From sle-updates at lists.suse.com Sat Apr 1 07:03:04 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 1 Apr 2023 09:03:04 +0200 (CEST) Subject: SUSE-CU-2023:892-1: Security update of bci/openjdk Message-ID: <20230401070304.3ABFCF36D@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:892-1 Container Tags : bci/openjdk:17 , bci/openjdk:17-13.19 , bci/openjdk:latest Container Release : 13.19 Severity : important Type : security References : 1203537 1206549 1209533 CVE-2022-4899 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1632-1 Released: Tue Mar 28 12:53:57 2023 Summary: Recommended update for java-17-openjdk Type: recommended Severity: important References: 1206549 This update for java-17-openjdk fixes the following issues: - Remove the accessibility RPM sub-package because it causes problems (bsc#1206549) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1662-1 Released: Wed Mar 29 10:36:23 2023 Summary: Recommended update for patterns-base Type: recommended Severity: moderate References: 1203537 This update for patterns-base fixes the following issues: - change label of FIPS 140-2 to 140-3 to reflect our current certifications (bsc#1203537) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1688-1 Released: Wed Mar 29 18:19:10 2023 Summary: Security update for zstd Type: security Severity: moderate References: 1209533,CVE-2022-4899 This update for zstd fixes the following issues: - CVE-2022-4899: Fixed buffer overrun in util.c (bsc#1209533). The following package changes have been done: - libzstd1-1.5.0-150400.3.3.1 updated - patterns-base-fips-20200124-150400.20.4.1 updated - java-17-openjdk-headless-17.0.6.0-150400.3.15.1 updated - java-17-openjdk-17.0.6.0-150400.3.15.1 updated - container:sles15-image-15.0.0-27.14.45 updated From sle-updates at lists.suse.com Sun Apr 2 07:03:02 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 2 Apr 2023 09:03:02 +0200 (CEST) Subject: SUSE-CU-2023:893-1: Security update of suse/sle-micro/5.3/toolbox Message-ID: <20230402070302.1A797F36E@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.3/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:893-1 Container Tags : suse/sle-micro/5.3/toolbox:12.1 , suse/sle-micro/5.3/toolbox:12.1-5.2.102 , suse/sle-micro/5.3/toolbox:latest Container Release : 5.2.102 Severity : moderate Type : security References : 1207571 1207957 1207975 1208358 CVE-2023-0687 ----------------------------------------------------------------- The container suse/sle-micro/5.3/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1718-1 Released: Fri Mar 31 15:47:34 2023 Summary: Security update for glibc Type: security Severity: moderate References: 1207571,1207957,1207975,1208358,CVE-2023-0687 This update for glibc fixes the following issues: Security issue fixed: - CVE-2023-0687: Fix allocated buffer overflow in gmon (bsc#1207975) Other issues fixed: - Fix avx2 strncmp offset compare condition check (bsc#1208358) - elf: Allow dlopen of filter object to work (bsc#1207571) - powerpc: Fix unrecognized instruction errors with recent GCC - x86: Cache computation for AMD architecture (bsc#1207957) The following package changes have been done: - glibc-locale-base-2.31-150300.46.1 updated - glibc-locale-2.31-150300.46.1 updated From sle-updates at lists.suse.com Sun Apr 2 07:03:19 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 2 Apr 2023 09:03:19 +0200 (CEST) Subject: SUSE-CU-2023:894-1: Security update of suse/sle-micro/5.4/toolbox Message-ID: <20230402070319.A952CF36E@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.4/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:894-1 Container Tags : suse/sle-micro/5.4/toolbox:12.1 , suse/sle-micro/5.4/toolbox:12.1-3.2.87 , suse/sle-micro/5.4/toolbox:latest Container Release : 3.2.87 Severity : moderate Type : security References : 1207571 1207957 1207975 1208358 CVE-2023-0687 ----------------------------------------------------------------- The container suse/sle-micro/5.4/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1718-1 Released: Fri Mar 31 15:47:34 2023 Summary: Security update for glibc Type: security Severity: moderate References: 1207571,1207957,1207975,1208358,CVE-2023-0687 This update for glibc fixes the following issues: Security issue fixed: - CVE-2023-0687: Fix allocated buffer overflow in gmon (bsc#1207975) Other issues fixed: - Fix avx2 strncmp offset compare condition check (bsc#1208358) - elf: Allow dlopen of filter object to work (bsc#1207571) - powerpc: Fix unrecognized instruction errors with recent GCC - x86: Cache computation for AMD architecture (bsc#1207957) The following package changes have been done: - glibc-locale-base-2.31-150300.46.1 updated - glibc-locale-2.31-150300.46.1 updated From sle-updates at lists.suse.com Sun Apr 2 07:06:08 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 2 Apr 2023 09:06:08 +0200 (CEST) Subject: SUSE-CU-2023:895-1: Security update of suse/sle15 Message-ID: <20230402070608.A4DFDF36E@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:895-1 Container Tags : suse/sle15:15.2 , suse/sle15:15.2.9.5.278 Container Release : 9.5.278 Severity : moderate Type : security References : 1207992 1209209 1209210 1209211 1209212 1209214 CVE-2023-23916 CVE-2023-27533 CVE-2023-27534 CVE-2023-27535 CVE-2023-27536 CVE-2023-27538 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1711-1 Released: Fri Mar 31 13:33:04 2023 Summary: Security update for curl Type: security Severity: moderate References: 1207992,1209209,1209210,1209211,1209212,1209214,CVE-2023-23916,CVE-2023-27533,CVE-2023-27534,CVE-2023-27535,CVE-2023-27536,CVE-2023-27538 This update for curl fixes the following issues: - CVE-2023-27533: Fixed TELNET option IAC injection (bsc#1209209). - CVE-2023-27534: Fixed SFTP path ~ resolving discrepancy (bsc#1209210). - CVE-2023-27535: Fixed FTP too eager connection reuse (bsc#1209211). - CVE-2023-27536: Fixed GSS delegation too eager connection reuse (bsc#1209212). - CVE-2023-27538: Fixed SSH connection too eager reuse still (bsc#1209214). - CVE-2023-23916: Fixed HTTP multi-header compression denial of service (bsc#1207992). The following package changes have been done: - libcurl4-7.66.0-150200.4.52.1 updated From sle-updates at lists.suse.com Sun Apr 2 07:08:02 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 2 Apr 2023 09:08:02 +0200 (CEST) Subject: SUSE-CU-2023:896-1: Security update of suse/sle15 Message-ID: <20230402070802.3D677F36E@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:896-1 Container Tags : bci/bci-base:15.3 , bci/bci-base:15.3.17.20.118 , suse/sle15:15.3 , suse/sle15:15.3.17.20.118 Container Release : 17.20.118 Severity : moderate Type : security References : 1207571 1207957 1207975 1207992 1208358 1209209 1209210 1209211 1209212 1209214 CVE-2023-0687 CVE-2023-23916 CVE-2023-27533 CVE-2023-27534 CVE-2023-27535 CVE-2023-27536 CVE-2023-27538 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1711-1 Released: Fri Mar 31 13:33:04 2023 Summary: Security update for curl Type: security Severity: moderate References: 1207992,1209209,1209210,1209211,1209212,1209214,CVE-2023-23916,CVE-2023-27533,CVE-2023-27534,CVE-2023-27535,CVE-2023-27536,CVE-2023-27538 This update for curl fixes the following issues: - CVE-2023-27533: Fixed TELNET option IAC injection (bsc#1209209). - CVE-2023-27534: Fixed SFTP path ~ resolving discrepancy (bsc#1209210). - CVE-2023-27535: Fixed FTP too eager connection reuse (bsc#1209211). - CVE-2023-27536: Fixed GSS delegation too eager connection reuse (bsc#1209212). - CVE-2023-27538: Fixed SSH connection too eager reuse still (bsc#1209214). - CVE-2023-23916: Fixed HTTP multi-header compression denial of service (bsc#1207992). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1718-1 Released: Fri Mar 31 15:47:34 2023 Summary: Security update for glibc Type: security Severity: moderate References: 1207571,1207957,1207975,1208358,CVE-2023-0687 This update for glibc fixes the following issues: Security issue fixed: - CVE-2023-0687: Fix allocated buffer overflow in gmon (bsc#1207975) Other issues fixed: - Fix avx2 strncmp offset compare condition check (bsc#1208358) - elf: Allow dlopen of filter object to work (bsc#1207571) - powerpc: Fix unrecognized instruction errors with recent GCC - x86: Cache computation for AMD architecture (bsc#1207957) The following package changes have been done: - curl-7.66.0-150200.4.52.1 updated - glibc-2.31-150300.46.1 updated - libcurl4-7.66.0-150200.4.52.1 updated From sle-updates at lists.suse.com Sun Apr 2 07:08:52 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 2 Apr 2023 09:08:52 +0200 (CEST) Subject: SUSE-CU-2023:897-1: Security update of suse/389-ds Message-ID: <20230402070852.0B9F9F36E@maintenance.suse.de> SUSE Container Update Advisory: suse/389-ds ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:897-1 Container Tags : suse/389-ds:2.0 , suse/389-ds:2.0-20.22 , suse/389-ds:latest Container Release : 20.22 Severity : moderate Type : security References : 1207571 1207957 1207975 1208358 CVE-2023-0687 ----------------------------------------------------------------- The container suse/389-ds was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1718-1 Released: Fri Mar 31 15:47:34 2023 Summary: Security update for glibc Type: security Severity: moderate References: 1207571,1207957,1207975,1208358,CVE-2023-0687 This update for glibc fixes the following issues: Security issue fixed: - CVE-2023-0687: Fix allocated buffer overflow in gmon (bsc#1207975) Other issues fixed: - Fix avx2 strncmp offset compare condition check (bsc#1208358) - elf: Allow dlopen of filter object to work (bsc#1207571) - powerpc: Fix unrecognized instruction errors with recent GCC - x86: Cache computation for AMD architecture (bsc#1207957) The following package changes have been done: - glibc-2.31-150300.46.1 updated - container:sles15-image-15.0.0-27.14.47 updated From sle-updates at lists.suse.com Sun Apr 2 07:09:47 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 2 Apr 2023 09:09:47 +0200 (CEST) Subject: SUSE-CU-2023:898-1: Security update of bci/dotnet-aspnet Message-ID: <20230402070947.D0CF9F36E@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:898-1 Container Tags : bci/dotnet-aspnet:6.0 , bci/dotnet-aspnet:6.0-30.12 , bci/dotnet-aspnet:6.0.15 , bci/dotnet-aspnet:6.0.15-30.12 Container Release : 30.12 Severity : moderate Type : security References : 1207571 1207957 1207975 1208358 CVE-2023-0687 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1718-1 Released: Fri Mar 31 15:47:34 2023 Summary: Security update for glibc Type: security Severity: moderate References: 1207571,1207957,1207975,1208358,CVE-2023-0687 This update for glibc fixes the following issues: Security issue fixed: - CVE-2023-0687: Fix allocated buffer overflow in gmon (bsc#1207975) Other issues fixed: - Fix avx2 strncmp offset compare condition check (bsc#1208358) - elf: Allow dlopen of filter object to work (bsc#1207571) - powerpc: Fix unrecognized instruction errors with recent GCC - x86: Cache computation for AMD architecture (bsc#1207957) The following package changes have been done: - glibc-2.31-150300.46.1 updated - container:sles15-image-15.0.0-27.14.47 updated From sle-updates at lists.suse.com Sun Apr 2 07:09:55 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 2 Apr 2023 09:09:55 +0200 (CEST) Subject: SUSE-CU-2023:899-1: Security update of bci/dotnet-aspnet Message-ID: <20230402070955.71125F36E@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:899-1 Container Tags : bci/dotnet-aspnet:7.0 , bci/dotnet-aspnet:7.0-10.12 , bci/dotnet-aspnet:7.0.4 , bci/dotnet-aspnet:7.0.4-10.12 , bci/dotnet-aspnet:latest Container Release : 10.12 Severity : moderate Type : security References : 1207571 1207957 1207975 1208358 CVE-2023-0687 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1718-1 Released: Fri Mar 31 15:47:34 2023 Summary: Security update for glibc Type: security Severity: moderate References: 1207571,1207957,1207975,1208358,CVE-2023-0687 This update for glibc fixes the following issues: Security issue fixed: - CVE-2023-0687: Fix allocated buffer overflow in gmon (bsc#1207975) Other issues fixed: - Fix avx2 strncmp offset compare condition check (bsc#1208358) - elf: Allow dlopen of filter object to work (bsc#1207571) - powerpc: Fix unrecognized instruction errors with recent GCC - x86: Cache computation for AMD architecture (bsc#1207957) The following package changes have been done: - glibc-2.31-150300.46.1 updated - container:sles15-image-15.0.0-27.14.47 updated From sle-updates at lists.suse.com Sun Apr 2 07:10:06 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 2 Apr 2023 09:10:06 +0200 (CEST) Subject: SUSE-CU-2023:900-1: Security update of bci/bci-busybox Message-ID: <20230402071006.55022F36E@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-busybox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:900-1 Container Tags : bci/bci-busybox:15.4 , bci/bci-busybox:15.4.15.3 , bci/bci-busybox:latest Container Release : 15.3 Severity : moderate Type : security References : 1207571 1207957 1207975 1208358 CVE-2023-0687 ----------------------------------------------------------------- The container bci/bci-busybox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1718-1 Released: Fri Mar 31 15:47:34 2023 Summary: Security update for glibc Type: security Severity: moderate References: 1207571,1207957,1207975,1208358,CVE-2023-0687 This update for glibc fixes the following issues: Security issue fixed: - CVE-2023-0687: Fix allocated buffer overflow in gmon (bsc#1207975) Other issues fixed: - Fix avx2 strncmp offset compare condition check (bsc#1208358) - elf: Allow dlopen of filter object to work (bsc#1207571) - powerpc: Fix unrecognized instruction errors with recent GCC - x86: Cache computation for AMD architecture (bsc#1207957) The following package changes have been done: - glibc-2.31-150300.46.1 updated From sle-updates at lists.suse.com Sun Apr 2 07:10:16 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 2 Apr 2023 09:10:16 +0200 (CEST) Subject: SUSE-CU-2023:901-1: Security update of suse/registry Message-ID: <20230402071016.957CFF36E@maintenance.suse.de> SUSE Container Update Advisory: suse/registry ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:901-1 Container Tags : suse/registry:2.8 , suse/registry:2.8-6.13 , suse/registry:latest Container Release : 6.13 Severity : moderate