update for ceph-csi, csi-external-attacher, csi-external-provisioner, csi-external-resizer, csi-external-snapshotter, csi-node-driver-registrar, rook, rook-helm fixes the following issues: - Regular upgarde bsc#1204072 - Due to bsc#1203599 we need to build with go1.18 - Update to v1.10.1 Rook v1.10.1 is a patch release limited in scope and focusing on feature additions and bug fixes to the Ceph operator. * nfs: Add support for NFS snapshots, restore clone & resize * docs: Warn to upgrade Helm chart to 1.9.10 before upgrading to K8s 1.25 * operator: Improve ProbeHandler error message * helm: Set OBC storageclass name to correct namespace. If the operator is in a different namespace from the cluster, will require deleting the OBC storage class before upgrade. * manifest: Fix unexpected end of stream * rbd-mirror: Move volume replication sidecar to CSI-Addons * csi: Trigger CSI driver reconcile for every update to the configmap rook-ceph-operator-config * csi: Use cephcsi image for nfs nodeserver + holder design * osd: Small refactor for maintainability * csi: Change the default fsgroup policy for CSI driver object to File * csi: Fix holder pod creation in openshift multus cluster * docs: Sharing a CephFS PVC across namespaces * docs: Add example for configuring pg_num and pgp_num * osd: Disallow to create OSDs on an LV with metadata device * docs: Add missed sssdConfigFile params for NFS CRD - Upgrade to v1.10 To upgrade from previous versions of Rook, see the Ceph upgrade guide. - Breaking Changes - Remove support for Ceph Octopus (v15). Before upgrading to v1.10 please confirm you are running on at least v16. - Minimum K8s version supported is v1.19. - Features - The Ceph-CSI driver v3.7 is the default driver configured with Rook. See all the new CSI features in the v3.7 release notes. - Added support for AWS Server Side Encryption with AWS-SSE:S3 for RGW. - Added customEndpoints setting to specify a list of custom endpoint list for Object Multi-site connections in the CephObjectZone CR. - Support OSDs on logical volumes in host-based clusters in addition to raw volumes and partitions. - The toolbox pod now uses the Ceph image directly instead of the Rook image. This allows the same version of Ceph to be available in the toolbox as in your cluster. - Krew Plugin v0.2 See the new tools in the Rook Krew Plugin released recently in v0.2 as well: - Show the health of the Rook cluster: kubectl rook-ceph health - Connect to a Mon or OSD pod in debug mode: kubectl rook-ceph debug rook-ceph-osd-0 - Update to 3.7.0 Features: * KMIP integration for RBD PVC encryption * The Key Management Interoperability Protocol (KMIP) is an extensible communication protocol that defines message formats for the manipulation of cryptographic keys on a key management server. Ceph-CSI can now be configured to connect to various KMS using KMIP for encrypting RBD volumes. * NFS * Added support for volume expansion, snapshot, restore and clone. * Added NFS nodeserver within CephCSI with support for pod networking with nsenter. * Support enabling PV and snapshot metadata on the RBD images and CephFS subvolumes * For persistent volumes, clones and volume restores we support adding PVName/PVCName/PVCNamespace and ClusterName details * For snapshot volumes we support adding snapshot-name/snapshot-namespace/snapshotcontent-name and ClusterName details * Shallow Read Only support for Ceph CSI driver: * cephfs-csi expose CephFS snapshots as shallow, read-only volumes, without needing to clone the underlying snapshot data which enables users to Restore snapshots selectively - users may want to traverse snapshots, restoring data to a writable volume more selectively instead of restoring the whole snapshot and this feature also help to perform more efficient Volume backup. Enhancements: * All kubernetes sidecars ( external provisioner,snapshotter, resizer..etc) are rebased to latest available versions. Along with other dependency module updates this release consume go-ceph v0.17.0 and kubernetes 1.24.4 version. * snapshot API support has been lifted to GA version in this release. * From this release onwards, the CSI driver make use of File fsgroup policy for its fsgroup based operations. * New feature gates are enabled ( HonorPVReclaimPolicy..etc) in the sidecar deployments. Bug Fixes: * While mounting the volume, CSI drivers no longer open world wide permission on mount path ( See ). * Support linux kernels <=4.11.0, /sys/bus/rbd/supported_features is part of Linux kernel v4.11.0, prepare the supported feature attributes and use them in case if supported_features file is missing (See #2678) * Fix volume healer for StagingTargetPath issue for Kubernetes 1.24 (See #3176) * RBACs are restricted to a great extend in this release version compared to previous. The CSI driver operate on least required RBAC in a cluster from now on. The following package changes have been done: - rook-k8s-yaml-1.10.1+git16.a83ed27c4-150300.3.6.1 updated - rook-1.10.1+git16.a83ed27c4-150300.3.6.1 updated From sle-updates at lists.suse.com Wed Oct 26 07:36:10 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 Oct 2022 09:36:10 +0200 (CEST) Subject: SUSE-CU-2022:2711-1: Security update of suse/sles12sp4 Message-ID: <20221026073610.A911FF78D@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp4 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2711-1 Container Tags : suse/sles12sp4:26.518 , suse/sles12sp4:latest Container Release : 26.518 Severity : important Type : security References : 1201978 1204366 1204367 CVE-2016-3709 CVE-2022-40303 CVE-2022-40304 ----------------------------------------------------------------- The container suse/sles12sp4 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3717-1 Released: Tue Oct 25 10:17:36 2022 Summary: Security update for libxml2 Type: security Severity: important References: 1201978,1204366,1204367,CVE-2016-3709,CVE-2022-40303,CVE-2022-40304 This update for libxml2 fixes the following issues: - CVE-2016-3709: Fixed possible XSS vulnerability (bsc#1201978). - CVE-2022-40303: Fixed integer overflows with XML_PARSE_HUGE (bsc#1204366). - CVE-2022-40304: Fixed dict corruption caused by entity reference cycles (bsc#1204367). The following package changes have been done: - base-container-licenses-3.0-1.320 updated - container-suseconnect-2.0.0-1.206 updated - libxml2-2-2.9.4-46.59.2 updated From sle-updates at lists.suse.com Wed Oct 26 07:43:29 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 Oct 2022 09:43:29 +0200 (CEST) Subject: SUSE-CU-2022:2712-1: Security update of suse/sles12sp5 Message-ID: <20221026074329.38C1AF78D@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp5 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2712-1 Container Tags : suse/sles12sp5:6.5.390 , suse/sles12sp5:latest Container Release : 6.5.390 Severity : important Type : security References : 1201978 1204366 1204367 CVE-2016-3709 CVE-2022-40303 CVE-2022-40304 ----------------------------------------------------------------- The container suse/sles12sp5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3717-1 Released: Tue Oct 25 10:17:36 2022 Summary: Security update for libxml2 Type: security Severity: important References: 1201978,1204366,1204367,CVE-2016-3709,CVE-2022-40303,CVE-2022-40304 This update for libxml2 fixes the following issues: - CVE-2016-3709: Fixed possible XSS vulnerability (bsc#1201978). - CVE-2022-40303: Fixed integer overflows with XML_PARSE_HUGE (bsc#1204366). - CVE-2022-40304: Fixed dict corruption caused by entity reference cycles (bsc#1204367). The following package changes have been done: - libxml2-2-2.9.4-46.59.2 updated From sle-updates at lists.suse.com Wed Oct 26 07:47:50 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 Oct 2022 09:47:50 +0200 (CEST) Subject: SUSE-CU-2022:2715-1: Security update of bci/golang Message-ID: <20221026074750.2356DF78D@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2715-1 Container Tags : bci/golang:1.18 , bci/golang:1.18-18.7 Container Release : 18.7 Severity : important Type : security References : 1121365 1180995 1182983 1190651 1190653 1190700 1190888 1191020 1193742 1193859 1198471 1198472 1199492 1201293 1202117 1202148 1202870 1203046 1203069 1204023 1204024 1204025 1204366 1204367 CVE-2022-2879 CVE-2022-2880 CVE-2022-40303 CVE-2022-40304 CVE-2022-41715 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2796-1 Released: Fri Aug 12 14:34:31 2022 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: This update for jitterentropy fixes the following issues: jitterentropy is included in version 3.4.0 (jsc#SLE-24941): This is a FIPS 140-3 / NIST 800-90b compliant userspace jitter entropy generator library, used by other FIPS libraries. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3328-1 Released: Wed Sep 21 12:48:56 2022 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: 1202870 This update for jitterentropy fixes the following issues: - Hide the non-GNUC constructs that are library internal from the exported header, to make it usable in builds with strict C99 compliance. (bsc#1202870) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3551-1 Released: Fri Oct 7 17:03:55 2022 Summary: Recommended update for libgcrypt Type: recommended Severity: moderate References: 1182983,1190700,1191020,1202117 This update for libgcrypt fixes the following issues: - FIPS: Fixed gpg/gpg2 gets out of core handler in FIPS mode while typing Tab key to Auto-Completion. [bsc#1182983] - FIPS: Ported libgcrypt to use jitterentropy [bsc#1202117, jsc#SLE-24941] * Enable the jitter based entropy generator by default in random.conf * Update the internal jitterentropy to version 3.4.0 - FIPS: Get most of the entropy from rndjent_poll [bsc#1202117] - FIPS: Check keylength in gcry_fips_indicator_kdf() [bsc#1190700] * Consider approved keylength greater or equal to 112 bits. - FIPS: Zeroize buffer and digest in check_binary_integrity() [bsc#1191020] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3555-1 Released: Mon Oct 10 14:05:12 2022 Summary: Recommended update for aaa_base Type: recommended Severity: important References: 1199492 This update for aaa_base fixes the following issues: - The wrapper rootsh is not a restricted shell. (bsc#1199492) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3663-1 Released: Wed Oct 19 19:05:21 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1121365,1180995,1190651,1190653,1190888,1193859,1198471,1198472,1201293,1202148,1203046,1203069 This update for openssl-1_1 fixes the following issues: - FIPS: Default to RFC-7919 groups for genparam and dhparam - FIPS: list only FIPS approved digest and public key algorithms [bsc#1121365, bsc#1190888, bsc#1193859, bsc#1198471, bsc#1198472] - FIPS: Add KAT for the RAND_DRBG implementation [bsc#1203069] - FIPS: openssl: RAND api should call into FIPS DRBG [bsc#1201293] * The FIPS_drbg implementation is not FIPS validated anymore. To provide backwards compatibility for applications that need FIPS compliant RNG number generation and use FIPS_drbg_generate, this function was re-wired to call the FIPS validated DRBG instance instead through the RAND_bytes() call. - FIPS: Fix minor memory leaks by FIPS patch [bsc#1203046] - FIPS: OpenSSL: Port openssl to use jitterentropy [bsc#1202148, jsc#SLE-24941] libcrypto.so now requires libjitterentropy3 library. - FIPS: OpenSSL Provide a service-level indicator [bsc#1190651] - FIPS: Add zeroization of temporary variables to the hmac integrity function FIPSCHECK_verify(). [bsc#1190653] ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3668-1 Released: Wed Oct 19 21:34:58 2022 Summary: Security update for go1.18 Type: security Severity: important References: 1193742,1204023,1204024,1204025,CVE-2022-2879,CVE-2022-2880,CVE-2022-41715 This update for go1.18 fixes the following issues: Updated to version 1.18.7 (bsc#1193742): - CVE-2022-41715: Fixed memory exhaustion in regexp/syntax (bsc#1204023). - CVE-2022-2879: Fixed unbounded memory consumption when reading headers in archive/tar (bsc#1204024). - CVE-2022-2880: Fixed ReverseProxy forwarding unparseable query parameters (bsc#1204025). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3692-1 Released: Fri Oct 21 16:15:07 2022 Summary: Security update for libxml2 Type: security Severity: important References: 1204366,1204367,CVE-2022-40303,CVE-2022-40304 This update for libxml2 fixes the following issues: - CVE-2022-40303: Fixed integer overflows with XML_PARSE_HUGE (bsc#1204366). - CVE-2022-40304: Fixed dict corruption caused by entity reference cycles (bsc#1204367). The following package changes have been done: - file-magic-5.32-7.14.1 added - system-user-root-20190513-3.3.1 added - filesystem-15.0-11.8.1 added - cracklib-dict-small-2.9.7-11.6.1 added - libldap-data-2.4.46-150200.14.11.2 added - libtirpc-netconfig-1.2.6-150300.3.14.1 added - glibc-2.31-150300.41.1 added - libsasl2-3-2.1.27-150300.4.6.1 added - libcrypt1-4.4.15-150300.4.4.3 added - perl-base-5.26.1-150300.17.11.1 added - libssh-config-0.9.6-150400.1.5 added - libzstd1-1.5.0-150400.1.71 added - libsepol1-3.1-150400.1.70 added - liblz4-1-1.9.3-150400.1.7 added - libgpg-error0-1.42-150400.1.101 added - libeconf0-0.4.4+git20220104.962774f-150400.1.38 added - libcap2-2.63-150400.1.7 added - libbz2-1-1.0.8-150400.1.122 added - libaudit1-3.0.6-150400.2.13 added - libnghttp2-14-1.40.0-6.1 added - libbrotlicommon1-1.0.7-3.3.1 added - libbrotlidec1-1.0.7-3.3.1 added - libuuid1-2.37.2-150400.8.3.1 added - libudev1-249.12-150400.8.10.1 added - libsmartcols1-2.37.2-150400.8.3.1 added - libcom_err2-1.46.4-150400.3.3.1 added - libblkid1-2.37.2-150400.8.3.1 added - libgcrypt20-1.9.4-150400.6.5.1 added - libgcrypt20-hmac-1.9.4-150400.6.5.1 added - libfdisk1-2.37.2-150400.8.3.1 added - libcap-ng0-0.7.9-4.37 added - libunistring2-0.9.10-1.1 added - libz1-1.2.11-150000.3.33.1 added - libpcre1-8.45-150000.20.13.1 added - liblzma5-5.2.3-150000.4.7.1 added - liblua5_3-5-5.3.6-3.6.1 added - libkeyutils1-1.6.3-5.6.1 added - libjitterentropy3-3.4.0-150000.1.6.1 added - libgmp10-6.1.2-4.9.1 added - libgcc_s1-11.3.0+git1637-150000.1.11.2 added - libidn2-0-2.2.0-3.6.1 added - libmagic1-5.32-7.14.1 added - libstdc++6-11.3.0+git1637-150000.1.11.2 added - libpsl5-0.20.1-150000.3.3.1 added - libncurses6-6.1-150000.5.12.1 added - terminfo-base-6.1-150000.5.12.1 added - ncurses-utils-6.1-150000.5.12.1 added - libverto1-0.2.6-3.20 added - libpopt0-1.16-3.22 added - libattr1-2.4.47-2.19 added - fillup-1.42-2.18 added - libzio1-1.06-2.20 added - libselinux1-3.1-150400.1.69 added - libreadline7-7.0-150400.25.22 added - libsemanage1-3.1-150400.1.65 added - bash-4.4-150400.25.22 added - bash-sh-4.4-150400.25.22 added - login_defs-4.8.1-150400.8.57 added - cpio-2.13-150400.1.98 added - libelf1-0.185-150400.5.3.1 added - libxml2-2-2.9.14-150400.5.10.1 added - libsystemd0-249.12-150400.8.10.1 added - libopenssl1_1-1.1.1l-150400.7.10.5 added - libopenssl1_1-hmac-1.1.1l-150400.7.10.5 added - libmount1-2.37.2-150400.8.3.1 added - libdw1-0.185-150400.5.3.1 added - libcrack2-2.9.7-11.6.1 added - cracklib-2.9.7-11.6.1 added - libldap-2_4-2-2.4.46-150200.14.11.2 added - libacl1-2.2.52-4.3.1 added - findutils-4.8.0-1.20 added - info-6.5-4.17 added - patterns-base-fips-20200124-150400.18.4 added - krb5-1.19.2-150400.1.9 added - coreutils-8.32-150400.7.5 added - libssh4-0.9.6-150400.1.5 added - sles-release-15.4-150400.55.1 added - sed-4.4-11.6 added - grep-3.1-150000.4.6.1 added - diffutils-3.6-4.3.1 added - libtirpc3-1.2.6-150300.3.14.1 added - libcurl4-7.79.1-150400.5.6.1 added - rpm-config-SUSE-1-150400.14.3.1 added - permissions-20201225-150400.5.11.1 added - libnsl2-1.2.0-2.44 added - rpm-ndb-4.14.3-150300.49.1 added - pam-1.3.0-150000.6.58.3 added - shadow-4.8.1-150400.8.57 added - sysuser-shadow-3.1-150400.1.35 added - system-group-hardware-20170617-150400.22.33 added - libutempter0-1.1.6-3.42 added - util-linux-2.37.2-150400.8.3.1 added - aaa_base-84.87+git20180409.04c9dae-150300.10.3.1 added - timezone-2022a-150000.75.10.1 added - go1.18-1.18.7-150000.1.34.1 updated - container:sles15-image-15.0.0-27.14.5 updated From sle-updates at lists.suse.com Wed Oct 26 07:49:02 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 Oct 2022 09:49:02 +0200 (CEST) Subject: SUSE-CU-2022:2716-1: Security update of bci/golang Message-ID: <20221026074902.DE826F78D@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2716-1 Container Tags : bci/golang:1.19 , bci/golang:1.19-18.7 , bci/golang:latest Container Release : 18.7 Severity : important Type : security References : 1121365 1180995 1182983 1190651 1190653 1190700 1190888 1191020 1193859 1198471 1198472 1199492 1200441 1201293 1202117 1202148 1202870 1203046 1203069 1204023 1204024 1204025 1204366 1204367 CVE-2022-2879 CVE-2022-2880 CVE-2022-40303 CVE-2022-40304 CVE-2022-41715 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2796-1 Released: Fri Aug 12 14:34:31 2022 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: This update for jitterentropy fixes the following issues: jitterentropy is included in version 3.4.0 (jsc#SLE-24941): This is a FIPS 140-3 / NIST 800-90b compliant userspace jitter entropy generator library, used by other FIPS libraries. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3328-1 Released: Wed Sep 21 12:48:56 2022 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: 1202870 This update for jitterentropy fixes the following issues: - Hide the non-GNUC constructs that are library internal from the exported header, to make it usable in builds with strict C99 compliance. (bsc#1202870) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3551-1 Released: Fri Oct 7 17:03:55 2022 Summary: Recommended update for libgcrypt Type: recommended Severity: moderate References: 1182983,1190700,1191020,1202117 This update for libgcrypt fixes the following issues: - FIPS: Fixed gpg/gpg2 gets out of core handler in FIPS mode while typing Tab key to Auto-Completion. [bsc#1182983] - FIPS: Ported libgcrypt to use jitterentropy [bsc#1202117, jsc#SLE-24941] * Enable the jitter based entropy generator by default in random.conf * Update the internal jitterentropy to version 3.4.0 - FIPS: Get most of the entropy from rndjent_poll [bsc#1202117] - FIPS: Check keylength in gcry_fips_indicator_kdf() [bsc#1190700] * Consider approved keylength greater or equal to 112 bits. - FIPS: Zeroize buffer and digest in check_binary_integrity() [bsc#1191020] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3555-1 Released: Mon Oct 10 14:05:12 2022 Summary: Recommended update for aaa_base Type: recommended Severity: important References: 1199492 This update for aaa_base fixes the following issues: - The wrapper rootsh is not a restricted shell. (bsc#1199492) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3663-1 Released: Wed Oct 19 19:05:21 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1121365,1180995,1190651,1190653,1190888,1193859,1198471,1198472,1201293,1202148,1203046,1203069 This update for openssl-1_1 fixes the following issues: - FIPS: Default to RFC-7919 groups for genparam and dhparam - FIPS: list only FIPS approved digest and public key algorithms [bsc#1121365, bsc#1190888, bsc#1193859, bsc#1198471, bsc#1198472] - FIPS: Add KAT for the RAND_DRBG implementation [bsc#1203069] - FIPS: openssl: RAND api should call into FIPS DRBG [bsc#1201293] * The FIPS_drbg implementation is not FIPS validated anymore. To provide backwards compatibility for applications that need FIPS compliant RNG number generation and use FIPS_drbg_generate, this function was re-wired to call the FIPS validated DRBG instance instead through the RAND_bytes() call. - FIPS: Fix minor memory leaks by FIPS patch [bsc#1203046] - FIPS: OpenSSL: Port openssl to use jitterentropy [bsc#1202148, jsc#SLE-24941] libcrypto.so now requires libjitterentropy3 library. - FIPS: OpenSSL Provide a service-level indicator [bsc#1190651] - FIPS: Add zeroization of temporary variables to the hmac integrity function FIPSCHECK_verify(). [bsc#1190653] ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3669-1 Released: Wed Oct 19 21:35:23 2022 Summary: Security update for go1.19 Type: security Severity: important References: 1200441,1204023,1204024,1204025,CVE-2022-2879,CVE-2022-2880,CVE-2022-41715 This update for go1.19 fixes the following issues: Updated to version 1.19.2 (bsc#1200441): - CVE-2022-41715: Fixed memory exhaustion in regexp/syntax (bsc#1204023). - CVE-2022-2879: Fixed unbounded memory consumption when reading headers in archive/tar (bsc#1204024). - CVE-2022-2880: Fixed ReverseProxy forwarding unparseable query parameters (bsc#1204025). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3692-1 Released: Fri Oct 21 16:15:07 2022 Summary: Security update for libxml2 Type: security Severity: important References: 1204366,1204367,CVE-2022-40303,CVE-2022-40304 This update for libxml2 fixes the following issues: - CVE-2022-40303: Fixed integer overflows with XML_PARSE_HUGE (bsc#1204366). - CVE-2022-40304: Fixed dict corruption caused by entity reference cycles (bsc#1204367). The following package changes have been done: - file-magic-5.32-7.14.1 added - system-user-root-20190513-3.3.1 added - filesystem-15.0-11.8.1 added - cracklib-dict-small-2.9.7-11.6.1 added - libldap-data-2.4.46-150200.14.11.2 added - libtirpc-netconfig-1.2.6-150300.3.14.1 added - glibc-2.31-150300.41.1 added - libsasl2-3-2.1.27-150300.4.6.1 added - libcrypt1-4.4.15-150300.4.4.3 added - perl-base-5.26.1-150300.17.11.1 added - libssh-config-0.9.6-150400.1.5 added - libzstd1-1.5.0-150400.1.71 added - libsepol1-3.1-150400.1.70 added - liblz4-1-1.9.3-150400.1.7 added - libgpg-error0-1.42-150400.1.101 added - libeconf0-0.4.4+git20220104.962774f-150400.1.38 added - libcap2-2.63-150400.1.7 added - libbz2-1-1.0.8-150400.1.122 added - libaudit1-3.0.6-150400.2.13 added - libnghttp2-14-1.40.0-6.1 added - libbrotlicommon1-1.0.7-3.3.1 added - libbrotlidec1-1.0.7-3.3.1 added - libuuid1-2.37.2-150400.8.3.1 added - libudev1-249.12-150400.8.10.1 added - libsmartcols1-2.37.2-150400.8.3.1 added - libcom_err2-1.46.4-150400.3.3.1 added - libblkid1-2.37.2-150400.8.3.1 added - libgcrypt20-1.9.4-150400.6.5.1 added - libgcrypt20-hmac-1.9.4-150400.6.5.1 added - libfdisk1-2.37.2-150400.8.3.1 added - libcap-ng0-0.7.9-4.37 added - libunistring2-0.9.10-1.1 added - libz1-1.2.11-150000.3.33.1 added - libpcre1-8.45-150000.20.13.1 added - liblzma5-5.2.3-150000.4.7.1 added - liblua5_3-5-5.3.6-3.6.1 added - libkeyutils1-1.6.3-5.6.1 added - libjitterentropy3-3.4.0-150000.1.6.1 added - libgmp10-6.1.2-4.9.1 added - libgcc_s1-11.3.0+git1637-150000.1.11.2 added - libidn2-0-2.2.0-3.6.1 added - libmagic1-5.32-7.14.1 added - libstdc++6-11.3.0+git1637-150000.1.11.2 added - libpsl5-0.20.1-150000.3.3.1 added - libncurses6-6.1-150000.5.12.1 added - terminfo-base-6.1-150000.5.12.1 added - ncurses-utils-6.1-150000.5.12.1 added - libverto1-0.2.6-3.20 added - libpopt0-1.16-3.22 added - libattr1-2.4.47-2.19 added - fillup-1.42-2.18 added - libzio1-1.06-2.20 added - libselinux1-3.1-150400.1.69 added - libreadline7-7.0-150400.25.22 added - libsemanage1-3.1-150400.1.65 added - bash-4.4-150400.25.22 added - bash-sh-4.4-150400.25.22 added - login_defs-4.8.1-150400.8.57 added - cpio-2.13-150400.1.98 added - libelf1-0.185-150400.5.3.1 added - libxml2-2-2.9.14-150400.5.10.1 added - libsystemd0-249.12-150400.8.10.1 added - libopenssl1_1-1.1.1l-150400.7.10.5 added - libopenssl1_1-hmac-1.1.1l-150400.7.10.5 added - libmount1-2.37.2-150400.8.3.1 added - libdw1-0.185-150400.5.3.1 added - libcrack2-2.9.7-11.6.1 added - cracklib-2.9.7-11.6.1 added - libldap-2_4-2-2.4.46-150200.14.11.2 added - libacl1-2.2.52-4.3.1 added - findutils-4.8.0-1.20 added - info-6.5-4.17 added - patterns-base-fips-20200124-150400.18.4 added - krb5-1.19.2-150400.1.9 added - coreutils-8.32-150400.7.5 added - libssh4-0.9.6-150400.1.5 added - sles-release-15.4-150400.55.1 added - sed-4.4-11.6 added - grep-3.1-150000.4.6.1 added - diffutils-3.6-4.3.1 added - libtirpc3-1.2.6-150300.3.14.1 added - libcurl4-7.79.1-150400.5.6.1 added - rpm-config-SUSE-1-150400.14.3.1 added - permissions-20201225-150400.5.11.1 added - libnsl2-1.2.0-2.44 added - rpm-ndb-4.14.3-150300.49.1 added - pam-1.3.0-150000.6.58.3 added - shadow-4.8.1-150400.8.57 added - sysuser-shadow-3.1-150400.1.35 added - system-group-hardware-20170617-150400.22.33 added - libutempter0-1.1.6-3.42 added - util-linux-2.37.2-150400.8.3.1 added - aaa_base-84.87+git20180409.04c9dae-150300.10.3.1 added - timezone-2022a-150000.75.10.1 added - go1.19-1.19.2-150000.1.12.1 updated - container:sles15-image-15.0.0-27.14.5 updated From sle-updates at lists.suse.com Wed Oct 26 07:50:18 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 Oct 2022 09:50:18 +0200 (CEST) Subject: SUSE-CU-2022:2717-1: Security update of bci/bci-init Message-ID: <20221026075018.49049F78D@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2717-1 Container Tags : bci/bci-init:15.4 , bci/bci-init:15.4.24.7 , bci/bci-init:latest Container Release : 24.7 Severity : important Type : security References : 1121365 1180995 1182983 1190651 1190653 1190700 1190888 1191020 1193859 1198471 1198472 1199492 1201293 1202117 1202148 1202870 1203046 1203069 1204366 1204367 CVE-2022-40303 CVE-2022-40304 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2796-1 Released: Fri Aug 12 14:34:31 2022 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: This update for jitterentropy fixes the following issues: jitterentropy is included in version 3.4.0 (jsc#SLE-24941): This is a FIPS 140-3 / NIST 800-90b compliant userspace jitter entropy generator library, used by other FIPS libraries. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3328-1 Released: Wed Sep 21 12:48:56 2022 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: 1202870 This update for jitterentropy fixes the following issues: - Hide the non-GNUC constructs that are library internal from the exported header, to make it usable in builds with strict C99 compliance. (bsc#1202870) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3551-1 Released: Fri Oct 7 17:03:55 2022 Summary: Recommended update for libgcrypt Type: recommended Severity: moderate References: 1182983,1190700,1191020,1202117 This update for libgcrypt fixes the following issues: - FIPS: Fixed gpg/gpg2 gets out of core handler in FIPS mode while typing Tab key to Auto-Completion. [bsc#1182983] - FIPS: Ported libgcrypt to use jitterentropy [bsc#1202117, jsc#SLE-24941] * Enable the jitter based entropy generator by default in random.conf * Update the internal jitterentropy to version 3.4.0 - FIPS: Get most of the entropy from rndjent_poll [bsc#1202117] - FIPS: Check keylength in gcry_fips_indicator_kdf() [bsc#1190700] * Consider approved keylength greater or equal to 112 bits. - FIPS: Zeroize buffer and digest in check_binary_integrity() [bsc#1191020] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3555-1 Released: Mon Oct 10 14:05:12 2022 Summary: Recommended update for aaa_base Type: recommended Severity: important References: 1199492 This update for aaa_base fixes the following issues: - The wrapper rootsh is not a restricted shell. (bsc#1199492) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3663-1 Released: Wed Oct 19 19:05:21 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1121365,1180995,1190651,1190653,1190888,1193859,1198471,1198472,1201293,1202148,1203046,1203069 This update for openssl-1_1 fixes the following issues: - FIPS: Default to RFC-7919 groups for genparam and dhparam - FIPS: list only FIPS approved digest and public key algorithms [bsc#1121365, bsc#1190888, bsc#1193859, bsc#1198471, bsc#1198472] - FIPS: Add KAT for the RAND_DRBG implementation [bsc#1203069] - FIPS: openssl: RAND api should call into FIPS DRBG [bsc#1201293] * The FIPS_drbg implementation is not FIPS validated anymore. To provide backwards compatibility for applications that need FIPS compliant RNG number generation and use FIPS_drbg_generate, this function was re-wired to call the FIPS validated DRBG instance instead through the RAND_bytes() call. - FIPS: Fix minor memory leaks by FIPS patch [bsc#1203046] - FIPS: OpenSSL: Port openssl to use jitterentropy [bsc#1202148, jsc#SLE-24941] libcrypto.so now requires libjitterentropy3 library. - FIPS: OpenSSL Provide a service-level indicator [bsc#1190651] - FIPS: Add zeroization of temporary variables to the hmac integrity function FIPSCHECK_verify(). [bsc#1190653] ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3692-1 Released: Fri Oct 21 16:15:07 2022 Summary: Security update for libxml2 Type: security Severity: important References: 1204366,1204367,CVE-2022-40303,CVE-2022-40304 This update for libxml2 fixes the following issues: - CVE-2022-40303: Fixed integer overflows with XML_PARSE_HUGE (bsc#1204366). - CVE-2022-40304: Fixed dict corruption caused by entity reference cycles (bsc#1204367). The following package changes have been done: - file-magic-5.32-7.14.1 added - system-user-root-20190513-3.3.1 added - filesystem-15.0-11.8.1 added - cracklib-dict-small-2.9.7-11.6.1 added - libldap-data-2.4.46-150200.14.11.2 added - libtirpc-netconfig-1.2.6-150300.3.14.1 added - glibc-2.31-150300.41.1 added - libsasl2-3-2.1.27-150300.4.6.1 added - libcrypt1-4.4.15-150300.4.4.3 added - perl-base-5.26.1-150300.17.11.1 added - libssh-config-0.9.6-150400.1.5 added - libzstd1-1.5.0-150400.1.71 added - libsepol1-3.1-150400.1.70 added - liblz4-1-1.9.3-150400.1.7 added - libgpg-error0-1.42-150400.1.101 added - libeconf0-0.4.4+git20220104.962774f-150400.1.38 added - libcap2-2.63-150400.1.7 added - libbz2-1-1.0.8-150400.1.122 added - libaudit1-3.0.6-150400.2.13 added - libnghttp2-14-1.40.0-6.1 added - libbrotlicommon1-1.0.7-3.3.1 added - libbrotlidec1-1.0.7-3.3.1 added - libuuid1-2.37.2-150400.8.3.1 added - libudev1-249.12-150400.8.10.1 added - libsmartcols1-2.37.2-150400.8.3.1 added - libcom_err2-1.46.4-150400.3.3.1 added - libblkid1-2.37.2-150400.8.3.1 added - libgcrypt20-1.9.4-150400.6.5.1 added - libgcrypt20-hmac-1.9.4-150400.6.5.1 added - libfdisk1-2.37.2-150400.8.3.1 added - libcap-ng0-0.7.9-4.37 added - libunistring2-0.9.10-1.1 added - libz1-1.2.11-150000.3.33.1 added - libpcre1-8.45-150000.20.13.1 added - liblzma5-5.2.3-150000.4.7.1 added - liblua5_3-5-5.3.6-3.6.1 added - libkeyutils1-1.6.3-5.6.1 added - libjitterentropy3-3.4.0-150000.1.6.1 added - libgmp10-6.1.2-4.9.1 added - libgcc_s1-11.3.0+git1637-150000.1.11.2 added - libidn2-0-2.2.0-3.6.1 added - libmagic1-5.32-7.14.1 added - libstdc++6-11.3.0+git1637-150000.1.11.2 added - libpsl5-0.20.1-150000.3.3.1 added - libncurses6-6.1-150000.5.12.1 added - terminfo-base-6.1-150000.5.12.1 added - ncurses-utils-6.1-150000.5.12.1 added - libverto1-0.2.6-3.20 added - libpopt0-1.16-3.22 added - libattr1-2.4.47-2.19 added - fillup-1.42-2.18 added - libzio1-1.06-2.20 added - libselinux1-3.1-150400.1.69 added - libreadline7-7.0-150400.25.22 added - libsemanage1-3.1-150400.1.65 added - bash-4.4-150400.25.22 added - bash-sh-4.4-150400.25.22 added - login_defs-4.8.1-150400.8.57 added - cpio-2.13-150400.1.98 added - libelf1-0.185-150400.5.3.1 added - libxml2-2-2.9.14-150400.5.10.1 added - libsystemd0-249.12-150400.8.10.1 added - libopenssl1_1-1.1.1l-150400.7.10.5 added - libopenssl1_1-hmac-1.1.1l-150400.7.10.5 added - libmount1-2.37.2-150400.8.3.1 added - libdw1-0.185-150400.5.3.1 added - libcrack2-2.9.7-11.6.1 added - cracklib-2.9.7-11.6.1 added - libldap-2_4-2-2.4.46-150200.14.11.2 added - libacl1-2.2.52-4.3.1 added - findutils-4.8.0-1.20 added - info-6.5-4.17 added - patterns-base-fips-20200124-150400.18.4 added - krb5-1.19.2-150400.1.9 added - coreutils-8.32-150400.7.5 added - libssh4-0.9.6-150400.1.5 added - sles-release-15.4-150400.55.1 added - sed-4.4-11.6 added - grep-3.1-150000.4.6.1 added - diffutils-3.6-4.3.1 added - libtirpc3-1.2.6-150300.3.14.1 added - libcurl4-7.79.1-150400.5.6.1 added - rpm-config-SUSE-1-150400.14.3.1 added - permissions-20201225-150400.5.11.1 added - libnsl2-1.2.0-2.44 added - rpm-ndb-4.14.3-150300.49.1 added - pam-1.3.0-150000.6.58.3 added - shadow-4.8.1-150400.8.57 added - sysuser-shadow-3.1-150400.1.35 added - system-group-hardware-20170617-150400.22.33 added - libutempter0-1.1.6-3.42 added - util-linux-2.37.2-150400.8.3.1 added - aaa_base-84.87+git20180409.04c9dae-150300.10.3.1 added - netcfg-11.6-3.3.1 added - timezone-2022a-150000.75.10.1 added - libffi7-3.2.1.git259-10.8 added - libp11-kit0-0.23.22-150400.1.10 added - container:sles15-image-15.0.0-27.14.5 updated From sle-updates at lists.suse.com Wed Oct 26 07:51:59 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 Oct 2022 09:51:59 +0200 (CEST) Subject: SUSE-CU-2022:2720-1: Security update of bci/nodejs Message-ID: <20221026075159.74B94F78D@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2720-1 Container Tags : bci/node:14 , bci/node:14-35.6 , bci/nodejs:14 , bci/nodejs:14-35.6 Container Release : 35.6 Severity : important Type : security References : 1121365 1180995 1182983 1190651 1190653 1190700 1190888 1191020 1193859 1198471 1198472 1199492 1201293 1202117 1202148 1202870 1203046 1203069 1204366 1204367 CVE-2022-40303 CVE-2022-40304 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2796-1 Released: Fri Aug 12 14:34:31 2022 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: This update for jitterentropy fixes the following issues: jitterentropy is included in version 3.4.0 (jsc#SLE-24941): This is a FIPS 140-3 / NIST 800-90b compliant userspace jitter entropy generator library, used by other FIPS libraries. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3328-1 Released: Wed Sep 21 12:48:56 2022 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: 1202870 This update for jitterentropy fixes the following issues: - Hide the non-GNUC constructs that are library internal from the exported header, to make it usable in builds with strict C99 compliance. (bsc#1202870) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3551-1 Released: Fri Oct 7 17:03:55 2022 Summary: Recommended update for libgcrypt Type: recommended Severity: moderate References: 1182983,1190700,1191020,1202117 This update for libgcrypt fixes the following issues: - FIPS: Fixed gpg/gpg2 gets out of core handler in FIPS mode while typing Tab key to Auto-Completion. [bsc#1182983] - FIPS: Ported libgcrypt to use jitterentropy [bsc#1202117, jsc#SLE-24941] * Enable the jitter based entropy generator by default in random.conf * Update the internal jitterentropy to version 3.4.0 - FIPS: Get most of the entropy from rndjent_poll [bsc#1202117] - FIPS: Check keylength in gcry_fips_indicator_kdf() [bsc#1190700] * Consider approved keylength greater or equal to 112 bits. - FIPS: Zeroize buffer and digest in check_binary_integrity() [bsc#1191020] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3555-1 Released: Mon Oct 10 14:05:12 2022 Summary: Recommended update for aaa_base Type: recommended Severity: important References: 1199492 This update for aaa_base fixes the following issues: - The wrapper rootsh is not a restricted shell. (bsc#1199492) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3663-1 Released: Wed Oct 19 19:05:21 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1121365,1180995,1190651,1190653,1190888,1193859,1198471,1198472,1201293,1202148,1203046,1203069 This update for openssl-1_1 fixes the following issues: - FIPS: Default to RFC-7919 groups for genparam and dhparam - FIPS: list only FIPS approved digest and public key algorithms [bsc#1121365, bsc#1190888, bsc#1193859, bsc#1198471, bsc#1198472] - FIPS: Add KAT for the RAND_DRBG implementation [bsc#1203069] - FIPS: openssl: RAND api should call into FIPS DRBG [bsc#1201293] * The FIPS_drbg implementation is not FIPS validated anymore. To provide backwards compatibility for applications that need FIPS compliant RNG number generation and use FIPS_drbg_generate, this function was re-wired to call the FIPS validated DRBG instance instead through the RAND_bytes() call. - FIPS: Fix minor memory leaks by FIPS patch [bsc#1203046] - FIPS: OpenSSL: Port openssl to use jitterentropy [bsc#1202148, jsc#SLE-24941] libcrypto.so now requires libjitterentropy3 library. - FIPS: OpenSSL Provide a service-level indicator [bsc#1190651] - FIPS: Add zeroization of temporary variables to the hmac integrity function FIPSCHECK_verify(). [bsc#1190653] ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3692-1 Released: Fri Oct 21 16:15:07 2022 Summary: Security update for libxml2 Type: security Severity: important References: 1204366,1204367,CVE-2022-40303,CVE-2022-40304 This update for libxml2 fixes the following issues: - CVE-2022-40303: Fixed integer overflows with XML_PARSE_HUGE (bsc#1204366). - CVE-2022-40304: Fixed dict corruption caused by entity reference cycles (bsc#1204367). The following package changes have been done: - file-magic-5.32-7.14.1 added - system-user-root-20190513-3.3.1 added - filesystem-15.0-11.8.1 added - cracklib-dict-small-2.9.7-11.6.1 added - libldap-data-2.4.46-150200.14.11.2 added - libtirpc-netconfig-1.2.6-150300.3.14.1 added - glibc-2.31-150300.41.1 added - libsasl2-3-2.1.27-150300.4.6.1 added - libcrypt1-4.4.15-150300.4.4.3 added - perl-base-5.26.1-150300.17.11.1 added - libssh-config-0.9.6-150400.1.5 added - libzstd1-1.5.0-150400.1.71 added - libsepol1-3.1-150400.1.70 added - liblz4-1-1.9.3-150400.1.7 added - libgpg-error0-1.42-150400.1.101 added - libeconf0-0.4.4+git20220104.962774f-150400.1.38 added - libcap2-2.63-150400.1.7 added - libbz2-1-1.0.8-150400.1.122 added - libaudit1-3.0.6-150400.2.13 added - libnghttp2-14-1.40.0-6.1 added - libbrotlicommon1-1.0.7-3.3.1 added - libbrotlidec1-1.0.7-3.3.1 added - libuuid1-2.37.2-150400.8.3.1 added - libudev1-249.12-150400.8.10.1 added - libsmartcols1-2.37.2-150400.8.3.1 added - libcom_err2-1.46.4-150400.3.3.1 added - libblkid1-2.37.2-150400.8.3.1 added - libgcrypt20-1.9.4-150400.6.5.1 added - libgcrypt20-hmac-1.9.4-150400.6.5.1 added - libfdisk1-2.37.2-150400.8.3.1 added - libcap-ng0-0.7.9-4.37 added - libunistring2-0.9.10-1.1 added - libz1-1.2.11-150000.3.33.1 added - libpcre1-8.45-150000.20.13.1 added - liblzma5-5.2.3-150000.4.7.1 added - liblua5_3-5-5.3.6-3.6.1 added - libkeyutils1-1.6.3-5.6.1 added - libjitterentropy3-3.4.0-150000.1.6.1 added - libgmp10-6.1.2-4.9.1 added - libgcc_s1-11.3.0+git1637-150000.1.11.2 added - libidn2-0-2.2.0-3.6.1 added - libmagic1-5.32-7.14.1 added - libstdc++6-11.3.0+git1637-150000.1.11.2 added - libpsl5-0.20.1-150000.3.3.1 added - libncurses6-6.1-150000.5.12.1 added - terminfo-base-6.1-150000.5.12.1 added - ncurses-utils-6.1-150000.5.12.1 added - libverto1-0.2.6-3.20 added - libpopt0-1.16-3.22 added - libattr1-2.4.47-2.19 added - fillup-1.42-2.18 added - libzio1-1.06-2.20 added - libselinux1-3.1-150400.1.69 added - libreadline7-7.0-150400.25.22 added - libsemanage1-3.1-150400.1.65 added - bash-4.4-150400.25.22 added - bash-sh-4.4-150400.25.22 added - login_defs-4.8.1-150400.8.57 added - cpio-2.13-150400.1.98 added - libelf1-0.185-150400.5.3.1 added - libxml2-2-2.9.14-150400.5.10.1 added - libsystemd0-249.12-150400.8.10.1 added - libopenssl1_1-1.1.1l-150400.7.10.5 added - libopenssl1_1-hmac-1.1.1l-150400.7.10.5 added - libmount1-2.37.2-150400.8.3.1 added - libdw1-0.185-150400.5.3.1 added - libcrack2-2.9.7-11.6.1 added - cracklib-2.9.7-11.6.1 added - libldap-2_4-2-2.4.46-150200.14.11.2 added - libacl1-2.2.52-4.3.1 added - findutils-4.8.0-1.20 added - info-6.5-4.17 added - patterns-base-fips-20200124-150400.18.4 added - krb5-1.19.2-150400.1.9 added - coreutils-8.32-150400.7.5 added - libssh4-0.9.6-150400.1.5 added - sles-release-15.4-150400.55.1 added - sed-4.4-11.6 added - grep-3.1-150000.4.6.1 added - diffutils-3.6-4.3.1 added - libtirpc3-1.2.6-150300.3.14.1 added - libcurl4-7.79.1-150400.5.6.1 added - rpm-config-SUSE-1-150400.14.3.1 added - permissions-20201225-150400.5.11.1 added - libnsl2-1.2.0-2.44 added - rpm-ndb-4.14.3-150300.49.1 added - pam-1.3.0-150000.6.58.3 added - shadow-4.8.1-150400.8.57 added - sysuser-shadow-3.1-150400.1.35 added - system-group-hardware-20170617-150400.22.33 added - libutempter0-1.1.6-3.42 added - util-linux-2.37.2-150400.8.3.1 added - aaa_base-84.87+git20180409.04c9dae-150300.10.3.1 added - netcfg-11.6-3.3.1 added - timezone-2022a-150000.75.10.1 added - libffi7-3.2.1.git259-10.8 added - container:sles15-image-15.0.0-27.14.5 updated From sle-updates at lists.suse.com Wed Oct 26 07:52:38 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 Oct 2022 09:52:38 +0200 (CEST) Subject: SUSE-CU-2022:2721-1: Security update of bci/nodejs Message-ID: <20221026075238.3A9F9F78D@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2721-1 Container Tags : bci/node:16 , bci/node:16-11.6 , bci/node:latest , bci/nodejs:16 , bci/nodejs:16-11.6 , bci/nodejs:latest Container Release : 11.6 Severity : important Type : security References : 1121365 1180995 1182983 1190651 1190653 1190700 1190888 1191020 1193859 1198471 1198472 1199492 1201293 1201325 1201327 1202117 1202148 1202870 1203046 1203069 1203831 1203832 1204366 1204367 CVE-2022-32213 CVE-2022-32215 CVE-2022-35255 CVE-2022-35256 CVE-2022-40303 CVE-2022-40304 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2796-1 Released: Fri Aug 12 14:34:31 2022 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: This update for jitterentropy fixes the following issues: jitterentropy is included in version 3.4.0 (jsc#SLE-24941): This is a FIPS 140-3 / NIST 800-90b compliant userspace jitter entropy generator library, used by other FIPS libraries. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3328-1 Released: Wed Sep 21 12:48:56 2022 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: 1202870 This update for jitterentropy fixes the following issues: - Hide the non-GNUC constructs that are library internal from the exported header, to make it usable in builds with strict C99 compliance. (bsc#1202870) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3551-1 Released: Fri Oct 7 17:03:55 2022 Summary: Recommended update for libgcrypt Type: recommended Severity: moderate References: 1182983,1190700,1191020,1202117 This update for libgcrypt fixes the following issues: - FIPS: Fixed gpg/gpg2 gets out of core handler in FIPS mode while typing Tab key to Auto-Completion. [bsc#1182983] - FIPS: Ported libgcrypt to use jitterentropy [bsc#1202117, jsc#SLE-24941] * Enable the jitter based entropy generator by default in random.conf * Update the internal jitterentropy to version 3.4.0 - FIPS: Get most of the entropy from rndjent_poll [bsc#1202117] - FIPS: Check keylength in gcry_fips_indicator_kdf() [bsc#1190700] * Consider approved keylength greater or equal to 112 bits. - FIPS: Zeroize buffer and digest in check_binary_integrity() [bsc#1191020] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3555-1 Released: Mon Oct 10 14:05:12 2022 Summary: Recommended update for aaa_base Type: recommended Severity: important References: 1199492 This update for aaa_base fixes the following issues: - The wrapper rootsh is not a restricted shell. (bsc#1199492) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3656-1 Released: Wed Oct 19 12:34:38 2022 Summary: Security update for nodejs16 Type: security Severity: important References: 1201325,1201327,1203831,1203832,CVE-2022-32213,CVE-2022-32215,CVE-2022-35255,CVE-2022-35256 This update for nodejs16 fixes the following issues: Updated to version 16.17.1: - CVE-2022-32213: Fixed bypass via obs-fold mechanic (bsc#1201325). - CVE-2022-32215: Fixed incorrect Parsing of Multi-line Transfer-Encoding (bsc#1201327). - CVE-2022-35256: Fixed incorrect Parsing of Header Fields (bsc#1203832). - CVE-2022-35255: FIxed weak randomness in WebCrypto keygen (bsc#1203831). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3663-1 Released: Wed Oct 19 19:05:21 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1121365,1180995,1190651,1190653,1190888,1193859,1198471,1198472,1201293,1202148,1203046,1203069 This update for openssl-1_1 fixes the following issues: - FIPS: Default to RFC-7919 groups for genparam and dhparam - FIPS: list only FIPS approved digest and public key algorithms [bsc#1121365, bsc#1190888, bsc#1193859, bsc#1198471, bsc#1198472] - FIPS: Add KAT for the RAND_DRBG implementation [bsc#1203069] - FIPS: openssl: RAND api should call into FIPS DRBG [bsc#1201293] * The FIPS_drbg implementation is not FIPS validated anymore. To provide backwards compatibility for applications that need FIPS compliant RNG number generation and use FIPS_drbg_generate, this function was re-wired to call the FIPS validated DRBG instance instead through the RAND_bytes() call. - FIPS: Fix minor memory leaks by FIPS patch [bsc#1203046] - FIPS: OpenSSL: Port openssl to use jitterentropy [bsc#1202148, jsc#SLE-24941] libcrypto.so now requires libjitterentropy3 library. - FIPS: OpenSSL Provide a service-level indicator [bsc#1190651] - FIPS: Add zeroization of temporary variables to the hmac integrity function FIPSCHECK_verify(). [bsc#1190653] ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3692-1 Released: Fri Oct 21 16:15:07 2022 Summary: Security update for libxml2 Type: security Severity: important References: 1204366,1204367,CVE-2022-40303,CVE-2022-40304 This update for libxml2 fixes the following issues: - CVE-2022-40303: Fixed integer overflows with XML_PARSE_HUGE (bsc#1204366). - CVE-2022-40304: Fixed dict corruption caused by entity reference cycles (bsc#1204367). The following package changes have been done: - file-magic-5.32-7.14.1 added - system-user-root-20190513-3.3.1 added - filesystem-15.0-11.8.1 added - cracklib-dict-small-2.9.7-11.6.1 added - libldap-data-2.4.46-150200.14.11.2 added - libtirpc-netconfig-1.2.6-150300.3.14.1 added - glibc-2.31-150300.41.1 added - libsasl2-3-2.1.27-150300.4.6.1 added - libcrypt1-4.4.15-150300.4.4.3 added - perl-base-5.26.1-150300.17.11.1 added - libssh-config-0.9.6-150400.1.5 added - libzstd1-1.5.0-150400.1.71 added - libsepol1-3.1-150400.1.70 added - liblz4-1-1.9.3-150400.1.7 added - libgpg-error0-1.42-150400.1.101 added - libeconf0-0.4.4+git20220104.962774f-150400.1.38 added - libcap2-2.63-150400.1.7 added - libbz2-1-1.0.8-150400.1.122 added - libaudit1-3.0.6-150400.2.13 added - libnghttp2-14-1.40.0-6.1 added - libbrotlicommon1-1.0.7-3.3.1 added - libbrotlidec1-1.0.7-3.3.1 added - libuuid1-2.37.2-150400.8.3.1 added - libudev1-249.12-150400.8.10.1 added - libsmartcols1-2.37.2-150400.8.3.1 added - libcom_err2-1.46.4-150400.3.3.1 added - libblkid1-2.37.2-150400.8.3.1 added - libgcrypt20-1.9.4-150400.6.5.1 added - libgcrypt20-hmac-1.9.4-150400.6.5.1 added - libfdisk1-2.37.2-150400.8.3.1 added - libcap-ng0-0.7.9-4.37 added - libunistring2-0.9.10-1.1 added - libz1-1.2.11-150000.3.33.1 added - libpcre1-8.45-150000.20.13.1 added - liblzma5-5.2.3-150000.4.7.1 added - liblua5_3-5-5.3.6-3.6.1 added - libkeyutils1-1.6.3-5.6.1 added - libjitterentropy3-3.4.0-150000.1.6.1 added - libgmp10-6.1.2-4.9.1 added - libgcc_s1-11.3.0+git1637-150000.1.11.2 added - libidn2-0-2.2.0-3.6.1 added - libmagic1-5.32-7.14.1 added - libstdc++6-11.3.0+git1637-150000.1.11.2 added - libpsl5-0.20.1-150000.3.3.1 added - libncurses6-6.1-150000.5.12.1 added - terminfo-base-6.1-150000.5.12.1 added - ncurses-utils-6.1-150000.5.12.1 added - libverto1-0.2.6-3.20 added - libpopt0-1.16-3.22 added - libattr1-2.4.47-2.19 added - fillup-1.42-2.18 added - libzio1-1.06-2.20 added - libselinux1-3.1-150400.1.69 added - libreadline7-7.0-150400.25.22 added - libsemanage1-3.1-150400.1.65 added - bash-4.4-150400.25.22 added - bash-sh-4.4-150400.25.22 added - login_defs-4.8.1-150400.8.57 added - cpio-2.13-150400.1.98 added - libelf1-0.185-150400.5.3.1 added - libxml2-2-2.9.14-150400.5.10.1 added - libsystemd0-249.12-150400.8.10.1 added - libopenssl1_1-1.1.1l-150400.7.10.5 added - libopenssl1_1-hmac-1.1.1l-150400.7.10.5 added - libmount1-2.37.2-150400.8.3.1 added - libdw1-0.185-150400.5.3.1 added - libcrack2-2.9.7-11.6.1 added - cracklib-2.9.7-11.6.1 added - libldap-2_4-2-2.4.46-150200.14.11.2 added - libacl1-2.2.52-4.3.1 added - findutils-4.8.0-1.20 added - info-6.5-4.17 added - patterns-base-fips-20200124-150400.18.4 added - krb5-1.19.2-150400.1.9 added - coreutils-8.32-150400.7.5 added - libssh4-0.9.6-150400.1.5 added - sles-release-15.4-150400.55.1 added - sed-4.4-11.6 added - grep-3.1-150000.4.6.1 added - diffutils-3.6-4.3.1 added - libtirpc3-1.2.6-150300.3.14.1 added - libcurl4-7.79.1-150400.5.6.1 added - rpm-config-SUSE-1-150400.14.3.1 added - permissions-20201225-150400.5.11.1 added - libnsl2-1.2.0-2.44 added - rpm-ndb-4.14.3-150300.49.1 added - pam-1.3.0-150000.6.58.3 added - shadow-4.8.1-150400.8.57 added - sysuser-shadow-3.1-150400.1.35 added - system-group-hardware-20170617-150400.22.33 added - libutempter0-1.1.6-3.42 added - util-linux-2.37.2-150400.8.3.1 added - aaa_base-84.87+git20180409.04c9dae-150300.10.3.1 added - netcfg-11.6-3.3.1 added - timezone-2022a-150000.75.10.1 added - nodejs16-16.17.1-150400.3.9.1 updated - npm16-16.17.1-150400.3.9.1 updated - container:sles15-image-15.0.0-27.14.5 updated From sle-updates at lists.suse.com Wed Oct 26 07:54:58 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 Oct 2022 09:54:58 +0200 (CEST) Subject: SUSE-CU-2022:2722-1: Security update of bci/openjdk-devel Message-ID: <20221026075458.33B7DF78D@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2722-1 Container Tags : bci/openjdk-devel:11 , bci/openjdk-devel:11-36.11 , bci/openjdk-devel:latest Container Release : 36.11 Severity : important Type : security References : 1121365 1180995 1182983 1190651 1190653 1190700 1190888 1191020 1193859 1198471 1198472 1199492 1201293 1202117 1202148 1202870 1203046 1203069 1203438 1204366 1204367 CVE-2022-40303 CVE-2022-40304 CVE-2022-40674 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2796-1 Released: Fri Aug 12 14:34:31 2022 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: This update for jitterentropy fixes the following issues: jitterentropy is included in version 3.4.0 (jsc#SLE-24941): This is a FIPS 140-3 / NIST 800-90b compliant userspace jitter entropy generator library, used by other FIPS libraries. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3328-1 Released: Wed Sep 21 12:48:56 2022 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: 1202870 This update for jitterentropy fixes the following issues: - Hide the non-GNUC constructs that are library internal from the exported header, to make it usable in builds with strict C99 compliance. (bsc#1202870) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3489-1 Released: Sat Oct 1 13:35:24 2022 Summary: Security update for expat Type: security Severity: important References: 1203438,CVE-2022-40674 This update for expat fixes the following issues: - CVE-2022-40674: Fixed use-after-free in the doContent function in xmlparse.c (bsc#1203438). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3551-1 Released: Fri Oct 7 17:03:55 2022 Summary: Recommended update for libgcrypt Type: recommended Severity: moderate References: 1182983,1190700,1191020,1202117 This update for libgcrypt fixes the following issues: - FIPS: Fixed gpg/gpg2 gets out of core handler in FIPS mode while typing Tab key to Auto-Completion. [bsc#1182983] - FIPS: Ported libgcrypt to use jitterentropy [bsc#1202117, jsc#SLE-24941] * Enable the jitter based entropy generator by default in random.conf * Update the internal jitterentropy to version 3.4.0 - FIPS: Get most of the entropy from rndjent_poll [bsc#1202117] - FIPS: Check keylength in gcry_fips_indicator_kdf() [bsc#1190700] * Consider approved keylength greater or equal to 112 bits. - FIPS: Zeroize buffer and digest in check_binary_integrity() [bsc#1191020] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3555-1 Released: Mon Oct 10 14:05:12 2022 Summary: Recommended update for aaa_base Type: recommended Severity: important References: 1199492 This update for aaa_base fixes the following issues: - The wrapper rootsh is not a restricted shell. (bsc#1199492) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3663-1 Released: Wed Oct 19 19:05:21 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1121365,1180995,1190651,1190653,1190888,1193859,1198471,1198472,1201293,1202148,1203046,1203069 This update for openssl-1_1 fixes the following issues: - FIPS: Default to RFC-7919 groups for genparam and dhparam - FIPS: list only FIPS approved digest and public key algorithms [bsc#1121365, bsc#1190888, bsc#1193859, bsc#1198471, bsc#1198472] - FIPS: Add KAT for the RAND_DRBG implementation [bsc#1203069] - FIPS: openssl: RAND api should call into FIPS DRBG [bsc#1201293] * The FIPS_drbg implementation is not FIPS validated anymore. To provide backwards compatibility for applications that need FIPS compliant RNG number generation and use FIPS_drbg_generate, this function was re-wired to call the FIPS validated DRBG instance instead through the RAND_bytes() call. - FIPS: Fix minor memory leaks by FIPS patch [bsc#1203046] - FIPS: OpenSSL: Port openssl to use jitterentropy [bsc#1202148, jsc#SLE-24941] libcrypto.so now requires libjitterentropy3 library. - FIPS: OpenSSL Provide a service-level indicator [bsc#1190651] - FIPS: Add zeroization of temporary variables to the hmac integrity function FIPSCHECK_verify(). [bsc#1190653] ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3692-1 Released: Fri Oct 21 16:15:07 2022 Summary: Security update for libxml2 Type: security Severity: important References: 1204366,1204367,CVE-2022-40303,CVE-2022-40304 This update for libxml2 fixes the following issues: - CVE-2022-40303: Fixed integer overflows with XML_PARSE_HUGE (bsc#1204366). - CVE-2022-40304: Fixed dict corruption caused by entity reference cycles (bsc#1204367). The following package changes have been done: - file-magic-5.32-7.14.1 added - system-user-root-20190513-3.3.1 added - filesystem-15.0-11.8.1 added - cracklib-dict-small-2.9.7-11.6.1 added - libldap-data-2.4.46-150200.14.11.2 added - libtirpc-netconfig-1.2.6-150300.3.14.1 added - glibc-2.31-150300.41.1 added - libsasl2-3-2.1.27-150300.4.6.1 added - libcrypt1-4.4.15-150300.4.4.3 added - perl-base-5.26.1-150300.17.11.1 added - libssh-config-0.9.6-150400.1.5 added - libzstd1-1.5.0-150400.1.71 added - libsepol1-3.1-150400.1.70 added - liblz4-1-1.9.3-150400.1.7 added - libgpg-error0-1.42-150400.1.101 added - libeconf0-0.4.4+git20220104.962774f-150400.1.38 added - libcap2-2.63-150400.1.7 added - libbz2-1-1.0.8-150400.1.122 added - libaudit1-3.0.6-150400.2.13 added - libnghttp2-14-1.40.0-6.1 added - libbrotlicommon1-1.0.7-3.3.1 added - libbrotlidec1-1.0.7-3.3.1 added - libuuid1-2.37.2-150400.8.3.1 added - libudev1-249.12-150400.8.10.1 added - libsmartcols1-2.37.2-150400.8.3.1 added - libcom_err2-1.46.4-150400.3.3.1 added - libblkid1-2.37.2-150400.8.3.1 added - libgcrypt20-1.9.4-150400.6.5.1 added - libgcrypt20-hmac-1.9.4-150400.6.5.1 added - libfdisk1-2.37.2-150400.8.3.1 added - libcap-ng0-0.7.9-4.37 added - libunistring2-0.9.10-1.1 added - libz1-1.2.11-150000.3.33.1 added - libsqlite3-0-3.39.3-150000.3.17.1 added - libpcre1-8.45-150000.20.13.1 added - liblzma5-5.2.3-150000.4.7.1 added - liblua5_3-5-5.3.6-3.6.1 added - libkeyutils1-1.6.3-5.6.1 added - libjitterentropy3-3.4.0-150000.1.6.1 added - libgmp10-6.1.2-4.9.1 added - libgcc_s1-11.3.0+git1637-150000.1.11.2 added - libidn2-0-2.2.0-3.6.1 added - libmagic1-5.32-7.14.1 added - libstdc++6-11.3.0+git1637-150000.1.11.2 added - libpsl5-0.20.1-150000.3.3.1 added - libncurses6-6.1-150000.5.12.1 added - terminfo-base-6.1-150000.5.12.1 added - ncurses-utils-6.1-150000.5.12.1 added - libverto1-0.2.6-3.20 added - libpopt0-1.16-3.22 added - libattr1-2.4.47-2.19 added - fillup-1.42-2.18 added - libzio1-1.06-2.20 added - libselinux1-3.1-150400.1.69 added - libglib-2_0-0-2.70.4-150400.1.5 added - libreadline7-7.0-150400.25.22 added - libsemanage1-3.1-150400.1.65 added - bash-4.4-150400.25.22 added - bash-sh-4.4-150400.25.22 added - login_defs-4.8.1-150400.8.57 added - cpio-2.13-150400.1.98 added - libelf1-0.185-150400.5.3.1 added - libxml2-2-2.9.14-150400.5.10.1 added - libsystemd0-249.12-150400.8.10.1 added - libopenssl1_1-1.1.1l-150400.7.10.5 added - libopenssl1_1-hmac-1.1.1l-150400.7.10.5 added - libmount1-2.37.2-150400.8.3.1 added - libdw1-0.185-150400.5.3.1 added - libcrack2-2.9.7-11.6.1 added - cracklib-2.9.7-11.6.1 added - libldap-2_4-2-2.4.46-150200.14.11.2 added - libacl1-2.2.52-4.3.1 added - findutils-4.8.0-1.20 added - info-6.5-4.17 added - patterns-base-fips-20200124-150400.18.4 added - krb5-1.19.2-150400.1.9 added - coreutils-8.32-150400.7.5 added - libssh4-0.9.6-150400.1.5 added - sles-release-15.4-150400.55.1 added - sed-4.4-11.6 added - grep-3.1-150000.4.6.1 added - diffutils-3.6-4.3.1 added - libtirpc3-1.2.6-150300.3.14.1 added - libcurl4-7.79.1-150400.5.6.1 added - rpm-config-SUSE-1-150400.14.3.1 added - permissions-20201225-150400.5.11.1 added - libnsl2-1.2.0-2.44 added - rpm-ndb-4.14.3-150300.49.1 added - pam-1.3.0-150000.6.58.3 added - shadow-4.8.1-150400.8.57 added - sysuser-shadow-3.1-150400.1.35 added - system-group-hardware-20170617-150400.22.33 added - libutempter0-1.1.6-3.42 added - util-linux-2.37.2-150400.8.3.1 added - aaa_base-84.87+git20180409.04c9dae-150300.10.3.1 added - libtasn1-6-4.13-4.5.1 added - libtasn1-4.13-4.5.1 added - timezone-2022a-150000.75.10.1 added - libffi7-3.2.1.git259-10.8 added - crypto-policies-20210917.c9d86d1-150400.1.7 added - libp11-kit0-0.23.22-150400.1.10 added - p11-kit-0.23.22-150400.1.10 added - p11-kit-tools-0.23.22-150400.1.10 added - openssl-1_1-1.1.1l-150400.7.10.5 added - ca-certificates-2+git20210309.21162a6-2.1 added - file-5.32-7.14.1 added - javapackages-filesystem-5.3.0-1.36 added - libX11-data-1.6.5-3.21.1 added - libXau6-1.0.8-1.26 added - libasound2-1.2.6.1-150400.1.4 added - libexpat1-2.4.4-150400.3.9.1 added - libfreebl3-3.79.1-150400.3.10.2 added - libfreebl3-hmac-3.79.1-150400.3.10.2 added - libgif7-5.2.1-150000.4.8.1 added - libgraphite2-3-1.3.11-2.12 added - libjpeg8-8.2.2-150400.15.9 added - liblcms2-2-2.12-150400.1.10 added - libpcsclite1-1.9.4-150400.1.9 added - libpng16-16-1.6.34-3.9.1 added - mozilla-nspr-4.34-150000.3.23.1 added - update-alternatives-1.19.0.4-4.3.1 added - javapackages-tools-5.3.0-1.36 added - libxcb1-1.13-150000.3.9.1 added - libfreetype6-2.10.4-150000.4.12.1 added - mozilla-nss-certs-3.79.1-150400.3.10.2 added - libX11-6-1.6.5-3.21.1 added - libharfbuzz0-3.4.0-150400.3.3.1 added - fontconfig-2.13.1-150400.1.4 added - libfontconfig1-2.13.1-150400.1.4 added - libsoftokn3-3.79.1-150400.3.10.2 added - mozilla-nss-3.79.1-150400.3.10.2 added - libXrender1-0.9.10-1.30 added - libXext6-1.3.3-1.30 added - libsoftokn3-hmac-3.79.1-150400.3.10.2 added - java-11-openjdk-headless-11.0.16.0-150000.3.83.1 added - libXtst6-1.2.3-1.24 added - libXi6-1.7.9-3.2.1 added - java-11-openjdk-11.0.16.0-150000.3.83.1 added - container:bci-openjdk-11-15.4-32.5 updated From sle-updates at lists.suse.com Wed Oct 26 07:57:05 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 Oct 2022 09:57:05 +0200 (CEST) Subject: SUSE-CU-2022:2723-1: Security update of bci/openjdk Message-ID: <20221026075705.B22F3F78D@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2723-1 Container Tags : bci/openjdk:11 , bci/openjdk:11-32.5 , bci/openjdk:latest Container Release : 32.5 Severity : important Type : security References : 1121365 1180995 1182983 1190651 1190653 1190700 1190888 1191020 1193859 1198471 1198472 1199492 1201293 1202117 1202148 1202870 1203046 1203069 1204366 1204367 CVE-2022-40303 CVE-2022-40304 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2796-1 Released: Fri Aug 12 14:34:31 2022 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: This update for jitterentropy fixes the following issues: jitterentropy is included in version 3.4.0 (jsc#SLE-24941): This is a FIPS 140-3 / NIST 800-90b compliant userspace jitter entropy generator library, used by other FIPS libraries. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3328-1 Released: Wed Sep 21 12:48:56 2022 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: 1202870 This update for jitterentropy fixes the following issues: - Hide the non-GNUC constructs that are library internal from the exported header, to make it usable in builds with strict C99 compliance. (bsc#1202870) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3551-1 Released: Fri Oct 7 17:03:55 2022 Summary: Recommended update for libgcrypt Type: recommended Severity: moderate References: 1182983,1190700,1191020,1202117 This update for libgcrypt fixes the following issues: - FIPS: Fixed gpg/gpg2 gets out of core handler in FIPS mode while typing Tab key to Auto-Completion. [bsc#1182983] - FIPS: Ported libgcrypt to use jitterentropy [bsc#1202117, jsc#SLE-24941] * Enable the jitter based entropy generator by default in random.conf * Update the internal jitterentropy to version 3.4.0 - FIPS: Get most of the entropy from rndjent_poll [bsc#1202117] - FIPS: Check keylength in gcry_fips_indicator_kdf() [bsc#1190700] * Consider approved keylength greater or equal to 112 bits. - FIPS: Zeroize buffer and digest in check_binary_integrity() [bsc#1191020] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3555-1 Released: Mon Oct 10 14:05:12 2022 Summary: Recommended update for aaa_base Type: recommended Severity: important References: 1199492 This update for aaa_base fixes the following issues: - The wrapper rootsh is not a restricted shell. (bsc#1199492) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3663-1 Released: Wed Oct 19 19:05:21 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1121365,1180995,1190651,1190653,1190888,1193859,1198471,1198472,1201293,1202148,1203046,1203069 This update for openssl-1_1 fixes the following issues: - FIPS: Default to RFC-7919 groups for genparam and dhparam - FIPS: list only FIPS approved digest and public key algorithms [bsc#1121365, bsc#1190888, bsc#1193859, bsc#1198471, bsc#1198472] - FIPS: Add KAT for the RAND_DRBG implementation [bsc#1203069] - FIPS: openssl: RAND api should call into FIPS DRBG [bsc#1201293] * The FIPS_drbg implementation is not FIPS validated anymore. To provide backwards compatibility for applications that need FIPS compliant RNG number generation and use FIPS_drbg_generate, this function was re-wired to call the FIPS validated DRBG instance instead through the RAND_bytes() call. - FIPS: Fix minor memory leaks by FIPS patch [bsc#1203046] - FIPS: OpenSSL: Port openssl to use jitterentropy [bsc#1202148, jsc#SLE-24941] libcrypto.so now requires libjitterentropy3 library. - FIPS: OpenSSL Provide a service-level indicator [bsc#1190651] - FIPS: Add zeroization of temporary variables to the hmac integrity function FIPSCHECK_verify(). [bsc#1190653] ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3692-1 Released: Fri Oct 21 16:15:07 2022 Summary: Security update for libxml2 Type: security Severity: important References: 1204366,1204367,CVE-2022-40303,CVE-2022-40304 This update for libxml2 fixes the following issues: - CVE-2022-40303: Fixed integer overflows with XML_PARSE_HUGE (bsc#1204366). - CVE-2022-40304: Fixed dict corruption caused by entity reference cycles (bsc#1204367). The following package changes have been done: - file-magic-5.32-7.14.1 added - system-user-root-20190513-3.3.1 added - filesystem-15.0-11.8.1 added - cracklib-dict-small-2.9.7-11.6.1 added - libldap-data-2.4.46-150200.14.11.2 added - libtirpc-netconfig-1.2.6-150300.3.14.1 added - glibc-2.31-150300.41.1 added - libsasl2-3-2.1.27-150300.4.6.1 added - libcrypt1-4.4.15-150300.4.4.3 added - perl-base-5.26.1-150300.17.11.1 added - libssh-config-0.9.6-150400.1.5 added - libzstd1-1.5.0-150400.1.71 added - libsepol1-3.1-150400.1.70 added - liblz4-1-1.9.3-150400.1.7 added - libgpg-error0-1.42-150400.1.101 added - libeconf0-0.4.4+git20220104.962774f-150400.1.38 added - libcap2-2.63-150400.1.7 added - libbz2-1-1.0.8-150400.1.122 added - libaudit1-3.0.6-150400.2.13 added - libnghttp2-14-1.40.0-6.1 added - libbrotlicommon1-1.0.7-3.3.1 added - libbrotlidec1-1.0.7-3.3.1 added - libuuid1-2.37.2-150400.8.3.1 added - libsmartcols1-2.37.2-150400.8.3.1 added - libcom_err2-1.46.4-150400.3.3.1 added - libblkid1-2.37.2-150400.8.3.1 added - libgcrypt20-1.9.4-150400.6.5.1 added - libgcrypt20-hmac-1.9.4-150400.6.5.1 added - libfdisk1-2.37.2-150400.8.3.1 added - libcap-ng0-0.7.9-4.37 added - libunistring2-0.9.10-1.1 added - libz1-1.2.11-150000.3.33.1 added - libsqlite3-0-3.39.3-150000.3.17.1 added - libpcre1-8.45-150000.20.13.1 added - liblzma5-5.2.3-150000.4.7.1 added - liblua5_3-5-5.3.6-3.6.1 added - libkeyutils1-1.6.3-5.6.1 added - libjitterentropy3-3.4.0-150000.1.6.1 added - libgmp10-6.1.2-4.9.1 added - libgcc_s1-11.3.0+git1637-150000.1.11.2 added - libidn2-0-2.2.0-3.6.1 added - libmagic1-5.32-7.14.1 added - libstdc++6-11.3.0+git1637-150000.1.11.2 added - libpsl5-0.20.1-150000.3.3.1 added - libncurses6-6.1-150000.5.12.1 added - terminfo-base-6.1-150000.5.12.1 added - ncurses-utils-6.1-150000.5.12.1 added - libverto1-0.2.6-3.20 added - libpopt0-1.16-3.22 added - libattr1-2.4.47-2.19 added - fillup-1.42-2.18 added - libzio1-1.06-2.20 added - libselinux1-3.1-150400.1.69 added - libglib-2_0-0-2.70.4-150400.1.5 added - libreadline7-7.0-150400.25.22 added - libsemanage1-3.1-150400.1.65 added - bash-4.4-150400.25.22 added - bash-sh-4.4-150400.25.22 added - login_defs-4.8.1-150400.8.57 added - cpio-2.13-150400.1.98 added - libelf1-0.185-150400.5.3.1 added - libxml2-2-2.9.14-150400.5.10.1 added - libsystemd0-249.12-150400.8.10.1 added - libopenssl1_1-1.1.1l-150400.7.10.5 added - libopenssl1_1-hmac-1.1.1l-150400.7.10.5 added - libmount1-2.37.2-150400.8.3.1 added - libdw1-0.185-150400.5.3.1 added - libcrack2-2.9.7-11.6.1 added - cracklib-2.9.7-11.6.1 added - libldap-2_4-2-2.4.46-150200.14.11.2 added - libacl1-2.2.52-4.3.1 added - findutils-4.8.0-1.20 added - info-6.5-4.17 added - patterns-base-fips-20200124-150400.18.4 added - krb5-1.19.2-150400.1.9 added - coreutils-8.32-150400.7.5 added - libssh4-0.9.6-150400.1.5 added - sles-release-15.4-150400.55.1 added - sed-4.4-11.6 added - grep-3.1-150000.4.6.1 added - diffutils-3.6-4.3.1 added - libtirpc3-1.2.6-150300.3.14.1 added - libcurl4-7.79.1-150400.5.6.1 added - rpm-config-SUSE-1-150400.14.3.1 added - permissions-20201225-150400.5.11.1 added - libnsl2-1.2.0-2.44 added - rpm-ndb-4.14.3-150300.49.1 added - pam-1.3.0-150000.6.58.3 added - shadow-4.8.1-150400.8.57 added - sysuser-shadow-3.1-150400.1.35 added - system-group-hardware-20170617-150400.22.33 added - libutempter0-1.1.6-3.42 added - util-linux-2.37.2-150400.8.3.1 added - aaa_base-84.87+git20180409.04c9dae-150300.10.3.1 added - libtasn1-6-4.13-4.5.1 added - libtasn1-4.13-4.5.1 added - timezone-2022a-150000.75.10.1 added - libffi7-3.2.1.git259-10.8 added - crypto-policies-20210917.c9d86d1-150400.1.7 added - libp11-kit0-0.23.22-150400.1.10 added - p11-kit-0.23.22-150400.1.10 added - p11-kit-tools-0.23.22-150400.1.10 added - openssl-1_1-1.1.1l-150400.7.10.5 added - ca-certificates-2+git20210309.21162a6-2.1 added - container:sles15-image-15.0.0-27.14.5 updated From sle-updates at lists.suse.com Wed Oct 26 08:17:36 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 Oct 2022 10:17:36 +0200 (CEST) Subject: SUSE-CU-2022:2723-1: Security update of bci/openjdk Message-ID: <20221026081736.857DDF78D@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2723-1 Container Tags : bci/openjdk:11 , bci/openjdk:11-32.5 , bci/openjdk:latest Container Release : 32.5 Severity : important Type : security References : 1121365 1180995 1182983 1190651 1190653 1190700 1190888 1191020 1193859 1198471 1198472 1199492 1201293 1202117 1202148 1202870 1203046 1203069 1204366 1204367 CVE-2022-40303 CVE-2022-40304 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2796-1 Released: Fri Aug 12 14:34:31 2022 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: This update for jitterentropy fixes the following issues: jitterentropy is included in version 3.4.0 (jsc#SLE-24941): This is a FIPS 140-3 / NIST 800-90b compliant userspace jitter entropy generator library, used by other FIPS libraries. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3328-1 Released: Wed Sep 21 12:48:56 2022 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: 1202870 This update for jitterentropy fixes the following issues: - Hide the non-GNUC constructs that are library internal from the exported header, to make it usable in builds with strict C99 compliance. (bsc#1202870) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3551-1 Released: Fri Oct 7 17:03:55 2022 Summary: Recommended update for libgcrypt Type: recommended Severity: moderate References: 1182983,1190700,1191020,1202117 This update for libgcrypt fixes the following issues: - FIPS: Fixed gpg/gpg2 gets out of core handler in FIPS mode while typing Tab key to Auto-Completion. [bsc#1182983] - FIPS: Ported libgcrypt to use jitterentropy [bsc#1202117, jsc#SLE-24941] * Enable the jitter based entropy generator by default in random.conf * Update the internal jitterentropy to version 3.4.0 - FIPS: Get most of the entropy from rndjent_poll [bsc#1202117] - FIPS: Check keylength in gcry_fips_indicator_kdf() [bsc#1190700] * Consider approved keylength greater or equal to 112 bits. - FIPS: Zeroize buffer and digest in check_binary_integrity() [bsc#1191020] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3555-1 Released: Mon Oct 10 14:05:12 2022 Summary: Recommended update for aaa_base Type: recommended Severity: important References: 1199492 This update for aaa_base fixes the following issues: - The wrapper rootsh is not a restricted shell. (bsc#1199492) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3663-1 Released: Wed Oct 19 19:05:21 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1121365,1180995,1190651,1190653,1190888,1193859,1198471,1198472,1201293,1202148,1203046,1203069 This update for openssl-1_1 fixes the following issues: - FIPS: Default to RFC-7919 groups for genparam and dhparam - FIPS: list only FIPS approved digest and public key algorithms [bsc#1121365, bsc#1190888, bsc#1193859, bsc#1198471, bsc#1198472] - FIPS: Add KAT for the RAND_DRBG implementation [bsc#1203069] - FIPS: openssl: RAND api should call into FIPS DRBG [bsc#1201293] * The FIPS_drbg implementation is not FIPS validated anymore. To provide backwards compatibility for applications that need FIPS compliant RNG number generation and use FIPS_drbg_generate, this function was re-wired to call the FIPS validated DRBG instance instead through the RAND_bytes() call. - FIPS: Fix minor memory leaks by FIPS patch [bsc#1203046] - FIPS: OpenSSL: Port openssl to use jitterentropy [bsc#1202148, jsc#SLE-24941] libcrypto.so now requires libjitterentropy3 library. - FIPS: OpenSSL Provide a service-level indicator [bsc#1190651] - FIPS: Add zeroization of temporary variables to the hmac integrity function FIPSCHECK_verify(). [bsc#1190653] ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3692-1 Released: Fri Oct 21 16:15:07 2022 Summary: Security update for libxml2 Type: security Severity: important References: 1204366,1204367,CVE-2022-40303,CVE-2022-40304 This update for libxml2 fixes the following issues: - CVE-2022-40303: Fixed integer overflows with XML_PARSE_HUGE (bsc#1204366). - CVE-2022-40304: Fixed dict corruption caused by entity reference cycles (bsc#1204367). The following package changes have been done: - file-magic-5.32-7.14.1 added - system-user-root-20190513-3.3.1 added - filesystem-15.0-11.8.1 added - cracklib-dict-small-2.9.7-11.6.1 added - libldap-data-2.4.46-150200.14.11.2 added - libtirpc-netconfig-1.2.6-150300.3.14.1 added - glibc-2.31-150300.41.1 added - libsasl2-3-2.1.27-150300.4.6.1 added - libcrypt1-4.4.15-150300.4.4.3 added - perl-base-5.26.1-150300.17.11.1 added - libssh-config-0.9.6-150400.1.5 added - libzstd1-1.5.0-150400.1.71 added - libsepol1-3.1-150400.1.70 added - liblz4-1-1.9.3-150400.1.7 added - libgpg-error0-1.42-150400.1.101 added - libeconf0-0.4.4+git20220104.962774f-150400.1.38 added - libcap2-2.63-150400.1.7 added - libbz2-1-1.0.8-150400.1.122 added - libaudit1-3.0.6-150400.2.13 added - libnghttp2-14-1.40.0-6.1 added - libbrotlicommon1-1.0.7-3.3.1 added - libbrotlidec1-1.0.7-3.3.1 added - libuuid1-2.37.2-150400.8.3.1 added - libsmartcols1-2.37.2-150400.8.3.1 added - libcom_err2-1.46.4-150400.3.3.1 added - libblkid1-2.37.2-150400.8.3.1 added - libgcrypt20-1.9.4-150400.6.5.1 added - libgcrypt20-hmac-1.9.4-150400.6.5.1 added - libfdisk1-2.37.2-150400.8.3.1 added - libcap-ng0-0.7.9-4.37 added - libunistring2-0.9.10-1.1 added - libz1-1.2.11-150000.3.33.1 added - libsqlite3-0-3.39.3-150000.3.17.1 added - libpcre1-8.45-150000.20.13.1 added - liblzma5-5.2.3-150000.4.7.1 added - liblua5_3-5-5.3.6-3.6.1 added - libkeyutils1-1.6.3-5.6.1 added - libjitterentropy3-3.4.0-150000.1.6.1 added - libgmp10-6.1.2-4.9.1 added - libgcc_s1-11.3.0+git1637-150000.1.11.2 added - libidn2-0-2.2.0-3.6.1 added - libmagic1-5.32-7.14.1 added - libstdc++6-11.3.0+git1637-150000.1.11.2 added - libpsl5-0.20.1-150000.3.3.1 added - libncurses6-6.1-150000.5.12.1 added - terminfo-base-6.1-150000.5.12.1 added - ncurses-utils-6.1-150000.5.12.1 added - libverto1-0.2.6-3.20 added - libpopt0-1.16-3.22 added - libattr1-2.4.47-2.19 added - fillup-1.42-2.18 added - libzio1-1.06-2.20 added - libselinux1-3.1-150400.1.69 added - libglib-2_0-0-2.70.4-150400.1.5 added - libreadline7-7.0-150400.25.22 added - libsemanage1-3.1-150400.1.65 added - bash-4.4-150400.25.22 added - bash-sh-4.4-150400.25.22 added - login_defs-4.8.1-150400.8.57 added - cpio-2.13-150400.1.98 added - libelf1-0.185-150400.5.3.1 added - libxml2-2-2.9.14-150400.5.10.1 added - libsystemd0-249.12-150400.8.10.1 added - libopenssl1_1-1.1.1l-150400.7.10.5 added - libopenssl1_1-hmac-1.1.1l-150400.7.10.5 added - libmount1-2.37.2-150400.8.3.1 added - libdw1-0.185-150400.5.3.1 added - libcrack2-2.9.7-11.6.1 added - cracklib-2.9.7-11.6.1 added - libldap-2_4-2-2.4.46-150200.14.11.2 added - libacl1-2.2.52-4.3.1 added - findutils-4.8.0-1.20 added - info-6.5-4.17 added - patterns-base-fips-20200124-150400.18.4 added - krb5-1.19.2-150400.1.9 added - coreutils-8.32-150400.7.5 added - libssh4-0.9.6-150400.1.5 added - sles-release-15.4-150400.55.1 added - sed-4.4-11.6 added - grep-3.1-150000.4.6.1 added - diffutils-3.6-4.3.1 added - libtirpc3-1.2.6-150300.3.14.1 added - libcurl4-7.79.1-150400.5.6.1 added - rpm-config-SUSE-1-150400.14.3.1 added - permissions-20201225-150400.5.11.1 added - libnsl2-1.2.0-2.44 added - rpm-ndb-4.14.3-150300.49.1 added - pam-1.3.0-150000.6.58.3 added - shadow-4.8.1-150400.8.57 added - sysuser-shadow-3.1-150400.1.35 added - system-group-hardware-20170617-150400.22.33 added - libutempter0-1.1.6-3.42 added - util-linux-2.37.2-150400.8.3.1 added - aaa_base-84.87+git20180409.04c9dae-150300.10.3.1 added - libtasn1-6-4.13-4.5.1 added - libtasn1-4.13-4.5.1 added - timezone-2022a-150000.75.10.1 added - libffi7-3.2.1.git259-10.8 added - crypto-policies-20210917.c9d86d1-150400.1.7 added - libp11-kit0-0.23.22-150400.1.10 added - p11-kit-0.23.22-150400.1.10 added - p11-kit-tools-0.23.22-150400.1.10 added - openssl-1_1-1.1.1l-150400.7.10.5 added - ca-certificates-2+git20210309.21162a6-2.1 added - container:sles15-image-15.0.0-27.14.5 updated From sle-updates at lists.suse.com Wed Oct 26 08:18:32 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 Oct 2022 10:18:32 +0200 (CEST) Subject: SUSE-CU-2022:2724-1: Security update of bci/python Message-ID: <20221026081832.D56D4F78D@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2724-1 Container Tags : bci/python:3 , bci/python:3.10 , bci/python:3.10-7.5 , bci/python:latest Container Release : 7.5 Severity : important Type : security References : 1121365 1180995 1182983 1190651 1190653 1190700 1190888 1191020 1193859 1198471 1198472 1199492 1201293 1202117 1202148 1202870 1203046 1203069 1204366 1204367 CVE-2022-40303 CVE-2022-40304 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2796-1 Released: Fri Aug 12 14:34:31 2022 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: This update for jitterentropy fixes the following issues: jitterentropy is included in version 3.4.0 (jsc#SLE-24941): This is a FIPS 140-3 / NIST 800-90b compliant userspace jitter entropy generator library, used by other FIPS libraries. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3328-1 Released: Wed Sep 21 12:48:56 2022 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: 1202870 This update for jitterentropy fixes the following issues: - Hide the non-GNUC constructs that are library internal from the exported header, to make it usable in builds with strict C99 compliance. (bsc#1202870) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3551-1 Released: Fri Oct 7 17:03:55 2022 Summary: Recommended update for libgcrypt Type: recommended Severity: moderate References: 1182983,1190700,1191020,1202117 This update for libgcrypt fixes the following issues: - FIPS: Fixed gpg/gpg2 gets out of core handler in FIPS mode while typing Tab key to Auto-Completion. [bsc#1182983] - FIPS: Ported libgcrypt to use jitterentropy [bsc#1202117, jsc#SLE-24941] * Enable the jitter based entropy generator by default in random.conf * Update the internal jitterentropy to version 3.4.0 - FIPS: Get most of the entropy from rndjent_poll [bsc#1202117] - FIPS: Check keylength in gcry_fips_indicator_kdf() [bsc#1190700] * Consider approved keylength greater or equal to 112 bits. - FIPS: Zeroize buffer and digest in check_binary_integrity() [bsc#1191020] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3555-1 Released: Mon Oct 10 14:05:12 2022 Summary: Recommended update for aaa_base Type: recommended Severity: important References: 1199492 This update for aaa_base fixes the following issues: - The wrapper rootsh is not a restricted shell. (bsc#1199492) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3663-1 Released: Wed Oct 19 19:05:21 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1121365,1180995,1190651,1190653,1190888,1193859,1198471,1198472,1201293,1202148,1203046,1203069 This update for openssl-1_1 fixes the following issues: - FIPS: Default to RFC-7919 groups for genparam and dhparam - FIPS: list only FIPS approved digest and public key algorithms [bsc#1121365, bsc#1190888, bsc#1193859, bsc#1198471, bsc#1198472] - FIPS: Add KAT for the RAND_DRBG implementation [bsc#1203069] - FIPS: openssl: RAND api should call into FIPS DRBG [bsc#1201293] * The FIPS_drbg implementation is not FIPS validated anymore. To provide backwards compatibility for applications that need FIPS compliant RNG number generation and use FIPS_drbg_generate, this function was re-wired to call the FIPS validated DRBG instance instead through the RAND_bytes() call. - FIPS: Fix minor memory leaks by FIPS patch [bsc#1203046] - FIPS: OpenSSL: Port openssl to use jitterentropy [bsc#1202148, jsc#SLE-24941] libcrypto.so now requires libjitterentropy3 library. - FIPS: OpenSSL Provide a service-level indicator [bsc#1190651] - FIPS: Add zeroization of temporary variables to the hmac integrity function FIPSCHECK_verify(). [bsc#1190653] ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3692-1 Released: Fri Oct 21 16:15:07 2022 Summary: Security update for libxml2 Type: security Severity: important References: 1204366,1204367,CVE-2022-40303,CVE-2022-40304 This update for libxml2 fixes the following issues: - CVE-2022-40303: Fixed integer overflows with XML_PARSE_HUGE (bsc#1204366). - CVE-2022-40304: Fixed dict corruption caused by entity reference cycles (bsc#1204367). The following package changes have been done: - file-magic-5.32-7.14.1 added - system-user-root-20190513-3.3.1 added - filesystem-15.0-11.8.1 added - cracklib-dict-small-2.9.7-11.6.1 added - libldap-data-2.4.46-150200.14.11.2 added - libtirpc-netconfig-1.2.6-150300.3.14.1 added - glibc-2.31-150300.41.1 added - libsasl2-3-2.1.27-150300.4.6.1 added - libcrypt1-4.4.15-150300.4.4.3 added - perl-base-5.26.1-150300.17.11.1 added - libssh-config-0.9.6-150400.1.5 added - libzstd1-1.5.0-150400.1.71 added - libsepol1-3.1-150400.1.70 added - liblz4-1-1.9.3-150400.1.7 added - libgpg-error0-1.42-150400.1.101 added - libeconf0-0.4.4+git20220104.962774f-150400.1.38 added - libcap2-2.63-150400.1.7 added - libbz2-1-1.0.8-150400.1.122 added - libaudit1-3.0.6-150400.2.13 added - libnghttp2-14-1.40.0-6.1 added - libbrotlicommon1-1.0.7-3.3.1 added - libbrotlidec1-1.0.7-3.3.1 added - libuuid1-2.37.2-150400.8.3.1 added - libudev1-249.12-150400.8.10.1 added - libsmartcols1-2.37.2-150400.8.3.1 added - libcom_err2-1.46.4-150400.3.3.1 added - libblkid1-2.37.2-150400.8.3.1 added - libgcrypt20-1.9.4-150400.6.5.1 added - libgcrypt20-hmac-1.9.4-150400.6.5.1 added - libfdisk1-2.37.2-150400.8.3.1 added - libcap-ng0-0.7.9-4.37 added - libunistring2-0.9.10-1.1 added - libz1-1.2.11-150000.3.33.1 added - libsqlite3-0-3.39.3-150000.3.17.1 added - libpcre1-8.45-150000.20.13.1 added - liblzma5-5.2.3-150000.4.7.1 added - liblua5_3-5-5.3.6-3.6.1 added - libkeyutils1-1.6.3-5.6.1 added - libjitterentropy3-3.4.0-150000.1.6.1 added - libgmp10-6.1.2-4.9.1 added - libgcc_s1-11.3.0+git1637-150000.1.11.2 added - libidn2-0-2.2.0-3.6.1 added - libmagic1-5.32-7.14.1 added - libstdc++6-11.3.0+git1637-150000.1.11.2 added - libpsl5-0.20.1-150000.3.3.1 added - libncurses6-6.1-150000.5.12.1 added - terminfo-base-6.1-150000.5.12.1 added - ncurses-utils-6.1-150000.5.12.1 added - libverto1-0.2.6-3.20 added - libpopt0-1.16-3.22 added - libattr1-2.4.47-2.19 added - fillup-1.42-2.18 added - libzio1-1.06-2.20 added - libselinux1-3.1-150400.1.69 added - libreadline7-7.0-150400.25.22 added - libsemanage1-3.1-150400.1.65 added - bash-4.4-150400.25.22 added - bash-sh-4.4-150400.25.22 added - login_defs-4.8.1-150400.8.57 added - cpio-2.13-150400.1.98 added - libelf1-0.185-150400.5.3.1 added - libxml2-2-2.9.14-150400.5.10.1 added - libsystemd0-249.12-150400.8.10.1 added - libopenssl1_1-1.1.1l-150400.7.10.5 added - libopenssl1_1-hmac-1.1.1l-150400.7.10.5 added - libmount1-2.37.2-150400.8.3.1 added - libdw1-0.185-150400.5.3.1 added - libcrack2-2.9.7-11.6.1 added - cracklib-2.9.7-11.6.1 added - libldap-2_4-2-2.4.46-150200.14.11.2 added - libacl1-2.2.52-4.3.1 added - findutils-4.8.0-1.20 added - info-6.5-4.17 added - patterns-base-fips-20200124-150400.18.4 added - krb5-1.19.2-150400.1.9 added - coreutils-8.32-150400.7.5 added - libssh4-0.9.6-150400.1.5 added - sles-release-15.4-150400.55.1 added - sed-4.4-11.6 added - grep-3.1-150000.4.6.1 added - diffutils-3.6-4.3.1 added - libtirpc3-1.2.6-150300.3.14.1 added - libcurl4-7.79.1-150400.5.6.1 added - rpm-config-SUSE-1-150400.14.3.1 added - permissions-20201225-150400.5.11.1 added - libnsl2-1.2.0-2.44 added - rpm-ndb-4.14.3-150300.49.1 added - pam-1.3.0-150000.6.58.3 added - shadow-4.8.1-150400.8.57 added - sysuser-shadow-3.1-150400.1.35 added - system-group-hardware-20170617-150400.22.33 added - libutempter0-1.1.6-3.42 added - util-linux-2.37.2-150400.8.3.1 added - aaa_base-84.87+git20180409.04c9dae-150300.10.3.1 added - libtasn1-6-4.13-4.5.1 added - libtasn1-4.13-4.5.1 added - timezone-2022a-150000.75.10.1 added - curl-7.79.1-150400.5.6.1 added - libffi7-3.2.1.git259-10.8 added - crypto-policies-20210917.c9d86d1-150400.1.7 added - libp11-kit0-0.23.22-150400.1.10 added - p11-kit-0.23.22-150400.1.10 added - p11-kit-tools-0.23.22-150400.1.10 added - openssl-1_1-1.1.1l-150400.7.10.5 added - ca-certificates-2+git20210309.21162a6-2.1 added - container:sles15-image-15.0.0-27.14.5 updated From sle-updates at lists.suse.com Wed Oct 26 08:19:44 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 Oct 2022 10:19:44 +0200 (CEST) Subject: SUSE-CU-2022:2725-1: Security update of bci/python Message-ID: <20221026081944.53A25F78D@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2725-1 Container Tags : bci/python:3 , bci/python:3.6 , bci/python:3.6-30.5 Container Release : 30.5 Severity : important Type : security References : 1121365 1180995 1182983 1190651 1190653 1190700 1190888 1191020 1193859 1198471 1198472 1199492 1201293 1202117 1202148 1202870 1203046 1203069 1204366 1204367 CVE-2022-40303 CVE-2022-40304 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2796-1 Released: Fri Aug 12 14:34:31 2022 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: This update for jitterentropy fixes the following issues: jitterentropy is included in version 3.4.0 (jsc#SLE-24941): This is a FIPS 140-3 / NIST 800-90b compliant userspace jitter entropy generator library, used by other FIPS libraries. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3328-1 Released: Wed Sep 21 12:48:56 2022 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: 1202870 This update for jitterentropy fixes the following issues: - Hide the non-GNUC constructs that are library internal from the exported header, to make it usable in builds with strict C99 compliance. (bsc#1202870) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3551-1 Released: Fri Oct 7 17:03:55 2022 Summary: Recommended update for libgcrypt Type: recommended Severity: moderate References: 1182983,1190700,1191020,1202117 This update for libgcrypt fixes the following issues: - FIPS: Fixed gpg/gpg2 gets out of core handler in FIPS mode while typing Tab key to Auto-Completion. [bsc#1182983] - FIPS: Ported libgcrypt to use jitterentropy [bsc#1202117, jsc#SLE-24941] * Enable the jitter based entropy generator by default in random.conf * Update the internal jitterentropy to version 3.4.0 - FIPS: Get most of the entropy from rndjent_poll [bsc#1202117] - FIPS: Check keylength in gcry_fips_indicator_kdf() [bsc#1190700] * Consider approved keylength greater or equal to 112 bits. - FIPS: Zeroize buffer and digest in check_binary_integrity() [bsc#1191020] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3555-1 Released: Mon Oct 10 14:05:12 2022 Summary: Recommended update for aaa_base Type: recommended Severity: important References: 1199492 This update for aaa_base fixes the following issues: - The wrapper rootsh is not a restricted shell. (bsc#1199492) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3663-1 Released: Wed Oct 19 19:05:21 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1121365,1180995,1190651,1190653,1190888,1193859,1198471,1198472,1201293,1202148,1203046,1203069 This update for openssl-1_1 fixes the following issues: - FIPS: Default to RFC-7919 groups for genparam and dhparam - FIPS: list only FIPS approved digest and public key algorithms [bsc#1121365, bsc#1190888, bsc#1193859, bsc#1198471, bsc#1198472] - FIPS: Add KAT for the RAND_DRBG implementation [bsc#1203069] - FIPS: openssl: RAND api should call into FIPS DRBG [bsc#1201293] * The FIPS_drbg implementation is not FIPS validated anymore. To provide backwards compatibility for applications that need FIPS compliant RNG number generation and use FIPS_drbg_generate, this function was re-wired to call the FIPS validated DRBG instance instead through the RAND_bytes() call. - FIPS: Fix minor memory leaks by FIPS patch [bsc#1203046] - FIPS: OpenSSL: Port openssl to use jitterentropy [bsc#1202148, jsc#SLE-24941] libcrypto.so now requires libjitterentropy3 library. - FIPS: OpenSSL Provide a service-level indicator [bsc#1190651] - FIPS: Add zeroization of temporary variables to the hmac integrity function FIPSCHECK_verify(). [bsc#1190653] ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3692-1 Released: Fri Oct 21 16:15:07 2022 Summary: Security update for libxml2 Type: security Severity: important References: 1204366,1204367,CVE-2022-40303,CVE-2022-40304 This update for libxml2 fixes the following issues: - CVE-2022-40303: Fixed integer overflows with XML_PARSE_HUGE (bsc#1204366). - CVE-2022-40304: Fixed dict corruption caused by entity reference cycles (bsc#1204367). The following package changes have been done: - file-magic-5.32-7.14.1 added - system-user-root-20190513-3.3.1 added - filesystem-15.0-11.8.1 added - cracklib-dict-small-2.9.7-11.6.1 added - libldap-data-2.4.46-150200.14.11.2 added - libtirpc-netconfig-1.2.6-150300.3.14.1 added - glibc-2.31-150300.41.1 added - libsasl2-3-2.1.27-150300.4.6.1 added - libcrypt1-4.4.15-150300.4.4.3 added - perl-base-5.26.1-150300.17.11.1 added - libssh-config-0.9.6-150400.1.5 added - libzstd1-1.5.0-150400.1.71 added - libsepol1-3.1-150400.1.70 added - liblz4-1-1.9.3-150400.1.7 added - libgpg-error0-1.42-150400.1.101 added - libeconf0-0.4.4+git20220104.962774f-150400.1.38 added - libcap2-2.63-150400.1.7 added - libbz2-1-1.0.8-150400.1.122 added - libaudit1-3.0.6-150400.2.13 added - libnghttp2-14-1.40.0-6.1 added - libbrotlicommon1-1.0.7-3.3.1 added - libbrotlidec1-1.0.7-3.3.1 added - libuuid1-2.37.2-150400.8.3.1 added - libudev1-249.12-150400.8.10.1 added - libsmartcols1-2.37.2-150400.8.3.1 added - libcom_err2-1.46.4-150400.3.3.1 added - libblkid1-2.37.2-150400.8.3.1 added - libgcrypt20-1.9.4-150400.6.5.1 added - libgcrypt20-hmac-1.9.4-150400.6.5.1 added - libfdisk1-2.37.2-150400.8.3.1 added - libcap-ng0-0.7.9-4.37 added - libunistring2-0.9.10-1.1 added - libz1-1.2.11-150000.3.33.1 added - libsqlite3-0-3.39.3-150000.3.17.1 added - libpcre1-8.45-150000.20.13.1 added - liblzma5-5.2.3-150000.4.7.1 added - liblua5_3-5-5.3.6-3.6.1 added - libkeyutils1-1.6.3-5.6.1 added - libjitterentropy3-3.4.0-150000.1.6.1 added - libgmp10-6.1.2-4.9.1 added - libgcc_s1-11.3.0+git1637-150000.1.11.2 added - libidn2-0-2.2.0-3.6.1 added - libmagic1-5.32-7.14.1 added - libstdc++6-11.3.0+git1637-150000.1.11.2 added - libpsl5-0.20.1-150000.3.3.1 added - libncurses6-6.1-150000.5.12.1 added - terminfo-base-6.1-150000.5.12.1 added - ncurses-utils-6.1-150000.5.12.1 added - libverto1-0.2.6-3.20 added - libpopt0-1.16-3.22 added - libattr1-2.4.47-2.19 added - fillup-1.42-2.18 added - libzio1-1.06-2.20 added - libselinux1-3.1-150400.1.69 added - libreadline7-7.0-150400.25.22 added - libsemanage1-3.1-150400.1.65 added - bash-4.4-150400.25.22 added - bash-sh-4.4-150400.25.22 added - login_defs-4.8.1-150400.8.57 added - cpio-2.13-150400.1.98 added - libelf1-0.185-150400.5.3.1 added - libxml2-2-2.9.14-150400.5.10.1 added - libsystemd0-249.12-150400.8.10.1 added - libopenssl1_1-1.1.1l-150400.7.10.5 added - libopenssl1_1-hmac-1.1.1l-150400.7.10.5 added - libmount1-2.37.2-150400.8.3.1 added - libdw1-0.185-150400.5.3.1 added - libcrack2-2.9.7-11.6.1 added - cracklib-2.9.7-11.6.1 added - libldap-2_4-2-2.4.46-150200.14.11.2 added - libacl1-2.2.52-4.3.1 added - findutils-4.8.0-1.20 added - info-6.5-4.17 added - patterns-base-fips-20200124-150400.18.4 added - krb5-1.19.2-150400.1.9 added - coreutils-8.32-150400.7.5 added - libssh4-0.9.6-150400.1.5 added - sles-release-15.4-150400.55.1 added - sed-4.4-11.6 added - grep-3.1-150000.4.6.1 added - diffutils-3.6-4.3.1 added - libtirpc3-1.2.6-150300.3.14.1 added - libcurl4-7.79.1-150400.5.6.1 added - rpm-config-SUSE-1-150400.14.3.1 added - permissions-20201225-150400.5.11.1 added - libnsl2-1.2.0-2.44 added - rpm-ndb-4.14.3-150300.49.1 added - pam-1.3.0-150000.6.58.3 added - shadow-4.8.1-150400.8.57 added - sysuser-shadow-3.1-150400.1.35 added - system-group-hardware-20170617-150400.22.33 added - libutempter0-1.1.6-3.42 added - util-linux-2.37.2-150400.8.3.1 added - aaa_base-84.87+git20180409.04c9dae-150300.10.3.1 added - libtasn1-6-4.13-4.5.1 added - libtasn1-4.13-4.5.1 added - timezone-2022a-150000.75.10.1 added - curl-7.79.1-150400.5.6.1 added - libffi7-3.2.1.git259-10.8 added - crypto-policies-20210917.c9d86d1-150400.1.7 added - libp11-kit0-0.23.22-150400.1.10 added - p11-kit-0.23.22-150400.1.10 added - p11-kit-tools-0.23.22-150400.1.10 added - openssl-1_1-1.1.1l-150400.7.10.5 added - ca-certificates-2+git20210309.21162a6-2.1 added - container:sles15-image-15.0.0-27.14.5 updated From sle-updates at lists.suse.com Wed Oct 26 08:21:34 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 Oct 2022 10:21:34 +0200 (CEST) Subject: SUSE-CU-2022:2726-1: Security update of bci/ruby Message-ID: <20221026082134.41358F78D@maintenance.suse.de> SUSE Container Update Advisory: bci/ruby ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2726-1 Container Tags : bci/ruby:2 , bci/ruby:2.5 , bci/ruby:2.5-31.5 , bci/ruby:latest Container Release : 31.5 Severity : important Type : security References : 1121365 1180995 1182983 1190651 1190653 1190700 1190888 1191020 1193859 1198471 1198472 1199492 1201293 1202117 1202148 1202870 1203046 1203069 1204366 1204367 CVE-2022-40303 CVE-2022-40304 ----------------------------------------------------------------- The container bci/ruby was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2796-1 Released: Fri Aug 12 14:34:31 2022 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: This update for jitterentropy fixes the following issues: jitterentropy is included in version 3.4.0 (jsc#SLE-24941): This is a FIPS 140-3 / NIST 800-90b compliant userspace jitter entropy generator library, used by other FIPS libraries. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3328-1 Released: Wed Sep 21 12:48:56 2022 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: 1202870 This update for jitterentropy fixes the following issues: - Hide the non-GNUC constructs that are library internal from the exported header, to make it usable in builds with strict C99 compliance. (bsc#1202870) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3551-1 Released: Fri Oct 7 17:03:55 2022 Summary: Recommended update for libgcrypt Type: recommended Severity: moderate References: 1182983,1190700,1191020,1202117 This update for libgcrypt fixes the following issues: - FIPS: Fixed gpg/gpg2 gets out of core handler in FIPS mode while typing Tab key to Auto-Completion. [bsc#1182983] - FIPS: Ported libgcrypt to use jitterentropy [bsc#1202117, jsc#SLE-24941] * Enable the jitter based entropy generator by default in random.conf * Update the internal jitterentropy to version 3.4.0 - FIPS: Get most of the entropy from rndjent_poll [bsc#1202117] - FIPS: Check keylength in gcry_fips_indicator_kdf() [bsc#1190700] * Consider approved keylength greater or equal to 112 bits. - FIPS: Zeroize buffer and digest in check_binary_integrity() [bsc#1191020] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3555-1 Released: Mon Oct 10 14:05:12 2022 Summary: Recommended update for aaa_base Type: recommended Severity: important References: 1199492 This update for aaa_base fixes the following issues: - The wrapper rootsh is not a restricted shell. (bsc#1199492) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3663-1 Released: Wed Oct 19 19:05:21 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1121365,1180995,1190651,1190653,1190888,1193859,1198471,1198472,1201293,1202148,1203046,1203069 This update for openssl-1_1 fixes the following issues: - FIPS: Default to RFC-7919 groups for genparam and dhparam - FIPS: list only FIPS approved digest and public key algorithms [bsc#1121365, bsc#1190888, bsc#1193859, bsc#1198471, bsc#1198472] - FIPS: Add KAT for the RAND_DRBG implementation [bsc#1203069] - FIPS: openssl: RAND api should call into FIPS DRBG [bsc#1201293] * The FIPS_drbg implementation is not FIPS validated anymore. To provide backwards compatibility for applications that need FIPS compliant RNG number generation and use FIPS_drbg_generate, this function was re-wired to call the FIPS validated DRBG instance instead through the RAND_bytes() call. - FIPS: Fix minor memory leaks by FIPS patch [bsc#1203046] - FIPS: OpenSSL: Port openssl to use jitterentropy [bsc#1202148, jsc#SLE-24941] libcrypto.so now requires libjitterentropy3 library. - FIPS: OpenSSL Provide a service-level indicator [bsc#1190651] - FIPS: Add zeroization of temporary variables to the hmac integrity function FIPSCHECK_verify(). [bsc#1190653] ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3692-1 Released: Fri Oct 21 16:15:07 2022 Summary: Security update for libxml2 Type: security Severity: important References: 1204366,1204367,CVE-2022-40303,CVE-2022-40304 This update for libxml2 fixes the following issues: - CVE-2022-40303: Fixed integer overflows with XML_PARSE_HUGE (bsc#1204366). - CVE-2022-40304: Fixed dict corruption caused by entity reference cycles (bsc#1204367). The following package changes have been done: - file-magic-5.32-7.14.1 added - system-user-root-20190513-3.3.1 added - filesystem-15.0-11.8.1 added - cracklib-dict-small-2.9.7-11.6.1 added - libldap-data-2.4.46-150200.14.11.2 added - libtirpc-netconfig-1.2.6-150300.3.14.1 added - glibc-2.31-150300.41.1 added - libsasl2-3-2.1.27-150300.4.6.1 added - libcrypt1-4.4.15-150300.4.4.3 added - perl-base-5.26.1-150300.17.11.1 added - libssh-config-0.9.6-150400.1.5 added - libzstd1-1.5.0-150400.1.71 added - libsepol1-3.1-150400.1.70 added - liblz4-1-1.9.3-150400.1.7 added - libgpg-error0-1.42-150400.1.101 added - libeconf0-0.4.4+git20220104.962774f-150400.1.38 added - libcap2-2.63-150400.1.7 added - libbz2-1-1.0.8-150400.1.122 added - libaudit1-3.0.6-150400.2.13 added - libnghttp2-14-1.40.0-6.1 added - libbrotlicommon1-1.0.7-3.3.1 added - libbrotlidec1-1.0.7-3.3.1 added - libuuid1-2.37.2-150400.8.3.1 added - libudev1-249.12-150400.8.10.1 added - libsmartcols1-2.37.2-150400.8.3.1 added - libcom_err2-1.46.4-150400.3.3.1 added - libblkid1-2.37.2-150400.8.3.1 added - libgcrypt20-1.9.4-150400.6.5.1 added - libgcrypt20-hmac-1.9.4-150400.6.5.1 added - libfdisk1-2.37.2-150400.8.3.1 added - libcap-ng0-0.7.9-4.37 added - libunistring2-0.9.10-1.1 added - libz1-1.2.11-150000.3.33.1 added - libsqlite3-0-3.39.3-150000.3.17.1 added - libpcre1-8.45-150000.20.13.1 added - liblzma5-5.2.3-150000.4.7.1 added - liblua5_3-5-5.3.6-3.6.1 added - libkeyutils1-1.6.3-5.6.1 added - libjitterentropy3-3.4.0-150000.1.6.1 added - libgmp10-6.1.2-4.9.1 added - libgcc_s1-11.3.0+git1637-150000.1.11.2 added - libidn2-0-2.2.0-3.6.1 added - libmagic1-5.32-7.14.1 added - libstdc++6-11.3.0+git1637-150000.1.11.2 added - libpsl5-0.20.1-150000.3.3.1 added - libncurses6-6.1-150000.5.12.1 added - terminfo-base-6.1-150000.5.12.1 added - ncurses-utils-6.1-150000.5.12.1 added - libverto1-0.2.6-3.20 added - libpopt0-1.16-3.22 added - libattr1-2.4.47-2.19 added - fillup-1.42-2.18 added - libzio1-1.06-2.20 added - libselinux1-3.1-150400.1.69 added - libreadline7-7.0-150400.25.22 added - libsemanage1-3.1-150400.1.65 added - bash-4.4-150400.25.22 added - bash-sh-4.4-150400.25.22 added - login_defs-4.8.1-150400.8.57 added - cpio-2.13-150400.1.98 added - libelf1-0.185-150400.5.3.1 added - libxml2-2-2.9.14-150400.5.10.1 added - libsystemd0-249.12-150400.8.10.1 added - libopenssl1_1-1.1.1l-150400.7.10.5 added - libopenssl1_1-hmac-1.1.1l-150400.7.10.5 added - libmount1-2.37.2-150400.8.3.1 added - libdw1-0.185-150400.5.3.1 added - libcrack2-2.9.7-11.6.1 added - cracklib-2.9.7-11.6.1 added - libldap-2_4-2-2.4.46-150200.14.11.2 added - libacl1-2.2.52-4.3.1 added - findutils-4.8.0-1.20 added - info-6.5-4.17 added - patterns-base-fips-20200124-150400.18.4 added - krb5-1.19.2-150400.1.9 added - coreutils-8.32-150400.7.5 added - libssh4-0.9.6-150400.1.5 added - sles-release-15.4-150400.55.1 added - sed-4.4-11.6 added - grep-3.1-150000.4.6.1 added - diffutils-3.6-4.3.1 added - libtirpc3-1.2.6-150300.3.14.1 added - libcurl4-7.79.1-150400.5.6.1 added - rpm-config-SUSE-1-150400.14.3.1 added - permissions-20201225-150400.5.11.1 added - libnsl2-1.2.0-2.44 added - rpm-ndb-4.14.3-150300.49.1 added - pam-1.3.0-150000.6.58.3 added - shadow-4.8.1-150400.8.57 added - sysuser-shadow-3.1-150400.1.35 added - system-group-hardware-20170617-150400.22.33 added - libutempter0-1.1.6-3.42 added - util-linux-2.37.2-150400.8.3.1 added - aaa_base-84.87+git20180409.04c9dae-150300.10.3.1 added - timezone-2022a-150000.75.10.1 added - curl-7.79.1-150400.5.6.1 added - libffi7-3.2.1.git259-10.8 added - container:sles15-image-15.0.0-27.14.5 updated From sle-updates at lists.suse.com Wed Oct 26 10:23:11 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 Oct 2022 12:23:11 +0200 (CEST) Subject: SUSE-RU-2022:3733-1: moderate: Recommended update for libheif Message-ID: <20221026102311.03367FDB8@maintenance.suse.de> SUSE Recommended Update: Recommended update for libheif ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:3733-1 Rating: moderate References: #1199987 Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Desktop Applications 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for libheif fixes the following issues: - Add missing gdk-pixbuf loader scriptlets (bsc#1199987) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3733=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2022-3733=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): gdk-pixbuf-loader-libheif-1.12.0-150400.3.3.1 gdk-pixbuf-loader-libheif-debuginfo-1.12.0-150400.3.3.1 libheif-debugsource-1.12.0-150400.3.3.1 libheif-devel-1.12.0-150400.3.3.1 libheif1-1.12.0-150400.3.3.1 libheif1-debuginfo-1.12.0-150400.3.3.1 - openSUSE Leap 15.4 (x86_64): libheif1-32bit-1.12.0-150400.3.3.1 libheif1-32bit-debuginfo-1.12.0-150400.3.3.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4 (aarch64 ppc64le s390x x86_64): libheif-debugsource-1.12.0-150400.3.3.1 libheif1-1.12.0-150400.3.3.1 libheif1-debuginfo-1.12.0-150400.3.3.1 References: https://bugzilla.suse.com/1199987 From sle-updates at lists.suse.com Wed Oct 26 11:15:04 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 Oct 2022 13:15:04 +0200 (CEST) Subject: SUSE-CU-2022:2727-1: Security update of suse/manager/4.3/proxy-httpd Message-ID: <20221026111504.0DD38FDB8@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-httpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2727-1 Container Tags : suse/manager/4.3/proxy-httpd:4.3.2 , suse/manager/4.3/proxy-httpd:4.3.2.9.10.1 , suse/manager/4.3/proxy-httpd:latest Container Release : 9.10.1 Severity : critical Type : security References : 1047178 1121365 1180995 1182983 1189282 1189802 1190651 1190653 1190700 1190888 1191020 1191857 1193859 1195624 1195773 1196729 1197027 1198168 1198471 1198472 1198523 1198752 1198903 1199140 1199492 1199726 1199895 1200480 1200573 1200629 1200800 1200993 1201092 1201210 1201220 1201260 1201293 1201576 1201589 1201626 1201638 1201680 1201753 1201783 1201788 1201913 1201918 1201942 1201972 1202117 1202148 1202271 1202272 1202367 1202455 1202464 1202602 1202624 1202728 1202729 1202805 1202870 1202899 1203018 1203026 1203046 1203049 1203056 1203069 1203169 1203287 1203288 1203385 1203406 1203422 1203438 1203449 1203478 1203484 1203564 1203585 1203611 1203649 1204244 1204357 1204366 1204367 CVE-2017-6512 CVE-2021-28861 CVE-2021-36690 CVE-2021-41411 CVE-2021-42740 CVE-2021-43138 CVE-2021-46828 CVE-2022-0860 CVE-2022-31129 CVE-2022-31252 CVE-2022-3515 CVE-2022-35737 CVE-2022-40303 CVE-2022-40304 CVE-2022-40674 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-httpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2796-1 Released: Fri Aug 12 14:34:31 2022 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: This update for jitterentropy fixes the following issues: jitterentropy is included in version 3.4.0 (jsc#SLE-24941): This is a FIPS 140-3 / NIST 800-90b compliant userspace jitter entropy generator library, used by other FIPS libraries. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3127-1 Released: Wed Sep 7 04:36:10 2022 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1198752,1200800 This update for libtirpc fixes the following issues: - Exclude ipv6 addresses in client protocol version 2 code (bsc#1200800) - Fix memory leak in params.r_addr assignement (bsc#1198752) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3215-1 Released: Thu Sep 8 15:58:27 2022 Summary: Recommended update for rpm Type: recommended Severity: moderate References: This update for rpm fixes the following issues: - Support Ed25519 RPM signatures [jsc#SLE-24714] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3220-1 Released: Fri Sep 9 04:30:52 2022 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1199895,1200993,1201092,1201576,1201638 This update for libzypp, zypper fixes the following issues: libzypp: - Improve handling of package locks, allowing to reset the status of its initial state (bsc#1199895) - Fix issues when receiving exceptions from curl_easy_cleanup (bsc#1201092) - Don't auto-flag kernel-firmware as 'reboot-needed' (bsc#1200993) - Remove Medianetwork and its dependent code. First reason for this is that MediaNetwork was just meant as a way to test the new CURL based downloaded. Second the Provide API is going to completely replace the current media backend. zypper: - Truncate the 'Name' column when using `zypper lr`, if the table is wider than the terminal (bsc#1201638) - Reject install/remove modifier without argument (bsc#1201576) - zypper-download: Handle unresolvable arguments as errors - Put signing key supplying repository name in quotes ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3262-1 Released: Tue Sep 13 15:34:29 2022 Summary: Recommended update for gcc11 Type: recommended Severity: moderate References: 1199140 This update for gcc11 ships some missing 32bit libraries for s390x. (bsc#1199140) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3271-1 Released: Wed Sep 14 06:45:39 2022 Summary: Security update for perl Type: security Severity: moderate References: 1047178,CVE-2017-6512 This update for perl fixes the following issues: - CVE-2017-6512: Fixed File::Path rmtree/remove_tree race condition (bsc#1047178). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3304-1 Released: Mon Sep 19 11:43:25 2022 Summary: Recommended update for libassuan Type: recommended Severity: moderate References: This update for libassuan fixes the following issues: - Add a timeout for writing to a SOCKS5 proxy - Add workaround for a problem with LD_LIBRARY_PATH on newer systems - Fix issue in the logging code - Fix some build trivialities - Upgrade autoconf ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3305-1 Released: Mon Sep 19 11:45:57 2022 Summary: Security update for libtirpc Type: security Severity: important References: 1201680,CVE-2021-46828 This update for libtirpc fixes the following issues: - CVE-2021-46828: Fixed denial of service vulnerability with lots of connections (bsc#1201680). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3307-1 Released: Mon Sep 19 13:26:51 2022 Summary: Security update for sqlite3 Type: security Severity: moderate References: 1189802,1195773,1201783,CVE-2021-36690,CVE-2022-35737 This update for sqlite3 fixes the following issues: - CVE-2022-35737: Fixed an array-bounds overflow if billions of bytes are used in a string argument to a C API (bnc#1201783). - CVE-2021-36690: Fixed an issue with the SQLite Expert extension when a column has no collating sequence (bsc#1189802). - Package the Tcl bindings here again so that we only ship one copy of SQLite (bsc#1195773). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3328-1 Released: Wed Sep 21 12:48:56 2022 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: 1202870 This update for jitterentropy fixes the following issues: - Hide the non-GNUC constructs that are library internal from the exported header, to make it usable in builds with strict C99 compliance. (bsc#1202870) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3353-1 Released: Fri Sep 23 15:23:40 2022 Summary: Security update for permissions Type: security Severity: moderate References: 1203018,CVE-2022-31252 This update for permissions fixes the following issues: - CVE-2022-31252: Fixed chkstat group controlled paths (bsc#1203018). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3452-1 Released: Wed Sep 28 12:13:43 2022 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1201942 This update for glibc fixes the following issues: - Reversing calculation of __x86_shared_non_temporal_threshold (bsc#1201942) - powerpc: Optimized memcmp for power10 (jsc#PED-987) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3489-1 Released: Sat Oct 1 13:35:24 2022 Summary: Security update for expat Type: security Severity: important References: 1203438,CVE-2022-40674 This update for expat fixes the following issues: - CVE-2022-40674: Fixed use-after-free in the doContent function in xmlparse.c (bsc#1203438). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3521-1 Released: Tue Oct 4 14:18:56 2022 Summary: Recommended update for lvm2 Type: recommended Severity: critical References: 1198523 This update for lvm2 fixes the following issues: - Add additional check in the package to prevent removal of device-mapper library files during install (bsc#1198523) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3544-1 Released: Thu Oct 6 13:48:42 2022 Summary: Security update for python3 Type: security Severity: important References: 1202624,CVE-2021-28861 This update for python3 fixes the following issues: - CVE-2021-28861: Fixed an open redirection vulnerability in the HTTP server when an URI path starts with // (bsc#1202624). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3551-1 Released: Fri Oct 7 17:03:55 2022 Summary: Recommended update for libgcrypt Type: recommended Severity: moderate References: 1182983,1190700,1191020,1202117 This update for libgcrypt fixes the following issues: - FIPS: Fixed gpg/gpg2 gets out of core handler in FIPS mode while typing Tab key to Auto-Completion. [bsc#1182983] - FIPS: Ported libgcrypt to use jitterentropy [bsc#1202117, jsc#SLE-24941] * Enable the jitter based entropy generator by default in random.conf * Update the internal jitterentropy to version 3.4.0 - FIPS: Get most of the entropy from rndjent_poll [bsc#1202117] - FIPS: Check keylength in gcry_fips_indicator_kdf() [bsc#1190700] * Consider approved keylength greater or equal to 112 bits. - FIPS: Zeroize buffer and digest in check_binary_integrity() [bsc#1191020] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3555-1 Released: Mon Oct 10 14:05:12 2022 Summary: Recommended update for aaa_base Type: recommended Severity: important References: 1199492 This update for aaa_base fixes the following issues: - The wrapper rootsh is not a restricted shell. (bsc#1199492) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3564-1 Released: Tue Oct 11 16:15:57 2022 Summary: Recommended update for libzypp, zypper Type: recommended Severity: critical References: 1189282,1201972,1203649 This update for libzypp, zypper fixes the following issues: libzypp: - Enable 'zck' support for SUSE Linux Enterprise 15 Service Pack 4 and newer (bsc#1189282) - Fix regression leading to `-allow-vendor-change` and `no-allow-vendor-change` options being ignored (bsc#1201972) - Remove migration code that is no longer needed (bsc#1203649) - Store logrotate files in vendor specif directory '/usr/etc/logrotate.d' if so defined zypper: - Fix contradiction in the man page: `--download-in-advance` option is the default behavior - Fix regression leading to `-allow-vendor-change` and `no-allow-vendor-change` options being ignored (bsc#1201972) - Fix tests to use locale 'C.UTF-8' rather than 'en_US' - Make sure 'up' respects solver related CLI options (bsc#1201972) - Remove unneeded code to compute the PPP status because it is now auto established - Store logrotate files in vendor specif directory '/usr/etc/logrotate.d' if so defined ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3663-1 Released: Wed Oct 19 19:05:21 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1121365,1180995,1190651,1190653,1190888,1193859,1198471,1198472,1201293,1202148,1203046,1203069 This update for openssl-1_1 fixes the following issues: - FIPS: Default to RFC-7919 groups for genparam and dhparam - FIPS: list only FIPS approved digest and public key algorithms [bsc#1121365, bsc#1190888, bsc#1193859, bsc#1198471, bsc#1198472] - FIPS: Add KAT for the RAND_DRBG implementation [bsc#1203069] - FIPS: openssl: RAND api should call into FIPS DRBG [bsc#1201293] * The FIPS_drbg implementation is not FIPS validated anymore. To provide backwards compatibility for applications that need FIPS compliant RNG number generation and use FIPS_drbg_generate, this function was re-wired to call the FIPS validated DRBG instance instead through the RAND_bytes() call. - FIPS: Fix minor memory leaks by FIPS patch [bsc#1203046] - FIPS: OpenSSL: Port openssl to use jitterentropy [bsc#1202148, jsc#SLE-24941] libcrypto.so now requires libjitterentropy3 library. - FIPS: OpenSSL Provide a service-level indicator [bsc#1190651] - FIPS: Add zeroization of temporary variables to the hmac integrity function FIPSCHECK_verify(). [bsc#1190653] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3670-1 Released: Thu Oct 20 10:44:13 2022 Summary: Recommended update for zchunk Type: recommended Severity: moderate References: 1204244 This update for zchunk fixes the following issues: - Make sure to ship libzck1 to Micro 5.3 (bsc#1204244) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3683-1 Released: Fri Oct 21 11:48:39 2022 Summary: Security update for libksba Type: security Severity: critical References: 1204357,CVE-2022-3515 This update for libksba fixes the following issues: - CVE-2022-3515: Fixed a possible overflow in the TLV parser (bsc#1204357). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3692-1 Released: Fri Oct 21 16:15:07 2022 Summary: Security update for libxml2 Type: security Severity: important References: 1204366,1204367,CVE-2022-40303,CVE-2022-40304 This update for libxml2 fixes the following issues: - CVE-2022-40303: Fixed integer overflows with XML_PARSE_HUGE (bsc#1204366). - CVE-2022-40304: Fixed dict corruption caused by entity reference cycles (bsc#1204367). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3750-1 Released: Wed Oct 26 10:45:25 2022 Summary: Maintenance update for SUSE Manager 4.3: Server and Proxy Type: security Severity: moderate References: 1191857,1195624,1196729,1197027,1198168,1198903,1199726,1200480,1200573,1200629,1201210,1201220,1201260,1201589,1201626,1201753,1201788,1201913,1201918,1202271,1202272,1202367,1202455,1202464,1202602,1202728,1202729,1202805,1202899,1203026,1203049,1203056,1203169,1203287,1203288,1203385,1203406,1203422,1203449,1203478,1203484,1203564,1203585,1203611,CVE-2021-41411,CVE-2021-42740,CVE-2021-43138,CVE-2022-0860,CVE-2022-31129 Maintenance update for SUSE Manager 4.3: Server and Proxy The following package changes have been done: - libtirpc-netconfig-1.2.6-150300.3.14.1 updated - glibc-2.31-150300.41.1 updated - perl-base-5.26.1-150300.17.11.1 updated - libgcrypt20-1.9.4-150400.6.5.1 updated - libgcrypt20-hmac-1.9.4-150400.6.5.1 updated - libsqlite3-0-3.39.3-150000.3.17.1 updated - libjitterentropy3-3.4.0-150000.1.6.1 added - libgcc_s1-11.3.0+git1637-150000.1.11.2 updated - libksba8-1.3.5-150000.4.3.1 updated - libassuan0-2.5.5-150000.4.3.1 updated - libstdc++6-11.3.0+git1637-150000.1.11.2 updated - libxml2-2-2.9.14-150400.5.10.1 updated - libopenssl1_1-1.1.1l-150400.7.10.5 updated - libopenssl1_1-hmac-1.1.1l-150400.7.10.5 updated - libzck1-1.1.16-150400.3.2.1 added - libtirpc3-1.2.6-150300.3.14.1 updated - permissions-20201225-150400.5.11.1 updated - libzypp-17.31.2-150400.3.9.1 updated - zypper-1.14.57-150400.3.9.1 updated - aaa_base-84.87+git20180409.04c9dae-150300.10.3.1 updated - libdevmapper1_03-1.02.163-150400.178.1 updated - libexpat1-2.4.4-150400.3.9.1 updated - libpython3_6m1_0-3.6.15-150300.10.30.1 updated - python3-base-3.6.15-150300.10.30.1 updated - python3-3.6.15-150300.10.30.1 updated - python3-uyuni-common-libs-4.3.6-150400.3.6.4 updated - python3-rpm-4.14.3-150300.49.1 updated - spacewalk-backend-4.3.16-150400.3.6.8 updated - python3-libxml2-2.9.14-150400.5.10.1 updated - python3-spacewalk-client-tools-4.3.12-150400.3.6.6 updated - spacewalk-client-tools-4.3.12-150400.3.6.6 updated - susemanager-tftpsync-recv-4.3.7-150400.3.3.3 updated From sle-updates at lists.suse.com Wed Oct 26 11:15:19 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 Oct 2022 13:15:19 +0200 (CEST) Subject: SUSE-CU-2022:2728-1: Security update of suse/manager/4.3/proxy-salt-broker Message-ID: <20221026111519.9B444FDB8@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-salt-broker ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2728-1 Container Tags : suse/manager/4.3/proxy-salt-broker:4.3.2 , suse/manager/4.3/proxy-salt-broker:4.3.2.9.9.1 , suse/manager/4.3/proxy-salt-broker:latest Container Release : 9.9.1 Severity : critical Type : security References : 1047178 1121365 1180995 1181994 1182983 1188006 1189282 1189802 1190651 1190653 1190700 1190888 1191020 1193859 1195773 1198471 1198472 1198752 1199079 1199140 1199492 1199895 1200800 1200993 1201092 1201293 1201576 1201638 1201680 1201783 1201942 1201972 1202117 1202148 1202624 1202868 1202870 1203018 1203046 1203069 1203438 1203649 1204244 1204357 1204366 1204367 CVE-2017-6512 CVE-2021-28861 CVE-2021-36690 CVE-2021-46828 CVE-2022-31252 CVE-2022-3515 CVE-2022-35737 CVE-2022-40303 CVE-2022-40304 CVE-2022-40674 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-salt-broker was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2796-1 Released: Fri Aug 12 14:34:31 2022 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: This update for jitterentropy fixes the following issues: jitterentropy is included in version 3.4.0 (jsc#SLE-24941): This is a FIPS 140-3 / NIST 800-90b compliant userspace jitter entropy generator library, used by other FIPS libraries. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3127-1 Released: Wed Sep 7 04:36:10 2022 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1198752,1200800 This update for libtirpc fixes the following issues: - Exclude ipv6 addresses in client protocol version 2 code (bsc#1200800) - Fix memory leak in params.r_addr assignement (bsc#1198752) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3220-1 Released: Fri Sep 9 04:30:52 2022 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1199895,1200993,1201092,1201576,1201638 This update for libzypp, zypper fixes the following issues: libzypp: - Improve handling of package locks, allowing to reset the status of its initial state (bsc#1199895) - Fix issues when receiving exceptions from curl_easy_cleanup (bsc#1201092) - Don't auto-flag kernel-firmware as 'reboot-needed' (bsc#1200993) - Remove Medianetwork and its dependent code. First reason for this is that MediaNetwork was just meant as a way to test the new CURL based downloaded. Second the Provide API is going to completely replace the current media backend. zypper: - Truncate the 'Name' column when using `zypper lr`, if the table is wider than the terminal (bsc#1201638) - Reject install/remove modifier without argument (bsc#1201576) - zypper-download: Handle unresolvable arguments as errors - Put signing key supplying repository name in quotes ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3262-1 Released: Tue Sep 13 15:34:29 2022 Summary: Recommended update for gcc11 Type: recommended Severity: moderate References: 1199140 This update for gcc11 ships some missing 32bit libraries for s390x. (bsc#1199140) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3271-1 Released: Wed Sep 14 06:45:39 2022 Summary: Security update for perl Type: security Severity: moderate References: 1047178,CVE-2017-6512 This update for perl fixes the following issues: - CVE-2017-6512: Fixed File::Path rmtree/remove_tree race condition (bsc#1047178). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3304-1 Released: Mon Sep 19 11:43:25 2022 Summary: Recommended update for libassuan Type: recommended Severity: moderate References: This update for libassuan fixes the following issues: - Add a timeout for writing to a SOCKS5 proxy - Add workaround for a problem with LD_LIBRARY_PATH on newer systems - Fix issue in the logging code - Fix some build trivialities - Upgrade autoconf ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3305-1 Released: Mon Sep 19 11:45:57 2022 Summary: Security update for libtirpc Type: security Severity: important References: 1201680,CVE-2021-46828 This update for libtirpc fixes the following issues: - CVE-2021-46828: Fixed denial of service vulnerability with lots of connections (bsc#1201680). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3307-1 Released: Mon Sep 19 13:26:51 2022 Summary: Security update for sqlite3 Type: security Severity: moderate References: 1189802,1195773,1201783,CVE-2021-36690,CVE-2022-35737 This update for sqlite3 fixes the following issues: - CVE-2022-35737: Fixed an array-bounds overflow if billions of bytes are used in a string argument to a C API (bnc#1201783). - CVE-2021-36690: Fixed an issue with the SQLite Expert extension when a column has no collating sequence (bsc#1189802). - Package the Tcl bindings here again so that we only ship one copy of SQLite (bsc#1195773). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3328-1 Released: Wed Sep 21 12:48:56 2022 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: 1202870 This update for jitterentropy fixes the following issues: - Hide the non-GNUC constructs that are library internal from the exported header, to make it usable in builds with strict C99 compliance. (bsc#1202870) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3353-1 Released: Fri Sep 23 15:23:40 2022 Summary: Security update for permissions Type: security Severity: moderate References: 1203018,CVE-2022-31252 This update for permissions fixes the following issues: - CVE-2022-31252: Fixed chkstat group controlled paths (bsc#1203018). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3395-1 Released: Mon Sep 26 16:35:18 2022 Summary: Recommended update for ca-certificates-mozilla Type: recommended Severity: moderate References: 1181994,1188006,1199079,1202868 This update for ca-certificates-mozilla fixes the following issues: Updated to 2.56 state of Mozilla SSL root CAs (bsc#1202868) - Added: - Certainly Root E1 - Certainly Root R1 - DigiCert SMIME ECC P384 Root G5 - DigiCert SMIME RSA4096 Root G5 - DigiCert TLS ECC P384 Root G5 - DigiCert TLS RSA4096 Root G5 - E-Tugra Global Root CA ECC v3 - E-Tugra Global Root CA RSA v3 - Removed: - Hellenic Academic and Research Institutions RootCA 2011 Updated to 2.54 state of Mozilla SSL root CAs (bsc#1199079) - Added: - Autoridad de Certificacion Firmaprofesional CIF A62634068 - D-TRUST BR Root CA 1 2020 - D-TRUST EV Root CA 1 2020 - GlobalSign ECC Root CA R4 - GTS Root R1 - GTS Root R2 - GTS Root R3 - GTS Root R4 - HiPKI Root CA - G1 - ISRG Root X2 - Telia Root CA v2 - vTrus ECC Root CA - vTrus Root CA - Removed: - Cybertrust Global Root - DST Root CA X3 - DigiNotar PKIoverheid CA Organisatie - G2 - GlobalSign ECC Root CA R4 - GlobalSign Root CA R2 - GTS Root R1 - GTS Root R2 - GTS Root R3 - GTS Root R4 Updated to 2.50 state of the Mozilla NSS Certificate store (bsc#1188006) - Added: - HARICA Client ECC Root CA 2021 - HARICA Client RSA Root CA 2021 - HARICA TLS ECC Root CA 2021 - HARICA TLS RSA Root CA 2021 - TunTrust Root CA Updated to 2.46 state of the Mozilla NSS Certificate store (bsc#1181994) - Added new root CAs: - NAVER Global Root Certification Authority - Removed old root CAs: - GeoTrust Global CA - GeoTrust Primary Certification Authority - GeoTrust Primary Certification Authority - G3 - GeoTrust Universal CA - GeoTrust Universal CA 2 - thawte Primary Root CA - thawte Primary Root CA - G2 - thawte Primary Root CA - G3 - VeriSign Class 3 Public Primary Certification Authority - G4 - VeriSign Class 3 Public Primary Certification Authority - G5 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3452-1 Released: Wed Sep 28 12:13:43 2022 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1201942 This update for glibc fixes the following issues: - Reversing calculation of __x86_shared_non_temporal_threshold (bsc#1201942) - powerpc: Optimized memcmp for power10 (jsc#PED-987) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3489-1 Released: Sat Oct 1 13:35:24 2022 Summary: Security update for expat Type: security Severity: important References: 1203438,CVE-2022-40674 This update for expat fixes the following issues: - CVE-2022-40674: Fixed use-after-free in the doContent function in xmlparse.c (bsc#1203438). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3544-1 Released: Thu Oct 6 13:48:42 2022 Summary: Security update for python3 Type: security Severity: important References: 1202624,CVE-2021-28861 This update for python3 fixes the following issues: - CVE-2021-28861: Fixed an open redirection vulnerability in the HTTP server when an URI path starts with // (bsc#1202624). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3551-1 Released: Fri Oct 7 17:03:55 2022 Summary: Recommended update for libgcrypt Type: recommended Severity: moderate References: 1182983,1190700,1191020,1202117 This update for libgcrypt fixes the following issues: - FIPS: Fixed gpg/gpg2 gets out of core handler in FIPS mode while typing Tab key to Auto-Completion. [bsc#1182983] - FIPS: Ported libgcrypt to use jitterentropy [bsc#1202117, jsc#SLE-24941] * Enable the jitter based entropy generator by default in random.conf * Update the internal jitterentropy to version 3.4.0 - FIPS: Get most of the entropy from rndjent_poll [bsc#1202117] - FIPS: Check keylength in gcry_fips_indicator_kdf() [bsc#1190700] * Consider approved keylength greater or equal to 112 bits. - FIPS: Zeroize buffer and digest in check_binary_integrity() [bsc#1191020] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3555-1 Released: Mon Oct 10 14:05:12 2022 Summary: Recommended update for aaa_base Type: recommended Severity: important References: 1199492 This update for aaa_base fixes the following issues: - The wrapper rootsh is not a restricted shell. (bsc#1199492) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3564-1 Released: Tue Oct 11 16:15:57 2022 Summary: Recommended update for libzypp, zypper Type: recommended Severity: critical References: 1189282,1201972,1203649 This update for libzypp, zypper fixes the following issues: libzypp: - Enable 'zck' support for SUSE Linux Enterprise 15 Service Pack 4 and newer (bsc#1189282) - Fix regression leading to `-allow-vendor-change` and `no-allow-vendor-change` options being ignored (bsc#1201972) - Remove migration code that is no longer needed (bsc#1203649) - Store logrotate files in vendor specif directory '/usr/etc/logrotate.d' if so defined zypper: - Fix contradiction in the man page: `--download-in-advance` option is the default behavior - Fix regression leading to `-allow-vendor-change` and `no-allow-vendor-change` options being ignored (bsc#1201972) - Fix tests to use locale 'C.UTF-8' rather than 'en_US' - Make sure 'up' respects solver related CLI options (bsc#1201972) - Remove unneeded code to compute the PPP status because it is now auto established - Store logrotate files in vendor specif directory '/usr/etc/logrotate.d' if so defined ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3663-1 Released: Wed Oct 19 19:05:21 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1121365,1180995,1190651,1190653,1190888,1193859,1198471,1198472,1201293,1202148,1203046,1203069 This update for openssl-1_1 fixes the following issues: - FIPS: Default to RFC-7919 groups for genparam and dhparam - FIPS: list only FIPS approved digest and public key algorithms [bsc#1121365, bsc#1190888, bsc#1193859, bsc#1198471, bsc#1198472] - FIPS: Add KAT for the RAND_DRBG implementation [bsc#1203069] - FIPS: openssl: RAND api should call into FIPS DRBG [bsc#1201293] * The FIPS_drbg implementation is not FIPS validated anymore. To provide backwards compatibility for applications that need FIPS compliant RNG number generation and use FIPS_drbg_generate, this function was re-wired to call the FIPS validated DRBG instance instead through the RAND_bytes() call. - FIPS: Fix minor memory leaks by FIPS patch [bsc#1203046] - FIPS: OpenSSL: Port openssl to use jitterentropy [bsc#1202148, jsc#SLE-24941] libcrypto.so now requires libjitterentropy3 library. - FIPS: OpenSSL Provide a service-level indicator [bsc#1190651] - FIPS: Add zeroization of temporary variables to the hmac integrity function FIPSCHECK_verify(). [bsc#1190653] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3670-1 Released: Thu Oct 20 10:44:13 2022 Summary: Recommended update for zchunk Type: recommended Severity: moderate References: 1204244 This update for zchunk fixes the following issues: - Make sure to ship libzck1 to Micro 5.3 (bsc#1204244) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3683-1 Released: Fri Oct 21 11:48:39 2022 Summary: Security update for libksba Type: security Severity: critical References: 1204357,CVE-2022-3515 This update for libksba fixes the following issues: - CVE-2022-3515: Fixed a possible overflow in the TLV parser (bsc#1204357). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3692-1 Released: Fri Oct 21 16:15:07 2022 Summary: Security update for libxml2 Type: security Severity: important References: 1204366,1204367,CVE-2022-40303,CVE-2022-40304 This update for libxml2 fixes the following issues: - CVE-2022-40303: Fixed integer overflows with XML_PARSE_HUGE (bsc#1204366). - CVE-2022-40304: Fixed dict corruption caused by entity reference cycles (bsc#1204367). The following package changes have been done: - libtirpc-netconfig-1.2.6-150300.3.14.1 updated - glibc-2.31-150300.41.1 updated - perl-base-5.26.1-150300.17.11.1 updated - libgcrypt20-1.9.4-150400.6.5.1 updated - libgcrypt20-hmac-1.9.4-150400.6.5.1 updated - libsqlite3-0-3.39.3-150000.3.17.1 updated - libjitterentropy3-3.4.0-150000.1.6.1 added - libgcc_s1-11.3.0+git1637-150000.1.11.2 updated - libksba8-1.3.5-150000.4.3.1 updated - libassuan0-2.5.5-150000.4.3.1 updated - libstdc++6-11.3.0+git1637-150000.1.11.2 updated - libxml2-2-2.9.14-150400.5.10.1 updated - libopenssl1_1-1.1.1l-150400.7.10.5 updated - libopenssl1_1-hmac-1.1.1l-150400.7.10.5 updated - libzck1-1.1.16-150400.3.2.1 added - libtirpc3-1.2.6-150300.3.14.1 updated - permissions-20201225-150400.5.11.1 updated - libzypp-17.31.2-150400.3.9.1 updated - zypper-1.14.57-150400.3.9.1 updated - aaa_base-84.87+git20180409.04c9dae-150300.10.3.1 updated - openssl-1_1-1.1.1l-150400.7.10.5 updated - ca-certificates-mozilla-2.56-150200.24.1 updated - libexpat1-2.4.4-150400.3.9.1 updated - libpython3_6m1_0-3.6.15-150300.10.30.1 updated - python3-base-3.6.15-150300.10.30.1 updated - python3-3.6.15-150300.10.30.1 updated From sle-updates at lists.suse.com Wed Oct 26 11:15:33 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 Oct 2022 13:15:33 +0200 (CEST) Subject: SUSE-CU-2022:2729-1: Security update of suse/manager/4.3/proxy-squid Message-ID: <20221026111533.0E798FDB8@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-squid ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2729-1 Container Tags : suse/manager/4.3/proxy-squid:4.3.2 , suse/manager/4.3/proxy-squid:4.3.2.9.9.1 , suse/manager/4.3/proxy-squid:latest Container Release : 9.9.1 Severity : important Type : security References : 1047178 1121365 1180995 1182983 1189802 1190651 1190653 1190700 1190888 1191020 1193859 1195773 1198471 1198472 1198752 1199140 1199492 1200800 1201293 1201680 1201783 1201942 1202117 1202148 1202870 1203018 1203046 1203069 1204366 1204367 CVE-2017-6512 CVE-2021-36690 CVE-2021-46828 CVE-2022-31252 CVE-2022-35737 CVE-2022-40303 CVE-2022-40304 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-squid was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2796-1 Released: Fri Aug 12 14:34:31 2022 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: This update for jitterentropy fixes the following issues: jitterentropy is included in version 3.4.0 (jsc#SLE-24941): This is a FIPS 140-3 / NIST 800-90b compliant userspace jitter entropy generator library, used by other FIPS libraries. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3127-1 Released: Wed Sep 7 04:36:10 2022 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1198752,1200800 This update for libtirpc fixes the following issues: - Exclude ipv6 addresses in client protocol version 2 code (bsc#1200800) - Fix memory leak in params.r_addr assignement (bsc#1198752) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3262-1 Released: Tue Sep 13 15:34:29 2022 Summary: Recommended update for gcc11 Type: recommended Severity: moderate References: 1199140 This update for gcc11 ships some missing 32bit libraries for s390x. (bsc#1199140) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3271-1 Released: Wed Sep 14 06:45:39 2022 Summary: Security update for perl Type: security Severity: moderate References: 1047178,CVE-2017-6512 This update for perl fixes the following issues: - CVE-2017-6512: Fixed File::Path rmtree/remove_tree race condition (bsc#1047178). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3305-1 Released: Mon Sep 19 11:45:57 2022 Summary: Security update for libtirpc Type: security Severity: important References: 1201680,CVE-2021-46828 This update for libtirpc fixes the following issues: - CVE-2021-46828: Fixed denial of service vulnerability with lots of connections (bsc#1201680). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3307-1 Released: Mon Sep 19 13:26:51 2022 Summary: Security update for sqlite3 Type: security Severity: moderate References: 1189802,1195773,1201783,CVE-2021-36690,CVE-2022-35737 This update for sqlite3 fixes the following issues: - CVE-2022-35737: Fixed an array-bounds overflow if billions of bytes are used in a string argument to a C API (bnc#1201783). - CVE-2021-36690: Fixed an issue with the SQLite Expert extension when a column has no collating sequence (bsc#1189802). - Package the Tcl bindings here again so that we only ship one copy of SQLite (bsc#1195773). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3328-1 Released: Wed Sep 21 12:48:56 2022 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: 1202870 This update for jitterentropy fixes the following issues: - Hide the non-GNUC constructs that are library internal from the exported header, to make it usable in builds with strict C99 compliance. (bsc#1202870) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3353-1 Released: Fri Sep 23 15:23:40 2022 Summary: Security update for permissions Type: security Severity: moderate References: 1203018,CVE-2022-31252 This update for permissions fixes the following issues: - CVE-2022-31252: Fixed chkstat group controlled paths (bsc#1203018). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3452-1 Released: Wed Sep 28 12:13:43 2022 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1201942 This update for glibc fixes the following issues: - Reversing calculation of __x86_shared_non_temporal_threshold (bsc#1201942) - powerpc: Optimized memcmp for power10 (jsc#PED-987) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3551-1 Released: Fri Oct 7 17:03:55 2022 Summary: Recommended update for libgcrypt Type: recommended Severity: moderate References: 1182983,1190700,1191020,1202117 This update for libgcrypt fixes the following issues: - FIPS: Fixed gpg/gpg2 gets out of core handler in FIPS mode while typing Tab key to Auto-Completion. [bsc#1182983] - FIPS: Ported libgcrypt to use jitterentropy [bsc#1202117, jsc#SLE-24941] * Enable the jitter based entropy generator by default in random.conf * Update the internal jitterentropy to version 3.4.0 - FIPS: Get most of the entropy from rndjent_poll [bsc#1202117] - FIPS: Check keylength in gcry_fips_indicator_kdf() [bsc#1190700] * Consider approved keylength greater or equal to 112 bits. - FIPS: Zeroize buffer and digest in check_binary_integrity() [bsc#1191020] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3555-1 Released: Mon Oct 10 14:05:12 2022 Summary: Recommended update for aaa_base Type: recommended Severity: important References: 1199492 This update for aaa_base fixes the following issues: - The wrapper rootsh is not a restricted shell. (bsc#1199492) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3663-1 Released: Wed Oct 19 19:05:21 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1121365,1180995,1190651,1190653,1190888,1193859,1198471,1198472,1201293,1202148,1203046,1203069 This update for openssl-1_1 fixes the following issues: - FIPS: Default to RFC-7919 groups for genparam and dhparam - FIPS: list only FIPS approved digest and public key algorithms [bsc#1121365, bsc#1190888, bsc#1193859, bsc#1198471, bsc#1198472] - FIPS: Add KAT for the RAND_DRBG implementation [bsc#1203069] - FIPS: openssl: RAND api should call into FIPS DRBG [bsc#1201293] * The FIPS_drbg implementation is not FIPS validated anymore. To provide backwards compatibility for applications that need FIPS compliant RNG number generation and use FIPS_drbg_generate, this function was re-wired to call the FIPS validated DRBG instance instead through the RAND_bytes() call. - FIPS: Fix minor memory leaks by FIPS patch [bsc#1203046] - FIPS: OpenSSL: Port openssl to use jitterentropy [bsc#1202148, jsc#SLE-24941] libcrypto.so now requires libjitterentropy3 library. - FIPS: OpenSSL Provide a service-level indicator [bsc#1190651] - FIPS: Add zeroization of temporary variables to the hmac integrity function FIPSCHECK_verify(). [bsc#1190653] ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3692-1 Released: Fri Oct 21 16:15:07 2022 Summary: Security update for libxml2 Type: security Severity: important References: 1204366,1204367,CVE-2022-40303,CVE-2022-40304 This update for libxml2 fixes the following issues: - CVE-2022-40303: Fixed integer overflows with XML_PARSE_HUGE (bsc#1204366). - CVE-2022-40304: Fixed dict corruption caused by entity reference cycles (bsc#1204367). The following package changes have been done: - libtirpc-netconfig-1.2.6-150300.3.14.1 updated - glibc-2.31-150300.41.1 updated - perl-base-5.26.1-150300.17.11.1 updated - libgcrypt20-1.9.4-150400.6.5.1 updated - libgcrypt20-hmac-1.9.4-150400.6.5.1 updated - libsqlite3-0-3.39.3-150000.3.17.1 updated - libjitterentropy3-3.4.0-150000.1.6.1 added - libgcc_s1-11.3.0+git1637-150000.1.11.2 updated - libstdc++6-11.3.0+git1637-150000.1.11.2 updated - libxml2-2-2.9.14-150400.5.10.1 updated - libopenssl1_1-1.1.1l-150400.7.10.5 updated - libopenssl1_1-hmac-1.1.1l-150400.7.10.5 updated - libtirpc3-1.2.6-150300.3.14.1 updated - permissions-20201225-150400.5.11.1 updated - aaa_base-84.87+git20180409.04c9dae-150300.10.3.1 updated From sle-updates at lists.suse.com Wed Oct 26 11:15:46 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 Oct 2022 13:15:46 +0200 (CEST) Subject: SUSE-CU-2022:2730-1: Security update of suse/manager/4.3/proxy-ssh Message-ID: <20221026111546.833BEFDB8@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-ssh ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2730-1 Container Tags : suse/manager/4.3/proxy-ssh:4.3.2 , suse/manager/4.3/proxy-ssh:4.3.2.9.9.1 , suse/manager/4.3/proxy-ssh:latest Container Release : 9.9.1 Severity : important Type : security References : 1047178 1121365 1180995 1182983 1189802 1190651 1190653 1190700 1190888 1191020 1193859 1195773 1198471 1198472 1198752 1199140 1199492 1200800 1201293 1201680 1201783 1201942 1202117 1202148 1202624 1202870 1203018 1203046 1203069 1203438 1204366 1204367 CVE-2017-6512 CVE-2021-28861 CVE-2021-36690 CVE-2021-46828 CVE-2022-31252 CVE-2022-35737 CVE-2022-40303 CVE-2022-40304 CVE-2022-40674 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-ssh was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2796-1 Released: Fri Aug 12 14:34:31 2022 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: This update for jitterentropy fixes the following issues: jitterentropy is included in version 3.4.0 (jsc#SLE-24941): This is a FIPS 140-3 / NIST 800-90b compliant userspace jitter entropy generator library, used by other FIPS libraries. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3127-1 Released: Wed Sep 7 04:36:10 2022 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1198752,1200800 This update for libtirpc fixes the following issues: - Exclude ipv6 addresses in client protocol version 2 code (bsc#1200800) - Fix memory leak in params.r_addr assignement (bsc#1198752) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3262-1 Released: Tue Sep 13 15:34:29 2022 Summary: Recommended update for gcc11 Type: recommended Severity: moderate References: 1199140 This update for gcc11 ships some missing 32bit libraries for s390x. (bsc#1199140) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3271-1 Released: Wed Sep 14 06:45:39 2022 Summary: Security update for perl Type: security Severity: moderate References: 1047178,CVE-2017-6512 This update for perl fixes the following issues: - CVE-2017-6512: Fixed File::Path rmtree/remove_tree race condition (bsc#1047178). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3305-1 Released: Mon Sep 19 11:45:57 2022 Summary: Security update for libtirpc Type: security Severity: important References: 1201680,CVE-2021-46828 This update for libtirpc fixes the following issues: - CVE-2021-46828: Fixed denial of service vulnerability with lots of connections (bsc#1201680). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3307-1 Released: Mon Sep 19 13:26:51 2022 Summary: Security update for sqlite3 Type: security Severity: moderate References: 1189802,1195773,1201783,CVE-2021-36690,CVE-2022-35737 This update for sqlite3 fixes the following issues: - CVE-2022-35737: Fixed an array-bounds overflow if billions of bytes are used in a string argument to a C API (bnc#1201783). - CVE-2021-36690: Fixed an issue with the SQLite Expert extension when a column has no collating sequence (bsc#1189802). - Package the Tcl bindings here again so that we only ship one copy of SQLite (bsc#1195773). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3328-1 Released: Wed Sep 21 12:48:56 2022 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: 1202870 This update for jitterentropy fixes the following issues: - Hide the non-GNUC constructs that are library internal from the exported header, to make it usable in builds with strict C99 compliance. (bsc#1202870) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3353-1 Released: Fri Sep 23 15:23:40 2022 Summary: Security update for permissions Type: security Severity: moderate References: 1203018,CVE-2022-31252 This update for permissions fixes the following issues: - CVE-2022-31252: Fixed chkstat group controlled paths (bsc#1203018). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3452-1 Released: Wed Sep 28 12:13:43 2022 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1201942 This update for glibc fixes the following issues: - Reversing calculation of __x86_shared_non_temporal_threshold (bsc#1201942) - powerpc: Optimized memcmp for power10 (jsc#PED-987) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3489-1 Released: Sat Oct 1 13:35:24 2022 Summary: Security update for expat Type: security Severity: important References: 1203438,CVE-2022-40674 This update for expat fixes the following issues: - CVE-2022-40674: Fixed use-after-free in the doContent function in xmlparse.c (bsc#1203438). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3544-1 Released: Thu Oct 6 13:48:42 2022 Summary: Security update for python3 Type: security Severity: important References: 1202624,CVE-2021-28861 This update for python3 fixes the following issues: - CVE-2021-28861: Fixed an open redirection vulnerability in the HTTP server when an URI path starts with // (bsc#1202624). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3551-1 Released: Fri Oct 7 17:03:55 2022 Summary: Recommended update for libgcrypt Type: recommended Severity: moderate References: 1182983,1190700,1191020,1202117 This update for libgcrypt fixes the following issues: - FIPS: Fixed gpg/gpg2 gets out of core handler in FIPS mode while typing Tab key to Auto-Completion. [bsc#1182983] - FIPS: Ported libgcrypt to use jitterentropy [bsc#1202117, jsc#SLE-24941] * Enable the jitter based entropy generator by default in random.conf * Update the internal jitterentropy to version 3.4.0 - FIPS: Get most of the entropy from rndjent_poll [bsc#1202117] - FIPS: Check keylength in gcry_fips_indicator_kdf() [bsc#1190700] * Consider approved keylength greater or equal to 112 bits. - FIPS: Zeroize buffer and digest in check_binary_integrity() [bsc#1191020] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3555-1 Released: Mon Oct 10 14:05:12 2022 Summary: Recommended update for aaa_base Type: recommended Severity: important References: 1199492 This update for aaa_base fixes the following issues: - The wrapper rootsh is not a restricted shell. (bsc#1199492) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3663-1 Released: Wed Oct 19 19:05:21 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1121365,1180995,1190651,1190653,1190888,1193859,1198471,1198472,1201293,1202148,1203046,1203069 This update for openssl-1_1 fixes the following issues: - FIPS: Default to RFC-7919 groups for genparam and dhparam - FIPS: list only FIPS approved digest and public key algorithms [bsc#1121365, bsc#1190888, bsc#1193859, bsc#1198471, bsc#1198472] - FIPS: Add KAT for the RAND_DRBG implementation [bsc#1203069] - FIPS: openssl: RAND api should call into FIPS DRBG [bsc#1201293] * The FIPS_drbg implementation is not FIPS validated anymore. To provide backwards compatibility for applications that need FIPS compliant RNG number generation and use FIPS_drbg_generate, this function was re-wired to call the FIPS validated DRBG instance instead through the RAND_bytes() call. - FIPS: Fix minor memory leaks by FIPS patch [bsc#1203046] - FIPS: OpenSSL: Port openssl to use jitterentropy [bsc#1202148, jsc#SLE-24941] libcrypto.so now requires libjitterentropy3 library. - FIPS: OpenSSL Provide a service-level indicator [bsc#1190651] - FIPS: Add zeroization of temporary variables to the hmac integrity function FIPSCHECK_verify(). [bsc#1190653] ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3692-1 Released: Fri Oct 21 16:15:07 2022 Summary: Security update for libxml2 Type: security Severity: important References: 1204366,1204367,CVE-2022-40303,CVE-2022-40304 This update for libxml2 fixes the following issues: - CVE-2022-40303: Fixed integer overflows with XML_PARSE_HUGE (bsc#1204366). - CVE-2022-40304: Fixed dict corruption caused by entity reference cycles (bsc#1204367). The following package changes have been done: - libtirpc-netconfig-1.2.6-150300.3.14.1 updated - glibc-2.31-150300.41.1 updated - perl-base-5.26.1-150300.17.11.1 updated - libgcrypt20-1.9.4-150400.6.5.1 updated - libgcrypt20-hmac-1.9.4-150400.6.5.1 updated - libsqlite3-0-3.39.3-150000.3.17.1 updated - libjitterentropy3-3.4.0-150000.1.6.1 added - libgcc_s1-11.3.0+git1637-150000.1.11.2 updated - libstdc++6-11.3.0+git1637-150000.1.11.2 updated - libxml2-2-2.9.14-150400.5.10.1 updated - libopenssl1_1-1.1.1l-150400.7.10.5 updated - libopenssl1_1-hmac-1.1.1l-150400.7.10.5 updated - libtirpc3-1.2.6-150300.3.14.1 updated - permissions-20201225-150400.5.11.1 updated - aaa_base-84.87+git20180409.04c9dae-150300.10.3.1 updated - libexpat1-2.4.4-150400.3.9.1 updated - libpython3_6m1_0-3.6.15-150300.10.30.1 updated - python3-base-3.6.15-150300.10.30.1 updated - python3-3.6.15-150300.10.30.1 updated From sle-updates at lists.suse.com Wed Oct 26 11:16:02 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 Oct 2022 13:16:02 +0200 (CEST) Subject: SUSE-CU-2022:2731-1: Security update of suse/manager/4.3/proxy-tftpd Message-ID: <20221026111602.DBD18FDB8@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-tftpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2731-1 Container Tags : suse/manager/4.3/proxy-tftpd:4.3.2 , suse/manager/4.3/proxy-tftpd:4.3.2.9.9.1 , suse/manager/4.3/proxy-tftpd:latest Container Release : 9.9.1 Severity : important Type : security References : 1047178 1121365 1180995 1181994 1182983 1188006 1189802 1190651 1190653 1190700 1190888 1191020 1193859 1195773 1198471 1198472 1198752 1199079 1199140 1199492 1200800 1201293 1201680 1201783 1201942 1202117 1202148 1202624 1202868 1202870 1203018 1203046 1203069 1203438 1204366 1204367 CVE-2017-6512 CVE-2021-28861 CVE-2021-36690 CVE-2021-46828 CVE-2022-31252 CVE-2022-35737 CVE-2022-40303 CVE-2022-40304 CVE-2022-40674 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-tftpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2796-1 Released: Fri Aug 12 14:34:31 2022 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: This update for jitterentropy fixes the following issues: jitterentropy is included in version 3.4.0 (jsc#SLE-24941): This is a FIPS 140-3 / NIST 800-90b compliant userspace jitter entropy generator library, used by other FIPS libraries. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3127-1 Released: Wed Sep 7 04:36:10 2022 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1198752,1200800 This update for libtirpc fixes the following issues: - Exclude ipv6 addresses in client protocol version 2 code (bsc#1200800) - Fix memory leak in params.r_addr assignement (bsc#1198752) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3262-1 Released: Tue Sep 13 15:34:29 2022 Summary: Recommended update for gcc11 Type: recommended Severity: moderate References: 1199140 This update for gcc11 ships some missing 32bit libraries for s390x. (bsc#1199140) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3271-1 Released: Wed Sep 14 06:45:39 2022 Summary: Security update for perl Type: security Severity: moderate References: 1047178,CVE-2017-6512 This update for perl fixes the following issues: - CVE-2017-6512: Fixed File::Path rmtree/remove_tree race condition (bsc#1047178). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3305-1 Released: Mon Sep 19 11:45:57 2022 Summary: Security update for libtirpc Type: security Severity: important References: 1201680,CVE-2021-46828 This update for libtirpc fixes the following issues: - CVE-2021-46828: Fixed denial of service vulnerability with lots of connections (bsc#1201680). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3307-1 Released: Mon Sep 19 13:26:51 2022 Summary: Security update for sqlite3 Type: security Severity: moderate References: 1189802,1195773,1201783,CVE-2021-36690,CVE-2022-35737 This update for sqlite3 fixes the following issues: - CVE-2022-35737: Fixed an array-bounds overflow if billions of bytes are used in a string argument to a C API (bnc#1201783). - CVE-2021-36690: Fixed an issue with the SQLite Expert extension when a column has no collating sequence (bsc#1189802). - Package the Tcl bindings here again so that we only ship one copy of SQLite (bsc#1195773). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3328-1 Released: Wed Sep 21 12:48:56 2022 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: 1202870 This update for jitterentropy fixes the following issues: - Hide the non-GNUC constructs that are library internal from the exported header, to make it usable in builds with strict C99 compliance. (bsc#1202870) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3353-1 Released: Fri Sep 23 15:23:40 2022 Summary: Security update for permissions Type: security Severity: moderate References: 1203018,CVE-2022-31252 This update for permissions fixes the following issues: - CVE-2022-31252: Fixed chkstat group controlled paths (bsc#1203018). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3395-1 Released: Mon Sep 26 16:35:18 2022 Summary: Recommended update for ca-certificates-mozilla Type: recommended Severity: moderate References: 1181994,1188006,1199079,1202868 This update for ca-certificates-mozilla fixes the following issues: Updated to 2.56 state of Mozilla SSL root CAs (bsc#1202868) - Added: - Certainly Root E1 - Certainly Root R1 - DigiCert SMIME ECC P384 Root G5 - DigiCert SMIME RSA4096 Root G5 - DigiCert TLS ECC P384 Root G5 - DigiCert TLS RSA4096 Root G5 - E-Tugra Global Root CA ECC v3 - E-Tugra Global Root CA RSA v3 - Removed: - Hellenic Academic and Research Institutions RootCA 2011 Updated to 2.54 state of Mozilla SSL root CAs (bsc#1199079) - Added: - Autoridad de Certificacion Firmaprofesional CIF A62634068 - D-TRUST BR Root CA 1 2020 - D-TRUST EV Root CA 1 2020 - GlobalSign ECC Root CA R4 - GTS Root R1 - GTS Root R2 - GTS Root R3 - GTS Root R4 - HiPKI Root CA - G1 - ISRG Root X2 - Telia Root CA v2 - vTrus ECC Root CA - vTrus Root CA - Removed: - Cybertrust Global Root - DST Root CA X3 - DigiNotar PKIoverheid CA Organisatie - G2 - GlobalSign ECC Root CA R4 - GlobalSign Root CA R2 - GTS Root R1 - GTS Root R2 - GTS Root R3 - GTS Root R4 Updated to 2.50 state of the Mozilla NSS Certificate store (bsc#1188006) - Added: - HARICA Client ECC Root CA 2021 - HARICA Client RSA Root CA 2021 - HARICA TLS ECC Root CA 2021 - HARICA TLS RSA Root CA 2021 - TunTrust Root CA Updated to 2.46 state of the Mozilla NSS Certificate store (bsc#1181994) - Added new root CAs: - NAVER Global Root Certification Authority - Removed old root CAs: - GeoTrust Global CA - GeoTrust Primary Certification Authority - GeoTrust Primary Certification Authority - G3 - GeoTrust Universal CA - GeoTrust Universal CA 2 - thawte Primary Root CA - thawte Primary Root CA - G2 - thawte Primary Root CA - G3 - VeriSign Class 3 Public Primary Certification Authority - G4 - VeriSign Class 3 Public Primary Certification Authority - G5 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3452-1 Released: Wed Sep 28 12:13:43 2022 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1201942 This update for glibc fixes the following issues: - Reversing calculation of __x86_shared_non_temporal_threshold (bsc#1201942) - powerpc: Optimized memcmp for power10 (jsc#PED-987) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3489-1 Released: Sat Oct 1 13:35:24 2022 Summary: Security update for expat Type: security Severity: important References: 1203438,CVE-2022-40674 This update for expat fixes the following issues: - CVE-2022-40674: Fixed use-after-free in the doContent function in xmlparse.c (bsc#1203438). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3544-1 Released: Thu Oct 6 13:48:42 2022 Summary: Security update for python3 Type: security Severity: important References: 1202624,CVE-2021-28861 This update for python3 fixes the following issues: - CVE-2021-28861: Fixed an open redirection vulnerability in the HTTP server when an URI path starts with // (bsc#1202624). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3551-1 Released: Fri Oct 7 17:03:55 2022 Summary: Recommended update for libgcrypt Type: recommended Severity: moderate References: 1182983,1190700,1191020,1202117 This update for libgcrypt fixes the following issues: - FIPS: Fixed gpg/gpg2 gets out of core handler in FIPS mode while typing Tab key to Auto-Completion. [bsc#1182983] - FIPS: Ported libgcrypt to use jitterentropy [bsc#1202117, jsc#SLE-24941] * Enable the jitter based entropy generator by default in random.conf * Update the internal jitterentropy to version 3.4.0 - FIPS: Get most of the entropy from rndjent_poll [bsc#1202117] - FIPS: Check keylength in gcry_fips_indicator_kdf() [bsc#1190700] * Consider approved keylength greater or equal to 112 bits. - FIPS: Zeroize buffer and digest in check_binary_integrity() [bsc#1191020] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3555-1 Released: Mon Oct 10 14:05:12 2022 Summary: Recommended update for aaa_base Type: recommended Severity: important References: 1199492 This update for aaa_base fixes the following issues: - The wrapper rootsh is not a restricted shell. (bsc#1199492) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3663-1 Released: Wed Oct 19 19:05:21 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1121365,1180995,1190651,1190653,1190888,1193859,1198471,1198472,1201293,1202148,1203046,1203069 This update for openssl-1_1 fixes the following issues: - FIPS: Default to RFC-7919 groups for genparam and dhparam - FIPS: list only FIPS approved digest and public key algorithms [bsc#1121365, bsc#1190888, bsc#1193859, bsc#1198471, bsc#1198472] - FIPS: Add KAT for the RAND_DRBG implementation [bsc#1203069] - FIPS: openssl: RAND api should call into FIPS DRBG [bsc#1201293] * The FIPS_drbg implementation is not FIPS validated anymore. To provide backwards compatibility for applications that need FIPS compliant RNG number generation and use FIPS_drbg_generate, this function was re-wired to call the FIPS validated DRBG instance instead through the RAND_bytes() call. - FIPS: Fix minor memory leaks by FIPS patch [bsc#1203046] - FIPS: OpenSSL: Port openssl to use jitterentropy [bsc#1202148, jsc#SLE-24941] libcrypto.so now requires libjitterentropy3 library. - FIPS: OpenSSL Provide a service-level indicator [bsc#1190651] - FIPS: Add zeroization of temporary variables to the hmac integrity function FIPSCHECK_verify(). [bsc#1190653] ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3692-1 Released: Fri Oct 21 16:15:07 2022 Summary: Security update for libxml2 Type: security Severity: important References: 1204366,1204367,CVE-2022-40303,CVE-2022-40304 This update for libxml2 fixes the following issues: - CVE-2022-40303: Fixed integer overflows with XML_PARSE_HUGE (bsc#1204366). - CVE-2022-40304: Fixed dict corruption caused by entity reference cycles (bsc#1204367). The following package changes have been done: - libtirpc-netconfig-1.2.6-150300.3.14.1 updated - glibc-2.31-150300.41.1 updated - perl-base-5.26.1-150300.17.11.1 updated - libgcrypt20-1.9.4-150400.6.5.1 updated - libgcrypt20-hmac-1.9.4-150400.6.5.1 updated - libsqlite3-0-3.39.3-150000.3.17.1 updated - libjitterentropy3-3.4.0-150000.1.6.1 added - libgcc_s1-11.3.0+git1637-150000.1.11.2 updated - libstdc++6-11.3.0+git1637-150000.1.11.2 updated - libxml2-2-2.9.14-150400.5.10.1 updated - libopenssl1_1-1.1.1l-150400.7.10.5 updated - libopenssl1_1-hmac-1.1.1l-150400.7.10.5 updated - libtirpc3-1.2.6-150300.3.14.1 updated - permissions-20201225-150400.5.11.1 updated - aaa_base-84.87+git20180409.04c9dae-150300.10.3.1 updated - openssl-1_1-1.1.1l-150400.7.10.5 updated - ca-certificates-mozilla-2.56-150200.24.1 updated - libexpat1-2.4.4-150400.3.9.1 updated - libpython3_6m1_0-3.6.15-150300.10.30.1 updated - python3-base-3.6.15-150300.10.30.1 updated - python3-3.6.15-150300.10.30.1 updated From sle-updates at lists.suse.com Wed Oct 26 13:24:49 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 Oct 2022 15:24:49 +0200 (CEST) Subject: SUSE-SU-2022:3735-1: important: Security update for telnet Message-ID: <20221026132449.28346FDB8@maintenance.suse.de> SUSE Security Update: Security update for telnet ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3735-1 Rating: important References: #1203759 Cross-References: CVE-2022-39028 CVSS scores: CVE-2022-39028 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-39028 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for telnet fixes the following issues: - CVE-2022-39028: Fixed NULL pointer dereference in telnetd (bsc#1203759). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-3735=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2022-3735=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-3735=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-3735=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-3735=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2022-3735=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2022-3735=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): telnet-1.2-167.10.1 telnet-debuginfo-1.2-167.10.1 telnet-debugsource-1.2-167.10.1 telnet-server-1.2-167.10.1 telnet-server-debuginfo-1.2-167.10.1 - SUSE OpenStack Cloud 9 (x86_64): telnet-1.2-167.10.1 telnet-debuginfo-1.2-167.10.1 telnet-debugsource-1.2-167.10.1 telnet-server-1.2-167.10.1 telnet-server-debuginfo-1.2-167.10.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): telnet-1.2-167.10.1 telnet-debuginfo-1.2-167.10.1 telnet-debugsource-1.2-167.10.1 telnet-server-1.2-167.10.1 telnet-server-debuginfo-1.2-167.10.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): telnet-1.2-167.10.1 telnet-debuginfo-1.2-167.10.1 telnet-debugsource-1.2-167.10.1 telnet-server-1.2-167.10.1 telnet-server-debuginfo-1.2-167.10.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): telnet-1.2-167.10.1 telnet-debuginfo-1.2-167.10.1 telnet-debugsource-1.2-167.10.1 telnet-server-1.2-167.10.1 telnet-server-debuginfo-1.2-167.10.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): telnet-1.2-167.10.1 telnet-debuginfo-1.2-167.10.1 telnet-debugsource-1.2-167.10.1 telnet-server-1.2-167.10.1 telnet-server-debuginfo-1.2-167.10.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): telnet-1.2-167.10.1 telnet-debuginfo-1.2-167.10.1 telnet-debugsource-1.2-167.10.1 telnet-server-1.2-167.10.1 telnet-server-debuginfo-1.2-167.10.1 References: https://www.suse.com/security/cve/CVE-2022-39028.html https://bugzilla.suse.com/1203759 From sle-updates at lists.suse.com Wed Oct 26 13:25:39 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 Oct 2022 15:25:39 +0200 (CEST) Subject: SUSE-SU-2022:3769-1: important: Security update for curl Message-ID: <20221026132539.EF2CDFDB8@maintenance.suse.de> SUSE Security Update: Security update for curl ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3769-1 Rating: important References: #1204383 Cross-References: CVE-2022-32221 CVSS scores: CVE-2022-32221 (SUSE): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L Affected Products: SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for curl fixes the following issues: - CVE-2022-32221: Fixed POST following PUT confusion (bsc#1204383). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-3769=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-3769=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): curl-debuginfo-7.60.0-11.49.1 curl-debugsource-7.60.0-11.49.1 libcurl-devel-7.60.0-11.49.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): curl-7.60.0-11.49.1 curl-debuginfo-7.60.0-11.49.1 curl-debugsource-7.60.0-11.49.1 libcurl4-7.60.0-11.49.1 libcurl4-debuginfo-7.60.0-11.49.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): libcurl4-32bit-7.60.0-11.49.1 libcurl4-debuginfo-32bit-7.60.0-11.49.1 References: https://www.suse.com/security/cve/CVE-2022-32221.html https://bugzilla.suse.com/1204383 From sle-updates at lists.suse.com Wed Oct 26 13:26:21 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 Oct 2022 15:26:21 +0200 (CEST) Subject: SUSE-SU-2022:3770-1: important: Security update for curl Message-ID: <20221026132621.DC930FDB8@maintenance.suse.de> SUSE Security Update: Security update for curl ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3770-1 Rating: important References: #1204383 Cross-References: CVE-2022-32221 CVSS scores: CVE-2022-32221 (SUSE): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP3-BCL ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for curl fixes the following issues: - CVE-2022-32221: Fixed POST following PUT confusion (bsc#1204383). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2022-3770=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2022-3770=1 Package List: - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): curl-7.37.0-37.85.1 curl-debuginfo-7.37.0-37.85.1 curl-debugsource-7.37.0-37.85.1 libcurl4-32bit-7.37.0-37.85.1 libcurl4-7.37.0-37.85.1 libcurl4-debuginfo-32bit-7.37.0-37.85.1 libcurl4-debuginfo-7.37.0-37.85.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): curl-7.37.0-37.85.1 curl-debuginfo-7.37.0-37.85.1 curl-debugsource-7.37.0-37.85.1 libcurl4-32bit-7.37.0-37.85.1 libcurl4-7.37.0-37.85.1 libcurl4-debuginfo-32bit-7.37.0-37.85.1 libcurl4-debuginfo-7.37.0-37.85.1 References: https://www.suse.com/security/cve/CVE-2022-32221.html https://bugzilla.suse.com/1204383 From sle-updates at lists.suse.com Wed Oct 26 13:27:06 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 Oct 2022 15:27:06 +0200 (CEST) Subject: SUSE-SU-2022:3767-1: important: Recommended update for bind Message-ID: <20221026132706.89D7CFDB8@maintenance.suse.de> SUSE Security Update: Recommended update for bind ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3767-1 Rating: important References: #1201689 #1203250 #1203614 #1203618 #1203619 #1203620 SLE-24600 Cross-References: CVE-2022-2795 CVE-2022-3080 CVE-2022-38177 CVE-2022-38178 CVSS scores: CVE-2022-2795 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-2795 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-3080 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-3080 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-38177 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-38177 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-38178 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-38178 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Module for Server Applications 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that solves four vulnerabilities, contains one feature and has two fixes is now available. Description: This update for bind fixes the following issues: Update to release 9.16.33: - CVE-2022-2795: Fixed potential performance degredation due to missing database lookup limits when processing large delegations (bsc#1203614). - CVE-2022-3080: Fixed assertion failure when there was a stale CNAME in the cache for the incoming query and the stale-answer-client-timeout option is set to 0 (bsc#1203618). - CVE-2022-38177: Fixed a memory leak that could be externally triggered in the DNSSEC verification code for the ECDSA algorithm (bsc#1203619). - CVE-2022-38178: Fixed memory leaks that could be externally triggered in the DNSSEC verification code for the EdDSA algorithm (bsc#1203620). - Add systemd drop-in directory for named service (bsc#1201689). - Add modified createNamedConfInclude script and README-bind.chrootenv (bsc#1203250). - Feature Changes: - Response Rate Limiting (RRL) code now treats all QNAMEs that are subject to wildcard processing within a given zone as the same name, to prevent circumventing the limits enforced by RRL. - Zones using dnssec-policy now require dynamic DNS or inline-signing to be configured explicitly. - A backward-compatible approach was implemented for encoding internationalized domain names (IDN) in dig and converting the domain to IDNA2008 form; if that fails, BIND tries an IDNA2003 conversion. - The DNSSEC algorithms RSASHA1 and NSEC3RSASHA1 are now automatically disabled on systems where they are disallowed by the security policy. Primary zones using those algorithms need to be migrated to new algorithms prior to running on these systems, as graceful migration to different DNSSEC algorithms is not possible when RSASHA1 is disallowed by the operating system. - Log messages related to fetch limiting have been improved to provide more complete information. Specifically, the final counts of allowed and spilled fetches are now logged before the counter object is destroyed. - Non-dynamic zones that inherit dnssec-policy from the view or options blocks were not marked as inline-signed and therefore never scheduled to be re-signed. This has been fixed. - The old max-zone-ttl zone option was meant to be superseded by the max-zone-ttl option in dnssec-policy; however, the latter option was not fully effective. This has been corrected: zones no longer load if they contain TTLs greater than the limit configured in dnssec-policy. For zones with both the old max-zone-ttl option and dnssec-policy configured, the old option is ignored, and a warning is generated. - rndc dumpdb -expired was fixed to include expired RRsets, even if stale-cache-enable is set to no and the cache-cleaning time window has passed. (jsc#SLE-24600) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3767=1 - SUSE Linux Enterprise Module for Server Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2022-3767=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-3767=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): bind-9.16.33-150400.5.11.1 bind-debuginfo-9.16.33-150400.5.11.1 bind-debugsource-9.16.33-150400.5.11.1 bind-utils-9.16.33-150400.5.11.1 bind-utils-debuginfo-9.16.33-150400.5.11.1 - openSUSE Leap 15.4 (noarch): bind-doc-9.16.33-150400.5.11.1 python3-bind-9.16.33-150400.5.11.1 - SUSE Linux Enterprise Module for Server Applications 15-SP4 (aarch64 ppc64le s390x x86_64): bind-9.16.33-150400.5.11.1 bind-debuginfo-9.16.33-150400.5.11.1 bind-debugsource-9.16.33-150400.5.11.1 - SUSE Linux Enterprise Module for Server Applications 15-SP4 (noarch): bind-doc-9.16.33-150400.5.11.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): bind-debuginfo-9.16.33-150400.5.11.1 bind-debugsource-9.16.33-150400.5.11.1 bind-utils-9.16.33-150400.5.11.1 bind-utils-debuginfo-9.16.33-150400.5.11.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (noarch): python3-bind-9.16.33-150400.5.11.1 References: https://www.suse.com/security/cve/CVE-2022-2795.html https://www.suse.com/security/cve/CVE-2022-3080.html https://www.suse.com/security/cve/CVE-2022-38177.html https://www.suse.com/security/cve/CVE-2022-38178.html https://bugzilla.suse.com/1201689 https://bugzilla.suse.com/1203250 https://bugzilla.suse.com/1203614 https://bugzilla.suse.com/1203618 https://bugzilla.suse.com/1203619 https://bugzilla.suse.com/1203620 From sle-updates at lists.suse.com Wed Oct 26 13:28:27 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 Oct 2022 15:28:27 +0200 (CEST) Subject: SUSE-RU-2022:3743-1: moderate: Recommended update for golang-github-prometheus-alertmanager Message-ID: <20221026132827.CF972FDB8@maintenance.suse.de> SUSE Recommended Update: Recommended update for golang-github-prometheus-alertmanager ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:3743-1 Rating: moderate References: #1200725 Affected Products: SUSE Enterprise Storage 6 SUSE Linux Enterprise Module for SUSE Manager Proxy 4.1 SUSE Linux Enterprise Module for SUSE Manager Proxy 4.2 SUSE Linux Enterprise Module for SUSE Manager Proxy 4.3 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Tools 15 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for golang-github-prometheus-alertmanager fixes the following issues: - Do not include sources (bsc#1200725) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3743=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-3743=1 - SUSE Manager Tools 15: zypper in -t patch SUSE-SLE-Manager-Tools-15-2022-3743=1 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.3: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.3-2022-3743=1 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.2: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.2-2022-3743=1 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.1-2022-3743=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-3743=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): golang-github-prometheus-alertmanager-0.23.0-150100.4.10.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): golang-github-prometheus-alertmanager-0.23.0-150100.4.10.1 - SUSE Manager Tools 15 (aarch64 ppc64le s390x x86_64): golang-github-prometheus-alertmanager-0.23.0-150100.4.10.1 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.3 (aarch64 ppc64le s390x x86_64): golang-github-prometheus-alertmanager-0.23.0-150100.4.10.1 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.2 (aarch64 ppc64le s390x x86_64): golang-github-prometheus-alertmanager-0.23.0-150100.4.10.1 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.1 (aarch64 ppc64le s390x x86_64): golang-github-prometheus-alertmanager-0.23.0-150100.4.10.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): golang-github-prometheus-alertmanager-0.23.0-150100.4.10.1 References: https://bugzilla.suse.com/1200725 From sle-updates at lists.suse.com Wed Oct 26 13:29:30 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 Oct 2022 15:29:30 +0200 (CEST) Subject: SUSE-RU-2022:3748-1: moderate: Recommended update for salt Message-ID: <20221026132930.8C208FDD6@maintenance.suse.de> SUSE Recommended Update: Recommended update for salt ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:3748-1 Rating: moderate References: #1195624 #1199562 #1200596 #1202165 #1202167 #1202631 Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Module for Server Applications 15-SP4 SUSE Linux Enterprise Module for Transactional Server 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has 6 recommended fixes can now be installed. Description: This update for salt fixes the following issues: - Add Amazon EC2 detection for virtual grains (bsc#1195624) - Change the delimiters to prevent possible tracebacks on some packages with dpkg_lowpkg - Fix 'test_ipc' unit test - Fix Syndic authentication errors (bsc#1199562) - Fix state.apply in test mode with file state module on user/group checking (bsc#1202167) - Fix the regression in schedule module released in version 3004 (bsc#1202631) - Handle non-UTF-8 bytes in core grains generation (bsc#1202165) - Make zypperpkg to retry if RPM lock is temporarily unavailable (bsc#1200596) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3748=1 - SUSE Linux Enterprise Module for Transactional Server 15-SP4: zypper in -t patch SUSE-SLE-Module-Transactional-Server-15-SP4-2022-3748=1 - SUSE Linux Enterprise Module for Server Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2022-3748=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-3748=1 - SUSE Linux Enterprise Micro 5.3: zypper in -t patch SUSE-SLE-Micro-5.3-2022-3748=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): python3-salt-3004-150400.8.14.1 salt-3004-150400.8.14.1 salt-api-3004-150400.8.14.1 salt-cloud-3004-150400.8.14.1 salt-doc-3004-150400.8.14.1 salt-master-3004-150400.8.14.1 salt-minion-3004-150400.8.14.1 salt-proxy-3004-150400.8.14.1 salt-ssh-3004-150400.8.14.1 salt-standalone-formulas-configuration-3004-150400.8.14.1 salt-syndic-3004-150400.8.14.1 salt-transactional-update-3004-150400.8.14.1 - openSUSE Leap 15.4 (noarch): salt-bash-completion-3004-150400.8.14.1 salt-fish-completion-3004-150400.8.14.1 salt-zsh-completion-3004-150400.8.14.1 - SUSE Linux Enterprise Module for Transactional Server 15-SP4 (aarch64 ppc64le s390x x86_64): salt-transactional-update-3004-150400.8.14.1 - SUSE Linux Enterprise Module for Server Applications 15-SP4 (aarch64 ppc64le s390x x86_64): salt-api-3004-150400.8.14.1 salt-cloud-3004-150400.8.14.1 salt-master-3004-150400.8.14.1 salt-proxy-3004-150400.8.14.1 salt-ssh-3004-150400.8.14.1 salt-standalone-formulas-configuration-3004-150400.8.14.1 salt-syndic-3004-150400.8.14.1 - SUSE Linux Enterprise Module for Server Applications 15-SP4 (noarch): salt-fish-completion-3004-150400.8.14.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): python3-salt-3004-150400.8.14.1 salt-3004-150400.8.14.1 salt-doc-3004-150400.8.14.1 salt-minion-3004-150400.8.14.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (noarch): salt-bash-completion-3004-150400.8.14.1 salt-zsh-completion-3004-150400.8.14.1 - SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64): python3-salt-3004-150400.8.14.1 salt-3004-150400.8.14.1 salt-minion-3004-150400.8.14.1 salt-transactional-update-3004-150400.8.14.1 References: https://bugzilla.suse.com/1195624 https://bugzilla.suse.com/1199562 https://bugzilla.suse.com/1200596 https://bugzilla.suse.com/1202165 https://bugzilla.suse.com/1202167 https://bugzilla.suse.com/1202631 From sle-updates at lists.suse.com Wed Oct 26 13:30:44 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 Oct 2022 15:30:44 +0200 (CEST) Subject: SUSE-SU-2022:3750-1: moderate: Security update for SUSE Manager Proxy 4.3 Message-ID: <20221026133044.062CBFDD6@maintenance.suse.de> SUSE Security Update: Security update for SUSE Manager Proxy 4.3 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3750-1 Rating: moderate References: #1198168 #1198903 #1200480 #1201589 #1201788 #1203287 #1203288 #1203585 Cross-References: CVE-2021-42740 CVE-2021-43138 CVE-2022-31129 CVSS scores: CVE-2021-42740 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-42740 (SUSE): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-43138 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-43138 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-31129 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-31129 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Module for SUSE Manager Proxy 4.3 SUSE Manager Proxy 4.3 ______________________________________________________________________________ An update that solves three vulnerabilities and has 5 fixes is now available. Description: This update fixes the following issues: mgr-daemon: - Version 4.3.6-1 * Update translation strings spacecmd: - Version 4.3.15-1 * Process date values in spacecmd api calls (bsc#1198903) spacewalk-backend: - Version 4.3.16-1 * Prevent mixing credentials for proxy and repository server while using basic authentication and avoid hiding errors i.e. timeouts while having proxy settings issues with extra logging in verbose mode (bsc#1201788) * Fix the condition of hiding the token from URL on logging * export armored GPG key to salt filesystem as well * Upgrade Cobbler requirement to 3.3.3 or later * Make reposync use the configured http proxy with mirrorlist (bsc#1198168) spacewalk-certs-tools: - Version 4.3.15-1 * fix mgr-ssl-cert-setup for root CAs which do not set authorityKeyIdentifier (bsc#1203585) spacewalk-client-tools: - Version 4.3.12-1 * Update translation strings spacewalk-web: - Version 4.3.24-1 * Upgrade moment-timezone * CVE-2021-43138: Obtain privileges via the `mapValues()` method. (bsc#1200480) * CVE-2021-42740: Command injection in the shell-quote package. (bsc#1203287) * CVE-2022-31129: Denial-of-Service moment: inefficient parsing algorithm (bsc#1203288) * Fix table header layout for unselectable tables susemanager-build-keys: - Add release and auxiliary GPG keys for RedHat - Add keys for Rocky Linux 9 * RPM-GPG-KEY-redhat-release * RPM-GPG-KEY-redhat-auxiliary * RPM-GPG-KEY-Rocky-9 susemanager-tftpsync-recv: - Version 4.3.7-1 * Add missing IPv6 default configuration (bsc#1201589) * fix problems with parallel running processes uyuni-common-libs: - Version 4.3.6-1 * Do not allow creating path if nonexistent user or group in fileutils. How to apply this update: 1. Log in as root user to the SUSE Manager proxy. 2. Stop the proxy service: spacewalk-proxy stop 3. Apply the patch using either zypper patch or YaST Online Update. 4. Start the Spacewalk service: spacewalk-proxy start Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.3: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.3-2022-3750=1 Package List: - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.3 (x86_64): python3-uyuni-common-libs-4.3.6-150400.3.6.4 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.3 (noarch): mgr-daemon-4.3.6-150400.3.6.4 python3-spacewalk-certs-tools-4.3.15-150400.3.6.2 python3-spacewalk-check-4.3.12-150400.3.6.6 python3-spacewalk-client-setup-4.3.12-150400.3.6.6 python3-spacewalk-client-tools-4.3.12-150400.3.6.6 spacecmd-4.3.15-150400.3.6.4 spacewalk-backend-4.3.16-150400.3.6.8 spacewalk-base-minimal-4.3.24-150400.3.6.4 spacewalk-base-minimal-config-4.3.24-150400.3.6.4 spacewalk-certs-tools-4.3.15-150400.3.6.2 spacewalk-check-4.3.12-150400.3.6.6 spacewalk-client-setup-4.3.12-150400.3.6.6 spacewalk-client-tools-4.3.12-150400.3.6.6 susemanager-build-keys-15.4.3-150400.3.6.1 susemanager-build-keys-web-15.4.3-150400.3.6.1 susemanager-tftpsync-recv-4.3.7-150400.3.3.3 References: https://www.suse.com/security/cve/CVE-2021-42740.html https://www.suse.com/security/cve/CVE-2021-43138.html https://www.suse.com/security/cve/CVE-2022-31129.html https://bugzilla.suse.com/1198168 https://bugzilla.suse.com/1198903 https://bugzilla.suse.com/1200480 https://bugzilla.suse.com/1201589 https://bugzilla.suse.com/1201788 https://bugzilla.suse.com/1203287 https://bugzilla.suse.com/1203288 https://bugzilla.suse.com/1203585 From sle-updates at lists.suse.com Wed Oct 26 13:32:31 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 Oct 2022 15:32:31 +0200 (CEST) Subject: SUSE-RU-2022:3744-1: moderate: Recommended update for SUSE Manager Client Tools Message-ID: <20221026133231.C489EFDD6@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager Client Tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:3744-1 Rating: moderate References: #1198903 Affected Products: SUSE Manager Debian 11-CLIENT-TOOLS ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update fixes the following issues: spacecmd: - Version 4.3.15-1 * Process date values in spacecmd api calls (bsc#1198903) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Debian 11-CLIENT-TOOLS: zypper in -t patch SUSE-Debian-11-CLIENT-TOOLS-x86_64-2022-3744=1 Package List: - SUSE Manager Debian 11-CLIENT-TOOLS (all): spacecmd-4.3.15-2.9.1 References: https://bugzilla.suse.com/1198903 From sle-updates at lists.suse.com Wed Oct 26 13:33:43 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 Oct 2022 15:33:43 +0200 (CEST) Subject: SUSE-SU-2022:3745-1: moderate: Security update for golang-github-prometheus-node_exporter Message-ID: <20221026133343.E8884FDD6@maintenance.suse.de> SUSE Security Update: Security update for golang-github-prometheus-node_exporter ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3745-1 Rating: moderate References: #1196338 SLE-24238 SLE-24239 Cross-References: CVE-2022-21698 CVSS scores: CVE-2022-21698 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-21698 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Enterprise Storage 7 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.1 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.1 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes one vulnerability, contains two features is now available. Description: This update for golang-github-prometheus-node_exporter fixes the following issues: (bsc#1196338, jsc#SLE-24238, jsc#SLE-24239, jsc#SUMA-114, CVE-2022-21698) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3745=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-3745=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-3745=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-3745=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-3745=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-3745=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-3745=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-3745=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-3745=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-3745=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-3745=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-3745=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-3745=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-3745=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-3745=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-3745=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-3745=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-3745=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-3745=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): golang-github-prometheus-node_exporter-1.3.0-150100.3.18.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): golang-github-prometheus-node_exporter-1.3.0-150100.3.18.1 - SUSE Manager Server 4.1 (ppc64le s390x x86_64): golang-github-prometheus-node_exporter-1.3.0-150100.3.18.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): golang-github-prometheus-node_exporter-1.3.0-150100.3.18.1 - SUSE Manager Proxy 4.1 (x86_64): golang-github-prometheus-node_exporter-1.3.0-150100.3.18.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): golang-github-prometheus-node_exporter-1.3.0-150100.3.18.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): golang-github-prometheus-node_exporter-1.3.0-150100.3.18.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): golang-github-prometheus-node_exporter-1.3.0-150100.3.18.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): golang-github-prometheus-node_exporter-1.3.0-150100.3.18.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): golang-github-prometheus-node_exporter-1.3.0-150100.3.18.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): golang-github-prometheus-node_exporter-1.3.0-150100.3.18.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): golang-github-prometheus-node_exporter-1.3.0-150100.3.18.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): golang-github-prometheus-node_exporter-1.3.0-150100.3.18.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): golang-github-prometheus-node_exporter-1.3.0-150100.3.18.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): golang-github-prometheus-node_exporter-1.3.0-150100.3.18.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): golang-github-prometheus-node_exporter-1.3.0-150100.3.18.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): golang-github-prometheus-node_exporter-1.3.0-150100.3.18.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): golang-github-prometheus-node_exporter-1.3.0-150100.3.18.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): golang-github-prometheus-node_exporter-1.3.0-150100.3.18.1 - SUSE CaaS Platform 4.0 (x86_64): golang-github-prometheus-node_exporter-1.3.0-150100.3.18.1 References: https://www.suse.com/security/cve/CVE-2022-21698.html https://bugzilla.suse.com/1196338 From sle-updates at lists.suse.com Wed Oct 26 13:34:55 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 Oct 2022 15:34:55 +0200 (CEST) Subject: SUSE-RU-2022:15083-1: moderate: Recommended update for SUSE Manager Salt Bundle Message-ID: <20221026133455.DFBC3FDD6@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager Salt Bundle ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:15083-1 Rating: moderate References: #1195624 #1199562 #1200596 #1202165 #1202167 #1202631 Affected Products: SUSE Manager Ubuntu 18.04-CLIENT-TOOLS ______________________________________________________________________________ An update that has 6 recommended fixes can now be installed. Description: This update fixes the following issues: venv-salt-minion: - Remove kiwi python module from the bundle as no longer required - Handle non-UTF-8 bytes in core grains generation (bsc#1202165) - Don't include kiwi binaries - Fix Syndic authentication errors (bsc#1199562) - Add Amazon EC2 detection for virtual grains (bsc#1195624) - Fix the regression in schedule module releasded in 3004 (bsc#1202631) - Fix state.apply in test mode with file state module on user/group checking (bsc#1202167) - Change the delimeters to prevent possible tracebacks on some packages with dpkg_lowpkg - Make zypperpkg to retry if RPM lock is temporarily unavailable (bsc#1200596) - Add SELinux profile to the package instead of using semanage - Remove Build ID links from the virtual environment and disable generating new links on building the package - Remove packages.log from the virtual environment - Fix test_ipc unit test Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Ubuntu 18.04-CLIENT-TOOLS: zypper in -t patch suse-ubu184ct-client-tools-202209-15083=1 Package List: - SUSE Manager Ubuntu 18.04-CLIENT-TOOLS (amd64): venv-salt-minion-3004-2.14.1 References: https://bugzilla.suse.com/1195624 https://bugzilla.suse.com/1199562 https://bugzilla.suse.com/1200596 https://bugzilla.suse.com/1202165 https://bugzilla.suse.com/1202167 https://bugzilla.suse.com/1202631 From sle-updates at lists.suse.com Wed Oct 26 13:35:57 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 Oct 2022 15:35:57 +0200 (CEST) Subject: SUSE-RU-2022:15079-1: moderate: Recommended update for SUSE Manager Client Tools Message-ID: <20221026133557.7BBDCFDD6@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager Client Tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:15079-1 Rating: moderate References: #1195624 #1198903 #1199562 #1200122 #1200149 #1200163 #1200596 #1202165 #1202167 #1202631 ECO-3319 Affected Products: SUSE Manager Ubuntu 18.04-CLIENT-TOOLS ______________________________________________________________________________ An update that has 10 recommended fixes and contains one feature can now be installed. Description: This update fixes the following issues: salt: - Handle non-UTF-8 bytes in core grains generation (bsc#1202165) - Fix Syndic authentication errors (bsc#1199562) - Add Amazon EC2 detection for virtual grains (bsc#1195624) - Fix the regression in schedule module releasded in 3004 (bsc#1202631) - Fix state.apply in test mode with file state module on user/group checking (bsc#1202167) - Change the delimeters to prevent possible tracebacks on some packages with dpkg_lowpkg - Make zypperpkg to retry if RPM lock is temporarily unavailable (bsc#1200596) - Fix test_ipc unit test scap-security-guide: - Updated to 0.1.63 (jsc#ECO-3319) - multiple bugfixes in SUSE profiles - Expand project guidelines - Add Draft OCP4 STIG profile - Add anssi_bp28_intermediary profile - add products/uos20 to support UnionTech OS Server 20 - products/alinux3: Add CIS Alibaba Cloud Linux 3 profiles - Remove WRLinux Products - Update CIS RHEL8 Benchmark for v2.0.0 - Fixed: stig: /etc/shadow group owner should not be root but shadow (bsc#1200149) - Fixed: sles15_script-stig.sh: remediation_functions: No such file or directory (bsc#1200163) - Fixed: SLES-15-010130 - The SUSE operating system must initiate a session lock after a 15-minute period of inactivity (bsc#1200122) spacecmd: - Version 4.3.15-1 * Process date values in spacecmd api calls (bsc#1198903) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Ubuntu 18.04-CLIENT-TOOLS: zypper in -t patch suse-ubu184ct-client-tools-202209-15079=1 Package List: - SUSE Manager Ubuntu 18.04-CLIENT-TOOLS (all): salt-common-3004+ds-1+125.1 salt-minion-3004+ds-1+125.1 scap-security-guide-ubuntu-0.1.63-23.1 spacecmd-4.3.15-53.1 References: https://bugzilla.suse.com/1195624 https://bugzilla.suse.com/1198903 https://bugzilla.suse.com/1199562 https://bugzilla.suse.com/1200122 https://bugzilla.suse.com/1200149 https://bugzilla.suse.com/1200163 https://bugzilla.suse.com/1200596 https://bugzilla.suse.com/1202165 https://bugzilla.suse.com/1202167 https://bugzilla.suse.com/1202631 From sle-updates at lists.suse.com Wed Oct 26 13:37:18 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 Oct 2022 15:37:18 +0200 (CEST) Subject: SUSE-RU-2022:3749-1: moderate: Recommended update for Salt Message-ID: <20221026133718.6A41BFDD6@maintenance.suse.de> SUSE Recommended Update: Recommended update for Salt ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:3749-1 Rating: moderate References: #1200596 #1202167 Affected Products: SUSE Linux Enterprise High Performance Computing 12 SUSE Linux Enterprise Module for Advanced Systems Management 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12 SUSE Linux Enterprise Server for SAP Applications 12-SP3 SUSE Linux Enterprise Server for SAP Applications 12-SP4 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Manager Tools 12 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update fixes the following issues: salt: - Fix state.apply in test mode with file state module on user/group checking (bsc#1202167) - Make zypperpkg to retry if RPM lock is temporarily unavailable (bsc#1200596) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Tools 12: zypper in -t patch SUSE-SLE-Manager-Tools-12-2022-3749=1 - SUSE Linux Enterprise Module for Advanced Systems Management 12: zypper in -t patch SUSE-SLE-Module-Adv-Systems-Management-12-2022-3749=1 Package List: - SUSE Manager Tools 12 (aarch64 ppc64le s390x x86_64): python2-salt-3000-71.2 python3-salt-3000-71.2 salt-3000-71.2 salt-doc-3000-71.2 salt-minion-3000-71.2 - SUSE Linux Enterprise Module for Advanced Systems Management 12 (ppc64le s390x x86_64): python2-salt-3000-71.2 salt-3000-71.2 salt-api-3000-71.2 salt-cloud-3000-71.2 salt-doc-3000-71.2 salt-master-3000-71.2 salt-minion-3000-71.2 salt-proxy-3000-71.2 salt-ssh-3000-71.2 salt-standalone-formulas-configuration-3000-71.2 salt-syndic-3000-71.2 - SUSE Linux Enterprise Module for Advanced Systems Management 12 (noarch): salt-bash-completion-3000-71.2 salt-zsh-completion-3000-71.2 References: https://bugzilla.suse.com/1200596 https://bugzilla.suse.com/1202167 From sle-updates at lists.suse.com Wed Oct 26 13:38:10 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 Oct 2022 15:38:10 +0200 (CEST) Subject: SUSE-SU-2022:3765-1: important: Security update for grafana Message-ID: <20221026133810.A6B9AFDD6@maintenance.suse.de> SUSE Security Update: Security update for grafana ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3765-1 Rating: important References: #1195726 #1195727 #1195728 #1201535 #1201539 SLE-23422 SLE-23439 SLE-24565 Cross-References: CVE-2022-21702 CVE-2022-21703 CVE-2022-21713 CVE-2022-31097 CVE-2022-31107 CVSS scores: CVE-2022-21702 (NVD) : 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2022-21702 (SUSE): 6.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N CVE-2022-21703 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-21703 (SUSE): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N CVE-2022-21713 (NVD) : 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2022-21713 (SUSE): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2022-31097 (NVD) : 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2022-31097 (SUSE): 7.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N CVE-2022-31107 (NVD) : 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-31107 (SUSE): 7.1 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes 5 vulnerabilities, contains three features is now available. Description: This update for grafana fixes the following issues: Updated to version 8.3.10 (jsc#SLE-24565, jsc#SLE-23422, jsc#SLE-23439): - CVE-2022-31097: Fixed XSS vulnerability in the Unified Alerting (bsc#1201535). - CVE-2022-31107: Fixed OAuth account takeover vulnerability (bsc#1201539). - CVE-2022-21702: Fixed XSS through attacker-controlled data source (bsc#1195726). - CVE-2022-21703: Fixed Cross Site Request Forgery (bsc#1195727). - CVE-2022-21713: Fixed Teams API IDOR (bsc#1195728). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3765=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-3765=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2022-3765=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): grafana-8.3.10-150200.3.26.1 grafana-debuginfo-8.3.10-150200.3.26.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): grafana-8.3.10-150200.3.26.1 grafana-debuginfo-8.3.10-150200.3.26.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 (aarch64 ppc64le s390x x86_64): grafana-8.3.10-150200.3.26.1 References: https://www.suse.com/security/cve/CVE-2022-21702.html https://www.suse.com/security/cve/CVE-2022-21703.html https://www.suse.com/security/cve/CVE-2022-21713.html https://www.suse.com/security/cve/CVE-2022-31097.html https://www.suse.com/security/cve/CVE-2022-31107.html https://bugzilla.suse.com/1195726 https://bugzilla.suse.com/1195727 https://bugzilla.suse.com/1195728 https://bugzilla.suse.com/1201535 https://bugzilla.suse.com/1201539 From sle-updates at lists.suse.com Wed Oct 26 13:39:35 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 Oct 2022 15:39:35 +0200 (CEST) Subject: SUSE-SU-2022:3774-1: important: Security update for curl Message-ID: <20221026133935.507B2FDD6@maintenance.suse.de> SUSE Security Update: Security update for curl ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3774-1 Rating: important References: #1202593 #1204383 Cross-References: CVE-2022-32221 CVE-2022-35252 CVSS scores: CVE-2022-32221 (SUSE): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L CVE-2022-35252 (NVD) : 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-35252 (SUSE): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server for SAP 15-SP1 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for curl fixes the following issues: - CVE-2022-32221: Fixed POST following PUT confusion (bsc#1204383). - CVE-2022-35252: Fixed a potential injection of control characters into cookies (bsc#1202593). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-3774=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-3774=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-3774=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-3774=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-3774=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-3774=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-3774=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-3774=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-3774=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-3774=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): curl-7.60.0-150000.38.1 curl-debuginfo-7.60.0-150000.38.1 curl-debugsource-7.60.0-150000.38.1 libcurl-devel-7.60.0-150000.38.1 libcurl4-7.60.0-150000.38.1 libcurl4-debuginfo-7.60.0-150000.38.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (x86_64): libcurl4-32bit-7.60.0-150000.38.1 libcurl4-32bit-debuginfo-7.60.0-150000.38.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): curl-7.60.0-150000.38.1 curl-debuginfo-7.60.0-150000.38.1 curl-debugsource-7.60.0-150000.38.1 libcurl-devel-7.60.0-150000.38.1 libcurl4-7.60.0-150000.38.1 libcurl4-debuginfo-7.60.0-150000.38.1 - SUSE Linux Enterprise Server for SAP 15 (x86_64): libcurl4-32bit-7.60.0-150000.38.1 libcurl4-32bit-debuginfo-7.60.0-150000.38.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): curl-7.60.0-150000.38.1 curl-debuginfo-7.60.0-150000.38.1 curl-debugsource-7.60.0-150000.38.1 libcurl-devel-7.60.0-150000.38.1 libcurl4-7.60.0-150000.38.1 libcurl4-debuginfo-7.60.0-150000.38.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (x86_64): libcurl4-32bit-7.60.0-150000.38.1 libcurl4-32bit-debuginfo-7.60.0-150000.38.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): curl-7.60.0-150000.38.1 curl-debuginfo-7.60.0-150000.38.1 curl-debugsource-7.60.0-150000.38.1 libcurl-devel-7.60.0-150000.38.1 libcurl4-32bit-7.60.0-150000.38.1 libcurl4-32bit-debuginfo-7.60.0-150000.38.1 libcurl4-7.60.0-150000.38.1 libcurl4-debuginfo-7.60.0-150000.38.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): curl-7.60.0-150000.38.1 curl-debuginfo-7.60.0-150000.38.1 curl-debugsource-7.60.0-150000.38.1 libcurl-devel-7.60.0-150000.38.1 libcurl4-7.60.0-150000.38.1 libcurl4-debuginfo-7.60.0-150000.38.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): curl-7.60.0-150000.38.1 curl-debuginfo-7.60.0-150000.38.1 curl-debugsource-7.60.0-150000.38.1 libcurl-devel-7.60.0-150000.38.1 libcurl4-7.60.0-150000.38.1 libcurl4-debuginfo-7.60.0-150000.38.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (x86_64): libcurl4-32bit-7.60.0-150000.38.1 libcurl4-32bit-debuginfo-7.60.0-150000.38.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): curl-7.60.0-150000.38.1 curl-debuginfo-7.60.0-150000.38.1 curl-debugsource-7.60.0-150000.38.1 libcurl-devel-7.60.0-150000.38.1 libcurl4-7.60.0-150000.38.1 libcurl4-debuginfo-7.60.0-150000.38.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (x86_64): libcurl4-32bit-7.60.0-150000.38.1 libcurl4-32bit-debuginfo-7.60.0-150000.38.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): curl-7.60.0-150000.38.1 curl-debuginfo-7.60.0-150000.38.1 curl-debugsource-7.60.0-150000.38.1 libcurl-devel-7.60.0-150000.38.1 libcurl4-7.60.0-150000.38.1 libcurl4-debuginfo-7.60.0-150000.38.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (x86_64): libcurl4-32bit-7.60.0-150000.38.1 libcurl4-32bit-debuginfo-7.60.0-150000.38.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): curl-7.60.0-150000.38.1 curl-debuginfo-7.60.0-150000.38.1 curl-debugsource-7.60.0-150000.38.1 libcurl-devel-7.60.0-150000.38.1 libcurl4-7.60.0-150000.38.1 libcurl4-debuginfo-7.60.0-150000.38.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (x86_64): libcurl4-32bit-7.60.0-150000.38.1 libcurl4-32bit-debuginfo-7.60.0-150000.38.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): curl-7.60.0-150000.38.1 curl-debuginfo-7.60.0-150000.38.1 curl-debugsource-7.60.0-150000.38.1 libcurl-devel-7.60.0-150000.38.1 libcurl4-7.60.0-150000.38.1 libcurl4-debuginfo-7.60.0-150000.38.1 - SUSE Enterprise Storage 6 (x86_64): libcurl4-32bit-7.60.0-150000.38.1 libcurl4-32bit-debuginfo-7.60.0-150000.38.1 - SUSE CaaS Platform 4.0 (x86_64): curl-7.60.0-150000.38.1 curl-debuginfo-7.60.0-150000.38.1 curl-debugsource-7.60.0-150000.38.1 libcurl-devel-7.60.0-150000.38.1 libcurl4-32bit-7.60.0-150000.38.1 libcurl4-32bit-debuginfo-7.60.0-150000.38.1 libcurl4-7.60.0-150000.38.1 libcurl4-debuginfo-7.60.0-150000.38.1 References: https://www.suse.com/security/cve/CVE-2022-32221.html https://www.suse.com/security/cve/CVE-2022-35252.html https://bugzilla.suse.com/1202593 https://bugzilla.suse.com/1204383 From sle-updates at lists.suse.com Wed Oct 26 13:40:33 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 Oct 2022 15:40:33 +0200 (CEST) Subject: SUSE-RU-2022:3758-1: moderate: Recommended update for SUSE Manager Salt Bundle Message-ID: <20221026134033.CDBF9FDD6@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager Salt Bundle ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:3758-1 Rating: moderate References: #1195624 #1199562 #1200596 #1202165 #1202167 #1202631 Affected Products: SUSE Manager Debian 11-CLIENT-TOOLS ______________________________________________________________________________ An update that has 6 recommended fixes can now be installed. Description: This update fixes the following issues: venv-salt-minion: - Remove kiwi python module from the bundle as no longer required - Handle non-UTF-8 bytes in core grains generation (bsc#1202165) - Don't include kiwi binaries - Fix Syndic authentication errors (bsc#1199562) - Add Amazon EC2 detection for virtual grains (bsc#1195624) - Fix the regression in schedule module releasded in 3004 (bsc#1202631) - Fix state.apply in test mode with file state module on user/group checking (bsc#1202167) - Change the delimeters to prevent possible tracebacks on some packages with dpkg_lowpkg - Make zypperpkg to retry if RPM lock is temporarily unavailable (bsc#1200596) - Add SELinux profile to the package instead of using semanage - Remove Build ID links from the virtual environment and disable generating new links on building the package - Remove packages.log from the virtual environment - Fix test_ipc unit test Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Debian 11-CLIENT-TOOLS: zypper in -t patch SUSE-Debian-11-CLIENT-TOOLS-x86_64-2022-3758=1 Package List: - SUSE Manager Debian 11-CLIENT-TOOLS (amd64): venv-salt-minion-3004-2.14.1 References: https://bugzilla.suse.com/1195624 https://bugzilla.suse.com/1199562 https://bugzilla.suse.com/1200596 https://bugzilla.suse.com/1202165 https://bugzilla.suse.com/1202167 https://bugzilla.suse.com/1202631 From sle-updates at lists.suse.com Wed Oct 26 13:41:33 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 Oct 2022 15:41:33 +0200 (CEST) Subject: SUSE-RU-2022:3762-1: moderate: Recommended update for SUSE Manager Client Tools Message-ID: <20221026134133.74948FDD6@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager Client Tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:3762-1 Rating: moderate References: #1195624 #1198903 #1199562 #1200122 #1200149 #1200163 #1200596 #1202165 #1202167 #1202631 ECO-3319 Affected Products: SUSE Manager Debian 10-CLIENT-TOOLS ______________________________________________________________________________ An update that has 10 recommended fixes and contains one feature can now be installed. Description: This update fixes the following issues: salt: - Handle non-UTF-8 bytes in core grains generation (bsc#1202165) - Fix Syndic authentication errors (bsc#1199562) - Add Amazon EC2 detection for virtual grains (bsc#1195624) - Fix the regression in schedule module releasded in 3004 (bsc#1202631) - Fix state.apply in test mode with file state module on user/group checking (bsc#1202167) - Change the delimeters to prevent possible tracebacks on some packages with dpkg_lowpkg - Make zypperpkg to retry if RPM lock is temporarily unavailable (bsc#1200596) - Fix test_ipc unit test scap-security-guide: - Updated to 0.1.63 (jsc#ECO-3319) - multiple bugfixes in SUSE profiles - Expand project guidelines - Add Draft OCP4 STIG profile - Add anssi_bp28_intermediary profile - add products/uos20 to support UnionTech OS Server 20 - products/alinux3: Add CIS Alibaba Cloud Linux 3 profiles - Remove WRLinux Products - Update CIS RHEL8 Benchmark for v2.0.0 - Fixed: stig: /etc/shadow group owner should not be root but shadow (bsc#1200149) - Fixed: sles15_script-stig.sh: remediation_functions: No such file or directory (bsc#1200163) - Fixed: SLES-15-010130 - The SUSE operating system must initiate a session lock after a 15-minute period of inactivity (bsc#1200122) spacecmd: - Version 4.3.15-1 * Process date values in spacecmd api calls (bsc#1198903) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Debian 10-CLIENT-TOOLS: zypper in -t patch SUSE-Debian-10-CLIENT-TOOLS-x86_64-2022-3762=1 Package List: - SUSE Manager Debian 10-CLIENT-TOOLS (all): salt-common-3004+ds-1+2.64.1 salt-minion-3004+ds-1+2.64.1 scap-security-guide-debian-0.1.63-2.24.1 spacecmd-4.3.15-2.36.1 References: https://bugzilla.suse.com/1195624 https://bugzilla.suse.com/1198903 https://bugzilla.suse.com/1199562 https://bugzilla.suse.com/1200122 https://bugzilla.suse.com/1200149 https://bugzilla.suse.com/1200163 https://bugzilla.suse.com/1200596 https://bugzilla.suse.com/1202165 https://bugzilla.suse.com/1202167 https://bugzilla.suse.com/1202631 From sle-updates at lists.suse.com Wed Oct 26 13:43:05 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 Oct 2022 15:43:05 +0200 (CEST) Subject: SUSE-RU-2022:3750-1: moderate: Recommended update for python-magic Message-ID: <20221026134305.440DFFDD6@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-magic ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:3750-1 Rating: moderate References: Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Development Tools 15-SP3 SUSE Linux Enterprise Module for Development Tools 15-SP4 SUSE Linux Enterprise Module for Python2 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has 0 recommended fixes can now be installed. Description: This update for python-magic provides the following fix: - Ship the correct versions of python-magic on SUSE Manager repositories (no source changes). Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3750=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-3750=1 - SUSE Linux Enterprise Module for Python2 15-SP3: zypper in -t patch SUSE-SLE-Module-Python2-15-SP3-2022-3750=1 - SUSE Linux Enterprise Module for Development Tools 15-SP4: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2022-3750=1 - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2022-3750=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): python3-magic-5.32-150000.7.16.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): python2-magic-5.32-150000.7.16.1 python3-magic-5.32-150000.7.16.1 - SUSE Linux Enterprise Module for Python2 15-SP3 (aarch64 ppc64le s390x x86_64): python2-magic-5.32-150000.7.16.1 - SUSE Linux Enterprise Module for Development Tools 15-SP4 (aarch64 ppc64le s390x x86_64): python3-magic-5.32-150000.7.16.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le s390x x86_64): python3-magic-5.32-150000.7.16.1 References: From sle-updates at lists.suse.com Wed Oct 26 13:43:47 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 Oct 2022 15:43:47 +0200 (CEST) Subject: SUSE-RU-2022:15084-1: moderate: Recommended update for SUSE Manager Salt Bundle Message-ID: <20221026134347.5A9B6FDD6@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager Salt Bundle ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:15084-1 Rating: moderate References: #1200122 #1200149 #1200163 #1204206 ECO-3319 Affected Products: SUSE Manager Ubuntu 22.04-CLIENT-TOOLS ______________________________________________________________________________ An update that has four recommended fixes and contains one feature can now be installed. Description: This update fixes the following issues: venv-salt-minion: - Removed dependency to policycoreutils for Ubuntu 20.04 and higher (bsc#1204206) - Provide the venv-salt-minion for Ubuntu22.04 scap-security-guide: - Provide scap-security-guide version 0.1.63 (jsc#ECO-3319) - multiple bugfixes in SUSE profiles - Expand project guidelines - Add Draft OCP4 STIG profile - Add anssi_bp28_intermediary profile - add products/uos20 to support UnionTech OS Server 20 - products/alinux3: Add CIS Alibaba Cloud Linux 3 profiles - Remove WRLinux Products - Update CIS RHEL8 Benchmark for v2.0.0 - Fixed: stig: /etc/shadow group owner should not be root but shadow (bsc#1200149) - Fixed: sles15_script-stig.sh: remediation_functions: No such file or directory (bsc#1200163) - Fixed: SLES-15-010130 - The SUSE operating system must initiate a session lock after a 15-minute period of inactivity (bsc#1200122) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Ubuntu 22.04-CLIENT-TOOLS: zypper in -t patch suse-ubu224ct-client-tools-202209-15084=1 Package List: - SUSE Manager Ubuntu 22.04-CLIENT-TOOLS (amd64): venv-salt-minion-3004-2.5.1 References: https://bugzilla.suse.com/1200122 https://bugzilla.suse.com/1200149 https://bugzilla.suse.com/1200163 https://bugzilla.suse.com/1204206 From sle-updates at lists.suse.com Wed Oct 26 13:44:37 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 Oct 2022 15:44:37 +0200 (CEST) Subject: SUSE-RU-2022:15077-1: moderate: Recommended update for SUSE Manager Client Tools Message-ID: <20221026134437.71954FDD6@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager Client Tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:15077-1 Rating: moderate References: #1198903 Affected Products: SUSE Manager Ubuntu 22.04-CLIENT-TOOLS ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update fixes the following issues: spacecmd: - Version 4.3.15-1 * Process date values in spacecmd api calls (bsc#1198903) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Ubuntu 22.04-CLIENT-TOOLS: zypper in -t patch suse-ubu224ct-client-tools-202209-15077=1 Package List: - SUSE Manager Ubuntu 22.04-CLIENT-TOOLS (all): scap-security-guide-ubuntu-0.1.63-2.3.1 spacecmd-4.3.15-2.6.1 References: https://bugzilla.suse.com/1198903 From sle-updates at lists.suse.com Wed Oct 26 13:45:29 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 Oct 2022 15:45:29 +0200 (CEST) Subject: SUSE-RU-2022:3737-1: moderate: Recommended update for salt Message-ID: <20221026134529.2FAEFFDD6@maintenance.suse.de> SUSE Recommended Update: Recommended update for salt ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:3737-1 Rating: moderate References: #1195624 #1199562 #1200596 #1202165 #1202167 #1202631 Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Server Applications 15-SP3 SUSE Linux Enterprise Module for Transactional Server 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap Micro 5.2 ______________________________________________________________________________ An update that has 6 recommended fixes can now be installed. Description: This update for salt fixes the following issues: - Add Amazon EC2 detection for virtual grains (bsc#1195624) - Change the delimiters to prevent possible tracebacks on some packages with dpkg_lowpkg - Fix 'test_ipc' unit test - Fix Syndic authentication errors (bsc#1199562) - Fix state.apply in test mode with file state module on user/group checking (bsc#1202167) - Fix the regression in schedule module released in version 3004 (bsc#1202631) - Handle non-UTF-8 bytes in core grains generation (bsc#1202165) - Make zypperpkg to retry if RPM lock is temporarily unavailable (bsc#1200596) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap Micro 5.2: zypper in -t patch openSUSE-Leap-Micro-5.2-2022-3737=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-3737=1 - SUSE Linux Enterprise Module for Transactional Server 15-SP3: zypper in -t patch SUSE-SLE-Module-Transactional-Server-15-SP3-2022-3737=1 - SUSE Linux Enterprise Module for Server Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2022-3737=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-3737=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-3737=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-3737=1 Package List: - openSUSE Leap Micro 5.2 (aarch64 x86_64): python3-salt-3004-150300.53.30.1 salt-3004-150300.53.30.1 salt-minion-3004-150300.53.30.1 salt-transactional-update-3004-150300.53.30.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): python3-salt-3004-150300.53.30.1 salt-3004-150300.53.30.1 salt-api-3004-150300.53.30.1 salt-cloud-3004-150300.53.30.1 salt-doc-3004-150300.53.30.1 salt-master-3004-150300.53.30.1 salt-minion-3004-150300.53.30.1 salt-proxy-3004-150300.53.30.1 salt-ssh-3004-150300.53.30.1 salt-standalone-formulas-configuration-3004-150300.53.30.1 salt-syndic-3004-150300.53.30.1 salt-transactional-update-3004-150300.53.30.1 - openSUSE Leap 15.3 (noarch): salt-bash-completion-3004-150300.53.30.1 salt-fish-completion-3004-150300.53.30.1 salt-zsh-completion-3004-150300.53.30.1 - SUSE Linux Enterprise Module for Transactional Server 15-SP3 (aarch64 ppc64le s390x x86_64): salt-transactional-update-3004-150300.53.30.1 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (aarch64 ppc64le s390x x86_64): salt-api-3004-150300.53.30.1 salt-cloud-3004-150300.53.30.1 salt-master-3004-150300.53.30.1 salt-proxy-3004-150300.53.30.1 salt-ssh-3004-150300.53.30.1 salt-standalone-formulas-configuration-3004-150300.53.30.1 salt-syndic-3004-150300.53.30.1 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (noarch): salt-fish-completion-3004-150300.53.30.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): python3-salt-3004-150300.53.30.1 salt-3004-150300.53.30.1 salt-doc-3004-150300.53.30.1 salt-minion-3004-150300.53.30.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): salt-bash-completion-3004-150300.53.30.1 salt-zsh-completion-3004-150300.53.30.1 - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): python3-salt-3004-150300.53.30.1 salt-3004-150300.53.30.1 salt-minion-3004-150300.53.30.1 salt-transactional-update-3004-150300.53.30.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): python3-salt-3004-150300.53.30.1 salt-3004-150300.53.30.1 salt-minion-3004-150300.53.30.1 salt-transactional-update-3004-150300.53.30.1 References: https://bugzilla.suse.com/1195624 https://bugzilla.suse.com/1199562 https://bugzilla.suse.com/1200596 https://bugzilla.suse.com/1202165 https://bugzilla.suse.com/1202167 https://bugzilla.suse.com/1202631 From sle-updates at lists.suse.com Wed Oct 26 13:47:00 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 Oct 2022 15:47:00 +0200 (CEST) Subject: SUSE-SU-2022:3766-1: important: Security update for buildah Message-ID: <20221026134700.7921FFDD6@maintenance.suse.de> SUSE Security Update: Security update for buildah ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3766-1 Rating: important References: #1167864 #1181961 #1202812 Cross-References: CVE-2020-10696 CVE-2021-20206 CVE-2022-2990 CVSS scores: CVE-2020-10696 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2020-10696 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-20206 (NVD) : 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-20206 (SUSE): 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-2990 (NVD) : 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N CVE-2022-2990 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Containers 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap Micro 5.2 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for buildah fixes the following issues: - CVE-2021-20206: Fixed an issue in libcni that could allow an attacker to execute arbitrary binaries on the host (bsc#1181961). - CVE-2020-10696: Fixed an issue that could lead to files being overwritten during the image building process (bsc#1167864). - CVE-2022-2990: Fixed possible information disclosure and modification / bsc#1202812 Buildah was updated to version 1.27.1: * run: add container gid to additional groups - Add fix for CVE-2022-2990 / bsc#1202812 Update to version 1.27.0: * Don't try to call runLabelStdioPipes if spec.Linux is not set * build: support filtering cache by duration using --cache-ttl * build: support building from commit when using git repo as build context * build: clean up git repos correctly when using subdirs * integration tests: quote "?" in shell scripts * test: manifest inspect should have OCIv1 annotation * vendor: bump to c/common at 87fab4b7019a * Failure to determine a file or directory should print an error * refactor: remove unused CommitOptions from generateBuildOutput * stage_executor: generate output for cases with no commit * stage_executor, commit: output only if last stage in build * Use errors.Is() instead of os.Is{Not,}Exist * Minor test tweak for podman-remote compatibility * Cirrus: Use the latest imgts container * imagebuildah: complain about the right Dockerfile * tests: don't try to wrap `nil` errors * cmd/buildah.commitCmd: don't shadow "err" * cmd/buildah.pullCmd: complain about DecryptConfig/EncryptConfig * Fix a copy/paste error message * Fix a typo in an error message * build,cache: support pulling/pushing cache layers to/from remote sources * Update vendor of containers/(common, storage, image) * Rename chroot/run.go to chroot/run_linux.go * Don't bother telling codespell to skip files that don't exist * Set user namespace defaults correctly for the library * imagebuildah: optimize cache hits for COPY and ADD instructions * Cirrus: Update VM images w/ updated bats * docs, run: show SELinux label flag for cache and bind mounts * imagebuildah, build: remove undefined concurrent writes * bump github.com/opencontainers/runtime-tools * Add FreeBSD support for 'buildah info' * Vendor in latest containers/(storage, common, image) * Add freebsd cross build targets * Make the jail package build on 32bit platforms * Cirrus: Ensure the build-push VM image is labeled * GHA: Fix dynamic script filename * Vendor in containers/(common, storage, image) * Run codespell * Remove import of github.com/pkg/errors * Avoid using cgo in pkg/jail * Rename footypes to fooTypes for naming consistency * Move cleanupTempVolumes and cleanupRunMounts to run_common.go * Make the various run mounts work for FreeBSD * Move get{Bind,Tmpfs,Secret,SSH}Mount to run_common.go * Move runSetupRunMounts to run_common.go * Move cleanableDestinationListFromMounts to run_common.go * Make setupMounts and runSetupBuiltinVolumes work on FreeBSD * Move setupMounts and runSetupBuiltinVolumes to run_common.go * Tidy up - runMakeStdioPipe can't be shared with linux * Move runAcceptTerminal to run_common.go * Move stdio copying utilities to run_common.go * Move runUsingRuntime and runCollectOutput to run_common.go * Move fileCloser, waitForSync and contains to run_common.go * Move checkAndOverrideIsolationOptions to run_common.go * Move DefaultNamespaceOptions to run_common.go * Move getNetworkInterface to run_common.go * Move configureEnvironment to run_common.go * Don't crash in configureUIDGID if Process.Capabilities is nil * Move configureUIDGID to run_common.go * Move runLookupPath to run_common.go * Move setupTerminal to run_common.go * Move etc file generation utilities to run_common.go * Add run support for FreeBSD * Add a simple FreeBSD jail library * Add FreeBSD support to pkg/chrootuser * Sync call signature for RunUsingChroot with chroot/run.go * test: verify feature to resolve basename with args * vendor: bump openshift/imagebuilder to master at 4151e43 * GHA: Remove required reserved-name use * buildah: set XDG_RUNTIME_DIR before setting default runroot * imagebuildah: honor build output even if build container is not commited * chroot: honor DefaultErrnoRet * [CI:DOCS] improve pull-policy documentation * tests: retrofit test since --file does not supports dir * Switch to golang native error wrapping * BuildDockerfiles: error out if path to containerfile is a directory * define.downloadToDirectory: fail early if bad HTTP response * GHA: Allow re-use of Cirrus-Cron fail-mail workflow * add: fail on bad http response instead of writing to container * [CI:DOCS] Update buildahimage comment * lint: inspectable is never nil * vendor: c/common to common at 7e1563b * build: support OCI hooks for ephemeral build containers * [CI:BUILD] Install latest buildah instead of compiling * Add subid support with BuildRequires and BUILDTAG [NO NEW TESTS NEEDED] * Make sure cpp is installed in buildah images * demo: use unshare for rootless invocations * buildah.spec.rpkg: initial addition * build: fix test for subid 4 * build, userns: add support for --userns=auto * Fix building upstream buildah image * Remove redundant buildahimages-are-sane validation * Docs: Update multi-arch buildah images readme * Cirrus: Migrate multiarch build off github actions * retrofit-tests: we skip unused stages so use stages * stage_executor: dont rely on stage while looking for additional-context * buildkit, multistage: skip computing unwanted stages * More test cleanup * copier: work around freebsd bug for "mkdir /" * Replace $BUILDAH_BINARY with buildah() function * Fix up buildah images * Make util and copier build on FreeBSD * Vendor in latest github.com/sirupsen/logrus * Makefile: allow building without .git * run_unix: don't return an error from getNetworkInterface * run_unix: return a valid DefaultNamespaceOptions * Update vendor of containers/storage * chroot: use ActKillThread instead of ActKill * use resolvconf package from c/common/libnetwork * update c/common to latest main * copier: add `NoOverwriteNonDirDir` option * Sort buildoptions and move cli/build functions to internal * Fix TODO: de-spaghettify run mounts * Move options parsing out of build.go and into pkg/cli * [CI:DOCS] Tutorial 04 - Include Debian/Ubuntu deps * build, multiarch: support splitting build logs for --platform * [CI:BUILD] WIP Cleanup Image Dockerfiles * cli remove stutter * docker-parity: ignore sanity check if baseImage history is null * build, commit: allow disabling image history with --omit-history * Fix use generic/ambiguous DEBUG name * Cirrus: use Ubuntu 22.04 LTS * Fix codespell errors * Remove util.StringInSlice because it is defined in containers/common * buildah: add support for renaming a device in rootless setups * squash: never use build cache when computing last step of last stage * Update vendor of containers/(common, storage, image) * buildkit: supports additionalBuildContext in builds via --build-context * buildah source pull/push: show progress bar * run: allow resuing secret twice in different RUN steps * test helpers: default to being rootless-aware * Add --cpp-flag flag to buildah build * build: accept branch and subdirectory when context is git repo * Vendor in latest containers/common * vendor: update c/storage and c/image * Fix gentoo install docs * copier: move NSS load to new process * Add test for prevention of reusing encrypted layers * Make `buildah build --label foo` create an empty "foo" label again Update to version 1.26.4: * build, multiarch: support splitting build logs for --platform * copier: add `NoOverwriteNonDirDir` option * docker-parity: ignore sanity check if baseImage history is null * build, commit: allow disabling image history with --omit-history * buildkit: supports additionalBuildContext in builds via --build-context * Add --cpp-flag flag to buildah build Update to version 1.26.3: * define.downloadToDirectory: fail early if bad HTTP response * add: fail on bad http response instead of writing to container * squash: never use build cache when computing last step of last stage * run: allow resuing secret twice in different RUN steps * integration tests: update expected error messages * integration tests: quote "?" in shell scripts * Use errors.Is() to check for storage errors * lint: inspectable is never nil * chroot: use ActKillThread instead of ActKill * chroot: honor DefaultErrnoRet * Set user namespace defaults correctly for the library * contrib/rpm/buildah.spec: fix `rpm` parser warnings Drop requires on apparmor pattern, should be moved elsewhere for systems which want AppArmor instead of SELinux. - Update BuildRequires to libassuan-devel >= 2.5.2, pkgconfig file is required to build. Update to version 1.26.2: * buildah: add support for renaming a device in rootless setups Update to version 1.26.1: * Make `buildah build --label foo` create an empty "foo" label again * imagebuildah,build: move deepcopy of args before we spawn goroutine * Vendor in containers/storage v1.40.2 * buildah.BuilderOptions.DefaultEnv is ignored, so mark it as deprecated * help output: get more consistent about option usage text * Handle OS version and features flags * buildah build: --annotation and --label should remove values * buildah build: add a --env * buildah: deep copy options.Args before performing concurrent build/stage * test: inline platform and builtinargs behaviour * vendor: bump imagebuilder to master/009dbc6 * build: automatically set correct TARGETPLATFORM where expected * Vendor in containers/(common, storage, image) * imagebuildah, executor: process arg variables while populating baseMap * buildkit: add support for custom build output with --output * Cirrus: Update CI VMs to F36 * fix staticcheck linter warning for deprecated function * Fix docs build on FreeBSD * copier.unwrapError(): update for Go 1.16 * copier.PutOptions: add StripSetuidBit/StripSetgidBit/StripStickyBit * copier.Put(): write to read-only directories * Ed's periodic test cleanup * using consistent lowercase 'invalid' word in returned err msg * use etchosts package from c/common * run: set actual hostname in /etc/hostname to match docker parity * Update vendor of containers/(common,storage,image) * manifest-create: allow creating manifest list from local image * Update vendor of storage,common,image * Initialize network backend before first pull * oci spec: change special mount points for namespaces * tests/helpers.bash: assert handle corner cases correctly * buildah: actually use containers.conf settings * integration tests: learn to start a dummy registry * Fix error check to work on Podman * buildah build should accept at most one arg * tests: reduce concurrency for flaky bud-multiple-platform-no-run * vendor in latest containers/common,image,storage * manifest-add: allow override arch,variant while adding image * Remove a stray `\` from .containerenv * Vendor in latest opencontainers/selinux v1.10.1 * build, commit: allow removing default identity labels * Create shorter names for containers based on image IDs * test: skip rootless on cgroupv2 in root env * fix hang when oci runtime fails * Set permissions for GitHub actions * copier test: use correct UID/GID in test archives * run: set parent-death signals and forward SIGHUP/SIGINT/SIGTERM Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap Micro 5.2: zypper in -t patch openSUSE-Leap-Micro-5.2-2022-3766=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-3766=1 - SUSE Linux Enterprise Module for Containers 15-SP3: zypper in -t patch SUSE-SLE-Module-Containers-15-SP3-2022-3766=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-3766=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-3766=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-3766=1 Package List: - openSUSE Leap Micro 5.2 (aarch64 x86_64): libgpg-error-debugsource-1.42-150300.9.3.1 libgpg-error0-1.42-150300.9.3.1 libgpg-error0-debuginfo-1.42-150300.9.3.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): buildah-1.27.1-150300.8.11.1 libgpg-error-debugsource-1.42-150300.9.3.1 libgpg-error-devel-1.42-150300.9.3.1 libgpg-error-devel-debuginfo-1.42-150300.9.3.1 libgpg-error0-1.42-150300.9.3.1 libgpg-error0-debuginfo-1.42-150300.9.3.1 - openSUSE Leap 15.3 (x86_64): libgpg-error-devel-32bit-1.42-150300.9.3.1 libgpg-error-devel-32bit-debuginfo-1.42-150300.9.3.1 libgpg-error0-32bit-1.42-150300.9.3.1 libgpg-error0-32bit-debuginfo-1.42-150300.9.3.1 - SUSE Linux Enterprise Module for Containers 15-SP3 (aarch64 ppc64le s390x x86_64): buildah-1.27.1-150300.8.11.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): libgpg-error-debugsource-1.42-150300.9.3.1 libgpg-error-devel-1.42-150300.9.3.1 libgpg-error-devel-debuginfo-1.42-150300.9.3.1 libgpg-error0-1.42-150300.9.3.1 libgpg-error0-debuginfo-1.42-150300.9.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (x86_64): libgpg-error0-32bit-1.42-150300.9.3.1 libgpg-error0-32bit-debuginfo-1.42-150300.9.3.1 - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): libgpg-error-debugsource-1.42-150300.9.3.1 libgpg-error0-1.42-150300.9.3.1 libgpg-error0-debuginfo-1.42-150300.9.3.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): libgpg-error-debugsource-1.42-150300.9.3.1 libgpg-error0-1.42-150300.9.3.1 libgpg-error0-debuginfo-1.42-150300.9.3.1 References: https://www.suse.com/security/cve/CVE-2020-10696.html https://www.suse.com/security/cve/CVE-2021-20206.html https://www.suse.com/security/cve/CVE-2022-2990.html https://bugzilla.suse.com/1167864 https://bugzilla.suse.com/1181961 https://bugzilla.suse.com/1202812 From sle-updates at lists.suse.com Wed Oct 26 13:48:00 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 Oct 2022 15:48:00 +0200 (CEST) Subject: SUSE-RU-2022:15078-1: moderate: Recommended update for SUSE Manager Client Tools Message-ID: <20221026134800.904ECFDD6@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager Client Tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:15078-1 Rating: moderate References: #1195624 #1198903 #1199562 #1200122 #1200149 #1200163 #1200596 #1202165 #1202167 #1202631 ECO-3319 Affected Products: SUSE Manager Ubuntu 20.04-CLIENT-TOOLS ______________________________________________________________________________ An update that has 10 recommended fixes and contains one feature can now be installed. Description: This update fixes the following issues: salt: - Handle non-UTF-8 bytes in core grains generation (bsc#1202165) - Fix Syndic authentication errors (bsc#1199562) - Add Amazon EC2 detection for virtual grains (bsc#1195624) - Fix the regression in schedule module releasded in 3004 (bsc#1202631) - Fix state.apply in test mode with file state module on user/group checking (bsc#1202167) - Change the delimeters to prevent possible tracebacks on some packages with dpkg_lowpkg - Make zypperpkg to retry if RPM lock is temporarily unavailable (bsc#1200596) - Fix test_ipc unit test scap-security-guide: - Updated to 0.1.63 (jsc#ECO-3319) - multiple bugfixes in SUSE profiles - Expand project guidelines - Add Draft OCP4 STIG profile - Add anssi_bp28_intermediary profile - add products/uos20 to support UnionTech OS Server 20 - products/alinux3: Add CIS Alibaba Cloud Linux 3 profiles - Remove WRLinux Products - Update CIS RHEL8 Benchmark for v2.0.0 - Removed fix-bash-template.patch: fixed upstream - Fixed: stig: /etc/shadow group owner should not be root but shadow (bsc#1200149) - Fixed: sles15_script-stig.sh: remediation_functions: No such file or directory (bsc#1200163) - Fixed: SLES-15-010130 - The SUSE operating system must initiate a session lock after a 15-minute period of inactivity (bsc#1200122) spacecmd: - Version 4.3.15-1 * Process date values in spacecmd api calls (bsc#1198903) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Ubuntu 20.04-CLIENT-TOOLS: zypper in -t patch suse-ubu204ct-client-tools-202209-15078=1 Package List: - SUSE Manager Ubuntu 20.04-CLIENT-TOOLS (all): salt-common-3004+ds-1+2.85.2 salt-minion-3004+ds-1+2.85.2 scap-security-guide-ubuntu-0.1.63-2.24.1 spacecmd-4.3.15-2.51.1 References: https://bugzilla.suse.com/1195624 https://bugzilla.suse.com/1198903 https://bugzilla.suse.com/1199562 https://bugzilla.suse.com/1200122 https://bugzilla.suse.com/1200149 https://bugzilla.suse.com/1200163 https://bugzilla.suse.com/1200596 https://bugzilla.suse.com/1202165 https://bugzilla.suse.com/1202167 https://bugzilla.suse.com/1202631 From sle-updates at lists.suse.com Wed Oct 26 13:49:26 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 Oct 2022 15:49:26 +0200 (CEST) Subject: SUSE-RU-2022:3755-1: moderate: Recommended update for SUSE Manager Salt Bundle Message-ID: <20221026134926.828FDFDD6@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager Salt Bundle ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:3755-1 Rating: moderate References: #1195624 #1199562 #1200596 #1202165 #1202167 #1202631 Affected Products: SUSE Linux Enterprise Module for SUSE Manager Proxy 4.3 SUSE Linux Enterprise Module for SUSE Manager Server 4.3 SUSE Manager Proxy 4.3 SUSE Manager Server 4.3 SUSE Manager Tools 15 ______________________________________________________________________________ An update that has 6 recommended fixes can now be installed. Description: This update fixes the following issues: venv-salt-minion: - Remove kiwi python module from the bundle as no longer required - Handle non-UTF-8 bytes in core grains generation (bsc#1202165) - Don't include kiwi binaries - Fix Syndic authentication errors (bsc#1199562) - Add Amazon EC2 detection for virtual grains (bsc#1195624) - Fix the regression in schedule module releasded in 3004 (bsc#1202631) - Fix state.apply in test mode with file state module on user/group checking (bsc#1202167) - Change the delimeters to prevent possible tracebacks on some packages with dpkg_lowpkg - Make zypperpkg to retry if RPM lock is temporarily unavailable (bsc#1200596) - Add SELinux profile to the package instead of using semanage - Remove Build ID links from the virtual environment and disable generating new links on building the package - Remove packages.log from the virtual environment - Fix test_ipc unit test Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Tools 15: zypper in -t patch SUSE-SLE-Manager-Tools-15-2022-3755=1 - SUSE Linux Enterprise Module for SUSE Manager Server 4.3: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.3-2022-3755=1 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.3: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.3-2022-3755=1 Package List: - SUSE Manager Tools 15 (aarch64 ppc64le s390x x86_64): venv-salt-minion-3004-150000.3.14.1 - SUSE Linux Enterprise Module for SUSE Manager Server 4.3 (aarch64 ppc64le s390x x86_64): venv-salt-minion-3004-150000.3.14.1 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.3 (aarch64 ppc64le s390x x86_64): venv-salt-minion-3004-150000.3.14.1 References: https://bugzilla.suse.com/1195624 https://bugzilla.suse.com/1199562 https://bugzilla.suse.com/1200596 https://bugzilla.suse.com/1202165 https://bugzilla.suse.com/1202167 https://bugzilla.suse.com/1202631 From sle-updates at lists.suse.com Wed Oct 26 13:51:01 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 Oct 2022 15:51:01 +0200 (CEST) Subject: SUSE-SU-2022:3773-1: important: Security update for curl Message-ID: <20221026135101.107BBFDD6@maintenance.suse.de> SUSE Security Update: Security update for curl ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3773-1 Rating: important References: #1204383 Cross-References: CVE-2022-32221 CVSS scores: CVE-2022-32221 (SUSE): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L Affected Products: SUSE Enterprise Storage 7 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.1 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.1 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap Micro 5.2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for curl fixes the following issues: - CVE-2022-32221: Fixed POST following PUT confusion (bsc#1204383). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap Micro 5.2: zypper in -t patch openSUSE-Leap-Micro-5.2-2022-3773=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-3773=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-3773=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-3773=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-3773=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-3773=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-3773=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-3773=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-3773=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-3773=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-3773=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-3773=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-3773=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-3773=1 Package List: - openSUSE Leap Micro 5.2 (aarch64 x86_64): curl-7.66.0-150200.4.42.1 curl-debuginfo-7.66.0-150200.4.42.1 curl-debugsource-7.66.0-150200.4.42.1 libcurl4-7.66.0-150200.4.42.1 libcurl4-debuginfo-7.66.0-150200.4.42.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): curl-7.66.0-150200.4.42.1 curl-debuginfo-7.66.0-150200.4.42.1 curl-debugsource-7.66.0-150200.4.42.1 libcurl-devel-7.66.0-150200.4.42.1 libcurl4-7.66.0-150200.4.42.1 libcurl4-debuginfo-7.66.0-150200.4.42.1 - openSUSE Leap 15.3 (x86_64): libcurl-devel-32bit-7.66.0-150200.4.42.1 libcurl4-32bit-7.66.0-150200.4.42.1 libcurl4-32bit-debuginfo-7.66.0-150200.4.42.1 - SUSE Manager Server 4.1 (ppc64le s390x x86_64): curl-7.66.0-150200.4.42.1 curl-debuginfo-7.66.0-150200.4.42.1 curl-debugsource-7.66.0-150200.4.42.1 libcurl-devel-7.66.0-150200.4.42.1 libcurl4-7.66.0-150200.4.42.1 libcurl4-debuginfo-7.66.0-150200.4.42.1 - SUSE Manager Server 4.1 (x86_64): libcurl4-32bit-7.66.0-150200.4.42.1 libcurl4-32bit-debuginfo-7.66.0-150200.4.42.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): curl-7.66.0-150200.4.42.1 curl-debuginfo-7.66.0-150200.4.42.1 curl-debugsource-7.66.0-150200.4.42.1 libcurl-devel-7.66.0-150200.4.42.1 libcurl4-32bit-7.66.0-150200.4.42.1 libcurl4-32bit-debuginfo-7.66.0-150200.4.42.1 libcurl4-7.66.0-150200.4.42.1 libcurl4-debuginfo-7.66.0-150200.4.42.1 - SUSE Manager Proxy 4.1 (x86_64): curl-7.66.0-150200.4.42.1 curl-debuginfo-7.66.0-150200.4.42.1 curl-debugsource-7.66.0-150200.4.42.1 libcurl-devel-7.66.0-150200.4.42.1 libcurl4-32bit-7.66.0-150200.4.42.1 libcurl4-32bit-debuginfo-7.66.0-150200.4.42.1 libcurl4-7.66.0-150200.4.42.1 libcurl4-debuginfo-7.66.0-150200.4.42.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): curl-7.66.0-150200.4.42.1 curl-debuginfo-7.66.0-150200.4.42.1 curl-debugsource-7.66.0-150200.4.42.1 libcurl-devel-7.66.0-150200.4.42.1 libcurl4-7.66.0-150200.4.42.1 libcurl4-debuginfo-7.66.0-150200.4.42.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (x86_64): libcurl4-32bit-7.66.0-150200.4.42.1 libcurl4-32bit-debuginfo-7.66.0-150200.4.42.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): curl-7.66.0-150200.4.42.1 curl-debuginfo-7.66.0-150200.4.42.1 curl-debugsource-7.66.0-150200.4.42.1 libcurl-devel-7.66.0-150200.4.42.1 libcurl4-7.66.0-150200.4.42.1 libcurl4-debuginfo-7.66.0-150200.4.42.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (x86_64): libcurl4-32bit-7.66.0-150200.4.42.1 libcurl4-32bit-debuginfo-7.66.0-150200.4.42.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): curl-7.66.0-150200.4.42.1 curl-debuginfo-7.66.0-150200.4.42.1 curl-debugsource-7.66.0-150200.4.42.1 libcurl-devel-7.66.0-150200.4.42.1 libcurl4-32bit-7.66.0-150200.4.42.1 libcurl4-32bit-debuginfo-7.66.0-150200.4.42.1 libcurl4-7.66.0-150200.4.42.1 libcurl4-debuginfo-7.66.0-150200.4.42.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): curl-7.66.0-150200.4.42.1 curl-debuginfo-7.66.0-150200.4.42.1 curl-debugsource-7.66.0-150200.4.42.1 libcurl-devel-7.66.0-150200.4.42.1 libcurl4-7.66.0-150200.4.42.1 libcurl4-debuginfo-7.66.0-150200.4.42.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (x86_64): libcurl4-32bit-7.66.0-150200.4.42.1 libcurl4-32bit-debuginfo-7.66.0-150200.4.42.1 - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): curl-7.66.0-150200.4.42.1 curl-debuginfo-7.66.0-150200.4.42.1 curl-debugsource-7.66.0-150200.4.42.1 libcurl4-7.66.0-150200.4.42.1 libcurl4-debuginfo-7.66.0-150200.4.42.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): curl-7.66.0-150200.4.42.1 curl-debuginfo-7.66.0-150200.4.42.1 curl-debugsource-7.66.0-150200.4.42.1 libcurl4-7.66.0-150200.4.42.1 libcurl4-debuginfo-7.66.0-150200.4.42.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): curl-7.66.0-150200.4.42.1 curl-debuginfo-7.66.0-150200.4.42.1 curl-debugsource-7.66.0-150200.4.42.1 libcurl-devel-7.66.0-150200.4.42.1 libcurl4-7.66.0-150200.4.42.1 libcurl4-debuginfo-7.66.0-150200.4.42.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (x86_64): libcurl4-32bit-7.66.0-150200.4.42.1 libcurl4-32bit-debuginfo-7.66.0-150200.4.42.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): curl-7.66.0-150200.4.42.1 curl-debuginfo-7.66.0-150200.4.42.1 curl-debugsource-7.66.0-150200.4.42.1 libcurl-devel-7.66.0-150200.4.42.1 libcurl4-7.66.0-150200.4.42.1 libcurl4-debuginfo-7.66.0-150200.4.42.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (x86_64): libcurl4-32bit-7.66.0-150200.4.42.1 libcurl4-32bit-debuginfo-7.66.0-150200.4.42.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): curl-7.66.0-150200.4.42.1 curl-debuginfo-7.66.0-150200.4.42.1 curl-debugsource-7.66.0-150200.4.42.1 libcurl-devel-7.66.0-150200.4.42.1 libcurl4-7.66.0-150200.4.42.1 libcurl4-debuginfo-7.66.0-150200.4.42.1 - SUSE Enterprise Storage 7 (x86_64): libcurl4-32bit-7.66.0-150200.4.42.1 libcurl4-32bit-debuginfo-7.66.0-150200.4.42.1 References: https://www.suse.com/security/cve/CVE-2022-32221.html https://bugzilla.suse.com/1204383 From sle-updates at lists.suse.com Wed Oct 26 13:52:08 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 Oct 2022 15:52:08 +0200 (CEST) Subject: SUSE-SU-2022:3750-1: moderate: Security update for SUSE Manager Server 4.3 Message-ID: <20221026135208.2AB73FDB8@maintenance.suse.de> SUSE Security Update: Security update for SUSE Manager Server 4.3 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3750-1 Rating: moderate References: #1191857 #1195624 #1196729 #1197027 #1198168 #1198903 #1199726 #1200480 #1200573 #1200629 #1201210 #1201220 #1201260 #1201589 #1201626 #1201753 #1201788 #1201913 #1201918 #1202271 #1202272 #1202367 #1202455 #1202464 #1202602 #1202728 #1202729 #1202805 #1202899 #1203026 #1203049 #1203056 #1203169 #1203287 #1203288 #1203385 #1203406 #1203422 #1203449 #1203478 #1203484 #1203564 #1203585 #1203611 #1204208 SUMA-112 Cross-References: CVE-2021-41411 CVE-2021-42740 CVE-2021-43138 CVE-2022-0860 CVE-2022-31129 CVSS scores: CVE-2021-41411 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-41411 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2021-42740 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-42740 (SUSE): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-43138 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-43138 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-0860 (NVD) : 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVE-2022-0860 (SUSE): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N CVE-2022-31129 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-31129 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Module for SUSE Manager Proxy 4.3 SUSE Linux Enterprise Module for SUSE Manager Server 4.3 SUSE Manager Proxy 4.3 SUSE Manager Server 4.3 ______________________________________________________________________________ An update that solves 5 vulnerabilities, contains one feature and has 40 fixes is now available. Description: This update fixes the following issues: cobbler: - Consider case of "next_server" being a hostname during migration of Cobbler collections. - Fix problem with "proxy_url_ext" setting being None type. - Fix settings migration schema to work while upgrading on existing running Uyuni and SUSE Manager servers running with old Cobbler settings (bsc#1203478) - Do generate boot menus even if no profiles or systems - only local boot - Avoid crashing running buildiso in certain conditions. - Fix issue that a custom kernel with the extension ".kernel" is not accepted by "cobbler distro add" - Fix issue with "get_item_resolved_value" that prevented it from returning in cases where a complex object would have been returned - Fix issue where the logs would have been spammed with "grab_tree" messages that are meant for debugging - Buildiso - Fix DNS append line generation - Change apache2 conf dir for SUSE distros to allow integration with Uyuni and SUSE Manager - Avoid permissions errors during cobbler sync - Update to version 3.3.3 - Add UEFI capabilities to "cobbler buildiso" (jsc#SUMA-112) - Relevant changes on this release: * New: * Uyuni Proxies can now be set with the schema validation. * Cobbler should now build on AlmaLinux. * The initrd is not required anymore as it is an optional file. * XML-RPC: Added dump_vars endpoint. This is intended to replace get_blended_data as of 3.4.0. * XML-RPC: Added get_item_resolved_value & set_item_resolved_value endpoints. * Breaking Changes: * The field virt_file_size is now a float and the related settings as well. * Changes: * The error messages for duplicated objects now contains the name of the duplicated object. * Bugfixes: * Dictionaries had the wrong value set for <>. * There were some cases in which the autoinstallation manager was handed the wrong object and then crashed. * The inheritance of the owners field was fixed. * Serial Console options should not contain bogous -1 value anymore. * HTTP API should not throw permission errors anymore. * During build the log was not visible due to a custom logger without output. * cobbler mkloaders now also copies dependencies of menu.c32. * We now generate the grub configuration for the architectures correct again. * virt_file_size now is a float at all times. * Cobbler should restart successfully now if you have attached an image to a system. * If you have a system named default the bootloader was not removed properly before. * cobbler buildiso: The isolinux.cfg was not properly formatted. * There were unharmful templating errors in the log related to redhat_management_type. The parts depending on this were removed. * The DNS managers were non-functional before because of a not existing function call. * cobbler buildiso failed with --tmpdirs that don't end in buildiso. * cobbler buildiso had outdated docs and help messages for some parameters. * cobbler import: It was impossible to import Rocky Linux 8.5 successfully. * Cobbler created duplicated settings files before. * cobbler sync was broken by refactoring to shell=False before. - CVE-2022-0860: Improper Authorization in Cobbler. (bsc#1197027) - Version 3.3.0 fixed jsc#SUMA-112 - Update to version 3.3.2 * cobbler sync doesn't have to be executed no more after enable_ipxe was flipped * Auth: Support for Global Secure Catalog via LDAP provider * Reposync now deletes old metadata to prevent metadata merge conflicts * The automigration of the settings is now not enabled per default. * We removed ppc from RedHat EL 7 as it is not supported * Network interface is not subscriptable errors were fixed * The stacktraces related to the package and file pre & post triggers should no longer appear * You should be able to add multiple initrds if needed again * Debian: Fix regex for SHIM_FILE which now provides a working reasonable default drools: - CVE-2021-41411: XML External Entity injection in KieModuleModelImpl.java (bsc#1200629) image-sync-formula: - Update to version 0.1.1661440542.6cbe0da * Sort boot images by version instead of name-version (bsc#1196729) * Do not send events if syncing fails inter-server-sync: * Compress exported sql data and decompress during import * Add gzip dependency to decompress data file during import process locale-formula: - Update to version 0.3 * Remove .map.gz from kb_map dictionary (bsc#1203406) python-urlgrabber: - Avoid crashing when setting URLGRABBER_DEBUG=1 environment variable reprepro: - Update from version 5.3.0 to version 5.4.0 * Add shunit2 based tests * Support multiple versions * Add the commands move, movesrc, movematched, movefilter * Add Limit and Archive option * fix manpage to add the behaviour if reprepro is linked against liblzma * Mark 'dumpcontents' command as deprecated saltboot-formula: - Update to version 0.1.1661440542.6cbe0da * Fallback to local boot if the configured image is not synced * Support salt bundle spacecmd: - Version 4.3.15-1 * Process date values in spacecmd api calls (bsc#1198903) spacewalk-admin: - Version 4.3.10-1 * Ensure "cobbler mkloaders" is executed after restarting services * Add --help option to mgr-monitoring-ctl * reportdb access: force new report_db_sslrootcert if previous default is set spacewalk-backend: - Version 4.3.16-1 * Prevent mixing credentials for proxy and repository server while using basic authentication and avoid hiding errors i.e. timeouts while having proxy settings issues with extra logging in verbose mode (bsc#1201788) * Fix the condition of hiding the token from URL on logging * export armored GPG key to salt filesystem as well * Upgrade Cobbler requirement to 3.3.3 or later * Make reposync use the configured http proxy with mirrorlist (bsc#1198168) spacewalk-certs-tools: - Version 4.3.15-1 * fix mgr-ssl-cert-setup for root CAs which do not set authorityKeyIdentifier (bsc#1203585) spacewalk-client-tools: - Version 4.3.12-1 * Update translation strings spacewalk-java: - version 4.3.38-1 * delay hardware refresh action to avoid missing channels (bsc#1204208) - Version 4.3.37-1 * Fix get_item_resolved_value call - Version 4.3.36-1 * Fix prerequisite action serialization (bsc#1202899, bsc#1203484) * Fix hardware update where there is no DNS FQDN changes (bsc#1203611) * Fix UI crash when filtering on systems list (bsc#1203169) * Filter out successors that have no repositories on SP migration (bsc#1202367) * Reduced the usage of deprecated Hibernate API * Use mgrnet.dns_fqdns module to improve FQDN detection (bsc#1199726) * Support Pay-as-you-go new CA location for SUSE Linux Enterprise Server 15 SP4 and higher (bsc#1202729) * Fixed pagination for completed/failed systems in action details * Add support in rhn.conf for smtp port, auth, ssl/tls config * Calculate dependencies between cloned channels of vendor channels (bsc#1201626) * Fix sync for external repositories (bsc#1201753) * Detect the clients running on Amazon EC2 (bsc#1195624) * Adjust cobbler requirement to version 3.3.3 * Support inherited values for kernel options from Cobbler API * Fix virtFileSize type after cobbler upgrade * Redefine available power_management.types for cobbler >= 3.3.1 * fix state.apply result parsing in test mode (bsc#1201913) * require tomcat native interface to prevent misleading warning in tomcat startup log (bsc#1202455) * Reduce the length of image channel URL (bsc#1201220) * Fixed formula deselection in systemgroup (bsc#1202271) * Added a new configuration property to allow custom channels to be synced together with vendor channels. * add onlyRelevant argument to addErrataUpdate API * fix taskomatic task remain in progress spacewalk-search: - Version 4.3.7-1 * update dependencies after package rename spacewalk-setup: - version 4.3.12 * Fix detected issues to perform migration of Cobbler settings and collections. - Version 4.3.11-1 * Trigger migration of Cobbler settings and collections if necessary during package installation (bsc#1203478) * Execute "cobbler mkloaders" when setting up cobbler * Adjust next_server cobbler settings for cobbler >= 3.3.1 * fix prototype missmatch in idn_to_ascii (bsc#1203385) spacewalk-utils: - Version 4.3.14-1 * Make spacewalk-hostname-rename working with settings.yaml cobbler config file (bsc#1203564) * spacewalk-common-channels now syncs the channels automatically on creation, if the new configuration property named 'unify_custom_channel_management' is enabled spacewalk-web: - Version 4.3.24-1 * Upgrade moment-timezone * CVE-2021-43138: Obtain privileges via the `mapValues()` method. (bsc#1200480) * CVE-2021-42740: Command injection in the shell-quote package. (bsc#1203287) * CVE-2022-31129: Denial-of-Service moment: inefficient parsing algorithm (bsc#1203288) * Fix table header layout for unselectable tables subscription-matcher: - Added Guava maximum version requirement susemanager: - Version 4.3.19-1 * mark new dependencies for python-py optional in bootstrap repo to fix generation for older service packs (bsc#1203449) * add bootstrap repository definition for OES2023 (bsc#1202602) * add missing packages on SUSE Linux Enterprise Server 15 * remove server-migrator.sh from SUSE Manager installations (bsc#1202728) * create bootstrap repository data for Ubuntu 22.04 Vendor Channels * remove obsoleted sysv init script (bsc#1191857) * mgr-create-bootstrap-repo: flush directory also when called for a specific label (bsc#1200573) * pg-migrate-x-to-y.sh: improve output (bsc#1201260) * remove python-tornado from bootstrap repo, since no longer required for salt version >= 3000 * add missing packages on SUSE Linux Enterprise Server 12 SP5 bootstrap repo (bsc#1201918) * revert "bootstrap repo: set optional packages" susemanager-build-keys: - Add release and auxiliary GPG keys for RedHat - Add keys for Rocky Linux 9 * RPM-GPG-KEY-redhat-release * RPM-GPG-KEY-redhat-auxiliary * RPM-GPG-KEY-Rocky-9 susemanager-docs_en: - Removed Debian 9 references due to end of life and added missing Debian 11 info - Fixed description of default notification settings (bsc#1203422) - Added missing Debian 11 references - Documented helm deployment of the proxy on k3s and MetalLB in Installation and Upgrade Guide - Added secure mail communication settings in Administration Guide - Fixed path to state and pillar files - Documented how pxeboot works with Secure Boot enabled in Client Configuration Guide - Add repository via proxy issues troubleshooting page - Change import GPG key description - Added SLE Micro 5.2 and 5.3 as available as a technology preview in Client Configuration Guide, and the IBM Z architecture for 5.1, 5.2, and 5.3 - Added command to remove the obsolete Python module on SUSE Manager Server 4.1 in the Installation and Upgrade Guide (bsc#1203026) - Mention CA certificate directory in the proxy setup description in the Installation and Upgrade Guide (bsc#1202805) - Documented mandatory channels in the Disconnected Setup chapter of the Administration Guide (bsc#1202464) - Documented how to onboard Ubuntu clients with the Salt bundle as a regular user - Documented how to onboard Debian clients with the Salt bundle or plain Salt as a regular user - Fixed the names of updates channels for Leap - Fixed errors in OpenSCAP chapter of Administration Guide - Removed CentOS 8 from the list of supported client systems - Extend the notes about using noexec option for /tmp and /var/tmp (bsc#1201210) - Added Extend Salt Bundle functionality with Python packages using pip - Salt Configuration Modules are no longer Technology Preview in the Salt Guide susemanager-schema: - Version 4.3.14-1 * Add subtypes for Amazon EC2 virtual instances (bsc#1195624) * Fix migration of image actions (bsc#1202272) * improve schema compatibility with Amazon RDS susemanager-sls: - Version 4.3.25-1 * Fix mgrnet availability check * Remove dependence on Kiwi libraries * disable always the bootstrap repository also when "mgr_disable_local_repos" is set to False * Use mgrnet.dns_fqdns module to improve FQDN detection (bsc#1199726) * fix syntax error - remove trailing colon (bsc#1203049) * Add mgrnet salt module with mgrnet.dns_fqnd function implementation allowing to get all possible FQDNs from DNS (bsc#1199726) * Copy grains file with util.mgr_switch_to_venv_minion state apply (bsc#1203056) * Remove the message 'rpm: command not found' on using Salt SSH with Debian based systems which has no Salt Bundle susemanager-sync-data: - Version 4.3.9-1 * add oes2023 (bsc#1202602) * add Ubuntu 22.04 amd64 susemanager-tftpsync: - Version 4.3.2-1 * Adjust sync_post_tftpd_proxies module to cobbler >= 3.3.1 uyuni-common-libs: - Version 4.3.6-1 * Do not allow creating path if nonexistent user or group in fileutils. uyuni-reportdb-schema: - Version 4.3.6-1 * improve schema compatibility with Amazon RDS How to apply this update: 1. Log in as root user to the SUSE Manager server. 2. Stop the Spacewalk service: `spacewalk-service stop` 3. Apply the patch using either zypper patch or YaST Online Update. 4. Start the Spacewalk service: `spacewalk-service start` Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for SUSE Manager Server 4.3: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.3-2022-3750=1 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.3: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.3-2022-3750=1 Package List: - SUSE Linux Enterprise Module for SUSE Manager Server 4.3 (ppc64le s390x x86_64): inter-server-sync-0.2.3-150400.3.6.1 inter-server-sync-debuginfo-0.2.3-150400.3.6.1 python3-magic-5.32-150000.7.16.1 python3-uyuni-common-libs-4.3.6-150400.3.6.4 reprepro-5.4.0-150400.3.6.1 reprepro-debuginfo-5.4.0-150400.3.6.1 reprepro-debugsource-5.4.0-150400.3.6.1 susemanager-4.3.19-150400.3.6.4 susemanager-tftpsync-4.3.2-150400.3.3.4 susemanager-tools-4.3.19-150400.3.6.4 - SUSE Linux Enterprise Module for SUSE Manager Server 4.3 (noarch): cobbler-3.3.3-150400.5.7.1 drools-7.17.0-150400.3.6.1 image-sync-formula-0.1.1661440542.6cbe0da-150400.3.6.1 locale-formula-0.3-150400.3.3.1 python3-schema-0.6.7-150400.10.3.1 python3-spacewalk-certs-tools-4.3.15-150400.3.6.2 python3-spacewalk-client-tools-4.3.12-150400.3.6.6 python3-urlgrabber-4.1.0-150400.3.6.1 saltboot-formula-0.1.1661440542.6cbe0da-150400.3.3.1 spacecmd-4.3.15-150400.3.6.4 spacewalk-admin-4.3.10-150400.3.3.2 spacewalk-backend-4.3.16-150400.3.6.8 spacewalk-backend-app-4.3.16-150400.3.6.8 spacewalk-backend-applet-4.3.16-150400.3.6.8 spacewalk-backend-config-files-4.3.16-150400.3.6.8 spacewalk-backend-config-files-common-4.3.16-150400.3.6.8 spacewalk-backend-config-files-tool-4.3.16-150400.3.6.8 spacewalk-backend-iss-4.3.16-150400.3.6.8 spacewalk-backend-iss-export-4.3.16-150400.3.6.8 spacewalk-backend-package-push-server-4.3.16-150400.3.6.8 spacewalk-backend-server-4.3.16-150400.3.6.8 spacewalk-backend-sql-4.3.16-150400.3.6.8 spacewalk-backend-sql-postgresql-4.3.16-150400.3.6.8 spacewalk-backend-tools-4.3.16-150400.3.6.8 spacewalk-backend-xml-export-libs-4.3.16-150400.3.6.8 spacewalk-backend-xmlrpc-4.3.16-150400.3.6.8 spacewalk-base-4.3.24-150400.3.6.4 spacewalk-base-minimal-4.3.24-150400.3.6.4 spacewalk-base-minimal-config-4.3.24-150400.3.6.4 spacewalk-certs-tools-4.3.15-150400.3.6.2 spacewalk-client-tools-4.3.12-150400.3.6.6 spacewalk-html-4.3.24-150400.3.6.4 spacewalk-java-4.3.38-150400.3.8.3 spacewalk-java-config-4.3.38-150400.3.8.3 spacewalk-java-lib-4.3.38-150400.3.8.3 spacewalk-java-postgresql-4.3.38-150400.3.8.3 spacewalk-search-4.3.7-150400.3.6.2 spacewalk-setup-4.3.12-150400.3.8.1 spacewalk-taskomatic-4.3.38-150400.3.8.3 spacewalk-utils-4.3.14-150400.3.6.3 spacewalk-utils-extras-4.3.14-150400.3.6.3 subscription-matcher-0.29-150400.3.7.1 susemanager-build-keys-15.4.3-150400.3.6.1 susemanager-build-keys-web-15.4.3-150400.3.6.1 susemanager-docs_en-4.3-150400.9.6.1 susemanager-docs_en-pdf-4.3-150400.9.6.1 susemanager-schema-4.3.14-150400.3.6.5 susemanager-schema-utility-4.3.14-150400.3.6.5 susemanager-sls-4.3.25-150400.3.6.4 susemanager-sync-data-4.3.9-150400.3.3.1 uyuni-config-modules-4.3.25-150400.3.6.4 uyuni-reportdb-schema-4.3.6-150400.3.3.6 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.3 (noarch): mgr-daemon-4.3.6-150400.3.6.4 python3-spacewalk-certs-tools-4.3.15-150400.3.6.2 python3-spacewalk-check-4.3.12-150400.3.6.6 python3-spacewalk-client-setup-4.3.12-150400.3.6.6 python3-spacewalk-client-tools-4.3.12-150400.3.6.6 spacecmd-4.3.15-150400.3.6.4 spacewalk-backend-4.3.16-150400.3.6.8 spacewalk-base-minimal-4.3.24-150400.3.6.4 spacewalk-base-minimal-config-4.3.24-150400.3.6.4 spacewalk-certs-tools-4.3.15-150400.3.6.2 spacewalk-check-4.3.12-150400.3.6.6 spacewalk-client-setup-4.3.12-150400.3.6.6 spacewalk-client-tools-4.3.12-150400.3.6.6 susemanager-build-keys-15.4.3-150400.3.6.1 susemanager-build-keys-web-15.4.3-150400.3.6.1 susemanager-tftpsync-recv-4.3.7-150400.3.3.3 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.3 (x86_64): python3-uyuni-common-libs-4.3.6-150400.3.6.4 References: https://www.suse.com/security/cve/CVE-2021-41411.html https://www.suse.com/security/cve/CVE-2021-42740.html https://www.suse.com/security/cve/CVE-2021-43138.html https://www.suse.com/security/cve/CVE-2022-0860.html https://www.suse.com/security/cve/CVE-2022-31129.html https://bugzilla.suse.com/1191857 https://bugzilla.suse.com/1195624 https://bugzilla.suse.com/1196729 https://bugzilla.suse.com/1197027 https://bugzilla.suse.com/1198168 https://bugzilla.suse.com/1198903 https://bugzilla.suse.com/1199726 https://bugzilla.suse.com/1200480 https://bugzilla.suse.com/1200573 https://bugzilla.suse.com/1200629 https://bugzilla.suse.com/1201210 https://bugzilla.suse.com/1201220 https://bugzilla.suse.com/1201260 https://bugzilla.suse.com/1201589 https://bugzilla.suse.com/1201626 https://bugzilla.suse.com/1201753 https://bugzilla.suse.com/1201788 https://bugzilla.suse.com/1201913 https://bugzilla.suse.com/1201918 https://bugzilla.suse.com/1202271 https://bugzilla.suse.com/1202272 https://bugzilla.suse.com/1202367 https://bugzilla.suse.com/1202455 https://bugzilla.suse.com/1202464 https://bugzilla.suse.com/1202602 https://bugzilla.suse.com/1202728 https://bugzilla.suse.com/1202729 https://bugzilla.suse.com/1202805 https://bugzilla.suse.com/1202899 https://bugzilla.suse.com/1203026 https://bugzilla.suse.com/1203049 https://bugzilla.suse.com/1203056 https://bugzilla.suse.com/1203169 https://bugzilla.suse.com/1203287 https://bugzilla.suse.com/1203288 https://bugzilla.suse.com/1203385 https://bugzilla.suse.com/1203406 https://bugzilla.suse.com/1203422 https://bugzilla.suse.com/1203449 https://bugzilla.suse.com/1203478 https://bugzilla.suse.com/1203484 https://bugzilla.suse.com/1203564 https://bugzilla.suse.com/1203585 https://bugzilla.suse.com/1203611 https://bugzilla.suse.com/1204208 From sle-updates at lists.suse.com Wed Oct 26 13:56:28 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 Oct 2022 15:56:28 +0200 (CEST) Subject: SUSE-RU-2022:3738-1: moderate: Recommended update for salt Message-ID: <20221026135628.76272FDB8@maintenance.suse.de> SUSE Recommended Update: Recommended update for salt ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:3738-1 Rating: moderate References: #1195624 #1199562 #1200596 #1202165 #1202167 #1202631 Affected Products: SUSE Enterprise Storage 7 SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Manager Proxy 4.1 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1 ______________________________________________________________________________ An update that has 6 recommended fixes can now be installed. Description: This update for salt fixes the following issues: - Add Amazon EC2 detection for virtual grains (bsc#1195624) - Change the delimiters to prevent possible tracebacks on some packages with dpkg_lowpkg - Fix 'test_ipc' unit test - Fix Syndic authentication errors (bsc#1199562) - Fix state.apply in test mode with file state module on user/group checking (bsc#1202167) - Fix the regression in schedule module released in version 3004 (bsc#1202631) - Handle non-UTF-8 bytes in core grains generation (bsc#1202165) - Make zypperpkg to retry if RPM lock is temporarily unavailable (bsc#1200596) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-3738=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-3738=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-3738=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-3738=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-3738=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-3738=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-3738=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-3738=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-3738=1 Package List: - SUSE Manager Server 4.1 (ppc64le s390x x86_64): python3-salt-3004-150200.78.1 salt-3004-150200.78.1 salt-api-3004-150200.78.1 salt-cloud-3004-150200.78.1 salt-doc-3004-150200.78.1 salt-master-3004-150200.78.1 salt-minion-3004-150200.78.1 salt-proxy-3004-150200.78.1 salt-ssh-3004-150200.78.1 salt-standalone-formulas-configuration-3004-150200.78.1 salt-syndic-3004-150200.78.1 salt-transactional-update-3004-150200.78.1 - SUSE Manager Server 4.1 (noarch): salt-bash-completion-3004-150200.78.1 salt-fish-completion-3004-150200.78.1 salt-zsh-completion-3004-150200.78.