Type : security References : 1207571 1207957 1207975 1208358 CVE-2023-0687 ----------------------------------------------------------------- The container suse/registry was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1718-1 Released: Fri Mar 31 15:47:34 2023 Summary: Security update for glibc Type: security Severity: moderate References: 1207571,1207957,1207975,1208358,CVE-2023-0687 This update for glibc fixes the following issues: Security issue fixed: - CVE-2023-0687: Fix allocated buffer overflow in gmon (bsc#1207975) Other issues fixed: - Fix avx2 strncmp offset compare condition check (bsc#1208358) - elf: Allow dlopen of filter object to work (bsc#1207571) - powerpc: Fix unrecognized instruction errors with recent GCC - x86: Cache computation for AMD architecture (bsc#1207957) The following package changes have been done: - glibc-2.31-150300.46.1 updated - container:micro-image-15.4.0-18.4 updated From sle-updates at lists.suse.com Sun Apr 2 07:11:19 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 2 Apr 2023 09:11:19 +0200 (CEST) Subject: SUSE-CU-2023:902-1: Security update of bci/dotnet-sdk Message-ID: <20230402071119.F3A86F36E@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:902-1 Container Tags : bci/dotnet-sdk:6.0 , bci/dotnet-sdk:6.0-32.15 , bci/dotnet-sdk:6.0.15 , bci/dotnet-sdk:6.0.15-32.15 Container Release : 32.15 Severity : moderate Type : security References : 1207571 1207957 1207975 1208358 CVE-2023-0687 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1718-1 Released: Fri Mar 31 15:47:34 2023 Summary: Security update for glibc Type: security Severity: moderate References: 1207571,1207957,1207975,1208358,CVE-2023-0687 This update for glibc fixes the following issues: Security issue fixed: - CVE-2023-0687: Fix allocated buffer overflow in gmon (bsc#1207975) Other issues fixed: - Fix avx2 strncmp offset compare condition check (bsc#1208358) - elf: Allow dlopen of filter object to work (bsc#1207571) - powerpc: Fix unrecognized instruction errors with recent GCC - x86: Cache computation for AMD architecture (bsc#1207957) The following package changes have been done: - glibc-2.31-150300.46.1 updated - container:sles15-image-15.0.0-27.14.47 updated From sle-updates at lists.suse.com Sun Apr 2 07:11:28 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 2 Apr 2023 09:11:28 +0200 (CEST) Subject: SUSE-CU-2023:903-1: Security update of bci/dotnet-sdk Message-ID: <20230402071128.63A35F36E@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:903-1 Container Tags : bci/dotnet-sdk:7.0 , bci/dotnet-sdk:7.0-10.15 , bci/dotnet-sdk:7.0.4 , bci/dotnet-sdk:7.0.4-10.15 , bci/dotnet-sdk:latest Container Release : 10.15 Severity : moderate Type : security References : 1207571 1207957 1207975 1208358 CVE-2023-0687 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1718-1 Released: Fri Mar 31 15:47:34 2023 Summary: Security update for glibc Type: security Severity: moderate References: 1207571,1207957,1207975,1208358,CVE-2023-0687 This update for glibc fixes the following issues: Security issue fixed: - CVE-2023-0687: Fix allocated buffer overflow in gmon (bsc#1207975) Other issues fixed: - Fix avx2 strncmp offset compare condition check (bsc#1208358) - elf: Allow dlopen of filter object to work (bsc#1207571) - powerpc: Fix unrecognized instruction errors with recent GCC - x86: Cache computation for AMD architecture (bsc#1207957) The following package changes have been done: - glibc-2.31-150300.46.1 updated - container:sles15-image-15.0.0-27.14.47 updated From sle-updates at lists.suse.com Sun Apr 2 07:12:23 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 2 Apr 2023 09:12:23 +0200 (CEST) Subject: SUSE-CU-2023:904-1: Security update of bci/dotnet-runtime Message-ID: <20230402071223.77D62F36E@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:904-1 Container Tags : bci/dotnet-runtime:6.0 , bci/dotnet-runtime:6.0-29.14 , bci/dotnet-runtime:6.0.15 , bci/dotnet-runtime:6.0.15-29.14 Container Release : 29.14 Severity : moderate Type : security References : 1207571 1207957 1207975 1208358 CVE-2023-0687 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1718-1 Released: Fri Mar 31 15:47:34 2023 Summary: Security update for glibc Type: security Severity: moderate References: 1207571,1207957,1207975,1208358,CVE-2023-0687 This update for glibc fixes the following issues: Security issue fixed: - CVE-2023-0687: Fix allocated buffer overflow in gmon (bsc#1207975) Other issues fixed: - Fix avx2 strncmp offset compare condition check (bsc#1208358) - elf: Allow dlopen of filter object to work (bsc#1207571) - powerpc: Fix unrecognized instruction errors with recent GCC - x86: Cache computation for AMD architecture (bsc#1207957) The following package changes have been done: - glibc-2.31-150300.46.1 updated - container:sles15-image-15.0.0-27.14.47 updated From sle-updates at lists.suse.com Sun Apr 2 07:12:29 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 2 Apr 2023 09:12:29 +0200 (CEST) Subject: SUSE-CU-2023:905-1: Security update of bci/dotnet-runtime Message-ID: <20230402071229.F376DF36E@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:905-1 Container Tags : bci/dotnet-runtime:7.0 , bci/dotnet-runtime:7.0-10.14 , bci/dotnet-runtime:7.0.4 , bci/dotnet-runtime:7.0.4-10.14 , bci/dotnet-runtime:latest Container Release : 10.14 Severity : moderate Type : security References : 1207571 1207957 1207975 1208358 CVE-2023-0687 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1718-1 Released: Fri Mar 31 15:47:34 2023 Summary: Security update for glibc Type: security Severity: moderate References: 1207571,1207957,1207975,1208358,CVE-2023-0687 This update for glibc fixes the following issues: Security issue fixed: - CVE-2023-0687: Fix allocated buffer overflow in gmon (bsc#1207975) Other issues fixed: - Fix avx2 strncmp offset compare condition check (bsc#1208358) - elf: Allow dlopen of filter object to work (bsc#1207571) - powerpc: Fix unrecognized instruction errors with recent GCC - x86: Cache computation for AMD architecture (bsc#1207957) The following package changes have been done: - glibc-2.31-150300.46.1 updated - container:sles15-image-15.0.0-27.14.47 updated From sle-updates at lists.suse.com Sun Apr 2 07:12:34 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 2 Apr 2023 09:12:34 +0200 (CEST) Subject: SUSE-CU-2023:906-1: Security update of bci/golang Message-ID: <20230402071234.3FEC6F36E@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:906-1 Container Tags : bci/golang:1.20 , bci/golang:1.20-2.16 , bci/golang:latest Container Release : 2.16 Severity : moderate Type : security References : 1207571 1207957 1207975 1208358 CVE-2023-0687 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1718-1 Released: Fri Mar 31 15:47:34 2023 Summary: Security update for glibc Type: security Severity: moderate References: 1207571,1207957,1207975,1208358,CVE-2023-0687 This update for glibc fixes the following issues: Security issue fixed: - CVE-2023-0687: Fix allocated buffer overflow in gmon (bsc#1207975) Other issues fixed: - Fix avx2 strncmp offset compare condition check (bsc#1208358) - elf: Allow dlopen of filter object to work (bsc#1207571) - powerpc: Fix unrecognized instruction errors with recent GCC - x86: Cache computation for AMD architecture (bsc#1207957) The following package changes have been done: - glibc-2.31-150300.46.1 updated - glibc-devel-2.31-150300.46.1 updated - container:sles15-image-15.0.0-27.14.47 updated From sle-updates at lists.suse.com Sun Apr 2 07:13:23 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 2 Apr 2023 09:13:23 +0200 (CEST) Subject: SUSE-CU-2023:907-1: Security update of bci/bci-init Message-ID: <20230402071323.B3DA9F36E@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:907-1 Container Tags : bci/bci-init:15.4 , bci/bci-init:15.4.26.21 , bci/bci-init:latest Container Release : 26.21 Severity : moderate Type : security References : 1207571 1207957 1207975 1208358 CVE-2023-0687 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1718-1 Released: Fri Mar 31 15:47:34 2023 Summary: Security update for glibc Type: security Severity: moderate References: 1207571,1207957,1207975,1208358,CVE-2023-0687 This update for glibc fixes the following issues: Security issue fixed: - CVE-2023-0687: Fix allocated buffer overflow in gmon (bsc#1207975) Other issues fixed: - Fix avx2 strncmp offset compare condition check (bsc#1208358) - elf: Allow dlopen of filter object to work (bsc#1207571) - powerpc: Fix unrecognized instruction errors with recent GCC - x86: Cache computation for AMD architecture (bsc#1207957) The following package changes have been done: - glibc-2.31-150300.46.1 updated - container:sles15-image-15.0.0-27.14.47 updated From sle-updates at lists.suse.com Sun Apr 2 07:13:37 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 2 Apr 2023 09:13:37 +0200 (CEST) Subject: SUSE-CU-2023:908-1: Security update of bci/bci-micro Message-ID: <20230402071337.A526AF36E@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-micro ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:908-1 Container Tags : bci/bci-micro:15.4 , bci/bci-micro:15.4.18.4 , bci/bci-micro:latest Container Release : 18.4 Severity : moderate Type : security References : 1207571 1207957 1207975 1208358 CVE-2023-0687 ----------------------------------------------------------------- The container bci/bci-micro was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1718-1 Released: Fri Mar 31 15:47:34 2023 Summary: Security update for glibc Type: security Severity: moderate References: 1207571,1207957,1207975,1208358,CVE-2023-0687 This update for glibc fixes the following issues: Security issue fixed: - CVE-2023-0687: Fix allocated buffer overflow in gmon (bsc#1207975) Other issues fixed: - Fix avx2 strncmp offset compare condition check (bsc#1208358) - elf: Allow dlopen of filter object to work (bsc#1207571) - powerpc: Fix unrecognized instruction errors with recent GCC - x86: Cache computation for AMD architecture (bsc#1207957) The following package changes have been done: - glibc-2.31-150300.46.1 updated From sle-updates at lists.suse.com Sun Apr 2 07:13:54 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 2 Apr 2023 09:13:54 +0200 (CEST) Subject: SUSE-CU-2023:909-1: Security update of bci/bci-minimal Message-ID: <20230402071354.60C61F36E@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-minimal ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:909-1 Container Tags : bci/bci-minimal:15.4 , bci/bci-minimal:15.4.18.12 , bci/bci-minimal:latest Container Release : 18.12 Severity : moderate Type : security References : 1207571 1207957 1207975 1208358 CVE-2023-0687 ----------------------------------------------------------------- The container bci/bci-minimal was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1718-1 Released: Fri Mar 31 15:47:34 2023 Summary: Security update for glibc Type: security Severity: moderate References: 1207571,1207957,1207975,1208358,CVE-2023-0687 This update for glibc fixes the following issues: Security issue fixed: - CVE-2023-0687: Fix allocated buffer overflow in gmon (bsc#1207975) Other issues fixed: - Fix avx2 strncmp offset compare condition check (bsc#1208358) - elf: Allow dlopen of filter object to work (bsc#1207571) - powerpc: Fix unrecognized instruction errors with recent GCC - x86: Cache computation for AMD architecture (bsc#1207957) The following package changes have been done: - glibc-2.31-150300.46.1 updated - container:micro-image-15.4.0-18.4 updated From sle-updates at lists.suse.com Sun Apr 2 07:14:41 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 2 Apr 2023 09:14:41 +0200 (CEST) Subject: SUSE-CU-2023:910-1: Security update of bci/nodejs Message-ID: <20230402071441.DC75BF36E@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:910-1 Container Tags : bci/node:14 , bci/node:14-37.21 , bci/nodejs:14 , bci/nodejs:14-37.21 Container Release : 37.21 Severity : moderate Type : security References : 1207571 1207957 1207975 1208358 CVE-2023-0687 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1718-1 Released: Fri Mar 31 15:47:34 2023 Summary: Security update for glibc Type: security Severity: moderate References: 1207571,1207957,1207975,1208358,CVE-2023-0687 This update for glibc fixes the following issues: Security issue fixed: - CVE-2023-0687: Fix allocated buffer overflow in gmon (bsc#1207975) Other issues fixed: - Fix avx2 strncmp offset compare condition check (bsc#1208358) - elf: Allow dlopen of filter object to work (bsc#1207571) - powerpc: Fix unrecognized instruction errors with recent GCC - x86: Cache computation for AMD architecture (bsc#1207957) The following package changes have been done: - glibc-2.31-150300.46.1 updated - container:sles15-image-15.0.0-27.14.47 updated From sle-updates at lists.suse.com Sun Apr 2 07:14:49 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 2 Apr 2023 09:14:49 +0200 (CEST) Subject: SUSE-CU-2023:911-1: Security update of bci/nodejs Message-ID: <20230402071449.E8AC3F36E@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:911-1 Container Tags : bci/node:18 , bci/node:18-3.19 , bci/node:latest , bci/nodejs:18 , bci/nodejs:18-3.19 , bci/nodejs:latest Container Release : 3.19 Severity : moderate Type : security References : 1203537 1207571 1207957 1207975 1208358 1209533 CVE-2022-4899 CVE-2023-0687 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1662-1 Released: Wed Mar 29 10:36:23 2023 Summary: Recommended update for patterns-base Type: recommended Severity: moderate References: 1203537 This update for patterns-base fixes the following issues: - change label of FIPS 140-2 to 140-3 to reflect our current certifications (bsc#1203537) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1688-1 Released: Wed Mar 29 18:19:10 2023 Summary: Security update for zstd Type: security Severity: moderate References: 1209533,CVE-2022-4899 This update for zstd fixes the following issues: - CVE-2022-4899: Fixed buffer overrun in util.c (bsc#1209533). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1718-1 Released: Fri Mar 31 15:47:34 2023 Summary: Security update for glibc Type: security Severity: moderate References: 1207571,1207957,1207975,1208358,CVE-2023-0687 This update for glibc fixes the following issues: Security issue fixed: - CVE-2023-0687: Fix allocated buffer overflow in gmon (bsc#1207975) Other issues fixed: - Fix avx2 strncmp offset compare condition check (bsc#1208358) - elf: Allow dlopen of filter object to work (bsc#1207571) - powerpc: Fix unrecognized instruction errors with recent GCC - x86: Cache computation for AMD architecture (bsc#1207957) The following package changes have been done: - glibc-2.31-150300.46.1 updated - libzstd1-1.5.0-150400.3.3.1 updated - patterns-base-fips-20200124-150400.20.4.1 updated - container:sles15-image-15.0.0-27.14.47 updated From sle-updates at lists.suse.com Sun Apr 2 07:15:53 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 2 Apr 2023 09:15:53 +0200 (CEST) Subject: SUSE-CU-2023:912-1: Security update of bci/openjdk-devel Message-ID: <20230402071553.EE37EF36E@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:912-1 Container Tags : bci/openjdk-devel:11 , bci/openjdk-devel:11-39.36 Container Release : 39.36 Severity : moderate Type : security References : 1207571 1207957 1207975 1208358 CVE-2023-0687 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1718-1 Released: Fri Mar 31 15:47:34 2023 Summary: Security update for glibc Type: security Severity: moderate References: 1207571,1207957,1207975,1208358,CVE-2023-0687 This update for glibc fixes the following issues: Security issue fixed: - CVE-2023-0687: Fix allocated buffer overflow in gmon (bsc#1207975) Other issues fixed: - Fix avx2 strncmp offset compare condition check (bsc#1208358) - elf: Allow dlopen of filter object to work (bsc#1207571) - powerpc: Fix unrecognized instruction errors with recent GCC - x86: Cache computation for AMD architecture (bsc#1207957) The following package changes have been done: - glibc-2.31-150300.46.1 updated - container:bci-openjdk-11-15.4.11-35.19 updated From sle-updates at lists.suse.com Sun Apr 2 07:16:46 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 2 Apr 2023 09:16:46 +0200 (CEST) Subject: SUSE-CU-2023:913-1: Security update of bci/openjdk Message-ID: <20230402071646.BF98CF36E@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:913-1 Container Tags : bci/openjdk:11 , bci/openjdk:11-35.19 Container Release : 35.19 Severity : moderate Type : security References : 1207571 1207957 1207975 1208358 CVE-2023-0687 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1718-1 Released: Fri Mar 31 15:47:34 2023 Summary: Security update for glibc Type: security Severity: moderate References: 1207571,1207957,1207975,1208358,CVE-2023-0687 This update for glibc fixes the following issues: Security issue fixed: - CVE-2023-0687: Fix allocated buffer overflow in gmon (bsc#1207975) Other issues fixed: - Fix avx2 strncmp offset compare condition check (bsc#1208358) - elf: Allow dlopen of filter object to work (bsc#1207571) - powerpc: Fix unrecognized instruction errors with recent GCC - x86: Cache computation for AMD architecture (bsc#1207957) The following package changes have been done: - glibc-2.31-150300.46.1 updated - container:sles15-image-15.0.0-27.14.47 updated From sle-updates at lists.suse.com Sun Apr 2 07:38:45 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 2 Apr 2023 09:38:45 +0200 (CEST) Subject: SUSE-CU-2023:913-1: Security update of bci/openjdk Message-ID: <20230402073845.44AFAF36E@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:913-1 Container Tags : bci/openjdk:11 , bci/openjdk:11-35.19 Container Release : 35.19 Severity : moderate Type : security References : 1207571 1207957 1207975 1208358 CVE-2023-0687 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1718-1 Released: Fri Mar 31 15:47:34 2023 Summary: Security update for glibc Type: security Severity: moderate References: 1207571,1207957,1207975,1208358,CVE-2023-0687 This update for glibc fixes the following issues: Security issue fixed: - CVE-2023-0687: Fix allocated buffer overflow in gmon (bsc#1207975) Other issues fixed: - Fix avx2 strncmp offset compare condition check (bsc#1208358) - elf: Allow dlopen of filter object to work (bsc#1207571) - powerpc: Fix unrecognized instruction errors with recent GCC - x86: Cache computation for AMD architecture (bsc#1207957) The following package changes have been done: - glibc-2.31-150300.46.1 updated - container:sles15-image-15.0.0-27.14.47 updated From sle-updates at lists.suse.com Sun Apr 2 07:39:08 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 2 Apr 2023 09:39:08 +0200 (CEST) Subject: SUSE-CU-2023:914-1: Security update of bci/openjdk-devel Message-ID: <20230402073908.98857F36E@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:914-1 Container Tags : bci/openjdk-devel:17 , bci/openjdk-devel:17-14.38 , bci/openjdk-devel:latest Container Release : 14.38 Severity : moderate Type : security References : 1207571 1207957 1207975 1208358 CVE-2023-0687 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1718-1 Released: Fri Mar 31 15:47:34 2023 Summary: Security update for glibc Type: security Severity: moderate References: 1207571,1207957,1207975,1208358,CVE-2023-0687 This update for glibc fixes the following issues: Security issue fixed: - CVE-2023-0687: Fix allocated buffer overflow in gmon (bsc#1207975) Other issues fixed: - Fix avx2 strncmp offset compare condition check (bsc#1208358) - elf: Allow dlopen of filter object to work (bsc#1207571) - powerpc: Fix unrecognized instruction errors with recent GCC - x86: Cache computation for AMD architecture (bsc#1207957) The following package changes have been done: - glibc-2.31-150300.46.1 updated - container:bci-openjdk-17-15.4.17-13.20 updated From sle-updates at lists.suse.com Sun Apr 2 07:39:26 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 2 Apr 2023 09:39:26 +0200 (CEST) Subject: SUSE-CU-2023:915-1: Security update of bci/openjdk Message-ID: <20230402073926.E642CF36E@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:915-1 Container Tags : bci/openjdk:17 , bci/openjdk:17-13.20 , bci/openjdk:latest Container Release : 13.20 Severity : moderate Type : security References : 1207571 1207957 1207975 1208358 CVE-2023-0687 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1718-1 Released: Fri Mar 31 15:47:34 2023 Summary: Security update for glibc Type: security Severity: moderate References: 1207571,1207957,1207975,1208358,CVE-2023-0687 This update for glibc fixes the following issues: Security issue fixed: - CVE-2023-0687: Fix allocated buffer overflow in gmon (bsc#1207975) Other issues fixed: - Fix avx2 strncmp offset compare condition check (bsc#1208358) - elf: Allow dlopen of filter object to work (bsc#1207571) - powerpc: Fix unrecognized instruction errors with recent GCC - x86: Cache computation for AMD architecture (bsc#1207957) The following package changes have been done: - glibc-2.31-150300.46.1 updated - container:sles15-image-15.0.0-27.14.47 updated From sle-updates at lists.suse.com Sun Apr 2 07:39:28 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 2 Apr 2023 09:39:28 +0200 (CEST) Subject: SUSE-CU-2023:916-1: Security update of bci/php-apache Message-ID: <20230402073928.EBCFBF36E@maintenance.suse.de> SUSE Container Update Advisory: bci/php-apache ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:916-1 Container Tags : bci/php-apache:8 , bci/php-apache:8-2.18 Container Release : 2.18 Severity : moderate Type : security References : 1207571 1207957 1207975 1208358 CVE-2023-0687 ----------------------------------------------------------------- The container bci/php-apache was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1718-1 Released: Fri Mar 31 15:47:34 2023 Summary: Security update for glibc Type: security Severity: moderate References: 1207571,1207957,1207975,1208358,CVE-2023-0687 This update for glibc fixes the following issues: Security issue fixed: - CVE-2023-0687: Fix allocated buffer overflow in gmon (bsc#1207975) Other issues fixed: - Fix avx2 strncmp offset compare condition check (bsc#1208358) - elf: Allow dlopen of filter object to work (bsc#1207571) - powerpc: Fix unrecognized instruction errors with recent GCC - x86: Cache computation for AMD architecture (bsc#1207957) The following package changes have been done: - glibc-2.31-150300.46.1 updated - container:sles15-image-15.0.0-27.14.47 updated From sle-updates at lists.suse.com Sun Apr 2 07:39:30 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 2 Apr 2023 09:39:30 +0200 (CEST) Subject: SUSE-CU-2023:917-1: Security update of bci/php-fpm Message-ID: <20230402073930.E38C5F36E@maintenance.suse.de> SUSE Container Update Advisory: bci/php-fpm ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:917-1 Container Tags : bci/php-fpm:8 , bci/php-fpm:8-2.17 Container Release : 2.17 Severity : moderate Type : security References : 1207571 1207957 1207975 1208358 CVE-2023-0687 ----------------------------------------------------------------- The container bci/php-fpm was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1718-1 Released: Fri Mar 31 15:47:34 2023 Summary: Security update for glibc Type: security Severity: moderate References: 1207571,1207957,1207975,1208358,CVE-2023-0687 This update for glibc fixes the following issues: Security issue fixed: - CVE-2023-0687: Fix allocated buffer overflow in gmon (bsc#1207975) Other issues fixed: - Fix avx2 strncmp offset compare condition check (bsc#1208358) - elf: Allow dlopen of filter object to work (bsc#1207571) - powerpc: Fix unrecognized instruction errors with recent GCC - x86: Cache computation for AMD architecture (bsc#1207957) The following package changes have been done: - glibc-2.31-150300.46.1 updated - container:sles15-image-15.0.0-27.14.47 updated From sle-updates at lists.suse.com Sun Apr 2 07:39:33 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 2 Apr 2023 09:39:33 +0200 (CEST) Subject: SUSE-CU-2023:918-1: Security update of bci/php Message-ID: <20230402073933.6B87AF36E@maintenance.suse.de> SUSE Container Update Advisory: bci/php ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:918-1 Container Tags : bci/php:8 , bci/php:8-2.17 Container Release : 2.17 Severity : moderate Type : security References : 1207571 1207957 1207975 1208358 CVE-2023-0687 ----------------------------------------------------------------- The container bci/php was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1718-1 Released: Fri Mar 31 15:47:34 2023 Summary: Security update for glibc Type: security Severity: moderate References: 1207571,1207957,1207975,1208358,CVE-2023-0687 This update for glibc fixes the following issues: Security issue fixed: - CVE-2023-0687: Fix allocated buffer overflow in gmon (bsc#1207975) Other issues fixed: - Fix avx2 strncmp offset compare condition check (bsc#1208358) - elf: Allow dlopen of filter object to work (bsc#1207571) - powerpc: Fix unrecognized instruction errors with recent GCC - x86: Cache computation for AMD architecture (bsc#1207957) The following package changes have been done: - glibc-2.31-150300.46.1 updated - container:sles15-image-15.0.0-27.14.47 updated From sle-updates at lists.suse.com Sun Apr 2 07:40:14 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 2 Apr 2023 09:40:14 +0200 (CEST) Subject: SUSE-CU-2023:919-1: Security update of bci/python Message-ID: <20230402074014.E9B08F36E@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:919-1 Container Tags : bci/python:3 , bci/python:3-12.17 , bci/python:3.10 , bci/python:3.10-12.17 , bci/python:latest Container Release : 12.17 Severity : moderate Type : security References : 1207571 1207957 1207975 1208358 CVE-2023-0687 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1718-1 Released: Fri Mar 31 15:47:34 2023 Summary: Security update for glibc Type: security Severity: moderate References: 1207571,1207957,1207975,1208358,CVE-2023-0687 This update for glibc fixes the following issues: Security issue fixed: - CVE-2023-0687: Fix allocated buffer overflow in gmon (bsc#1207975) Other issues fixed: - Fix avx2 strncmp offset compare condition check (bsc#1208358) - elf: Allow dlopen of filter object to work (bsc#1207571) - powerpc: Fix unrecognized instruction errors with recent GCC - x86: Cache computation for AMD architecture (bsc#1207957) The following package changes have been done: - glibc-2.31-150300.46.1 updated - container:sles15-image-15.0.0-27.14.47 updated From sle-updates at lists.suse.com Sun Apr 2 07:41:00 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 2 Apr 2023 09:41:00 +0200 (CEST) Subject: SUSE-CU-2023:920-1: Security update of bci/python Message-ID: <20230402074100.3F261F36E@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:920-1 Container Tags : bci/python:3 , bci/python:3-35.18 , bci/python:3.6 , bci/python:3.6-35.18 Container Release : 35.18 Severity : moderate Type : security References : 1207571 1207957 1207975 1208358 CVE-2023-0687 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1718-1 Released: Fri Mar 31 15:47:34 2023 Summary: Security update for glibc Type: security Severity: moderate References: 1207571,1207957,1207975,1208358,CVE-2023-0687 This update for glibc fixes the following issues: Security issue fixed: - CVE-2023-0687: Fix allocated buffer overflow in gmon (bsc#1207975) Other issues fixed: - Fix avx2 strncmp offset compare condition check (bsc#1208358) - elf: Allow dlopen of filter object to work (bsc#1207571) - powerpc: Fix unrecognized instruction errors with recent GCC - x86: Cache computation for AMD architecture (bsc#1207957) The following package changes have been done: - glibc-2.31-150300.46.1 updated - container:sles15-image-15.0.0-27.14.47 updated From sle-updates at lists.suse.com Sun Apr 2 07:41:42 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 2 Apr 2023 09:41:42 +0200 (CEST) Subject: SUSE-CU-2023:921-1: Security update of bci/ruby Message-ID: <20230402074142.85313F36E@maintenance.suse.de> SUSE Container Update Advisory: bci/ruby ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:921-1 Container Tags : bci/ruby:2 , bci/ruby:2-34.17 , bci/ruby:2.5 , bci/ruby:2.5-34.17 , bci/ruby:latest Container Release : 34.17 Severity : moderate Type : security References : 1207571 1207957 1207975 1208358 CVE-2023-0687 ----------------------------------------------------------------- The container bci/ruby was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1718-1 Released: Fri Mar 31 15:47:34 2023 Summary: Security update for glibc Type: security Severity: moderate References: 1207571,1207957,1207975,1208358,CVE-2023-0687 This update for glibc fixes the following issues: Security issue fixed: - CVE-2023-0687: Fix