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): python3-salt-3004-150200.78.1 salt-3004-150200.78.1 salt-api-3004-150200.78.1 salt-cloud-3004-150200.78.1 salt-doc-3004-150200.78.1 salt-master-3004-150200.78.1 salt-minion-3004-150200.78.1 salt-proxy-3004-150200.78.1 salt-ssh-3004-150200.78.1 salt-standalone-formulas-configuration-3004-150200.78.1 salt-syndic-3004-150200.78.1 salt-transactional-update-3004-150200.78.1 - SUSE Manager Retail Branch Server 4.1 (noarch): salt-bash-completion-3004-150200.78.1 salt-fish-completion-3004-150200.78.1 salt-zsh-completion-3004-150200.78.1 - SUSE Manager Proxy 4.1 (noarch): salt-bash-completion-3004-150200.78.1 salt-fish-completion-3004-150200.78.1 salt-zsh-completion-3004-150200.78.1 - SUSE Manager Proxy 4.1 (x86_64): python3-salt-3004-150200.78.1 salt-3004-150200.78.1 salt-api-3004-150200.78.1 salt-cloud-3004-150200.78.1 salt-doc-3004-150200.78.1 salt-master-3004-150200.78.1 salt-minion-3004-150200.78.1 salt-proxy-3004-150200.78.1 salt-ssh-3004-150200.78.1 salt-standalone-formulas-configuration-3004-150200.78.1 salt-syndic-3004-150200.78.1 salt-transactional-update-3004-150200.78.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): python3-salt-3004-150200.78.1 salt-3004-150200.78.1 salt-api-3004-150200.78.1 salt-cloud-3004-150200.78.1 salt-doc-3004-150200.78.1 salt-master-3004-150200.78.1 salt-minion-3004-150200.78.1 salt-proxy-3004-150200.78.1 salt-ssh-3004-150200.78.1 salt-standalone-formulas-configuration-3004-150200.78.1 salt-syndic-3004-150200.78.1 salt-transactional-update-3004-150200.78.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (noarch): salt-bash-completion-3004-150200.78.1 salt-fish-completion-3004-150200.78.1 salt-zsh-completion-3004-150200.78.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): python3-salt-3004-150200.78.1 salt-3004-150200.78.1 salt-api-3004-150200.78.1 salt-cloud-3004-150200.78.1 salt-doc-3004-150200.78.1 salt-master-3004-150200.78.1 salt-minion-3004-150200.78.1 salt-proxy-3004-150200.78.1 salt-ssh-3004-150200.78.1 salt-standalone-formulas-configuration-3004-150200.78.1 salt-syndic-3004-150200.78.1 salt-transactional-update-3004-150200.78.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (noarch): salt-bash-completion-3004-150200.78.1 salt-fish-completion-3004-150200.78.1 salt-zsh-completion-3004-150200.78.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): python3-salt-3004-150200.78.1 salt-3004-150200.78.1 salt-api-3004-150200.78.1 salt-cloud-3004-150200.78.1 salt-doc-3004-150200.78.1 salt-master-3004-150200.78.1 salt-minion-3004-150200.78.1 salt-proxy-3004-150200.78.1 salt-ssh-3004-150200.78.1 salt-standalone-formulas-configuration-3004-150200.78.1 salt-syndic-3004-150200.78.1 salt-transactional-update-3004-150200.78.1 - SUSE Linux Enterprise Server 15-SP2-BCL (noarch): salt-bash-completion-3004-150200.78.1 salt-fish-completion-3004-150200.78.1 salt-zsh-completion-3004-150200.78.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): python3-salt-3004-150200.78.1 salt-3004-150200.78.1 salt-api-3004-150200.78.1 salt-cloud-3004-150200.78.1 salt-doc-3004-150200.78.1 salt-master-3004-150200.78.1 salt-minion-3004-150200.78.1 salt-proxy-3004-150200.78.1 salt-ssh-3004-150200.78.1 salt-standalone-formulas-configuration-3004-150200.78.1 salt-syndic-3004-150200.78.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (noarch): salt-bash-completion-3004-150200.78.1 salt-fish-completion-3004-150200.78.1 salt-zsh-completion-3004-150200.78.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): python3-salt-3004-150200.78.1 salt-3004-150200.78.1 salt-api-3004-150200.78.1 salt-cloud-3004-150200.78.1 salt-doc-3004-150200.78.1 salt-master-3004-150200.78.1 salt-minion-3004-150200.78.1 salt-proxy-3004-150200.78.1 salt-ssh-3004-150200.78.1 salt-standalone-formulas-configuration-3004-150200.78.1 salt-syndic-3004-150200.78.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (noarch): salt-bash-completion-3004-150200.78.1 salt-fish-completion-3004-150200.78.1 salt-zsh-completion-3004-150200.78.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): python3-salt-3004-150200.78.1 salt-3004-150200.78.1 salt-api-3004-150200.78.1 salt-cloud-3004-150200.78.1 salt-doc-3004-150200.78.1 salt-master-3004-150200.78.1 salt-minion-3004-150200.78.1 salt-proxy-3004-150200.78.1 salt-ssh-3004-150200.78.1 salt-standalone-formulas-configuration-3004-150200.78.1 salt-syndic-3004-150200.78.1 salt-transactional-update-3004-150200.78.1 - SUSE Enterprise Storage 7 (noarch): salt-bash-completion-3004-150200.78.1 salt-fish-completion-3004-150200.78.1 salt-zsh-completion-3004-150200.78.1 References: https://bugzilla.suse.com/1195624 https://bugzilla.suse.com/1199562 https://bugzilla.suse.com/1200596 https://bugzilla.suse.com/1202165 https://bugzilla.suse.com/1202167 https://bugzilla.suse.com/1202631 From sle-updates at lists.suse.com Wed Oct 26 13:58:07 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 Oct 2022 15:58:07 +0200 (CEST) Subject: SUSE-SU-2022:3751-1: moderate: Security update for SUSE Manager Client Tools Message-ID: <20221026135807.20101FDB8@maintenance.suse.de> SUSE Security Update: Security update for SUSE Manager Client Tools ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3751-1 Rating: moderate References: #1198903 #1201535 #1201539 SLE-23422 SLE-23439 SLE-24565 SLE-24791 Cross-References: CVE-2022-31097 CVE-2022-31107 CVSS scores: CVE-2022-31097 (NVD) : 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2022-31097 (SUSE): 7.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N CVE-2022-31107 (NVD) : 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-31107 (SUSE): 7.1 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L Affected Products: SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise Module for SUSE Manager Proxy 4.2 SUSE Linux Enterprise Module for SUSE Manager Proxy 4.3 SUSE Linux Enterprise Module for SUSE Manager Server 4.2 SUSE Linux Enterprise Module for SUSE Manager Server 4.3 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server for SAP 15 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Server 4.2 SUSE Manager Server 4.3 SUSE Manager Tools 15 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that solves two vulnerabilities, contains four features and has one errata is now available. Description: This update fixes the following issues: dracut-saltboot: - Update to version 0.1.1661440542.6cbe0da * Use standard susemanager.conf * Move image services to dracut-saltboot package * Use salt bundle golang-github-lusitaniae-apache_exporter: - Update to upstream release 0.11.0 (jsc#SLE-24791) * Add TLS support * Switch to logger, please check --log.level and --log.format flags - Update to version 0.10.1 * Bugfix: Reset ProxyBalancer metrics on each scrape to remove stale data - Update to version 0.10.0 * Add Apache Proxy and other metrics - Update to version 0.8.0 * Change commandline flags * Add metrics: Apache version, request duration total - Adapted to build on Enterprise Linux 8 - Require building with Go 1.15 - Add %license macro for LICENSE file grafana: - Update to version 8.3.10 + Security: * CVE-2022-31097: Cross Site Scripting vulnerability in the Unified Alerting (bsc#1201535) * CVE-2022-31107: Fixes OAuth account takeover vulnerability (bsc#1201539) - Update to version 8.3.9 + Bug fixes: * Geomap: Display legend * Prometheus: Fix timestamp truncation - Update to version 8.3.7 + Bug fix: * Provisioning: Ensure that the default value for orgID is set when provisioning datasources to be deleted. - Update to version 8.3.6 + Features and enhancements: * Cloud Monitoring: Reduce request size when listing labels. * Explore: Show scalar data result in a table instead of graph. * Snapshots: Updates the default external snapshot server URL. * Table: Makes footer not overlap table content. * Tempo: Add request histogram to service graph datalink. * Tempo: Add time range to tempo search query behind a feature flag. * Tempo: Auto-clear results when changing query type. * Tempo: Display start time in search results as relative time. * CloudMonitoring: Fix resource labels in query editor. * Cursor sync: Apply the settings without saving the dashboard. * LibraryPanels: Fix for Error while cleaning library panels. * Logs Panel: Fix timestamp parsing for string dates without timezone. * Prometheus: Fix some of the alerting queries that use reduce/math operation. * TablePanel: Fix ad-hoc variables not working on default datasources. * Text Panel: Fix alignment of elements. * Variables: Fix for constant variables in self referencing links. - Update to version 8.3.5 (jsc#SLE-23439, jsc#SLE-23422, jsc#SLE-24565) mgr-daemon: - Version 4.3.6-1 * Update translation strings spacecmd: - Version 4.3.15-1 * Process date values in spacecmd api calls (bsc#1198903) spacewalk-client-tools: - Version 4.3.12-1 * Update translation strings uyuni-common-libs: - Version 4.3.6-1 * Do not allow creating path if nonexistent user or group in fileutils. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3751=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-3751=1 - SUSE Manager Tools 15: zypper in -t patch SUSE-SLE-Manager-Tools-15-2022-3751=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-3751=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-3751=1 - SUSE Linux Enterprise Module for SUSE Manager Server 4.3: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.3-2022-3751=1 - SUSE Linux Enterprise Module for SUSE Manager Server 4.2: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.2-2022-3751=1 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.3: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.3-2022-3751=1 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.2: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.2-2022-3751=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-3751=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-3751=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): golang-github-lusitaniae-apache_exporter-0.11.0-150000.1.12.1 golang-github-lusitaniae-apache_exporter-debuginfo-0.11.0-150000.1.12.1 - openSUSE Leap 15.4 (noarch): dracut-saltboot-0.1.1661440542.6cbe0da-150000.1.38.1 spacecmd-4.3.15-150000.3.86.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): golang-github-lusitaniae-apache_exporter-0.11.0-150000.1.12.1 golang-github-lusitaniae-apache_exporter-debuginfo-0.11.0-150000.1.12.1 - openSUSE Leap 15.3 (noarch): dracut-saltboot-0.1.1661440542.6cbe0da-150000.1.38.1 spacecmd-4.3.15-150000.3.86.1 - SUSE Manager Tools 15 (aarch64 ppc64le s390x x86_64): golang-github-lusitaniae-apache_exporter-0.11.0-150000.1.12.1 golang-github-lusitaniae-apache_exporter-debuginfo-0.11.0-150000.1.12.1 grafana-8.3.10-150000.1.33.1 grafana-debuginfo-8.3.10-150000.1.33.1 python3-uyuni-common-libs-4.3.6-150000.1.27.2 - SUSE Manager Tools 15 (noarch): dracut-saltboot-0.1.1661440542.6cbe0da-150000.1.38.1 mgr-daemon-4.3.6-150000.1.38.1 python3-spacewalk-check-4.3.12-150000.3.68.2 python3-spacewalk-client-setup-4.3.12-150000.3.68.2 python3-spacewalk-client-tools-4.3.12-150000.3.68.2 spacecmd-4.3.15-150000.3.86.1 spacewalk-check-4.3.12-150000.3.68.2 spacewalk-client-setup-4.3.12-150000.3.68.2 spacewalk-client-tools-4.3.12-150000.3.68.2 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): golang-github-prometheus-node_exporter-1.3.0-150000.3.18.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): golang-github-prometheus-node_exporter-1.3.0-150000.3.18.1 - SUSE Linux Enterprise Module for SUSE Manager Server 4.3 (aarch64 ppc64le s390x x86_64): golang-github-lusitaniae-apache_exporter-0.11.0-150000.1.12.1 golang-github-lusitaniae-apache_exporter-debuginfo-0.11.0-150000.1.12.1 - SUSE Linux Enterprise Module for SUSE Manager Server 4.2 (aarch64 ppc64le s390x x86_64): golang-github-lusitaniae-apache_exporter-0.11.0-150000.1.12.1 golang-github-lusitaniae-apache_exporter-debuginfo-0.11.0-150000.1.12.1 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.3 (aarch64 ppc64le s390x x86_64): golang-github-lusitaniae-apache_exporter-0.11.0-150000.1.12.1 golang-github-lusitaniae-apache_exporter-debuginfo-0.11.0-150000.1.12.1 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.2 (aarch64 ppc64le s390x x86_64): golang-github-lusitaniae-apache_exporter-0.11.0-150000.1.12.1 golang-github-lusitaniae-apache_exporter-debuginfo-0.11.0-150000.1.12.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): golang-github-prometheus-node_exporter-1.3.0-150000.3.18.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): golang-github-prometheus-node_exporter-1.3.0-150000.3.18.1 References: https://www.suse.com/security/cve/CVE-2022-31097.html https://www.suse.com/security/cve/CVE-2022-31107.html https://bugzilla.suse.com/1198903 https://bugzilla.suse.com/1201535 https://bugzilla.suse.com/1201539 From sle-updates at lists.suse.com Wed Oct 26 13:59:23 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 Oct 2022 15:59:23 +0200 (CEST) Subject: SUSE-SU-2022:3761-1: moderate: Security update for release-notes-susemanager, release-notes-susemanager-proxy Message-ID: <20221026135923.7EC75FDB8@maintenance.suse.de> SUSE Security Update: Security update for release-notes-susemanager, release-notes-susemanager-proxy ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3761-1 Rating: moderate References: #1191857 #1195624 #1196729 #1197027 #1198168 #1198903 #1199726 #1200480 #1200573 #1200629 #1201210 #1201220 #1201260 #1201589 #1201626 #1201753 #1201788 #1201913 #1201918 #1202271 #1202272 #1202367 #1202455 #1202464 #1202602 #1202728 #1202729 #1202805 #1202899 #1203026 #1203049 #1203056 #1203169 #1203287 #1203288 #1203385 #1203406 #1203422 #1203449 #1203478 #1203484 #1203564 #1203585 #1203611 Cross-References: CVE-2021-41411 CVE-2021-42740 CVE-2021-43138 CVE-2022-0860 CVE-2022-31129 CVSS scores: CVE-2021-41411 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-41411 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2021-42740 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-42740 (SUSE): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-43138 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-43138 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-0860 (NVD) : 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVE-2022-0860 (SUSE): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N CVE-2022-31129 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-31129 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 ______________________________________________________________________________ An update that solves 5 vulnerabilities and has 39 fixes is now available. Description: This update for release-notes-susemanager, release-notes-susemanager-proxy fixes the following issues: Release notes for SUSE Manager: - Update to SUSE Manager 4.3.2 * Containerized proxy and RBS are now fully supported * HTTP API is now fully supported * Ubuntu 22.04 is now supported as a client * Cobbler has been upgraded to version 3.3.3 which also includes building ISOs with UEFI support * pip support has been added for the Salt Bundle * Prometheus exporter for Apache has been upgraded to 0.10.0 * CVEs fixed: CVE-2021-41411, CVE-2021-42740, CVE-2021-43138, CVE-2022-0860, CVE-2022-31129 * Bugs mentioned: bsc#1191857, bsc#1195624, bsc#1196729, bsc#1197027, bsc#1198168 bsc#1198903, bsc#1199726, bsc#1200480, bsc#1200573, bsc#1200629 bsc#1201210, bsc#1201220, bsc#1201260, bsc#1201626, bsc#1201753 bsc#1201788, bsc#1201913, bsc#1201918, bsc#1202271, bsc#1202272 bsc#1202367, bsc#1202455, bsc#1202464, bsc#1202602, bsc#1202728 bsc#1202729, bsc#1202805, bsc#1202899, bsc#1203026, bsc#1203049 bsc#1203056, bsc#1203169, bsc#1203287, bsc#1203288, bsc#1203385 bsc#1203406, bsc#1203422, bsc#1203449, bsc#1203478, bsc#1203484 bsc#1203564, bsc#1203585, bsc#1203611 Release notes for SUSE Manager Proxy: - Update to SUSE Manager 4.3.2 * Containerized proxy and RBS are now fully supported * CVEs fixed: CVE-2021-42740, CVE-2021-43138, CVE-2022-31129 * Bugs mentioned: bsc#1198168, bsc#1198903, bsc#1200480, bsc#1201589, bsc#1201788 bsc#1203287, bsc#1203288, bsc#1203585 Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.3: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.3-2022-3761=1 - SUSE Manager Retail Branch Server 4.3: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.3-2022-3761=1 - SUSE Manager Proxy 4.3: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-2022-3761=1 Package List: - SUSE Manager Server 4.3 (ppc64le s390x x86_64): release-notes-susemanager-4.3.2-150400.3.15.1 - SUSE Manager Retail Branch Server 4.3 (x86_64): release-notes-susemanager-proxy-4.3.2-150400.3.9.3 - SUSE Manager Proxy 4.3 (x86_64): release-notes-susemanager-proxy-4.3.2-150400.3.9.3 References: https://www.suse.com/security/cve/CVE-2021-41411.html https://www.suse.com/security/cve/CVE-2021-42740.html https://www.suse.com/security/cve/CVE-2021-43138.html https://www.suse.com/security/cve/CVE-2022-0860.html https://www.suse.com/security/cve/CVE-2022-31129.html https://bugzilla.suse.com/1191857 https://bugzilla.suse.com/1195624 https://bugzilla.suse.com/1196729 https://bugzilla.suse.com/1197027 https://bugzilla.suse.com/1198168 https://bugzilla.suse.com/1198903 https://bugzilla.suse.com/1199726 https://bugzilla.suse.com/1200480 https://bugzilla.suse.com/1200573 https://bugzilla.suse.com/1200629 https://bugzilla.suse.com/1201210 https://bugzilla.suse.com/1201220 https://bugzilla.suse.com/1201260 https://bugzilla.suse.com/1201589 https://bugzilla.suse.com/1201626 https://bugzilla.suse.com/1201753 https://bugzilla.suse.com/1201788 https://bugzilla.suse.com/1201913 https://bugzilla.suse.com/1201918 https://bugzilla.suse.com/1202271 https://bugzilla.suse.com/1202272 https://bugzilla.suse.com/1202367 https://bugzilla.suse.com/1202455 https://bugzilla.suse.com/1202464 https://bugzilla.suse.com/1202602 https://bugzilla.suse.com/1202728 https://bugzilla.suse.com/1202729 https://bugzilla.suse.com/1202805 https://bugzilla.suse.com/1202899 https://bugzilla.suse.com/1203026 https://bugzilla.suse.com/1203049 https://bugzilla.suse.com/1203056 https://bugzilla.suse.com/1203169 https://bugzilla.suse.com/1203287 https://bugzilla.suse.com/1203288 https://bugzilla.suse.com/1203385 https://bugzilla.suse.com/1203406 https://bugzilla.suse.com/1203422 https://bugzilla.suse.com/1203449 https://bugzilla.suse.com/1203478 https://bugzilla.suse.com/1203484 https://bugzilla.suse.com/1203564 https://bugzilla.suse.com/1203585 https://bugzilla.suse.com/1203611 From sle-updates at lists.suse.com Wed Oct 26 14:03:36 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 Oct 2022 16:03:36 +0200 (CEST) Subject: SUSE-SU-2022:3772-1: important: Security update for curl Message-ID: <20221026140336.39CD0FDD6@maintenance.suse.de> SUSE Security Update: Security update for curl ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3772-1 Rating: important References: #1202593 #1204383 Cross-References: CVE-2022-32221 CVE-2022-35252 CVSS scores: CVE-2022-32221 (SUSE): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L CVE-2022-35252 (NVD) : 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-35252 (SUSE): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server for SAP 12-SP4 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for curl fixes the following issues: - CVE-2022-35252: Fixed a potential injection of control characters into cookies (bsc#1202593). - CVE-2022-32221: Fixed POST following PUT confusion (bsc#1204383). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-3772=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2022-3772=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-3772=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-3772=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): curl-7.60.0-4.43.1 curl-debuginfo-7.60.0-4.43.1 curl-debugsource-7.60.0-4.43.1 libcurl4-32bit-7.60.0-4.43.1 libcurl4-7.60.0-4.43.1 libcurl4-debuginfo-32bit-7.60.0-4.43.1 libcurl4-debuginfo-7.60.0-4.43.1 - SUSE OpenStack Cloud 9 (x86_64): curl-7.60.0-4.43.1 curl-debuginfo-7.60.0-4.43.1 curl-debugsource-7.60.0-4.43.1 libcurl4-32bit-7.60.0-4.43.1 libcurl4-7.60.0-4.43.1 libcurl4-debuginfo-32bit-7.60.0-4.43.1 libcurl4-debuginfo-7.60.0-4.43.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): curl-7.60.0-4.43.1 curl-debuginfo-7.60.0-4.43.1 curl-debugsource-7.60.0-4.43.1 libcurl4-7.60.0-4.43.1 libcurl4-debuginfo-7.60.0-4.43.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64): libcurl4-32bit-7.60.0-4.43.1 libcurl4-debuginfo-32bit-7.60.0-4.43.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): curl-7.60.0-4.43.1 curl-debuginfo-7.60.0-4.43.1 curl-debugsource-7.60.0-4.43.1 libcurl4-7.60.0-4.43.1 libcurl4-debuginfo-7.60.0-4.43.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (s390x x86_64): libcurl4-32bit-7.60.0-4.43.1 libcurl4-debuginfo-32bit-7.60.0-4.43.1 References: https://www.suse.com/security/cve/CVE-2022-32221.html https://www.suse.com/security/cve/CVE-2022-35252.html https://bugzilla.suse.com/1202593 https://bugzilla.suse.com/1204383 From sle-updates at lists.suse.com Wed Oct 26 14:04:23 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 Oct 2022 16:04:23 +0200 (CEST) Subject: SUSE-RU-2022:3754-1: moderate: Recommended update for SUSE Manager Salt Bundle Message-ID: <20221026140423.BC493FDD6@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager Salt Bundle ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:3754-1 Rating: moderate References: #1195624 #1199562 #1200596 #1202165 #1202167 #1202631 Affected Products: SUSE Manager Tools 12 ______________________________________________________________________________ An update that has 6 recommended fixes can now be installed. Description: This update fixes the following issues: venv-salt-minion: - Remove kiwi python module from the bundle as no longer required - Handle non-UTF-8 bytes in core grains generation (bsc#1202165) - Don't include kiwi binaries - Fix Syndic authentication errors (bsc#1199562) - Add Amazon EC2 detection for virtual grains (bsc#1195624) - Fix the regression in schedule module releasded in 3004 (bsc#1202631) - Fix state.apply in test mode with file state module on user/group checking (bsc#1202167) - Change the delimeters to prevent possible tracebacks on some packages with dpkg_lowpkg - Make zypperpkg to retry if RPM lock is temporarily unavailable (bsc#1200596) - Add SELinux profile to the package instead of using semanage - Remove Build ID links from the virtual environment and disable generating new links on building the package - Remove packages.log from the virtual environment - Fix test_ipc unit test Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Tools 12: zypper in -t patch SUSE-SLE-Manager-Tools-12-2022-3754=1 Package List: - SUSE Manager Tools 12 (aarch64 ppc64le s390x x86_64): venv-salt-minion-3004-3.14.3 References: https://bugzilla.suse.com/1195624 https://bugzilla.suse.com/1199562 https://bugzilla.suse.com/1200596 https://bugzilla.suse.com/1202165 https://bugzilla.suse.com/1202167 https://bugzilla.suse.com/1202631 From sle-updates at lists.suse.com Wed Oct 26 14:05:24 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 Oct 2022 16:05:24 +0200 (CEST) Subject: SUSE-RU-2022:15082-1: moderate: Recommended update for SUSE Manager Salt Bundle Message-ID: <20221026140524.42E37FDD6@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager Salt Bundle ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:15082-1 Rating: moderate References: #1195624 #1199562 #1200596 #1202165 #1202167 #1202631 #1204206 Affected Products: SUSE Manager Ubuntu 20.04-CLIENT-TOOLS ______________________________________________________________________________ An update that has 7 recommended fixes can now be installed. Description: This update fixes the following issues: venv-salt-minion: - Removed dependency to policycoreutils for Ubuntu 20.04 and higher (bsc#1204206) - Remove kiwi python module from the bundle as no longer required - Handle non-UTF-8 bytes in core grains generation (bsc#1202165) - Don't include kiwi binaries - Fix Syndic authentication errors (bsc#1199562) - Add Amazon EC2 detection for virtual grains (bsc#1195624) - Fix the regression in schedule module releasded in 3004 (bsc#1202631) - Fix state.apply in test mode with file state module on user/group checking (bsc#1202167) - Change the delimeters to prevent possible tracebacks on some packages with dpkg_lowpkg - Make zypperpkg to retry if RPM lock is temporarily unavailable (bsc#1200596) - Add SELinux profile to the package instead of using semanage - Remove Build ID links from the virtual environment and disable generating new links on building the package - Remove packages.log from the virtual environment - Fix test_ipc unit test Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Ubuntu 20.04-CLIENT-TOOLS: zypper in -t patch suse-ubu204ct-client-tools-202209-15082=1 Package List: - SUSE Manager Ubuntu 20.04-CLIENT-TOOLS (amd64): venv-salt-minion-3004-2.16.1 References: https://bugzilla.suse.com/1195624 https://bugzilla.suse.com/1199562 https://bugzilla.suse.com/1200596 https://bugzilla.suse.com/1202165 https://bugzilla.suse.com/1202167 https://bugzilla.suse.com/1202631 https://bugzilla.suse.com/1204206 From sle-updates at lists.suse.com Wed Oct 26 14:06:41 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 Oct 2022 16:06:41 +0200 (CEST) Subject: SUSE-SU-2022:3747-1: moderate: Security update for SUSE Manager Client Tools Message-ID: <20221026140641.64148FDD6@maintenance.suse.de> SUSE Security Update: Security update for SUSE Manager Client Tools ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3747-1 Rating: moderate References: #1196338 #1198903 #1200725 #1201535 #1201539 SLE-23422 SLE-23439 SLE-24243 SLE-24565 SLE-24791 SUMA-114 Cross-References: CVE-2022-21698 CVE-2022-31097 CVE-2022-31107 CVSS scores: CVE-2022-21698 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-21698 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-31097 (NVD) : 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2022-31097 (SUSE): 7.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N CVE-2022-31107 (NVD) : 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-31107 (SUSE): 7.1 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L Affected Products: SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Manager Tools 12 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that solves three vulnerabilities, contains 6 features and has two fixes is now available. Description: This update fixes the following issues: golang-github-lusitaniae-apache_exporter: - Update to upstream release 0.11.0 (jsc#SLE-24791) * Add TLS support * Switch to logger, please check --log.level and --log.format flags - Update to version 0.10.1 * Bugfix: Reset ProxyBalancer metrics on each scrape to remove stale data - Update to version 0.10.0 * Add Apache Proxy and other metrics - Update to version 0.8.0 * Change commandline flags * Add metrics: Apache version, request duration total - Adapted to build on Enterprise Linux 8 - Require building with Go 1.15 - Add %license macro for LICENSE file golang-github-prometheus-alertmanager: - Do not include sources (bsc#1200725) golang-github-prometheus-node_exporter: - CVE-2022-21698: Denial of service using InstrumentHandlerCounter. (bsc#1196338, jsc#SLE-24243, jsc#SUMA-114) grafana: - Update to version 8.3.10 + Security: * CVE-2022-31097: Cross Site Scripting vulnerability in the Unified Alerting (bsc#1201535) * CVE-2022-31107: OAuth account takeover vulnerability (bsc#1201539) - Update to version 8.3.9 + Bug fixes: * Geomap: Display legend * Prometheus: Fix timestamp truncation - Update to version 8.3.7 + Bug fix: * Provisioning: Ensure that the default value for orgID is set when provisioning datasources to be deleted. - Update to version 8.3.6 + Features and enhancements: * Cloud Monitoring: Reduce request size when listing labels. * Explore: Show scalar data result in a table instead of graph. * Snapshots: Updates the default external snapshot server URL. * Table: Makes footer not overlap table content. * Tempo: Add request histogram to service graph datalink. * Tempo: Add time range to tempo search query behind a feature flag. * Tempo: Auto-clear results when changing query type. * Tempo: Display start time in search results as relative time. * CloudMonitoring: Fix resource labels in query editor. * Cursor sync: Apply the settings without saving the dashboard. * LibraryPanels: Fix for Error while cleaning library panels. * Logs Panel: Fix timestamp parsing for string dates without timezone. * Prometheus: Fix some of the alerting queries that use reduce/math operation. * TablePanel: Fix ad-hoc variables not working on default datasources. * Text Panel: Fix alignment of elements. * Variables: Fix for constant variables in self referencing links. - Update to version 8.3.5 (jsc#SLE-23439, jsc#SLE-23422, jsc#SLE-24565) kiwi-desc-saltboot: - Update to version 0.1.1661440542.6cbe0da * Use standard susemanager.conf * Use salt bundle * Add support fo VirtIO disks mgr-daemon: - Version 4.3.6-1 * Update translation strings spacecmd: - Version 4.3.15-1 * Process date values in spacecmd api calls (bsc#1198903) spacewalk-client-tools: - Version 4.3.12-1 * Update translation strings uyuni-common-libs: - Version 4.3.6-1 * Do not allow creating path if nonexistent user or group in fileutils. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-3747=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2022-3747=1 - SUSE Manager Tools 12: zypper in -t patch SUSE-SLE-Manager-Tools-12-2022-3747=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-3747=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-3747=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-3747=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2022-3747=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): golang-github-prometheus-node_exporter-1.3.0-1.21.1 - SUSE OpenStack Cloud 9 (x86_64): golang-github-prometheus-node_exporter-1.3.0-1.21.1 - SUSE Manager Tools 12 (aarch64 ppc64le s390x x86_64): golang-github-lusitaniae-apache_exporter-0.11.0-1.13.1 golang-github-prometheus-alertmanager-0.23.0-1.15.2 golang-github-prometheus-node_exporter-1.3.0-1.21.1 grafana-8.3.10-1.33.2 python2-uyuni-common-libs-4.3.6-1.27.1 - SUSE Manager Tools 12 (noarch): kiwi-desc-saltboot-0.1.1661440542.6cbe0da-1.29.1 mgr-daemon-4.3.6-1.38.1 python2-spacewalk-check-4.3.12-52.77.1 python2-spacewalk-client-setup-4.3.12-52.77.1 python2-spacewalk-client-tools-4.3.12-52.77.1 spacecmd-4.3.15-38.109.1 spacewalk-check-4.3.12-52.77.1 spacewalk-client-setup-4.3.12-52.77.1 spacewalk-client-tools-4.3.12-52.77.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): golang-github-prometheus-node_exporter-1.3.0-1.21.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): golang-github-prometheus-node_exporter-1.3.0-1.21.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): golang-github-prometheus-node_exporter-1.3.0-1.21.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): golang-github-prometheus-node_exporter-1.3.0-1.21.1 References: https://www.suse.com/security/cve/CVE-2022-21698.html https://www.suse.com/security/cve/CVE-2022-31097.html https://www.suse.com/security/cve/CVE-2022-31107.html https://bugzilla.suse.com/1196338 https://bugzilla.suse.com/1198903 https://bugzilla.suse.com/1200725 https://bugzilla.suse.com/1201535 https://bugzilla.suse.com/1201539 From sle-updates at lists.suse.com Wed Oct 26 14:08:03 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 Oct 2022 16:08:03 +0200 (CEST) Subject: SUSE-RU-2022:3736-1: moderate: Recommended update for salt Message-ID: <20221026140803.1D128FDD6@maintenance.suse.de> SUSE Recommended Update: Recommended update for salt ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:3736-1 Rating: moderate References: #1195624 #1199562 #1200596 #1202165 #1202167 #1202631 Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server for SAP 15-SP1 ______________________________________________________________________________ An update that has 6 recommended fixes can now be installed. Description: This update for salt fixes the following issues: - Add Amazon EC2 detection for virtual grains (bsc#1195624) - Change the delimiters to prevent possible tracebacks on some packages with dpkg_lowpkg - Fix 'test_ipc' unit test - Fix Syndic authentication errors (bsc#1199562) - Fix state.apply in test mode with file state module on user/group checking (bsc#1202167) - Fix the regression in schedule module released in version 3004 (bsc#1202631) - Handle non-UTF-8 bytes in core grains generation (bsc#1202165) - Make zypperpkg to retry if RPM lock is temporarily unavailable (bsc#1200596) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-3736=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-3736=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-3736=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-3736=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-3736=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-3736=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): python3-salt-3004-150100.77.1 salt-3004-150100.77.1 salt-api-3004-150100.77.1 salt-cloud-3004-150100.77.1 salt-doc-3004-150100.77.1 salt-master-3004-150100.77.1 salt-minion-3004-150100.77.1 salt-proxy-3004-150100.77.1 salt-ssh-3004-150100.77.1 salt-standalone-formulas-configuration-3004-150100.77.1 salt-syndic-3004-150100.77.1 salt-transactional-update-3004-150100.77.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (noarch): salt-bash-completion-3004-150100.77.1 salt-fish-completion-3004-150100.77.1 salt-zsh-completion-3004-150100.77.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): python3-salt-3004-150100.77.1 salt-3004-150100.77.1 salt-api-3004-150100.77.1 salt-cloud-3004-150100.77.1 salt-doc-3004-150100.77.1 salt-master-3004-150100.77.1 salt-minion-3004-150100.77.1 salt-proxy-3004-150100.77.1 salt-ssh-3004-150100.77.1 salt-standalone-formulas-configuration-3004-150100.77.1 salt-syndic-3004-150100.77.1 salt-transactional-update-3004-150100.77.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (noarch): salt-bash-completion-3004-150100.77.1 salt-fish-completion-3004-150100.77.1 salt-zsh-completion-3004-150100.77.1 - SUSE Linux Enterprise Server 15-SP1-BCL (noarch): salt-bash-completion-3004-150100.77.1 salt-fish-completion-3004-150100.77.1 salt-zsh-completion-3004-150100.77.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): python3-salt-3004-150100.77.1 salt-3004-150100.77.1 salt-api-3004-150100.77.1 salt-cloud-3004-150100.77.1 salt-doc-3004-150100.77.1 salt-master-3004-150100.77.1 salt-minion-3004-150100.77.1 salt-proxy-3004-150100.77.1 salt-ssh-3004-150100.77.1 salt-standalone-formulas-configuration-3004-150100.77.1 salt-syndic-3004-150100.77.1 salt-transactional-update-3004-150100.77.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): python3-salt-3004-150100.77.1 salt-3004-150100.77.1 salt-api-3004-150100.77.1 salt-cloud-3004-150100.77.1 salt-doc-3004-150100.77.1 salt-master-3004-150100.77.1 salt-minion-3004-150100.77.1 salt-proxy-3004-150100.77.1 salt-ssh-3004-150100.77.1 salt-standalone-formulas-configuration-3004-150100.77.1 salt-syndic-3004-150100.77.1 salt-transactional-update-3004-150100.77.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch): salt-bash-completion-3004-150100.77.1 salt-fish-completion-3004-150100.77.1 salt-zsh-completion-3004-150100.77.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): python3-salt-3004-150100.77.1 salt-3004-150100.77.1 salt-api-3004-150100.77.1 salt-cloud-3004-150100.77.1 salt-doc-3004-150100.77.1 salt-master-3004-150100.77.1 salt-minion-3004-150100.77.1 salt-proxy-3004-150100.77.1 salt-ssh-3004-150100.77.1 salt-standalone-formulas-configuration-3004-150100.77.1 salt-syndic-3004-150100.77.1 salt-transactional-update-3004-150100.77.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (noarch): salt-bash-completion-3004-150100.77.1 salt-fish-completion-3004-150100.77.1 salt-zsh-completion-3004-150100.77.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): python3-salt-3004-150100.77.1 salt-3004-150100.77.1 salt-api-3004-150100.77.1 salt-cloud-3004-150100.77.1 salt-doc-3004-150100.77.1 salt-master-3004-150100.77.1 salt-minion-3004-150100.77.1 salt-proxy-3004-150100.77.1 salt-ssh-3004-150100.77.1 salt-standalone-formulas-configuration-3004-150100.77.1 salt-syndic-3004-150100.77.1 salt-transactional-update-3004-150100.77.1 - SUSE Enterprise Storage 6 (noarch): salt-bash-completion-3004-150100.77.1 salt-fish-completion-3004-150100.77.1 salt-zsh-completion-3004-150100.77.1 - SUSE CaaS Platform 4.0 (noarch): salt-bash-completion-3004-150100.77.1 salt-fish-completion-3004-150100.77.1 salt-zsh-completion-3004-150100.77.1 - SUSE CaaS Platform 4.0 (x86_64): python3-salt-3004-150100.77.1 salt-3004-150100.77.1 salt-api-3004-150100.77.1 salt-cloud-3004-150100.77.1 salt-doc-3004-150100.77.1 salt-master-3004-150100.77.1 salt-minion-3004-150100.77.1 salt-proxy-3004-150100.77.1 salt-ssh-3004-150100.77.1 salt-standalone-formulas-configuration-3004-150100.77.1 salt-syndic-3004-150100.77.1 salt-transactional-update-3004-150100.77.1 References: https://bugzilla.suse.com/1195624 https://bugzilla.suse.com/1199562 https://bugzilla.suse.com/1200596 https://bugzilla.suse.com/1202165 https://bugzilla.suse.com/1202167 https://bugzilla.suse.com/1202631 From sle-updates at lists.suse.com Wed Oct 26 14:09:30 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 Oct 2022 16:09:30 +0200 (CEST) Subject: SUSE-SU-2022:3768-1: important: Security update for qemu Message-ID: <20221026140930.121E0FDD6@maintenance.suse.de> SUSE Security Update: Security update for qemu ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3768-1 Rating: important References: #1175144 #1182282 #1185000 #1192463 #1198035 #1198037 #1198038 #1201367 Cross-References: CVE-2020-17380 CVE-2021-3409 CVE-2021-3507 CVE-2021-4206 CVE-2021-4207 CVE-2022-0216 CVE-2022-35414 CVSS scores: CVE-2020-17380 (NVD) : 6.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L CVE-2020-17380 (SUSE): 6.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L CVE-2021-3409 (NVD) : 5.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L CVE-2021-3409 (SUSE): 5.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L CVE-2021-3507 (NVD) : 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L CVE-2021-3507 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L CVE-2021-4206 (NVD) : 8.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2021-4206 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2021-4207 (NVD) : 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H CVE-2021-4207 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2022-0216 (NVD) : 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2022-0216 (SUSE): 5.3 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2022-35414 (NVD) : 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H CVE-2022-35414 (SUSE): 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server for SAP 15-SP1 openSUSE Leap 15.3 ______________________________________________________________________________ An update that solves 7 vulnerabilities and has one errata is now available. Description: This update for qemu fixes the following issues: - CVE-2021-3409: Fixed an incomplete fix for CVE-2020-17380 and CVE-2020-25085 in sdhi controller. (bsc#1182282) - CVE-2021-4206: Fixed an integer overflow in cursor_alloc which can lead to heap buffer overflow. (bsc#1198035) - CVE-2021-4207: Fixed a double fetch in qxl_cursor ehich can lead to heap buffer overflow. (bsc#1198037) - CVE-2022-0216: Fixed a use after free issue found in hw/scsi/lsi53c895a.c. (bsc#1198038) - CVE-2022-35414: Fixed an uninitialized read during address translation that leads to a crash. (bsc#1201367) - CVE-2021-3507: Fixed a heap buffer overflow in DMA read data transfers. (bsc#1185000) - CVE-2020-17380: Fixed a heap buffer overflow in sdhci_sdma_transfer_multi_blocks. (bsc#1175144) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-3768=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-3768=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-3768=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-3768=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-3768=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-3768=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-3768=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - openSUSE Leap 15.3 (aarch64 x86_64): qemu-audio-oss-debuginfo-3.1.1.1-150100.80.43.2 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): qemu-3.1.1.1-150100.80.43.2 qemu-block-curl-3.1.1.1-150100.80.43.2 qemu-block-curl-debuginfo-3.1.1.1-150100.80.43.2 qemu-block-iscsi-3.1.1.1-150100.80.43.2 qemu-block-iscsi-debuginfo-3.1.1.1-150100.80.43.2 qemu-block-rbd-3.1.1.1-150100.80.43.2 qemu-block-rbd-debuginfo-3.1.1.1-150100.80.43.2 qemu-block-ssh-3.1.1.1-150100.80.43.2 qemu-block-ssh-debuginfo-3.1.1.1-150100.80.43.2 qemu-debuginfo-3.1.1.1-150100.80.43.2 qemu-debugsource-3.1.1.1-150100.80.43.2 qemu-guest-agent-3.1.1.1-150100.80.43.2 qemu-guest-agent-debuginfo-3.1.1.1-150100.80.43.2 qemu-lang-3.1.1.1-150100.80.43.2 qemu-tools-3.1.1.1-150100.80.43.2 qemu-tools-debuginfo-3.1.1.1-150100.80.43.2 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le): qemu-ppc-3.1.1.1-150100.80.43.2 qemu-ppc-debuginfo-3.1.1.1-150100.80.43.2 - SUSE Linux Enterprise Server for SAP 15-SP1 (x86_64): qemu-audio-alsa-3.1.1.1-150100.80.43.2 qemu-audio-alsa-debuginfo-3.1.1.1-150100.80.43.2 qemu-audio-oss-3.1.1.1-150100.80.43.2 qemu-audio-oss-debuginfo-3.1.1.1-150100.80.43.2 qemu-audio-pa-3.1.1.1-150100.80.43.2 qemu-audio-pa-debuginfo-3.1.1.1-150100.80.43.2 qemu-kvm-3.1.1.1-150100.80.43.2 qemu-ui-curses-3.1.1.1-150100.80.43.2 qemu-ui-curses-debuginfo-3.1.1.1-150100.80.43.2 qemu-ui-gtk-3.1.1.1-150100.80.43.2 qemu-ui-gtk-debuginfo-3.1.1.1-150100.80.43.2 qemu-x86-3.1.1.1-150100.80.43.2 qemu-x86-debuginfo-3.1.1.1-150100.80.43.2 - SUSE Linux Enterprise Server for SAP 15-SP1 (noarch): qemu-ipxe-1.0.0+-150100.80.43.2 qemu-seabios-1.12.0_0_ga698c89-150100.80.43.2 qemu-sgabios-8-150100.80.43.2 qemu-vgabios-1.12.0_0_ga698c89-150100.80.43.2 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): qemu-3.1.1.1-150100.80.43.2 qemu-block-curl-3.1.1.1-150100.80.43.2 qemu-block-curl-debuginfo-3.1.1.1-150100.80.43.2 qemu-block-iscsi-3.1.1.1-150100.80.43.2 qemu-block-iscsi-debuginfo-3.1.1.1-150100.80.43.2 qemu-block-rbd-3.1.1.1-150100.80.43.2 qemu-block-rbd-debuginfo-3.1.1.1-150100.80.43.2 qemu-block-ssh-3.1.1.1-150100.80.43.2 qemu-block-ssh-debuginfo-3.1.1.1-150100.80.43.2 qemu-debuginfo-3.1.1.1-150100.80.43.2 qemu-debugsource-3.1.1.1-150100.80.43.2 qemu-guest-agent-3.1.1.1-150100.80.43.2 qemu-guest-agent-debuginfo-3.1.1.1-150100.80.43.2 qemu-lang-3.1.1.1-150100.80.43.2 qemu-tools-3.1.1.1-150100.80.43.2 qemu-tools-debuginfo-3.1.1.1-150100.80.43.2 - SUSE Linux Enterprise Server 15-SP1-LTSS (s390x x86_64): qemu-kvm-3.1.1.1-150100.80.43.2 - SUSE Linux Enterprise Server 15-SP1-LTSS (ppc64le): qemu-ppc-3.1.1.1-150100.80.43.2 qemu-ppc-debuginfo-3.1.1.1-150100.80.43.2 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64): qemu-arm-3.1.1.1-150100.80.43.2 qemu-arm-debuginfo-3.1.1.1-150100.80.43.2 - SUSE Linux Enterprise Server 15-SP1-LTSS (noarch): qemu-ipxe-1.0.0+-150100.80.43.2 qemu-seabios-1.12.0_0_ga698c89-150100.80.43.2 qemu-sgabios-8-150100.80.43.2 qemu-vgabios-1.12.0_0_ga698c89-150100.80.43.2 - SUSE Linux Enterprise Server 15-SP1-LTSS (x86_64): qemu-audio-alsa-3.1.1.1-150100.80.43.2 qemu-audio-alsa-debuginfo-3.1.1.1-150100.80.43.2 qemu-audio-oss-3.1.1.1-150100.80.43.2 qemu-audio-oss-debuginfo-3.1.1.1-150100.80.43.2 qemu-audio-pa-3.1.1.1-150100.80.43.2 qemu-audio-pa-debuginfo-3.1.1.1-150100.80.43.2 qemu-ui-curses-3.1.1.1-150100.80.43.2 qemu-ui-curses-debuginfo-3.1.1.1-150100.80.43.2 qemu-ui-gtk-3.1.1.1-150100.80.43.2 qemu-ui-gtk-debuginfo-3.1.1.1-150100.80.43.2 qemu-x86-3.1.1.1-150100.80.43.2 qemu-x86-debuginfo-3.1.1.1-150100.80.43.2 - SUSE Linux Enterprise Server 15-SP1-LTSS (s390x): qemu-s390-3.1.1.1-150100.80.43.2 qemu-s390-debuginfo-3.1.1.1-150100.80.43.2 - SUSE Linux Enterprise Server 15-SP1-BCL (noarch): qemu-ipxe-1.0.0+-150100.80.43.2 qemu-seabios-1.12.0_0_ga698c89-150100.80.43.2 qemu-sgabios-8-150100.80.43.2 qemu-vgabios-1.12.0_0_ga698c89-150100.80.43.2 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): qemu-3.1.1.1-150100.80.43.2 qemu-audio-alsa-3.1.1.1-150100.80.43.2 qemu-audio-alsa-debuginfo-3.1.1.1-150100.80.43.2 qemu-audio-oss-3.1.1.1-150100.80.43.2 qemu-audio-oss-debuginfo-3.1.1.1-150100.80.43.2 qemu-audio-pa-3.1.1.1-150100.80.43.2 qemu-audio-pa-debuginfo-3.1.1.1-150100.80.43.2 qemu-block-curl-3.1.1.1-150100.80.43.2 qemu-block-curl-debuginfo-3.1.1.1-150100.80.43.2 qemu-block-iscsi-3.1.1.1-150100.80.43.2 qemu-block-iscsi-debuginfo-3.1.1.1-150100.80.43.2 qemu-block-rbd-3.1.1.1-150100.80.43.2 qemu-block-rbd-debuginfo-3.1.1.1-150100.80.43.2 qemu-block-ssh-3.1.1.1-150100.80.43.2 qemu-block-ssh-debuginfo-3.1.1.1-150100.80.43.2 qemu-debuginfo-3.1.1.1-150100.80.43.2 qemu-debugsource-3.1.1.1-150100.80.43.2 qemu-guest-agent-3.1.1.1-150100.80.43.2 qemu-guest-agent-debuginfo-3.1.1.1-150100.80.43.2 qemu-kvm-3.1.1.1-150100.80.43.2 qemu-lang-3.1.1.1-150100.80.43.2 qemu-tools-3.1.1.1-150100.80.43.2 qemu-tools-debuginfo-3.1.1.1-150100.80.43.2 qemu-ui-curses-3.1.1.1-150100.80.43.2 qemu-ui-curses-debuginfo-3.1.1.1-150100.80.43.2 qemu-ui-gtk-3.1.1.1-150100.80.43.2 qemu-ui-gtk-debuginfo-3.1.1.1-150100.80.43.2 qemu-x86-3.1.1.1-150100.80.43.2 qemu-x86-debuginfo-3.1.1.1-150100.80.43.2 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): qemu-3.1.1.1-150100.80.43.2 qemu-block-curl-3.1.1.1-150100.80.43.2 qemu-block-curl-debuginfo-3.1.1.1-150100.80.43.2 qemu-block-iscsi-3.1.1.1-150100.80.43.2 qemu-block-iscsi-debuginfo-3.1.1.1-150100.80.43.2 qemu-block-rbd-3.1.1.1-150100.80.43.2 qemu-block-rbd-debuginfo-3.1.1.1-150100.80.43.2 qemu-block-ssh-3.1.1.1-150100.80.43.2 qemu-block-ssh-debuginfo-3.1.1.1-150100.80.43.2 qemu-debuginfo-3.1.1.1-150100.80.43.2 qemu-debugsource-3.1.1.1-150100.80.43.2 qemu-guest-agent-3.1.1.1-150100.80.43.2 qemu-guest-agent-debuginfo-3.1.1.1-150100.80.43.2 qemu-lang-3.1.1.1-150100.80.43.2 qemu-tools-3.1.1.1-150100.80.43.2 qemu-tools-debuginfo-3.1.1.1-150100.80.43.2 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64): qemu-arm-3.1.1.1-150100.80.43.2 qemu-arm-debuginfo-3.1.1.1-150100.80.43.2 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch): qemu-ipxe-1.0.0+-150100.80.43.2 qemu-seabios-1.12.0_0_ga698c89-150100.80.43.2 qemu-sgabios-8-150100.80.43.2 qemu-vgabios-1.12.0_0_ga698c89-150100.80.43.2 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (x86_64): qemu-audio-alsa-3.1.1.1-150100.80.43.2 qemu-audio-alsa-debuginfo-3.1.1.1-150100.80.43.2 qemu-audio-oss-3.1.1.1-150100.80.43.2 qemu-audio-oss-debuginfo-3.1.1.1-150100.80.43.2 qemu-audio-pa-3.1.1.1-150100.80.43.2 qemu-audio-pa-debuginfo-3.1.1.1-150100.80.43.2 qemu-kvm-3.1.1.1-150100.80.43.2 qemu-ui-curses-3.1.1.1-150100.80.43.2 qemu-ui-curses-debuginfo-3.1.1.1-150100.80.43.2 qemu-ui-gtk-3.1.1.1-150100.80.43.2 qemu-ui-gtk-debuginfo-3.1.1.1-150100.80.43.2 qemu-x86-3.1.1.1-150100.80.43.2 qemu-x86-debuginfo-3.1.1.1-150100.80.43.2 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): qemu-3.1.1.1-150100.80.43.2 qemu-block-curl-3.1.1.1-150100.80.43.2 qemu-block-curl-debuginfo-3.1.1.1-150100.80.43.2 qemu-block-iscsi-3.1.1.1-150100.80.43.2 qemu-block-iscsi-debuginfo-3.1.1.1-150100.80.43.2 qemu-block-rbd-3.1.1.1-150100.80.43.2 qemu-block-rbd-debuginfo-3.1.1.1-150100.80.43.2 qemu-block-ssh-3.1.1.1-150100.80.43.2 qemu-block-ssh-debuginfo-3.1.1.1-150100.80.43.2 qemu-debuginfo-3.1.1.1-150100.80.43.2 qemu-debugsource-3.1.1.1-150100.80.43.2 qemu-guest-agent-3.1.1.1-150100.80.43.2 qemu-guest-agent-debuginfo-3.1.1.1-150100.80.43.2 qemu-lang-3.1.1.1-150100.80.43.2 qemu-tools-3.1.1.1-150100.80.43.2 qemu-tools-debuginfo-3.1.1.1-150100.80.43.2 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64): qemu-arm-3.1.1.1-150100.80.43.2 qemu-arm-debuginfo-3.1.1.1-150100.80.43.2 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (noarch): qemu-ipxe-1.0.0+-150100.80.43.2 qemu-seabios-1.12.0_0_ga698c89-150100.80.43.2 qemu-sgabios-8-150100.80.43.2 qemu-vgabios-1.12.0_0_ga698c89-150100.80.43.2 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (x86_64): qemu-audio-alsa-3.1.1.1-150100.80.43.2 qemu-audio-alsa-debuginfo-3.1.1.1-150100.80.43.2 qemu-audio-oss-3.1.1.1-150100.80.43.2 qemu-audio-oss-debuginfo-3.1.1.1-150100.80.43.2 qemu-audio-pa-3.1.1.1-150100.80.43.2 qemu-audio-pa-debuginfo-3.1.1.1-150100.80.43.2 qemu-kvm-3.1.1.1-150100.80.43.2 qemu-ui-curses-3.1.1.1-150100.80.43.2 qemu-ui-curses-debuginfo-3.1.1.1-150100.80.43.2 qemu-ui-gtk-3.1.1.1-150100.80.43.2 qemu-ui-gtk-debuginfo-3.1.1.1-150100.80.43.2 qemu-x86-3.1.1.1-150100.80.43.2 qemu-x86-debuginfo-3.1.1.1-150100.80.43.2 - SUSE Enterprise Storage 6 (aarch64 x86_64): qemu-3.1.1.1-150100.80.43.2 qemu-block-curl-3.1.1.1-150100.80.43.2 qemu-block-curl-debuginfo-3.1.1.1-150100.80.43.2 qemu-block-iscsi-3.1.1.1-150100.80.43.2 qemu-block-iscsi-debuginfo-3.1.1.1-150100.80.43.2 qemu-block-rbd-3.1.1.1-150100.80.43.2 qemu-block-rbd-debuginfo-3.1.1.1-150100.80.43.2 qemu-block-ssh-3.1.1.1-150100.80.43.2 qemu-block-ssh-debuginfo-3.1.1.1-150100.80.43.2 qemu-debuginfo-3.1.1.1-150100.80.43.2 qemu-debugsource-3.1.1.1-150100.80.43.2 qemu-guest-agent-3.1.1.1-150100.80.43.2 qemu-guest-agent-debuginfo-3.1.1.1-150100.80.43.2 qemu-lang-3.1.1.1-150100.80.43.2 qemu-tools-3.1.1.1-150100.80.43.2 qemu-tools-debuginfo-3.1.1.1-150100.80.43.2 - SUSE Enterprise Storage 6 (aarch64): qemu-arm-3.1.1.1-150100.80.43.2 qemu-arm-debuginfo-3.1.1.1-150100.80.43.2 - SUSE Enterprise Storage 6 (noarch): qemu-ipxe-1.0.0+-150100.80.43.2 qemu-seabios-1.12.0_0_ga698c89-150100.80.43.2 qemu-sgabios-8-150100.80.43.2 qemu-vgabios-1.12.0_0_ga698c89-150100.80.43.2 - SUSE Enterprise Storage 6 (x86_64): qemu-audio-alsa-3.1.1.1-150100.80.43.2 qemu-audio-alsa-debuginfo-3.1.1.1-150100.80.43.2 qemu-audio-oss-3.1.1.1-150100.80.43.2 qemu-audio-oss-debuginfo-3.1.1.1-150100.80.43.2 qemu-audio-pa-3.1.1.1-150100.80.43.2 qemu-audio-pa-debuginfo-3.1.1.1-150100.80.43.2 qemu-kvm-3.1.1.1-150100.80.43.2 qemu-ui-curses-3.1.1.1-150100.80.43.2 qemu-ui-curses-debuginfo-3.1.1.1-150100.80.43.2 qemu-ui-gtk-3.1.1.1-150100.80.43.2 qemu-ui-gtk-debuginfo-3.1.1.1-150100.80.43.2 qemu-x86-3.1.1.1-150100.80.43.2 qemu-x86-debuginfo-3.1.1.1-150100.80.43.2 - SUSE CaaS Platform 4.0 (noarch): qemu-ipxe-1.0.0+-150100.80.43.2 qemu-seabios-1.12.0_0_ga698c89-150100.80.43.2 qemu-sgabios-8-150100.80.43.2 qemu-vgabios-1.12.0_0_ga698c89-150100.80.43.2 - SUSE CaaS Platform 4.0 (x86_64): qemu-3.1.1.1-150100.80.43.2 qemu-audio-alsa-3.1.1.1-150100.80.43.2 qemu-audio-alsa-debuginfo-3.1.1.1-150100.80.43.2 qemu-audio-oss-3.1.1.1-150100.80.43.2 qemu-audio-oss-debuginfo-3.1.1.1-150100.80.43.2 qemu-audio-pa-3.1.1.1-150100.80.43.2 qemu-audio-pa-debuginfo-3.1.1.1-150100.80.43.2 qemu-block-curl-3.1.1.1-150100.80.43.2 qemu-block-curl-debuginfo-3.1.1.1-150100.80.43.2 qemu-block-iscsi-3.1.1.1-150100.80.43.2 qemu-block-iscsi-debuginfo-3.1.1.1-150100.80.43.2 qemu-block-rbd-3.1.1.1-150100.80.43.2 qemu-block-rbd-debuginfo-3.1.1.1-150100.80.43.2 qemu-block-ssh-3.1.1.1-150100.80.43.2 qemu-block-ssh-debuginfo-3.1.1.1-150100.80.43.2 qemu-debuginfo-3.1.1.1-150100.80.43.2 qemu-debugsource-3.1.1.1-150100.80.43.2 qemu-guest-agent-3.1.1.1-150100.80.43.2 qemu-guest-agent-debuginfo-3.1.1.1-150100.80.43.2 qemu-kvm-3.1.1.1-150100.80.43.2 qemu-lang-3.1.1.1-150100.80.43.2 qemu-tools-3.1.1.1-150100.80.43.2 qemu-tools-debuginfo-3.1.1.1-150100.80.43.2 qemu-ui-curses-3.1.1.1-150100.80.43.2 qemu-ui-curses-debuginfo-3.1.1.1-150100.80.43.2 qemu-ui-gtk-3.1.1.1-150100.80.43.2 qemu-ui-gtk-debuginfo-3.1.1.1-150100.80.43.2 qemu-x86-3.1.1.1-150100.80.43.2 qemu-x86-debuginfo-3.1.1.1-150100.80.43.2 References: https://www.suse.com/security/cve/CVE-2020-17380.html https://www.suse.com/security/cve/CVE-2021-3409.html https://www.suse.com/security/cve/CVE-2021-3507.html https://www.suse.com/security/cve/CVE-2021-4206.html https://www.suse.com/security/cve/CVE-2021-4207.html https://www.suse.com/security/cve/CVE-2022-0216.html https://www.suse.com/security/cve/CVE-2022-35414.html https://bugzilla.suse.com/1175144 https://bugzilla.suse.com/1182282 https://bugzilla.suse.com/1185000 https://bugzilla.suse.com/1192463 https://bugzilla.suse.com/1198035 https://bugzilla.suse.com/1198037 https://bugzilla.suse.com/1198038 https://bugzilla.suse.com/1201367 From sle-updates at lists.suse.com Wed Oct 26 14:11:52 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 Oct 2022 16:11:52 +0200 (CEST) Subject: SUSE-SU-2022:3775-1: important: Security update for the Linux Kernel Message-ID: <20221026141152.D1DD9FDD6@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3775-1 Rating: important References: #1177471 #1185032 #1194023 #1196444 #1197659 #1199564 #1200313 #1200622 #1201309 #1201310 #1201489 #1201645 #1201865 #1201990 #1202095 #1202341 #1202385 #1202677 #1202960 #1202984 #1203159 #1203290 #1203313 #1203389 #1203410 #1203424 #1203514 #1203552 #1203622 #1203737 #1203769 #1203770 #1203906 #1203909 #1203935 #1203939 #1203987 #1203992 #1204051 #1204059 #1204060 #1204125 #1204289 #1204290 #1204291 #1204292 PED-529 Cross-References: CVE-2020-16119 CVE-2022-20008 CVE-2022-2503 CVE-2022-2586 CVE-2022-3169 CVE-2022-3239 CVE-2022-3303 CVE-2022-40768 CVE-2022-41218 CVE-2022-41222 CVE-2022-41674 CVE-2022-41848 CVE-2022-41849 CVE-2022-42719 CVE-2022-42720 CVE-2022-42721 CVE-2022-42722 CVSS scores: CVE-2020-16119 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2020-16119 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-20008 (NVD) : 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2022-20008 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2022-2503 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-2503 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-2586 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-3169 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3169 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-3239 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3239 (SUSE): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-3303 (NVD) : 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3303 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2022-40768 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-40768 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-41218 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-41218 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-41222 (NVD) : 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-41222 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-41674 (NVD) : 8.1 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H CVE-2022-41674 (SUSE): 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-41848 (NVD) : 4.2 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-41848 (SUSE): 6.4 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-41849 (NVD) : 4.2 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-41849 (SUSE): 6.3 CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-42719 (NVD) : 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-42719 (SUSE): 7.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-42720 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-42720 (SUSE): 7.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-42721 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-42721 (SUSE): 7.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-42722 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-42722 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Availability 15-SP3 SUSE Linux Enterprise High Performance Computing SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Development Tools 15-SP3 SUSE Linux Enterprise Module for Legacy Software 15-SP3 SUSE Linux Enterprise Module for Live Patching 15-SP3 SUSE Linux Enterprise Server SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Storage 7.1 SUSE Linux Enterprise Workstation Extension 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 openSUSE Leap Micro 5.2 ______________________________________________________________________________ An update that solves 17 vulnerabilities, contains one feature and has 29 fixes is now available. Description: The SUSE Linux Enterprise 15 SP3 kernel was updated. The following security bugs were fixed: - CVE-2022-40768: Fixed information leak in the scsi driver which allowed local users to obtain sensitive information from kernel memory. (bnc#1203514) - CVE-2022-3169: Fixed a denial of service flaw which occurs when consecutive requests to NVME_IOCTL_RESET and the NVME_IOCTL_SUBSYS_RESET are sent. (bnc#1203290) - CVE-2022-42722: Fixed crash in beacon protection for P2P-device. (bsc#1204125) - CVE-2022-42719: Fixed MBSSID parsing use-after-free. (bsc#1204051) - CVE-2022-42721: Avoid nontransmitted BSS list corruption. (bsc#1204060) - CVE-2022-42720: Fixed BSS refcounting bugs. (bsc#1204059) - CVE-2022-3303: Fixed a race condition in the sound subsystem due to improper locking (bnc#1203769). - CVE-2022-41218: Fixed an use-after-free caused by refcount races in drivers/media/dvb-core/dmxdev.c (bnc#1202960). - CVE-2022-3239: Fixed an use-after-free in the video4linux driver that could lead a local user to able to crash the system or escalate their privileges (bnc#1203552). - CVE-2022-41848: Fixed a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling ioctl (bnc#1203987). - CVE-2022-41849: Fixed a race condition and resultant use-after-free if a physically proximate attacker removes a USB device while calling open (bnc#1203992). - CVE-2022-41674: Fixed a DoS issue where kernel can crash on the reception of specific WiFi Frames (bsc#1203770). - CVE-2022-2586: Fixed a use-after-free which can be triggered when a nft table is deleted (bnc#1202095). - CVE-2022-41222: Fixed a use-after-free via a stale TLB because an rmap lock is not held during a PUD move (bnc#1203622). - CVE-2022-2503: Fixed a bug in dm-verity, device-mapper table reloads allowed users with root privileges to switch out the target with an equivalent dm-linear target and bypass verification till reboot. This allowed root to bypass LoadPin and can be used to load untrusted and unverified kernel modules and firmware, which implies arbitrary kernel execution and persistence for peripherals that do not verify firmware updates (bnc#1202677). - CVE-2022-20008: Fixed a bug which allowed to read kernel heap memory due to uninitialized data. This could lead to local information disclosure if reading from an SD card that triggers errors, with no additional execution privileges needed. (bnc#1199564) - CVE-2020-16119: Fixed a use-after-free vulnerability exploitable by a local attacker due to reuse of a DCCP socket. (bnc#1177471) The following non-security bugs were fixed: - ALSA: aloop: Fix random zeros in capture data when using jiffies timer (git-fixes). - ALSA: emu10k1: Fix out of bounds access in snd_emu10k1_pcm_channel_alloc() (git-fixes). - ALSA: hda/realtek: Re-arrange quirk table entries (git-fixes). - ALSA: seq: Fix data-race at module auto-loading (git-fixes). - ALSA: seq: oss: Fix data-race for max_midi_devs access (git-fixes). - ALSA: usb-audio: Fix an out-of-bounds bug in __snd_usb_parse_audio_interface() (git-fixes). - ALSA: usb-audio: fix spelling mistakes (git-fixes). - ALSA: usb-audio: Inform the delayed registration more properly (git-fixes). - ALSA: usb-audio: Register card again for iface over delayed_register option (git-fixes). - ALSA: usb-audio: Split endpoint setups for hw_params and prepare (git-fixes). - arm64: cpufeature: Allow different PMU versions in ID_DFR0_EL1 (git-fixes) - arm64: dts: allwinner: A64 Sopine: phy-mode rgmii-id (git-fixes) - arm64: dts: allwinner: a64-sopine-baseboard: change RGMII mode to (bsc#1202341) - arm64: dts: allwinner: H5: NanoPi Neo Plus2: phy-mode rgmii-id (git-fixes) - arm64: dts: rockchip: Pull up wlan wake# on Gru-Bob (git-fixes) - arm64: dts: rockchip: Remove 'enable-active-low' from rk3399-puma (git-fixes) - arm64: dts: rockchip: Set RK3399-Gru PCLK_EDP to 24 MHz (git-fixes) - arm64: dts: uniphier: Fix USB interrupts for PXs3 SoC (git-fixes) - arm64: kexec_file: use more system keyrings to verify kernel image signature (bsc#1196444). - arm64: mm: Always update TCR_EL1 from __cpu_set_tcr_t0sz() (git-fixes) - arm64: mm: fix p?d_leaf() (git-fixes) - arm64: mm: use a 48-bit ID map when possible on 52-bit VA builds (git-fixes) - arm64: tegra: Fix SDMMC1 CD on P2888 (git-fixes) - arm64: tegra: Remove non existent Tegra194 reset (git-fixes) - arm64: tlb: fix the TTL value of tlb_get_level (git-fixes) - arm64/mm: Validate hotplug range before creating linear mapping (git-fixes) - bpf: Compile out btf_parse_module() if module BTF is not enabled (git-fixes). - cgroup: cgroup_get_from_id() must check the looked-up kn is a directory (bsc#1203906). - crypto: arm64/gcm - Select AEAD for GHASH_ARM64_CE (git-fixes) - crypto: arm64/poly1305 - fix a read out-of-bound (git-fixes) - drm/amdgpu: Check num_gfx_rings for gfx v9_0 rb setup (git-fixes). - drm/amdgpu: mmVM_L2_CNTL3 register not initialized correctly (git-fixes). - drm/gem: Fix GEM handle release errors (git-fixes). - drm/i915/glk: ECS Liva Q2 needs GLK HDMI port timing quirk (git-fixes). - drm/meson: Correct OSD1 global alpha value (git-fixes). - drm/meson: Fix OSD1 RGB to YCbCr coefficient (git-fixes). - drm/msm/rd: Fix FIFO-full deadlock (git-fixes). - drm/radeon: add a force flush to delay work when radeon (git-fixes). - dtb: Do not include sources in src.rpm - refer to kernel-source Same as other kernel binary packages there is no need to carry duplicate sources in dtb packages. - efi: capsule-loader: Fix use-after-free in efi_capsule_write (git-fixes). - fbdev: chipsfb: Add missing pci_disable_device() in chipsfb_pci_init() (git-fixes). - fbdev: fb_pm2fb: Avoid potential divide by zero error (git-fixes). - ftrace: Fix NULL pointer dereference in is_ftrace_trampoline when ftrace is dead (git-fixes). - gpio: mpc8xxx: Fix support for IRQ_TYPE_LEVEL_LOW flow_type in mpc85xx (git-fixes). - HID: intel-ish-hid: ishtp: Fix ishtp client sending disordered message (git-fixes). - HID: ishtp-hid-clientHID: ishtp-hid-client: Fix comment typo (git-fixes). - ieee802154: cc2520: add rc code in cc2520_tx() (git-fixes). - ima: force signature verification when CONFIG_KEXEC_SIG is configured (bsc#1203737). - Input: iforce - add support for Boeder Force Feedback Wheel (git-fixes). - Input: melfas_mip4 - fix return value check in mip4_probe() (git-fixes). - Input: snvs_pwrkey - fix SNVS_HPVIDR1 register address (git-fixes). - JFS: fix GPF in diFree (bsc#1203389). - JFS: fix memleak in jfs_mount (git-fixes). - JFS: more checks for invalid superblock (git-fixes). - JFS: prevent NULL deref in diFree (bsc#1203389). - kABI: x86: kexec: hide new include from genksyms (bsc#1196444). - kexec: clean up arch_kexec_kernel_verify_sig (bsc#1196444). - kexec: do not verify the signature without the lockdown or mandatory signature (bsc#1203737). - kexec: drop weak attribute from arch_kexec_apply_relocations[_add] (bsc#1196444). - kexec: drop weak attribute from functions (bsc#1196444). - kexec: drop weak attribute from functions (bsc#1196444). - kexec: KEYS: make the code in bzImage64_verify_sig generic (bsc#1196444). - kexec: KEYS: s390: Make use of built-in and secondary keyring for signature verification (bsc#1196444). - KVM: nVMX: Let userspace set nVMX MSR to any _host_ supported value (git-fixes). - KVM: x86: Mark TSS busy during LTR emulation _after_ all fault checks (git-fixes). - KVM: x86: Set error code to segment selector on LLDT/LTR non-canonical #GP (git-fixes). - md-raid10: fix KASAN warning (git-fixes). - md: call __md_stop_writes in md_stop (git-fixes). - md: unlock mddev before reap sync_thread in action_store (bsc#1197659). - mm: pagewalk: Fix race between unmap and page walker (git-fixes, bsc#1203159). - mm: proc: smaps_rollup: do not stall write attempts on mmap_lock (bsc#1201990). - mm: smaps*: extend smap_gather_stats to support specified beginning (bsc#1201990). - net: mana: Add rmb after checking owner bits (git-fixes). - net: mana: Add support of XDP_REDIRECT action (bug#1201310, jsc#PED-529). - net: mana: Add the Linux MANA PF driver (bug#1201309, jsc#PED-529). - NFS: Do not decrease the value of seq_nr_highest_sent (git-fixes). - NFS: Fix races in the legacy idmapper upcall (git-fixes). - NFS: Handle NFS4ERR_DELAY replies to OP_SEQUENCE correctly (git-fixes). - NFS: RECLAIM_COMPLETE must handle EACCES (git-fixes). - NFSD: Fix offset type in I/O trace points (git-fixes). - nvme-fabrics: parse nvme connect Linux error codes (bsc#1201865). - nvme-rdma: Handle number of queue changes (bsc#1201865). - nvme-tcp: fix UAF when detecting digest errors (bsc#1200313 bsc#1201489). - nvme-tcp: Handle number of queue changes (bsc#1201865). - nvmet: Expose max queues to configfs (bsc#1201865). - of: device: Fix up of_dma_configure_id() stub (git-fixes). - of: fdt: fix off-by-one error in unflatten_dt_nodes() (git-fixes). - pinctrl: rockchip: Enhance support for IRQ_TYPE_EDGE_BOTH (git-fixes). - platform/x86: acer-wmi: Acer Aspire One AOD270/Packard Bell Dot keymap fixes (git-fixes). - powerpc/drmem: Make lmb_size 64 bit (bsc#1203424 ltc#199544). - powerpc/memhotplug: Make lmb size 64bit (bsc#1203424 ltc#199544). - ppc64/kdump: Limit kdump base to 512MB (bsc#1203410 ltc#199904). - psi: Fix uaf issue when psi trigger is destroyed while being polled (bsc#1203909). - regulator: core: Clean up on enable failure (git-fixes). - s390/qeth: cache link_info for ethtool (bsc#1202984 LTC#199607). - s390/qeth: clean up default cases for ethtool link mode (bsc#1202984 LTC#199607). - s390/qeth: improve QUERY CARD INFO processing (bsc#1202984 LTC#199607). - s390/qeth: improve selection of ethtool link modes (bsc#1202984 LTC#199607). - s390/qeth: set static link info during initialization (bsc#1202984 LTC#199607). - s390/qeth: tolerate error when querying card info (bsc#1202984 LTC#199607). - s390/qeth: use QUERY OAT for initial link info (bsc#1202984 LTC#199607). - scsi: core: Fix bad pointer dereference when ehandler kthread is invalid (git-fixes). - scsi: lpfc: Add missing destroy_workqueue() in error path (bsc#1203939). - scsi: lpfc: Add missing free iocb and nlp kref put for early return VMID cases (bsc#1203939). - scsi: lpfc: Add reporting capability for Link Degrade Signaling (bsc#1203939). - scsi: lpfc: Fix FLOGI ACC with wrong SID in PT2PT topology (bsc#1203939). - scsi: lpfc: Fix mbuf pool resource detected as busy at driver unload (bsc#1203939). - scsi: lpfc: Fix multiple NVMe remoteport registration calls for the same NPort ID (bsc#1203939). - scsi: lpfc: Fix prli_fc4_req checks in PRLI handling (bsc#1203939). - scsi: lpfc: Fix various issues reported by tools (bsc#1203939). - scsi: lpfc: Move scsi_host_template outside dynamically allocated/freed phba (bsc#1185032 bsc#1203939). - scsi: lpfc: Remove the unneeded result variable (bsc#1203939). - scsi: lpfc: Remove unneeded result variable (bsc#1203939). - scsi: lpfc: Rename mp/bmp dma buffers to rq/rsp in lpfc_fdmi_cmd (bsc#1203939). - scsi: lpfc: Return DID_TRANSPORT_DISRUPTED instead of DID_REQUEUE (bsc#1203939). - scsi: lpfc: Rework FDMI attribute registration for unintential padding (bsc#1203939). - scsi: lpfc: Rework lpfc_fdmi_cmd() routine for cleanup and consistency (bsc#1203939). - scsi: lpfc: Update congestion mode logging for Emulex SAN Manager application (bsc#1203939). - scsi: lpfc: Update lpfc version to 14.2.0.7 (bsc#1203939). - scsi: mpt3sas: Fix use-after-free warning (git-fixes). - scsi: qla2xxx: Add debugfs create/delete helpers (bsc#1203935). - scsi: qla2xxx: Add NVMe parameters support in Auxiliary Image Status (bsc#1203935). - scsi: qla2xxx: Always wait for qlt_sess_work_fn() from qlt_stop_phase1() (bsc#1203935). - scsi: qla2xxx: Avoid flush_scheduled_work() usage (bsc#1203935). - scsi: qla2xxx: Disable ATIO interrupt coalesce for quad port ISP27XX (bsc#1203935). - scsi: qla2xxx: Drop DID_TARGET_FAILURE use (bsc#1203935). - scsi: qla2xxx: Fix memory leak in __qlt_24xx_handle_abts() (bsc#1203935). - scsi: qla2xxx: Fix response queue handler reading stale packets (bsc#1203935). - scsi: qla2xxx: Log message "skipping scsi_scan_host()" as informational (bsc#1203935). - scsi: qla2xxx: Remove unused declarations for qla2xxx (bsc#1203935). - scsi: qla2xxx: Remove unused del_sess_list field (bsc#1203935). - scsi: qla2xxx: Remove unused qlt_tmr_work() (bsc#1203935). - scsi: qla2xxx: Revert "scsi: qla2xxx: Fix response queue handler reading stale packets" (bsc#1203935). - scsi: qla2xxx: Update version to 10.02.07.900-k (bsc#1203935). - scsi: sg: Allow waiting for commands to complete on removed device (git-fixes). - scsi: smartpqi: Fix DMA direction for RAID requests (git-fixes). - scsi: smartpqi: Shorten drive visibility after removal (bsc#1200622). - scsi: smartpqi: Update LUN reset handler (bsc#1200622). - soc: brcmstb: pm-arm: Fix refcount leak and __iomem leak bugs (git-fixes). - squashfs: fix divide error in calculate_skip() (git-fixes). - struct ehci_hcd: hide new member (git-fixes). - struct otg_fsm: hide new boolean member in gap (git-fixes). - SUNRPC: Do not call connect() more than once on a TCP socket (git-fixes). - SUNRPC: Do not leak sockets in xs_local_connect() (git-fixes). - SUNRPC: fix expiry of auth creds (git-fixes). - SUNRPC: Fix misplaced barrier in call_decode (git-fixes). - SUNRPC: Partial revert of commit 6f9f17287e78 (git-fixes). - SUNRPC: Reinitialise the backchannel request buffers before reuse (git-fixes). - SUNRPC: RPC level errors should set task->tk_rpc_status (git-fixes). - svcrdma: Hold private mutex while invoking rdma_accept() (git-fixes). - tracing: hold caller_addr to hardirq_{enable,disable}_ip (git-fixes). - USB: Add ignore-residue quirk for NXP PN7462AU (git-fixes). - USB: cdc-acm: Add Icom PMR F3400 support (0c26:0020) (git-fixes). - USB: core: Fix RST error in hub.c (git-fixes). - USB: core: Prevent nested device-reset calls (git-fixes). - USB: dwc3: disable USB core PHY management (git-fixes). - USB: ehci: handshake CMD_RUN instead of STS_HALT (git-fixes). - USB: otg-fsm: Fix hrtimer list corruption (git-fixes). - USB: serial: ch341: fix disabled rx timer on older devices (git-fixes). - USB: serial: ch341: fix lost character on LCR updates (git-fixes). - USB: serial: ch341: name prescaler, divisor registers (git-fixes). - USB: serial: cp210x: add Decagon UCA device id (git-fixes). - USB: serial: ftdi_sio: add Omron CS1W-CIF31 device id (git-fixes). - USB: serial: option: add Quectel EM060K modem (git-fixes). - USB: serial: option: add support for Cinterion MV32-WA/WB RmNet mode (git-fixes). - USB: serial: option: add support for OPPO R11 diag port (git-fixes). - USB: storage: Add ASUS <0x0b05:0x1932> to IGNORE_UAS (git-fixes). - USB: struct usb_device: hide new member (git-fixes). - usbnet: Fix memory leak in usbnet_disconnect() (git-fixes). - vt: Clear selection before changing the font (git-fixes). - vt: selection, introduce vc_is_sel (git-fixes). - watchdog: wdat_wdt: Set the min and max timeout values properly (bsc#1194023). - wifi: iwlegacy: 4965: corrected fix for potential off-by-one overflow in il4965_rs_fill_link_cmd() (git-fixes). - x86/bugs: Reenable retbleed=off While for older kernels the return thunks are statically built in and cannot be dynamically patched out, retbleed=off should still work so that it can be disabled. - x86/kexec: fix memory leak of elf header buffer (bsc#1196444). - x86/xen: Remove undefined behavior in setup_features() (git-fixes). - xen/xenbus: fix return type in xenbus_file_read() (git-fixes). - xprtrdma: Fix cwnd update ordering (git-fixes). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap Micro 5.2: zypper in -t patch openSUSE-Leap-Micro-5.2-2022-3775=1 - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3775=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-3775=1 - SUSE Linux Enterprise Workstation Extension 15-SP3: zypper in -t patch SUSE-SLE-Product-WE-15-SP3-2022-3775=1 - SUSE Linux Enterprise Module for Live Patching 15-SP3: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2022-3775=1 Please note that this is the initial kernel livepatch without fixes itself, this livepatch package is later updated by seperate standalone livepatch updates. - SUSE Linux Enterprise Module for Legacy Software 15-SP3: zypper in -t patch SUSE-SLE-Module-Legacy-15-SP3-2022-3775=1 - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2022-3775=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-3775=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-3775=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-3775=1 - SUSE Linux Enterprise High Availability 15-SP3: zypper in -t patch SUSE-SLE-Product-HA-15-SP3-2022-3775=1 Package List: - openSUSE Leap Micro 5.2 (aarch64 x86_64): kernel-default-5.3.18-150300.59.98.1 kernel-default-base-5.3.18-150300.59.98.1.150300.18.56.3 kernel-default-debuginfo-5.3.18-150300.59.98.1 kernel-default-debugsource-5.3.18-150300.59.98.1 - openSUSE Leap 15.4 (aarch64): dtb-al-5.3.18-150300.59.98.1 dtb-zte-5.3.18-150300.59.98.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): cluster-md-kmp-default-5.3.18-150300.59.98.1 cluster-md-kmp-default-debuginfo-5.3.18-150300.59.98.1 dlm-kmp-default-5.3.18-150300.59.98.1 dlm-kmp-default-debuginfo-5.3.18-150300.59.98.1 gfs2-kmp-default-5.3.18-150300.59.98.1 gfs2-kmp-default-debuginfo-5.3.18-150300.59.98.1 kernel-default-5.3.18-150300.59.98.1 kernel-default-base-5.3.18-150300.59.98.1.150300.18.56.3 kernel-default-base-rebuild-5.3.18-150300.59.98.1.150300.18.56.3 kernel-default-debuginfo-5.3.18-150300.59.98.1 kernel-default-debugsource-5.3.18-150300.59.98.1 kernel-default-devel-5.3.18-150300.59.98.1 kernel-default-devel-debuginfo-5.3.18-150300.59.98.1 kernel-default-extra-5.3.18-150300.59.98.1 kernel-default-extra-debuginfo-5.3.18-150300.59.98.1 kernel-default-livepatch-5.3.18-150300.59.98.1 kernel-default-livepatch-devel-5.3.18-150300.59.98.1 kernel-default-optional-5.3.18-150300.59.98.1 kernel-default-optional-debuginfo-5.3.18-150300.59.98.1 kernel-obs-build-5.3.18-150300.59.98.1 kernel-obs-build-debugsource-5.3.18-150300.59.98.1 kernel-obs-qa-5.3.18-150300.59.98.1 kernel-syms-5.3.18-150300.59.98.1 kselftests-kmp-default-5.3.18-150300.59.98.1 kselftests-kmp-default-debuginfo-5.3.18-150300.59.98.1 ocfs2-kmp-default-5.3.18-150300.59.98.1 ocfs2-kmp-default-debuginfo-5.3.18-150300.59.98.1 reiserfs-kmp-default-5.3.18-150300.59.98.1 reiserfs-kmp-default-debuginfo-5.3.18-150300.59.98.1 - openSUSE Leap 15.3 (ppc64le x86_64): kernel-debug-5.3.18-150300.59.98.1 kernel-debug-debuginfo-5.3.18-150300.59.98.1 kernel-debug-debugsource-5.3.18-150300.59.98.1 kernel-debug-devel-5.3.18-150300.59.98.1 kernel-debug-devel-debuginfo-5.3.18-150300.59.98.1 kernel-debug-livepatch-devel-5.3.18-150300.59.98.1 kernel-kvmsmall-5.3.18-150300.59.98.1 kernel-kvmsmall-debuginfo-5.3.18-150300.59.98.1 kernel-kvmsmall-debugsource-5.3.18-150300.59.98.1 kernel-kvmsmall-devel-5.3.18-150300.59.98.1 kernel-kvmsmall-devel-debuginfo-5.3.18-150300.59.98.1 kernel-kvmsmall-livepatch-devel-5.3.18-150300.59.98.1 - openSUSE Leap 15.3 (aarch64 x86_64): cluster-md-kmp-preempt-5.3.18-150300.59.98.1 cluster-md-kmp-preempt-debuginfo-5.3.18-150300.59.98.1 dlm-kmp-preempt-5.3.18-150300.59.98.1 dlm-kmp-preempt-debuginfo-5.3.18-150300.59.98.1 gfs2-kmp-preempt-5.3.18-150300.59.98.1 gfs2-kmp-preempt-debuginfo-5.3.18-150300.59.98.1 kernel-preempt-5.3.18-150300.59.98.1 kernel-preempt-debuginfo-5.3.18-150300.59.98.1 kernel-preempt-debugsource-5.3.18-150300.59.98.1 kernel-preempt-devel-5.3.18-150300.59.98.1 kernel-preempt-devel-debuginfo-5.3.18-150300.59.98.1 kernel-preempt-extra-5.3.18-150300.59.98.1 kernel-preempt-extra-debuginfo-5.3.18-150300.59.98.1 kernel-preempt-livepatch-devel-5.3.18-150300.59.98.1 kernel-preempt-optional-5.3.18-150300.59.98.1 kernel-preempt-optional-debuginfo-5.3.18-150300.59.98.1 kselftests-kmp-preempt-5.3.18-150300.59.98.1 kselftests-kmp-preempt-debuginfo-5.3.18-150300.59.98.1 ocfs2-kmp-preempt-5.3.18-150300.59.98.1 ocfs2-kmp-preempt-debuginfo-5.3.18-150300.59.98.1 reiserfs-kmp-preempt-5.3.18-150300.59.98.1 reiserfs-kmp-preempt-debuginfo-5.3.18-150300.59.98.1 - openSUSE Leap 15.3 (aarch64): cluster-md-kmp-64kb-5.3.18-150300.59.98.1 cluster-md-kmp-64kb-debuginfo-5.3.18-150300.59.98.1 dlm-kmp-64kb-5.3.18-150300.59.98.1 dlm-kmp-64kb-debuginfo-5.3.18-150300.59.98.1 dtb-al-5.3.18-150300.59.98.1 dtb-allwinner-5.3.18-150300.59.98.1 dtb-altera-5.3.18-150300.59.98.1 dtb-amd-5.3.18-150300.59.98.1 dtb-amlogic-5.3.18-150300.59.98.1 dtb-apm-5.3.18-150300.59.98.1 dtb-arm-5.3.18-150300.59.98.1 dtb-broadcom-5.3.18-150300.59.98.1 dtb-cavium-5.3.18-150300.59.98.1 dtb-exynos-5.3.18-150300.59.98.1 dtb-freescale-5.3.18-150300.59.98.1 dtb-hisilicon-5.3.18-150300.59.98.1 dtb-lg-5.3.18-150300.59.98.1 dtb-marvell-5.3.18-150300.59.98.1 dtb-mediatek-5.3.18-150300.59.98.1 dtb-nvidia-5.3.18-150300.59.98.1 dtb-qcom-5.3.18-150300.59.98.1 dtb-renesas-5.3.18-150300.59.98.1 dtb-rockchip-5.3.18-150300.59.98.1 dtb-socionext-5.3.18-150300.59.98.1 dtb-sprd-5.3.18-150300.59.98.1 dtb-xilinx-5.3.18-150300.59.98.1 dtb-zte-5.3.18-150300.59.98.1 gfs2-kmp-64kb-5.3.18-150300.59.98.1 gfs2-kmp-64kb-debuginfo-5.3.18-150300.59.98.1 kernel-64kb-5.3.18-150300.59.98.1 kernel-64kb-debuginfo-5.3.18-150300.59.98.1 kernel-64kb-debugsource-5.3.18-150300.59.98.1 kernel-64kb-devel-5.3.18-150300.59.98.1 kernel-64kb-devel-debuginfo-5.3.18-150300.59.98.1 kernel-64kb-extra-5.3.18-150300.59.98.1 kernel-64kb-extra-debuginfo-5.3.18-150300.59.98.1 kernel-64kb-livepatch-devel-5.3.18-150300.59.98.1 kernel-64kb-optional-5.3.18-150300.59.98.1 kernel-64kb-optional-debuginfo-5.3.18-150300.59.98.1 kselftests-kmp-64kb-5.3.18-150300.59.98.1 kselftests-kmp-64kb-debuginfo-5.3.18-150300.59.98.1 ocfs2-kmp-64kb-5.3.18-150300.59.98.1 ocfs2-kmp-64kb-debuginfo-5.3.18-150300.59.98.1 reiserfs-kmp-64kb-5.3.18-150300.59.98.1 reiserfs-kmp-64kb-debuginfo-5.3.18-150300.59.98.1 - openSUSE Leap 15.3 (noarch): kernel-devel-5.3.18-150300.59.98.1 kernel-docs-5.3.18-150300.59.98.1 kernel-docs-html-5.3.18-150300.59.98.1 kernel-macros-5.3.18-150300.59.98.1 kernel-source-5.3.18-150300.59.98.1 kernel-source-vanilla-5.3.18-150300.59.98.1 - openSUSE Leap 15.3 (s390x): kernel-zfcpdump-5.3.18-150300.59.98.1 kernel-zfcpdump-debuginfo-5.3.18-150300.59.98.1 kernel-zfcpdump-debugsource-5.3.18-150300.59.98.1 - SUSE Linux Enterprise Workstation Extension 15-SP3 (x86_64): kernel-default-debuginfo-5.3.18-150300.59.98.1 kernel-default-debugsource-5.3.18-150300.59.98.1 kernel-default-extra-5.3.18-150300.59.98.1 kernel-default-extra-debuginfo-5.3.18-150300.59.98.1 kernel-preempt-debuginfo-5.3.18-150300.59.98.1 kernel-preempt-debugsource-5.3.18-150300.59.98.1 kernel-preempt-extra-5.3.18-150300.59.98.1 kernel-preempt-extra-debuginfo-5.3.18-150300.59.98.1 - SUSE Linux Enterprise Module for Live Patching 15-SP3 (ppc64le s390x x86_64): kernel-default-debuginfo-5.3.18-150300.59.98.1 kernel-default-debugsource-5.3.18-150300.59.98.1 kernel-default-livepatch-5.3.18-150300.59.98.1 kernel-default-livepatch-devel-5.3.18-150300.59.98.1 kernel-livepatch-5_3_18-150300_59_98-default-1-150300.7.5.1 - SUSE Linux Enterprise Module for Legacy Software 15-SP3 (aarch64 ppc64le s390x x86_64): kernel-default-debuginfo-5.3.18-150300.59.98.1 kernel-default-debugsource-5.3.18-150300.59.98.1 reiserfs-kmp-default-5.3.18-150300.59.98.1 reiserfs-kmp-default-debuginfo-5.3.18-150300.59.98.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le s390x x86_64): kernel-obs-build-5.3.18-150300.59.98.1 kernel-obs-build-debugsource-5.3.18-150300.59.98.1 kernel-syms-5.3.18-150300.59.98.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 x86_64): kernel-preempt-debuginfo-5.3.18-150300.59.98.1 kernel-preempt-debugsource-5.3.18-150300.59.98.1 kernel-preempt-devel-5.3.18-150300.59.98.1 kernel-preempt-devel-debuginfo-5.3.18-150300.59.98.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (noarch): kernel-docs-5.3.18-150300.59.98.1 kernel-source-5.3.18-150300.59.98.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): kernel-default-5.3.18-150300.59.98.1 kernel-default-base-5.3.18-150300.59.98.1.150300.18.56.3 kernel-default-debuginfo-5.3.18-150300.59.98.1 kernel-default-debugsource-5.3.18-150300.59.98.1 kernel-default-devel-5.3.18-150300.59.98.1 kernel-default-devel-debuginfo-5.3.18-150300.59.98.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 x86_64): kernel-preempt-5.3.18-150300.59.98.1 kernel-preempt-debuginfo-5.3.18-150300.59.98.1 kernel-preempt-debugsource-5.3.18-150300.59.98.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64): kernel-64kb-5.3.18-150300.59.98.1 kernel-64kb-debuginfo-5.3.18-150300.59.98.1 kernel-64kb-debugsource-5.3.18-150300.59.98.1 kernel-64kb-devel-5.3.18-150300.59.98.1 kernel-64kb-devel-debuginfo-5.3.18-150300.59.98.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): kernel-devel-5.3.18-150300.59.98.1 kernel-macros-5.3.18-150300.59.98.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (s390x): kernel-zfcpdump-5.3.18-150300.59.98.1 kernel-zfcpdump-debuginfo-5.3.18-150300.59.98.1 kernel-zfcpdump-debugsource-5.3.18-150300.59.98.1 - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): kernel-default-5.3.18-150300.59.98.1 kernel-default-base-5.3.18-150300.59.98.1.150300.18.56.3 kernel-default-debuginfo-5.3.18-150300.59.98.1 kernel-default-debugsource-5.3.18-150300.59.98.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): kernel-default-5.3.18-150300.59.98.1 kernel-default-base-5.3.18-150300.59.98.1.150300.18.56.3 kernel-default-debuginfo-5.3.18-150300.59.98.1 kernel-default-debugsource-5.3.18-150300.59.98.1 - SUSE Linux Enterprise High Availability 15-SP3 (aarch64 ppc64le s390x x86_64): cluster-md-kmp-default-5.3.18-150300.59.98.1 cluster-md-kmp-default-debuginfo-5.3.18-150300.59.98.1 dlm-kmp-default-5.3.18-150300.59.98.1 dlm-kmp-default-debuginfo-5.3.18-150300.59.98.1 gfs2-kmp-default-5.3.18-150300.59.98.1 gfs2-kmp-default-debuginfo-5.3.18-150300.59.98.1 kernel-default-debuginfo-5.3.18-150300.59.98.1 kernel-default-debugsource-5.3.18-150300.59.98.1 ocfs2-kmp-default-5.3.18-150300.59.98.1 ocfs2-kmp-default-debuginfo-5.3.18-150300.59.98.1 References: https://www.suse.com/security/cve/CVE-2020-16119.html https://www.suse.com/security/cve/CVE-2022-20008.html https://www.suse.com/security/cve/CVE-2022-2503.html https://www.suse.com/security/cve/CVE-2022-2586.html https://www.suse.com/security/cve/CVE-2022-3169.html https://www.suse.com/security/cve/CVE-2022-3239.html https://www.suse.com/security/cve/CVE-2022-3303.html https://www.suse.com/security/cve/CVE-2022-40768.html https://www.suse.com/security/cve/CVE-2022-41218.html https://www.suse.com/security/cve/CVE-2022-41222.html https://www.suse.com/security/cve/CVE-2022-41674.html https://www.suse.com/security/cve/CVE-2022-41848.html https://www.suse.com/security/cve/CVE-2022-41849.html https://www.suse.com/security/cve/CVE-2022-42719.html https://www.suse.com/security/cve/CVE-2022-42720.html https://www.suse.com/security/cve/CVE-2022-42721.html https://www.suse.com/security/cve/CVE-2022-42722.html https://bugzilla.suse.com/1177471 https://bugzilla.suse.com/1185032 https://bugzilla.suse.com/1194023 https://bugzilla.suse.com/1196444 https://bugzilla.suse.com/1197659 https://bugzilla.suse.com/1199564 https://bugzilla.suse.com/1200313 https://bugzilla.suse.com/1200622 https://bugzilla.suse.com/1201309 https://bugzilla.suse.com/1201310 https://bugzilla.suse.com/1201489 https://bugzilla.suse.com/1201645 https://bugzilla.suse.com/1201865 https://bugzilla.suse.com/1201990 https://bugzilla.suse.com/1202095 https://bugzilla.suse.com/1202341 https://bugzilla.suse.com/1202385 https://bugzilla.suse.com/1202677 https://bugzilla.suse.com/1202960 https://bugzilla.suse.com/1202984 https://bugzilla.suse.com/1203159 https://bugzilla.suse.com/1203290 https://bugzilla.suse.com/1203313 https://bugzilla.suse.com/1203389 https://bugzilla.suse.com/1203410 https://bugzilla.suse.com/1203424 https://bugzilla.suse.com/1203514 https://bugzilla.suse.com/1203552 https://bugzilla.suse.com/1203622 https://bugzilla.suse.com/1203737 https://bugzilla.suse.com/1203769 https://bugzilla.suse.com/1203770 https://bugzilla.suse.com/1203906 https://bugzilla.suse.com/1203909 https://bugzilla.suse.com/1203935 https://bugzilla.suse.com/1203939 https://bugzilla.suse.com/1203987 https://bugzilla.suse.com/1203992 https://bugzilla.suse.com/1204051 https://bugzilla.suse.com/1204059 https://bugzilla.suse.com/1204060 https://bugzilla.suse.com/1204125 https://bugzilla.suse.com/1204289 https://bugzilla.suse.com/1204290 https://bugzilla.suse.com/1204291 https://bugzilla.suse.com/1204292 From sle-updates at lists.suse.com Wed Oct 26 14:17:13 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 Oct 2022 16:17:13 +0200 (CEST) Subject: SUSE-RU-2022:3752-1: moderate: Recommended update for Salt Message-ID: <20221026141713.1A5D7FDD6@maintenance.suse.de> SUSE Recommended Update: Recommended update for Salt ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:3752-1 Rating: moderate References: #1195624 #1199562 #1200596 #1202165 #1202167 #1202631 Affected Products: SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server for SAP 15 ______________________________________________________________________________ An update that has 6 recommended fixes can now be installed. Description: This update fixes the following issues: salt: - Handle non-UTF-8 bytes in core grains generation (bsc#1202165) - Fix Syndic authentication errors (bsc#1199562) - Add Amazon EC2 detection for virtual grains (bsc#1195624) - Fix the regression in schedule module releasded in 3004 (bsc#1202631) - Fix state.apply in test mode with file state module on user/group checking (bsc#1202167) - Change the delimeters to prevent possible tracebacks on some packages with dpkg_lowpkg - Make zypperpkg to retry if RPM lock is temporarily unavailable (bsc#1200596) - Fix test_ipc unit test Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-3752=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-3752=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-3752=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-3752=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): python3-salt-3004-150000.8.41.46.1 salt-3004-150000.8.41.46.1 salt-api-3004-150000.8.41.46.1 salt-cloud-3004-150000.8.41.46.1 salt-doc-3004-150000.8.41.46.1 salt-master-3004-150000.8.41.46.1 salt-minion-3004-150000.8.41.46.1 salt-proxy-3004-150000.8.41.46.1 salt-ssh-3004-150000.8.41.46.1 salt-standalone-formulas-configuration-3004-150000.8.41.46.1 salt-syndic-3004-150000.8.41.46.1 salt-transactional-update-3004-150000.8.41.46.1 - SUSE Linux Enterprise Server for SAP 15 (noarch): salt-bash-completion-3004-150000.8.41.46.1 salt-fish-completion-3004-150000.8.41.46.1 salt-zsh-completion-3004-150000.8.41.46.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): python3-salt-3004-150000.8.41.46.1 salt-3004-150000.8.41.46.1 salt-api-3004-150000.8.41.46.1 salt-cloud-3004-150000.8.41.46.1 salt-doc-3004-150000.8.41.46.1 salt-master-3004-150000.8.41.46.1 salt-minion-3004-150000.8.41.46.1 salt-proxy-3004-150000.8.41.46.1 salt-ssh-3004-150000.8.41.46.1 salt-standalone-formulas-configuration-3004-150000.8.41.46.1 salt-syndic-3004-150000.8.41.46.1 salt-transactional-update-3004-150000.8.41.46.1 - SUSE Linux Enterprise Server 15-LTSS (noarch): salt-bash-completion-3004-150000.8.41.46.1 salt-fish-completion-3004-150000.8.41.46.1 salt-zsh-completion-3004-150000.8.41.46.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): python3-salt-3004-150000.8.41.46.1 salt-3004-150000.8.41.46.1 salt-api-3004-150000.8.41.46.1 salt-cloud-3004-150000.8.41.46.1 salt-doc-3004-150000.8.41.46.1 salt-master-3004-150000.8.41.46.1 salt-minion-3004-150000.8.41.46.1 salt-proxy-3004-150000.8.41.46.1 salt-ssh-3004-150000.8.41.46.1 salt-standalone-formulas-configuration-3004-150000.8.41.46.1 salt-syndic-3004-150000.8.41.46.1 salt-transactional-update-3004-150000.8.41.46.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch): salt-bash-completion-3004-150000.8.41.46.1 salt-fish-completion-3004-150000.8.41.46.1 salt-zsh-completion-3004-150000.8.41.46.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): python3-salt-3004-150000.8.41.46.1 salt-3004-150000.8.41.46.1 salt-api-3004-150000.8.41.46.1 salt-cloud-3004-150000.8.41.46.1 salt-doc-3004-150000.8.41.46.1 salt-master-3004-150000.8.41.46.1 salt-minion-3004-150000.8.41.46.1 salt-proxy-3004-150000.8.41.46.1 salt-ssh-3004-150000.8.41.46.1 salt-standalone-formulas-configuration-3004-150000.8.41.46.1 salt-syndic-3004-150000.8.41.46.1 salt-transactional-update-3004-150000.8.41.46.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch): salt-bash-completion-3004-150000.8.41.46.1 salt-fish-completion-3004-150000.8.41.46.1 salt-zsh-completion-3004-150000.8.41.46.1 References: https://bugzilla.suse.com/1195624 https://bugzilla.suse.com/1199562 https://bugzilla.suse.com/1200596 https://bugzilla.suse.com/1202165 https://bugzilla.suse.com/1202167 https://bugzilla.suse.com/1202631 From sle-updates at lists.suse.com Wed Oct 26 14:18:28 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 Oct 2022 16:18:28 +0200 (CEST) Subject: SUSE-SU-2022:3760-1: important: Security update for netty Message-ID: <20221026141828.51C1CFDD6@maintenance.suse.de> SUSE Security Update: Security update for netty ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3760-1 Rating: important References: #1168932 #1182103 #1190610 #1190613 Cross-References: CVE-2020-11612 CVE-2021-21290 CVE-2021-37136 CVE-2021-37137 CVSS scores: CVE-2020-11612 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2020-11612 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2021-21290 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2021-21290 (SUSE): 2.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2021-37136 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-37136 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-37137 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-37137 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Module for SUSE Manager Server 4.3 SUSE Manager Server 4.3 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for netty fixes the following issues: - CVE-2020-11612: The ZlibDecoders allow for unbounded memory allocation while decoding a byte stream (bsc#1168932) - CVE-2021-21290: Information disclosure via the local system temporary directory (bsc#1182103) - CVE-2021-37136: Bzip2Decoder doesn't allow setting size restrictions for decompressed data (bsc#1190610) - CVE-2021-37137: Snappy frame decoder doesn't restrict the chunk length and may buffer skippable chunks (bsc#1190613) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for SUSE Manager Server 4.3: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.3-2022-3760=1 Package List: - SUSE Linux Enterprise Module for SUSE Manager Server 4.3 (noarch): netty-4.1.44.Final-150400.3.3.2 References: https://www.suse.com/security/cve/CVE-2020-11612.html https://www.suse.com/security/cve/CVE-2021-21290.html https://www.suse.com/security/cve/CVE-2021-37136.html https://www.suse.com/security/cve/CVE-2021-37137.html https://bugzilla.suse.com/1168932 https://bugzilla.suse.com/1182103 https://bugzilla.suse.com/1190610 https://bugzilla.suse.com/1190613 From sle-updates at lists.suse.com Wed Oct 26 14:19:22 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 Oct 2022 16:19:22 +0200 (CEST) Subject: SUSE-RU-2022:3764-1: moderate: Recommended update for SUSE Manager Salt Bundle Message-ID: <20221026141922.3E5DBFDD6@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager Salt Bundle ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:3764-1 Rating: moderate References: #1195624 #1199562 #1200596 #1202165 #1202167 #1202631 Affected Products: SUSE Manager Debian 10-CLIENT-TOOLS ______________________________________________________________________________ An update that has 6 recommended fixes can now be installed. Description: This update fixes the following issues: venv-salt-minion: - Remove kiwi python module from the bundle as no longer required - Handle non-UTF-8 bytes in core grains generation (bsc#1202165) - Don't include kiwi binaries - Fix Syndic authentication errors (bsc#1199562) - Add Amazon EC2 detection for virtual grains (bsc#1195624) - Fix the regression in schedule module releasded in 3004 (bsc#1202631) - Fix state.apply in test mode with file state module on user/group checking (bsc#1202167) - Change the delimeters to prevent possible tracebacks on some packages with dpkg_lowpkg - Make zypperpkg to retry if RPM lock is temporarily unavailable (bsc#1200596) - Add SELinux profile to the package instead of using semanage - Remove Build ID links from the virtual environment and disable generating new links on building the package - Remove packages.log from the virtual environment - Fix test_ipc unit test Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Debian 10-CLIENT-TOOLS: zypper in -t patch SUSE-Debian-10-CLIENT-TOOLS-x86_64-2022-3764=1 Package List: - SUSE Manager Debian 10-CLIENT-TOOLS (amd64): venv-salt-minion-3004-2.14.1 References: https://bugzilla.suse.com/1195624 https://bugzilla.suse.com/1199562 https://bugzilla.suse.com/1200596 https://bugzilla.suse.com/1202165 https://bugzilla.suse.com/1202167 https://bugzilla.suse.com/1202631 From sle-updates at lists.suse.com Wed Oct 26 16:21:23 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 Oct 2022 18:21:23 +0200 (CEST) Subject: SUSE-SU-2022:3779-1: important: Security update for the Linux Kernel Message-ID: <20221026162123.CD2F9FDB8@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3779-1 Rating: important References: #1202677 #1202960 #1203552 #1203769 Cross-References: CVE-2022-2503 CVE-2022-3239 CVE-2022-3303 CVE-2022-41218 CVSS scores: CVE-2022-2503 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-2503 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-3239 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3239 (SUSE): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-3303 (NVD) : 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3303 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2022-41218 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-41218 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: The SUSE Linux Enterprise 12-SP2 kernel was updated receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-3303: Fixed a race condition in the sound subsystem due to improper locking (bnc#1203769). - CVE-2022-41218: Fixed an use-after-free caused by refcount races in drivers/media/dvb-core/dmxdev.c (bnc#1202960). - CVE-2022-3239: Fixed an use-after-free in the video4linux driver that could lead a local user to able to crash the system or escalate their privileges (bnc#1203552). - CVE-2022-2503: Fixed a vulnerability that allowed root to bypass LoadPin and load untrusted and unverified kernel modules and firmware (bnc#1202677). The following non-security bugs were fixed: - x86/bugs: Reenable retbleed=off While for older kernels the return thunks are statically built in and cannot be dynamically patched out, retbleed=off should still be possible to do so that the mitigation can still be disabled on Intel who do not use the return thunks but IBRS. Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2022-3779=1 Package List: - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): kernel-default-4.4.121-92.191.1 kernel-default-base-4.4.121-92.191.1 kernel-default-base-debuginfo-4.4.121-92.191.1 kernel-default-debuginfo-4.4.121-92.191.1 kernel-default-debugsource-4.4.121-92.191.1 kernel-default-devel-4.4.121-92.191.1 kernel-syms-4.4.121-92.191.1 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): kernel-devel-4.4.121-92.191.1 kernel-macros-4.4.121-92.191.1 kernel-source-4.4.121-92.191.1 References: https://www.suse.com/security/cve/CVE-2022-2503.html https://www.suse.com/security/cve/CVE-2022-3239.html https://www.suse.com/security/cve/CVE-2022-3303.html https://www.suse.com/security/cve/CVE-2022-41218.html https://bugzilla.suse.com/1202677 https://bugzilla.suse.com/1202960 https://bugzilla.suse.com/1203552 https://bugzilla.suse.com/1203769 From sle-updates at lists.suse.com Wed Oct 26 16:22:42 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 Oct 2022 18:22:42 +0200 (CEST) Subject: SUSE-RU-2022:3776-1: important: Recommended update for permissions Message-ID: <20221026162242.0F3C4FDB8@maintenance.suse.de> SUSE Recommended Update: Recommended update for permissions ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:3776-1 Rating: important References: #1203911 #1204137 Affected Products: SUSE Enterprise Storage 7 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.1 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.1 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap Micro 5.2 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for permissions fixes the following issues: - Revert changes that replaced ping capabilities with ICMP_PROTO sockets. Older SUSE Linux Enterprise versions don't properly support ICMP_PROTO sockets feature yet (bsc#1204137) - Fix regression introduced by backport of security fix (bsc#1203911) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap Micro 5.2: zypper in -t patch openSUSE-Leap-Micro-5.2-2022-3776=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-3776=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-3776=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-3776=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-3776=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-3776=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-3776=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-3776=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-3776=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-3776=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-3776=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-3776=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-3776=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-3776=1 Package List: - openSUSE Leap Micro 5.2 (aarch64 x86_64): permissions-20181225-150200.23.20.1 permissions-debuginfo-20181225-150200.23.20.1 permissions-debugsource-20181225-150200.23.20.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): permissions-20181225-150200.23.20.1 permissions-debuginfo-20181225-150200.23.20.1 permissions-debugsource-20181225-150200.23.20.1 - openSUSE Leap 15.3 (noarch): permissions-zypp-plugin-20181225-150200.23.20.1 - SUSE Manager Server 4.1 (ppc64le s390x x86_64): permissions-20181225-150200.23.20.1 permissions-debuginfo-20181225-150200.23.20.1 permissions-debugsource-20181225-150200.23.20.1 - SUSE Manager Server 4.1 (noarch): permissions-zypp-plugin-20181225-150200.23.20.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): permissions-20181225-150200.23.20.1 permissions-debuginfo-20181225-150200.23.20.1 permissions-debugsource-20181225-150200.23.20.1 - SUSE Manager Retail Branch Server 4.1 (noarch): permissions-zypp-plugin-20181225-150200.23.20.1 - SUSE Manager Proxy 4.1 (noarch): permissions-zypp-plugin-20181225-150200.23.20.1 - SUSE Manager Proxy 4.1 (x86_64): permissions-20181225-150200.23.20.1 permissions-debuginfo-20181225-150200.23.20.1 permissions-debugsource-20181225-150200.23.20.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): permissions-20181225-150200.23.20.1 permissions-debuginfo-20181225-150200.23.20.1 permissions-debugsource-20181225-150200.23.20.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (noarch): permissions-zypp-plugin-20181225-150200.23.20.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): permissions-20181225-150200.23.20.1 permissions-debuginfo-20181225-150200.23.20.1 permissions-debugsource-20181225-150200.23.20.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (noarch): permissions-zypp-plugin-20181225-150200.23.20.1 - SUSE Linux Enterprise Server 15-SP2-BCL (noarch): permissions-zypp-plugin-20181225-150200.23.20.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): permissions-20181225-150200.23.20.1 permissions-debuginfo-20181225-150200.23.20.1 permissions-debugsource-20181225-150200.23.20.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): permissions-20181225-150200.23.20.1 permissions-debuginfo-20181225-150200.23.20.1 permissions-debugsource-20181225-150200.23.20.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): permissions-zypp-plugin-20181225-150200.23.20.1 - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): permissions-20181225-150200.23.20.1 permissions-debuginfo-20181225-150200.23.20.1 permissions-debugsource-20181225-150200.23.20.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): permissions-20181225-150200.23.20.1 permissions-debuginfo-20181225-150200.23.20.1 permissions-debugsource-20181225-150200.23.20.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): permissions-20181225-150200.23.20.1 permissions-debuginfo-20181225-150200.23.20.1 permissions-debugsource-20181225-150200.23.20.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (noarch): permissions-zypp-plugin-20181225-150200.23.20.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): permissions-20181225-150200.23.20.1 permissions-debuginfo-20181225-150200.23.20.1 permissions-debugsource-20181225-150200.23.20.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (noarch): permissions-zypp-plugin-20181225-150200.23.20.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): permissions-20181225-150200.23.20.1 permissions-debuginfo-20181225-150200.23.20.1 permissions-debugsource-20181225-150200.23.20.1 - SUSE Enterprise Storage 7 (noarch): permissions-zypp-plugin-20181225-150200.23.20.1 References: https://bugzilla.suse.com/1203911 https://bugzilla.suse.com/1204137 From sle-updates at lists.suse.com Wed Oct 26 19:22:15 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 Oct 2022 21:22:15 +0200 (CEST) Subject: SUSE-SU-2022:3783-1: important: Security update for telnet Message-ID: <20221026192215.2EA25FDD6@maintenance.suse.de> SUSE Security Update: Security update for telnet ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3783-1 Rating: important References: #1203759 Cross-References: CVE-2022-39028 CVSS scores: CVE-2022-39028 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-39028 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Enterprise Storage 7 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Module for Legacy Software 15-SP3 SUSE Linux Enterprise Module for Legacy Software 15-SP4 SUSE Linux Enterprise Server SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.1 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.1 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for telnet fixes the following issues: - CVE-2022-39028: Fixed NULL pointer dereference in telnetd (bsc#1203759). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3783=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-3783=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-3783=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-3783=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-3783=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-3783=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-3783=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-3783=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-3783=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-3783=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-3783=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-3783=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-3783=1 - SUSE Linux Enterprise Module for Legacy Software 15-SP4: zypper in -t patch SUSE-SLE-Module-Legacy-15-SP4-2022-3783=1 - SUSE Linux Enterprise Module for Legacy Software 15-SP3: zypper in -t patch SUSE-SLE-Module-Legacy-15-SP3-2022-3783=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-3783=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-3783=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-3783=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-3783=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-3783=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-3783=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-3783=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-3783=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-3783=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-3783=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): telnet-1.2-150000.3.6.1 telnet-debuginfo-1.2-150000.3.6.1 telnet-debugsource-1.2-150000.3.6.1 telnet-server-1.2-150000.3.6.1 telnet-server-debuginfo-1.2-150000.3.6.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): telnet-1.2-150000.3.6.1 telnet-debuginfo-1.2-150000.3.6.1 telnet-debugsource-1.2-150000.3.6.1 telnet-server-1.2-150000.3.6.1 telnet-server-debuginfo-1.2-150000.3.6.1 - SUSE Manager Server 4.1 (ppc64le s390x x86_64): telnet-1.2-150000.3.6.1 telnet-debuginfo-1.2-150000.3.6.1 telnet-debugsource-1.2-150000.3.6.1 telnet-server-1.2-150000.3.6.1 telnet-server-debuginfo-1.2-150000.3.6.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): telnet-1.2-150000.3.6.1 telnet-debuginfo-1.2-150000.3.6.1 telnet-debugsource-1.2-150000.3.6.1 telnet-server-1.2-150000.3.6.1 telnet-server-debuginfo-1.2-150000.3.6.1 - SUSE Manager Proxy 4.1 (x86_64): telnet-1.2-150000.3.6.1 telnet-debuginfo-1.2-150000.3.6.1 telnet-debugsource-1.2-150000.3.6.1 telnet-server-1.2-150000.3.6.1 telnet-server-debuginfo-1.2-150000.3.6.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): telnet-1.2-150000.3.6.1 telnet-debuginfo-1.2-150000.3.6.1 telnet-debugsource-1.2-150000.3.6.1 telnet-server-1.2-150000.3.6.1 telnet-server-debuginfo-1.2-150000.3.6.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): telnet-1.2-150000.3.6.1 telnet-debuginfo-1.2-150000.3.6.1 telnet-debugsource-1.2-150000.3.6.1 telnet-server-1.2-150000.3.6.1 telnet-server-debuginfo-1.2-150000.3.6.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): telnet-1.2-150000.3.6.1 telnet-debuginfo-1.2-150000.3.6.1 telnet-debugsource-1.2-150000.3.6.1 telnet-server-1.2-150000.3.6.1 telnet-server-debuginfo-1.2-150000.3.6.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): telnet-1.2-150000.3.6.1 telnet-debuginfo-1.2-150000.3.6.1 telnet-debugsource-1.2-150000.3.6.1 telnet-server-1.2-150000.3.6.1 telnet-server-debuginfo-1.2-150000.3.6.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): telnet-1.2-150000.3.6.1 telnet-debuginfo-1.2-150000.3.6.1 telnet-debugsource-1.2-150000.3.6.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): telnet-1.2-150000.3.6.1 telnet-debuginfo-1.2-150000.3.6.1 telnet-debugsource-1.2-150000.3.6.1 telnet-server-1.2-150000.3.6.1 telnet-server-debuginfo-1.2-150000.3.6.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): telnet-1.2-150000.3.6.1 telnet-debuginfo-1.2-150000.3.6.1 telnet-debugsource-1.2-150000.3.6.1 telnet-server-1.2-150000.3.6.1 telnet-server-debuginfo-1.2-150000.3.6.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): telnet-1.2-150000.3.6.1 telnet-debuginfo-1.2-150000.3.6.1 telnet-debugsource-1.2-150000.3.6.1 telnet-server-1.2-150000.3.6.1 telnet-server-debuginfo-1.2-150000.3.6.1 - SUSE Linux Enterprise Module for Legacy Software 15-SP4 (aarch64 ppc64le s390x x86_64): telnet-debuginfo-1.2-150000.3.6.1 telnet-debugsource-1.2-150000.3.6.1 telnet-server-1.2-150000.3.6.1 telnet-server-debuginfo-1.2-150000.3.6.1 - SUSE Linux Enterprise Module for Legacy Software 15-SP3 (aarch64 ppc64le s390x x86_64): telnet-debuginfo-1.2-150000.3.6.1 telnet-debugsource-1.2-150000.3.6.1 telnet-server-1.2-150000.3.6.1 telnet-server-debuginfo-1.2-150000.3.6.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): telnet-1.2-150000.3.6.1 telnet-debuginfo-1.2-150000.3.6.1 telnet-debugsource-1.2-150000.3.6.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): telnet-1.2-150000.3.6.1 telnet-debuginfo-1.2-150000.3.6.1 telnet-debugsource-1.2-150000.3.6.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): telnet-1.2-150000.3.6.1 telnet-debuginfo-1.2-150000.3.6.1 telnet-debugsource-1.2-150000.3.6.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): telnet-1.2-150000.3.6.1 telnet-debuginfo-1.2-150000.3.6.1 telnet-debugsource-1.2-150000.3.6.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): telnet-1.2-150000.3.6.1 telnet-debuginfo-1.2-150000.3.6.1 telnet-debugsource-1.2-150000.3.6.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): telnet-1.2-150000.3.6.1 telnet-debuginfo-1.2-150000.3.6.1 telnet-debugsource-1.2-150000.3.6.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): telnet-1.2-150000.3.6.1 telnet-debuginfo-1.2-150000.3.6.1 telnet-debugsource-1.2-150000.3.6.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): telnet-1.2-150000.3.6.1 telnet-debuginfo-1.2-150000.3.6.1 telnet-debugsource-1.2-150000.3.6.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): telnet-1.2-150000.3.6.1 telnet-debuginfo-1.2-150000.3.6.1 telnet-debugsource-1.2-150000.3.6.1 telnet-server-1.2-150000.3.6.1 telnet-server-debuginfo-1.2-150000.3.6.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): telnet-1.2-150000.3.6.1 telnet-debuginfo-1.2-150000.3.6.1 telnet-debugsource-1.2-150000.3.6.1 telnet-server-1.2-150000.3.6.1 telnet-server-debuginfo-1.2-150000.3.6.1 - SUSE CaaS Platform 4.0 (x86_64): telnet-1.2-150000.3.6.1 telnet-debuginfo-1.2-150000.3.6.1 telnet-debugsource-1.2-150000.3.6.1 telnet-server-1.2-150000.3.6.1 telnet-server-debuginfo-1.2-150000.3.6.1 References: https://www.suse.com/security/cve/CVE-2022-39028.html https://bugzilla.suse.com/1203759 From sle-updates at lists.suse.com Wed Oct 26 19:24:26 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 Oct 2022 21:24:26 +0200 (CEST) Subject: SUSE-SU-2022:3784-1: critical: Security update for libtasn1 Message-ID: <20221026192426.664AFFDD6@maintenance.suse.de> SUSE Security Update: Security update for libtasn1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3784-1 Rating: critical References: #1204690 Cross-References: CVE-2021-46848 CVSS scores: CVE-2021-46848 (NVD) : 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H CVE-2021-46848 (SUSE): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Enterprise Storage 7 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Micro 5.3 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.1 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.1 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 openSUSE Leap Micro 5.2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for libtasn1 fixes the following issues: - CVE-2021-46848: Fixed off-by-one array size check that affects asn1_encode_simple_der (bsc#1204690) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap Micro 5.2: zypper in -t patch openSUSE-Leap-Micro-5.2-2022-3784=1 - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3784=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-3784=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-3784=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-3784=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-3784=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-3784=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-3784=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-3784=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-3784=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-3784=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-3784=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-3784=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-3784=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-3784=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-3784=1 - SUSE Linux Enterprise Micro 5.3: zypper in -t patch SUSE-SLE-Micro-5.3-2022-3784=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-3784=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-3784=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-3784=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-3784=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-3784=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-3784=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-3784=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-3784=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-3784=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-3784=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - openSUSE Leap Micro 5.2 (aarch64 x86_64): libtasn1-4.13-150000.4.8.1 libtasn1-6-4.13-150000.4.8.1 libtasn1-6-debuginfo-4.13-150000.4.8.1 libtasn1-debuginfo-4.13-150000.4.8.1 libtasn1-debugsource-4.13-150000.4.8.1 - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): libtasn1-4.13-150000.4.8.1 libtasn1-6-4.13-150000.4.8.1 libtasn1-6-debuginfo-4.13-150000.4.8.1 libtasn1-debuginfo-4.13-150000.4.8.1 libtasn1-debugsource-4.13-150000.4.8.1 libtasn1-devel-4.13-150000.4.8.1 - openSUSE Leap 15.4 (x86_64): libtasn1-6-32bit-4.13-150000.4.8.1 libtasn1-6-32bit-debuginfo-4.13-150000.4.8.1 libtasn1-devel-32bit-4.13-150000.4.8.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): libtasn1-4.13-150000.4.8.1 libtasn1-6-4.13-150000.4.8.1 libtasn1-6-debuginfo-4.13-150000.4.8.1 libtasn1-debuginfo-4.13-150000.4.8.1 libtasn1-debugsource-4.13-150000.4.8.1 libtasn1-devel-4.13-150000.4.8.1 - openSUSE Leap 15.3 (x86_64): libtasn1-6-32bit-4.13-150000.4.8.1 libtasn1-6-32bit-debuginfo-4.13-150000.4.8.1 libtasn1-devel-32bit-4.13-150000.4.8.1 - SUSE Manager Server 4.1 (ppc64le s390x x86_64): libtasn1-4.13-150000.4.8.1 libtasn1-6-4.13-150000.4.8.1 libtasn1-6-debuginfo-4.13-150000.4.8.1 libtasn1-debuginfo-4.13-150000.4.8.1 libtasn1-debugsource-4.13-150000.4.8.1 libtasn1-devel-4.13-150000.4.8.1 - SUSE Manager Server 4.1 (x86_64): libtasn1-6-32bit-4.13-150000.4.8.1 libtasn1-6-32bit-debuginfo-4.13-150000.4.8.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): libtasn1-4.13-150000.4.8.1 libtasn1-6-32bit-4.13-150000.4.8.1 libtasn1-6-32bit-debuginfo-4.13-150000.4.8.1 libtasn1-6-4.13-150000.4.8.1 libtasn1-6-debuginfo-4.13-150000.4.8.1 libtasn1-debuginfo-4.13-150000.4.8.1 libtasn1-debugsource-4.13-150000.4.8.1 libtasn1-devel-4.13-150000.4.8.1 - SUSE Manager Proxy 4.1 (x86_64): libtasn1-4.13-150000.4.8.1 libtasn1-6-32bit-4.13-150000.4.8.1 libtasn1-6-32bit-debuginfo-4.13-150000.4.8.1 libtasn1-6-4.13-150000.4.8.1 libtasn1-6-debuginfo-4.13-150000.4.8.1 libtasn1-debuginfo-4.13-150000.4.8.1 libtasn1-debugsource-4.13-150000.4.8.1 libtasn1-devel-4.13-150000.4.8.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): libtasn1-4.13-150000.4.8.1 libtasn1-6-4.13-150000.4.8.1 libtasn1-6-debuginfo-4.13-150000.4.8.1 libtasn1-debuginfo-4.13-150000.4.8.1 libtasn1-debugsource-4.13-150000.4.8.1 libtasn1-devel-4.13-150000.4.8.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (x86_64): libtasn1-6-32bit-4.13-150000.4.8.1 libtasn1-6-32bit-debuginfo-4.13-150000.4.8.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): libtasn1-4.13-150000.4.8.1 libtasn1-6-4.13-150000.4.8.1 libtasn1-6-debuginfo-4.13-150000.4.8.1 libtasn1-debuginfo-4.13-150000.4.8.1 libtasn1-debugsource-4.13-150000.4.8.1 libtasn1-devel-4.13-150000.4.8.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (x86_64): libtasn1-6-32bit-4.13-150000.4.8.1 libtasn1-6-32bit-debuginfo-4.13-150000.4.8.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): libtasn1-4.13-150000.4.8.1 libtasn1-6-4.13-150000.4.8.1 libtasn1-6-debuginfo-4.13-150000.4.8.1 libtasn1-debuginfo-4.13-150000.4.8.1 libtasn1-debugsource-4.13-150000.4.8.1 libtasn1-devel-4.13-150000.4.8.1 - SUSE Linux Enterprise Server for SAP 15 (x86_64): libtasn1-6-32bit-4.13-150000.4.8.1 libtasn1-6-32bit-debuginfo-4.13-150000.4.8.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): libtasn1-4.13-150000.4.8.1 libtasn1-6-4.13-150000.4.8.1 libtasn1-6-debuginfo-4.13-150000.4.8.1 libtasn1-debuginfo-4.13-150000.4.8.1 libtasn1-debugsource-4.13-150000.4.8.1 libtasn1-devel-4.13-150000.4.8.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (x86_64): libtasn1-6-32bit-4.13-150000.4.8.1 libtasn1-6-32bit-debuginfo-4.13-150000.4.8.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): libtasn1-4.13-150000.4.8.1 libtasn1-6-32bit-4.13-150000.4.8.1 libtasn1-6-32bit-debuginfo-4.13-150000.4.8.1 libtasn1-6-4.13-150000.4.8.1 libtasn1-6-debuginfo-4.13-150000.4.8.1 libtasn1-debuginfo-4.13-150000.4.8.1 libtasn1-debugsource-4.13-150000.4.8.1 libtasn1-devel-4.13-150000.4.8.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): libtasn1-4.13-150000.4.8.1 libtasn1-6-4.13-150000.4.8.1 libtasn1-6-debuginfo-4.13-150000.4.8.1 libtasn1-debuginfo-4.13-150000.4.8.1 libtasn1-debugsource-4.13-150000.4.8.1 libtasn1-devel-4.13-150000.4.8.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (x86_64): libtasn1-6-32bit-4.13-150000.4.8.1 libtasn1-6-32bit-debuginfo-4.13-150000.4.8.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): libtasn1-4.13-150000.4.8.1 libtasn1-6-32bit-4.13-150000.4.8.1 libtasn1-6-32bit-debuginfo-4.13-150000.4.8.1 libtasn1-6-4.13-150000.4.8.1 libtasn1-6-debuginfo-4.13-150000.4.8.1 libtasn1-debuginfo-4.13-150000.4.8.1 libtasn1-debugsource-4.13-150000.4.8.1 libtasn1-devel-4.13-150000.4.8.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): libtasn1-4.13-150000.4.8.1 libtasn1-6-4.13-150000.4.8.1 libtasn1-6-debuginfo-4.13-150000.4.8.1 libtasn1-debuginfo-4.13-150000.4.8.1 libtasn1-debugsource-4.13-150000.4.8.1 libtasn1-devel-4.13-150000.4.8.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): libtasn1-4.13-150000.4.8.1 libtasn1-6-4.13-150000.4.8.1 libtasn1-6-debuginfo-4.13-150000.4.8.1 libtasn1-debuginfo-4.13-150000.4.8.1 libtasn1-debugsource-4.13-150000.4.8.1 libtasn1-devel-4.13-150000.4.8.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (x86_64): libtasn1-6-32bit-4.13-150000.4.8.1 libtasn1-6-32bit-debuginfo-4.13-150000.4.8.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): libtasn1-4.13-150000.4.8.1 libtasn1-6-4.13-150000.4.8.1 libtasn1-6-debuginfo-4.13-150000.4.8.1 libtasn1-debuginfo-4.13-150000.4.8.1 libtasn1-debugsource-4.13-150000.4.8.1 libtasn1-devel-4.13-150000.4.8.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (x86_64): libtasn1-6-32bit-4.13-150000.4.8.1 libtasn1-6-32bit-debuginfo-4.13-150000.4.8.1 - SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64): libtasn1-4.13-150000.4.8.1 libtasn1-6-4.13-150000.4.8.1 libtasn1-6-debuginfo-4.13-150000.4.8.1 libtasn1-debuginfo-4.13-150000.4.8.1 libtasn1-debugsource-4.13-150000.4.8.1 - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): libtasn1-4.13-150000.4.8.1 libtasn1-6-4.13-150000.4.8.1 libtasn1-6-debuginfo-4.13-150000.4.8.1 libtasn1-debuginfo-4.13-150000.4.8.1 libtasn1-debugsource-4.13-150000.4.8.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): libtasn1-4.13-150000.4.8.1 libtasn1-6-4.13-150000.4.8.1 libtasn1-6-debuginfo-4.13-150000.4.8.1 libtasn1-debuginfo-4.13-150000.4.8.1 libtasn1-debugsource-4.13-150000.4.8.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): libtasn1-4.13-150000.4.8.1 libtasn1-6-4.13-150000.4.8.1 libtasn1-6-debuginfo-4.13-150000.4.8.1 libtasn1-debuginfo-4.13-150000.4.8.1 libtasn1-debugsource-4.13-150000.4.8.1 libtasn1-devel-4.13-150000.4.8.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (x86_64): libtasn1-6-32bit-4.13-150000.4.8.1 libtasn1-6-32bit-debuginfo-4.13-150000.4.8.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): libtasn1-4.13-150000.4.8.1 libtasn1-6-4.13-150000.4.8.1 libtasn1-6-debuginfo-4.13-150000.4.8.1 libtasn1-debuginfo-4.13-150000.4.8.1 libtasn1-debugsource-4.13-150000.4.8.1 libtasn1-devel-4.13-150000.4.8.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (x86_64): libtasn1-6-32bit-4.13-150000.4.8.1 libtasn1-6-32bit-debuginfo-4.13-150000.4.8.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): libtasn1-4.13-150000.4.8.1 libtasn1-6-4.13-150000.4.8.1 libtasn1-6-debuginfo-4.13-150000.4.8.1 libtasn1-debuginfo-4.13-150000.4.8.1 libtasn1-debugsource-4.13-150000.4.8.1 libtasn1-devel-4.13-150000.4.8.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (x86_64): libtasn1-6-32bit-4.13-150000.4.8.1 libtasn1-6-32bit-debuginfo-4.13-150000.4.8.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): libtasn1-4.13-150000.4.8.1 libtasn1-6-4.13-150000.4.8.1 libtasn1-6-debuginfo-4.13-150000.4.8.1 libtasn1-debuginfo-4.13-150000.4.8.1 libtasn1-debugsource-4.13-150000.4.8.1 libtasn1-devel-4.13-150000.4.8.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (x86_64): libtasn1-6-32bit-4.13-150000.4.8.1 libtasn1-6-32bit-debuginfo-4.13-150000.4.8.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): libtasn1-4.13-150000.4.8.1 libtasn1-6-4.13-150000.4.8.1 libtasn1-6-debuginfo-4.13-150000.4.8.1 libtasn1-debuginfo-4.13-150000.4.8.1 libtasn1-debugsource-4.13-150000.4.8.1 libtasn1-devel-4.13-150000.4.8.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (x86_64): libtasn1-6-32bit-4.13-150000.4.8.1 libtasn1-6-32bit-debuginfo-4.13-150000.4.8.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): libtasn1-4.13-150000.4.8.1 libtasn1-6-4.13-150000.4.8.1 libtasn1-6-debuginfo-4.13-150000.4.8.1 libtasn1-debuginfo-4.13-150000.4.8.1 libtasn1-debugsource-4.13-150000.4.8.1 libtasn1-devel-4.13-150000.4.8.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (x86_64): libtasn1-6-32bit-4.13-150000.4.8.1 libtasn1-6-32bit-debuginfo-4.13-150000.4.8.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): libtasn1-4.13-150000.4.8.1 libtasn1-6-4.13-150000.4.8.1 libtasn1-6-debuginfo-4.13-150000.4.8.1 libtasn1-debuginfo-4.13-150000.4.8.1 libtasn1-debugsource-4.13-150000.4.8.1 libtasn1-devel-4.13-150000.4.8.1 - SUSE Enterprise Storage 7 (x86_64): libtasn1-6-32bit-4.13-150000.4.8.1 libtasn1-6-32bit-debuginfo-4.13-150000.4.8.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): libtasn1-4.13-150000.4.8.1 libtasn1-6-4.13-150000.4.8.1 libtasn1-6-debuginfo-4.13-150000.4.8.1 libtasn1-debuginfo-4.13-150000.4.8.1 libtasn1-debugsource-4.13-150000.4.8.1 libtasn1-devel-4.13-150000.4.8.1 - SUSE Enterprise Storage 6 (x86_64): libtasn1-6-32bit-4.13-150000.4.8.1 libtasn1-6-32bit-debuginfo-4.13-150000.4.8.1 - SUSE CaaS Platform 4.0 (x86_64): libtasn1-4.13-150000.4.8.1 libtasn1-6-32bit-4.13-150000.4.8.1 libtasn1-6-32bit-debuginfo-4.13-150000.4.8.1 libtasn1-6-4.13-150000.4.8.1 libtasn1-6-debuginfo-4.13-150000.4.8.1 libtasn1-debuginfo-4.13-150000.4.8.1 libtasn1-debugsource-4.13-150000.4.8.1 libtasn1-devel-4.13-150000.4.8.1 References: https://www.suse.com/security/cve/CVE-2021-46848.html https://bugzilla.suse.com/1204690 From sle-updates at lists.suse.com Wed Oct 26 19:25:57 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 Oct 2022 21:25:57 +0200 (CEST) Subject: SUSE-SU-2022:3781-1: moderate: Security update for container-suseconnect Message-ID: <20221026192557.8F8F5FDD6@maintenance.suse.de> SUSE Security Update: Security update for container-suseconnect ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3781-1 Rating: moderate References: #1204397 Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Containers 15-SP3 SUSE Linux Enterprise Module for Containers 15-SP4 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update of container-suseconnect is a rebuilt of the previous sources against the current security updated go compiler. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-3781=1 - SUSE Linux Enterprise Module for Containers 15-SP4: zypper in -t patch SUSE-SLE-Module-Containers-15-SP4-2022-3781=1 - SUSE Linux Enterprise Module for Containers 15-SP3: zypper in -t patch SUSE-SLE-Module-Containers-15-SP3-2022-3781=1 Package List: - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): container-suseconnect-2.3.0-150000.4.19.2 - SUSE Linux Enterprise Module for Containers 15-SP4 (aarch64 ppc64le s390x x86_64): container-suseconnect-2.3.0-150000.4.19.2 - SUSE Linux Enterprise Module for Containers 15-SP3 (aarch64 ppc64le s390x x86_64): container-suseconnect-2.3.0-150000.4.19.2 References: https://bugzilla.suse.com/1204397 From sle-updates at lists.suse.com Wed Oct 26 19:27:23 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 Oct 2022 21:27:23 +0200 (CEST) Subject: SUSE-SU-2022:3782-1: important: Security update for libmad Message-ID: <20221026192723.D4292FDD6@maintenance.suse.de> SUSE Security Update: Security update for libmad ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3782-1 Rating: important References: #1036968 #1036969 Cross-References: CVE-2017-8372 CVE-2017-8373 CVSS scores: CVE-2017-8372 (NVD) : 4.7 CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2017-8372 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2017-8373 (NVD) : 7.8 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2017-8373 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Enterprise Storage 7 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Desktop Applications 15-SP3 SUSE Linux Enterprise Module for Desktop Applications 15-SP4 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.1 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.1 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for libmad fixes the following issues: - CVE-2017-8373: Fixed heap-based buffer overflow in mad_layer_III (bsc#1036968). - CVE-2017-8372: Fixed assertion failure in layer3.c (bsc#1036969). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3782=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-3782=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-3782=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-3782=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-3782=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-3782=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-3782=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-3782=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-3782=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-3782=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-3782=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-3782=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-3782=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2022-3782=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP3-2022-3782=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-3782=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-3782=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-3782=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-3782=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-3782=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-3782=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-3782=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-3782=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): libmad-debugsource-0.15.1b-150000.5.3.1 libmad-devel-0.15.1b-150000.5.3.1 libmad0-0.15.1b-150000.5.3.1 libmad0-debuginfo-0.15.1b-150000.5.3.1 - openSUSE Leap 15.4 (x86_64): libmad0-32bit-0.15.1b-150000.5.3.1 libmad0-32bit-debuginfo-0.15.1b-150000.5.3.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): libmad-debugsource-0.15.1b-150000.5.3.1 libmad-devel-0.15.1b-150000.5.3.1 libmad0-0.15.1b-150000.5.3.1 libmad0-debuginfo-0.15.1b-150000.5.3.1 - openSUSE Leap 15.3 (x86_64): libmad0-32bit-0.15.1b-150000.5.3.1 libmad0-32bit-debuginfo-0.15.1b-150000.5.3.1 - SUSE Manager Server 4.1 (ppc64le s390x x86_64): libmad-debugsource-0.15.1b-150000.5.3.1 libmad-devel-0.15.1b-150000.5.3.1 libmad0-0.15.1b-150000.5.3.1 libmad0-debuginfo-0.15.1b-150000.5.3.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): libmad-debugsource-0.15.1b-150000.5.3.1 libmad-devel-0.15.1b-150000.5.3.1 libmad0-0.15.1b-150000.5.3.1 libmad0-debuginfo-0.15.1b-150000.5.3.1 - SUSE Manager Proxy 4.1 (x86_64): libmad-debugsource-0.15.1b-150000.5.3.1 libmad-devel-0.15.1b-150000.5.3.1 libmad0-0.15.1b-150000.5.3.1 libmad0-debuginfo-0.15.1b-150000.5.3.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): libmad-debugsource-0.15.1b-150000.5.3.1 libmad-devel-0.15.1b-150000.5.3.1 libmad0-0.15.1b-150000.5.3.1 libmad0-debuginfo-0.15.1b-150000.5.3.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): libmad-debugsource-0.15.1b-150000.5.3.1 libmad-devel-0.15.1b-150000.5.3.1 libmad0-0.15.1b-150000.5.3.1 libmad0-debuginfo-0.15.1b-150000.5.3.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): libmad-debugsource-0.15.1b-150000.5.3.1 libmad-devel-0.15.1b-150000.5.3.1 libmad0-0.15.1b-150000.5.3.1 libmad0-debuginfo-0.15.1b-150000.5.3.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): libmad-debugsource-0.15.1b-150000.5.3.1 libmad-devel-0.15.1b-150000.5.3.1 libmad0-0.15.1b-150000.5.3.1 libmad0-debuginfo-0.15.1b-150000.5.3.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): libmad-debugsource-0.15.1b-150000.5.3.1 libmad-devel-0.15.1b-150000.5.3.1 libmad0-0.15.1b-150000.5.3.1 libmad0-debuginfo-0.15.1b-150000.5.3.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): libmad-debugsource-0.15.1b-150000.5.3.1 libmad-devel-0.15.1b-150000.5.3.1 libmad0-0.15.1b-150000.5.3.1 libmad0-debuginfo-0.15.1b-150000.5.3.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): libmad-debugsource-0.15.1b-150000.5.3.1 libmad-devel-0.15.1b-150000.5.3.1 libmad0-0.15.1b-150000.5.3.1 libmad0-debuginfo-0.15.1b-150000.5.3.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): libmad-debugsource-0.15.1b-150000.5.3.1 libmad-devel-0.15.1b-150000.5.3.1 libmad0-0.15.1b-150000.5.3.1 libmad0-debuginfo-0.15.1b-150000.5.3.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4 (aarch64 ppc64le s390x x86_64): libmad-debugsource-0.15.1b-150000.5.3.1 libmad-devel-0.15.1b-150000.5.3.1 libmad0-0.15.1b-150000.5.3.1 libmad0-debuginfo-0.15.1b-150000.5.3.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (aarch64 ppc64le s390x x86_64): libmad-debugsource-0.15.1b-150000.5.3.1 libmad-devel-0.15.1b-150000.5.3.1 libmad0-0.15.1b-150000.5.3.1 libmad0-debuginfo-0.15.1b-150000.5.3.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): libmad-debugsource-0.15.1b-150000.5.3.1 libmad-devel-0.15.1b-150000.5.3.1 libmad0-0.15.1b-150000.5.3.1 libmad0-debuginfo-0.15.1b-150000.5.3.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): libmad-debugsource-0.15.1b-150000.5.3.1 libmad-devel-0.15.1b-150000.5.3.1 libmad0-0.15.1b-150000.5.3.1 libmad0-debuginfo-0.15.1b-150000.5.3.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): libmad-debugsource-0.15.1b-150000.5.3.1 libmad-devel-0.15.1b-150000.5.3.1 libmad0-0.15.1b-150000.5.3.1 libmad0-debuginfo-0.15.1b-150000.5.3.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): libmad-debugsource-0.15.1b-150000.5.3.1 libmad-devel-0.15.1b-150000.5.3.1 libmad0-0.15.1b-150000.5.3.1 libmad0-debuginfo-0.15.1b-150000.5.3.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): libmad-debugsource-0.15.1b-150000.5.3.1 libmad-devel-0.15.1b-150000.5.3.1 libmad0-0.15.1b-150000.5.3.1 libmad0-debuginfo-0.15.1b-150000.5.3.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): libmad-debugsource-0.15.1b-150000.5.3.1 libmad-devel-0.15.1b-150000.5.3.1 libmad0-0.15.1b-150000.5.3.1 libmad0-debuginfo-0.15.1b-150000.5.3.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): libmad-debugsource-0.15.1b-150000.5.3.1 libmad-devel-0.15.1b-150000.5.3.1 libmad0-0.15.1b-150000.5.3.1 libmad0-debuginfo-0.15.1b-150000.5.3.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): libmad-debugsource-0.15.1b-150000.5.3.1 libmad-devel-0.15.1b-150000.5.3.1 libmad0-0.15.1b-150000.5.3.1 libmad0-debuginfo-0.15.1b-150000.5.3.1 - SUSE CaaS Platform 4.0 (x86_64): libmad-debugsource-0.15.1b-150000.5.3.1 libmad-devel-0.15.1b-150000.5.3.1 libmad0-0.15.1b-150000.5.3.1 libmad0-debuginfo-0.15.1b-150000.5.3.1 References: https://www.suse.com/security/cve/CVE-2017-8372.html https://www.suse.com/security/cve/CVE-2017-8373.html https://bugzilla.suse.com/1036968 https://bugzilla.suse.com/1036969 From sle-updates at lists.suse.com Wed Oct 26 22:19:51 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 27 Oct 2022 00:19:51 +0200 (CEST) Subject: SUSE-SU-2022:3785-1: important: Security update for curl Message-ID: <20221026221951.35733FDB8@maintenance.suse.de> SUSE Security Update: Security update for curl ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3785-1 Rating: important References: #1204383 #1204386 Cross-References: CVE-2022-32221 CVE-2022-42916 CVSS scores: CVE-2022-32221 (SUSE): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L CVE-2022-42916 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for curl fixes the following issues: - CVE-2022-32221: Fixed POST following PUT confusion (bsc#1204383). - CVE-2022-42916: Fixed HSTS bypass via IDN (bsc#1204386). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3785=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-3785=1 - SUSE Linux Enterprise Micro 5.3: zypper in -t patch SUSE-SLE-Micro-5.3-2022-3785=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): curl-7.79.1-150400.5.9.1 curl-debuginfo-7.79.1-150400.5.9.1 curl-debugsource-7.79.1-150400.5.9.1 libcurl-devel-7.79.1-150400.5.9.1 libcurl4-7.79.1-150400.5.9.1 libcurl4-debuginfo-7.79.1-150400.5.9.1 - openSUSE Leap 15.4 (x86_64): libcurl-devel-32bit-7.79.1-150400.5.9.1 libcurl4-32bit-7.79.1-150400.5.9.1 libcurl4-32bit-debuginfo-7.79.1-150400.5.9.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): curl-7.79.1-150400.5.9.1 curl-debuginfo-7.79.1-150400.5.9.1 curl-debugsource-7.79.1-150400.5.9.1 libcurl-devel-7.79.1-150400.5.9.1 libcurl4-7.79.1-150400.5.9.1 libcurl4-debuginfo-7.79.1-150400.5.9.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (x86_64): libcurl4-32bit-7.79.1-150400.5.9.1 libcurl4-32bit-debuginfo-7.79.1-150400.5.9.1 - SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64): curl-7.79.1-150400.5.9.1 curl-debuginfo-7.79.1-150400.5.9.1 curl-debugsource-7.79.1-150400.5.9.1 libcurl4-7.79.1-150400.5.9.1 libcurl4-debuginfo-7.79.1-150400.5.9.1 References: https://www.suse.com/security/cve/CVE-2022-32221.html https://www.suse.com/security/cve/CVE-2022-42916.html https://bugzilla.suse.com/1204383 https://bugzilla.suse.com/1204386 From sle-updates at lists.suse.com Thu Oct 27 07:19:17 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 27 Oct 2022 09:19:17 +0200 (CEST) Subject: SUSE-RU-2022:3789-1: important: Recommended update for permissions Message-ID: <20221027071917.D9FB0F78D@maintenance.suse.de> SUSE Recommended Update: Recommended update for permissions ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:3789-1 Rating: important References: #1203911 Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for permissions fixes the following issues: - Fix regression introduced by backport of security fix (bsc#1203911) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-3789=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): permissions-20170707-6.13.1 permissions-debuginfo-20170707-6.13.1 permissions-debugsource-20170707-6.13.1 References: https://bugzilla.suse.com/1203911 From sle-updates at lists.suse.com Thu Oct 27 07:19:57 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 27 Oct 2022 09:19:57 +0200 (CEST) Subject: SUSE-RU-2022:3786-1: critical: Recommended update for perf Message-ID: <20221027071957.2BD2AF78D@maintenance.suse.de> SUSE Recommended Update: Recommended update for perf ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:3786-1 Rating: critical References: #1198595 Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Development Tools 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for perf fixes the following issues: - Fix patches of previous maintenance update that were not correctly applied (bsc#1198595) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3786=1 - SUSE Linux Enterprise Module for Development Tools 15-SP4: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2022-3786=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): perf-5.14.21-150400.44.8.1 perf-debuginfo-5.14.21-150400.44.8.1 perf-debugsource-5.14.21-150400.44.8.1 perf-devel-5.14.21-150400.44.8.1 - SUSE Linux Enterprise Module for Development Tools 15-SP4 (aarch64 ppc64le s390x x86_64): perf-5.14.21-150400.44.8.1 perf-debuginfo-5.14.21-150400.44.8.1 perf-debugsource-5.14.21-150400.44.8.1 perf-devel-5.14.21-150400.44.8.1 References: https://bugzilla.suse.com/1198595 From sle-updates at lists.suse.com Thu Oct 27 07:20:42 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 27 Oct 2022 09:20:42 +0200 (CEST) Subject: SUSE-RU-2022:3787-1: important: Recommended update for permissions Message-ID: <20221027072042.92CC8F78D@maintenance.suse.de> SUSE Recommended Update: Recommended update for permissions ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:3787-1 Rating: important References: #1194047 #1203911 Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for permissions fixes the following issues: - Fix regression introduced by backport of security fix (bsc#1203911) - Add permissions for enlightenment helper on 32bit arches (bsc#1194047) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3787=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-3787=1 - SUSE Linux Enterprise Micro 5.3: zypper in -t patch SUSE-SLE-Micro-5.3-2022-3787=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): permissions-20201225-150400.5.16.1 permissions-debuginfo-20201225-150400.5.16.1 permissions-debugsource-20201225-150400.5.16.1 - openSUSE Leap 15.4 (noarch): permissions-zypp-plugin-20201225-150400.5.16.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): permissions-20201225-150400.5.16.1 permissions-debuginfo-20201225-150400.5.16.1 permissions-debugsource-20201225-150400.5.16.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (noarch): permissions-zypp-plugin-20201225-150400.5.16.1 - SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64): permissions-20201225-150400.5.16.1 permissions-debuginfo-20201225-150400.5.16.1 permissions-debugsource-20201225-150400.5.16.1 References: https://bugzilla.suse.com/1194047 https://bugzilla.suse.com/1203911 From sle-updates at lists.suse.com Thu Oct 27 07:21:31 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 27 Oct 2022 09:21:31 +0200 (CEST) Subject: SUSE-RU-2022:3788-1: important: Recommended update for permissions Message-ID: <20221027072131.5F8B2F78D@maintenance.suse.de> SUSE Recommended Update: Recommended update for permissions ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:3788-1 Rating: important References: #1203911 Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP3-BCL ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for permissions fixes the following issues: - Fix regression introduced by backport of security fix (bsc#1203911) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2022-3788=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2022-3788=1 Package List: - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): permissions-2015.09.28.1626-17.33.2 permissions-debuginfo-2015.09.28.1626-17.33.2 permissions-debugsource-2015.09.28.1626-17.33.2 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): permissions-2015.09.28.1626-17.33.2 permissions-debuginfo-2015.09.28.1626-17.33.2 permissions-debugsource-2015.09.28.1626-17.33.2 References: https://bugzilla.suse.com/1203911 From sle-updates at lists.suse.com Thu Oct 27 07:31:13 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 27 Oct 2022 09:31:13 +0200 (CEST) Subject: SUSE-CU-2022:2732-1: Security update of suse/sles12sp4 Message-ID: <20221027073113.165F9F78D@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp4 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2732-1 Container Tags : suse/sles12sp4:26.519 , suse/sles12sp4:latest Container Release : 26.519 Severity : important Type : security References : 1202593 1204383 CVE-2022-32221 CVE-2022-35252 ----------------------------------------------------------------- The container suse/sles12sp4 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3772-1 Released: Wed Oct 26 12:18:03 2022 Summary: Security update for curl Type: security Severity: important References: 1202593,1204383,CVE-2022-32221,CVE-2022-35252 This update for curl fixes the following issues: - CVE-2022-35252: Fixed a potential injection of control characters into cookies (bsc#1202593). - CVE-2022-32221: Fixed POST following PUT confusion (bsc#1204383). The following package changes have been done: - base-container-licenses-3.0-1.321 updated - container-suseconnect-2.0.0-1.207 updated - libcurl4-7.60.0-4.43.1 updated From sle-updates at lists.suse.com Thu Oct 27 07:38:28 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 27 Oct 2022 09:38:28 +0200 (CEST) Subject: SUSE-CU-2022:2733-1: Security update of suse/sles12sp5 Message-ID: <20221027073828.2915CF78D@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp5 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2733-1 Container Tags : suse/sles12sp5:6.5.391 , suse/sles12sp5:latest Container Release : 6.5.391 Severity : important Type : security References : 1204383 CVE-2022-32221 ----------------------------------------------------------------- The container suse/sles12sp5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3769-1 Released: Wed Oct 26 12:17:10 2022 Summary: Security update for curl Type: security Severity: important References: 1204383,CVE-2022-32221 This update for curl fixes the following issues: - CVE-2022-32221: Fixed POST following PUT confusion (bsc#1204383). The following package changes have been done: - libcurl4-7.60.0-11.49.1 updated From sle-updates at lists.suse.com Thu Oct 27 13:21:29 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 27 Oct 2022 15:21:29 +0200 (CEST) Subject: SUSE-SU-2022:3794-1: important: Security update for rubygem-puppet Message-ID: <20221027132129.9BCCAFDB8@maintenance.suse.de> SUSE Security Update: Security update for rubygem-puppet ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3794-1 Rating: important References: #1192797 Cross-References: CVE-2021-27023 CVSS scores: CVE-2021-27023 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-27023 (SUSE): 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N Affected Products: SUSE Linux Enterprise High Performance Computing 12 SUSE Linux Enterprise Module for Advanced Systems Management 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12 SUSE Linux Enterprise Server for SAP Applications 12-SP3 SUSE Linux Enterprise Server for SAP Applications 12-SP4 SUSE Linux Enterprise Server for SAP Applications 12-SP5 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for rubygem-puppet fixes the following issues: - CVE-2021-27023: Fixed an unsafe HTTP redirect (bsc#1192797). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Advanced Systems Management 12: zypper in -t patch SUSE-SLE-Module-Adv-Systems-Management-12-2022-3794=1 Package List: - SUSE Linux Enterprise Module for Advanced Systems Management 12 (ppc64le s390x x86_64): ruby2.1-rubygem-puppet-4.8.1-32.6.1 rubygem-puppet-4.8.1-32.6.1 References: https://www.suse.com/security/cve/CVE-2021-27023.html https://bugzilla.suse.com/1192797 From sle-updates at lists.suse.com Thu Oct 27 13:22:25 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 27 Oct 2022 15:22:25 +0200 (CEST) Subject: SUSE-SU-2022:3791-1: important: Security update for libtirpc Message-ID: <20221027132225.37DB7FDB8@maintenance.suse.de> SUSE Security Update: Security update for libtirpc ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3791-1 Rating: important References: #1200800 #1201680 Cross-References: CVE-2021-46828 CVSS scores: CVE-2021-46828 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-46828 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for libtirpc fixes the following issues: - CVE-2021-46828: Fixed denial of service vulnerability with lots of connections (bsc#1201680). - Exclude ipv6 addresses in client protocol version 2 code (bsc#1200800) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-3791=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2022-3791=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-3791=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-3791=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-3791=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-3791=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2022-3791=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2022-3791=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): libtirpc-debugsource-1.0.1-17.24.1 libtirpc-netconfig-1.0.1-17.24.1 libtirpc3-1.0.1-17.24.1 libtirpc3-32bit-1.0.1-17.24.1 libtirpc3-debuginfo-1.0.1-17.24.1 libtirpc3-debuginfo-32bit-1.0.1-17.24.1 - SUSE OpenStack Cloud 9 (x86_64): libtirpc-debugsource-1.0.1-17.24.1 libtirpc-netconfig-1.0.1-17.24.1 libtirpc3-1.0.1-17.24.1 libtirpc3-32bit-1.0.1-17.24.1 libtirpc3-debuginfo-1.0.1-17.24.1 libtirpc3-debuginfo-32bit-1.0.1-17.24.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): libtirpc-debugsource-1.0.1-17.24.1 libtirpc-devel-1.0.1-17.24.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): libtirpc-debugsource-1.0.1-17.24.1 libtirpc-netconfig-1.0.1-17.24.1 libtirpc3-1.0.1-17.24.1 libtirpc3-debuginfo-1.0.1-17.24.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64): libtirpc3-32bit-1.0.1-17.24.1 libtirpc3-debuginfo-32bit-1.0.1-17.24.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libtirpc-debugsource-1.0.1-17.24.1 libtirpc-netconfig-1.0.1-17.24.1 libtirpc3-1.0.1-17.24.1 libtirpc3-debuginfo-1.0.1-17.24.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): libtirpc3-32bit-1.0.1-17.24.1 libtirpc3-debuginfo-32bit-1.0.1-17.24.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): libtirpc-debugsource-1.0.1-17.24.1 libtirpc-netconfig-1.0.1-17.24.1 libtirpc3-1.0.1-17.24.1 libtirpc3-debuginfo-1.0.1-17.24.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (s390x x86_64): libtirpc3-32bit-1.0.1-17.24.1 libtirpc3-debuginfo-32bit-1.0.1-17.24.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): libtirpc-debugsource-1.0.1-17.24.1 libtirpc-netconfig-1.0.1-17.24.1 libtirpc3-1.0.1-17.24.1 libtirpc3-32bit-1.0.1-17.24.1 libtirpc3-debuginfo-1.0.1-17.24.1 libtirpc3-debuginfo-32bit-1.0.1-17.24.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): libtirpc-debugsource-1.0.1-17.24.1 libtirpc-netconfig-1.0.1-17.24.1 libtirpc3-1.0.1-17.24.1 libtirpc3-32bit-1.0.1-17.24.1 libtirpc3-debuginfo-1.0.1-17.24.1 libtirpc3-debuginfo-32bit-1.0.1-17.24.1 References: https://www.suse.com/security/cve/CVE-2021-46828.html https://bugzilla.suse.com/1200800 https://bugzilla.suse.com/1201680 From sle-updates at lists.suse.com Thu Oct 27 13:23:29 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 27 Oct 2022 15:23:29 +0200 (CEST) Subject: SUSE-RU-2022:3792-1: moderate: Recommended update for grafana-piechart-panel Message-ID: <20221027132329.40055FDB8@maintenance.suse.de> SUSE Recommended Update: Recommended update for grafana-piechart-panel ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:3792-1 Rating: moderate References: #1200501 Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for grafana-piechart-panel fixes the following issues: - Update grafana-piechart-panel to version 1.6.2 that is signed for use with Grafana v8.x (bsc#1200501) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3792=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-3792=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2022-3792=1 Package List: - openSUSE Leap 15.4 (noarch): grafana-piechart-panel-1.6.2-150200.3.11.1 - openSUSE Leap 15.3 (noarch): grafana-piechart-panel-1.6.2-150200.3.11.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 (noarch): grafana-piechart-panel-1.6.2-150200.3.11.1 References: https://bugzilla.suse.com/1200501 From sle-updates at lists.suse.com Thu Oct 27 13:24:13 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 27 Oct 2022 15:24:13 +0200 (CEST) Subject: SUSE-SU-2022:3793-1: important: Security update for netty Message-ID: <20221027132413.E8949FDB8@maintenance.suse.de> SUSE Security Update: Security update for netty ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3793-1 Rating: important References: #1168932 #1182103 #1190610 #1190613 Cross-References: CVE-2020-11612 CVE-2021-21290 CVE-2021-37136 CVE-2021-37137 CVSS scores: CVE-2020-11612 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2020-11612 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2021-21290 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2021-21290 (SUSE): 2.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2021-37136 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-37136 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-37137 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-37137 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Module for SUSE Manager Server 4.1 SUSE Manager Server 4.1 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for netty fixes the following issues: - CVE-2020-11612: The ZlibDecoders allow for unbounded memory allocation while decoding a byte stream (bsc#1168932) - CVE-2021-21290: Information disclosure via the local system temporary directory (bsc#1182103) - CVE-2021-37136: Bzip2Decoder doesn't allow setting size restrictions for decompressed data (bsc#1190610) - CVE-2021-37137: Snappy frame decoder doesn't restrict the chunk length and may buffer skippable chunks (bsc#1190613) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.1-2022-3793=1 Package List: - SUSE Linux Enterprise Module for SUSE Manager Server 4.1 (noarch): netty-4.1.44.Final-150200.3.4.2 References: https://www.suse.com/security/cve/CVE-2020-11612.html https://www.suse.com/security/cve/CVE-2021-21290.html https://www.suse.com/security/cve/CVE-2021-37136.html https://www.suse.com/security/cve/CVE-2021-37137.html https://bugzilla.suse.com/1168932 https://bugzilla.suse.com/1182103 https://bugzilla.suse.com/1190610 https://bugzilla.suse.com/1190613 From sle-updates at lists.suse.com Thu Oct 27 16:23:03 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 27 Oct 2022 18:23:03 +0200 (CEST) Subject: SUSE-SU-2022:3800-1: important: Security update for MozillaThunderbird Message-ID: <20221027162303.8E6EFFDB8@maintenance.suse.de> SUSE Security Update: Security update for MozillaThunderbird ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3800-1 Rating: important References: #1203477 #1204411 #1204421 Cross-References: CVE-2022-3155 CVE-2022-3266 CVE-2022-39236 CVE-2022-39249 CVE-2022-39250 CVE-2022-39251 CVE-2022-40956 CVE-2022-40957 CVE-2022-40958 CVE-2022-40959 CVE-2022-40960 CVE-2022-40962 CVSS scores: CVE-2022-39236 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-39236 (SUSE): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L CVE-2022-39249 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVE-2022-39249 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVE-2022-39250 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVE-2022-39250 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVE-2022-39251 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVE-2022-39251 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Linux Enterprise Storage 7.1 SUSE Linux Enterprise Workstation Extension 15-SP3 SUSE Linux Enterprise Workstation Extension 15-SP4 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes 12 vulnerabilities is now available. Description: This update for MozillaThunderbird fixes the following issues: - Mozilla Thunderbird 102.4.0 (bsc#1204421) * changed: Thunderbird will automatically detect and repair OpenPGP key storage corruption caused by using the profile import tool in Thunderbird 102 * fixed: POP message download into a large folder (~13000 messages) caused Thunderbird to temporarily freeze * fixed: Forwarding messages with special characters in Subject failed on Windows * fixed: Links for FileLink attachments were not added when attachment filename contained Unicode characters * fixed: Address Book display pane continued to show contacts after deletion * fixed: Printing address book did not include all contact details * fixed: CardDAV contacts without a Name property did not save to Google Contacts * fixed: "Publish Calendar" did not work * fixed: Calendar database storage improvements * fixed: Incorrectly handled error responses from CalDAV servers sometimes caused events to disappear from calendar * fixed: Various visual and UX improvements - Mozilla Thunderbird 102.3.3 * new: Option added to show containing address book for a contact when using `All Address Books` in vertical mode (bmo#1778871) * changed: Thunderbird will try to use POP NTLM authentication even if not advertised by server (bmo#1793349) * changed: Task List and Today Pane sidebars will no longer load when not visible (bmo#1788549) * fixed: Sending a message while a recipient pill was being modified did not save changes (bmo#1779785) * fixed: Nickname column was not available in horizontal view of Address Book (bmo#1778000) * fixed: Multiline organization values were displayed across two columns in horizontal view of Address Book (bmo#1777780) * fixed: Contact vCard fields with multiple values such as Categories were truncated when saved (bmo#1792399) * fixed: ICS calendar files with a `FREEBUSY` property could not be imported (bmo#1783441) * fixed: Thunderbird would hang if calendar event exceeded the year 2035 (bmo#1789999) - Mozilla Thunderbird 102.3.2 * changed: Thunderbird will try to use POP CRAM-MD5 authentication even if not advertised by server (bmo#1789975) * fixed: Checking messages on POP3 accounts caused POP folder to lock if mail server was slow or non-responsive (bmo#1792451) * fixed: Newsgroups named with consecutive dots would not appear when refreshing list of newsgroups (bmo#1787789) * fixed: Sending news articles containing lines starting with dot were sometimes clipped (bmo#1787955) * fixed: CardDAV server sync silently failed if sync token expired (bmo#1791183) * fixed: Contacts from LDAP on macOS address books were not displayed (bmo#1791347) * fixed: Chat account input now accepts URIs for supported chat protocols (bmo#1776706) * fixed: Chat ScreenName field was not migrated to new address book (bmo#1789990) * fixed: Creating a New Event from the Today Pane used the currently selected day from the main calendar instead of from the Today Pane (bmo#1791203) * fixed: `New Event` button in Today Pane was incorrectly disabled sometimes (bmo#1792058) * fixed: Event reminder windows did not close after being dismissed or snoozed (bmo#1791228) * fixed: Improved performance of recurring event date calculation (bmo#1787677) * fixed: Quarterly calendar events on the last day of the month repeated one month early (bmo#1789362) * fixed: Thunderbird would hang if calendar event exceeded the year 2035 (bmo#1789999) * fixed: Whitespace in calendar events was incorrectly handled when upgrading from Thunderbird 91 to 102 (bmo#1790339) * fixed: Various visual and UX improvements (bmo#1755623,bmo#17 83903,bmo#1785851,bmo#1786434,bmo#1787286,bmo#1788151,bmo#178 9728,bmo#1790499) - Mozilla Thunderbird 102.3.1 * changed: Compose window encryption options now only appear for encryption technologies that have already been configured (bmo#1788988) * changed: Number of contacts in currently selected address book now displayed at bottom of Address Book list column (bmo#1745571) * fixed: Password prompt did not include server hostname for POP servers (bmo#1786920) * fixed: `Edit Contact` was missing from Contacts sidebar context menus (bmo#1771795) * fixed: Address Book contact lists cut off display of some characters, the result being unreadable (bmo#1780909) * fixed: Menu items for dark-themed alarm dialog were invisible on Windows 7 (bmo#1791738) * fixed: Various security fixes MFSA 2022-43 (bsc#1204411) * CVE-2022-39249 (bmo#1791765) Matrix SDK bundled with Thunderbird vulnerable to an impersonation attack by malicious server administrators * CVE-2022-39250 (bmo#1791765) Matrix SDK bundled with Thunderbird vulnerable to a device verification attack * CVE-2022-39251 (bmo#1791765) Matrix SDK bundled with Thunderbird vulnerable to an impersonation attack * CVE-2022-39236 (bmo#1791765) Matrix SDK bundled with Thunderbird vulnerable to a data corruption issue - Mozilla Thunderbird 102.3 * changed: Thunderbird will no longer attempt to import account passwords when importing from another Thunderbird profile in order to prevent profile corruption and permanent data loss. (bmo#1790605) * changed: Devtools performance profile will use Thunderbird presets instead of Web Developer presets (bmo#1785954) * fixed: Thunderbird startup performance improvements (bmo#1785967) * fixed: Saving email source and images failed (bmo#1777323,bmo#1778804) * fixed: Error message was shown repeatedly when temporary disk space was full (bmo#1788580) * fixed: Attaching OpenPGP keys without a set size to non- encrypted messages briefly displayed a size of zero bytes (bmo#1788952) * fixed: Global Search entry box initially contained "undefined" (bmo#1780963) * fixed: Delete from POP Server mail filter rule intermittently failed to trigger (bmo#1789418) * fixed: Connections to POP3 servers without UIDL support failed (bmo#1789314) * fixed: Pop accounts with "Fetch headers only" set downloaded complete messages if server did not advertise TOP capability (bmo#1789356) * fixed: "File -> New -> Address Book Contact" from Compose window did not work (bmo#1782418) * fixed: Attach "My vCard" option in compose window was not available (bmo#1787614) * fixed: Improved performance of matching a contact to an email address (bmo#1782725) * fixed: Address book only recognized a contact's first two email addresses (bmo#1777156) * fixed: Address book search and autocomplete failed if a contact vCard could not be parsed (bmo#1789793) * fixed: Downloading NNTP messages for offline use failed (bmo#1785773) * fixed: NNTP client became stuck when connecting to Public- Inbox servers (bmo#1786203) * fixed: Various visual and UX improvements (bmo#1782235,bmo#1787448,bmo#1788725,bmo#1790324) * fixed: Various security fixes * unresolved: No dedicated "Department" field in address book (bmo#1777780) MFSA 2022-42 (bsc#1203477) * CVE-2022-3266 (bmo#1767360) Out of bounds read when decoding H264 * CVE-2022-40959 (bmo#1782211) Bypassing FeaturePolicy restrictions on transient pages * CVE-2022-40960 (bmo#1787633) Data-race when parsing non-UTF-8 URLs in threads * CVE-2022-40958 (bmo#1779993) Bypassing Secure Context restriction for cookies with __Host and __Secure prefix * CVE-2022-40956 (bmo#1770094) Content-Security-Policy base-uri bypass * CVE-2022-40957 (bmo#1777604) Incoherent instruction cache when building WASM on ARM64 * CVE-2022-3155 (bmo#1789061) Attachment files saved to disk on macOS could be executed without warning * CVE-2022-40962 (bmo#1776655, bmo#1777574, bmo#1784835, bmo#1785109, bmo#1786502, bmo#1789440) Memory safety bugs fixed in Thunderbird 102.3 Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3800=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-3800=1 - SUSE Linux Enterprise Workstation Extension 15-SP4: zypper in -t patch SUSE-SLE-Product-WE-15-SP4-2022-3800=1 - SUSE Linux Enterprise Workstation Extension 15-SP3: zypper in -t patch SUSE-SLE-Product-WE-15-SP3-2022-3800=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2022-3800=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2022-3800=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): MozillaThunderbird-102.4.0-150200.8.85.1 MozillaThunderbird-debuginfo-102.4.0-150200.8.85.1 MozillaThunderbird-debugsource-102.4.0-150200.8.85.1 MozillaThunderbird-translations-common-102.4.0-150200.8.85.1 MozillaThunderbird-translations-other-102.4.0-150200.8.85.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): MozillaThunderbird-102.4.0-150200.8.85.1 MozillaThunderbird-debuginfo-102.4.0-150200.8.85.1 MozillaThunderbird-debugsource-102.4.0-150200.8.85.1 MozillaThunderbird-translations-common-102.4.0-150200.8.85.1 MozillaThunderbird-translations-other-102.4.0-150200.8.85.1 - SUSE Linux Enterprise Workstation Extension 15-SP4 (x86_64): MozillaThunderbird-102.4.0-150200.8.85.1 MozillaThunderbird-debuginfo-102.4.0-150200.8.85.1 MozillaThunderbird-debugsource-102.4.0-150200.8.85.1 MozillaThunderbird-translations-common-102.4.0-150200.8.85.1 MozillaThunderbird-translations-other-102.4.0-150200.8.85.1 - SUSE Linux Enterprise Workstation Extension 15-SP3 (x86_64): MozillaThunderbird-102.4.0-150200.8.85.1 MozillaThunderbird-debuginfo-102.4.0-150200.8.85.1 MozillaThunderbird-debugsource-102.4.0-150200.8.85.1 MozillaThunderbird-translations-common-102.4.0-150200.8.85.1 MozillaThunderbird-translations-other-102.4.0-150200.8.85.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 (aarch64 ppc64le s390x): MozillaThunderbird-102.4.0-150200.8.85.1 MozillaThunderbird-debuginfo-102.4.0-150200.8.85.1 MozillaThunderbird-debugsource-102.4.0-150200.8.85.1 MozillaThunderbird-translations-common-102.4.0-150200.8.85.1 MozillaThunderbird-translations-other-102.4.0-150200.8.85.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (aarch64 ppc64le s390x): MozillaThunderbird-102.4.0-150200.8.85.1 MozillaThunderbird-debuginfo-102.4.0-150200.8.85.1 MozillaThunderbird-debugsource-102.4.0-150200.8.85.1 MozillaThunderbird-translations-common-102.4.0-150200.8.85.1 MozillaThunderbird-translations-other-102.4.0-150200.8.85.1 References: https://www.suse.com/security/cve/CVE-2022-3155.html https://www.suse.com/security/cve/CVE-2022-3266.html https://www.suse.com/security/cve/CVE-2022-39236.html https://www.suse.com/security/cve/CVE-2022-39249.html https://www.suse.com/security/cve/CVE-2022-39250.html https://www.suse.com/security/cve/CVE-2022-39251.html https://www.suse.com/security/cve/CVE-2022-40956.html https://www.suse.com/security/cve/CVE-2022-40957.html https://www.suse.com/security/cve/CVE-2022-40958.html https://www.suse.com/security/cve/CVE-2022-40959.html https://www.suse.com/security/cve/CVE-2022-40960.html https://www.suse.com/security/cve/CVE-2022-40962.html https://bugzilla.suse.com/1203477 https://bugzilla.suse.com/1204411 https://bugzilla.suse.com/1204421 From sle-updates at lists.suse.com Thu Oct 27 16:24:11 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 27 Oct 2022 18:24:11 +0200 (CEST) Subject: SUSE-SU-2022:3795-1: moderate: Security update for qemu Message-ID: <20221027162411.D4149FDB8@maintenance.suse.de> SUSE Security Update: Security update for qemu ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3795-1 Rating: moderate References: #1192115 #1198038 #1201367 Cross-References: CVE-2022-0216 CVE-2022-35414 CVSS scores: CVE-2022-0216 (NVD) : 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2022-0216 (SUSE): 5.3 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2022-35414 (NVD) : 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H CVE-2022-35414 (SUSE): 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Module for Server Applications 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: This update for qemu fixes the following issues: - CVE-2022-0216: Fixed a use after free issue found in hw/scsi/lsi53c895a.c. (bsc#1198038) - CVE-2022-35414: Fixed an uninitialized read during address translation that leads to a crash. (bsc#1201367) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3795=1 - SUSE Linux Enterprise Module for Server Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2022-3795=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-3795=1 - SUSE Linux Enterprise Micro 5.3: zypper in -t patch SUSE-SLE-Micro-5.3-2022-3795=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): qemu-6.2.0-150400.37.8.2 qemu-accel-qtest-6.2.0-150400.37.8.2 qemu-accel-qtest-debuginfo-6.2.0-150400.37.8.2 qemu-accel-tcg-x86-6.2.0-150400.37.8.2 qemu-accel-tcg-x86-debuginfo-6.2.0-150400.37.8.2 qemu-arm-6.2.0-150400.37.8.2 qemu-arm-debuginfo-6.2.0-150400.37.8.2 qemu-audio-alsa-6.2.0-150400.37.8.2 qemu-audio-alsa-debuginfo-6.2.0-150400.37.8.2 qemu-audio-jack-6.2.0-150400.37.8.2 qemu-audio-jack-debuginfo-6.2.0-150400.37.8.2 qemu-audio-oss-debuginfo-6.2.0-150400.37.8.2 qemu-audio-pa-6.2.0-150400.37.8.2 qemu-audio-pa-debuginfo-6.2.0-150400.37.8.2 qemu-audio-spice-6.2.0-150400.37.8.2 qemu-audio-spice-debuginfo-6.2.0-150400.37.8.2 qemu-block-curl-6.2.0-150400.37.8.2 qemu-block-curl-debuginfo-6.2.0-150400.37.8.2 qemu-block-dmg-6.2.0-150400.37.8.2 qemu-block-dmg-debuginfo-6.2.0-150400.37.8.2 qemu-block-gluster-6.2.0-150400.37.8.2 qemu-block-gluster-debuginfo-6.2.0-150400.37.8.2 qemu-block-iscsi-6.2.0-150400.37.8.2 qemu-block-iscsi-debuginfo-6.2.0-150400.37.8.2 qemu-block-nfs-6.2.0-150400.37.8.2 qemu-block-nfs-debuginfo-6.2.0-150400.37.8.2 qemu-block-rbd-6.2.0-150400.37.8.2 qemu-block-rbd-debuginfo-6.2.0-150400.37.8.2 qemu-block-ssh-6.2.0-150400.37.8.2 qemu-block-ssh-debuginfo-6.2.0-150400.37.8.2 qemu-chardev-baum-6.2.0-150400.37.8.2 qemu-chardev-baum-debuginfo-6.2.0-150400.37.8.2 qemu-chardev-spice-6.2.0-150400.37.8.2 qemu-chardev-spice-debuginfo-6.2.0-150400.37.8.2 qemu-debuginfo-6.2.0-150400.37.8.2 qemu-debugsource-6.2.0-150400.37.8.2 qemu-extra-6.2.0-150400.37.8.2 qemu-extra-debuginfo-6.2.0-150400.37.8.2 qemu-guest-agent-6.2.0-150400.37.8.2 qemu-guest-agent-debuginfo-6.2.0-150400.37.8.2 qemu-hw-display-qxl-6.2.0-150400.37.8.2 qemu-hw-display-qxl-debuginfo-6.2.0-150400.37.8.2 qemu-hw-display-virtio-gpu-6.2.0-150400.37.8.2 qemu-hw-display-virtio-gpu-debuginfo-6.2.0-150400.37.8.2 qemu-hw-display-virtio-gpu-pci-6.2.0-150400.37.8.2 qemu-hw-display-virtio-gpu-pci-debuginfo-6.2.0-150400.37.8.2 qemu-hw-display-virtio-vga-6.2.0-150400.37.8.2 qemu-hw-display-virtio-vga-debuginfo-6.2.0-150400.37.8.2 qemu-hw-s390x-virtio-gpu-ccw-6.2.0-150400.37.8.2 qemu-hw-s390x-virtio-gpu-ccw-debuginfo-6.2.0-150400.37.8.2 qemu-hw-usb-host-6.2.0-150400.37.8.2 qemu-hw-usb-host-debuginfo-6.2.0-150400.37.8.2 qemu-hw-usb-redirect-6.2.0-150400.37.8.2 qemu-hw-usb-redirect-debuginfo-6.2.0-150400.37.8.2 qemu-hw-usb-smartcard-6.2.0-150400.37.8.2 qemu-hw-usb-smartcard-debuginfo-6.2.0-150400.37.8.2 qemu-ivshmem-tools-6.2.0-150400.37.8.2 qemu-ivshmem-tools-debuginfo-6.2.0-150400.37.8.2 qemu-ksm-6.2.0-150400.37.8.2 qemu-lang-6.2.0-150400.37.8.2 qemu-linux-user-6.2.0-150400.37.8.1 qemu-linux-user-debuginfo-6.2.0-150400.37.8.1 qemu-linux-user-debugsource-6.2.0-150400.37.8.1 qemu-ppc-6.2.0-150400.37.8.2 qemu-ppc-debuginfo-6.2.0-150400.37.8.2 qemu-s390x-6.2.0-150400.37.8.2 qemu-s390x-debuginfo-6.2.0-150400.37.8.2 qemu-testsuite-6.2.0-150400.37.8.4 qemu-tools-6.2.0-150400.37.8.2 qemu-tools-debuginfo-6.2.0-150400.37.8.2 qemu-ui-curses-6.2.0-150400.37.8.2 qemu-ui-curses-debuginfo-6.2.0-150400.37.8.2 qemu-ui-gtk-6.2.0-150400.37.8.2 qemu-ui-gtk-debuginfo-6.2.0-150400.37.8.2 qemu-ui-opengl-6.2.0-150400.37.8.2 qemu-ui-opengl-debuginfo-6.2.0-150400.37.8.2 qemu-ui-spice-app-6.2.0-150400.37.8.2 qemu-ui-spice-app-debuginfo-6.2.0-150400.37.8.2 qemu-ui-spice-core-6.2.0-150400.37.8.2 qemu-ui-spice-core-debuginfo-6.2.0-150400.37.8.2 qemu-vhost-user-gpu-6.2.0-150400.37.8.2 qemu-vhost-user-gpu-debuginfo-6.2.0-150400.37.8.2 qemu-x86-6.2.0-150400.37.8.2 qemu-x86-debuginfo-6.2.0-150400.37.8.2 - openSUSE Leap 15.4 (s390x x86_64): qemu-kvm-6.2.0-150400.37.8.2 - openSUSE Leap 15.4 (noarch): qemu-SLOF-6.2.0-150400.37.8.2 qemu-ipxe-1.0.0+-150400.37.8.2 qemu-microvm-6.2.0-150400.37.8.2 qemu-seabios-1.15.0_0_g2dd4b9b-150400.37.8.2 qemu-sgabios-8-150400.37.8.2 qemu-skiboot-6.2.0-150400.37.8.2 qemu-vgabios-1.15.0_0_g2dd4b9b-150400.37.8.2 - SUSE Linux Enterprise Module for Server Applications 15-SP4 (aarch64 ppc64le s390x x86_64): qemu-6.2.0-150400.37.8.2 qemu-block-curl-6.2.0-150400.37.8.2 qemu-block-curl-debuginfo-6.2.0-150400.37.8.2 qemu-block-iscsi-6.2.0-150400.37.8.2 qemu-block-iscsi-debuginfo-6.2.0-150400.37.8.2 qemu-block-rbd-6.2.0-150400.37.8.2 qemu-block-rbd-debuginfo-6.2.0-150400.37.8.2 qemu-block-ssh-6.2.0-150400.37.8.2 qemu-block-ssh-debuginfo-6.2.0-150400.37.8.2 qemu-chardev-baum-6.2.0-150400.37.8.2 qemu-chardev-baum-debuginfo-6.2.0-150400.37.8.2 qemu-debuginfo-6.2.0-150400.37.8.2 qemu-debugsource-6.2.0-150400.37.8.2 qemu-guest-agent-6.2.0-150400.37.8.2 qemu-guest-agent-debuginfo-6.2.0-150400.37.8.2 qemu-hw-usb-host-6.2.0-150400.37.8.2 qemu-hw-usb-host-debuginfo-6.2.0-150400.37.8.2 qemu-ksm-6.2.0-150400.37.8.2 qemu-lang-6.2.0-150400.37.8.2 qemu-ui-curses-6.2.0-150400.37.8.2 qemu-ui-curses-debuginfo-6.2.0-150400.37.8.2 - SUSE Linux Enterprise Module for Server Applications 15-SP4 (aarch64 ppc64le x86_64): qemu-audio-spice-6.2.0-150400.37.8.2 qemu-audio-spice-debuginfo-6.2.0-150400.37.8.2 qemu-chardev-spice-6.2.0-150400.37.8.2 qemu-chardev-spice-debuginfo-6.2.0-150400.37.8.2 qemu-hw-display-qxl-6.2.0-150400.37.8.2 qemu-hw-display-qxl-debuginfo-6.2.0-150400.37.8.2 qemu-hw-display-virtio-vga-6.2.0-150400.37.8.2 qemu-hw-display-virtio-vga-debuginfo-6.2.0-150400.37.8.2 qemu-hw-usb-redirect-6.2.0-150400.37.8.2 qemu-hw-usb-redirect-debuginfo-6.2.0-150400.37.8.2 qemu-ui-gtk-6.2.0-150400.37.8.2 qemu-ui-gtk-debuginfo-6.2.0-150400.37.8.2 qemu-ui-opengl-6.2.0-150400.37.8.2 qemu-ui-opengl-debuginfo-6.2.0-150400.37.8.2 qemu-ui-spice-app-6.2.0-150400.37.8.2 qemu-ui-spice-app-debuginfo-6.2.0-150400.37.8.2 qemu-ui-spice-core-6.2.0-150400.37.8.2 qemu-ui-spice-core-debuginfo-6.2.0-150400.37.8.2 - SUSE Linux Enterprise Module for Server Applications 15-SP4 (s390x x86_64): qemu-hw-display-virtio-gpu-6.2.0-150400.37.8.2 qemu-hw-display-virtio-gpu-debuginfo-6.2.0-150400.37.8.2 qemu-hw-display-virtio-gpu-pci-6.2.0-150400.37.8.2 qemu-hw-display-virtio-gpu-pci-debuginfo-6.2.0-150400.37.8.2 qemu-kvm-6.2.0-150400.37.8.2 - SUSE Linux Enterprise Module for Server Applications 15-SP4 (ppc64le): qemu-ppc-6.2.0-150400.37.8.2 qemu-ppc-debuginfo-6.2.0-150400.37.8.2 - SUSE Linux Enterprise Module for Server Applications 15-SP4 (aarch64): qemu-arm-6.2.0-150400.37.8.2 qemu-arm-debuginfo-6.2.0-150400.37.8.2 - SUSE Linux Enterprise Module for Server Applications 15-SP4 (noarch): qemu-SLOF-6.2.0-150400.37.8.2 qemu-ipxe-1.0.0+-150400.37.8.2 qemu-seabios-1.15.0_0_g2dd4b9b-150400.37.8.2 qemu-sgabios-8-150400.37.8.2 qemu-skiboot-6.2.0-150400.37.8.2 qemu-vgabios-1.15.0_0_g2dd4b9b-150400.37.8.2 - SUSE Linux Enterprise Module for Server Applications 15-SP4 (x86_64): qemu-accel-tcg-x86-6.2.0-150400.37.8.2 qemu-accel-tcg-x86-debuginfo-6.2.0-150400.37.8.2 qemu-audio-alsa-6.2.0-150400.37.8.2 qemu-audio-alsa-debuginfo-6.2.0-150400.37.8.2 qemu-audio-pa-6.2.0-150400.37.8.2 qemu-audio-pa-debuginfo-6.2.0-150400.37.8.2 qemu-x86-6.2.0-150400.37.8.2 qemu-x86-debuginfo-6.2.0-150400.37.8.2 - SUSE Linux Enterprise Module for Server Applications 15-SP4 (s390x): qemu-hw-s390x-virtio-gpu-ccw-6.2.0-150400.37.8.2 qemu-hw-s390x-virtio-gpu-ccw-debuginfo-6.2.0-150400.37.8.2 qemu-s390x-6.2.0-150400.37.8.2 qemu-s390x-debuginfo-6.2.0-150400.37.8.2 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): qemu-debuginfo-6.2.0-150400.37.8.2 qemu-debugsource-6.2.0-150400.37.8.2 qemu-tools-6.2.0-150400.37.8.2 qemu-tools-debuginfo-6.2.0-150400.37.8.2 - SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64): qemu-6.2.0-150400.37.8.2 qemu-audio-spice-6.2.0-150400.37.8.2 qemu-audio-spice-debuginfo-6.2.0-150400.37.8.2 qemu-chardev-spice-6.2.0-150400.37.8.2 qemu-chardev-spice-debuginfo-6.2.0-150400.37.8.2 qemu-debuginfo-6.2.0-150400.37.8.2 qemu-debugsource-6.2.0-150400.37.8.2 qemu-guest-agent-6.2.0-150400.37.8.2 qemu-guest-agent-debuginfo-6.2.0-150400.37.8.2 qemu-hw-display-qxl-6.2.0-150400.37.8.2 qemu-hw-display-qxl-debuginfo-6.2.0-150400.37.8.2 qemu-hw-display-virtio-gpu-6.2.0-150400.37.8.2 qemu-hw-display-virtio-gpu-debuginfo-6.2.0-150400.37.8.2 qemu-hw-display-virtio-vga-6.2.0-150400.37.8.2 qemu-hw-display-virtio-vga-debuginfo-6.2.0-150400.37.8.2 qemu-hw-usb-redirect-6.2.0-150400.37.8.2 qemu-hw-usb-redirect-debuginfo-6.2.0-150400.37.8.2 qemu-tools-6.2.0-150400.37.8.2 qemu-tools-debuginfo-6.2.0-150400.37.8.2 qemu-ui-opengl-6.2.0-150400.37.8.2 qemu-ui-opengl-debuginfo-6.2.0-150400.37.8.2 qemu-ui-spice-core-6.2.0-150400.37.8.2 qemu-ui-spice-core-debuginfo-6.2.0-150400.37.8.2 - SUSE Linux Enterprise Micro 5.3 (aarch64): qemu-arm-6.2.0-150400.37.8.2 qemu-arm-debuginfo-6.2.0-150400.37.8.2 - SUSE Linux Enterprise Micro 5.3 (x86_64): qemu-accel-tcg-x86-6.2.0-150400.37.8.2 qemu-accel-tcg-x86-debuginfo-6.2.0-150400.37.8.2 qemu-x86-6.2.0-150400.37.8.2 qemu-x86-debuginfo-6.2.0-150400.37.8.2 - SUSE Linux Enterprise Micro 5.3 (noarch): qemu-ipxe-1.0.0+-150400.37.8.2 qemu-seabios-1.15.0_0_g2dd4b9b-150400.37.8.2 qemu-sgabios-8-150400.37.8.2 qemu-vgabios-1.15.0_0_g2dd4b9b-150400.37.8.2 - SUSE Linux Enterprise Micro 5.3 (s390x): qemu-s390x-6.2.0-150400.37.8.2 qemu-s390x-debuginfo-6.2.0-150400.37.8.2 References: https://www.suse.com/security/cve/CVE-2022-0216.html https://www.suse.com/security/cve/CVE-2022-35414.html https://bugzilla.suse.com/1192115 https://bugzilla.suse.com/1198038 https://bugzilla.suse.com/1201367 From sle-updates at lists.suse.com Thu Oct 27 16:25:10 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 27 Oct 2022 18:25:10 +0200 (CEST) Subject: SUSE-RU-2022:3799-1: important: Recommended update for gnutls Message-ID: <20221027162510.E1FB9FDB8@maintenance.suse.de> SUSE Recommended Update: Recommended update for gnutls ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:3799-1 Rating: important References: #1202146 #1203779 Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for gnutls fixes the following issues: - FIPS: Set error state when jent init failed in FIPS mode (bsc#1202146) - FIPS: Make XTS key check failure not fatal (bsc#1203779) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3799=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-3799=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): gnutls-3.7.3-150400.4.16.1 gnutls-debuginfo-3.7.3-150400.4.16.1 gnutls-debugsource-3.7.3-150400.4.16.1 gnutls-guile-3.7.3-150400.4.16.1 gnutls-guile-debuginfo-3.7.3-150400.4.16.1 libgnutls-devel-3.7.3-150400.4.16.1 libgnutls30-3.7.3-150400.4.16.1 libgnutls30-debuginfo-3.7.3-150400.4.16.1 libgnutls30-hmac-3.7.3-150400.4.16.1 libgnutlsxx-devel-3.7.3-150400.4.16.1 libgnutlsxx28-3.7.3-150400.4.16.1 libgnutlsxx28-debuginfo-3.7.3-150400.4.16.1 - openSUSE Leap 15.4 (x86_64): libgnutls-devel-32bit-3.7.3-150400.4.16.1 libgnutls30-32bit-3.7.3-150400.4.16.1 libgnutls30-32bit-debuginfo-3.7.3-150400.4.16.1 libgnutls30-hmac-32bit-3.7.3-150400.4.16.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): gnutls-3.7.3-150400.4.16.1 gnutls-debuginfo-3.7.3-150400.4.16.1 gnutls-debugsource-3.7.3-150400.4.16.1 libgnutls-devel-3.7.3-150400.4.16.1 libgnutls30-3.7.3-150400.4.16.1 libgnutls30-debuginfo-3.7.3-150400.4.16.1 libgnutls30-hmac-3.7.3-150400.4.16.1 libgnutlsxx-devel-3.7.3-150400.4.16.1 libgnutlsxx28-3.7.3-150400.4.16.1 libgnutlsxx28-debuginfo-3.7.3-150400.4.16.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (x86_64): libgnutls30-32bit-3.7.3-150400.4.16.1 libgnutls30-32bit-debuginfo-3.7.3-150400.4.16.1 libgnutls30-hmac-32bit-3.7.3-150400.4.16.1 References: https://bugzilla.suse.com/1202146 https://bugzilla.suse.com/1203779 From sle-updates at lists.suse.com Thu Oct 27 16:26:07 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 27 Oct 2022 18:26:07 +0200 (CEST) Subject: SUSE-RU-2022:3798-1: moderate: Recommended update for openscap Message-ID: <20221027162607.1B750FDB8@maintenance.suse.de> SUSE Recommended Update: Recommended update for openscap ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:3798-1 Rating: moderate References: #1204579 Affected Products: SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server for SAP 15 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for openscap fixes the following issues: - Fix build of ComplianceAsCode 0.1.64 and newer versions, allow building without availability of remote data resources. (bsc#1204579) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3798=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-3798=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-3798=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-3798=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-3798=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): libopenscap8-1.2.16-150000.7.12.1 libopenscap8-debuginfo-1.2.16-150000.7.12.1 libopenscap_sce8-1.2.16-150000.7.12.1 libopenscap_sce8-debuginfo-1.2.16-150000.7.12.1 openscap-engine-sce-1.2.16-150000.7.12.1 openscap-extra-probes-1.2.16-150000.7.12.1 openscap-extra-probes-debuginfo-1.2.16-150000.7.12.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): libopenscap8-1.2.16-150000.7.12.1 libopenscap8-debuginfo-1.2.16-150000.7.12.1 openscap-1.2.16-150000.7.12.1 openscap-content-1.2.16-150000.7.12.1 openscap-debuginfo-1.2.16-150000.7.12.1 openscap-debugsource-1.2.16-150000.7.12.1 openscap-devel-1.2.16-150000.7.12.1 openscap-engine-sce-1.2.16-150000.7.12.1 openscap-extra-probes-1.2.16-150000.7.12.1 openscap-extra-probes-debuginfo-1.2.16-150000.7.12.1 openscap-utils-1.2.16-150000.7.12.1 openscap-utils-debuginfo-1.2.16-150000.7.12.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): libopenscap8-1.2.16-150000.7.12.1 libopenscap8-debuginfo-1.2.16-150000.7.12.1 openscap-1.2.16-150000.7.12.1 openscap-content-1.2.16-150000.7.12.1 openscap-debuginfo-1.2.16-150000.7.12.1 openscap-debugsource-1.2.16-150000.7.12.1 openscap-devel-1.2.16-150000.7.12.1 openscap-engine-sce-1.2.16-150000.7.12.1 openscap-extra-probes-1.2.16-150000.7.12.1 openscap-extra-probes-debuginfo-1.2.16-150000.7.12.1 openscap-utils-1.2.16-150000.7.12.1 openscap-utils-debuginfo-1.2.16-150000.7.12.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): libopenscap8-1.2.16-150000.7.12.1 libopenscap8-debuginfo-1.2.16-150000.7.12.1 openscap-1.2.16-150000.7.12.1 openscap-content-1.2.16-150000.7.12.1 openscap-debuginfo-1.2.16-150000.7.12.1 openscap-debugsource-1.2.16-150000.7.12.1 openscap-devel-1.2.16-150000.7.12.1 openscap-engine-sce-1.2.16-150000.7.12.1 openscap-extra-probes-1.2.16-150000.7.12.1 openscap-extra-probes-debuginfo-1.2.16-150000.7.12.1 openscap-utils-1.2.16-150000.7.12.1 openscap-utils-debuginfo-1.2.16-150000.7.12.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): libopenscap8-1.2.16-150000.7.12.1 libopenscap8-debuginfo-1.2.16-150000.7.12.1 openscap-1.2.16-150000.7.12.1 openscap-content-1.2.16-150000.7.12.1 openscap-debuginfo-1.2.16-150000.7.12.1 openscap-debugsource-1.2.16-150000.7.12.1 openscap-devel-1.2.16-150000.7.12.1 openscap-engine-sce-1.2.16-150000.7.12.1 openscap-extra-probes-1.2.16-150000.7.12.1 openscap-extra-probes-debuginfo-1.2.16-150000.7.12.1 openscap-utils-1.2.16-150000.7.12.1 openscap-utils-debuginfo-1.2.16-150000.7.12.1 References: https://bugzilla.suse.com/1204579 From sle-updates at lists.suse.com Thu Oct 27 16:26:56 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 27 Oct 2022 18:26:56 +0200 (CEST) Subject: SUSE-SU-2022:3797-1: critical: Security update for libtasn1 Message-ID: <20221027162656.78855FDB8@maintenance.suse.de> SUSE Security Update: Security update for libtasn1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3797-1 Rating: critical References: #1040621 #1105435 #1204690 Cross-References: CVE-2017-6891 CVE-2018-1000654 CVE-2021-46848 CVSS scores: CVE-2017-6891 (NVD) : 8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2017-6891 (SUSE): 5.1 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L CVE-2018-1000654 (NVD) : 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2018-1000654 (SUSE): 6.2 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-46848 (NVD) : 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H CVE-2021-46848 (SUSE): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for libtasn1 fixes the following issues: Security issue fixed: - CVE-2018-1000654: Fixed a denial of service in the asn1 parser (bsc#1105435). - CVE-2017-6891: Added safety check to fix a stack overflow issue (bsc#1040621). - CVE-2021-46848: Fixed off-by-one array size check that affects asn1_encode_simple_der (bsc#1204690) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2022-3797=1 Package List: - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): libtasn1-3.7-13.7.1 libtasn1-6-3.7-13.7.1 libtasn1-6-32bit-3.7-13.7.1 libtasn1-6-debuginfo-3.7-13.7.1 libtasn1-6-debuginfo-32bit-3.7-13.7.1 libtasn1-debuginfo-3.7-13.7.1 libtasn1-debugsource-3.7-13.7.1 References: https://www.suse.com/security/cve/CVE-2017-6891.html https://www.suse.com/security/cve/CVE-2018-1000654.html https://www.suse.com/security/cve/CVE-2021-46848.html https://bugzilla.suse.com/1040621 https://bugzilla.suse.com/1105435 https://bugzilla.suse.com/1204690 From sle-updates at lists.suse.com Thu Oct 27 19:23:16 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 27 Oct 2022 21:23:16 +0200 (CEST) Subject: SUSE-SU-2022:3805-1: important: Security update for dbus-1 Message-ID: <20221027192316.9A5FEFDB8@maintenance.suse.de> SUSE Security Update: Security update for dbus-1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3805-1 Rating: important References: #1087072 #1204111 #1204112 #1204113 Cross-References: CVE-2022-42010 CVE-2022-42011 CVE-2022-42012 CVSS scores: CVE-2022-42010 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-42010 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L CVE-2022-42011 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-42011 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L CVE-2022-42012 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-42012 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Enterprise Storage 7 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.1 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.1 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap Micro 5.2 ______________________________________________________________________________ An update that solves three vulnerabilities and has one errata is now available. Description: This update for dbus-1 fixes the following issues: - CVE-2022-42010: Fixed potential crash that could be triggered by an invalid signature (bsc#1204111). - CVE-2022-42011: Fixed an out of bounds read caused by a fixed length array (bsc#1204112). - CVE-2022-42012: Fixed a use-after-free that could be trigged by a message in non-native endianness with out-of-band Unix file descriptor (bsc#1204113). Bugfixes: - Disable asserts (bsc#1087072). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap Micro 5.2: zypper in -t patch openSUSE-Leap-Micro-5.2-2022-3805=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-3805=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-3805=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-3805=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-3805=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-3805=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-3805=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-3805=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-3805=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-3805=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-3805=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-3805=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-3805=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-3805=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-3805=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-3805=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-3805=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-3805=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-3805=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-3805=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - openSUSE Leap Micro 5.2 (aarch64 x86_64): dbus-1-1.12.2-150100.8.14.1 dbus-1-debuginfo-1.12.2-150100.8.14.1 dbus-1-debugsource-1.12.2-150100.8.14.1 dbus-1-x11-1.12.2-150100.8.14.1 dbus-1-x11-debuginfo-1.12.2-150100.8.14.1 dbus-1-x11-debugsource-1.12.2-150100.8.14.1 libdbus-1-3-1.12.2-150100.8.14.1 libdbus-1-3-debuginfo-1.12.2-150100.8.14.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): dbus-1-1.12.2-150100.8.14.1 dbus-1-debuginfo-1.12.2-150100.8.14.1 dbus-1-debugsource-1.12.2-150100.8.14.1 dbus-1-devel-1.12.2-150100.8.14.1 dbus-1-x11-1.12.2-150100.8.14.1 dbus-1-x11-debuginfo-1.12.2-150100.8.14.1 dbus-1-x11-debugsource-1.12.2-150100.8.14.1 libdbus-1-3-1.12.2-150100.8.14.1 libdbus-1-3-debuginfo-1.12.2-150100.8.14.1 - openSUSE Leap 15.3 (x86_64): dbus-1-32bit-debuginfo-1.12.2-150100.8.14.1 dbus-1-devel-32bit-1.12.2-150100.8.14.1 libdbus-1-3-32bit-1.12.2-150100.8.14.1 libdbus-1-3-32bit-debuginfo-1.12.2-150100.8.14.1 - openSUSE Leap 15.3 (noarch): dbus-1-devel-doc-1.12.2-150100.8.14.1 - SUSE Manager Server 4.1 (ppc64le s390x x86_64): dbus-1-1.12.2-150100.8.14.1 dbus-1-debuginfo-1.12.2-150100.8.14.1 dbus-1-debugsource-1.12.2-150100.8.14.1 dbus-1-devel-1.12.2-150100.8.14.1 dbus-1-x11-1.12.2-150100.8.14.1 dbus-1-x11-debuginfo-1.12.2-150100.8.14.1 dbus-1-x11-debugsource-1.12.2-150100.8.14.1 libdbus-1-3-1.12.2-150100.8.14.1 libdbus-1-3-debuginfo-1.12.2-150100.8.14.1 - SUSE Manager Server 4.1 (x86_64): dbus-1-32bit-debuginfo-1.12.2-150100.8.14.1 libdbus-1-3-32bit-1.12.2-150100.8.14.1 libdbus-1-3-32bit-debuginfo-1.12.2-150100.8.14.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): dbus-1-1.12.2-150100.8.14.1 dbus-1-32bit-debuginfo-1.12.2-150100.8.14.1 dbus-1-debuginfo-1.12.2-150100.8.14.1 dbus-1-debugsource-1.12.2-150100.8.14.1 dbus-1-devel-1.12.2-150100.8.14.1 dbus-1-x11-1.12.2-150100.8.14.1 dbus-1-x11-debuginfo-1.12.2-150100.8.14.1 dbus-1-x11-debugsource-1.12.2-150100.8.14.1 libdbus-1-3-1.12.2-150100.8.14.1 libdbus-1-3-32bit-1.12.2-150100.8.14.1 libdbus-1-3-32bit-debuginfo-1.12.2-150100.8.14.1 libdbus-1-3-debuginfo-1.12.2-150100.8.14.1 - SUSE Manager Proxy 4.1 (x86_64): dbus-1-1.12.2-150100.8.14.1 dbus-1-32bit-debuginfo-1.12.2-150100.8.14.1 dbus-1-debuginfo-1.12.2-150100.8.14.1 dbus-1-debugsource-1.12.2-150100.8.14.1 dbus-1-devel-1.12.2-150100.8.14.1 dbus-1-x11-1.12.2-150100.8.14.1 dbus-1-x11-debuginfo-1.12.2-150100.8.14.1 dbus-1-x11-debugsource-1.12.2-150100.8.14.1 libdbus-1-3-1.12.2-150100.8.14.1 libdbus-1-3-32bit-1.12.2-150100.8.14.1 libdbus-1-3-32bit-debuginfo-1.12.2-150100.8.14.1 libdbus-1-3-debuginfo-1.12.2-150100.8.14.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): dbus-1-1.12.2-150100.8.14.1 dbus-1-debuginfo-1.12.2-150100.8.14.1 dbus-1-debugsource-1.12.2-150100.8.14.1 dbus-1-devel-1.12.2-150100.8.14.1 dbus-1-x11-1.12.2-150100.8.14.1 dbus-1-x11-debuginfo-1.12.2-150100.8.14.1 dbus-1-x11-debugsource-1.12.2-150100.8.14.1 libdbus-1-3-1.12.2-150100.8.14.1 libdbus-1-3-debuginfo-1.12.2-150100.8.14.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (x86_64): dbus-1-32bit-debuginfo-1.12.2-150100.8.14.1 libdbus-1-3-32bit-1.12.2-150100.8.14.1 libdbus-1-3-32bit-debuginfo-1.12.2-150100.8.14.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): dbus-1-1.12.2-150100.8.14.1 dbus-1-debuginfo-1.12.2-150100.8.14.1 dbus-1-debugsource-1.12.2-150100.8.14.1 dbus-1-devel-1.12.2-150100.8.14.1 dbus-1-x11-1.12.2-150100.8.14.1 dbus-1-x11-debuginfo-1.12.2-150100.8.14.1 dbus-1-x11-debugsource-1.12.2-150100.8.14.1 libdbus-1-3-1.12.2-150100.8.14.1 libdbus-1-3-debuginfo-1.12.2-150100.8.14.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (x86_64): dbus-1-32bit-debuginfo-1.12.2-150100.8.14.1 libdbus-1-3-32bit-1.12.2-150100.8.14.1 libdbus-1-3-32bit-debuginfo-1.12.2-150100.8.14.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): dbus-1-1.12.2-150100.8.14.1 dbus-1-debuginfo-1.12.2-150100.8.14.1 dbus-1-debugsource-1.12.2-150100.8.14.1 dbus-1-devel-1.12.2-150100.8.14.1 dbus-1-x11-1.12.2-150100.8.14.1 dbus-1-x11-debuginfo-1.12.2-150100.8.14.1 dbus-1-x11-debugsource-1.12.2-150100.8.14.1 libdbus-1-3-1.12.2-150100.8.14.1 libdbus-1-3-debuginfo-1.12.2-150100.8.14.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (x86_64): dbus-1-32bit-debuginfo-1.12.2-150100.8.14.1 libdbus-1-3-32bit-1.12.2-150100.8.14.1 libdbus-1-3-32bit-debuginfo-1.12.2-150100.8.14.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): dbus-1-1.12.2-150100.8.14.1 dbus-1-32bit-debuginfo-1.12.2-150100.8.14.1 dbus-1-debuginfo-1.12.2-150100.8.14.1 dbus-1-debugsource-1.12.2-150100.8.14.1 dbus-1-devel-1.12.2-150100.8.14.1 dbus-1-x11-1.12.2-150100.8.14.1 dbus-1-x11-debuginfo-1.12.2-150100.8.14.1 dbus-1-x11-debugsource-1.12.2-150100.8.14.1 libdbus-1-3-1.12.2-150100.8.14.1 libdbus-1-3-32bit-1.12.2-150100.8.14.1 libdbus-1-3-32bit-debuginfo-1.12.2-150100.8.14.1 libdbus-1-3-debuginfo-1.12.2-150100.8.14.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): dbus-1-1.12.2-150100.8.14.1 dbus-1-debuginfo-1.12.2-150100.8.14.1 dbus-1-debugsource-1.12.2-150100.8.14.1 dbus-1-devel-1.12.2-150100.8.14.1 dbus-1-x11-1.12.2-150100.8.14.1 dbus-1-x11-debuginfo-1.12.2-150100.8.14.1 dbus-1-x11-debugsource-1.12.2-150100.8.14.1 libdbus-1-3-1.12.2-150100.8.14.1 libdbus-1-3-debuginfo-1.12.2-150100.8.14.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (x86_64): dbus-1-32bit-debuginfo-1.12.2-150100.8.14.1 libdbus-1-3-32bit-1.12.2-150100.8.14.1 libdbus-1-3-32bit-debuginfo-1.12.2-150100.8.14.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): dbus-1-1.12.2-150100.8.14.1 dbus-1-32bit-debuginfo-1.12.2-150100.8.14.1 dbus-1-debuginfo-1.12.2-150100.8.14.1 dbus-1-debugsource-1.12.2-150100.8.14.1 dbus-1-devel-1.12.2-150100.8.14.1 dbus-1-x11-1.12.2-150100.8.14.1 dbus-1-x11-debuginfo-1.12.2-150100.8.14.1 dbus-1-x11-debugsource-1.12.2-150100.8.14.1 libdbus-1-3-1.12.2-150100.8.14.1 libdbus-1-3-32bit-1.12.2-150100.8.14.1 libdbus-1-3-32bit-debuginfo-1.12.2-150100.8.14.1 libdbus-1-3-debuginfo-1.12.2-150100.8.14.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): dbus-1-1.12.2-150100.8.14.1 dbus-1-debuginfo-1.12.2-150100.8.14.1 dbus-1-debugsource-1.12.2-150100.8.14.1 dbus-1-devel-1.12.2-150100.8.14.1 dbus-1-x11-1.12.2-150100.8.14.1 dbus-1-x11-debuginfo-1.12.2-150100.8.14.1 dbus-1-x11-debugsource-1.12.2-150100.8.14.1 libdbus-1-3-1.12.2-150100.8.14.1 libdbus-1-3-debuginfo-1.12.2-150100.8.14.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (x86_64): dbus-1-32bit-debuginfo-1.12.2-150100.8.14.1 libdbus-1-3-32bit-1.12.2-150100.8.14.1 libdbus-1-3-32bit-debuginfo-1.12.2-150100.8.14.1 - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): dbus-1-1.12.2-150100.8.14.1 dbus-1-debuginfo-1.12.2-150100.8.14.1 dbus-1-debugsource-1.12.2-150100.8.14.1 dbus-1-x11-1.12.2-150100.8.14.1 dbus-1-x11-debuginfo-1.12.2-150100.8.14.1 dbus-1-x11-debugsource-1.12.2-150100.8.14.1 libdbus-1-3-1.12.2-150100.8.14.1 libdbus-1-3-debuginfo-1.12.2-150100.8.14.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): dbus-1-1.12.2-150100.8.14.1 dbus-1-debuginfo-1.12.2-150100.8.14.1 dbus-1-debugsource-1.12.2-150100.8.14.1 libdbus-1-3-1.12.2-150100.8.14.1 libdbus-1-3-debuginfo-1.12.2-150100.8.14.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): dbus-1-1.12.2-150100.8.14.1 dbus-1-debuginfo-1.12.2-150100.8.14.1 dbus-1-debugsource-1.12.2-150100.8.14.1 dbus-1-devel-1.12.2-150100.8.14.1 dbus-1-x11-1.12.2-150100.8.14.1 dbus-1-x11-debuginfo-1.12.2-150100.8.14.1 dbus-1-x11-debugsource-1.12.2-150100.8.14.1 libdbus-1-3-1.12.2-150100.8.14.1 libdbus-1-3-debuginfo-1.12.2-150100.8.14.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (x86_64): dbus-1-32bit-debuginfo-1.12.2-150100.8.14.1 libdbus-1-3-32bit-1.12.2-150100.8.14.1 libdbus-1-3-32bit-debuginfo-1.12.2-150100.8.14.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): dbus-1-1.12.2-150100.8.14.1 dbus-1-debuginfo-1.12.2-150100.8.14.1 dbus-1-debugsource-1.12.2-150100.8.14.1 dbus-1-devel-1.12.2-150100.8.14.1 dbus-1-x11-1.12.2-150100.8.14.1 dbus-1-x11-debuginfo-1.12.2-150100.8.14.1 dbus-1-x11-debugsource-1.12.2-150100.8.14.1 libdbus-1-3-1.12.2-150100.8.14.1 libdbus-1-3-debuginfo-1.12.2-150100.8.14.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (x86_64): dbus-1-32bit-debuginfo-1.12.2-150100.8.14.1 libdbus-1-3-32bit-1.12.2-150100.8.14.1 libdbus-1-3-32bit-debuginfo-1.12.2-150100.8.14.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): dbus-1-1.12.2-150100.8.14.1 dbus-1-debuginfo-1.12.2-150100.8.14.1 dbus-1-debugsource-1.12.2-150100.8.14.1 dbus-1-devel-1.12.2-150100.8.14.1 dbus-1-x11-1.12.2-150100.8.14.1 dbus-1-x11-debuginfo-1.12.2-150100.8.14.1 dbus-1-x11-debugsource-1.12.2-150100.8.14.1 libdbus-1-3-1.12.2-150100.8.14.1 libdbus-1-3-debuginfo-1.12.2-150100.8.14.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (x86_64): dbus-1-32bit-debuginfo-1.12.2-150100.8.14.1 libdbus-1-3-32bit-1.12.2-150100.8.14.1 libdbus-1-3-32bit-debuginfo-1.12.2-150100.8.14.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): dbus-1-1.12.2-150100.8.14.1 dbus-1-debuginfo-1.12.2-150100.8.14.1 dbus-1-debugsource-1.12.2-150100.8.14.1 dbus-1-devel-1.12.2-150100.8.14.1 dbus-1-x11-1.12.2-150100.8.14.1 dbus-1-x11-debuginfo-1.12.2-150100.8.14.1 dbus-1-x11-debugsource-1.12.2-150100.8.14.1 libdbus-1-3-1.12.2-150100.8.14.1 libdbus-1-3-debuginfo-1.12.2-150100.8.14.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (x86_64): dbus-1-32bit-debuginfo-1.12.2-150100.8.14.1 libdbus-1-3-32bit-1.12.2-150100.8.14.1 libdbus-1-3-32bit-debuginfo-1.12.2-150100.8.14.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): dbus-1-1.12.2-150100.8.14.1 dbus-1-debuginfo-1.12.2-150100.8.14.1 dbus-1-debugsource-1.12.2-150100.8.14.1 dbus-1-devel-1.12.2-150100.8.14.1 dbus-1-x11-1.12.2-150100.8.14.1 dbus-1-x11-debuginfo-1.12.2-150100.8.14.1 dbus-1-x11-debugsource-1.12.2-150100.8.14.1 libdbus-1-3-1.12.2-150100.8.14.1 libdbus-1-3-debuginfo-1.12.2-150100.8.14.1 - SUSE Enterprise Storage 7 (x86_64): dbus-1-32bit-debuginfo-1.12.2-150100.8.14.1 libdbus-1-3-32bit-1.12.2-150100.8.14.1 libdbus-1-3-32bit-debuginfo-1.12.2-150100.8.14.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): dbus-1-1.12.2-150100.8.14.1 dbus-1-debuginfo-1.12.2-150100.8.14.1 dbus-1-debugsource-1.12.2-150100.8.14.1 dbus-1-devel-1.12.2-150100.8.14.1 dbus-1-x11-1.12.2-150100.8.14.1 dbus-1-x11-debuginfo-1.12.2-150100.8.14.1 dbus-1-x11-debugsource-1.12.2-150100.8.14.1 libdbus-1-3-1.12.2-150100.8.14.1 libdbus-1-3-debuginfo-1.12.2-150100.8.14.1 - SUSE Enterprise Storage 6 (x86_64): dbus-1-32bit-debuginfo-1.12.2-150100.8.14.1 libdbus-1-3-32bit-1.12.2-150100.8.14.1 libdbus-1-3-32bit-debuginfo-1.12.2-150100.8.14.1 - SUSE CaaS Platform 4.0 (x86_64): dbus-1-1.12.2-150100.8.14.1 dbus-1-32bit-debuginfo-1.12.2-150100.8.14.1 dbus-1-debuginfo-1.12.2-150100.8.14.1 dbus-1-debugsource-1.12.2-150100.8.14.1 dbus-1-devel-1.12.2-150100.8.14.1 dbus-1-x11-1.12.2-150100.8.14.1 dbus-1-x11-debuginfo-1.12.2-150100.8.14.1 dbus-1-x11-debugsource-1.12.2-150100.8.14.1 libdbus-1-3-1.12.2-150100.8.14.1 libdbus-1-3-32bit-1.12.2-150100.8.14.1 libdbus-1-3-32bit-debuginfo-1.12.2-150100.8.14.1 libdbus-1-3-debuginfo-1.12.2-150100.8.14.1 References: https://www.suse.com/security/cve/CVE-2022-42010.html https://www.suse.com/security/cve/CVE-2022-42011.html https://www.suse.com/security/cve/CVE-2022-42012.html https://bugzilla.suse.com/1087072 https://bugzilla.suse.com/1204111 https://bugzilla.suse.com/1204112 https://bugzilla.suse.com/1204113 From sle-updates at lists.suse.com Thu Oct 27 19:24:50 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 27 Oct 2022 21:24:50 +0200 (CEST) Subject: SUSE-SU-2022:3804-1: important: Security update for dbus-1 Message-ID: <20221027192450.EACDEFDB8@maintenance.suse.de> SUSE Security Update: Security update for dbus-1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3804-1 Rating: important References: #1087072 #1204111 #1204112 #1204113 Cross-References: CVE-2022-42010 CVE-2022-42011 CVE-2022-42012 CVSS scores: CVE-2022-42010 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-42010 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L CVE-2022-42011 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-42011 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L CVE-2022-42012 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-42012 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L Affected Products: SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server for SAP 12-SP4 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that solves three vulnerabilities and has one errata is now available. Description: This update for dbus-1 fixes the following issues: - CVE-2022-42010: Fixed potential crash that could be triggered by an invalid signature (bsc#1204111). - CVE-2022-42011: Fixed an out of bounds read caused by a fixed length array (bsc#1204112). - CVE-2022-42012: Fixed a use-after-free that could be trigged by a message in non-native endianness with out-of-band Unix file descriptor (bsc#1204113). Bugfixes: - Disable asserts (bsc#1087072). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-3804=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2022-3804=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-3804=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-3804=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2022-3804=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): dbus-1-1.8.22-29.24.1 dbus-1-debuginfo-1.8.22-29.24.1 dbus-1-debuginfo-32bit-1.8.22-29.24.1 dbus-1-debugsource-1.8.22-29.24.1 dbus-1-x11-1.8.22-29.24.1 dbus-1-x11-debuginfo-1.8.22-29.24.1 dbus-1-x11-debugsource-1.8.22-29.24.1 libdbus-1-3-1.8.22-29.24.1 libdbus-1-3-32bit-1.8.22-29.24.1 libdbus-1-3-debuginfo-1.8.22-29.24.1 libdbus-1-3-debuginfo-32bit-1.8.22-29.24.1 - SUSE OpenStack Cloud 9 (x86_64): dbus-1-1.8.22-29.24.1 dbus-1-debuginfo-1.8.22-29.24.1 dbus-1-debuginfo-32bit-1.8.22-29.24.1 dbus-1-debugsource-1.8.22-29.24.1 dbus-1-x11-1.8.22-29.24.1 dbus-1-x11-debuginfo-1.8.22-29.24.1 dbus-1-x11-debugsource-1.8.22-29.24.1 libdbus-1-3-1.8.22-29.24.1 libdbus-1-3-32bit-1.8.22-29.24.1 libdbus-1-3-debuginfo-1.8.22-29.24.1 libdbus-1-3-debuginfo-32bit-1.8.22-29.24.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): dbus-1-1.8.22-29.24.1 dbus-1-debuginfo-1.8.22-29.24.1 dbus-1-debugsource-1.8.22-29.24.1 dbus-1-x11-1.8.22-29.24.1 dbus-1-x11-debuginfo-1.8.22-29.24.1 dbus-1-x11-debugsource-1.8.22-29.24.1 libdbus-1-3-1.8.22-29.24.1 libdbus-1-3-debuginfo-1.8.22-29.24.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64): dbus-1-debuginfo-32bit-1.8.22-29.24.1 libdbus-1-3-32bit-1.8.22-29.24.1 libdbus-1-3-debuginfo-32bit-1.8.22-29.24.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): dbus-1-1.8.22-29.24.1 dbus-1-debuginfo-1.8.22-29.24.1 dbus-1-debugsource-1.8.22-29.24.1 dbus-1-x11-1.8.22-29.24.1 dbus-1-x11-debuginfo-1.8.22-29.24.1 dbus-1-x11-debugsource-1.8.22-29.24.1 libdbus-1-3-1.8.22-29.24.1 libdbus-1-3-debuginfo-1.8.22-29.24.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (s390x x86_64): dbus-1-debuginfo-32bit-1.8.22-29.24.1 libdbus-1-3-32bit-1.8.22-29.24.1 libdbus-1-3-debuginfo-32bit-1.8.22-29.24.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): dbus-1-1.8.22-29.24.1 dbus-1-debuginfo-1.8.22-29.24.1 dbus-1-debugsource-1.8.22-29.24.1 dbus-1-x11-1.8.22-29.24.1 dbus-1-x11-debuginfo-1.8.22-29.24.1 dbus-1-x11-debugsource-1.8.22-29.24.1 libdbus-1-3-1.8.22-29.24.1 libdbus-1-3-32bit-1.8.22-29.24.1 libdbus-1-3-debuginfo-1.8.22-29.24.1 libdbus-1-3-debuginfo-32bit-1.8.22-29.24.1 References: https://www.suse.com/security/cve/CVE-2022-42010.html https://www.suse.com/security/cve/CVE-2022-42011.html https://www.suse.com/security/cve/CVE-2022-42012.html https://bugzilla.suse.com/1087072 https://bugzilla.suse.com/1204111 https://bugzilla.suse.com/1204112 https://bugzilla.suse.com/1204113 From sle-updates at lists.suse.com Thu Oct 27 19:25:59 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 27 Oct 2022 21:25:59 +0200 (CEST) Subject: SUSE-SU-2022:3806-1: important: Security update for dbus-1 Message-ID: <20221027192559.2FEBAFDB8@maintenance.suse.de> SUSE Security Update: Security update for dbus-1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3806-1 Rating: important References: #1087072 #1204111 #1204112 #1204113 Cross-References: CVE-2022-42010 CVE-2022-42011 CVE-2022-42012 CVSS scores: CVE-2022-42010 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-42010 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L CVE-2022-42011 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-42011 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L CVE-2022-42012 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-42012 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that solves three vulnerabilities and has one errata is now available. Description: This update for dbus-1 fixes the following issues: - CVE-2022-42010: Fixed potential crash that could be triggered by an invalid signature (bsc#1204111). - CVE-2022-42011: Fixed an out of bounds read caused by a fixed length array (bsc#1204112). - CVE-2022-42012: Fixed a use-after-free that could be trigged by a message in non-native endianness with out-of-band Unix file descriptor (bsc#1204113). Bugfixes: - Disable asserts (bsc#1087072). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3806=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-3806=1 - SUSE Linux Enterprise Micro 5.3: zypper in -t patch SUSE-SLE-Micro-5.3-2022-3806=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): dbus-1-1.12.2-150400.18.5.1 dbus-1-debuginfo-1.12.2-150400.18.5.1 dbus-1-debugsource-1.12.2-150400.18.5.1 dbus-1-devel-1.12.2-150400.18.5.1 dbus-1-x11-1.12.2-150400.18.5.1 dbus-1-x11-debuginfo-1.12.2-150400.18.5.1 dbus-1-x11-debugsource-1.12.2-150400.18.5.1 libdbus-1-3-1.12.2-150400.18.5.1 libdbus-1-3-debuginfo-1.12.2-150400.18.5.1 - openSUSE Leap 15.4 (noarch): dbus-1-devel-doc-1.12.2-150400.18.5.1 - openSUSE Leap 15.4 (x86_64): dbus-1-32bit-debuginfo-1.12.2-150400.18.5.1 dbus-1-devel-32bit-1.12.2-150400.18.5.1 libdbus-1-3-32bit-1.12.2-150400.18.5.1 libdbus-1-3-32bit-debuginfo-1.12.2-150400.18.5.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): dbus-1-1.12.2-150400.18.5.1 dbus-1-debuginfo-1.12.2-150400.18.5.1 dbus-1-debugsource-1.12.2-150400.18.5.1 dbus-1-devel-1.12.2-150400.18.5.1 dbus-1-x11-1.12.2-150400.18.5.1 dbus-1-x11-debuginfo-1.12.2-150400.18.5.1 dbus-1-x11-debugsource-1.12.2-150400.18.5.1 libdbus-1-3-1.12.2-150400.18.5.1 libdbus-1-3-debuginfo-1.12.2-150400.18.5.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (x86_64): dbus-1-32bit-debuginfo-1.12.2-150400.18.5.1 libdbus-1-3-32bit-1.12.2-150400.18.5.1 libdbus-1-3-32bit-debuginfo-1.12.2-150400.18.5.1 - SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64): dbus-1-1.12.2-150400.18.5.1 dbus-1-debuginfo-1.12.2-150400.18.5.1 dbus-1-debugsource-1.12.2-150400.18.5.1 dbus-1-x11-1.12.2-150400.18.5.1 dbus-1-x11-debuginfo-1.12.2-150400.18.5.1 dbus-1-x11-debugsource-1.12.2-150400.18.5.1 libdbus-1-3-1.12.2-150400.18.5.1 libdbus-1-3-debuginfo-1.12.2-150400.18.5.1 References: https://www.suse.com/security/cve/CVE-2022-42010.html https://www.suse.com/security/cve/CVE-2022-42011.html https://www.suse.com/security/cve/CVE-2022-42012.html https://bugzilla.suse.com/1087072 https://bugzilla.suse.com/1204111 https://bugzilla.suse.com/1204112 https://bugzilla.suse.com/1204113 From sle-updates at lists.suse.com Thu Oct 27 19:27:13 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 27 Oct 2022 21:27:13 +0200 (CEST) Subject: SUSE-SU-2022:3801-1: important: Security update for openjpeg2 Message-ID: <20221027192713.72518FDB8@maintenance.suse.de> SUSE Security Update: Security update for openjpeg2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3801-1 Rating: important References: #1149789 #1179821 #1180043 #1180044 #1180046 Cross-References: CVE-2018-21010 CVE-2020-27824 CVE-2020-27842 CVE-2020-27843 CVE-2020-27845 CVSS scores: CVE-2018-21010 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2018-21010 (SUSE): 7.8 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2020-27824 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2020-27824 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L CVE-2020-27842 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2020-27842 (SUSE): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L CVE-2020-27843 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2020-27843 (SUSE): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L CVE-2020-27845 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2020-27845 (SUSE): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update for openjpeg2 fixes the following issues: - CVE-2018-21010: Fixed heap buffer overflow in color_apply_icc_profile in bin/common/color.c (bsc#1149789). - CVE-2020-27824: Fixed OOB read in opj_dwt_calc_explicit_stepsizes() (bsc#1179821). - CVE-2020-27842: Fixed null pointer dereference in opj_tgt_reset function in lib/openjp2/tgt.c (bsc#1180043). - CVE-2020-27843: Fixed out-of-bounds read in opj_t2_encode_packet function in openjp2/t2.c (bsc#1180044). - CVE-2020-27845: Fixed heap-based buffer over-read in functions opj_pi_next_rlcp, opj_pi_next_rpcl and opj_pi_next_lrcp in openjp2/pi.c (bsc#1180046). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-3801=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2022-3801=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-3801=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-3801=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-3801=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2022-3801=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2022-3801=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): libopenjp2-7-2.1.0-4.18.2 libopenjp2-7-debuginfo-2.1.0-4.18.2 openjpeg2-debuginfo-2.1.0-4.18.2 openjpeg2-debugsource-2.1.0-4.18.2 - SUSE OpenStack Cloud 9 (x86_64): libopenjp2-7-2.1.0-4.18.2 libopenjp2-7-debuginfo-2.1.0-4.18.2 openjpeg2-debuginfo-2.1.0-4.18.2 openjpeg2-debugsource-2.1.0-4.18.2 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): libopenjp2-7-2.1.0-4.18.2 libopenjp2-7-debuginfo-2.1.0-4.18.2 openjpeg2-debuginfo-2.1.0-4.18.2 openjpeg2-debugsource-2.1.0-4.18.2 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libopenjp2-7-2.1.0-4.18.2 libopenjp2-7-debuginfo-2.1.0-4.18.2 openjpeg2-debuginfo-2.1.0-4.18.2 openjpeg2-debugsource-2.1.0-4.18.2 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): libopenjp2-7-2.1.0-4.18.2 libopenjp2-7-debuginfo-2.1.0-4.18.2 openjpeg2-debuginfo-2.1.0-4.18.2 openjpeg2-debugsource-2.1.0-4.18.2 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): libopenjp2-7-2.1.0-4.18.2 libopenjp2-7-debuginfo-2.1.0-4.18.2 openjpeg2-debuginfo-2.1.0-4.18.2 openjpeg2-debugsource-2.1.0-4.18.2 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): libopenjp2-7-2.1.0-4.18.2 libopenjp2-7-debuginfo-2.1.0-4.18.2 openjpeg2-debuginfo-2.1.0-4.18.2 openjpeg2-debugsource-2.1.0-4.18.2 References: https://www.suse.com/security/cve/CVE-2018-21010.html https://www.suse.com/security/cve/CVE-2020-27824.html https://www.suse.com/security/cve/CVE-2020-27842.html https://www.suse.com/security/cve/CVE-2020-27843.html https://www.suse.com/security/cve/CVE-2020-27845.html https://bugzilla.suse.com/1149789 https://bugzilla.suse.com/1179821 https://bugzilla.suse.com/1180043 https://bugzilla.suse.com/1180044 https://bugzilla.suse.com/1180046 From sle-updates at lists.suse.com Thu Oct 27 19:29:16 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 27 Oct 2022 21:29:16 +0200 (CEST) Subject: SUSE-SU-2022:3802-1: important: Security update for openjpeg2 Message-ID: <20221027192916.79DFDFDB8@maintenance.suse.de> SUSE Security Update: Security update for openjpeg2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3802-1 Rating: important References: #1140205 #1149789 #1179594 #1179821 #1180042 #1180043 #1180044 #1180046 Cross-References: CVE-2018-20846 CVE-2018-21010 CVE-2020-27814 CVE-2020-27824 CVE-2020-27841 CVE-2020-27842 CVE-2020-27843 CVE-2020-27845 CVSS scores: CVE-2018-20846 (NVD) : 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2018-20846 (SUSE): 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2018-21010 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2018-21010 (SUSE): 7.8 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2020-27814 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2020-27814 (SUSE): 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H CVE-2020-27824 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2020-27824 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L CVE-2020-27841 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2020-27841 (SUSE): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L CVE-2020-27842 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2020-27842 (SUSE): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L CVE-2020-27843 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2020-27843 (SUSE): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L CVE-2020-27845 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2020-27845 (SUSE): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Enterprise Storage 7 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.1 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.1 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes 8 vulnerabilities is now available. Description: This update for openjpeg2 fixes the following issues: - CVE-2018-20846: Fixed OOB read in pi_next_lrcp, pi_next_rlcp, pi_next_rpcl, pi_next_pcrl, pi_next_rpcl, and pi_next_cprl in openmj2/pi.c (bsc#1140205). - CVE-2018-21010: Fixed heap buffer overflow in color_apply_icc_profile in bin/common/color.c (bsc#1149789). - CVE-2020-27814: Fixed heap buffer overflow in lib/openjp2/mqc.c (bsc#1179594), - CVE-2020-27824: Fixed OOB read in opj_dwt_calc_explicit_stepsizes() (bsc#1179821). - CVE-2020-27841: Fixed buffer over-read in lib/openjp2/pi.c (bsc#1180042). - CVE-2020-27842: Fixed null pointer dereference in opj_tgt_reset function in lib/openjp2/tgt.c (bsc#1180043). - CVE-2020-27843: Fixed OOB read in opj_t2_encode_packet function in openjp2/t2.c (bsc#1180044). - CVE-2020-27845: Fixed heap-based buffer over-read in functions opj_pi_next_rlcp, opj_pi_next_rpcl and opj_pi_next_lrcp in openjp2/pi.c (bsc#1180046). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3802=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-3802=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-3802=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-3802=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-3802=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-3802=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-3802=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-3802=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-3802=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-3802=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-3802=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-3802=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-3802=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2022-3802=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-3802=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-3802=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-3802=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-3802=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-3802=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-3802=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-3802=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-3802=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-3802=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-3802=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): libopenjp2-7-2.3.0-150000.3.8.1 libopenjp2-7-debuginfo-2.3.0-150000.3.8.1 openjpeg2-2.3.0-150000.3.8.1 openjpeg2-debuginfo-2.3.0-150000.3.8.1 openjpeg2-debugsource-2.3.0-150000.3.8.1 openjpeg2-devel-2.3.0-150000.3.8.1 - openSUSE Leap 15.4 (x86_64): libopenjp2-7-32bit-2.3.0-150000.3.8.1 libopenjp2-7-32bit-debuginfo-2.3.0-150000.3.8.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): libopenjp2-7-2.3.0-150000.3.8.1 libopenjp2-7-debuginfo-2.3.0-150000.3.8.1 openjpeg2-2.3.0-150000.3.8.1 openjpeg2-debuginfo-2.3.0-150000.3.8.1 openjpeg2-debugsource-2.3.0-150000.3.8.1 openjpeg2-devel-2.3.0-150000.3.8.1 - openSUSE Leap 15.3 (x86_64): libopenjp2-7-32bit-2.3.0-150000.3.8.1 libopenjp2-7-32bit-debuginfo-2.3.0-150000.3.8.1 - SUSE Manager Server 4.1 (ppc64le s390x x86_64): libopenjp2-7-2.3.0-150000.3.8.1 libopenjp2-7-debuginfo-2.3.0-150000.3.8.1 openjpeg2-2.3.0-150000.3.8.1 openjpeg2-debuginfo-2.3.0-150000.3.8.1 openjpeg2-debugsource-2.3.0-150000.3.8.1 openjpeg2-devel-2.3.0-150000.3.8.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): libopenjp2-7-2.3.0-150000.3.8.1 libopenjp2-7-debuginfo-2.3.0-150000.3.8.1 openjpeg2-2.3.0-150000.3.8.1 openjpeg2-debuginfo-2.3.0-150000.3.8.1 openjpeg2-debugsource-2.3.0-150000.3.8.1 openjpeg2-devel-2.3.0-150000.3.8.1 - SUSE Manager Proxy 4.1 (x86_64): libopenjp2-7-2.3.0-150000.3.8.1 libopenjp2-7-debuginfo-2.3.0-150000.3.8.1 openjpeg2-2.3.0-150000.3.8.1 openjpeg2-debuginfo-2.3.0-150000.3.8.1 openjpeg2-debugsource-2.3.0-150000.3.8.1 openjpeg2-devel-2.3.0-150000.3.8.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): libopenjp2-7-2.3.0-150000.3.8.1 libopenjp2-7-debuginfo-2.3.0-150000.3.8.1 openjpeg2-2.3.0-150000.3.8.1 openjpeg2-debuginfo-2.3.0-150000.3.8.1 openjpeg2-debugsource-2.3.0-150000.3.8.1 openjpeg2-devel-2.3.0-150000.3.8.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): libopenjp2-7-2.3.0-150000.3.8.1 libopenjp2-7-debuginfo-2.3.0-150000.3.8.1 openjpeg2-2.3.0-150000.3.8.1 openjpeg2-debuginfo-2.3.0-150000.3.8.1 openjpeg2-debugsource-2.3.0-150000.3.8.1 openjpeg2-devel-2.3.0-150000.3.8.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (x86_64): libopenjp2-7-32bit-2.3.0-150000.3.8.1 libopenjp2-7-32bit-debuginfo-2.3.0-150000.3.8.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): libopenjp2-7-2.3.0-150000.3.8.1 libopenjp2-7-debuginfo-2.3.0-150000.3.8.1 openjpeg2-2.3.0-150000.3.8.1 openjpeg2-debuginfo-2.3.0-150000.3.8.1 openjpeg2-debugsource-2.3.0-150000.3.8.1 openjpeg2-devel-2.3.0-150000.3.8.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): libopenjp2-7-2.3.0-150000.3.8.1 libopenjp2-7-debuginfo-2.3.0-150000.3.8.1 openjpeg2-2.3.0-150000.3.8.1 openjpeg2-debuginfo-2.3.0-150000.3.8.1 openjpeg2-debugsource-2.3.0-150000.3.8.1 openjpeg2-devel-2.3.0-150000.3.8.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): libopenjp2-7-2.3.0-150000.3.8.1 libopenjp2-7-debuginfo-2.3.0-150000.3.8.1 openjpeg2-2.3.0-150000.3.8.1 openjpeg2-debuginfo-2.3.0-150000.3.8.1 openjpeg2-debugsource-2.3.0-150000.3.8.1 openjpeg2-devel-2.3.0-150000.3.8.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): libopenjp2-7-2.3.0-150000.3.8.1 libopenjp2-7-debuginfo-2.3.0-150000.3.8.1 openjpeg2-2.3.0-150000.3.8.1 openjpeg2-debuginfo-2.3.0-150000.3.8.1 openjpeg2-debugsource-2.3.0-150000.3.8.1 openjpeg2-devel-2.3.0-150000.3.8.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (x86_64): libopenjp2-7-32bit-2.3.0-150000.3.8.1 libopenjp2-7-32bit-debuginfo-2.3.0-150000.3.8.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): libopenjp2-7-2.3.0-150000.3.8.1 libopenjp2-7-32bit-2.3.0-150000.3.8.1 libopenjp2-7-32bit-debuginfo-2.3.0-150000.3.8.1 libopenjp2-7-debuginfo-2.3.0-150000.3.8.1 openjpeg2-2.3.0-150000.3.8.1 openjpeg2-debuginfo-2.3.0-150000.3.8.1 openjpeg2-debugsource-2.3.0-150000.3.8.1 openjpeg2-devel-2.3.0-150000.3.8.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): libopenjp2-7-2.3.0-150000.3.8.1 libopenjp2-7-debuginfo-2.3.0-150000.3.8.1 openjpeg2-2.3.0-150000.3.8.1 openjpeg2-debuginfo-2.3.0-150000.3.8.1 openjpeg2-debugsource-2.3.0-150000.3.8.1 openjpeg2-devel-2.3.0-150000.3.8.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (x86_64): libopenjp2-7-32bit-2.3.0-150000.3.8.1 libopenjp2-7-32bit-debuginfo-2.3.0-150000.3.8.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): libopenjp2-7-2.3.0-150000.3.8.1 libopenjp2-7-debuginfo-2.3.0-150000.3.8.1 openjpeg2-2.3.0-150000.3.8.1 openjpeg2-debuginfo-2.3.0-150000.3.8.1 openjpeg2-debugsource-2.3.0-150000.3.8.1 openjpeg2-devel-2.3.0-150000.3.8.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): libopenjp2-7-2.3.0-150000.3.8.1 libopenjp2-7-debuginfo-2.3.0-150000.3.8.1 openjpeg2-2.3.0-150000.3.8.1 openjpeg2-debuginfo-2.3.0-150000.3.8.1 openjpeg2-debugsource-2.3.0-150000.3.8.1 openjpeg2-devel-2.3.0-150000.3.8.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): libopenjp2-7-2.3.0-150000.3.8.1 libopenjp2-7-debuginfo-2.3.0-150000.3.8.1 openjpeg2-2.3.0-150000.3.8.1 openjpeg2-debuginfo-2.3.0-150000.3.8.1 openjpeg2-debugsource-2.3.0-150000.3.8.1 openjpeg2-devel-2.3.0-150000.3.8.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): libopenjp2-7-2.3.0-150000.3.8.1 libopenjp2-7-debuginfo-2.3.0-150000.3.8.1 openjpeg2-2.3.0-150000.3.8.1 openjpeg2-debuginfo-2.3.0-150000.3.8.1 openjpeg2-debugsource-2.3.0-150000.3.8.1 openjpeg2-devel-2.3.0-150000.3.8.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): libopenjp2-7-2.3.0-150000.3.8.1 libopenjp2-7-debuginfo-2.3.0-150000.3.8.1 openjpeg2-2.3.0-150000.3.8.1 openjpeg2-debuginfo-2.3.0-150000.3.8.1 openjpeg2-debugsource-2.3.0-150000.3.8.1 openjpeg2-devel-2.3.0-150000.3.8.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (x86_64): libopenjp2-7-32bit-2.3.0-150000.3.8.1 libopenjp2-7-32bit-debuginfo-2.3.0-150000.3.8.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): libopenjp2-7-2.3.0-150000.3.8.1 libopenjp2-7-debuginfo-2.3.0-150000.3.8.1 openjpeg2-2.3.0-150000.3.8.1 openjpeg2-debuginfo-2.3.0-150000.3.8.1 openjpeg2-debugsource-2.3.0-150000.3.8.1 openjpeg2-devel-2.3.0-150000.3.8.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (x86_64): libopenjp2-7-32bit-2.3.0-150000.3.8.1 libopenjp2-7-32bit-debuginfo-2.3.0-150000.3.8.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): libopenjp2-7-2.3.0-150000.3.8.1 libopenjp2-7-debuginfo-2.3.0-150000.3.8.1 openjpeg2-2.3.0-150000.3.8.1 openjpeg2-debuginfo-2.3.0-150000.3.8.1 openjpeg2-debugsource-2.3.0-150000.3.8.1 openjpeg2-devel-2.3.0-150000.3.8.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): libopenjp2-7-2.3.0-150000.3.8.1 libopenjp2-7-debuginfo-2.3.0-150000.3.8.1 openjpeg2-2.3.0-150000.3.8.1 openjpeg2-debuginfo-2.3.0-150000.3.8.1 openjpeg2-debugsource-2.3.0-150000.3.8.1 openjpeg2-devel-2.3.0-150000.3.8.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): libopenjp2-7-2.3.0-150000.3.8.1 libopenjp2-7-debuginfo-2.3.0-150000.3.8.1 openjpeg2-2.3.0-150000.3.8.1 openjpeg2-debuginfo-2.3.0-150000.3.8.1 openjpeg2-debugsource-2.3.0-150000.3.8.1 openjpeg2-devel-2.3.0-150000.3.8.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): libopenjp2-7-2.3.0-150000.3.8.1 libopenjp2-7-debuginfo-2.3.0-150000.3.8.1 openjpeg2-2.3.0-150000.3.8.1 openjpeg2-debuginfo-2.3.0-150000.3.8.1 openjpeg2-debugsource-2.3.0-150000.3.8.1 openjpeg2-devel-2.3.0-150000.3.8.1 - SUSE Enterprise Storage 6 (x86_64): libopenjp2-7-32bit-2.3.0-150000.3.8.1 libopenjp2-7-32bit-debuginfo-2.3.0-150000.3.8.1 - SUSE CaaS Platform 4.0 (x86_64): libopenjp2-7-2.3.0-150000.3.8.1 libopenjp2-7-32bit-2.3.0-150000.3.8.1 libopenjp2-7-32bit-debuginfo-2.3.0-150000.3.8.1 libopenjp2-7-debuginfo-2.3.0-150000.3.8.1 openjpeg2-2.3.0-150000.3.8.1 openjpeg2-debuginfo-2.3.0-150000.3.8.1 openjpeg2-debugsource-2.3.0-150000.3.8.1 openjpeg2-devel-2.3.0-150000.3.8.1 References: https://www.suse.com/security/cve/CVE-2018-20846.html https://www.suse.com/security/cve/CVE-2018-21010.html https://www.suse.com/security/cve/CVE-2020-27814.html https://www.suse.com/security/cve/CVE-2020-27824.html https://www.suse.com/security/cve/CVE-2020-27841.html https://www.suse.com/security/cve/CVE-2020-27842.html https://www.suse.com/security/cve/CVE-2020-27843.html https://www.suse.com/security/cve/CVE-2020-27845.html https://bugzilla.suse.com/1140205 https://bugzilla.suse.com/1149789 https://bugzilla.suse.com/1179594 https://bugzilla.suse.com/1179821 https://bugzilla.suse.com/1180042 https://bugzilla.suse.com/1180043 https://bugzilla.suse.com/1180044 https://bugzilla.suse.com/1180046 From sle-updates at lists.suse.com Fri Oct 28 07:29:05 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 28 Oct 2022 09:29:05 +0200 (CEST) Subject: SUSE-CU-2022:2737-1: Recommended update of suse/sles12sp5 Message-ID: <20221028072905.31912F78D@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp5 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2737-1 Container Tags : suse/sles12sp5:6.5.392 , suse/sles12sp5:latest Container Release : 6.5.392 Severity : important Type : recommended References : 1203911 ----------------------------------------------------------------- The container suse/sles12sp5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3789-1 Released: Thu Oct 27 04:41:50 2022 Summary: Recommended update for permissions Type: recommended Severity: important References: 1203911 This update for permissions fixes the following issues: - Fix regression introduced by backport of security fix (bsc#1203911) The following package changes have been done: - permissions-20170707-6.13.1 updated From sle-updates at lists.suse.com Fri Oct 28 07:53:09 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 28 Oct 2022 09:53:09 +0200 (CEST) Subject: SUSE-CU-2022:2738-1: Security update of suse/sle15 Message-ID: <20221028075309.A4E01F78D@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2738-1 Container Tags : suse/sle15:15.0 , suse/sle15:15.0.4.22.631 Container Release : 4.22.631 Severity : critical Type : security References : 1202593 1204383 1204397 1204690 CVE-2021-46848 CVE-2022-32221 CVE-2022-35252 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3774-1 Released: Wed Oct 26 12:21:09 2022 Summary: Security update for curl Type: security Severity: important References: 1202593,1204383,CVE-2022-32221,CVE-2022-35252 This update for curl fixes the following issues: - CVE-2022-32221: Fixed POST following PUT confusion (bsc#1204383). - CVE-2022-35252: Fixed a potential injection of control characters into cookies (bsc#1202593). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3781-1 Released: Wed Oct 26 17:50:44 2022 Summary: Security update for container-suseconnect Type: security Severity: moderate References: 1204397 This update of container-suseconnect is a rebuilt of the previous sources against the current security updated go compiler. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3784-1 Released: Wed Oct 26 18:03:28 2022 Summary: Security update for libtasn1 Type: security Severity: critical References: 1204690,CVE-2021-46848 This update for libtasn1 fixes the following issues: - CVE-2021-46848: Fixed off-by-one array size check that affects asn1_encode_simple_der (bsc#1204690) The following package changes have been done: - container-suseconnect-2.3.0-150000.4.19.2 updated - libcurl4-7.60.0-150000.38.1 updated - libtasn1-6-4.13-150000.4.8.1 updated - libtasn1-4.13-150000.4.8.1 updated From sle-updates at lists.suse.com Fri Oct 28 08:13:38 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 28 Oct 2022 10:13:38 +0200 (CEST) Subject: SUSE-CU-2022:2739-1: Security update of suse/sle15 Message-ID: <20221028081338.DE266F78D@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2739-1 Container Tags : suse/sle15:15.1 , suse/sle15:15.1.6.2.693 Container Release : 6.2.693 Severity : critical Type : security References : 1202593 1204383 1204397 1204690 CVE-2021-46848 CVE-2022-32221 CVE-2022-35252 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3774-1 Released: Wed Oct 26 12:21:09 2022 Summary: Security update for curl Type: security Severity: important References: 1202593,1204383,CVE-2022-32221,CVE-2022-35252 This update for curl fixes the following issues: - CVE-2022-32221: Fixed POST following PUT confusion (bsc#1204383). - CVE-2022-35252: Fixed a potential injection of control characters into cookies (bsc#1202593). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3781-1 Released: Wed Oct 26 17:50:44 2022 Summary: Security update for container-suseconnect Type: security Severity: moderate References: 1204397 This update of container-suseconnect is a rebuilt of the previous sources against the current security updated go compiler. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3784-1 Released: Wed Oct 26 18:03:28 2022 Summary: Security update for libtasn1 Type: security Severity: critical References: 1204690,CVE-2021-46848 This update for libtasn1 fixes the following issues: - CVE-2021-46848: Fixed off-by-one array size check that affects asn1_encode_simple_der (bsc#1204690) The following package changes have been done: - container-suseconnect-2.3.0-150000.4.19.2 updated - libcurl4-7.60.0-150000.38.1 updated - libtasn1-6-4.13-150000.4.8.1 updated - libtasn1-4.13-150000.4.8.1 updated From sle-updates at lists.suse.com Fri Oct 28 08:29:58 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 28 Oct 2022 10:29:58 +0200 (CEST) Subject: SUSE-CU-2022:2740-1: Security update of suse/sle15 Message-ID: <20221028082958.EF0D5F78D@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2740-1 Container Tags : suse/sle15:15.2 , suse/sle15:15.2.9.5.214 Container Release : 9.5.214 Severity : critical Type : security References : 1203911 1204137 1204383 1204397 1204690 CVE-2021-46848 CVE-2022-32221 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3773-1 Released: Wed Oct 26 12:19:29 2022 Summary: Security update for curl Type: security Severity: important References: 1204383,CVE-2022-32221 This update for curl fixes the following issues: - CVE-2022-32221: Fixed POST following PUT confusion (bsc#1204383). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3776-1 Released: Wed Oct 26 14:06:43 2022 Summary: Recommended update for permissions Type: recommended Severity: important References: 1203911,1204137 This update for permissions fixes the following issues: - Revert changes that replaced ping capabilities with ICMP_PROTO sockets. Older SUSE Linux Enterprise versions don't properly support ICMP_PROTO sockets feature yet (bsc#1204137) - Fix regression introduced by backport of security fix (bsc#1203911) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3781-1 Released: Wed Oct 26 17:50:44 2022 Summary: Security update for container-suseconnect Type: security Severity: moderate References: 1204397 This update of container-suseconnect is a rebuilt of the previous sources against the current security updated go compiler. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3784-1 Released: Wed Oct 26 18:03:28 2022 Summary: Security update for libtasn1 Type: security Severity: critical References: 1204690,CVE-2021-46848 This update for libtasn1 fixes the following issues: - CVE-2021-46848: Fixed off-by-one array size check that affects asn1_encode_simple_der (bsc#1204690) The following package changes have been done: - container-suseconnect-2.3.0-150000.4.19.2 updated - libcurl4-7.66.0-150200.4.42.1 updated - libtasn1-6-4.13-150000.4.8.1 updated - libtasn1-4.13-150000.4.8.1 updated - permissions-20181225-150200.23.20.1 updated From sle-updates at lists.suse.com Fri Oct 28 08:32:59 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 28 Oct 2022 10:32:59 +0200 (CEST) Subject: SUSE-CU-2022:2741-1: Security update of bci/bci-minimal Message-ID: <20221028083259.AD3D3F78D@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-minimal ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2741-1 Container Tags : bci/bci-minimal:15.3 , bci/bci-minimal:15.3.32.15 Container Release : 32.15 Severity : important Type : security References : 1167864 1181961 1202812 CVE-2020-10696 CVE-2021-20206 CVE-2022-2990 ----------------------------------------------------------------- The container bci/bci-minimal was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3766-1 Released: Wed Oct 26 11:38:01 2022 Summary: Security update for buildah Type: security Severity: important References: 1167864,1181961,1202812,CVE-2020-10696,CVE-2021-20206,CVE-2022-2990 This update for buildah fixes the following issues: - CVE-2021-20206: Fixed an issue in libcni that could allow an attacker to execute arbitrary binaries on the host (bsc#1181961). - CVE-2020-10696: Fixed an issue that could lead to files being overwritten during the image building process (bsc#1167864). - CVE-2022-2990: Fixed possible information disclosure and modification / bsc#1202812 Buildah was updated to version 1.27.1: * run: add container gid to additional groups - Add fix for CVE-2022-2990 / bsc#1202812 Update to version 1.27.0: * Don't try to call runLabelStdioPipes if spec.Linux is not set * build: support filtering cache by duration using --cache-ttl * build: support building from commit when using git repo as build context * build: clean up git repos correctly when using subdirs * integration tests: quote '?' in shell scripts * test: manifest inspect should have OCIv1 annotation * vendor: bump to c/common at 87fab4b7019a * Failure to determine a file or directory should print an error * refactor: remove unused CommitOptions from generateBuildOutput * stage_executor: generate output for cases with no commit * stage_executor, commit: output only if last stage in build * Use errors.Is() instead of os.Is{Not,}Exist * Minor test tweak for podman-remote compatibility * Cirrus: Use the latest imgts container * imagebuildah: complain about the right Dockerfile * tests: don't try to wrap `nil` errors * cmd/buildah.commitCmd: don't shadow 'err' * cmd/buildah.pullCmd: complain about DecryptConfig/EncryptConfig * Fix a copy/paste error message * Fix a typo in an error message * build,cache: support pulling/pushing cache layers to/from remote sources * Update vendor of containers/(common, storage, image) * Rename chroot/run.go to chroot/run_linux.go * Don't bother telling codespell to skip files that don't exist * Set user namespace defaults correctly for the library * imagebuildah: optimize cache hits for COPY and ADD instructions * Cirrus: Update VM images w/ updated bats * docs, run: show SELinux label flag for cache and bind mounts * imagebuildah, build: remove undefined concurrent writes * bump github.com/opencontainers/runtime-tools * Add FreeBSD support for 'buildah info' * Vendor in latest containers/(storage, common, image) * Add freebsd cross build targets * Make the jail package build on 32bit platforms * Cirrus: Ensure the build-push VM image is labeled * GHA: Fix dynamic script filename * Vendor in containers/(common, storage, image) * Run codespell * Remove import of github.com/pkg/errors * Avoid using cgo in pkg/jail * Rename footypes to fooTypes for naming consistency * Move cleanupTempVolumes and cleanupRunMounts to run_common.go * Make the various run mounts work for FreeBSD * Move get{Bind,Tmpfs,Secret,SSH}Mount to run_common.go * Move runSetupRunMounts to run_common.go * Move cleanableDestinationListFromMounts to run_common.go * Make setupMounts and runSetupBuiltinVolumes work on FreeBSD * Move setupMounts and runSetupBuiltinVolumes to run_common.go * Tidy up - runMakeStdioPipe can't be shared with linux * Move runAcceptTerminal to run_common.go * Move stdio copying utilities to run_common.go * Move runUsingRuntime and runCollectOutput to run_common.go * Move fileCloser, waitForSync and contains to run_common.go * Move checkAndOverrideIsolationOptions to run_common.go * Move DefaultNamespaceOptions to run_common.go * Move getNetworkInterface to run_common.go * Move configureEnvironment to run_common.go * Don't crash in configureUIDGID if Process.Capabilities is nil * Move configureUIDGID to run_common.go * Move runLookupPath to run_common.go * Move setupTerminal to run_common.go * Move etc file generation utilities to run_common.go * Add run support for FreeBSD * Add a simple FreeBSD jail library * Add FreeBSD support to pkg/chrootuser * Sync call signature for RunUsingChroot with chroot/run.go * test: verify feature to resolve basename with args * vendor: bump openshift/imagebuilder to master at 4151e43 * GHA: Remove required reserved-name use * buildah: set XDG_RUNTIME_DIR before setting default runroot * imagebuildah: honor build output even if build container is not commited * chroot: honor DefaultErrnoRet * [CI:DOCS] improve pull-policy documentation * tests: retrofit test since --file does not supports dir * Switch to golang native error wrapping * BuildDockerfiles: error out if path to containerfile is a directory * define.downloadToDirectory: fail early if bad HTTP response * GHA: Allow re-use of Cirrus-Cron fail-mail workflow * add: fail on bad http response instead of writing to container * [CI:DOCS] Update buildahimage comment * lint: inspectable is never nil * vendor: c/common to common at 7e1563b * build: support OCI hooks for ephemeral build containers * [CI:BUILD] Install latest buildah instead of compiling * Add subid support with BuildRequires and BUILDTAG [NO NEW TESTS NEEDED] * Make sure cpp is installed in buildah images * demo: use unshare for rootless invocations * buildah.spec.rpkg: initial addition * build: fix test for subid 4 * build, userns: add support for --userns=auto * Fix building upstream buildah image * Remove redundant buildahimages-are-sane validation * Docs: Update multi-arch buildah images readme * Cirrus: Migrate multiarch build off github actions * retrofit-tests: we skip unused stages so use stages * stage_executor: dont rely on stage while looking for additional-context * buildkit, multistage: skip computing unwanted stages * More test cleanup * copier: work around freebsd bug for 'mkdir /' * Replace $BUILDAH_BINARY with buildah() function * Fix up buildah images * Make util and copier build on FreeBSD * Vendor in latest github.com/sirupsen/logrus * Makefile: allow building without .git * run_unix: don't return an error from getNetworkInterface * run_unix: return a valid DefaultNamespaceOptions * Update vendor of containers/storage * chroot: use ActKillThread instead of ActKill * use resolvconf package from c/common/libnetwork * update c/common to latest main * copier: add `NoOverwriteNonDirDir` option * Sort buildoptions and move cli/build functions to internal * Fix TODO: de-spaghettify run mounts * Move options parsing out of build.go and into pkg/cli * [CI:DOCS] Tutorial 04 - Include Debian/Ubuntu deps * build, multiarch: support splitting build logs for --platform * [CI:BUILD] WIP Cleanup Image Dockerfiles * cli remove stutter * docker-parity: ignore sanity check if baseImage history is null * build, commit: allow disabling image history with --omit-history * Fix use generic/ambiguous DEBUG name * Cirrus: use Ubuntu 22.04 LTS * Fix codespell errors * Remove util.StringInSlice because it is defined in containers/common * buildah: add support for renaming a device in rootless setups * squash: never use build cache when computing last step of last stage * Update vendor of containers/(common, storage, image) * buildkit: supports additionalBuildContext in builds via --build-context * buildah source pull/push: show progress bar * run: allow resuing secret twice in different RUN steps * test helpers: default to being rootless-aware * Add --cpp-flag flag to buildah build * build: accept branch and subdirectory when context is git repo * Vendor in latest containers/common * vendor: update c/storage and c/image * Fix gentoo install docs * copier: move NSS load to new process * Add test for prevention of reusing encrypted layers * Make `buildah build --label foo` create an empty 'foo' label again Update to version 1.26.4: * build, multiarch: support splitting build logs for --platform * copier: add `NoOverwriteNonDirDir` option * docker-parity: ignore sanity check if baseImage history is null * build, commit: allow disabling image history with --omit-history * buildkit: supports additionalBuildContext in builds via --build-context * Add --cpp-flag flag to buildah build Update to version 1.26.3: * define.downloadToDirectory: fail early if bad HTTP response * add: fail on bad http response instead of writing to container * squash: never use build cache when computing last step of last stage * run: allow resuing secret twice in different RUN steps * integration tests: update expected error messages * integration tests: quote '?' in shell scripts * Use errors.Is() to check for storage errors * lint: inspectable is never nil * chroot: use ActKillThread instead of ActKill * chroot: honor DefaultErrnoRet * Set user namespace defaults correctly for the library * contrib/rpm/buildah.spec: fix `rpm` parser warnings Drop requires on apparmor pattern, should be moved elsewhere for systems which want AppArmor instead of SELinux. - Update BuildRequires to libassuan-devel >= 2.5.2, pkgconfig file is required to build. Update to version 1.26.2: * buildah: add support for renaming a device in rootless setups Update to version 1.26.1: * Make `buildah build --label foo` create an empty 'foo' label again * imagebuildah,build: move deepcopy of args before we spawn goroutine * Vendor in containers/storage v1.40.2 * buildah.BuilderOptions.DefaultEnv is ignored, so mark it as deprecated * help output: get more consistent about option usage text * Handle OS version and features flags * buildah build: --annotation and --label should remove values * buildah build: add a --env * buildah: deep copy options.Args before performing concurrent build/stage * test: inline platform and builtinargs behaviour * vendor: bump imagebuilder to master/009dbc6 * build: automatically set correct TARGETPLATFORM where expected * Vendor in containers/(common, storage, image) * imagebuildah, executor: process arg variables while populating baseMap * buildkit: add support for custom build output with --output * Cirrus: Update CI VMs to F36 * fix staticcheck linter warning for deprecated function * Fix docs build on FreeBSD * copier.unwrapError(): update for Go 1.16 * copier.PutOptions: add StripSetuidBit/StripSetgidBit/StripStickyBit * copier.Put(): write to read-only directories * Ed's periodic test cleanup * using consistent lowercase 'invalid' word in returned err msg * use etchosts package from c/common * run: set actual hostname in /etc/hostname to match docker parity * Update vendor of containers/(common,storage,image) * manifest-create: allow creating manifest list from local image * Update vendor of storage,common,image * Initialize network backend before first pull * oci spec: change special mount points for namespaces * tests/helpers.bash: assert handle corner cases correctly * buildah: actually use containers.conf settings * integration tests: learn to start a dummy registry * Fix error check to work on Podman * buildah build should accept at most one arg * tests: reduce concurrency for flaky bud-multiple-platform-no-run * vendor in latest containers/common,image,storage * manifest-add: allow override arch,variant while adding image * Remove a stray `\` from .containerenv * Vendor in latest opencontainers/selinux v1.10.1 * build, commit: allow removing default identity labels * Create shorter names for containers based on image IDs * test: skip rootless on cgroupv2 in root env * fix hang when oci runtime fails * Set permissions for GitHub actions * copier test: use correct UID/GID in test archives * run: set parent-death signals and forward SIGHUP/SIGINT/SIGTERM The following package changes have been done: - libgpg-error0-1.42-150300.9.3.1 updated - container:micro-image-15.3.0-22.7 updated From sle-updates at lists.suse.com Fri Oct 28 08:39:32 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 28 Oct 2022 10:39:32 +0200 (CEST) Subject: SUSE-CU-2022:2742-1: Security update of bci/nodejs Message-ID: <20221028083932.0D0D5F78D@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2742-1 Container Tags : bci/node:12 , bci/node:12-17.28 , bci/nodejs:12 , bci/nodejs:12-17.28 Container Release : 17.28 Severity : important Type : security References : 1167864 1181961 1202812 1203911 1204137 1204383 CVE-2020-10696 CVE-2021-20206 CVE-2022-2990 CVE-2022-32221 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3766-1 Released: Wed Oct 26 11:38:01 2022 Summary: Security update for buildah Type: security Severity: important References: 1167864,1181961,1202812,CVE-2020-10696,CVE-2021-20206,CVE-2022-2990 This update for buildah fixes the following issues: - CVE-2021-20206: Fixed an issue in libcni that could allow an attacker to execute arbitrary binaries on the host (bsc#1181961). - CVE-2020-10696: Fixed an issue that could lead to files being overwritten during the image building process (bsc#1167864). - CVE-2022-2990: Fixed possible information disclosure and modification / bsc#1202812 Buildah was updated to version 1.27.1: * run: add container gid to additional groups - Add fix for CVE-2022-2990 / bsc#1202812 Update to version 1.27.0: * Don't try to call runLabelStdioPipes if spec.Linux is not set * build: support filtering cache by duration using --cache-ttl * build: support building from commit when using git repo as build context * build: clean up git repos correctly when using subdirs * integration tests: quote '?' in shell scripts * test: manifest inspect should have OCIv1 annotation * vendor: bump to c/common at 87fab4b7019a * Failure to determine a file or directory should print an error * refactor: remove unused CommitOptions from generateBuildOutput * stage_executor: generate output for cases with no commit * stage_executor, commit: output only if last stage in build * Use errors.Is() instead of os.Is{Not,}Exist * Minor test tweak for podman-remote compatibility * Cirrus: Use the latest imgts container * imagebuildah: complain about the right Dockerfile * tests: don't try to wrap `nil` errors * cmd/buildah.commitCmd: don't shadow 'err' * cmd/buildah.pullCmd: complain about DecryptConfig/EncryptConfig * Fix a copy/paste error message * Fix a typo in an error message * build,cache: support pulling/pushing cache layers to/from remote sources * Update vendor of containers/(common, storage, image) * Rename chroot/run.go to chroot/run_linux.go * Don't bother telling codespell to skip files that don't exist * Set user namespace defaults correctly for the library * imagebuildah: optimize cache hits for COPY and ADD instructions * Cirrus: Update VM images w/ updated bats * docs, run: show SELinux label flag for cache and bind mounts * imagebuildah, build: remove undefined concurrent writes * bump github.com/opencontainers/runtime-tools * Add FreeBSD support for 'buildah info' * Vendor in latest containers/(storage, common, image) * Add freebsd cross build targets * Make the jail package build on 32bit platforms * Cirrus: Ensure the build-push VM image is labeled * GHA: Fix dynamic script filename * Vendor in containers/(common, storage, image) * Run codespell * Remove import of github.com/pkg/errors * Avoid using cgo in pkg/jail * Rename footypes to fooTypes for naming consistency * Move cleanupTempVolumes and cleanupRunMounts to run_common.go * Make the various run mounts work for FreeBSD * Move get{Bind,Tmpfs,Secret,SSH}Mount to run_common.go * Move runSetupRunMounts to run_common.go * Move cleanableDestinationListFromMounts to run_common.go * Make setupMounts and runSetupBuiltinVolumes work on FreeBSD * Move setupMounts and runSetupBuiltinVolumes to run_common.go * Tidy up - runMakeStdioPipe can't be shared with linux * Move runAcceptTerminal to run_common.go * Move stdio copying utilities to run_common.go * Move runUsingRuntime and runCollectOutput to run_common.go * Move fileCloser, waitForSync and contains to run_common.go * Move checkAndOverrideIsolationOptions to run_common.go * Move DefaultNamespaceOptions to run_common.go * Move getNetworkInterface to run_common.go * Move configureEnvironment to run_common.go * Don't crash in configureUIDGID if Process.Capabilities is nil * Move configureUIDGID to run_common.go * Move runLookupPath to run_common.go * Move setupTerminal to run_common.go * Move etc file generation utilities to run_common.go * Add run support for FreeBSD * Add a simple FreeBSD jail library * Add FreeBSD support to pkg/chrootuser * Sync call signature for RunUsingChroot with chroot/run.go * test: verify feature to resolve basename with args * vendor: bump openshift/imagebuilder to master at 4151e43 * GHA: Remove required reserved-name use * buildah: set XDG_RUNTIME_DIR before setting default runroot * imagebuildah: honor build output even if build container is not commited * chroot: honor DefaultErrnoRet * [CI:DOCS] improve pull-policy documentation * tests: retrofit test since --file does not supports dir * Switch to golang native error wrapping * BuildDockerfiles: error out if path to containerfile is a directory * define.downloadToDirectory: fail early if bad HTTP response * GHA: Allow re-use of Cirrus-Cron fail-mail workflow * add: fail on bad http response instead of writing to container * [CI:DOCS] Update buildahimage comment * lint: inspectable is never nil * vendor: c/common to common at 7e1563b * build: support OCI hooks for ephemeral build containers * [CI:BUILD] Install latest buildah instead of compiling * Add subid support with BuildRequires and BUILDTAG [NO NEW TESTS NEEDED] * Make sure cpp is installed in buildah images * demo: use unshare for rootless invocations * buildah.spec.rpkg: initial addition * build: fix test for subid 4 * build, userns: add support for --userns=auto * Fix building upstream buildah image * Remove redundant buildahimages-are-sane validation * Docs: Update multi-arch buildah images readme * Cirrus: Migrate multiarch build off github actions * retrofit-tests: we skip unused stages so use stages * stage_executor: dont rely on stage while looking for additional-context * buildkit, multistage: skip computing unwanted stages * More test cleanup * copier: work around freebsd bug for 'mkdir /' * Replace $BUILDAH_BINARY with buildah() function * Fix up buildah images * Make util and copier build on FreeBSD * Vendor in latest github.com/sirupsen/logrus * Makefile: allow building without .git * run_unix: don't return an error from getNetworkInterface * run_unix: return a valid DefaultNamespaceOptions * Update vendor of containers/storage * chroot: use ActKillThread instead of ActKill * use resolvconf package from c/common/libnetwork * update c/common to latest main * copier: add `NoOverwriteNonDirDir` option * Sort buildoptions and move cli/build functions to internal * Fix TODO: de-spaghettify run mounts * Move options parsing out of build.go and into pkg/cli * [CI:DOCS] Tutorial 04 - Include Debian/Ubuntu deps * build, multiarch: support splitting build logs for --platform * [CI:BUILD] WIP Cleanup Image Dockerfiles * cli remove stutter * docker-parity: ignore sanity check if baseImage history is null * build, commit: allow disabling image history with --omit-history * Fix use generic/ambiguous DEBUG name * Cirrus: use Ubuntu 22.04 LTS * Fix codespell errors * Remove util.StringInSlice because it is defined in containers/common * buildah: add support for renaming a device in rootless setups * squash: never use build cache when computing last step of last stage * Update vendor of containers/(common, storage, image) * buildkit: supports additionalBuildContext in builds via --build-context * buildah source pull/push: show progress bar * run: allow resuing secret twice in different RUN steps * test helpers: default to being rootless-aware * Add --cpp-flag flag to buildah build * build: accept branch and subdirectory when context is git repo * Vendor in latest containers/common * vendor: update c/storage and c/image * Fix gentoo install docs * copier: move NSS load to new process * Add test for prevention of reusing encrypted layers * Make `buildah build --label foo` create an empty 'foo' label again Update to version 1.26.4: * build, multiarch: support splitting build logs for --platform * copier: add `NoOverwriteNonDirDir` option * docker-parity: ignore sanity check if baseImage history is null * build, commit: allow disabling image history with --omit-history * buildkit: supports additionalBuildContext in builds via --build-context * Add --cpp-flag flag to buildah build Update to version 1.26.3: * define.downloadToDirectory: fail early if bad HTTP response * add: fail on bad http response instead of writing to container * squash: never use build cache when computing last step of last stage * run: allow resuing secret twice in different RUN steps * integration tests: update expected error messages * integration tests: quote '?' in shell scripts * Use errors.Is() to check for storage errors * lint: inspectable is never nil * chroot: use ActKillThread instead of ActKill * chroot: honor DefaultErrnoRet * Set user namespace defaults correctly for the library * contrib/rpm/buildah.spec: fix `rpm` parser warnings Drop requires on apparmor pattern, should be moved elsewhere for systems which want AppArmor instead of SELinux. - Update BuildRequires to libassuan-devel >= 2.5.2, pkgconfig file is required to build. Update to version 1.26.2: * buildah: add support for renaming a device in rootless setups Update to version 1.26.1: * Make `buildah build --label foo` create an empty 'foo' label again * imagebuildah,build: move deepcopy of args before we spawn goroutine * Vendor in containers/storage v1.40.2 * buildah.BuilderOptions.DefaultEnv is ignored, so mark it as deprecated * help output: get more consistent about option usage text * Handle OS version and features flags * buildah build: --annotation and --label should remove values * buildah build: add a --env * buildah: deep copy options.Args before performing concurrent build/stage * test: inline platform and builtinargs behaviour * vendor: bump imagebuilder to master/009dbc6 * build: automatically set correct TARGETPLATFORM where expected * Vendor in containers/(common, storage, image) * imagebuildah, executor: process arg variables while populating baseMap * buildkit: add support for custom build output with --output * Cirrus: Update CI VMs to F36 * fix staticcheck linter warning for deprecated function * Fix docs build on FreeBSD * copier.unwrapError(): update for Go 1.16 * copier.PutOptions: add StripSetuidBit/StripSetgidBit/StripStickyBit * copier.Put(): write to read-only directories * Ed's periodic test cleanup * using consistent lowercase 'invalid' word in returned err msg * use etchosts package from c/common * run: set actual hostname in /etc/hostname to match docker parity * Update vendor of containers/(common,storage,image) * manifest-create: allow creating manifest list from local image * Update vendor of storage,common,image * Initialize network backend before first pull * oci spec: change special mount points for namespaces * tests/helpers.bash: assert handle corner cases correctly * buildah: actually use containers.conf settings * integration tests: learn to start a dummy registry * Fix error check to work on Podman * buildah build should accept at most one arg * tests: reduce concurrency for flaky bud-multiple-platform-no-run * vendor in latest containers/common,image,storage * manifest-add: allow override arch,variant while adding image * Remove a stray `\` from .containerenv * Vendor in latest opencontainers/selinux v1.10.1 * build, commit: allow removing default identity labels * Create shorter names for containers based on image IDs * test: skip rootless on cgroupv2 in root env * fix hang when oci runtime fails * Set permissions for GitHub actions * copier test: use correct UID/GID in test archives * run: set parent-death signals and forward SIGHUP/SIGINT/SIGTERM ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3773-1 Released: Wed Oct 26 12:19:29 2022 Summary: Security update for curl Type: security Severity: important References: 1204383,CVE-2022-32221 This update for curl fixes the following issues: - CVE-2022-32221: Fixed POST following PUT confusion (bsc#1204383). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3776-1 Released: Wed Oct 26 14:06:43 2022 Summary: Recommended update for permissions Type: recommended Severity: important References: 1203911,1204137 This update for permissions fixes the following issues: - Revert changes that replaced ping capabilities with ICMP_PROTO sockets. Older SUSE Linux Enterprise versions don't properly support ICMP_PROTO sockets feature yet (bsc#1204137) - Fix regression introduced by backport of security fix (bsc#1203911) The following package changes have been done: - libcurl4-7.66.0-150200.4.42.1 updated - libgpg-error0-1.42-150300.9.3.1 updated - permissions-20181225-150200.23.20.1 updated - container:sles15-image-15.0.0-17.20.56 updated From sle-updates at lists.suse.com Fri Oct 28 08:45:30 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 28 Oct 2022 10:45:30 +0200 (CEST) Subject: SUSE-CU-2022:2743-1: Security update of bci/python Message-ID: <20221028084530.B4ECEF78D@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2743-1 Container Tags : bci/python:3 , bci/python:3.9 , bci/python:3.9-20.4 Container Release : 20.4 Severity : critical Type : security References : 1167864 1181961 1202812 1203911 1204137 1204383 1204690 CVE-2020-10696 CVE-2021-20206 CVE-2021-46848 CVE-2022-2990 CVE-2022-32221 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3766-1 Released: Wed Oct 26 11:38:01 2022 Summary: Security update for buildah Type: security Severity: important References: 1167864,1181961,1202812,CVE-2020-10696,CVE-2021-20206,CVE-2022-2990 This update for buildah fixes the following issues: - CVE-2021-20206: Fixed an issue in libcni that could allow an attacker to execute arbitrary binaries on the host (bsc#1181961). - CVE-2020-10696: Fixed an issue that could lead to files being overwritten during the image building process (bsc#1167864). - CVE-2022-2990: Fixed possible information disclosure and modification / bsc#1202812 Buildah was updated to version 1.27.1: * run: add container gid to additional groups - Add fix for CVE-2022-2990 / bsc#1202812 Update to version 1.27.0: * Don't try to call runLabelStdioPipes if spec.Linux is not set * build: support filtering cache by duration using --cache-ttl * build: support building from commit when using git repo as build context * build: clean up git repos correctly when using subdirs * integration tests: quote '?' in shell scripts * test: manifest inspect should have OCIv1 annotation * vendor: bump to c/common at 87fab4b7019a * Failure to determine a file or directory should print an error * refactor: remove unused CommitOptions from generateBuildOutput * stage_executor: generate output for cases with no commit * stage_executor, commit: output only if last stage in build * Use errors.Is() instead of os.Is{Not,}Exist * Minor test tweak for podman-remote compatibility * Cirrus: Use the latest imgts container * imagebuildah: complain about the right Dockerfile * tests: don't try to wrap `nil` errors * cmd/buildah.commitCmd: don't shadow 'err' * cmd/buildah.pullCmd: complain about DecryptConfig/EncryptConfig * Fix a copy/paste error message * Fix a typo in an error message * build,cache: support pulling/pushing cache layers to/from remote sources * Update vendor of containers/(common, storage, image) * Rename chroot/run.go to chroot/run_linux.go * Don't bother telling codespell to skip files that don't exist * Set user namespace defaults correctly for the library * imagebuildah: optimize cache hits for COPY and ADD instructions * Cirrus: Update VM images w/ updated bats * docs, run: show SELinux label flag for cache and bind mounts * imagebuildah, build: remove undefined concurrent writes * bump github.com/opencontainers/runtime-tools * Add FreeBSD support for 'buildah info' * Vendor in latest containers/(storage, common, image) * Add freebsd cross build targets * Make the jail package build on 32bit platforms * Cirrus: Ensure the build-push VM image is labeled * GHA: Fix dynamic script filename * Vendor in containers/(common, storage, image) * Run codespell * Remove import of github.com/pkg/errors * Avoid using cgo in pkg/jail * Rename footypes to fooTypes for naming consistency * Move cleanupTempVolumes and cleanupRunMounts to run_common.go * Make the various run mounts work for FreeBSD * Move get{Bind,Tmpfs,Secret,SSH}Mount to run_common.go * Move runSetupRunMounts to run_common.go * Move cleanableDestinationListFromMounts to run_common.go * Make setupMounts and runSetupBuiltinVolumes work on FreeBSD * Move setupMounts and runSetupBuiltinVolumes to run_common.go * Tidy up - runMakeStdioPipe can't be shared with linux * Move runAcceptTerminal to run_common.go * Move stdio copying utilities to run_common.go * Move runUsingRuntime and runCollectOutput to run_common.go * Move fileCloser, waitForSync and contains to run_common.go * Move checkAndOverrideIsolationOptions to run_common.go * Move DefaultNamespaceOptions to run_common.go * Move getNetworkInterface to run_common.go * Move configureEnvironment to run_common.go * Don't crash in configureUIDGID if Process.Capabilities is nil * Move configureUIDGID to run_common.go * Move runLookupPath to run_common.go * Move setupTerminal to run_common.go * Move etc file generation utilities to run_common.go * Add run support for FreeBSD * Add a simple FreeBSD jail library * Add FreeBSD support to pkg/chrootuser * Sync call signature for RunUsingChroot with chroot/run.go * test: verify feature to resolve basename with args * vendor: bump openshift/imagebuilder to master at 4151e43 * GHA: Remove required reserved-name use * buildah: set XDG_RUNTIME_DIR before setting default runroot * imagebuildah: honor build output even if build container is not commited * chroot: honor DefaultErrnoRet * [CI:DOCS] improve pull-policy documentation * tests: retrofit test since --file does not supports dir * Switch to golang native error wrapping * BuildDockerfiles: error out if path to containerfile is a directory * define.downloadToDirectory: fail early if bad HTTP response * GHA: Allow re-use of Cirrus-Cron fail-mail workflow * add: fail on bad http response instead of writing to container * [CI:DOCS] Update buildahimage comment * lint: inspectable is never nil * vendor: c/common to common at 7e1563b * build: support OCI hooks for ephemeral build containers * [CI:BUILD] Install latest buildah instead of compiling * Add subid support with BuildRequires and BUILDTAG [NO NEW TESTS NEEDED] * Make sure cpp is installed in buildah images * demo: use unshare for rootless invocations * buildah.spec.rpkg: initial addition * build: fix test for subid 4 * build, userns: add support for --userns=auto * Fix building upstream buildah image * Remove redundant buildahimages-are-sane validation * Docs: Update multi-arch buildah images readme * Cirrus: Migrate multiarch build off github actions * retrofit-tests: we skip unused stages so use stages * stage_executor: dont rely on stage while looking for additional-context * buildkit, multistage: skip computing unwanted stages * More test cleanup * copier: work around freebsd bug for 'mkdir /' * Replace $BUILDAH_BINARY with buildah() function * Fix up buildah images * Make util and copier build on FreeBSD * Vendor in latest github.com/sirupsen/logrus * Makefile: allow building without .git * run_unix: don't return an error from getNetworkInterface * run_unix: return a valid DefaultNamespaceOptions * Update vendor of containers/storage * chroot: use ActKillThread instead of ActKill * use resolvconf package from c/common/libnetwork * update c/common to latest main * copier: add `NoOverwriteNonDirDir` option * Sort buildoptions and move cli/build functions to internal * Fix TODO: de-spaghettify run mounts * Move options parsing out of build.go and into pkg/cli * [CI:DOCS] Tutorial 04 - Include Debian/Ubuntu deps * build, multiarch: support splitting build logs for --platform * [CI:BUILD] WIP Cleanup Image Dockerfiles * cli remove stutter * docker-parity: ignore sanity check if baseImage history is null * build, commit: allow disabling image history with --omit-history * Fix use generic/ambiguous DEBUG name * Cirrus: use Ubuntu 22.04 LTS * Fix codespell errors * Remove util.StringInSlice because it is defined in containers/common * buildah: add support for renaming a device in rootless setups * squash: never use build cache when computing last step of last stage * Update vendor of containers/(common, storage, image) * buildkit: supports additionalBuildContext in builds via --build-context * buildah source pull/push: show progress bar * run: allow resuing secret twice in different RUN steps * test helpers: default to being rootless-aware * Add --cpp-flag flag to buildah build * build: accept branch and subdirectory when context is git repo * Vendor in latest containers/common * vendor: update c/storage and c/image * Fix gentoo install docs * copier: move NSS load to new process * Add test for prevention of reusing encrypted layers * Make `buildah build --label foo` create an empty 'foo' label again Update to version 1.26.4: * build, multiarch: support splitting build logs for --platform * copier: add `NoOverwriteNonDirDir` option * docker-parity: ignore sanity check if baseImage history is null * build, commit: allow disabling image history with --omit-history * buildkit: supports additionalBuildContext in builds via --build-context * Add --cpp-flag flag to buildah build Update to version 1.26.3: * define.downloadToDirectory: fail early if bad HTTP response * add: fail on bad http response instead of writing to container * squash: never use build cache when computing last step of last stage * run: allow resuing secret twice in different RUN steps * integration tests: update expected error messages * integration tests: quote '?' in shell scripts * Use errors.Is() to check for storage errors * lint: inspectable is never nil * chroot: use ActKillThread instead of ActKill * chroot: honor DefaultErrnoRet * Set user namespace defaults correctly for the library * contrib/rpm/buildah.spec: fix `rpm` parser warnings Drop requires on apparmor pattern, should be moved elsewhere for systems which want AppArmor instead of SELinux. - Update BuildRequires to libassuan-devel >= 2.5.2, pkgconfig file is required to build. Update to version 1.26.2: * buildah: add support for renaming a device in rootless setups Update to version 1.26.1: * Make `buildah build --label foo` create an empty 'foo' label again * imagebuildah,build: move deepcopy of args before we spawn goroutine * Vendor in containers/storage v1.40.2 * buildah.BuilderOptions.DefaultEnv is ignored, so mark it as deprecated * help output: get more consistent about option usage text * Handle OS version and features flags * buildah build: --annotation and --label should remove values * buildah build: add a --env * buildah: deep copy options.Args before performing concurrent build/stage * test: inline platform and builtinargs behaviour * vendor: bump imagebuilder to master/009dbc6 * build: automatically set correct TARGETPLATFORM where expected * Vendor in containers/(common, storage, image) * imagebuildah, executor: process arg variables while populating baseMap * buildkit: add support for custom build output with --output * Cirrus: Update CI VMs to F36 * fix staticcheck linter warning for deprecated function * Fix docs build on FreeBSD * copier.unwrapError(): update for Go 1.16 * copier.PutOptions: add StripSetuidBit/StripSetgidBit/StripStickyBit * copier.Put(): write to read-only directories * Ed's periodic test cleanup * using consistent lowercase 'invalid' word in returned err msg * use etchosts package from c/common * run: set actual hostname in /etc/hostname to match docker parity * Update vendor of containers/(common,storage,image) * manifest-create: allow creating manifest list from local image * Update vendor of storage,common,image * Initialize network backend before first pull * oci spec: change special mount points for namespaces * tests/helpers.bash: assert handle corner cases correctly * buildah: actually use containers.conf settings * integration tests: learn to start a dummy registry * Fix error check to work on Podman * buildah build should accept at most one arg * tests: reduce concurrency for flaky bud-multiple-platform-no-run * vendor in latest containers/common,image,storage * manifest-add: allow override arch,variant while adding image * Remove a stray `\` from .containerenv * Vendor in latest opencontainers/selinux v1.10.1 * build, commit: allow removing default identity labels * Create shorter names for containers based on image IDs * test: skip rootless on cgroupv2 in root env * fix hang when oci runtime fails * Set permissions for GitHub actions * copier test: use correct UID/GID in test archives * run: set parent-death signals and forward SIGHUP/SIGINT/SIGTERM ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3773-1 Released: Wed Oct 26 12:19:29 2022 Summary: Security update for curl Type: security Severity: important References: 1204383,CVE-2022-32221 This update for curl fixes the following issues: - CVE-2022-32221: Fixed POST following PUT confusion (bsc#1204383). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3776-1 Released: Wed Oct 26 14:06:43 2022 Summary: Recommended update for permissions Type: recommended Severity: important References: 1203911,1204137 This update for permissions fixes the following issues: - Revert changes that replaced ping capabilities with ICMP_PROTO sockets. Older SUSE Linux Enterprise versions don't properly support ICMP_PROTO sockets feature yet (bsc#1204137) - Fix regression introduced by backport of security fix (bsc#1203911) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3784-1 Released: Wed Oct 26 18:03:28 2022 Summary: Security update for libtasn1 Type: security Severity: critical References: 1204690,CVE-2021-46848 This update for libtasn1 fixes the following issues: - CVE-2021-46848: Fixed off-by-one array size check that affects asn1_encode_simple_der (bsc#1204690) The following package changes have been done: - curl-7.66.0-150200.4.42.1 updated - libcurl4-7.66.0-150200.4.42.1 updated - libgpg-error0-1.42-150300.9.3.1 updated - libtasn1-6-4.13-150000.4.8.1 updated - libtasn1-4.13-150000.4.8.1 updated - permissions-20181225-150200.23.20.1 updated - container:sles15-image-15.0.0-17.20.57 updated From sle-updates at lists.suse.com Fri Oct 28 08:54:47 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 28 Oct 2022 10:54:47 +0200 (CEST) Subject: SUSE-CU-2022:2744-1: Security update of suse/sle15 Message-ID: <20221028085447.13E56F78D@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2744-1 Container Tags : bci/bci-base:15.3 , bci/bci-base:15.3.17.20.57 , suse/sle15:15.3 , suse/sle15:15.3.17.20.57 Container Release : 17.20.57 Severity : critical Type : security References : 1167864 1181961 1202812 1203911 1204137 1204383 1204397 1204690 CVE-2020-10696 CVE-2021-20206 CVE-2021-46848 CVE-2022-2990 CVE-2022-32221 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3766-1 Released: Wed Oct 26 11:38:01 2022 Summary: Security update for buildah Type: security Severity: important References: 1167864,1181961,1202812,CVE-2020-10696,CVE-2021-20206,CVE-2022-2990 This update for buildah fixes the following issues: - CVE-2021-20206: Fixed an issue in libcni that could allow an attacker to execute arbitrary binaries on the host (bsc#1181961). - CVE-2020-10696: Fixed an issue that could lead to files being overwritten during the image building process (bsc#1167864). - CVE-2022-2990: Fixed possible information disclosure and modification / bsc#1202812 Buildah was updated to version 1.27.1: * run: add container gid to additional groups - Add fix for CVE-2022-2990 / bsc#1202812 Update to version 1.27.0: * Don't try to call runLabelStdioPipes if spec.Linux is not set * build: support filtering cache by duration using --cache-ttl * build: support building from commit when using git repo as build context * build: clean up git repos correctly when using subdirs * integration tests: quote '?' in shell scripts * test: manifest inspect should have OCIv1 annotation * vendor: bump to c/common at 87fab4b7019a * Failure to determine a file or directory should print an error * refactor: remove unused CommitOptions from generateBuildOutput * stage_executor: generate output for cases with no commit * stage_executor, commit: output only if last stage in build * Use errors.Is() instead of os.Is{Not,}Exist * Minor test tweak for podman-remote compatibility * Cirrus: Use the latest imgts container * imagebuildah: complain about the right Dockerfile * tests: don't try to wrap `nil` errors * cmd/buildah.commitCmd: don't shadow 'err' * cmd/buildah.pullCmd: complain about DecryptConfig/EncryptConfig * Fix a copy/paste error message * Fix a typo in an error message * build,cache: support pulling/pushing cache layers to/from remote sources * Update vendor of containers/(common, storage, image) * Rename chroot/run.go to chroot/run_linux.go * Don't bother telling codespell to skip files that don't exist * Set user namespace defaults correctly for the library * imagebuildah: optimize cache hits for COPY and ADD instructions * Cirrus: Update VM images w/ updated bats * docs, run: show SELinux label flag for cache and bind mounts * imagebuildah, build: remove undefined concurrent writes * bump github.com/opencontainers/runtime-tools * Add FreeBSD support for 'buildah info' * Vendor in latest containers/(storage, common, image) * Add freebsd cross build targets * Make the jail package build on 32bit platforms * Cirrus: Ensure the build-push VM image is labeled * GHA: Fix dynamic script filename * Vendor in containers/(common, storage, image) * Run codespell * Remove import of github.com/pkg/errors * Avoid using cgo in pkg/jail * Rename footypes to fooTypes for naming consistency * Move cleanupTempVolumes and cleanupRunMounts to run_common.go * Make the various run mounts work for FreeBSD * Move get{Bind,Tmpfs,Secret,SSH}Mount to run_common.go * Move runSetupRunMounts to run_common.go * Move cleanableDestinationListFromMounts to run_common.go * Make setupMounts and runSetupBuiltinVolumes work on FreeBSD * Move setupMounts and runSetupBuiltinVolumes to run_common.go * Tidy up - runMakeStdioPipe can't be shared with linux * Move runAcceptTerminal to run_common.go * Move stdio copying utilities to run_common.go * Move runUsingRuntime and runCollectOutput to run_common.go * Move fileCloser, waitForSync and contains to run_common.go * Move checkAndOverrideIsolationOptions to run_common.go * Move DefaultNamespaceOptions to run_common.go * Move getNetworkInterface to run_common.go * Move configureEnvironment to run_common.go * Don't crash in configureUIDGID if Process.Capabilities is nil * Move configureUIDGID to run_common.go * Move runLookupPath to run_common.go * Move setupTerminal to run_common.go * Move etc file generation utilities to run_common.go * Add run support for FreeBSD * Add a simple FreeBSD jail library * Add FreeBSD support to pkg/chrootuser * Sync call signature for RunUsingChroot with chroot/run.go * test: verify feature to resolve basename with args * vendor: bump openshift/imagebuilder to master at 4151e43 * GHA: Remove required reserved-name use * buildah: set XDG_RUNTIME_DIR before setting default runroot * imagebuildah: honor build output even if build container is not commited * chroot: honor DefaultErrnoRet * [CI:DOCS] improve pull-policy documentation * tests: retrofit test since --file does not supports dir * Switch to golang native error wrapping * BuildDockerfiles: error out if path to containerfile is a directory * define.downloadToDirectory: fail early if bad HTTP response * GHA: Allow re-use of Cirrus-Cron fail-mail workflow * add: fail on bad http response instead of writing to container * [CI:DOCS] Update buildahimage comment * lint: inspectable is never nil * vendor: c/common to common at 7e1563b * build: support OCI hooks for ephemeral build containers * [CI:BUILD] Install latest buildah instead of compiling * Add subid support with BuildRequires and BUILDTAG [NO NEW TESTS NEEDED] * Make sure cpp is installed in buildah images * demo: use unshare for rootless invocations * buildah.spec.rpkg: initial addition * build: fix test for subid 4 * build, userns: add support for --userns=auto * Fix building upstream buildah image * Remove redundant buildahimages-are-sane validation * Docs: Update multi-arch buildah images readme * Cirrus: Migrate multiarch build off github actions * retrofit-tests: we skip unused stages so use stages * stage_executor: dont rely on stage while looking for additional-context * buildkit, multistage: skip computing unwanted stages * More test cleanup * copier: work around freebsd bug for 'mkdir /' * Replace $BUILDAH_BINARY with buildah() function * Fix up buildah images * Make util and copier build on FreeBSD * Vendor in latest github.com/sirupsen/logrus * Makefile: allow building without .git * run_unix: don't return an error from getNetworkInterface * run_unix: return a valid DefaultNamespaceOptions * Update vendor of containers/storage * chroot: use ActKillThread instead of ActKill * use resolvconf package from c/common/libnetwork * update c/common to latest main * copier: add `NoOverwriteNonDirDir` option * Sort buildoptions and move cli/build functions to internal * Fix TODO: de-spaghettify run mounts * Move options parsing out of build.go and into pkg/cli * [CI:DOCS] Tutorial 04 - Include Debian/Ubuntu deps * build, multiarch: support splitting build logs for --platform * [CI:BUILD] WIP Cleanup Image Dockerfiles * cli remove stutter * docker-parity: ignore sanity check if baseImage history is null * build, commit: allow disabling image history with --omit-history * Fix use generic/ambiguous DEBUG name * Cirrus: use Ubuntu 22.04 LTS * Fix codespell errors * Remove util.StringInSlice because it is defined in containers/common * buildah: add support for renaming a device in rootless setups * squash: never use build cache when computing last step of last stage * Update vendor of containers/(common, storage, image) * buildkit: supports additionalBuildContext in builds via --build-context * buildah source pull/push: show progress bar * run: allow resuing secret twice in different RUN steps * test helpers: default to being rootless-aware * Add --cpp-flag flag to buildah build * build: accept branch and subdirectory when context is git repo * Vendor in latest containers/common * vendor: update c/storage and c/image * Fix gentoo install docs * copier: move NSS load to new process * Add test for prevention of reusing encrypted layers * Make `buildah build --label foo` create an empty 'foo' label again Update to version 1.26.4: * build, multiarch: support splitting build logs for --platform * copier: add `NoOverwriteNonDirDir` option * docker-parity: ignore sanity check if baseImage history is null * build, commit: allow disabling image history with --omit-history * buildkit: supports additionalBuildContext in builds via --build-context * Add --cpp-flag flag to buildah build Update to version 1.26.3: * define.downloadToDirectory: fail early if bad HTTP response * add: fail on bad http response instead of writing to container * squash: never use build cache when computing last step of last stage * run: allow resuing secret twice in different RUN steps * integration tests: update expected error messages * integration tests: quote '?' in shell scripts * Use errors.Is() to check for storage errors * lint: inspectable is never nil * chroot: use ActKillThread instead of ActKill * chroot: honor DefaultErrnoRet * Set user namespace defaults correctly for the library * contrib/rpm/buildah.spec: fix `rpm` parser warnings Drop requires on apparmor pattern, should be moved elsewhere for systems which want AppArmor instead of SELinux. - Update BuildRequires to libassuan-devel >= 2.5.2, pkgconfig file is required to build. Update to version 1.26.2: * buildah: add support for renaming a device in rootless setups Update to version 1.26.1: * Make `buildah build --label foo` create an empty 'foo' label again * imagebuildah,build: move deepcopy of args before we spawn goroutine * Vendor in containers/storage v1.40.2 * buildah.BuilderOptions.DefaultEnv is ignored, so mark it as deprecated * help output: get more consistent about option usage text * Handle OS version and features flags * buildah build: --annotation and --label should remove values * buildah build: add a --env * buildah: deep copy options.Args before performing concurrent build/stage * test: inline platform and builtinargs behaviour * vendor: bump imagebuilder to master/009dbc6 * build: automatically set correct TARGETPLATFORM where expected * Vendor in containers/(common, storage, image) * imagebuildah, executor: process arg variables while populating baseMap * buildkit: add support for custom build output with --output * Cirrus: Update CI VMs to F36 * fix staticcheck linter warning for deprecated function * Fix docs build on FreeBSD * copier.unwrapError(): update for Go 1.16 * copier.PutOptions: add StripSetuidBit/StripSetgidBit/StripStickyBit * copier.Put(): write to read-only directories * Ed's periodic test cleanup * using consistent lowercase 'invalid' word in returned err msg * use etchosts package from c/common * run: set actual hostname in /etc/hostname to match docker parity * Update vendor of containers/(common,storage,image) * manifest-create: allow creating manifest list from local image * Update vendor of storage,common,image * Initialize network backend before first pull * oci spec: change special mount points for namespaces * tests/helpers.bash: assert handle corner cases correctly * buildah: actually use containers.conf settings * integration tests: learn to start a dummy registry * Fix error check to work on Podman * buildah build should accept at most one arg * tests: reduce concurrency for flaky bud-multiple-platform-no-run * vendor in latest containers/common,image,storage * manifest-add: allow override arch,variant while adding image * Remove a stray `\` from .containerenv * Vendor in latest opencontainers/selinux v1.10.1 * build, commit: allow removing default identity labels * Create shorter names for containers based on image IDs * test: skip rootless on cgroupv2 in root env * fix hang when oci runtime fails * Set permissions for GitHub actions * copier test: use correct UID/GID in test archives * run: set parent-death signals and forward SIGHUP/SIGINT/SIGTERM ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3773-1 Released: Wed Oct 26 12:19:29 2022 Summary: Security update for curl Type: security Severity: important References: 1204383,CVE-2022-32221 This update for curl fixes the following issues: - CVE-2022-32221: Fixed POST following PUT confusion (bsc#1204383). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3776-1 Released: Wed Oct 26 14:06:43 2022 Summary: Recommended update for permissions Type: recommended Severity: important References: 1203911,1204137 This update for permissions fixes the following issues: - Revert changes that replaced ping capabilities with ICMP_PROTO sockets. Older SUSE Linux Enterprise versions don't properly support ICMP_PROTO sockets feature yet (bsc#1204137) - Fix regression introduced by backport of security fix (bsc#1203911) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3781-1 Released: Wed Oct 26 17:50:44 2022 Summary: Security update for container-suseconnect Type: security Severity: moderate References: 1204397 This update of container-suseconnect is a rebuilt of the previous sources against the current security updated go compiler. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3784-1 Released: Wed Oct 26 18:03:28 2022 Summary: Security update for libtasn1 Type: security Severity: critical References: 1204690,CVE-2021-46848 This update for libtasn1 fixes the following issues: - CVE-2021-46848: Fixed off-by-one array size check that affects asn1_encode_simple_der (bsc#1204690) The following package changes have been done: - container-suseconnect-2.3.0-150000.4.19.2 updated - curl-7.66.0-150200.4.42.1 updated - libcurl4-7.66.0-150200.4.42.1 updated - libgpg-error0-1.42-150300.9.3.1 updated - libtasn1-6-4.13-150000.4.8.1 updated - libtasn1-4.13-150000.4.8.1 updated - permissions-20181225-150200.23.20.1 updated From sle-updates at lists.suse.com Fri Oct 28 08:56:11 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 28 Oct 2022 10:56:11 +0200 (CEST) Subject: SUSE-CU-2022:2745-1: Security update of suse/389-ds Message-ID: <20221028085611.8C21AF78D@maintenance.suse.de> SUSE Container Update Advisory: suse/389-ds ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2745-1 Container Tags : suse/389-ds:2.0 , suse/389-ds:2.0-17.23 , suse/389-ds:latest Container Release : 17.23 Severity : important Type : security References : 1194047 1203911 1204383 1204386 CVE-2022-32221 CVE-2022-42916 ----------------------------------------------------------------- The container suse/389-ds was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3785-1 Released: Wed Oct 26 20:20:19 2022 Summary: Security update for curl Type: security Severity: important References: 1204383,1204386,CVE-2022-32221,CVE-2022-42916 This update for curl fixes the following issues: - CVE-2022-32221: Fixed POST following PUT confusion (bsc#1204383). - CVE-2022-42916: Fixed HSTS bypass via IDN (bsc#1204386). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3787-1 Released: Thu Oct 27 04:41:09 2022 Summary: Recommended update for permissions Type: recommended Severity: important References: 1194047,1203911 This update for permissions fixes the following issues: - Fix regression introduced by backport of security fix (bsc#1203911) - Add permissions for enlightenment helper on 32bit arches (bsc#1194047) The following package changes have been done: - libcurl4-7.79.1-150400.5.9.1 updated - permissions-20201225-150400.5.16.1 updated - container:sles15-image-15.0.0-27.14.8 updated From sle-updates at lists.suse.com Fri Oct 28 08:57:30 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 28 Oct 2022 10:57:30 +0200 (CEST) Subject: SUSE-CU-2022:2746-1: Security update of bci/dotnet-aspnet Message-ID: <20221028085730.6E2D6F78D@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2746-1 Container Tags : bci/dotnet-aspnet:3.1 , bci/dotnet-aspnet:3.1-42.12 , bci/dotnet-aspnet:3.1.30 , bci/dotnet-aspnet:3.1.30-42.12 Container Release : 42.12 Severity : important Type : security References : 1194047 1203911 1204383 1204386 CVE-2022-32221 CVE-2022-42916 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3785-1 Released: Wed Oct 26 20:20:19 2022 Summary: Security update for curl Type: security Severity: important References: 1204383,1204386,CVE-2022-32221,CVE-2022-42916 This update for curl fixes the following issues: - CVE-2022-32221: Fixed POST following PUT confusion (bsc#1204383). - CVE-2022-42916: Fixed HSTS bypass via IDN (bsc#1204386). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3787-1 Released: Thu Oct 27 04:41:09 2022 Summary: Recommended update for permissions Type: recommended Severity: important References: 1194047,1203911 This update for permissions fixes the following issues: - Fix regression introduced by backport of security fix (bsc#1203911) - Add permissions for enlightenment helper on 32bit arches (bsc#1194047) The following package changes have been done: - libcurl4-7.79.1-150400.5.9.1 updated - permissions-20201225-150400.5.16.1 updated - container:sles15-image-15.0.0-27.14.7 updated From sle-updates at lists.suse.com Fri Oct 28 08:58:55 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 28 Oct 2022 10:58:55 +0200 (CEST) Subject: SUSE-CU-2022:2747-1: Security update of bci/dotnet-aspnet Message-ID: <20221028085855.30FCAF78D@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2747-1 Container Tags : bci/dotnet-aspnet:6.0 , bci/dotnet-aspnet:6.0-22.27 , bci/dotnet-aspnet:6.0.9 , bci/dotnet-aspnet:6.0.9-22.27 Container Release : 22.27 Severity : important Type : security References : 1194047 1203911 1204383 1204386 CVE-2022-32221 CVE-2022-42916 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3785-1 Released: Wed Oct 26 20:20:19 2022 Summary: Security update for curl Type: security Severity: important References: 1204383,1204386,CVE-2022-32221,CVE-2022-42916 This update for curl fixes the following issues: - CVE-2022-32221: Fixed POST following PUT confusion (bsc#1204383). - CVE-2022-42916: Fixed HSTS bypass via IDN (bsc#1204386). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3787-1 Released: Thu Oct 27 04:41:09 2022 Summary: Recommended update for permissions Type: recommended Severity: important References: 1194047,1203911 This update for permissions fixes the following issues: - Fix regression introduced by backport of security fix (bsc#1203911) - Add permissions for enlightenment helper on 32bit arches (bsc#1194047) The following package changes have been done: - libcurl4-7.79.1-150400.5.9.1 updated - permissions-20201225-150400.5.16.1 updated - container:sles15-image-15.0.0-27.14.7 updated From sle-updates at lists.suse.com Fri Oct 28 09:00:31 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 28 Oct 2022 11:00:31 +0200 (CEST) Subject: SUSE-CU-2022:2748-1: Security update of bci/dotnet-sdk Message-ID: <20221028090031.40E0FFDD6@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2748-1 Container Tags : bci/dotnet-sdk:3.1 , bci/dotnet-sdk:3.1-47.11 , bci/dotnet-sdk:3.1.30 , bci/dotnet-sdk:3.1.30-47.11 Container Release : 47.11 Severity : important Type : security References : 1194047 1203911 1204383 1204386 CVE-2022-32221 CVE-2022-42916 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3785-1 Released: Wed Oct 26 20:20:19 2022 Summary: Security update for curl Type: security Severity: important References: 1204383,1204386,CVE-2022-32221,CVE-2022-42916 This update for curl fixes the following issues: - CVE-2022-32221: Fixed POST following PUT confusion (bsc#1204383). - CVE-2022-42916: Fixed HSTS bypass via IDN (bsc#1204386). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3787-1 Released: Thu Oct 27 04:41:09 2022 Summary: Recommended update for permissions Type: recommended Severity: important References: 1194047,1203911 This update for permissions fixes the following issues: - Fix regression introduced by backport of security fix (bsc#1203911) - Add permissions for enlightenment helper on 32bit arches (bsc#1194047) The following package changes have been done: - libcurl4-7.79.1-150400.5.9.1 updated - permissions-20201225-150400.5.16.1 updated - container:sles15-image-15.0.0-27.14.7 updated From sle-updates at lists.suse.com Fri Oct 28 09:02:10 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 28 Oct 2022 11:02:10 +0200 (CEST) Subject: SUSE-CU-2022:2749-1: Security update of bci/dotnet-sdk Message-ID: <20221028090210.3A7CEFDB8@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2749-1 Container Tags : bci/dotnet-sdk:5.0 , bci/dotnet-sdk:5.0-35.27 , bci/dotnet-sdk:5.0.17 , bci/dotnet-sdk:5.0.17-35.27 Container Release : 35.27 Severity : important Type : security References : 1194047 1203911 1204383 1204386 CVE-2022-32221 CVE-2022-42916 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3785-1 Released: Wed Oct 26 20:20:19 2022 Summary: Security update for curl Type: security Severity: important References: 1204383,1204386,CVE-2022-32221,CVE-2022-42916 This update for curl fixes the following issues: - CVE-2022-32221: Fixed POST following PUT confusion (bsc#1204383). - CVE-2022-42916: Fixed HSTS bypass via IDN (bsc#1204386). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3787-1 Released: Thu Oct 27 04:41:09 2022 Summary: Recommended update for permissions Type: recommended Severity: important References: 1194047,1203911 This update for permissions fixes the following issues: - Fix regression introduced by backport of security fix (bsc#1203911) - Add permissions for enlightenment helper on 32bit arches (bsc#1194047) The following package changes have been done: - libcurl4-7.79.1-150400.5.9.1 updated - permissions-20201225-150400.5.16.1 updated - container:sles15-image-15.0.0-27.14.7 updated From sle-updates at lists.suse.com Fri Oct 28 09:03:53 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 28 Oct 2022 11:03:53 +0200 (CEST) Subject: SUSE-CU-2022:2750-1: Security update of bci/dotnet-sdk Message-ID: <20221028090353.7EE4AFDB8@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2750-1 Container Tags : bci/dotnet-sdk:6.0 , bci/dotnet-sdk:6.0-24.27 , bci/dotnet-sdk:6.0.9 , bci/dotnet-sdk:6.0.9-24.27 Container Release : 24.27 Severity : important Type : security References : 1194047 1203911 1204383 1204386 CVE-2022-32221 CVE-2022-42916 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3785-1 Released: Wed Oct 26 20:20:19 2022 Summary: Security update for curl Type: security Severity: important References: 1204383,1204386,CVE-2022-32221,CVE-2022-42916 This update for curl fixes the following issues: - CVE-2022-32221: Fixed POST following PUT confusion (bsc#1204383). - CVE-2022-42916: Fixed HSTS bypass via IDN (bsc#1204386). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3787-1 Released: Thu Oct 27 04:41:09 2022 Summary: Recommended update for permissions Type: recommended Severity: important References: 1194047,1203911 This update for permissions fixes the following issues: - Fix regression introduced by backport of security fix (bsc#1203911) - Add permissions for enlightenment helper on 32bit arches (bsc#1194047) The following package changes have been done: - libcurl4-7.79.1-150400.5.9.1 updated - permissions-20201225-150400.5.16.1 updated - container:sles15-image-15.0.0-27.14.7 updated From sle-updates at lists.suse.com Fri Oct 28 09:05:33 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 28 Oct 2022 11:05:33 +0200 (CEST) Subject: SUSE-CU-2022:2751-1: Security update of bci/dotnet-runtime Message-ID: <20221028090533.2D576FDB8@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2751-1 Container Tags : bci/dotnet-runtime:3.1 , bci/dotnet-runtime:3.1-48.11 , bci/dotnet-runtime:3.1.30 , bci/dotnet-runtime:3.1.30-48.11 Container Release : 48.11 Severity : important Type : security References : 1194047 1203911 1204383 1204386 CVE-2022-32221 CVE-2022-42916 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3785-1 Released: Wed Oct 26 20:20:19 2022 Summary: Security update for curl Type: security Severity: important References: 1204383,1204386,CVE-2022-32221,CVE-2022-42916 This update for curl fixes the following issues: - CVE-2022-32221: Fixed POST following PUT confusion (bsc#1204383). - CVE-2022-42916: Fixed HSTS bypass via IDN (bsc#1204386). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3787-1 Released: Thu Oct 27 04:41:09 2022 Summary: Recommended update for permissions Type: recommended Severity: important References: 1194047,1203911 This update for permissions fixes the following issues: - Fix regression introduced by backport of security fix (bsc#1203911) - Add permissions for enlightenment helper on 32bit arches (bsc#1194047) The following package changes have been done: - libcurl4-7.79.1-150400.5.9.1 updated - permissions-20201225-150400.5.16.1 updated - container:sles15-image-15.0.0-27.14.7 updated From sle-updates at lists.suse.com Fri Oct 28 09:07:06 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 28 Oct 2022 11:07:06 +0200 (CEST) Subject: SUSE-CU-2022:2752-1: Security update of bci/dotnet-runtime Message-ID: <20221028090706.3DF0FFDB8@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2752-1 Container Tags : bci/dotnet-runtime:5.0 , bci/dotnet-runtime:5.0-34.27 , bci/dotnet-runtime:5.0.17 , bci/dotnet-runtime:5.0.17-34.27 Container Release : 34.27 Severity : important Type : security References : 1194047 1203911 1204383 1204386 CVE-2022-32221 CVE-2022-42916 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3785-1 Released: Wed Oct 26 20:20:19 2022 Summary: Security update for curl Type: security Severity: important References: 1204383,1204386,CVE-2022-32221,CVE-2022-42916 This update for curl fixes the following issues: - CVE-2022-32221: Fixed POST following PUT confusion (bsc#1204383). - CVE-2022-42916: Fixed HSTS bypass via IDN (bsc#1204386). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3787-1 Released: Thu Oct 27 04:41:09 2022 Summary: Recommended update for permissions Type: recommended Severity: important References: 1194047,1203911 This update for permissions fixes the following issues: - Fix regression introduced by backport of security fix (bsc#1203911) - Add permissions for enlightenment helper on 32bit arches (bsc#1194047) The following package changes have been done: - libcurl4-7.79.1-150400.5.9.1 updated - permissions-20201225-150400.5.16.1 updated - container:sles15-image-15.0.0-27.14.7 updated From sle-updates at lists.suse.com Fri Oct 28 09:08:26 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 28 Oct 2022 11:08:26 +0200 (CEST) Subject: SUSE-CU-2022:2753-1: Security update of bci/dotnet-runtime Message-ID: <20221028090826.41A98FDB8@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2753-1 Container Tags : bci/dotnet-runtime:6.0 , bci/dotnet-runtime:6.0-21.27 , bci/dotnet-runtime:6.0.9 , bci/dotnet-runtime:6.0.9-21.27 Container Release : 21.27 Severity : important Type : security References : 1194047 1203911 1204383 1204386 CVE-2022-32221 CVE-2022-42916 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3785-1 Released: Wed Oct 26 20:20:19 2022 Summary: Security update for curl Type: security Severity: important References: 1204383,1204386,CVE-2022-32221,CVE-2022-42916 This update for curl fixes the following issues: - CVE-2022-32221: Fixed POST following PUT confusion (bsc#1204383). - CVE-2022-42916: Fixed HSTS bypass via IDN (bsc#1204386). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3787-1 Released: Thu Oct 27 04:41:09 2022 Summary: Recommended update for permissions Type: recommended Severity: important References: 1194047,1203911 This update for permissions fixes the following issues: - Fix regression introduced by backport of security fix (bsc#1203911) - Add permissions for enlightenment helper on 32bit arches (bsc#1194047) The following package changes have been done: - libcurl4-7.79.1-150400.5.9.1 updated - permissions-20201225-150400.5.16.1 updated - container:sles15-image-15.0.0-27.14.7 updated From sle-updates at lists.suse.com Fri Oct 28 09:10:40 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 28 Oct 2022 11:10:40 +0200 (CEST) Subject: SUSE-CU-2022:2754-1: Security update of bci/golang Message-ID: <20221028091040.60286FDB8@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2754-1 Container Tags : bci/golang:1.16 , bci/golang:1.16-30.67 Container Release : 30.67 Severity : important Type : security References : 1194047 1203911 1204383 1204386 CVE-2022-32221 CVE-2022-42916 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3785-1 Released: Wed Oct 26 20:20:19 2022 Summary: Security update for curl Type: security Severity: important References: 1204383,1204386,CVE-2022-32221,CVE-2022-42916 This update for curl fixes the following issues: - CVE-2022-32221: Fixed POST following PUT confusion (bsc#1204383). - CVE-2022-42916: Fixed HSTS bypass via IDN (bsc#1204386). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3787-1 Released: Thu Oct 27 04:41:09 2022 Summary: Recommended update for permissions Type: recommended Severity: important References: 1194047,1203911 This update for permissions fixes the following issues: - Fix regression introduced by backport of security fix (bsc#1203911) - Add permissions for enlightenment helper on 32bit arches (bsc#1194047) The following package changes have been done: - libcurl4-7.79.1-150400.5.9.1 updated - permissions-20201225-150400.5.16.1 updated - container:sles15-image-15.0.0-27.14.8 updated From sle-updates at lists.suse.com Fri Oct 28 09:13:02 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 28 Oct 2022 11:13:02 +0200 (CEST) Subject: SUSE-CU-2022:2755-1: Security update of bci/golang Message-ID: <20221028091302.DB7C6FDB8@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2755-1 Container Tags : bci/golang:1.17 , bci/golang:1.17-29.67 Container Release : 29.67 Severity : important Type : security References : 1194047 1203911 1204383 1204386 CVE-2022-32221 CVE-2022-42916 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3785-1 Released: Wed Oct 26 20:20:19 2022 Summary: Security update for curl Type: security Severity: important References: 1204383,1204386,CVE-2022-32221,CVE-2022-42916 This update for curl fixes the following issues: - CVE-2022-32221: Fixed POST following PUT confusion (bsc#1204383). - CVE-2022-42916: Fixed HSTS bypass via IDN (bsc#1204386). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3787-1 Released: Thu Oct 27 04:41:09 2022 Summary: Recommended update for permissions Type: recommended Severity: important References: 1194047,1203911 This update for permissions fixes the following issues: - Fix regression introduced by backport of security fix (bsc#1203911) - Add permissions for enlightenment helper on 32bit arches (bsc#1194047) The following package changes have been done: - libcurl4-7.79.1-150400.5.9.1 updated - permissions-20201225-150400.5.16.1 updated - container:sles15-image-15.0.0-27.14.8 updated From sle-updates at lists.suse.com Fri Oct 28 09:14:54 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 28 Oct 2022 11:14:54 +0200 (CEST) Subject: SUSE-CU-2022:2756-1: Security update of bci/golang Message-ID: <20221028091454.74613FDB8@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2756-1 Container Tags : bci/golang:1.18 , bci/golang:1.18-18.13 Container Release : 18.13 Severity : important Type : security References : 1194047 1203911 1204383 1204386 CVE-2022-32221 CVE-2022-42916 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3785-1 Released: Wed Oct 26 20:20:19 2022 Summary: Security update for curl Type: security Severity: important References: 1204383,1204386,CVE-2022-32221,CVE-2022-42916 This update for curl fixes the following issues: - CVE-2022-32221: Fixed POST following PUT confusion (bsc#1204383). - CVE-2022-42916: Fixed HSTS bypass via IDN (bsc#1204386). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3787-1 Released: Thu Oct 27 04:41:09 2022 Summary: Recommended update for permissions Type: recommended Severity: important References: 1194047,1203911 This update for permissions fixes the following issues: - Fix regression introduced by backport of security fix (bsc#1203911) - Add permissions for enlightenment helper on 32bit arches (bsc#1194047) The following package changes have been done: - libcurl4-7.79.1-150400.5.9.1 updated - permissions-20201225-150400.5.16.1 updated - container:sles15-image-15.0.0-27.14.8 updated From sle-updates at lists.suse.com Fri Oct 28 09:16:28 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 28 Oct 2022 11:16:28 +0200 (CEST) Subject: SUSE-CU-2022:2757-1: Security update of bci/bci-init Message-ID: <20221028091628.7822CFDB8@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2757-1 Container Tags : bci/bci-init:15.4 , bci/bci-init:15.4.24.13 , bci/bci-init:latest Container Release : 24.13 Severity : important Type : security References : 1194047 1203911 1204383 1204386 CVE-2022-32221 CVE-2022-42916 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3785-1 Released: Wed Oct 26 20:20:19 2022 Summary: Security update for curl Type: security Severity: important References: 1204383,1204386,CVE-2022-32221,CVE-2022-42916 This update for curl fixes the following issues: - CVE-2022-32221: Fixed POST following PUT confusion (bsc#1204383). - CVE-2022-42916: Fixed HSTS bypass via IDN (bsc#1204386). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3787-1 Released: Thu Oct 27 04:41:09 2022 Summary: Recommended update for permissions Type: recommended Severity: important References: 1194047,1203911 This update for permissions fixes the following issues: - Fix regression introduced by backport of security fix (bsc#1203911) - Add permissions for enlightenment helper on 32bit arches (bsc#1194047) The following package changes have been done: - libcurl4-7.79.1-150400.5.9.1 updated - permissions-20201225-150400.5.16.1 updated - container:sles15-image-15.0.0-27.14.8 updated From sle-updates at lists.suse.com Fri Oct 28 10:12:25 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 28 Oct 2022 12:12:25 +0200 (CEST) Subject: SUSE-CU-2022:2757-1: Security update of bci/bci-init Message-ID: <20221028101225.62EC8FDB8@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2757-1 Container Tags : bci/bci-init:15.4 , bci/bci-init:15.4.24.13 , bci/bci-init:latest Container Release : 24.13 Severity : important Type : security References : 1194047 1203911 1204383 1204386 CVE-2022-32221 CVE-2022-42916 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3785-1 Released: Wed Oct 26 20:20:19 2022 Summary: Security update for curl Type: security Severity: important References: 1204383,1204386,CVE-2022-32221,CVE-2022-42916 This update for curl fixes the following issues: - CVE-2022-32221: Fixed POST following PUT confusion (bsc#1204383). - CVE-2022-42916: Fixed HSTS bypass via IDN (bsc#1204386). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3787-1 Released: Thu Oct 27 04:41:09 2022 Summary: Recommended update for permissions Type: recommended Severity: important References: 1194047,1203911 This update for permissions fixes the following issues: - Fix regression introduced by backport of security fix (bsc#1203911) - Add permissions for enlightenment helper on 32bit arches (bsc#1194047) The following package changes have been done: - libcurl4-7.79.1-150400.5.9.1 updated - permissions-20201225-150400.5.16.1 updated - container:sles15-image-15.0.0-27.14.8 updated From sle-updates at lists.suse.com Fri Oct 28 10:12:28 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 28 Oct 2022 12:12:28 +0200 (CEST) Subject: SUSE-CU-2022:2759-1: Security update of bci/bci-init Message-ID: <20221028101228.BEA55FDB8@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2759-1 Container Tags : bci/bci-init:15.4 , bci/bci-init:15.4.24.14 , bci/bci-init:latest Container Release : 24.14 Severity : important Type : security References : 1087072 1204111 1204112 1204113 CVE-2022-42010 CVE-2022-42011 CVE-2022-42012 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3806-1 Released: Thu Oct 27 17:21:11 2022 Summary: Security update for dbus-1 Type: security Severity: important References: 1087072,1204111,1204112,1204113,CVE-2022-42010,CVE-2022-42011,CVE-2022-42012 This update for dbus-1 fixes the following issues: - CVE-2022-42010: Fixed potential crash that could be triggered by an invalid signature (bsc#1204111). - CVE-2022-42011: Fixed an out of bounds read caused by a fixed length array (bsc#1204112). - CVE-2022-42012: Fixed a use-after-free that could be trigged by a message in non-native endianness with out-of-band Unix file descriptor (bsc#1204113). Bugfixes: - Disable asserts (bsc#1087072). The following package changes have been done: - libdbus-1-3-1.12.2-150400.18.5.1 updated - dbus-1-1.12.2-150400.18.5.1 updated From sle-updates at lists.suse.com Fri Oct 28 10:13:52 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 28 Oct 2022 12:13:52 +0200 (CEST) Subject: SUSE-CU-2022:2760-1: Security update of bci/nodejs Message-ID: <20221028101352.D2066FDD6@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2760-1 Container Tags : bci/node:14 , bci/node:14-35.11 , bci/nodejs:14 , bci/nodejs:14-35.11 Container Release : 35.11 Severity : important Type : security References : 1194047 1203911 1204383 1204386 CVE-2022-32221 CVE-2022-42916 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3785-1 Released: Wed Oct 26 20:20:19 2022 Summary: Security update for curl Type: security Severity: important References: 1204383,1204386,CVE-2022-32221,CVE-2022-42916 This update for curl fixes the following issues: - CVE-2022-32221: Fixed POST following PUT confusion (bsc#1204383). - CVE-2022-42916: Fixed HSTS bypass via IDN (bsc#1204386). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3787-1 Released: Thu Oct 27 04:41:09 2022 Summary: Recommended update for permissions Type: recommended Severity: important References: 1194047,1203911 This update for permissions fixes the following issues: - Fix regression introduced by backport of security fix (bsc#1203911) - Add permissions for enlightenment helper on 32bit arches (bsc#1194047) The following package changes have been done: - libcurl4-7.79.1-150400.5.9.1 updated - permissions-20201225-150400.5.16.1 updated - container:sles15-image-15.0.0-27.14.8 updated From sle-updates at lists.suse.com Fri Oct 28 10:14:48 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 28 Oct 2022 12:14:48 +0200 (CEST) Subject: SUSE-CU-2022:2761-1: Security update of bci/nodejs Message-ID: <20221028101448.66AB2FDD6@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2761-1 Container Tags : bci/node:16 , bci/node:16-11.11 , bci/node:latest , bci/nodejs:16 , bci/nodejs:16-11.11 , bci/nodejs:latest Container Release : 11.11 Severity : important Type : security References : 1194047 1203911 1204383 1204386 CVE-2022-32221 CVE-2022-42916 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3785-1 Released: Wed Oct 26 20:20:19 2022 Summary: Security update for curl Type: security Severity: important References: 1204383,1204386,CVE-2022-32221,CVE-2022-42916 This update for curl fixes the following issues: - CVE-2022-32221: Fixed POST following PUT confusion (bsc#1204383). - CVE-2022-42916: Fixed HSTS bypass via IDN (bsc#1204386). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3787-1 Released: Thu Oct 27 04:41:09 2022 Summary: Recommended update for permissions Type: recommended Severity: important References: 1194047,1203911 This update for permissions fixes the following issues: - Fix regression introduced by backport of security fix (bsc#1203911) - Add permissions for enlightenment helper on 32bit arches (bsc#1194047) The following package changes have been done: - libcurl4-7.79.1-150400.5.9.1 updated - permissions-20201225-150400.5.16.1 updated - container:sles15-image-15.0.0-27.14.8 updated From sle-updates at lists.suse.com Fri Oct 28 10:17:39 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 28 Oct 2022 12:17:39 +0200 (CEST) Subject: SUSE-CU-2022:2762-1: Security update of bci/openjdk-devel Message-ID: <20221028101739.A5138FDD6@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2762-1 Container Tags : bci/openjdk-devel:11 , bci/openjdk-devel:11-36.22 , bci/openjdk-devel:latest Container Release : 36.22 Severity : critical Type : security References : 1194047 1203911 1204383 1204386 1204690 CVE-2021-46848 CVE-2022-32221 CVE-2022-42916 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3784-1 Released: Wed Oct 26 18:03:28 2022 Summary: Security update for libtasn1 Type: security Severity: critical References: 1204690,CVE-2021-46848 This update for libtasn1 fixes the following issues: - CVE-2021-46848: Fixed off-by-one array size check that affects asn1_encode_simple_der (bsc#1204690) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3785-1 Released: Wed Oct 26 20:20:19 2022 Summary: Security update for curl Type: security Severity: important References: 1204383,1204386,CVE-2022-32221,CVE-2022-42916 This update for curl fixes the following issues: - CVE-2022-32221: Fixed POST following PUT confusion (bsc#1204383). - CVE-2022-42916: Fixed HSTS bypass via IDN (bsc#1204386). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3787-1 Released: Thu Oct 27 04:41:09 2022 Summary: Recommended update for permissions Type: recommended Severity: important References: 1194047,1203911 This update for permissions fixes the following issues: - Fix regression introduced by backport of security fix (bsc#1203911) - Add permissions for enlightenment helper on 32bit arches (bsc#1194047) The following package changes have been done: - libcurl4-7.79.1-150400.5.9.1 updated - permissions-20201225-150400.5.16.1 updated - libtasn1-6-4.13-150000.4.8.1 updated - libtasn1-4.13-150000.4.8.1 updated - container:bci-openjdk-11-15.4-32.11 updated From sle-updates at lists.suse.com Fri Oct 28 10:18:43 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 28 Oct 2022 12:18:43 +0200 (CEST) Subject: SUSE-SU-2022:3807-1: important: Security update for libconfuse0 Message-ID: <20221028101843.DD980FDD7@maintenance.suse.de> SUSE Security Update: Security update for libconfuse0 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3807-1 Rating: important References: #1203326 Cross-References: CVE-2022-40320 CVSS scores: CVE-2022-40320 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-40320 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Affected Products: SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for HPC 15-SP3 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for libconfuse0 fixes the following issues: - CVE-2022-40320: Fixed a heap-based buffer over-read in cfg_tilde_expand in confuse.c (bsc#1203326). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3807=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-3807=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2022-3807=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2022-3807=1 - SUSE Linux Enterprise Module for HPC 15-SP3: zypper in -t patch SUSE-SLE-Module-HPC-15-SP3-2022-3807=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-3807=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-3807=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-3807=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-3807=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-3807=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-3807=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): libconfuse-devel-2.8-150000.3.3.1 libconfuse0-2.8-150000.3.3.1 libconfuse0-debuginfo-2.8-150000.3.3.1 libconfuse0-debugsource-2.8-150000.3.3.1 - openSUSE Leap 15.4 (noarch): libconfuse0-lang-2.8-150000.3.3.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): libconfuse-devel-2.8-150000.3.3.1 libconfuse0-2.8-150000.3.3.1 libconfuse0-debuginfo-2.8-150000.3.3.1 libconfuse0-debugsource-2.8-150000.3.3.1 - openSUSE Leap 15.3 (noarch): libconfuse0-lang-2.8-150000.3.3.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 (ppc64le s390x): libconfuse-devel-2.8-150000.3.3.1 libconfuse0-2.8-150000.3.3.1 libconfuse0-debuginfo-2.8-150000.3.3.1 libconfuse0-debugsource-2.8-150000.3.3.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 (noarch): libconfuse0-lang-2.8-150000.3.3.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (ppc64le s390x): libconfuse-devel-2.8-150000.3.3.1 libconfuse0-2.8-150000.3.3.1 libconfuse0-debuginfo-2.8-150000.3.3.1 libconfuse0-debugsource-2.8-150000.3.3.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (noarch): libconfuse0-lang-2.8-150000.3.3.1 - SUSE Linux Enterprise Module for HPC 15-SP3 (aarch64 x86_64): libconfuse-devel-2.8-150000.3.3.1 libconfuse0-2.8-150000.3.3.1 libconfuse0-debuginfo-2.8-150000.3.3.1 libconfuse0-debugsource-2.8-150000.3.3.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): libconfuse-devel-2.8-150000.3.3.1 libconfuse0-2.8-150000.3.3.1 libconfuse0-debuginfo-2.8-150000.3.3.1 libconfuse0-debugsource-2.8-150000.3.3.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): libconfuse-devel-2.8-150000.3.3.1 libconfuse0-2.8-150000.3.3.1 libconfuse0-debuginfo-2.8-150000.3.3.1 libconfuse0-debugsource-2.8-150000.3.3.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): libconfuse-devel-2.8-150000.3.3.1 libconfuse0-2.8-150000.3.3.1 libconfuse0-debuginfo-2.8-150000.3.3.1 libconfuse0-debugsource-2.8-150000.3.3.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): libconfuse-devel-2.8-150000.3.3.1 libconfuse0-2.8-150000.3.3.1 libconfuse0-debuginfo-2.8-150000.3.3.1 libconfuse0-debugsource-2.8-150000.3.3.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): libconfuse-devel-2.8-150000.3.3.1 libconfuse0-2.8-150000.3.3.1 libconfuse0-debuginfo-2.8-150000.3.3.1 libconfuse0-debugsource-2.8-150000.3.3.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): libconfuse-devel-2.8-150000.3.3.1 libconfuse0-2.8-150000.3.3.1 libconfuse0-debuginfo-2.8-150000.3.3.1 libconfuse0-debugsource-2.8-150000.3.3.1 References: https://www.suse.com/security/cve/CVE-2022-40320.html https://bugzilla.suse.com/1203326 From sle-updates at lists.suse.com Fri Oct 28 10:19:44 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 28 Oct 2022 12:19:44 +0200 (CEST) Subject: SUSE-CU-2022:2763-1: Security update of suse/pcp Message-ID: <20221028101944.19002FDD7@maintenance.suse.de> SUSE Container Update Advisory: suse/pcp ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2763-1 Container Tags : suse/pcp:5 , suse/pcp:5.2 , suse/pcp:5.2.2 , suse/pcp:5.2.2-11.38 , suse/pcp:latest Container Release : 11.38 Severity : important Type : security References : 1087072 1194047 1203911 1204111 1204112 1204113 1204383 1204386 CVE-2022-32221 CVE-2022-42010 CVE-2022-42011 CVE-2022-42012 CVE-2022-42916 ----------------------------------------------------------------- The container suse/pcp was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3785-1 Released: Wed Oct 26 20:20:19 2022 Summary: Security update for curl Type: security Severity: important References: 1204383,1204386,CVE-2022-32221,CVE-2022-42916 This update for curl fixes the following issues: - CVE-2022-32221: Fixed POST following PUT confusion (bsc#1204383). - CVE-2022-42916: Fixed HSTS bypass via IDN (bsc#1204386). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3787-1 Released: Thu Oct 27 04:41:09 2022 Summary: Recommended update for permissions Type: recommended Severity: important References: 1194047,1203911 This update for permissions fixes the following issues: - Fix regression introduced by backport of security fix (bsc#1203911) - Add permissions for enlightenment helper on 32bit arches (bsc#1194047) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3806-1 Released: Thu Oct 27 17:21:11 2022 Summary: Security update for dbus-1 Type: security Severity: important References: 1087072,1204111,1204112,1204113,CVE-2022-42010,CVE-2022-42011,CVE-2022-42012 This update for dbus-1 fixes the following issues: - CVE-2022-42010: Fixed potential crash that could be triggered by an invalid signature (bsc#1204111). - CVE-2022-42011: Fixed an out of bounds read caused by a fixed length array (bsc#1204112). - CVE-2022-42012: Fixed a use-after-free that could be trigged by a message in non-native endianness with out-of-band Unix file descriptor (bsc#1204113). Bugfixes: - Disable asserts (bsc#1087072). The following package changes have been done: - libcurl4-7.79.1-150400.5.9.1 updated - permissions-20201225-150400.5.16.1 updated - libdbus-1-3-1.12.2-150400.18.5.1 updated - dbus-1-1.12.2-150400.18.5.1 updated - container:bci-bci-init-15.4-15.4-24.14 updated From sle-updates at lists.suse.com Fri Oct 28 10:20:52 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 28 Oct 2022 12:20:52 +0200 (CEST) Subject: SUSE-CU-2022:2764-1: Security update of bci/python Message-ID: <20221028102052.719D5FDB8@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2764-1 Container Tags : bci/python:3 , bci/python:3.10 , bci/python:3.10-7.11 , bci/python:latest Container Release : 7.11 Severity : critical Type : security References : 1194047 1203911 1204383 1204386 1204690 CVE-2021-46848 CVE-2022-32221 CVE-2022-42916 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3784-1 Released: Wed Oct 26 18:03:28 2022 Summary: Security update for libtasn1 Type: security Severity: critical References: 1204690,CVE-2021-46848 This update for libtasn1 fixes the following issues: - CVE-2021-46848: Fixed off-by-one array size check that affects asn1_encode_simple_der (bsc#1204690) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3785-1 Released: Wed Oct 26 20:20:19 2022 Summary: Security update for curl Type: security Severity: important References: 1204383,1204386,CVE-2022-32221,CVE-2022-42916 This update for curl fixes the following issues: - CVE-2022-32221: Fixed POST following PUT confusion (bsc#1204383). - CVE-2022-42916: Fixed HSTS bypass via IDN (bsc#1204386). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3787-1 Released: Thu Oct 27 04:41:09 2022 Summary: Recommended update for permissions Type: recommended Severity: important References: 1194047,1203911 This update for permissions fixes the following issues: - Fix regression introduced by backport of security fix (bsc#1203911) - Add permissions for enlightenment helper on 32bit arches (bsc#1194047) The following package changes have been done: - libcurl4-7.79.1-150400.5.9.1 updated - permissions-20201225-150400.5.16.1 updated - libtasn1-6-4.13-150000.4.8.1 updated - libtasn1-4.13-150000.4.8.1 updated - curl-7.79.1-150400.5.9.1 updated - container:sles15-image-15.0.0-27.14.8 updated From sle-updates at lists.suse.com Fri Oct 28 10:22:12 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 28 Oct 2022 12:22:12 +0200 (CEST) Subject: SUSE-CU-2022:2765-1: Security update of bci/python Message-ID: <20221028102212.40C3EFDB8@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2765-1 Container Tags : bci/python:3 , bci/python:3.6 , bci/python:3.6-30.11 Container Release : 30.11 Severity : critical Type : security References : 1194047 1203911 1204383 1204386 1204690 CVE-2021-46848 CVE-2022-32221 CVE-2022-42916 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3784-1 Released: Wed Oct 26 18:03:28 2022 Summary: Security update for libtasn1 Type: security Severity: critical References: 1204690,CVE-2021-46848 This update for libtasn1 fixes the following issues: - CVE-2021-46848: Fixed off-by-one array size check that affects asn1_encode_simple_der (bsc#1204690) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3785-1 Released: Wed Oct 26 20:20:19 2022 Summary: Security update for curl Type: security Severity: important References: 1204383,1204386,CVE-2022-32221,CVE-2022-42916 This update for curl fixes the following issues: - CVE-2022-32221: Fixed POST following PUT confusion (bsc#1204383). - CVE-2022-42916: Fixed HSTS bypass via IDN (bsc#1204386). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3787-1 Released: Thu Oct 27 04:41:09 2022 Summary: Recommended update for permissions Type: recommended Severity: important References: 1194047,1203911 This update for permissions fixes the following issues: - Fix regression introduced by backport of security fix (bsc#1203911) - Add permissions for enlightenment helper on 32bit arches (bsc#1194047) The following package changes have been done: - libcurl4-7.79.1-150400.5.9.1 updated - permissions-20201225-150400.5.16.1 updated - libtasn1-6-4.13-150000.4.8.1 updated - libtasn1-4.13-150000.4.8.1 updated - curl-7.79.1-150400.5.9.1 updated - container:sles15-image-15.0.0-27.14.8 updated From sle-updates at lists.suse.com Fri Oct 28 10:24:25 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 28 Oct 2022 12:24:25 +0200 (CEST) Subject: SUSE-CU-2022:2766-1: Security update of bci/ruby Message-ID: <20221028102425.97EC0FDB8@maintenance.suse.de> SUSE Container Update Advisory: bci/ruby ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2766-1 Container Tags : bci/ruby:2 , bci/ruby:2.5 , bci/ruby:2.5-31.9 , bci/ruby:latest Container Release : 31.9 Severity : important Type : security References : 1194047 1203911 1204383 1204386 CVE-2022-32221 CVE-2022-42916 ----------------------------------------------------------------- The container bci/ruby was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3785-1 Released: Wed Oct 26 20:20:19 2022 Summary: Security update for curl Type: security Severity: important References: 1204383,1204386,CVE-2022-32221,CVE-2022-42916 This update for curl fixes the following issues: - CVE-2022-32221: Fixed POST following PUT confusion (bsc#1204383). - CVE-2022-42916: Fixed HSTS bypass via IDN (bsc#1204386). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3787-1 Released: Thu Oct 27 04:41:09 2022 Summary: Recommended update for permissions Type: recommended Severity: important References: 1194047,1203911 This update for permissions fixes the following issues: - Fix regression introduced by backport of security fix (bsc#1203911) - Add permissions for enlightenment helper on 32bit arches (bsc#1194047) The following package changes have been done: - libcurl4-7.79.1-150400.5.9.1 updated - permissions-20201225-150400.5.16.1 updated - curl-7.79.1-150400.5.9.1 updated - container:sles15-image-15.0.0-27.14.7 updated From sle-updates at lists.suse.com Fri Oct 28 10:25:56 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 28 Oct 2022 12:25:56 +0200 (CEST) Subject: SUSE-CU-2022:2767-1: Security update of bci/rust Message-ID: <20221028102556.08829FDB8@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2767-1 Container Tags : bci/rust:1.59 , bci/rust:1.59-9.77 Container Release : 9.77 Severity : important Type : security References : 1194047 1203911 1204383 1204386 CVE-2022-32221 CVE-2022-42916 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3785-1 Released: Wed Oct 26 20:20:19 2022 Summary: Security update for curl Type: security Severity: important References: 1204383,1204386,CVE-2022-32221,CVE-2022-42916 This update for curl fixes the following issues: - CVE-2022-32221: Fixed POST following PUT confusion (bsc#1204383). - CVE-2022-42916: Fixed HSTS bypass via IDN (bsc#1204386). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3787-1 Released: Thu Oct 27 04:41:09 2022 Summary: Recommended update for permissions Type: recommended Severity: important References: 1194047,1203911 This update for permissions fixes the following issues: - Fix regression introduced by backport of security fix (bsc#1203911) - Add permissions for enlightenment helper on 32bit arches (bsc#1194047) The following package changes have been done: - libcurl4-7.79.1-150400.5.9.1 updated - permissions-20201225-150400.5.16.1 updated - container:sles15-image-15.0.0-27.14.8 updated From sle-updates at lists.suse.com Fri Oct 28 10:27:18 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 28 Oct 2022 12:27:18 +0200 (CEST) Subject: SUSE-CU-2022:2768-1: Security update of bci/rust Message-ID: <20221028102718.E030AFDB8@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2768-1 Container Tags : bci/rust:1.60 , bci/rust:1.60-6.17 Container Release : 6.17 Severity : important Type : security References : 1194047 1203911 1204383 1204386 CVE-2022-32221 CVE-2022-42916 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3785-1 Released: Wed Oct 26 20:20:19 2022 Summary: Security update for curl Type: security Severity: important References: 1204383,1204386,CVE-2022-32221,CVE-2022-42916 This update for curl fixes the following issues: - CVE-2022-32221: Fixed POST following PUT confusion (bsc#1204383). - CVE-2022-42916: Fixed HSTS bypass via IDN (bsc#1204386). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3787-1 Released: Thu Oct 27 04:41:09 2022 Summary: Recommended update for permissions Type: recommended Severity: important References: 1194047,1203911 This update for permissions fixes the following issues: - Fix regression introduced by backport of security fix (bsc#1203911) - Add permissions for enlightenment helper on 32bit arches (bsc#1194047) The following package changes have been done: - libcurl4-7.79.1-150400.5.9.1 updated - permissions-20201225-150400.5.16.1 updated - container:sles15-image-15.0.0-27.14.8 updated From sle-updates at lists.suse.com Fri Oct 28 10:28:36 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 28 Oct 2022 12:28:36 +0200 (CEST) Subject: SUSE-CU-2022:2769-1: Security update of bci/rust Message-ID: <20221028102836.2FF8AFDB8@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2769-1 Container Tags : bci/rust:1.61 , bci/rust:1.61-7.17 Container Release : 7.17 Severity : important Type : security References : 1194047 1203911 1204383 1204386 CVE-2022-32221 CVE-2022-42916 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3785-1 Released: Wed Oct 26 20:20:19 2022 Summary: Security update for curl Type: security Severity: important References: 1204383,1204386,CVE-2022-32221,CVE-2022-42916 This update for curl fixes the following issues: - CVE-2022-32221: Fixed POST following PUT confusion (bsc#1204383). - CVE-2022-42916: Fixed HSTS bypass via IDN (bsc#1204386). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3787-1 Released: Thu Oct 27 04:41:09 2022 Summary: Recommended update for permissions Type: recommended Severity: important References: 1194047,1203911 This update for permissions fixes the following issues: - Fix regression introduced by backport of security fix (bsc#1203911) - Add permissions for enlightenment helper on 32bit arches (bsc#1194047) The following package changes have been done: - libcurl4-7.79.1-150400.5.9.1 updated - permissions-20201225-150400.5.16.1 updated - container:sles15-image-15.0.0-27.14.8 updated From sle-updates at lists.suse.com Fri Oct 28 10:29:36 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 28 Oct 2022 12:29:36 +0200 (CEST) Subject: SUSE-CU-2022:2770-1: Security update of bci/rust Message-ID: <20221028102936.52819FDB8@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2770-1 Container Tags : bci/rust:1.62 , bci/rust:1.62-3.16 , bci/rust:latest Container Release : 3.16 Severity : important Type : security References : 1194047 1203911 1204383 1204386 CVE-2022-32221 CVE-2022-42916 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3785-1 Released: Wed Oct 26 20:20:19 2022 Summary: Security update for curl Type: security Severity: important References: 1204383,1204386,CVE-2022-32221,CVE-2022-42916 This update for curl fixes the following issues: - CVE-2022-32221: Fixed POST following PUT confusion (bsc#1204383). - CVE-2022-42916: Fixed HSTS bypass via IDN (bsc#1204386). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3787-1 Released: Thu Oct 27 04:41:09 2022 Summary: Recommended update for permissions Type: recommended Severity: important References: 1194047,1203911 This update for permissions fixes the following issues: - Fix regression introduced by backport of security fix (bsc#1203911) - Add permissions for enlightenment helper on 32bit arches (bsc#1194047) The following package changes have been done: - libcurl4-7.79.1-150400.5.9.1 updated - permissions-20201225-150400.5.16.1 updated - container:sles15-image-15.0.0-27.14.7 updated From sle-updates at lists.suse.com Fri Oct 28 10:29:53 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 28 Oct 2022 12:29:53 +0200 (CEST) Subject: SUSE-CU-2022:2771-1: Security update of bci/rust Message-ID: <20221028102953.A9940FDB8@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2771-1 Container Tags : bci/rust:1.63 , bci/rust:1.63-3.9 , bci/rust:latest Container Release : 3.9 Severity : important Type : security References : 1194047 1203911 1204383 1204386 CVE-2022-32221 CVE-2022-42916 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3785-1 Released: Wed Oct 26 20:20:19 2022 Summary: Security update for curl Type: security Severity: important References: 1204383,1204386,CVE-2022-32221,CVE-2022-42916 This update for curl fixes the following issues: - CVE-2022-32221: Fixed POST following PUT confusion (bsc#1204383). - CVE-2022-42916: Fixed HSTS bypass via IDN (bsc#1204386). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3787-1 Released: Thu Oct 27 04:41:09 2022 Summary: Recommended update for permissions Type: recommended Severity: important References: 1194047,1203911 This update for permissions fixes the following issues: - Fix regression introduced by backport of security fix (bsc#1203911) - Add permissions for enlightenment helper on 32bit arches (bsc#1194047) The following package changes have been done: - libcurl4-7.79.1-150400.5.9.1 updated - permissions-20201225-150400.5.16.1 updated - container:sles15-image-15.0.0-27.14.7 updated From sle-updates at lists.suse.com Fri Oct 28 10:31:22 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 28 Oct 2022 12:31:22 +0200 (CEST) Subject: SUSE-CU-2022:2772-1: Security update of suse/sle15 Message-ID: <20221028103122.85C3BFDB8@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2772-1 Container Tags : bci/bci-base:15.4 , bci/bci-base:15.4.27.14.8 , suse/sle15:15.4 , suse/sle15:15.4.27.14.8 Container Release : 27.14.8 Severity : critical Type : security References : 1194047 1203911 1204383 1204386 1204397 1204690 CVE-2021-46848 CVE-2022-32221 CVE-2022-42916 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3781-1 Released: Wed Oct 26 17:50:44 2022 Summary: Security update for container-suseconnect Type: security Severity: moderate References: 1204397 This update of container-suseconnect is a rebuilt of the previous sources against the current security updated go compiler. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3784-1 Released: Wed Oct 26 18:03:28 2022 Summary: Security update for libtasn1 Type: security Severity: critical References: 1204690,CVE-2021-46848 This update for libtasn1 fixes the following issues: - CVE-2021-46848: Fixed off-by-one array size check that affects asn1_encode_simple_der (bsc#1204690) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3785-1 Released: Wed Oct 26 20:20:19 2022 Summary: Security update for curl Type: security Severity: important References: 1204383,1204386,CVE-2022-32221,CVE-2022-42916 This update for curl fixes the following issues: - CVE-2022-32221: Fixed POST following PUT confusion (bsc#1204383). - CVE-2022-42916: Fixed HSTS bypass via IDN (bsc#1204386). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3787-1 Released: Thu Oct 27 04:41:09 2022 Summary: Recommended update for permissions Type: recommended Severity: important References: 1194047,1203911 This update for permissions fixes the following issues: - Fix regression introduced by backport of security fix (bsc#1203911) - Add permissions for enlightenment helper on 32bit arches (bsc#1194047) The following package changes have been done: - container-suseconnect-2.3.0-150000.4.19.2 updated - curl-7.79.1-150400.5.9.1 updated - libcurl4-7.79.1-150400.5.9.1 updated - libtasn1-6-4.13-150000.4.8.1 updated - libtasn1-4.13-150000.4.8.1 updated - permissions-20201225-150400.5.16.1 updated From sle-updates at lists.suse.com Sat Oct 29 07:19:17 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 29 Oct 2022 09:19:17 +0200 (CEST) Subject: SUSE-CU-2022:2774-1: Security update of suse/sle-micro/5.3/toolbox Message-ID: <20221029071917.45D0DF78D@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.3/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2774-1 Container Tags : suse/sle-micro/5.3/toolbox:11.1 , suse/sle-micro/5.3/toolbox:11.1-5.2.21 , suse/sle-micro/5.3/toolbox:latest Container Release : 5.2.21 Severity : important Type : security References : 1087072 1204111 1204112 1204113 CVE-2022-42010 CVE-2022-42011 CVE-2022-42012 ----------------------------------------------------------------- The container suse/sle-micro/5.3/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3806-1 Released: Thu Oct 27 17:21:11 2022 Summary: Security update for dbus-1 Type: security Severity: important References: 1087072,1204111,1204112,1204113,CVE-2022-42010,CVE-2022-42011,CVE-2022-42012 This update for dbus-1 fixes the following issues: - CVE-2022-42010: Fixed potential crash that could be triggered by an invalid signature (bsc#1204111). - CVE-2022-42011: Fixed an out of bounds read caused by a fixed length array (bsc#1204112). - CVE-2022-42012: Fixed a use-after-free that could be trigged by a message in non-native endianness with out-of-band Unix file descriptor (bsc#1204113). Bugfixes: - Disable asserts (bsc#1087072). The following package changes have been done: - dbus-1-1.12.2-150400.18.5.1 updated - libdbus-1-3-1.12.2-150400.18.5.1 updated From sle-updates at lists.suse.com Sat Oct 29 07:21:21 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 29 Oct 2022 09:21:21 +0200 (CEST) Subject: SUSE-CU-2022:2775-1: Security update of suse/sle-micro/5.1/toolbox Message-ID: <20221029072121.7E8E7F78D@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.1/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2775-1 Container Tags : suse/sle-micro/5.1/toolbox:11.1 , suse/sle-micro/5.1/toolbox:11.1-2.2.303 , suse/sle-micro/5.1/toolbox:latest Container Release : 2.2.303 Severity : important Type : security References : 1087072 1204111 1204112 1204113 CVE-2022-42010 CVE-2022-42011 CVE-2022-42012 ----------------------------------------------------------------- The container suse/sle-micro/5.1/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3805-1 Released: Thu Oct 27 17:19:46 2022 Summary: Security update for dbus-1 Type: security Severity: important References: 1087072,1204111,1204112,1204113,CVE-2022-42010,CVE-2022-42011,CVE-2022-42012 This update for dbus-1 fixes the following issues: - CVE-2022-42010: Fixed potential crash that could be triggered by an invalid signature (bsc#1204111). - CVE-2022-42011: Fixed an out of bounds read caused by a fixed length array (bsc#1204112). - CVE-2022-42012: Fixed a use-after-free that could be trigged by a message in non-native endianness with out-of-band Unix file descriptor (bsc#1204113). Bugfixes: - Disable asserts (bsc#1087072). The following package changes have been done: - dbus-1-1.12.2-150100.8.14.1 updated - libdbus-1-3-1.12.2-150100.8.14.1 updated From sle-updates at lists.suse.com Sat Oct 29 07:22:51 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 29 Oct 2022 09:22:51 +0200 (CEST) Subject: SUSE-CU-2022:2776-1: Security update of suse/sle-micro/5.2/toolbox Message-ID: <20221029072251.EC62DF78D@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.2/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2776-1 Container Tags : suse/sle-micro/5.2/toolbox:11.1 , suse/sle-micro/5.2/toolbox:11.1-6.2.124 , suse/sle-micro/5.2/toolbox:latest Container Release : 6.2.124 Severity : important Type : security References : 1087072 1204111 1204112 1204113 CVE-2022-42010 CVE-2022-42011 CVE-2022-42012 ----------------------------------------------------------------- The container suse/sle-micro/5.2/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3805-1 Released: Thu Oct 27 17:19:46 2022 Summary: Security update for dbus-1 Type: security Severity: important References: 1087072,1204111,1204112,1204113,CVE-2022-42010,CVE-2022-42011,CVE-2022-42012 This update for dbus-1 fixes the following issues: - CVE-2022-42010: Fixed potential crash that could be triggered by an invalid signature (bsc#1204111). - CVE-2022-42011: Fixed an out of bounds read caused by a fixed length array (bsc#1204112). - CVE-2022-42012: Fixed a use-after-free that could be trigged by a message in non-native endianness with out-of-band Unix file descriptor (bsc#1204113). Bugfixes: - Disable asserts (bsc#1087072). The following package changes have been done: - dbus-1-1.12.2-150100.8.14.1 updated - libdbus-1-3-1.12.2-150100.8.14.1 updated From sle-updates at lists.suse.com Mon Oct 31 14:24:31 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 31 Oct 2022 15:24:31 +0100 (CET) Subject: SUSE-SU-2022:3809-1: important: Security update for the Linux Kernel Message-ID: <20221031142431.0F4F2FDB8@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3809-1 Rating: important References: #1023051 #1065729 #1152489 #1156395 #1177471 #1179722 #1179723 #1181862 #1185032 #1191662 #1191667 #1191881 #1192594 #1194023 #1194272 #1194535 #1196444 #1197158 #1197659 #1197755 #1197756 #1197757 #1197760 #1197763 #1197920 #1198971 #1199291 #1200288 #1200313 #1200431 #1200622 #1200845 #1200868 #1200869 #1200870 #1200871 #1200872 #1200873 #1201019 #1201309 #1201310 #1201420 #1201489 #1201610 #1201705 #1201726 #1201865 #1201948 #1201990 #1202095 #1202096 #1202097 #1202341 #1202346 #1202347 #1202385 #1202393 #1202396 #1202447 #1202577 #1202636 #1202638 #1202672 #1202677 #1202701 #1202708 #1202709 #1202710 #1202711 #1202712 #1202713 #1202714 #1202715 #1202716 #1202717 #1202718 #1202720 #1202722 #1202745 #1202756 #1202810 #1202811 #1202860 #1202895 #1202898 #1202960 #1202984 #1203063 #1203098 #1203107 #1203117 #1203135 #1203136 #1203137 #1203159 #1203290 #1203389 #1203410 #1203424 #1203514 #1203552 #1203622 #1203737 #1203769 #1203770 #1203802 #1203906 #1203909 #1203935 #1203939 #1203987 #1203992 #1204051 #1204059 #1204060 #1204125 PED-529 SLE-24635 Cross-References: CVE-2016-3695 CVE-2020-16119 CVE-2020-27784 CVE-2021-4155 CVE-2021-4203 CVE-2022-20368 CVE-2022-20369 CVE-2022-2503 CVE-2022-2586 CVE-2022-2588 CVE-2022-26373 CVE-2022-2663 CVE-2022-2905 CVE-2022-2977 CVE-2022-3028 CVE-2022-3169 CVE-2022-32296 CVE-2022-3239 CVE-2022-3303 CVE-2022-36879 CVE-2022-39188 CVE-2022-39190 CVE-2022-40768 CVE-2022-41218 CVE-2022-41222 CVE-2022-41674 CVE-2022-41848 CVE-2022-41849 CVE-2022-42719 CVE-2022-42720 CVE-2022-42721 CVE-2022-42722 CVSS scores: CVE-2016-3695 (NVD) : 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2016-3695 (SUSE): 2.2 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:L CVE-2020-16119 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2020-16119 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2020-27784 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-27784 (SUSE): 4 CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H CVE-2021-4155 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2021-4155 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2021-4203 (NVD) : 6.8 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2021-4203 (SUSE): 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:L CVE-2022-20368 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-20368 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-20369 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-20369 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-2503 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-2503 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-2586 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-2588 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-26373 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-26373 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-2663 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2022-2663 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N CVE-2022-2905 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-2905 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2022-2977 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-2977 (SUSE): 4.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H CVE-2022-3028 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3028 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-3169 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3169 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-32296 (NVD) : 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2022-32296 (SUSE): 5.3 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-3239 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3239 (SUSE): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-3303 (NVD) : 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3303 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2022-36879 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-36879 (SUSE): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2022-39188 (NVD) : 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-39188 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-39190 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-39190 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-40768 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-40768 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-41218 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-41218 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-41222 (NVD) : 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-41222 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-41674 (NVD) : 8.1 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H CVE-2022-41674 (SUSE): 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-41848 (NVD) : 4.2 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-41848 (SUSE): 6.4 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-41849 (NVD) : 4.2 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-41849 (SUSE): 6.3 CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-42719 (NVD) : 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-42719 (SUSE): 7.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-42720 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-42720 (SUSE): 7.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-42721 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-42721 (SUSE): 7.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-42722 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-42722 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Module for Realtime 15-SP3 SUSE Linux Enterprise Real Time 15-SP3 openSUSE Leap Micro 5.2 ______________________________________________________________________________ An update that solves 32 vulnerabilities, contains two features and has 84 fixes is now available. Description: The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2016-3695: Fixed an issue inside the einj_error_inject function in drivers/acpi/apei/einj.c that allowed users to simulate hardware errors and consequently cause a denial of service (bnc#1023051). - CVE-2020-16119: Fixed a use-after-free due to reuse of a DCCP socket with an attached dccps_hc_tx_ccid object as a listener after being released (bnc#1177471). - CVE-2020-27784: Fixed a vulnerability that was found in printer_ioctl() printer_ioctl() when accessing a deallocated instance (bnc#1202895). - CVE-2021-4155: Fixed a data leak flaw that was found in the way XFS_IOC_ALLOCSP IOCTL in the XFS filesystem (bnc#1194272). - CVE-2021-4203: Fixed use-after-free read flaw that was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and SO_PEERGROUPS race with listen() (bnc#1194535). - CVE-2022-20368: Fixed slab-out-of-bounds access in packet_recvmsg() (bsc#1202346). - CVE-2022-20369: Fixed out of bounds write in v4l2_m2m_querybuf of v4l2-mem2mem.c (bnc#1202347). - CVE-2022-2503: Fixed a LoadPin bypass in Dm-verity (bnc#1202677). - CVE-2022-2586: Fixed issue in netfilter that allowed CHAIN_ID to refer to another table (bsc#1202095). - CVE-2022-2588: Fixed use-after-free in cls_route (bsc#1202096). - CVE-2022-26373: Fixed non-transparent sharing of return predictor targets between contexts in some Intel Processors (bnc#1201726). - CVE-2022-2663: Fixed an issue that was found in nf_conntrack_irc where the message handling could be confused and incorrectly matches the message (bnc#1202097). - CVE-2022-2905: Fixed tnum_range usage on array range checking for poke descriptors (bsc#1202564, bsc#1202860). - CVE-2022-2977: Fixed reference counting for struct tpm_chip (bsc#1202672). - CVE-2022-3028: Fixed race condition that was found in the IP framework for transforming packets (XFRM subsystem) (bnc#1202898). - CVE-2022-3169: Fixed a denial of service that resulted in a PCIe link disconnect (bnc#1203290). - CVE-2022-32296: Fixed issue where TCP servers were able to identify clients by observing what source ports are used (bnc#1200288). - CVE-2022-3239: Fixed a use-after-free in the video4linux driver (bnc#1203552). - CVE-2022-3303: Fixed a race at SNDCTL_DSP_SYNC (bsc#1203769). - CVE-2022-36879: Fixed an issue in xfrm_expand_policies in net/xfrm/xfrm_policy.c where a refcount could be dropped twice (bnc#1201948). - CVE-2022-39188: Fixed race condition in include/asm-generic/tlb.h where a device driver can free a page while it still has stale TLB entries (bnc#1203107). - CVE-2022-39190: Fixed an issue that was discovered in net/netfilter/nf_tables_api.c and could cause a denial of service upon binding to an already bound chain (bnc#1203117). - CVE-2022-40768: Fixed information leak in drivers/scsi/stex.c due to stex_queuecommand_lck lack a memset for the PASSTHRU_CMD case (bnc#1203514). - CVE-2022-41218: Fixed a use-after-free due to refcount races at releasing (bsc#1202960). - CVE-2022-41222: Fixed a use-after-free via a stale TLB because an rmap lock is not held during a PUD move (bnc#1203622). - CVE-2022-41674: Fixed a DoS issue where kernel can crash on the reception of specific WiFi Frames (bsc#1203770). - CVE-2022-41848: Fixed a use-after-free in mgslpc_ops (bsc#1203987). - CVE-2022-41849: Fixed a use-after-free in ufx_ops_open() (bsc#1203992). - CVE-2022-42719: Fixed MBSSID parsing use-after-free (bsc#1204051). - CVE-2022-42720: Fixed BSS refcounting bugs (bsc#1204059). - CVE-2022-42721: Avoid nontransmitted BSS list corruption (bsc#1204060). - CVE-2022-42722: Fixed crash in beacon protection for P2P-device (bsc#1204125). The following non-security bugs were fixed: - Fixed parsing of rpm/macros.kernel-source on SLE12 (bsc#1201019). - acpi: EC: Remove duplicate ThinkPad X1 Carbon 6th entry from DMI quirks (git-fixes). - acpi: LPSS: Fix missing check in register_device_clock() (git-fixes). - acpi: PM: save NVS memory for Lenovo G40-45 (git-fixes). - acpi: processor idle: Practically limit "Dummy wait" workaround to old Intel systems (bnc#1203802). - acpi: processor: Remove freq Qos request for all CPUs (git-fixes). - acpi: property: Return type of acpi_add_nondev_subnodes() should be bool (git-fixes). - acpi: video: Force backlight native for some TongFang devices (git-fixes). - alsa: aloop: Fix random zeros in capture data when using jiffies timer (git-fixes). - alsa: bcd2000: Fix a UAF bug on the error path of probing (git-fixes). - alsa: emu10k1: Fix out of bounds access in snd_emu10k1_pcm_channel_alloc() (git-fixes). - alsa: hda/cirrus - support for iMac 12,1 model (git-fixes). - alsa: hda/conexant: Add quirk for LENOVO 20149 Notebook model (git-fixes). - alsa: hda/realtek: Add a quirk for HP OMEN 15 (8786) mute LED (git-fixes). - alsa: hda/realtek: Add mute LED quirk for HP Omen laptop (git-fixes). - alsa: hda/realtek: Add new alc285-hp-amp-init model (git-fixes). - alsa: hda/realtek: Add pincfg for ASUS G513 HP jack (git-fixes). - alsa: hda/realtek: Add pincfg for ASUS G533Z HP jack (git-fixes). - alsa: hda/realtek: Add quirk for ASUS GA503R laptop (git-fixes). - alsa: hda/realtek: Add quirk for Clevo L140PU (git-fixes). - alsa: hda/realtek: Add quirk for Clevo NP50PNJ (git-fixes). - alsa: hda/realtek: Add quirk for Clevo NP70PNJ (git-fixes). - alsa: hda/realtek: Add quirk for Clevo NP70PNP (git-fixes). - alsa: hda/realtek: Add quirk for Clevo NS50PU (git-fixes). - alsa: hda/realtek: Add quirk for Clevo NV45PZ (git-fixes). - alsa: hda/realtek: Add quirk for Dell Latitude 7520 (git-fixes). - alsa: hda/realtek: Add quirk for HP Dev One (git-fixes). - alsa: hda/realtek: Add quirk for HP Spectre x360 15-eb0xxx (git-fixes). - alsa: hda/realtek: Add quirk for Huawei WRT-WX9 (git-fixes). - alsa: hda/realtek: Add quirk for TongFang devices with pop noise (git-fixes). - alsa: hda/realtek: Add quirk for another Asus K42JZ model (git-fixes). - alsa: hda/realtek: Add quirk for the Framework Laptop (git-fixes). - alsa: hda/realtek: Enable 4-speaker output Dell Precision 5530 laptop (git-fixes). - alsa: hda/realtek: Fix LED on HP ProBook 435 G7 (git-fixes). - alsa: hda/realtek: Fix deadlock by COEF mutex (git-fixes). - alsa: hda/realtek: Fix headset mic for Acer SF313-51 (git-fixes). - alsa: hda/realtek: Re-arrange quirk table entries (git-fixes). - alsa: hda/realtek: fix mute/micmute LEDs for HP machines (git-fixes). - alsa: hda/realtek: fix mute/micmute LEDs for a HP ProBook (git-fixes). - alsa: hda/realtek: fix right sounds and mute/micmute LEDs for HP machine (git-fixes). - alsa: hda/realtek: fix right sounds and mute/micmute LEDs for HP machines (git-fixes). - alsa: hda/sigmatel: Fix unused variable warning for beep power change (git-fixes). - alsa: hda/sigmatel: Keep power up while beep is enabled (git-fixes). - alsa: hda/tegra: Align BDL entry to 4KB boundary (git-fixes). - alsa: hda: add Intel 5 Series / 3400 PCI DID (git-fixes). - alsa: info: Fix llseek return value when using callback (git-fixes). - alsa: seq: Fix data-race at module auto-loading (git-fixes). - alsa: seq: oss: Fix data-race for max_midi_devs access (git-fixes). - alsa: usb-audio: Fix an out-of-bounds bug in __snd_usb_parse_audio_interface() (git-fixes). - alsa: usb-audio: Inform the delayed registration more properly (git-fixes). - alsa: usb-audio: More comprehensive mixer map for ASUS ROG Zenith II (git-fixes). - alsa: usb-audio: Register card again for iface over delayed_register option (git-fixes). - alsa: usb-audio: Split endpoint setups for hw_params and prepare (git-fixes). - alsa: usb-audio: fix spelling mistakes (git-fixes). - arm64/mm: Validate hotplug range before creating linear mapping (git-fixes) - arm64: cpufeature: Allow different PMU versions in ID_DFR0_EL1 (git-fixes) - arm64: dts: allwinner: A64 Sopine: phy-mode rgmii-id (git-fixes) - arm64: dts: allwinner: H5: NanoPi Neo Plus2: phy-mode rgmii-id (git-fixes) - arm64: dts: allwinner: a64-sopine-baseboard: change RGMII mode to (bsc#1202341) - arm64: dts: rockchip: Pull up wlan wake# on Gru-Bob (git-fixes) - arm64: dts: rockchip: Remove 'enable-active-low' from rk3399-puma (git-fixes) - arm64: dts: rockchip: Set RK3399-Gru PCLK_EDP to 24 MHz (git-fixes) - arm64: dts: uniphier: Fix USB interrupts for PXs3 SoC (git-fixes) - arm64: kexec_file: use more system keyrings to verify kernel image signature (bsc#1196444). - arm64: mm: Always update TCR_EL1 from __cpu_set_tcr_t0sz() (git-fixes) - arm64: mm: fix p?d_leaf() (git-fixes) - arm64: mm: use a 48-bit ID map when possible on 52-bit VA builds (git-fixes) - arm64: signal: nofpsimd: Do not allocate fp/simd context when not available (git-fixes). - arm64: tegra: Fix SDMMC1 CD on P2888 (git-fixes) - arm64: tegra: Remove non existent Tegra194 reset (git-fixes) - arm64: tlb: fix the TTL value of tlb_get_level (git-fixes) - arm: 9077/1: PLT: Move struct plt_entries definition to header (git-fixes). - arm: 9078/1: Add warn suppress parameter to arm_gen_branch_link() (git-fixes). - arm: 9079/1: ftrace: Add MODULE_PLTS support (git-fixes). - arm: 9098/1: ftrace: MODULE_PLT: Fix build problem without DYNAMIC_FTRACE (git-fixes). - asm-generic: sections: refactor memory_intersects (git-fixes). - asoc: SOF: debug: Fix potential buffer overflow by snprintf() (git-fixes). - asoc: audio-graph-card: Add of_node_put() in fail path (git-fixes). - asoc: codecs: da7210: add check for i2c_add_driver (git-fixes). - asoc: codecs: msm8916-wcd-digital: move gains from SX_TLV to S8_TLV (git-fixes). - asoc: codecs: wcd9335: move gains from SX_TLV to S8_TLV (git-fixes). - asoc: mt6797-mt6351: Fix refcount leak in mt6797_mt6351_dev_probe (git-fixes). - asoc: nau8824: Fix semaphore unbalance at error paths (git-fixes). - asoc: qcom: q6dsp: Fix an off-by-one in q6adm_alloc_copp() (git-fixes). - asoc: tas2770: Allow mono streams (git-fixes). - asoc: tas2770: Reinit regcache on reset (git-fixes). - ata: libata-eh: Add missing command name (git-fixes). - atm: idt77252: fix use-after-free bugs caused by tst_timer (git-fixes). - blk-iocost: clamp inuse and skip noops in __propagate_weights() (bsc#1202722). - blk-iocost: fix operation ordering in iocg_wake_fn() (bsc#1202720). - blk-iocost: fix weight updates of inner active iocgs (bsc#1202717). - blk-iocost: rename propagate_active_weights() to propagate_weights() (bsc#1202722). - blktrace: fix blk_rq_merge documentation (git-fixes). - bluetooth: L2CAP: Fix build errors in some archs (git-fixes). - bluetooth: L2CAP: Fix l2cap_global_chan_by_psm regression (git-fixes). - bluetooth: MGMT: Fixes build warnings with C=1 (git-fixes). - bpf: Compile out btf_parse_module() if module BTF is not enabled (git-fixes). - can: ems_usb: fix clang's -Wunaligned-access warning (git-fixes). - can: gs_usb: gs_can_open(): fix race dev->can.state condition (git-fixes). - ceph: do not leak snap_rwsem in handle_cap_grant (bsc#1202810). - ceph: do not truncate file in atomic_open (bsc#1202811). - cgroup: Trace event cgroup id fields should be u64 (git-fixes). - cgroup: Use separate src/dst nodes when preloading css_sets for migration (bsc#1201610). - cgroup: cgroup_get_from_id() must check the looked-up kn is a directory (bsc#1203906). - clk: bcm: rpi: Fix error handling of raspberrypi_fw_get_rate (git-fixes). - clk: core: Fix runtime PM sequence in clk_core_unprepare() (git-fixes). - clk: core: Honor CLK_OPS_PARENT_ENABLE for clk gate ops (git-fixes). - clk: imx: imx6sx: remove the SET_RATE_PARENT flag for QSPI clocks (git-fixes). - clk: iproc: Do not rely on node name for correct PLL setup (git-fixes). - clk: qcom: ipq8074: dont disable gcc_sleep_clk_src (git-fixes). - clk: rockchip: add sclk_mac_lbtest to rk3188_critical_clocks (git-fixes). - coresight: cti: Correct the parameter for pm_runtime_put (git-fixes). - crypto: arm64/gcm - Select AEAD for GHASH_ARM64_CE (git-fixes) - crypto: arm64/poly1305 - fix a read out-of-bound (git-fixes) - devlink: Fix use-after-free after a failed reload (git-fixes). - dm raid: fix KASAN warning in raid5_add_disks (git-fixes). - dmaengine: sprd: Cleanup in .remove() after pm_runtime_get_sync() failed (git-fixes). - dpaa2-eth: unregister the netdev before disconnecting from the PHY (git-fixes). - driver core: Do not probe devices after bus_type.match() probe deferral (git-fixes). - drm/amd/display: Limit user regamma to a valid value (git-fixes). - drm/amdgpu: Check BO's requested pinning domains against its preferred_domains (git-fixes). - drm/amdgpu: Check num_gfx_rings for gfx v9_0 rb setup (git-fixes). - drm/amdgpu: do not register a dirty callback for non-atomic (git-fixes). - drm/amdgpu: mmVM_L2_CNTL3 register not initialized correctly (git-fixes). - drm/amdgpu: remove useless condition in amdgpu_job_stop_all_jobs_on_sched() (git-fixes). - drm/amdgpu: use dirty framebuffer helper (git-fixes). - drm/gem: Fix GEM handle release errors (git-fixes). - drm/gem: Properly annotate WW context on drm_gem_lock_reservations() error (git-fixes). - drm/i915/glk: ECS Liva Q2 needs GLK HDMI port timing quirk (git-fixes). - drm/i915/reg: Fix spelling mistake "Unsupport" -> "Unsupported" (git-fixes). - drm/meson: Correct OSD1 global alpha value (git-fixes). - drm/meson: Fix OSD1 RGB to YCbCr coefficient (git-fixes). - drm/meson: Fix overflow implicit truncation warnings (git-fixes). - drm/meson: Fix refcount bugs in meson_vpu_has_available_connectors() (git-fixes). - drm/msm/dsi: Fix number of regulators for SDM660 (git-fixes). - drm/msm/dsi: Fix number of regulators for msm8996_dsi_cfg (git-fixes). - drm/msm/dsi: fix the inconsistent indenting (git-fixes). - drm/msm/rd: Fix FIFO-full deadlock (git-fixes). - drm/radeon: add a force flush to delay work when radeon (git-fixes). - drm/rockchip: Fix return type of cdn_dp_connector_mode_valid (git-fixes). - drm/sun4i: dsi: Prevent underflow when computing packet sizes (git-fixes). - dtb: Do not include sources in src.rpm - refer to kernel-source Same as other kernel binary packages there is no need to carry duplicate sources in dtb packages. - efi: capsule-loader: Fix use-after-free in efi_capsule_write (git-fixes). - ehea: fix error return code in ehea_restart_qps() (git-fixes). - enetc: Fix endianness issues for enetc_qos (git-fixes). - ethernet: sun: niu: fix missing checks of niu_pci_eeprom_read() (git-fixes). - ext4: Fix BUG_ON in ext4_bread when write quota data (bsc#1197755). - ext4: add reserved GDT blocks check (bsc#1202712). - ext4: do not set SB_ACTIVE in ext4_orphan_cleanup() (bsc#1202708). - ext4: do not use the orphan list when migrating an inode (bsc#1197756). - ext4: fix bug_on in ext4_writepages (bsc#1200872). - ext4: fix error handling code in add_new_gdb (bsc#1179722). - ext4: fix error handling in ext4_restore_inline_data() (bsc#1197757). - ext4: fix invalid inode checksum (bsc#1179723). - ext4: fix loff_t overflow in ext4_max_bitmap_size() (bsc#1202709). - ext4: fix overhead calculation to account for the reserved gdt blocks (bsc#1200869). - ext4: fix potential infinite loop in ext4_dx_readdir() (bsc#1191662). - ext4: fix race when reusing xattr blocks (bsc#1198971). - ext4: fix symlink file size not match to file content (bsc#1200868). - ext4: fix use-after-free in ext4_rename_dir_prepare (bsc#1200871). - ext4: fix use-after-free in ext4_search_dir (bsc#1202710). - ext4: fix warning in ext4_handle_inode_extension (bsc#1202711). - ext4: force overhead calculation if the s_overhead_cluster makes no sense (bsc#1200870). - ext4: recover csum seed of tmp_inode after migrating to extents (bsc#1202713). - ext4: remove EA inode entry from mbcache on inode eviction (bsc#1198971). - ext4: unindent codeblock in ext4_xattr_block_set() (bsc#1198971). - fbcon: Fix boundary checks for fbcon=vc:n1-n2 parameters (git-fixes). - fbdev: chipsfb: Add missing pci_disable_device() in chipsfb_pci_init() (git-fixes). - fbdev: fb_pm2fb: Avoid potential divide by zero error (git-fixes). - firmware: tegra: bpmp: Do only aligned access to IPC memory area (git-fixes). - fs-writeback: writeback_sb_inodes: Recalculate 'wrote' according skipped pages (bsc#1200873). - ftrace: Fix NULL pointer dereference in is_ftrace_trampoline when ftrace is dead (git-fixes). - fuse: Remove the control interface for virtio-fs (bsc#1203137). - fuse: ioctl: translate ENOSYS (bsc#1203136). - fuse: limit nsec (bsc#1203135). - gadgetfs: ep_io - wait until IRQ finishes (git-fixes). - geneve: do not use RT_TOS for IPv6 flowlabel (git-fixes). - geneve: fix TOS inheriting for ipv4 (git-fixes). - gpio: mpc8xxx: Fix support for IRQ_TYPE_LEVEL_LOW flow_type in mpc85xx (git-fixes). - gpio: pca953x: Add mutex_lock for regcache sync in PM (git-fixes). - hid: alps: Declare U1_UNICORN_LEGACY support (git-fixes). - hid: intel-ish-hid: ishtp: Fix ishtp client sending disordered message (git-fixes). - hid: ishtp-hid-clientHID: ishtp-hid-client: Fix comment typo (git-fixes). - hid: steam: Prevent NULL pointer dereference in steam_{recv,send}_report (git-fixes). - hid: wacom: Do not register pad_input for touch switch (git-fixes). - hid: wacom: Only report rotation for art pen (git-fixes). - hv_netvsc: Load and store the proper (NBL_HASH_INFO) per-packet info (bsc#1202701). - hwmon: (gpio-fan) Fix array out of bounds access (git-fixes). - i2c: imx: Make sure to unregister adapter on remove() (git-fixes). - ice: report supported and advertised autoneg using PHY capabilities (git-fixes). - ieee802154/adf7242: defer destroy_workqueue call (git-fixes). - ieee802154: cc2520: add rc code in cc2520_tx() (git-fixes). - iio: adc: mcp3911: make use of the sign bit (git-fixes). - iio: adc: mcp3911: use correct formula for AD conversion (git-fixes). - ima: force signature verification when CONFIG_KEXEC_SIG is configured (bsc#1203737). - input: iforce - add support for Boeder Force Feedback Wheel (git-fixes). - input: iforce - wake up after clearing IFORCE_XMIT_RUNNING flag (git-fixes). - input: melfas_mip4 - fix return value check in mip4_probe() (git-fixes). - input: rk805-pwrkey - fix module autoloading (git-fixes). - input: snvs_pwrkey - fix SNVS_HPVIDR1 register address (git-fixes). - intel_th: pci: Add Meteor Lake-P support (git-fixes). - intel_th: pci: Add Raptor Lake-S CPU support (git-fixes). - intel_th: pci: Add Raptor Lake-S PCH support (git-fixes). - iommu/amd: Simplify and Consolidate Virtual APIC (AVIC) Enablement (git-fixes). - iommu/arm-smmu: qcom_iommu: Add of_node_put() when breaking out of loop (git-fixes). - iommu/exynos: Handle failed IOMMU device registration properly (git-fixes). - iommu/iova: Improve 32-bit free space estimate (git-fixes). - iommu/ipmmu-vmsa: Check for error num after setting mask (git-fixes). - iommu/mediatek: Add list_del in mtk_iommu_remove (git-fixes). - iommu/msm: Fix an incorrect NULL check on list iterator (git-fixes). - iommu/omap: Fix regression in probe for NULL pointer dereference (git-fixes). - iommu/vt-d: Calculate mask for non-aligned flushes (git-fixes). - iommu/vt-d: Fix PCI bus rescan device hot add (git-fixes). - iommu/vt-d: Fix RID2PASID setup/teardown failure (git-fixes). - iommu/vt-d: avoid invalid memory access via node_online(NUMA_NO_NODE) (git-fixes). - ipheth: fix EOVERFLOW in ipheth_rcvbulk_callback (git-fixes). - ipmi: ssif: initialize ssif_info->client early (git-fixes). - ixgbevf: add correct exception tracing for XDP (git-fixes). - jbd2: fix assertion 'jh->b_frozen_data == NULL' failure when journal aborted (bsc#1202716). - jbd2: fix outstanding credits assert in jbd2_journal_commit_transaction() (bsc#1202715). - jfs: fix GPF in diFree (bsc#1203389). - jfs: fix memleak in jfs_mount (git-fixes). - jfs: more checks for invalid superblock (git-fixes). - jfs: prevent NULL deref in diFree (bsc#1203389). - kABI: x86: kexec: hide new include from genksyms (bsc#1196444). - kabi: cgroup: Restore KABI of css_set (bsc#1201610). - kbuild: do not create built-in objects for external module builds (jsc#SLE-24559 bsc#1202756). - kbuild: dummy-tools: avoid tmpdir leak in dummy gcc (bsc#1181862 git-fixes). - kbuild: dummy-tools: avoid tmpdir leak in dummy gcc (git-fixes). - kernel-binary: move @NOSOURCE@ to @SOURCES@ as in other packages - kernel-obs-build: include qemu_fw_cfg (boo#1201705) - kernel-source: include the kernel signature file We assume that the upstream tarball is used for released kernels. Then we can also include the signature file and keyring in the kernel-source src.rpm. Because of mkspec code limitation exclude the signature and keyring from binary packages always - mkspec does not parse spec conditionals. - kexec, KEYS, s390: Make use of built-in and secondary keyring for signature verification (bsc#1196444). - kexec, KEYS: make the code in bzImage64_verify_sig generic (bsc#1196444). - kexec: clean up arch_kexec_kernel_verify_sig (bsc#1196444). - kexec: do not verify the signature without the lockdown or mandatory signature (bsc#1203737). - kexec: drop weak attribute from functions (bsc#1196444). - kexec_file: drop weak attribute from arch_kexec_apply_relocations[_add] (bsc#1196444). - kexec_file: drop weak attribute from functions (bsc#1196444). - kfifo: fix kfifo_to_user() return type (git-fixes). - kfifo: fix ternary sign extension bugs (git-fixes). - kvm: PPC: Book3S HV: Context tracking exit guest context before enabling irqs (bsc#1065729). - kvm: PPC: Book3S HV: Prevent POWER7/8 TLB flush flushing SLB (bsc#1156395). - kvm: PPC: Book3S HV: Use GLOBAL_TOC for kvmppc_h_set_dabr/xdabr() (bsc#1156395). - kvm: PPC: Fix vmx/vsx mixup in mmio emulation (bsc#1156395). - kvm: PPC: Use arch_get_random_seed_long instead of powernv variant (bsc#1156395). - kvm: VMX: Refuse to load kvm_intel if EPT and NX are disabled (git-fixes). - kvm: nVMX: Let userspace set nVMX MSR to any _host_ supported value (git-fixes). - kvm: nVMX: Snapshot pre-VM-Enter BNDCFGS for !nested_run_pending case (git-fixes). - kvm: nVMX: Snapshot pre-VM-Enter DEBUGCTL for !nested_run_pending case (git-fixes). - kvm: x86: Mark TSS busy during LTR emulation _after_ all fault checks (git-fixes). - kvm: x86: Set error code to segment selector on LLDT/LTR non-canonical #GP (git-fixes). - kvm: x86: accept userspace interrupt only if no event is injected (git-fixes). - lib/list_debug.c: Detect uninitialized lists (git-fixes). - lib: bitmap: provide devm_bitmap_alloc() and devm_bitmap_zalloc() (git-fixes). - libata: add ATA_HORKAGE_NOLPM for Pioneer BDR-207M and BDR-205 (git-fixes). - lightnvm: Remove lightnvm implemenation (bsc#1191881 bsc#1201420 ZDI-CAN-17325). - list: add "list_del_init_careful()" to go with "list_empty_careful()" (bsc#1202745). - locking/lockdep: Avoid potential access of invalid memory in lock_class (git-fixes). - loop: Fix missing discard support when using LOOP_CONFIGURE (bsc#1202718). - mbcache: add functions to delete entry if unused (bsc#1198971). - mbcache: do not reclaim used entries (bsc#1198971). - md-raid10: fix KASAN warning (git-fixes). - md/bitmap: do not set sb values if can't pass sanity check (bsc#1197158). - md: call __md_stop_writes in md_stop (git-fixes). - md: unlock mddev before reap sync_thread in action_store (bsc#1197659). - media: aspeed-video: ignore interrupts that are not enabled (git-fixes). - media: coda: Add more H264 levels for CODA960 (git-fixes). - media: coda: Fix reported H264 profile (git-fixes). - media: dvb_vb2: fix possible out of bound access (git-fixes). - mfd: max77620: Fix refcount leak in max77620_initialise_fps (git-fixes). - mfd: t7l66xb: Drop platform disable callback (git-fixes). - misc: fastrpc: fix memory corruption on open (git-fixes). - misc: fastrpc: fix memory corruption on probe (git-fixes). - mkspec: eliminate @NOSOURCE@ macro This should be alsways used with @SOURCES@, just include the content there. - mm/rmap: Fix anon_vma->degree ambiguity leading to double-reuse (git-fixes, bsc#1203098). - mm: bdi: initialize bdi_min_ratio when bdi is unregistered (bsc#1197763). - mm: memcontrol: fix potential oom_lock recursion deadlock (bsc#1202447). - mm: pagewalk: Fix race between unmap and page walker (git-fixes, bsc#1203159). - mm: proc: smaps_rollup: do not stall write attempts on mmap_lock (bsc#1201990). - mm: smaps*: extend smap_gather_stats to support specified beginning (bsc#1201990). - mmap locking API: add mmap_lock_is_contended() (bsc#1201990). - mmc: moxart: fix 4-bit bus width and remove 8-bit bus width (git-fixes). - mmc: pxamci: Fix an error handling path in pxamci_probe() (git-fixes). - mmc: pxamci: Fix another error handling path in pxamci_probe() (git-fixes). - module: Ignore _GLOBAL_OFFSET_TABLE_ when warning for undefined symbols (git-fixes). - mtd: maps: Fix refcount leak in ap_flash_init (git-fixes). - mtd: maps: Fix refcount leak in of_flash_probe_versatile (git-fixes). - mtd: partitions: Fix refcount leak in parse_redboot_of (git-fixes). - mtd: rawnand: meson: Fix a potential double free issue (git-fixes). - mtd: sm_ftl: Fix deadlock caused by cancel_work_sync in sm_release (git-fixes). - mtd: st_spi_fsm: Add a clk_disable_unprepare() in .probe()'s error path (git-fixes). - net/mlx5e: Check for needed capability for cvlan matching (git-fixes). - net: bcmgenet: Add mdio-bcm-unimac soft dependency (git-fixes). - net: cpsw: Properly initialise struct page_pool_params (git-fixes). - net: cpsw: add missing of_node_put() in cpsw_probe_dt() (git-fixes). - net: davinci_emac: Fix incorrect masking of tx and rx error channel (git-fixes). - net: dsa: felix: suppress -EPROBE_DEFER errors (git-fixes). - net: dsa: mt7530: fix VLAN traffic leaks (git-fixes). - net: enetc: Use pci_release_region() to release some resources (git-fixes). - net: enetc: report software timestamping via SO_TIMESTAMPING (git-fixes). - net: enetc: unmap DMA in enetc_send_cmd() (git-fixes). - net: ethernet: aeroflex: fix UAF in greth_of_remove (git-fixes). - net: ethernet: ezchip: fix UAF in nps_enet_remove (git-fixes). - net: ethernet: ezchip: fix error handling (git-fixes). - net: ethernet: ezchip: remove redundant check (git-fixes). - net: ethernet: fix potential use-after-free in ec_bhf_remove (git-fixes). - net: ethernet: ti: cpsw_ale: Fix access to un-initialized memory (git-fixes). - net: fec: fix the potential memory leak in fec_enet_init() (git-fixes). - net: fec_ptp: add clock rate zero check (git-fixes). - net: hns: Fix kernel-doc (git-fixes). - net: lantiq: fix memory corruption in RX ring (git-fixes). - net: mana: Add rmb after checking owner bits (git-fixes). - net: mana: Add support of XDP_REDIRECT action (bsc#1201310, jsc#PED-529). - net: mana: Add the Linux MANA PF driver (bsc#1201309, jsc#PED-529). - net: moxa: Use devm_platform_get_and_ioremap_resource() (git-fixes). - net: mscc: ocelot: correctly report the timestamping RX filters in ethtool (git-fixes). - net: mscc: ocelot: do not downgrade timestamping RX filters in SIOCSHWTSTAMP (git-fixes). - net: netcp: Fix an error message (git-fixes). - net: pch_gbe: Propagate error from devm_gpio_request_one() (git-fixes). - net: rose: fix netdev reference changes (git-fixes). - net: sock: tracing: Fix sock_exceed_buf_limit not to dereference stale pointer (git-fixes). - net: stmicro: handle clk_prepare() failure during init (git-fixes). - net: stmmac: disable clocks in stmmac_remove_config_dt() (git-fixes). - net: stmmac: dwmac1000: Fix extended MAC address registers definition (git-fixes). - net: usb: qmi_wwan: add Quectel RM520N (git-fixes). - net: vmxnet3: fix possible NULL pointer dereference in vmxnet3_rq_cleanup() (bsc#1200431). - net: vmxnet3: fix possible use-after-free bugs in vmxnet3_rq_alloc_rx_buf() (bsc#1200431). - net: vmxnet3: remove multiple false checks in vmxnet3_ethtool.c (bsc#1200431). - net:emac/emac-mac: Fix a use after free in emac_mac_tx_buf_send (git-fixes). - net:enetc: allocate CBD ring data memory using DMA coherent methods (git-fixes). - net_sched: cls_route: disallow handle of 0 (bsc#1202393). - nfs: fix nfs_path in case of a rename retry (git-fixes). - nfsd: Add missing NFSv2 .pc_func methods (git-fixes). - nfsd: Clamp WRITE offsets (git-fixes). - nfsd: Fix offset type in I/O trace points (git-fixes). - nfsd: Fix possible sleep during nfsd4_release_lockowner() (git-fixes). - nfsd: fix use-after-free due to delegation race (git-fixes). - nfsd: prevent integer overflow on 32 bit systems (git-fixes). - nfsd: prevent underflow in nfssvc_decode_writeargs() (git-fixes). - nfsv4.1: Do not decrease the value of seq_nr_highest_sent (git-fixes). - nfsv4.1: Handle NFS4ERR_DELAY replies to OP_SEQUENCE correctly (git-fixes). - nfsv4.1: RECLAIM_COMPLETE must handle EACCES (git-fixes). - nfsv4.2: support EXCHGID4_FLAG_SUPP_FENCE_OPS 4.2 EXCHANGE_ID flag (git-fixes). - nfsv4: Fix races in the legacy idmapper upcall (git-fixes). - nfsv4: Fix second deadlock in nfs4_evict_inode() (git-fixes). - nfsv4: nfs4_proc_set_acl needs to restore NFS_CAP_UIDGID_NOMAP on error (git-fixes). - ntb: ntb_tool: uninitialized heap data in tool_fn_write() (git-fixes). - nvme-fabrics: parse nvme connect Linux error codes (bsc#1201865). - nvme-rdma: Handle number of queue changes (bsc#1201865). - nvme-tcp: Handle number of queue changes (bsc#1201865). - nvme-tcp: fix UAF when detecting digest errors (bsc#1200313 bsc#1201489). - nvme: fix RCU hole that allowed for endless looping in multipath round robin (bsc#1202636). - nvmet: Expose max queues to configfs (bsc#1201865). - objtool: Add support for intra-function calls (bsc#1202396). - objtool: Make handle_insn_ops() unconditional (bsc#1202396). - objtool: Remove INSN_STACK (bsc#1202396). - objtool: Rework allocating stack_ops on decode (bsc#1202396). - objtool: Support multiple stack_op per instruction (bsc#1202396). - ocfs2: drop acl cache for directories too (bsc#1191667). - ocfs2: fix crash when initialize filecheck kobj fails (bsc#1197920). - ocfs2: mount fails with buffer overflow in strlen (bsc#1197760). - of/device: Fix up of_dma_configure_id() stub (git-fixes). - of: fdt: fix off-by-one error in unflatten_dt_nodes() (git-fixes). - padata: introduce internal padata_get/put_pd() helpers (bsc#1202638). - padata: make padata_free_shell() to respect pd's ->refcnt (bsc#1202638). - parisc/sticon: fix reverse colors (bsc#1152489). - parisc: parisc-agp requires SBA IOMMU driver (bsc#1152489) - pci/acpi: Guard ARM64-specific mcfg_quirks (git-fixes). - pci: Add ACS quirk for Broadcom BCM5750x NICs (git-fixes). - pci: hv: Fix hv_arch_irq_unmask() for multi-MSI (bsc#1200845). - pci: hv: Fix interrupt mapping for multi-MSI (bsc#1200845). - pci: hv: Fix multi-MSI to allow more than one MSI vector (bsc#1200845). - pci: hv: Make the code arch neutral by adding arch specific interfaces (bsc#1200845). - pci: hv: Only reuse existing IRTE allocation for Multi-MSI (bsc#1200845). - pci: hv: Reuse existing IRTE allocation in compose_msi_msg() (bsc#1200845). - pci: qcom: Fix pipe clock imbalance (git-fixes). - perf bench: Share some global variables to fix build with gcc 10 (git-fixes). - pinctrl/rockchip: fix gpio device creation (git-fixes). - pinctrl: nomadik: Fix refcount leak in nmk_pinctrl_dt_subnode_to_map (git-fixes). - pinctrl: qcom: msm8916: Allow CAMSS GP clocks to be muxed (git-fixes). - pinctrl: rockchip: Enhance support for IRQ_TYPE_EDGE_BOTH (git-fixes). - pinctrl: sunxi: Add I/O bias setting for H6 R-PIO (git-fixes). - platform/x86: acer-wmi: Acer Aspire One AOD270/Packard Bell Dot keymap fixes (git-fixes). - platform/x86: pmc_atom: Fix SLP_TYPx bitfield mask (git-fixes). - powerpc/drmem: Make lmb_size 64 bit (bsc#1203424 ltc#199544). - powerpc/memhotplug: Make lmb size 64bit (bsc#1203424 ltc#199544). - powerpc/perf: Optimize clearing the pending PMI and remove WARN_ON for PMI check in power_pmu_disable (bsc#1156395). - powerpc/powernv/kvm: Use darn for H_RANDOM on Power9 (bsc#1065729). - powerpc/powernv: Avoid crashing if rng is NULL (bsc#1065729). - powerpc/powernv: Staticify functions without prototypes (bsc#1065729). - powerpc/powernv: delay rng platform device creation until later in boot (bsc#1065729). - powerpc/powernv: rename remaining rng powernv_ functions to pnv_ (bsc#1065729). - powerpc/powernv: wire up rng during setup_arch (bsc#1065729). - powerpc/pseries: wire up rng during setup_arch() (bsc#1065729). - powerpc/xive: Fix refcount leak in xive_get_max_prio (git-fixess). - powerpc: Enable execve syscall exit tracepoint (bsc#1065729). - powerpc: define get_cycles macro for arch-override (bsc#1065729). - powerpc: powernv: kABI: add back powernv_get_random_long (bsc#1065729). - ppc64/kdump: Limit kdump base to 512MB (bsc#1203410 ltc#199904). - profiling: fix shift too large makes kernel panic (git-fixes). - psi: Fix uaf issue when psi trigger is destroyed while being polled (bsc#1203909). - qlcnic: Add null check after calling netdev_alloc_skb (git-fixes). - random: fix crash on multiple early calls to add_bootloader_randomness() (git-fixes). - ratelimit: Fix data-races in ___ratelimit() (git-fixes). - regulator: core: Clean up on enable failure (git-fixes). - regulator: pfuze100: Fix the global-out-of-bounds access in pfuze100_regulator_probe() (git-fixes). - reiserfs: fix handling of -EOPNOTSUPP in reiserfs_for_each_xattr (bsc#1202714). - remoteproc: qcom: q6v5-mss: add powerdomains to MSM8996 config (git-fixes). - remoteproc: qcom: wcnss: Fix handling of IRQs (git-fixes). - reset: imx7: Fix the iMX8MP PCIe PHY PERST support (git-fixes). - rpm/kernel-binary.spec.in: move vdso to a separate package (bsc#1202385) We do the move only on 15.5+. - rpm/kernel-binary.spec.in: simplify find for usrmerged The type test and print line are the same for both cases. The usrmerged case only ignores more, so refactor it to make it more obvious. - rpm/kernel-source.spec.in: simplify finding of broken symlinks "find -xtype l" will report them, so use that to make the search a bit faster (without using shell). - s390/crash: fix incorrect number of bytes to copy to user space (git-fixes). - s390/crash: make copy_oldmem_page() return number of bytes copied (git-fixes). - s390/mm: do not trigger write fault when vma does not allow VM_WRITE (git-fixes). - s390/mm: fix 2KB pgtable release race (git-fixes). - s390/ptrace: pass invalid syscall numbers to tracing (bsc#1192594 LTC#197522). - s390/qeth: cache link_info for ethtool (bsc#1202984 LTC#199607). - s390/qeth: clean up default cases for ethtool link mode (bsc#1202984 LTC#199607). - s390/qeth: improve QUERY CARD INFO processing (bsc#1202984 LTC#199607). - s390/qeth: improve selection of ethtool link modes (bsc#1202984 LTC#199607). - s390/qeth: set static link info during initialization (bsc#1202984 LTC#199607). - s390/qeth: tolerate error when querying card info (bsc#1202984 LTC#199607). - s390/qeth: use QUERY OAT for initial link info (bsc#1202984 LTC#199607). - scsi: core: Fix bad pointer dereference when ehandler kthread is invalid (git-fixes). - scsi: lpfc: Add missing destroy_workqueue() in error path (bsc#1203939). - scsi: lpfc: Add missing free iocb and nlp kref put for early return VMID cases (bsc#1203939). - scsi: lpfc: Add reporting capability for Link Degrade Signaling (bsc#1203939). - scsi: lpfc: Add warning notification period to CMF_SYNC_WQE (bsc#1203063). - scsi: lpfc: Check the return value of alloc_workqueue() (bsc#1203063). - scsi: lpfc: Copyright updates for 14.2.0.6 patches (bsc#1203063). - scsi: lpfc: Fix FLOGI ACC with wrong SID in PT2PT topology (bsc#1203939). - scsi: lpfc: Fix mbuf pool resource detected as busy at driver unload (bsc#1203939). - scsi: lpfc: Fix multiple NVMe remoteport registration calls for the same NPort ID (bsc#1203939). - scsi: lpfc: Fix null ndlp ptr dereference in abnormal exit path for GFT_ID (bsc#1203063). - scsi: lpfc: Fix prli_fc4_req checks in PRLI handling (bsc#1203939). - scsi: lpfc: Fix unsolicited FLOGI receive handling during PT2PT discovery (bsc#1203063). - scsi: lpfc: Fix various issues reported by tools (bsc#1203939). - scsi: lpfc: Move scsi_host_template outside dynamically allocated/freed phba (bsc#1185032 bsc#1203939). - scsi: lpfc: Remove SANDiags related code (bsc#1203063). - scsi: lpfc: Remove the unneeded result variable (bsc#1203939). - scsi: lpfc: Remove unneeded result variable (bsc#1203939). - scsi: lpfc: Rename mp/bmp dma buffers to rq/rsp in lpfc_fdmi_cmd (bsc#1203939). - scsi: lpfc: Return DID_TRANSPORT_DISRUPTED instead of DID_REQUEUE (bsc#1203939). - scsi: lpfc: Rework FDMI attribute registration for unintential padding (bsc#1203939). - scsi: lpfc: Rework MIB Rx Monitor debug info logic (bsc#1203063). - scsi: lpfc: Rework lpfc_fdmi_cmd() routine for cleanup and consistency (bsc#1203939). - scsi: lpfc: Update congestion mode logging for Emulex SAN Manager application (bsc#1203939). - scsi: lpfc: Update lpfc version to 14.2.0.6 (bsc#1203063). - scsi: lpfc: Update lpfc version to 14.2.0.7 (bsc#1203939). - scsi: mpt3sas: Fix use-after-free warning (git-fixes). - scsi: qla2xxx: Add NVMe parameters support in Auxiliary Image Status (bsc#1203935). - scsi: qla2xxx: Add debugfs create/delete helpers (bsc#1203935). - scsi: qla2xxx: Always wait for qlt_sess_work_fn() from qlt_stop_phase1() (bsc#1203935). - scsi: qla2xxx: Avoid flush_scheduled_work() usage (bsc#1203935). - scsi: qla2xxx: Disable ATIO interrupt coalesce for quad port ISP27XX (bsc#1203935). - scsi: qla2xxx: Drop DID_TARGET_FAILURE use (bsc#1203935). - scsi: qla2xxx: Fix memory leak in __qlt_24xx_handle_abts() (bsc#1203935). - scsi: qla2xxx: Fix response queue handler reading stale packets (bsc#1203935). - scsi: qla2xxx: Log message "skipping scsi_scan_host()" as informational (bsc#1203935). - scsi: qla2xxx: Remove unused declarations for qla2xxx (bsc#1203935). - scsi: qla2xxx: Remove unused del_sess_list field (bsc#1203935). - scsi: qla2xxx: Remove unused qlt_tmr_work() (bsc#1203935). - scsi: qla2xxx: Revert "scsi: qla2xxx: Fix response queue handler reading stale packets" (bsc#1203935). - scsi: qla2xxx: Update version to 10.02.07.900-k (bsc#1203935). - scsi: sg: Allow waiting for commands to complete on removed device (git-fixes). - scsi: smartpqi: Fix DMA direction for RAID requests (git-fixes). - scsi: smartpqi: Shorten drive visibility after removal (bsc#1200622). - scsi: smartpqi: Update LUN reset handler (bsc#1200622). - selftests: futex: Use variable MAKE instead of make (git-fixes). - serial: 8250_dw: Store LSR into lsr_saved_flags in dw8250_tx_wait_empty() (git-fixes). - serial: Create uart_xmit_advance() (git-fixes). - serial: fsl_lpuart: RS485 RTS polariy is inverse (git-fixes). - serial: mvebu-uart: uart2 error bits clearing (git-fixes). - serial: tegra-tcu: Use uart_xmit_advance(), fixes icount.tx accounting (git-fixes). - serial: tegra: Change lower tolerance baud rate limit for tegra20 and tegra30 (git-fixes). - serial: tegra: Use uart_xmit_advance(), fixes icount.tx accounting (git-fixes). - silence nfscache allocation warnings with kvzalloc (git-fixes). - soc: brcmstb: pm-arm: Fix refcount leak and __iomem leak bugs (git-fixes). - soc: sunxi: sram: Actually claim SRAM regions (git-fixes). - soc: sunxi: sram: Fix debugfs info for A64 SRAM C (git-fixes). - soc: sunxi: sram: Prevent the driver from being unbound (git-fixes). - spi: Fix incorrect cs_setup delay handling (git-fixes). - spi: spi-rspi: Fix PIO fallback on RZ platforms (git-fixes). - spi: synquacer: Add missing clk_disable_unprepare() (git-fixes). - spmi: trace: fix stack-out-of-bound access in SPMI tracing functions (git-fixes). - squashfs: fix divide error in calculate_skip() (git-fixes). - staging: rtl8712: fix use after free bugs (git-fixes). - struct ehci_hcd: hide new member (git-fixes). - struct otg_fsm: hide new boolean member in gap (git-fixes). - sunrpc: Clean up scheduling of autoclose (git-fixes). - sunrpc: Do not call connect() more than once on a TCP socket (git-fixes). - sunrpc: Do not dereference xprt->snd_task if it's a cookie (git-fixes). - sunrpc: Do not leak sockets in xs_local_connect() (git-fixes). - sunrpc: Fix READ_PLUS crasher (git-fixes). - sunrpc: Fix misplaced barrier in call_decode (git-fixes). - sunrpc: Prevent immediate close+reconnect (git-fixes). - sunrpc: RPC level errors should set task->tk_rpc_status (git-fixes). - sunrpc: Reinitialise the backchannel request buffers before reuse (git-fixes). - sunrpc: fix expiry of auth creds (git-fixes). - svcrdma: Hold private mutex while invoking rdma_accept() (git-fixes). - tee: optee: Fix incorrect page free bug (git-fixes). - thermal: Fix NULL pointer dereferences in of_thermal_ functions (git-fixes). - thermal: sysfs: Fix cooling_device_stats_setup() error code path (git-fixes). - thunderbolt: Use the actual buffer in tb_async_error() (git-fixes). - tools/thermal: Fix possible path truncations (git-fixes). - tracing/histogram: Fix a potential memory leak for kstrdup() (git-fixes). - tracing/histograms: Fix memory leak problem (git-fixes). - tracing/probes: Have kprobes and uprobes use $COMM too (git-fixes). - tracing: Add ustring operation to filtering string pointers (git-fixes). - tracing: hold caller_addr to hardirq_{enable,disable}_ip (git-fixes). - tty/serial: atmel: RS485 & ISO7816: wait for TXRDY before sending data (git-fixes). - tty: serial: Fix refcount leak bug in ucc_uart.c (git-fixes). - tty: serial: lpuart: disable flow control while waiting for the transmit engine to complete (git-fixes). - tty: vt: initialize unicode screen buffer (git-fixes). - usb-storage: Add ignore-residue quirk for NXP PN7462AU (git-fixes). - usb.h: struct usb_device: hide new member (git-fixes). - usb: add quirks for Lenovo OneLink+ Dock (git-fixes). - usb: cdc-acm: Add Icom PMR F3400 support (0c26:0020) (git-fixes). - usb: core: Fix RST error in hub.c (git-fixes). - usb: core: Prevent nested device-reset calls (git-fixes). - usb: dwc2: fix wrong order of phy_power_on and phy_init (git-fixes). - usb: dwc3: Switch to platform_get_irq_byname_optional() (git-fixes). - usb: dwc3: disable USB core PHY management (git-fixes). - usb: dwc3: ep0: Fix delay status handling (git-fixes). - usb: dwc3: gadget: Avoid starting DWC3 gadget during UDC unbind (git-fixes). - usb: dwc3: gadget: END_TRANSFER before CLEAR_STALL command (git-fixes). - usb: dwc3: gadget: Fix IN endpoint max packet size allocation (git-fixes). - usb: dwc3: gadget: Prevent repeat pullup() (git-fixes). - usb: dwc3: gadget: Refactor dwc3_gadget_ep_dequeue (git-fixes). - usb: dwc3: gadget: Remove FS bInterval_m1 limitation (git-fixes). - usb: dwc3: gadget: Remove unnecessary checks (git-fixes). - usb: dwc3: gadget: Replace list_for_each_entry_safe() if using giveback (git-fixes). - usb: dwc3: gadget: Store resource index of start cmd (git-fixes). - usb: dwc3: qcom: fix missing optional irq warnings. - usb: ehci: handshake CMD_RUN instead of STS_HALT (git-fixes). - usb: gadget: mass_storage: Fix cdrom data transfers on MAC-OS (git-fixes). - usb: gadget: u_audio: fix race condition on endpoint stop (git-fixes). - usb: gadget: udc-xilinx: replace memcpy with memcpy_toio (git-fixes). - usb: gadget: uvc: call uvc uvcg_warn on completed status instead of uvcg_info (git-fixes). - usb: host: ohci-ppc-of: Fix refcount leak bug (git-fixes). - usb: otg-fsm: Fix hrtimer list corruption (git-fixes). - usb: renesas: Fix refcount leak bug (git-fixes). - usb: serial: ch341: fix disabled rx timer on older devices (git-fixes). - usb: serial: ch341: fix lost character on LCR updates (git-fixes). - usb: serial: ch341: name prescaler, divisor registers (git-fixes). - usb: serial: cp210x: add Decagon UCA device id (git-fixes). - usb: serial: ftdi_sio: add Omron CS1W-CIF31 device id (git-fixes). - usb: serial: option: add Quectel BG95 0x0203 composition (git-fixes). - usb: serial: option: add Quectel BG95 0x0203 composition (git-fixes). - usb: serial: option: add Quectel EM060K modem (git-fixes). - usb: serial: option: add Quectel RM520N (git-fixes). - usb: serial: option: add Quectel RM520N (git-fixes). - usb: serial: option: add support for Cinterion MV32-WA/WB RmNet mode (git-fixes). - usb: serial: option: add support for OPPO R11 diag port (git-fixes). - usb: storage: Add ASUS <0x0b05:0x1932> to IGNORE_UAS (git-fixes). - usb: typec: altmodes/displayport: correct pin assignment for UFP receptacles (git-fixes). - usb: typec: ucsi: Remove incorrect warning (git-fixes). - usb: xhci-mtk: add a function to (un)load bandwidth info (git-fixes). - usb: xhci-mtk: add only one extra CS for FS/LS INTR (git-fixes). - usb: xhci-mtk: add some schedule error number (git-fixes). - usb: xhci-mtk: fix issue of out-of-bounds array access (git-fixes). - usb: xhci-mtk: get the microframe boundary for ESIT (git-fixes). - usb: xhci-mtk: use @sch_tt to check whether need do TT schedule (git-fixes). - usbnet: Fix linkwatch use-after-free on disconnect (git-fixes). - usbnet: Fix memory leak in usbnet_disconnect() (git-fixes). - usbnet: smsc95xx: Fix deadlock on runtime resume (git-fixes). - vboxguest: Do not use devm for irq (git-fixes). - vfio/ccw: Remove UUID from s390 debug log (git-fixes). - video: fbdev: amba-clcd: Fix refcount leak bugs (git-fixes). - video: fbdev: arkfb: Check the size of screen before memset_io() (git-fixes). - video: fbdev: arkfb: Fix a divide-by-zero bug in ark_set_pixclock() (git-fixes). - video: fbdev: i740fb: Check the argument of i740_calc_vclk() (git-fixes). - video: fbdev: pxa3xx-gcu: Fix integer overflow in pxa3xx_gcu_write (git-fixes). - video: fbdev: s3fb: Check the size of screen before memset_io() (git-fixes). - video: fbdev: sis: fix typos in SiS_GetModeID() (git-fixes). - video: fbdev: vt8623fb: Check the size of screen before memset_io() (git-fixes). - virtio_net: fix memory leak inside XPD_TX with mergeable (git-fixes). - vmci: Add support for ARM64 (bsc#1199291, jsc#SLE-24635). - vmci: Check exclusive_vectors when freeing interrupt 1 (bsc#1199291, jsc#SLE-24635). - vmci: Enforce queuepair max size for IOCTL_VMCI_QUEUEPAIR_ALLOC (bsc#1199291, jsc#SLE-24635). - vmci: Fix some error handling paths in vmci_guest_probe_device() (bsc#1199291, jsc#SLE-24635). - vmci: Release notification_bitmap in error path (bsc#1199291, jsc#SLE-24635). - vmci: dma dg: add MMIO access to registers (bsc#1199291, jsc#SLE-24635). - vmci: dma dg: add support for DMA datagrams receive (bsc#1199291, jsc#SLE-24635). - vmci: dma dg: add support for DMA datagrams sends (bsc#1199291, jsc#SLE-24635). - vmci: dma dg: allocate send and receive buffers for DMA datagrams (bsc#1199291, jsc#SLE-24635). - vmci: dma dg: detect DMA datagram capability (bsc#1199291, jsc#SLE-24635). - vmci: dma dg: register dummy IRQ handlers for DMA datagrams (bsc#1199291, jsc#SLE-24635). - vmci: dma dg: set OS page size (bsc#1199291, jsc#SLE-24635). - vmci: dma dg: whitespace formatting change for vmci register defines (bsc#1199291, jsc#SLE-24635). - vmxnet3: Implement ethtool's get_channels command (bsc#1200431). - vmxnet3: Record queue number to incoming packets (bsc#1200431). - vmxnet3: Remove useless DMA-32 fallback configuration (bsc#1200431). - vmxnet3: add command to set ring buffer sizes (bsc#1200431). - vmxnet3: add support for capability registers (bsc#1200431). - vmxnet3: add support for large passthrough BAR register (bsc#1200431). - vmxnet3: add support for out of order rx completion (bsc#1200431). - vmxnet3: disable overlay offloads if UPT device does not support (bsc#1200431). - vmxnet3: do not reschedule napi for rx processing (bsc#1200431). - vmxnet3: do not stop tx queues after netif_device_detach() (bsc#1200431). - vmxnet3: limit number of TXDs used for TSO packet (bsc#1200431). - vmxnet3: prepare for version 7 changes (bsc#1200431). - vmxnet3: switch from 'pci_' to 'dma_' API (bsc#1200431). - vmxnet3: update to version 7 (bsc#1200431). - vmxnet3: use ext1 field to indicate encapsulated packet (bsc#1200431). - vsock: Fix memory leak in vsock_connect() (git-fixes). - vsock: Set socket state back to SS_UNCONNECTED in vsock_connect_timeout() (git-fixes). - vt: Clear selection before changing the font (git-fixes). - vt: selection, introduce vc_is_sel (git-fixes). - watchdog: armada_37xx_wdt: check the return value of devm_ioremap() in armada_37xx_wdt_probe() (git-fixes). - watchdog: wdat_wdt: Set the min and max timeout values properly (bsc#1194023). - wifi: cfg80211: debugfs: fix return type in ht40allow_map_read() (git-fixes). - wifi: iwlegacy: 4965: corrected fix for potential off-by-one overflow in il4965_rs_fill_link_cmd() (git-fixes). - wifi: mac80211: Do not finalize CSA in IBSS mode if state is disconnected (git-fixes). - wifi: mac80211: Fix UAF in ieee80211_scan_rx() (git-fixes). - wifi: mac80211_hwsim: add back erroneously removed cast (git-fixes). - wifi: mac80211_hwsim: fix race condition in pending packet (git-fixes). - wifi: mac80211_hwsim: use 32-bit skb cookie (git-fixes). - x86/bugs: Reenable retbleed=off While for older kernels the return thunks are statically built in and cannot be dynamically patched out, retbleed=off should still work so that it can be disabled. - x86/kexec: fix memory leak of elf header buffer (bsc#1196444). - x86/olpc: fix 'logical not is only applied to the left hand side' (git-fixes). - x86/xen: Remove undefined behavior in setup_features() (git-fixes). - xen/xenbus: fix return type in xenbus_file_read() (git-fixes). - xfs: Fix assert failure in xfs_setattr_size() (git-fixes). - xfs: bunmapi has unnecessary AG lock ordering issues (git-fixes). - xfs: check sb_meta_uuid for dabuf buffer recovery (bsc#1202577). - xfs: make xfs_rtalloc_query_range input parameters const (git-fixes). - xfs: mark a data structure sick if there are cross-referencing errors (git-fixes). - xfs: only reset incore inode health state flags when reclaiming an inode (git-fixes). - xfs: prevent a UAF when log IO errors race with unmount (git-fixes). - xfs: use kmem_cache_free() for kmem_cache objects (git-fixes). - xprtrdma: Fix XDRBUF_SPARSE_PAGES support (git-fixes). - xprtrdma: Fix cwnd update ordering (git-fixes). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap Micro 5.2: zypper in -t patch openSUSE-Leap-Micro-5.2-2022-3809=1 - SUSE Linux Enterprise Module for Realtime 15-SP3: zypper in -t patch SUSE-SLE-Module-RT-15-SP3-2022-3809=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-3809=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-3809=1 Package List: - openSUSE Leap Micro 5.2 (x86_64): kernel-rt-5.3.18-150300.106.1 kernel-rt-debuginfo-5.3.18-150300.106.1 kernel-rt-debugsource-5.3.18-150300.106.1 - SUSE Linux Enterprise Module for Realtime 15-SP3 (noarch): kernel-devel-rt-5.3.18-150300.106.1 kernel-source-rt-5.3.18-150300.106.1 - SUSE Linux Enterprise Module for Realtime 15-SP3 (x86_64): cluster-md-kmp-rt-5.3.18-150300.106.1 cluster-md-kmp-rt-debuginfo-5.3.18-150300.106.1 dlm-kmp-rt-5.3.18-150300.106.1 dlm-kmp-rt-debuginfo-5.3.18-150300.106.1 gfs2-kmp-rt-5.3.18-150300.106.1 gfs2-kmp-rt-debuginfo-5.3.18-150300.106.1 kernel-rt-5.3.18-150300.106.1 kernel-rt-debuginfo-5.3.18-150300.106.1 kernel-rt-debugsource-5.3.18-150300.106.1 kernel-rt-devel-5.3.18-150300.106.1 kernel-rt-devel-debuginfo-5.3.18-150300.106.1 kernel-rt_debug-debuginfo-5.3.18-150300.106.1 kernel-rt_debug-debugsource-5.3.18-150300.106.1 kernel-rt_debug-devel-5.3.18-150300.106.1 kernel-rt_debug-devel-debuginfo-5.3.18-150300.106.1 kernel-syms-rt-5.3.18-150300.106.1 ocfs2-kmp-rt-5.3.18-150300.106.1 ocfs2-kmp-rt-debuginfo-5.3.18-150300.106.1 - SUSE Linux Enterprise Micro 5.2 (x86_64): kernel-rt-5.3.18-150300.106.1 kernel-rt-debuginfo-5.3.18-150300.106.1 kernel-rt-debugsource-5.3.18-150300.106.1 - SUSE Linux Enterprise Micro 5.1 (x86_64): kernel-rt-5.3.18-150300.106.1 kernel-rt-debuginfo-5.3.18-150300.106.1 kernel-rt-debugsource-5.3.18-150300.106.1 References: https://www.suse.com/security/cve/CVE-2016-3695.html https://www.suse.com/security/cve/CVE-2020-16119.html https://www.suse.com/security/cve/CVE-2020-27784.html https://www.suse.com/security/cve/CVE-2021-4155.html https://www.suse.com/security/cve/CVE-2021-4203.html https://www.suse.com/security/cve/CVE-2022-20368.html https://www.suse.com/security/cve/CVE-2022-20369.html https://www.suse.com/security/cve/CVE-2022-2503.html https://www.suse.com/security/cve/CVE-2022-2586.html https://www.suse.com/security/cve/CVE-2022-2588.html https://www.suse.com/security/cve/CVE-2022-26373.html https://www.suse.com/security/cve/CVE-2022-2663.html https://www.suse.com/security/cve/CVE-2022-2905.html https://www.suse.com/security/cve/CVE-2022-2977.html https://www.suse.com/security/cve/CVE-2022-3028.html https://www.suse.com/security/cve/CVE-2022-3169.html https://www.suse.com/security/cve/CVE-2022-32296.html https://www.suse.com/security/cve/CVE-2022-3239.html https://www.suse.com/security/cve/CVE-2022-3303.html https://www.suse.com/security/cve/CVE-2022-36879.html https://www.suse.com/security/cve/CVE-2022-39188.html https://www.suse.com/security/cve/CVE-2022-39190.html https://www.suse.com/security/cve/CVE-2022-40768.html https://www.suse.com/security/cve/CVE-2022-41218.html https://www.suse.com/security/cve/CVE-2022-41222.html https://www.suse.com/security/cve/CVE-2022-41674.html https://www.suse.com/security/cve/CVE-2022-41848.html https://www.suse.com/security/cve/CVE-2022-41849.html https://www.suse.com/security/cve/CVE-2022-42719.html https://www.suse.com/security/cve/CVE-2022-42720.html https://www.suse.com/security/cve/CVE-2022-42721.html https://www.suse.com/security/cve/CVE-2022-42722.html https://bugzilla.suse.com/1023051 https://bugzilla.suse.com/1065729 https://bugzilla.suse.com/1152489 https://bugzilla.suse.com/1156395 https://bugzilla.suse.com/1177471 https://bugzilla.suse.com/1179722 https://bugzilla.suse.com/1179723 https://bugzilla.suse.com/1181862 https://bugzilla.suse.com/1185032 https://bugzilla.suse.com/1191662 https://bugzilla.suse.com/1191667 https://bugzilla.suse.com/1191881 https://bugzilla.suse.com/1192594 https://bugzilla.suse.com/1194023 https://bugzilla.suse.com/1194272 https://bugzilla.suse.com/1194535 https://bugzilla.suse.com/1196444 https://bugzilla.suse.com/1197158 https://bugzilla.suse.com/1197659 https://bugzilla.suse.com/1197755 https://bugzilla.suse.com/1197756 https://bugzilla.suse.com/1197757 https://bugzilla.suse.com/1197760 https://bugzilla.suse.com/1197763 https://bugzilla.suse.com/1197920 https://bugzilla.suse.com/1198971 https://bugzilla.suse.com/1199291 https://bugzilla.suse.com/1200288 https://bugzilla.suse.com/1200313 https://bugzilla.suse.com/1200431 https://bugzilla.suse.com/1200622 https://bugzilla.suse.com/1200845 https://bugzilla.suse.com/1200868 https://bugzilla.suse.com/1200869 https://bugzilla.suse.com/1200870 https://bugzilla.suse.com/1200871 https://bugzilla.suse.com/1200872 https://bugzilla.suse.com/1200873 https://bugzilla.suse.com/1201019 https://bugzilla.suse.com/1201309 https://bugzilla.suse.com/1201310 https://bugzilla.suse.com/1201420 https://bugzilla.suse.com/1201489 https://bugzilla.suse.com/1201610 https://bugzilla.suse.com/1201705 https://bugzilla.suse.com/1201726 https://bugzilla.suse.com/1201865 https://bugzilla.suse.com/1201948 https://bugzilla.suse.com/1201990 https://bugzilla.suse.com/1202095 https://bugzilla.suse.com/1202096 https://bugzilla.suse.com/1202097 https://bugzilla.suse.com/1202341 https://bugzilla.suse.com/1202346 https://bugzilla.suse.com/1202347 https://bugzilla.suse.com/1202385 https://bugzilla.suse.com/1202393 https://bugzilla.suse.com/1202396 https://bugzilla.suse.com/1202447 https://bugzilla.suse.com/1202577 https://bugzilla.suse.com/1202636 https://bugzilla.suse.com/1202638 https://bugzilla.suse.com/1202672 https://bugzilla.suse.com/1202677 https://bugzilla.suse.com/1202701 https://bugzilla.suse.com/1202708 https://bugzilla.suse.com/1202709 https://bugzilla.suse.com/1202710 https://bugzilla.suse.com/1202711 https://bugzilla.suse.com/1202712 https://bugzilla.suse.com/1202713 https://bugzilla.suse.com/1202714 https://bugzilla.suse.com/1202715 https://bugzilla.suse.com/1202716 https://bugzilla.suse.com/1202717 https://bugzilla.suse.com/1202718 https://bugzilla.suse.com/1202720 https://bugzilla.suse.com/1202722 https://bugzilla.suse.com/1202745 https://bugzilla.suse.com/1202756 https://bugzilla.suse.com/1202810 https://bugzilla.suse.com/1202811 https://bugzilla.suse.com/1202860 https://bugzilla.suse.com/1202895 https://bugzilla.suse.com/1202898 https://bugzilla.suse.com/1202960 https://bugzilla.suse.com/1202984 https://bugzilla.suse.com/1203063 https://bugzilla.suse.com/1203098 https://bugzilla.suse.com/1203107 https://bugzilla.suse.com/1203117 https://bugzilla.suse.com/1203135 https://bugzilla.suse.com/1203136 https://bugzilla.suse.com/1203137 https://bugzilla.suse.com/1203159 https://bugzilla.suse.com/1203290 https://bugzilla.suse.com/1203389 https://bugzilla.suse.com/1203410 https://bugzilla.suse.com/1203424 https://bugzilla.suse.com/1203514 https://bugzilla.suse.com/1203552 https://bugzilla.suse.com/1203622 https://bugzilla.suse.com/1203737 https://bugzilla.suse.com/1203769 https://bugzilla.suse.com/1203770 https://bugzilla.suse.com/1203802 https://bugzilla.suse.com/1203906 https://bugzilla.suse.com/1203909 https://bugzilla.suse.com/1203935 https://bugzilla.suse.com/1203939 https://bugzilla.suse.com/1203987 https://bugzilla.suse.com/1203992 https://bugzilla.suse.com/1204051 https://bugzilla.suse.com/1204059 https://bugzilla.suse.com/1204060 https://bugzilla.suse.com/1204125 From sle-updates at lists.suse.com Mon Oct 31 14:34:40 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 31 Oct 2022 15:34:40 +0100 (CET) Subject: SUSE-RU-2022:3813-1: moderate: Recommended update for supportutils-plugin-ha-sap Message-ID: <20221031143440.6EFFEFDB8@maintenance.suse.de> SUSE Recommended Update: Recommended update for supportutils-plugin-ha-sap ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:3813-1 Rating: moderate References: #1203202 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for supportutils-plugin-ha-sap fixes the following issues: - Update to version 0.0.4 - fix basic support for saptune - add saptune version 3 awareness and add a hint for the new saptune supportconfig (bsc#1203202) - change release status of the project Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP5: zypper in -t patch SUSE-SLE-SAP-12-SP5-2022-3813=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-3813=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP5 (noarch): supportutils-plugin-ha-sap-0.0.4+git.1663763480.2bbd713-1.12.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (noarch): supportutils-plugin-ha-sap-0.0.4+git.1663763480.2bbd713-1.12.1 References: https://bugzilla.suse.com/1203202 From sle-updates at lists.suse.com Mon Oct 31 14:35:23 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 31 Oct 2022 15:35:23 +0100 (CET) Subject: SUSE-SU-2022:3810-1: important: Security update for the Linux Kernel Message-ID: <20221031143523.6E4B2FDB8@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3810-1 Rating: important References: #1032323 #1124235 #1129770 #1154048 #1190317 #1199564 #1201309 #1202385 #1202677 #1202960 #1203142 #1203198 #1203254 #1203290 #1203322 #1203410 #1203424 #1203462 #1203514 #1203552 #1203769 #1203802 #1203935 #1203987 #1204166 Cross-References: CVE-2022-20008 CVE-2022-2503 CVE-2022-3169 CVE-2022-3239 CVE-2022-3303 CVE-2022-3424 CVE-2022-40307 CVE-2022-40768 CVE-2022-41218 CVE-2022-41848 CVSS scores: CVE-2022-20008 (NVD) : 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2022-20008 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2022-2503 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-2503 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-3169 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3169 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-3239 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3239 (SUSE): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-3303 (NVD) : 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3303 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2022-3424 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-40307 (NVD) : 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-40307 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-40768 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-40768 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-41218 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-41218 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-41848 (NVD) : 4.2 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-41848 (SUSE): 6.4 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Real Time Extension 12-SP5 ______________________________________________________________________________ An update that solves 10 vulnerabilities and has 15 fixes is now available. Description: The SUSE Linux Enterprise 12 SP5 kernel rt was updated. The following security bugs were fixed: - CVE-2022-40768: Fixed information leak in the scsi driver which allowed local users to obtain sensitive information from kernel memory. (bnc#1203514) - CVE-2022-3169: Fixed a denial of service flaw which occurs when consecutive requests to NVME_IOCTL_RESET and the NVME_IOCTL_SUBSYS_RESET are sent. (bnc#1203290) - CVE-2022-3303: Fixed a race condition in the sound subsystem due to improper locking (bnc#1203769). - CVE-2022-41218: Fixed an use-after-free caused by refcount races in drivers/media/dvb-core/dmxdev.c (bnc#1202960). - CVE-2022-3239: Fixed an use-after-free in the video4linux driver that could lead a local user to able to crash the system or escalate their privileges (bnc#1203552). - CVE-2022-41848: Fixed a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling ioctl (bnc#1203987). - CVE-2022-2503: Fixed a bug in dm-verity, device-mapper table reloads allowed users with root privileges to switch out the target with an equivalent dm-linear target and bypass verification till reboot. This allowed root to bypass LoadPin and can be used to load untrusted and unverified kernel modules and firmware, which implies arbitrary kernel execution and persistence for peripherals that do not verify firmware updates (bnc#1202677). - CVE-2022-20008: Fixed a bug which allowed to read kernel heap memory due to uninitialized data. This could lead to local information disclosure if reading from an SD card that triggers errors, with no additional execution privileges needed. (bnc#1199564) - CVE-2022-40307: Fixed a race condition that could had been exploited to trigger a use-after-free in the efi firmware capsule-loader.c. (bnc#1203322) - CVE-2022-3424: Fixed a use-after-free in gru_set_context_option which was leading to kernel panic. (bsc#1204166) The following non-security bugs were fixed: - ACPI: processor idle: Practically limit "Dummy wait" workaround to old Intel systems (bnc#1203802). - ACPI: processor_idle: Skip dummy wait if kernel is in guest (bnc#1203802). - arm64: cpufeature: Allow different PMU versions in ID_DFR0_EL1 (git-fixes) - cifs: alloc_mid function should be marked as static (bsc#1190317). - cifs: alloc_path_with_tree_prefix: do not append sep. if the path is empty (bsc#1190317). - cifs: change smb2_query_info_compound to use a cached fid, if available (bsc#1190317). - cifs: check for smb1 in open_cached_dir() (bsc#1190317). - cifs: Check the IOCB_DIRECT flag, not O_DIRECT (bsc#1190317). - cifs: clean up an inconsistent indenting (bsc#1190317). - cifs: convert the path to utf16 in smb2_query_info_compound (bsc#1190317). - cifs: Do not use tcon->cfid directly, use the cfid we get from open_cached_dir (bsc#1190317). - cifs: do not use uninitialized data in the owner/group sid (bsc#1190317). - cifs: fix double free race when mount fails in cifs_get_root() (bsc#1190317). - cifs: fix FILE_BOTH_DIRECTORY_INFO definition (bsc#1190317). - cifs: fix handlecache and multiuser (bsc#1190317). - cifs: fix lock length calculation (bsc#1190317). - cifs: fix ntlmssp auth when there is no key exchange (bsc#1190317). - cifs: fix NULL ptr dereference in refresh_mounts() (bsc#1190317). - cifs: fix NULL ptr dereference in smb2_ioctl_query_info() (bsc#1190317). - cifs: fix set of group SID via NTSD xattrs (bsc#1190317). - cifs: fix signed integer overflow when fl_end is OFFSET_MAX (bsc#1190317). - cifs: Fix smb311_update_preauth_hash() kernel-doc comment (bsc#1190317). - cifs: fix the cifs_reconnect path for DFS (bsc#1190317). - cifs: fix uninitialized pointer in error case in dfs_cache_get_tgt_share (bsc#1190317). - cifs: mark sessions for reconnection in helper function (bsc#1190317). - cifs: modefromsids must add an ACE for authenticated users (bsc#1190317). - cifs: move definition of cifs_fattr earlier in cifsglob.h (bsc#1190317). - cifs: move from strlcpy with unused retval to strscpy (bsc#1190317). - cifs: move superblock magic defitions to magic.h (bsc#1190317). - cifs: potential buffer overflow in handling symlinks (bsc#1190317). - cifs: prevent bad output lengths in smb2_ioctl_query_info() (bsc#1190317). - cifs: release cached dentries only if mount is complete (bsc#1190317). - cifs: remove "cifs_" prefix from init/destroy mids functions (bsc#1190317). - cifs: remove check of list iterator against head past the loop body (bsc#1190317). - cifs: remove minor build warning (bsc#1190317). - cifs: remove redundant initialization to variable mnt_sign_enabled (bsc#1190317). - cifs: remove remaining build warnings (bsc#1190317). - cifs: remove repeated debug message on cifs_put_smb_ses() (bsc#1190317). - cifs: remove some camelCase and also some static build warnings (bsc#1190317). - cifs: remove unnecessary (void*) conversions (bsc#1190317). - cifs: remove unused server parameter from calc_smb_size() (bsc#1190317). - cifs: remove useless DeleteMidQEntry() (bsc#1190317). - cifs: remove useless parameter 'is_fsctl' from SMB2_ioctl() (bsc#1190317). - cifs: return errors during session setup during reconnects (bsc#1190317). - cifs: return the more nuanced writeback error on close() (bsc#1190317). - cifs: sanitize multiple delimiters in prepath (bsc#1190317). - cifs: set the CREATE_NOT_FILE when opening the directory in use_cached_dir() (bsc#1190317). - cifs: skip trailing separators of prefix paths (bsc#1190317). - cifs: smbd: fix typo in comment (bsc#1190317). - cifs: Split the smb3_add_credits tracepoint (bsc#1190317). - cifs: use correct lock type in cifs_reconnect() (bsc#1190317). - cifs: Use kzalloc instead of kmalloc/memset (bsc#1190317). - cifs: verify that tcon is valid before dereference in cifs_kill_sb (bsc#1190317). - cifs: version operations for smb20 unneeded when legacy support disabled (bsc#1190317). - cifs: we do not need a spinlock around the tree access during umount (bsc#1190317). - cifs: when extending a file with falloc we should make files not-sparse (bsc#1190317). - dm: thin metadata: Fix use-after-free in dm_bm_set_read_only (bsc#1203462). - dtb: Do not include sources in src.rpm - refer to kernel-source Same as other kernel binary packages there is no need to carry duplicate sources in dtb packages. - fbdev: fb_pm2fb: Avoid potential divide by zero error (bsc#1154048) - ftrace: Fix NULL pointer dereference in is_ftrace_trampoline when ftrace is dead (git-fixes). - Input: iforce - constify usb_device_id and fix space before '[' error (git-fixes). - Input: melfas_mip4 - fix return value check in mip4_probe() (git-fixes). - Input: stop telling users to snail-mail Vojtech (git-fixes). - KVM: x86/emulator: Fix handing of POP SS to correctly set interruptibility (git-fixes). - locking/csd_lock: Change csdlock_debug from early_param to __setup (git-fixes). - md-raid10: fix KASAN warning (git-fixes). - md: call __md_stop_writes in md_stop (git-fixes). - mkspec: eliminate @NOSOURCE@ macro This should be alsways used with @SOURCES@, just include the content there. - net: mana: Add rmb after checking owner bits (git-fixes). - net: mana: Add the Linux MANA PF driver (bug#1201309, jsc#PED-529). - NFS: LOOKUP_DIRECTORY is also ok with symlinks (git-fixes). - NFSD: Fix zero-length NFSv3 WRITEs (git-fixes). - NFSv4.1: RECLAIM_COMPLETE must handle EACCES (git-fixes). - powerpc: Use device_type helpers to access the node type (bsc#1203424 ltc#199544). - powerpc/drmem: Make lmb_size 64 bit (bsc#1203424 ltc#199544). - powerpc/memhotplug: Make lmb size 64bit (bsc#1203424 ltc#199544). - ppc64/kdump: Limit kdump base to 512MB (bsc#1203410 ltc#199904). - s390: fix double free of GS and RI CBs on fork() failure (bsc#1203254 LTC#199911). - s390/guarded storage: simplify task exit handling (bsc#1203254 LTC#199911). - s390/hugetlb: fix prepare_hugepage_range() check for 2 GB hugepages (bsc#1203142 LTC#199883). - s390/hypfs: avoid error message under KVM (bsc#1032323). - s390/mm: do not trigger write fault when vma does not allow VM_WRITE (bsc#1203198 LTC#199898). - scsi: ch: Make it possible to open a ch device multiple times again (git-fixes). - scsi: core: Avoid that a kernel warning appears during system resume (git-fixes). - scsi: core: Avoid that system resume triggers a kernel warning (git-fixes). - scsi: fcoe: Embed fc_rport_priv in fcoe_rport structure (git-fixes). - scsi: lpfc: Add missing destroy_workqueue() in error path (git-fixes). - scsi: lpfc: Check the return value of alloc_workqueue() (git-fixes). - scsi: mpt3sas: Do not call disable_irq from IRQ poll handler (git-fixes). - scsi: mpt3sas: Fix ioctl timeout (git-fixes). - scsi: mpt3sas: Fix sync irqs (git-fixes). - scsi: mpt3sas: Fix use-after-free warning (git-fixes). - scsi: qla2xxx: Add debugfs create/delete helpers (bsc#1203935). - scsi: qla2xxx: Add NVMe parameters support in Auxiliary Image Status (bsc#1203935). - scsi: qla2xxx: Always wait for qlt_sess_work_fn() from qlt_stop_phase1() (bsc#1203935). - scsi: qla2xxx: Avoid flush_scheduled_work() usage (bsc#1203935). - scsi: qla2xxx: Disable ATIO interrupt coalesce for quad port ISP27XX (bsc#1203935). - scsi: qla2xxx: Drop DID_TARGET_FAILURE use (bsc#1203935). - scsi: qla2xxx: Fix memory leak in __qlt_24xx_handle_abts() (bsc#1203935). - scsi: qla2xxx: Fix memory leak in __qlt_24xx_handle_abts() (git-fixes). - scsi: qla2xxx: Fix response queue handler reading stale packets (bsc#1203935). - scsi: qla2xxx: Log message "skipping scsi_scan_host()" as informational (bsc#1203935). - scsi: qla2xxx: Remove unused declarations for qla2xxx (bsc#1203935). - scsi: qla2xxx: Remove unused del_sess_list field (bsc#1203935). - scsi: qla2xxx: Remove unused qlt_tmr_work() (bsc#1203935). - scsi: qla2xxx: Revert "scsi: qla2xxx: Fix response queue handler reading stale packets" (bsc#1203935). - scsi: qla2xxx: Update version to 10.02.07.900-k (bsc#1203935). - scsi: sd_zbc: Fix compilation warning (git-fixes). - scsi: sd: enable compat ioctls for sed-opal (git-fixes). - scsi: sd: Fix Opal support (git-fixes). - scsi: sg: Allow waiting for commands to complete on removed device (git-fixes). - scsi: smartpqi: Fix DMA direction for RAID requests (git-fixes). - smb2: small refactor in smb2_check_message() (bsc#1190317). - smb3: add trace point for SMB2_set_eof (bsc#1190317). - smb3: check for null tcon (bsc#1190317). - smb3: check xattr value length earlier (bsc#1190317). - smb3: do not set rc when used and unneeded in query_info_compound (bsc#1190317). - smb3: EBADF/EIO errors in rename/open caused by race condition in smb2_compound_op (bsc#1190317). - SUNRPC: Reinitialise the backchannel request buffers before reuse (git-fixes). - sysfb: Enable boot time VESA graphic mode selection (bsc#1129770) Backporting notes: * context changes * config update - USB: Add ignore-residue quirk for NXP PN7462AU (git-fixes). - USB: cdc-acm: Add Icom PMR F3400 support (0c26:0020) (git-fixes). - USB: core: Prevent nested device-reset calls (git-fixes). - USB: dwc2: fix wrong order of phy_power_on and phy_init (git-fixes). - USB: serial: ftdi_sio: add Belimo device ids (git-fixes). - USB: serial: option: add Quectel BG95 0x0203 composition (git-fixes). - USB: serial: option: add Quectel EM05-G modem (git-fixes). - USB: serial: option: add Quectel RM500K module support. - USB: serial: option: add Quectel RM520N (git-fixes). - USB: serial: option: add support for Cinterion MV31 with new baseline (git-fixes). - USB: serial: option: add Telit LE910Cx 0x1250 composition (git-fixes). - USB: typec: altmodes/displayport: correct pin assignment for UFP receptacles (git-fixes). - USB: typec: tcpci: Do not skip cleanup in .remove() on error (git-fixes). - USB: struct usb_device: hide new member (git-fixes). - USB: Fix memory leak in usbnet_disconnect() (git-fixes). - video: fbdev: amba-clcd: Fix refcount leak bugs (bsc#1154048) Backporting notes: * context changes - video: fbdev: arkfb: Check the size of screen before memset_io() (bsc#1154048) - video: fbdev: arkfb: Fix a divide-by-zero bug in ark_set_pixclock() (bsc#1154048) - video: fbdev: s3fb: Check the size of screen before memset_io() (bsc#1154048) - video: fbdev: sis: fix typos in SiS_GetModeID() (bsc#1154048) - video: fbdev: vt8623fb: Check the size of screen before memset_io() (bsc#1154048) - x86/bugs: Reenable retbleed=off While for older kernels the return thunks are statically built in and cannot be dynamically patched out, retbleed=off should still be possible to do so that the mitigation can still be disabled on Intel who do not use the return thunks but IBRS. - x86/xen: Remove undefined behavior in setup_features() (git-fixes). - xhci: bail out early if driver can't accress host in resume (git-fixes). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Real Time Extension 12-SP5: zypper in -t patch SUSE-SLE-RT-12-SP5-2022-3810=1 Package List: - SUSE Linux Enterprise Real Time Extension 12-SP5 (noarch): kernel-devel-rt-4.12.14-10.103.1 kernel-source-rt-4.12.14-10.103.1 - SUSE Linux Enterprise Real Time Extension 12-SP5 (x86_64): cluster-md-kmp-rt-4.12.14-10.103.1 cluster-md-kmp-rt-debuginfo-4.12.14-10.103.1 dlm-kmp-rt-4.12.14-10.103.1 dlm-kmp-rt-debuginfo-4.12.14-10.103.1 gfs2-kmp-rt-4.12.14-10.103.1 gfs2-kmp-rt-debuginfo-4.12.14-10.103.1 kernel-rt-4.12.14-10.103.1 kernel-rt-base-4.12.14-10.103.1 kernel-rt-base-debuginfo-4.12.14-10.103.1 kernel-rt-debuginfo-4.12.14-10.103.1 kernel-rt-debugsource-4.12.14-10.103.1 kernel-rt-devel-4.12.14-10.103.1 kernel-rt-devel-debuginfo-4.12.14-10.103.1 kernel-rt_debug-4.12.14-10.103.1 kernel-rt_debug-debuginfo-4.12.14-10.103.1 kernel-rt_debug-debugsource-4.12.14-10.103.1 kernel-rt_debug-devel-4.12.14-10.103.1 kernel-rt_debug-devel-debuginfo-4.12.14-10.103.1 kernel-syms-rt-4.12.14-10.103.1 ocfs2-kmp-rt-4.12.14-10.103.1 ocfs2-kmp-rt-debuginfo-4.12.14-10.103.1 References: https://www.suse.com/security/cve/CVE-2022-20008.html https://www.suse.com/security/cve/CVE-2022-2503.html https://www.suse.com/security/cve/CVE-2022-3169.html https://www.suse.com/security/cve/CVE-2022-3239.html https://www.suse.com/security/cve/CVE-2022-3303.html https://www.suse.com/security/cve/CVE-2022-3424.html https://www.suse.com/security/cve/CVE-2022-40307.html https://www.suse.com/security/cve/CVE-2022-40768.html https://www.suse.com/security/cve/CVE-2022-41218.html https://www.suse.com/security/cve/CVE-2022-41848.html https://bugzilla.suse.com/1032323 https://bugzilla.suse.com/1124235 https://bugzilla.suse.com/1129770 https://bugzilla.suse.com/1154048 https://bugzilla.suse.com/1190317 https://bugzilla.suse.com/1199564 https://bugzilla.suse.com/1201309 https://bugzilla.suse.com/1202385 https://bugzilla.suse.com/1202677 https://bugzilla.suse.com/1202960 https://bugzilla.suse.com/1203142 https://bugzilla.suse.com/1203198 https://bugzilla.suse.com/1203254 https://bugzilla.suse.com/1203290 https://bugzilla.suse.com/1203322 https://bugzilla.suse.com/1203410 https://bugzilla.suse.com/1203424 https://bugzilla.suse.com/1203462 https://bugzilla.suse.com/1203514 https://bugzilla.suse.com/1203552 https://bugzilla.suse.com/1203769 https://bugzilla.suse.com/1203802 https://bugzilla.suse.com/1203935 https://bugzilla.suse.com/1203987 https://bugzilla.suse.com/1204166 From sle-updates at lists.suse.com Mon Oct 31 14:38:06 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 31 Oct 2022 15:38:06 +0100 (CET) Subject: SUSE-RU-2022:3815-1: moderate: Recommended update for sudo Message-ID: <20221031143806.537BAFDB8@maintenance.suse.de> SUSE Recommended Update: Recommended update for sudo ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:3815-1 Rating: moderate References: #1177578 #1201462 Affected Products: SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for sudo fixes the following issues: - Ignore entries when converting LDAP to sudoers. Prevents empty host list being treated as "ALL" wildcard (bsc#1201462) - Removed redundant and confusing 'secure_path' settings in sudo-sudoers file (bsc#1177578) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-3815=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-3815=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): sudo-debuginfo-1.8.27-4.23.1 sudo-debugsource-1.8.27-4.23.1 sudo-devel-1.8.27-4.23.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): sudo-1.8.27-4.23.1 sudo-debuginfo-1.8.27-4.23.1 sudo-debugsource-1.8.27-4.23.1 References: https://bugzilla.suse.com/1177578 https://bugzilla.suse.com/1201462 From sle-updates at lists.suse.com Mon Oct 31 14:39:34 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 31 Oct 2022 15:39:34 +0100 (CET) Subject: SUSE-RU-2022:3812-1: moderate: Recommended update for sudo Message-ID: <20221031143934.22F07FDB8@maintenance.suse.de> SUSE Recommended Update: Recommended update for sudo ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:3812-1 Rating: moderate References: #1177578 Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for sudo fixes the following issues: - Removed redundant and confusing 'secure_path' settings in sudo-sudoers file (bsc#1177578). Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3812=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-3812=1 - SUSE Linux Enterprise Micro 5.3: zypper in -t patch SUSE-SLE-Micro-5.3-2022-3812=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): sudo-1.9.9-150400.4.3.1 sudo-debuginfo-1.9.9-150400.4.3.1 sudo-debugsource-1.9.9-150400.4.3.1 sudo-devel-1.9.9-150400.4.3.1 sudo-plugin-python-1.9.9-150400.4.3.1 sudo-plugin-python-debuginfo-1.9.9-150400.4.3.1 sudo-test-1.9.9-150400.4.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): sudo-1.9.9-150400.4.3.1 sudo-debuginfo-1.9.9-150400.4.3.1 sudo-debugsource-1.9.9-150400.4.3.1 sudo-devel-1.9.9-150400.4.3.1 sudo-plugin-python-1.9.9-150400.4.3.1 sudo-plugin-python-debuginfo-1.9.9-150400.4.3.1 - SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64): sudo-1.9.9-150400.4.3.1 sudo-debuginfo-1.9.9-150400.4.3.1 sudo-debugsource-1.9.9-150400.4.3.1 References: https://bugzilla.suse.com/1177578 From sle-updates at lists.suse.com Mon Oct 31 14:40:52 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 31 Oct 2022 15:40:52 +0100 (CET) Subject: SUSE-SU-2022:3817-1: critical: Security update for libtasn1 Message-ID: <20221031144052.19A34FDB8@maintenance.suse.de> SUSE Security Update: Security update for libtasn1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3817-1 Rating: critical References: #1204690 Cross-References: CVE-2021-46848 CVSS scores: CVE-2021-46848 (NVD) : 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H CVE-2021-46848 (SUSE): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H Affected Products: SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for libtasn1 fixes the following issues: - CVE-2021-46848: Fixed off-by-one array size check that affects asn1_encode_simple_der (bsc#1204690). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-3817=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2022-3817=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-3817=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-3817=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-3817=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-3817=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2022-3817=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): libtasn1-4.9-3.13.1 libtasn1-6-32bit-4.9-3.13.1 libtasn1-6-4.9-3.13.1 libtasn1-6-debuginfo-32bit-4.9-3.13.1 libtasn1-6-debuginfo-4.9-3.13.1 libtasn1-debuginfo-4.9-3.13.1 libtasn1-debugsource-4.9-3.13.1 - SUSE OpenStack Cloud 9 (x86_64): libtasn1-4.9-3.13.1 libtasn1-6-32bit-4.9-3.13.1 libtasn1-6-4.9-3.13.1 libtasn1-6-debuginfo-32bit-4.9-3.13.1 libtasn1-6-debuginfo-4.9-3.13.1 libtasn1-debuginfo-4.9-3.13.1 libtasn1-debugsource-4.9-3.13.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): libtasn1-debuginfo-4.9-3.13.1 libtasn1-debugsource-4.9-3.13.1 libtasn1-devel-4.9-3.13.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): libtasn1-4.9-3.13.1 libtasn1-6-4.9-3.13.1 libtasn1-6-debuginfo-4.9-3.13.1 libtasn1-debuginfo-4.9-3.13.1 libtasn1-debugsource-4.9-3.13.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64): libtasn1-6-32bit-4.9-3.13.1 libtasn1-6-debuginfo-32bit-4.9-3.13.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libtasn1-4.9-3.13.1 libtasn1-6-4.9-3.13.1 libtasn1-6-debuginfo-4.9-3.13.1 libtasn1-debuginfo-4.9-3.13.1 libtasn1-debugsource-4.9-3.13.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): libtasn1-6-32bit-4.9-3.13.1 libtasn1-6-debuginfo-32bit-4.9-3.13.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): libtasn1-4.9-3.13.1 libtasn1-6-4.9-3.13.1 libtasn1-6-debuginfo-4.9-3.13.1 libtasn1-debuginfo-4.9-3.13.1 libtasn1-debugsource-4.9-3.13.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (s390x x86_64): libtasn1-6-32bit-4.9-3.13.1 libtasn1-6-debuginfo-32bit-4.9-3.13.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): libtasn1-4.9-3.13.1 libtasn1-6-32bit-4.9-3.13.1 libtasn1-6-4.9-3.13.1 libtasn1-6-debuginfo-32bit-4.9-3.13.1 libtasn1-6-debuginfo-4.9-3.13.1 libtasn1-debuginfo-4.9-3.13.1 libtasn1-debugsource-4.9-3.13.1 References: https://www.suse.com/security/cve/CVE-2021-46848.html https://bugzilla.suse.com/1204690 From sle-updates at lists.suse.com Mon Oct 31 14:41:42 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 31 Oct 2022 15:41:42 +0100 (CET) Subject: SUSE-RU-2022:3811-1: moderate: Recommended update for ovmf Message-ID: <20221031144142.12DAFFDB8@maintenance.suse.de> SUSE Recommended Update: Recommended update for ovmf ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:3811-1 Rating: moderate References: #1199156 #1203825 Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.3 SUSE Linux Enterprise Module for Server Applications 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for ovmf fixes the following issues: - Disable option ROM on sev (bsc#1199156) - Fix detection issue of NVME controller (bsc#1203825) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3811=1 - SUSE Linux Enterprise Module for Server Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2022-3811=1 - SUSE Linux Enterprise Micro 5.3: zypper in -t patch SUSE-SLE-Micro-5.3-2022-3811=1 Package List: - openSUSE Leap 15.4 (aarch64 x86_64): ovmf-202202-150400.5.5.1 ovmf-tools-202202-150400.5.5.1 - openSUSE Leap 15.4 (x86_64): qemu-ovmf-x86_64-debug-202202-150400.5.5.1 - openSUSE Leap 15.4 (noarch): qemu-ovmf-ia32-202202-150400.5.5.1 qemu-ovmf-x86_64-202202-150400.5.5.1 qemu-uefi-aarch32-202202-150400.5.5.1 qemu-uefi-aarch64-202202-150400.5.5.1 - SUSE Linux Enterprise Module for Server Applications 15-SP4 (aarch64 x86_64): ovmf-202202-150400.5.5.1 ovmf-tools-202202-150400.5.5.1 - SUSE Linux Enterprise Module for Server Applications 15-SP4 (noarch): qemu-ovmf-x86_64-202202-150400.5.5.1 qemu-uefi-aarch64-202202-150400.5.5.1 - SUSE Linux Enterprise Micro 5.3 (noarch): qemu-ovmf-x86_64-202202-150400.5.5.1 qemu-uefi-aarch64-202202-150400.5.5.1 References: https://bugzilla.suse.com/1199156 https://bugzilla.suse.com/1203825 From sle-updates at lists.suse.com Mon Oct 31 14:42:37 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 31 Oct 2022 15:42:37 +0100 (CET) Subject: SUSE-RU-2022:3814-1: moderate: Recommended update for sapstartsrv-resource-agents and supportutils-plugin-ha-sap Message-ID: <20221031144237.B2C00FDB8@maintenance.suse.de> SUSE Recommended Update: Recommended update for sapstartsrv-resource-agents and supportutils-plugin-ha-sap ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:3814-1 Rating: moderate References: #1203202 Affected Products: SUSE Linux Enterprise Module for SAP Applications 15 SUSE Linux Enterprise Module for SAP Applications 15-SP1 SUSE Linux Enterprise Module for SAP Applications 15-SP2 SUSE Linux Enterprise Module for SAP Applications 15-SP3 SUSE Linux Enterprise Module for SAP Applications 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15 SUSE Linux Enterprise Server for SAP Applications 15-SP1 SUSE Linux Enterprise Server for SAP Applications 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for sapstartsrv-resource-agents and supportutils-plugin-ha-sap fixes the following issues: sapstartsrv-resource-agents: - Version bump to 0.9.1 - man page updates based on customer feedback - remove 'BuildRequire python3-mock' as this is no longer needed for the tests supportutils-plugin-ha-sap: - Update to version 0.0.4 - fix basic support for saptune - add saptune version 3 awareness and add a hint for the new saptune supportconfig (bsc#1203202) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3814=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-3814=1 - SUSE Linux Enterprise Module for SAP Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP4-2022-3814=1 - SUSE Linux Enterprise Module for SAP Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP3-2022-3814=1 - SUSE Linux Enterprise Module for SAP Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP2-2022-3814=1 - SUSE Linux Enterprise Module for SAP Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP1-2022-3814=1 - SUSE Linux Enterprise Module for SAP Applications 15: zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-2022-3814=1 Package List: - openSUSE Leap 15.4 (noarch): sapstartsrv-resource-agents-0.9.1+git.1663751963.e0ef8a2-150000.1.15.1 supportutils-plugin-ha-sap-0.0.4+git.1663763480.2bbd713-150000.1.12.1 - openSUSE Leap 15.3 (noarch): sapstartsrv-resource-agents-0.9.1+git.1663751963.e0ef8a2-150000.1.15.1 supportutils-plugin-ha-sap-0.0.4+git.1663763480.2bbd713-150000.1.12.1 - SUSE Linux Enterprise Module for SAP Applications 15-SP4 (noarch): sapstartsrv-resource-agents-0.9.1+git.1663751963.e0ef8a2-150000.1.15.1 supportutils-plugin-ha-sap-0.0.4+git.1663763480.2bbd713-150000.1.12.1 - SUSE Linux Enterprise Module for SAP Applications 15-SP3 (noarch): sapstartsrv-resource-agents-0.9.1+git.1663751963.e0ef8a2-150000.1.15.1 supportutils-plugin-ha-sap-0.0.4+git.1663763480.2bbd713-150000.1.12.1 - SUSE Linux Enterprise Module for SAP Applications 15-SP2 (noarch): sapstartsrv-resource-agents-0.9.1+git.1663751963.e0ef8a2-150000.1.15.1 supportutils-plugin-ha-sap-0.0.4+git.1663763480.2bbd713-150000.1.12.1 - SUSE Linux Enterprise Module for SAP Applications 15-SP1 (noarch): sapstartsrv-resource-agents-0.9.1+git.1663751963.e0ef8a2-150000.1.15.1 supportutils-plugin-ha-sap-0.0.4+git.1663763480.2bbd713-150000.1.12.1 - SUSE Linux Enterprise Module for SAP Applications 15 (noarch): sapstartsrv-resource-agents-0.9.1+git.1663751963.e0ef8a2-150000.1.15.1 supportutils-plugin-ha-sap-0.0.4+git.1663763480.2bbd713-150000.1.12.1 References: https://bugzilla.suse.com/1203202 From sle-updates at lists.suse.com Mon Oct 31 14:44:31 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 31 Oct 2022 15:44:31 +0100 (CET) Subject: SUSE-RU-2022:3816-1: moderate: Recommended update for sudo Message-ID: <20221031144431.2B12CFDB8@maintenance.suse.de> SUSE Recommended Update: Recommended update for sudo ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:3816-1 Rating: moderate References: #1201462 Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Enterprise Storage 7 SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Manager Proxy 4.1 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for sudo fixes the following issues: - Ignore entries when converting LDAP to sudoers. Prevents empty host list being treated as "ALL" wildcard. (bsc#1201462) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-3816=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-3816=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-3816=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-3816=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-3816=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-3816=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-3816=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-3816=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-3816=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-3816=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-3816=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-3816=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-3816=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-3816=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-3816=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-3816=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-3816=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-3816=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-3816=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Manager Server 4.1 (ppc64le s390x x86_64): sudo-1.8.27-150000.4.27.1 sudo-debuginfo-1.8.27-150000.4.27.1 sudo-debugsource-1.8.27-150000.4.27.1 sudo-devel-1.8.27-150000.4.27.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): sudo-1.8.27-150000.4.27.1 sudo-debuginfo-1.8.27-150000.4.27.1 sudo-debugsource-1.8.27-150000.4.27.1 sudo-devel-1.8.27-150000.4.27.1 - SUSE Manager Proxy 4.1 (x86_64): sudo-1.8.27-150000.4.27.1 sudo-debuginfo-1.8.27-150000.4.27.1 sudo-debugsource-1.8.27-150000.4.27.1 sudo-devel-1.8.27-150000.4.27.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): sudo-1.8.27-150000.4.27.1 sudo-debuginfo-1.8.27-150000.4.27.1 sudo-debugsource-1.8.27-150000.4.27.1 sudo-devel-1.8.27-150000.4.27.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): sudo-1.8.27-150000.4.27.1 sudo-debuginfo-1.8.27-150000.4.27.1 sudo-debugsource-1.8.27-150000.4.27.1 sudo-devel-1.8.27-150000.4.27.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): sudo-1.8.27-150000.4.27.1 sudo-debuginfo-1.8.27-150000.4.27.1 sudo-debugsource-1.8.27-150000.4.27.1 sudo-devel-1.8.27-150000.4.27.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): sudo-1.8.27-150000.4.27.1 sudo-debuginfo-1.8.27-150000.4.27.1 sudo-debugsource-1.8.27-150000.4.27.1 sudo-devel-1.8.27-150000.4.27.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): sudo-1.8.27-150000.4.27.1 sudo-debuginfo-1.8.27-150000.4.27.1 sudo-debugsource-1.8.27-150000.4.27.1 sudo-devel-1.8.27-150000.4.27.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): sudo-1.8.27-150000.4.27.1 sudo-debuginfo-1.8.27-150000.4.27.1 sudo-debugsource-1.8.27-150000.4.27.1 sudo-devel-1.8.27-150000.4.27.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): sudo-1.8.27-150000.4.27.1 sudo-debuginfo-1.8.27-150000.4.27.1 sudo-debugsource-1.8.27-150000.4.27.1 sudo-devel-1.8.27-150000.4.27.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): sudo-1.8.27-150000.4.27.1 sudo-debuginfo-1.8.27-150000.4.27.1 sudo-debugsource-1.8.27-150000.4.27.1 sudo-devel-1.8.27-150000.4.27.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): sudo-1.8.27-150000.4.27.1 sudo-debuginfo-1.8.27-150000.4.27.1 sudo-debugsource-1.8.27-150000.4.27.1 sudo-devel-1.8.27-150000.4.27.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): sudo-1.8.27-150000.4.27.1 sudo-debuginfo-1.8.27-150000.4.27.1 sudo-debugsource-1.8.27-150000.4.27.1 sudo-devel-1.8.27-150000.4.27.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): sudo-1.8.27-150000.4.27.1 sudo-debuginfo-1.8.27-150000.4.27.1 sudo-debugsource-1.8.27-150000.4.27.1 sudo-devel-1.8.27-150000.4.27.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): sudo-1.8.27-150000.4.27.1 sudo-debuginfo-1.8.27-150000.4.27.1 sudo-debugsource-1.8.27-150000.4.27.1 sudo-devel-1.8.27-150000.4.27.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): sudo-1.8.27-150000.4.27.1 sudo-debuginfo-1.8.27-150000.4.27.1 sudo-debugsource-1.8.27-150000.4.27.1 sudo-devel-1.8.27-150000.4.27.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): sudo-1.8.27-150000.4.27.1 sudo-debuginfo-1.8.27-150000.4.27.1 sudo-debugsource-1.8.27-150000.4.27.1 sudo-devel-1.8.27-150000.4.27.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): sudo-1.8.27-150000.4.27.1 sudo-debuginfo-1.8.27-150000.4.27.1 sudo-debugsource-1.8.27-150000.4.27.1 sudo-devel-1.8.27-150000.4.27.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): sudo-1.8.27-150000.4.27.1 sudo-debuginfo-1.8.27-150000.4.27.1 sudo-debugsource-1.8.27-150000.4.27.1 sudo-devel-1.8.27-150000.4.27.1 - SUSE CaaS Platform 4.0 (x86_64): sudo-1.8.27-150000.4.27.1 sudo-debuginfo-1.8.27-150000.4.27.1 sudo-debugsource-1.8.27-150000.4.27.1 sudo-devel-1.8.27-150000.4.27.1 References: https://bugzilla.suse.com/1201462 From sle-updates at lists.suse.com Mon Oct 31 17:19:20 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 31 Oct 2022 18:19:20 +0100 (CET) Subject: SUSE-RU-2022:3818-1: important: Recommended update for rabbitmq-server Message-ID: <20221031171920.D0628FDB8@maintenance.suse.de> SUSE Recommended Update: Recommended update for rabbitmq-server ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:3818-1 Rating: important References: #1199431 Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Server Applications 15-SP3 SUSE Linux Enterprise Module for Server Applications 15-SP4 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for rabbitmq-server fixes the following issues: - Ensure maintenance mode state table exists after node [re]boot (bsc#1199431) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3818=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-3818=1 - SUSE Linux Enterprise Module for Server Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2022-3818=1 - SUSE Linux Enterprise Module for Server Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2022-3818=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): erlang-rabbitmq-client-3.8.11-150300.3.6.1 rabbitmq-server-3.8.11-150300.3.6.1 rabbitmq-server-plugins-3.8.11-150300.3.6.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): erlang-rabbitmq-client-3.8.11-150300.3.6.1 rabbitmq-server-3.8.11-150300.3.6.1 rabbitmq-server-plugins-3.8.11-150300.3.6.1 - SUSE Linux Enterprise Module for Server Applications 15-SP4 (aarch64 ppc64le s390x x86_64): erlang-rabbitmq-client-3.8.11-150300.3.6.1 rabbitmq-server-3.8.11-150300.3.6.1 rabbitmq-server-plugins-3.8.11-150300.3.6.1 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (aarch64 ppc64le s390x x86_64): erlang-rabbitmq-client-3.8.11-150300.3.6.1 rabbitmq-server-3.8.11-150300.3.6.1 rabbitmq-server-plugins-3.8.11-150300.3.6.1 References: https://bugzilla.suse.com/1199431 From sle-updates at lists.suse.com Mon Oct 31 17:20:07 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 31 Oct 2022 18:20:07 +0100 (CET) Subject: SUSE-SU-2022:3819-1: moderate: Security update for podman Message-ID: <20221031172007.D2EF2FDB8@maintenance.suse.de> SUSE Security Update: Security update for podman ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3819-1 Rating: moderate References: #1202809 Cross-References: CVE-2022-2989 CVSS scores: CVE-2022-2989 (NVD) : 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N CVE-2022-2989 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N Affected Products: SUSE Enterprise Storage 7.1 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Module for Containers 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap Micro 5.2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for podman fixes the following issues: - CVE-2022-2989: Fixed possible information disclosure and modification (bsc#1202809). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap Micro 5.2: zypper in -t patch openSUSE-Leap-Micro-5.2-2022-3819=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-3819=1 - SUSE Linux Enterprise Module for Containers 15-SP3: zypper in -t patch SUSE-SLE-Module-Containers-15-SP3-2022-3819=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-3819=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-3819=1 - SUSE Enterprise Storage 7.1: zypper in -t patch SUSE-Storage-7.1-2022-3819=1 Package List: - openSUSE Leap Micro 5.2 (aarch64 x86_64): podman-3.4.7-150300.9.12.1 podman-debuginfo-3.4.7-150300.9.12.1 - openSUSE Leap Micro 5.2 (noarch): podman-cni-config-3.4.7-150300.9.12.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): podman-3.4.7-150300.9.12.1 - openSUSE Leap 15.3 (noarch): podman-cni-config-3.4.7-150300.9.12.1 - SUSE Linux Enterprise Module for Containers 15-SP3 (aarch64 ppc64le s390x x86_64): podman-3.4.7-150300.9.12.1 - SUSE Linux Enterprise Module for Containers 15-SP3 (noarch): podman-cni-config-3.4.7-150300.9.12.1 - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): podman-3.4.7-150300.9.12.1 podman-debuginfo-3.4.7-150300.9.12.1 - SUSE Linux Enterprise Micro 5.2 (noarch): podman-cni-config-3.4.7-150300.9.12.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): podman-3.4.7-150300.9.12.1 - SUSE Linux Enterprise Micro 5.1 (noarch): podman-cni-config-3.4.7-150300.9.12.1 - SUSE Enterprise Storage 7.1 (aarch64 x86_64): podman-3.4.7-150300.9.12.1 podman-debuginfo-3.4.7-150300.9.12.1 References: https://www.suse.com/security/cve/CVE-2022-2989.html https://bugzilla.suse.com/1202809 From sle-updates at lists.suse.com Mon Oct 31 17:20:54 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 31 Oct 2022 18:20:54 +0100 (CET) Subject: SUSE-SU-2022:3820-1: moderate: Security update for podman Message-ID: <20221031172054.B0513FDB8@maintenance.suse.de> SUSE Security Update: Security update for podman ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3820-1 Rating: moderate References: #1202809 Cross-References: CVE-2022-2989 CVSS scores: CVE-2022-2989 (NVD) : 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N CVE-2022-2989 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.3 SUSE Linux Enterprise Module for Containers 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for podman fixes the following issues: - CVE-2022-2989: Fixed possible information disclosure and modification (bsc#1202809). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3820=1 - SUSE Linux Enterprise Module for Containers 15-SP4: zypper in -t patch SUSE-SLE-Module-Containers-15-SP4-2022-3820=1 - SUSE Linux Enterprise Micro 5.3: zypper in -t patch SUSE-SLE-Micro-5.3-2022-3820=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): podman-3.4.7-150400.4.6.1 podman-debuginfo-3.4.7-150400.4.6.1 podman-remote-3.4.7-150400.4.6.1 podman-remote-debuginfo-3.4.7-150400.4.6.1 - openSUSE Leap 15.4 (noarch): podman-cni-config-3.4.7-150400.4.6.1 podman-docker-3.4.7-150400.4.6.1 - SUSE Linux Enterprise Module for Containers 15-SP4 (aarch64 ppc64le s390x x86_64): podman-3.4.7-150400.4.6.1 podman-debuginfo-3.4.7-150400.4.6.1 podman-remote-3.4.7-150400.4.6.1 podman-remote-debuginfo-3.4.7-150400.4.6.1 - SUSE Linux Enterprise Module for Containers 15-SP4 (noarch): podman-cni-config-3.4.7-150400.4.6.1 podman-docker-3.4.7-150400.4.6.1 - SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64): podman-3.4.7-150400.4.6.1 podman-debuginfo-3.4.7-150400.4.6.1 - SUSE Linux Enterprise Micro 5.3 (noarch): podman-cni-config-3.4.7-150400.4.6.1 References: https://www.suse.com/security/cve/CVE-2022-2989.html https://bugzilla.suse.com/1202809