allocated buffer overflow in gmon (bsc#1207975) Other issues fixed: - Fix avx2 strncmp offset compare condition check (bsc#1208358) - elf: Allow dlopen of filter object to work (bsc#1207571) - powerpc: Fix unrecognized instruction errors with recent GCC - x86: Cache computation for AMD architecture (bsc#1207957) The following package changes have been done: - glibc-2.31-150300.46.1 updated - glibc-devel-2.31-150300.46.1 updated - container:sles15-image-15.0.0-27.14.47 updated From sle-updates at lists.suse.com Sun Apr 2 07:41:54 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 2 Apr 2023 09:41:54 +0200 (CEST) Subject: SUSE-CU-2023:922-1: Security update of bci/rust Message-ID: <20230402074154.CBB40F36E@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:922-1 Container Tags : bci/rust:1.66 , bci/rust:1.66-4.17 Container Release : 4.17 Severity : moderate Type : security References : 1207571 1207957 1207975 1208358 CVE-2023-0687 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1718-1 Released: Fri Mar 31 15:47:34 2023 Summary: Security update for glibc Type: security Severity: moderate References: 1207571,1207957,1207975,1208358,CVE-2023-0687 This update for glibc fixes the following issues: Security issue fixed: - CVE-2023-0687: Fix allocated buffer overflow in gmon (bsc#1207975) Other issues fixed: - Fix avx2 strncmp offset compare condition check (bsc#1208358) - elf: Allow dlopen of filter object to work (bsc#1207571) - powerpc: Fix unrecognized instruction errors with recent GCC - x86: Cache computation for AMD architecture (bsc#1207957) The following package changes have been done: - glibc-2.31-150300.46.1 updated - glibc-devel-2.31-150300.46.1 updated - container:sles15-image-15.0.0-27.14.47 updated From sle-updates at lists.suse.com Sun Apr 2 07:42:00 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 2 Apr 2023 09:42:00 +0200 (CEST) Subject: SUSE-CU-2023:923-1: Security update of bci/rust Message-ID: <20230402074200.C96B1F36E@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:923-1 Container Tags : bci/rust:1.67 , bci/rust:1.67-3.16 , bci/rust:latest Container Release : 3.16 Severity : moderate Type : security References : 1207571 1207957 1207975 1208358 CVE-2023-0687 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1718-1 Released: Fri Mar 31 15:47:34 2023 Summary: Security update for glibc Type: security Severity: moderate References: 1207571,1207957,1207975,1208358,CVE-2023-0687 This update for glibc fixes the following issues: Security issue fixed: - CVE-2023-0687: Fix allocated buffer overflow in gmon (bsc#1207975) Other issues fixed: - Fix avx2 strncmp offset compare condition check (bsc#1208358) - elf: Allow dlopen of filter object to work (bsc#1207571) - powerpc: Fix unrecognized instruction errors with recent GCC - x86: Cache computation for AMD architecture (bsc#1207957) The following package changes have been done: - glibc-2.31-150300.46.1 updated - glibc-devel-2.31-150300.46.1 updated - container:sles15-image-15.0.0-27.14.47 updated From sle-updates at lists.suse.com Sun Apr 2 07:42:36 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 2 Apr 2023 09:42:36 +0200 (CEST) Subject: SUSE-CU-2023:924-1: Security update of suse/sle15 Message-ID: <20230402074236.40D34F36E@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:924-1 Container Tags : bci/bci-base:15.4 , bci/bci-base:15.4.27.14.47 , suse/sle15:15.4 , suse/sle15:15.4.27.14.47 Container Release : 27.14.47 Severity : moderate Type : security References : 1207571 1207957 1207975 1208358 CVE-2023-0687 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1718-1 Released: Fri Mar 31 15:47:34 2023 Summary: Security update for glibc Type: security Severity: moderate References: 1207571,1207957,1207975,1208358,CVE-2023-0687 This update for glibc fixes the following issues: Security issue fixed: - CVE-2023-0687: Fix allocated buffer overflow in gmon (bsc#1207975) Other issues fixed: - Fix avx2 strncmp offset compare condition check (bsc#1208358) - elf: Allow dlopen of filter object to work (bsc#1207571) - powerpc: Fix unrecognized instruction errors with recent GCC - x86: Cache computation for AMD architecture (bsc#1207957) The following package changes have been done: - glibc-2.31-150300.46.1 updated From sle-updates at lists.suse.com Sun Apr 2 07:42:49 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 2 Apr 2023 09:42:49 +0200 (CEST) Subject: SUSE-CU-2023:925-1: Security update of bci/bci-busybox Message-ID: <20230402074249.D2169F36E@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-busybox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:925-1 Container Tags : bci/bci-busybox:15.5 , bci/bci-busybox:15.5.5.8 Container Release : 5.8 Severity : moderate Type : security References : 1207571 1207957 1207975 1208358 CVE-2023-0687 ----------------------------------------------------------------- The container bci/bci-busybox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1718-1 Released: Fri Mar 31 15:47:34 2023 Summary: Security update for glibc Type: security Severity: moderate References: 1207571,1207957,1207975,1208358,CVE-2023-0687 This update for glibc fixes the following issues: Security issue fixed: - CVE-2023-0687: Fix allocated buffer overflow in gmon (bsc#1207975) Other issues fixed: - Fix avx2 strncmp offset compare condition check (bsc#1208358) - elf: Allow dlopen of filter object to work (bsc#1207571) - powerpc: Fix unrecognized instruction errors with recent GCC - x86: Cache computation for AMD architecture (bsc#1207957) The following package changes have been done: - glibc-2.31-150300.46.1 updated - sles-release-15.5-150500.37.3 updated From sle-updates at lists.suse.com Sun Apr 2 07:43:05 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 2 Apr 2023 09:43:05 +0200 (CEST) Subject: SUSE-CU-2023:926-1: Security update of bci/bci-init Message-ID: <20230402074305.3D5E8F36E@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:926-1 Container Tags : bci/bci-init:15.5 , bci/bci-init:15.5.4.42 Container Release : 4.42 Severity : moderate Type : security References : 1207571 1207957 1207975 1208358 CVE-2023-0687 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1718-1 Released: Fri Mar 31 15:47:34 2023 Summary: Security update for glibc Type: security Severity: moderate References: 1207571,1207957,1207975,1208358,CVE-2023-0687 This update for glibc fixes the following issues: Security issue fixed: - CVE-2023-0687: Fix allocated buffer overflow in gmon (bsc#1207975) Other issues fixed: - Fix avx2 strncmp offset compare condition check (bsc#1208358) - elf: Allow dlopen of filter object to work (bsc#1207571) - powerpc: Fix unrecognized instruction errors with recent GCC - x86: Cache computation for AMD architecture (bsc#1207957) The following package changes have been done: - glibc-2.31-150300.46.1 updated - libz1-1.2.13-150500.1.14 updated - libuuid1-2.37.4-150500.7.8 updated - libsmartcols1-2.37.4-150500.7.8 updated - libblkid1-2.37.4-150500.7.8 updated - libgcrypt20-1.9.4-150500.10.13 updated - libgcrypt20-hmac-1.9.4-150500.10.13 updated - libfdisk1-2.37.4-150500.7.8 updated - libopenssl1_1-1.1.1l-150500.13.4 updated - libopenssl1_1-hmac-1.1.1l-150500.13.4 updated - libmount1-2.37.4-150500.7.8 updated - sles-release-15.5-150500.37.3 updated - util-linux-2.37.4-150500.7.8 updated - container:sles15-image-15.0.0-35.2.18 updated From sle-updates at lists.suse.com Sun Apr 2 07:43:17 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 2 Apr 2023 09:43:17 +0200 (CEST) Subject: SUSE-CU-2023:927-1: Security update of bci/bci-micro Message-ID: <20230402074317.1C5C2F36E@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-micro ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:927-1 Container Tags : bci/bci-micro:15.5 , bci/bci-micro:15.5.4.9 Container Release : 4.9 Severity : moderate Type : security References : 1207571 1207957 1207975 1208358 CVE-2023-0687 ----------------------------------------------------------------- The container bci/bci-micro was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1718-1 Released: Fri Mar 31 15:47:34 2023 Summary: Security update for glibc Type: security Severity: moderate References: 1207571,1207957,1207975,1208358,CVE-2023-0687 This update for glibc fixes the following issues: Security issue fixed: - CVE-2023-0687: Fix allocated buffer overflow in gmon (bsc#1207975) Other issues fixed: - Fix avx2 strncmp offset compare condition check (bsc#1208358) - elf: Allow dlopen of filter object to work (bsc#1207571) - powerpc: Fix unrecognized instruction errors with recent GCC - x86: Cache computation for AMD architecture (bsc#1207957) The following package changes have been done: - glibc-2.31-150300.46.1 updated - sles-release-15.5-150500.37.3 updated From sle-updates at lists.suse.com Sun Apr 2 07:43:29 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 2 Apr 2023 09:43:29 +0200 (CEST) Subject: SUSE-CU-2023:928-1: Security update of bci/bci-minimal Message-ID: <20230402074329.355EFF36E@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-minimal ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:928-1 Container Tags : bci/bci-minimal:15.5 , bci/bci-minimal:15.5.4.26 Container Release : 4.26 Severity : moderate Type : security References : 1207571 1207957 1207975 1208358 CVE-2023-0687 ----------------------------------------------------------------- The container bci/bci-minimal was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1718-1 Released: Fri Mar 31 15:47:34 2023 Summary: Security update for glibc Type: security Severity: moderate References: 1207571,1207957,1207975,1208358,CVE-2023-0687 This update for glibc fixes the following issues: Security issue fixed: - CVE-2023-0687: Fix allocated buffer overflow in gmon (bsc#1207975) Other issues fixed: - Fix avx2 strncmp offset compare condition check (bsc#1208358) - elf: Allow dlopen of filter object to work (bsc#1207571) - powerpc: Fix unrecognized instruction errors with recent GCC - x86: Cache computation for AMD architecture (bsc#1207957) The following package changes have been done: - glibc-2.31-150300.46.1 updated - libgcrypt20-1.9.4-150500.10.13 updated - libz1-1.2.13-150500.1.14 updated - sles-release-15.5-150500.37.3 updated - container:micro-image-15.5.0-4.9 updated From sle-updates at lists.suse.com Sun Apr 2 07:43:57 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 2 Apr 2023 09:43:57 +0200 (CEST) Subject: SUSE-CU-2023:929-1: Security update of suse/sle-micro/5.1/toolbox Message-ID: <20230402074357.9AB85F36E@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.1/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:929-1 Container Tags : suse/sle-micro/5.1/toolbox:11.1 , suse/sle-micro/5.1/toolbox:11.1-2.2.367 , suse/sle-micro/5.1/toolbox:latest Container Release : 2.2.367 Severity : moderate Type : security References : 1207571 1207957 1207975 1208358 CVE-2023-0687 ----------------------------------------------------------------- The container suse/sle-micro/5.1/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1718-1 Released: Fri Mar 31 15:47:34 2023 Summary: Security update for glibc Type: security Severity: moderate References: 1207571,1207957,1207975,1208358,CVE-2023-0687 This update for glibc fixes the following issues: Security issue fixed: - CVE-2023-0687: Fix allocated buffer overflow in gmon (bsc#1207975) Other issues fixed: - Fix avx2 strncmp offset compare condition check (bsc#1208358) - elf: Allow dlopen of filter object to work (bsc#1207571) - powerpc: Fix unrecognized instruction errors with recent GCC - x86: Cache computation for AMD architecture (bsc#1207957) The following package changes have been done: - glibc-locale-base-2.31-150300.46.1 updated - glibc-locale-2.31-150300.46.1 updated From sle-updates at lists.suse.com Sun Apr 2 07:45:23 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 2 Apr 2023 09:45:23 +0200 (CEST) Subject: SUSE-CU-2023:931-1: Security update of suse/sle-micro/5.2/toolbox Message-ID: <20230402074523.2CB32F36E@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.2/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:931-1 Container Tags : suse/sle-micro/5.2/toolbox:11.1 , suse/sle-micro/5.2/toolbox:11.1-6.2.189 , suse/sle-micro/5.2/toolbox:latest Container Release : 6.2.189 Severity : moderate Type : security References : 1207571 1207957 1207975 1208358 CVE-2023-0687 ----------------------------------------------------------------- The container suse/sle-micro/5.2/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1718-1 Released: Fri Mar 31 15:47:34 2023 Summary: Security update for glibc Type: security Severity: moderate References: 1207571,1207957,1207975,1208358,CVE-2023-0687 This update for glibc fixes the following issues: Security issue fixed: - CVE-2023-0687: Fix allocated buffer overflow in gmon (bsc#1207975) Other issues fixed: - Fix avx2 strncmp offset compare condition check (bsc#1208358) - elf: Allow dlopen of filter object to work (bsc#1207571) - powerpc: Fix unrecognized instruction errors with recent GCC - x86: Cache computation for AMD architecture (bsc#1207957) The following package changes have been done: - glibc-locale-base-2.31-150300.46.1 updated - glibc-locale-2.31-150300.46.1 updated From sle-updates at lists.suse.com Mon Apr 3 08:30:01 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 03 Apr 2023 08:30:01 -0000 Subject: SUSE-RU-2023:1723-1: moderate: Recommended update for google-cloud-sap-agent Message-ID: <168051060143.3049.2431633173829619566@smelt2.suse.de> # Recommended update for google-cloud-sap-agent Announcement ID: SUSE-RU-2023:1723-1 Rating: moderate References: Affected Products: * Public Cloud Module 15-SP2 * Public Cloud Module 15-SP1 * Public Cloud Module 15-SP3 * Public Cloud Module 15-SP4 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.0 * SUSE Manager Proxy 4.1 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.0 * SUSE Manager Retail Branch Server 4.1 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.0 * SUSE Manager Server 4.1 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 An update that contains one feature can now be installed. ## Description: This update for google-cloud-sap-agent fixes the following issues: * Initial build (jsc#PED-2879, jsc#PED-2921) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Public Cloud Module 15-SP1 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP1-2023-1723=1 * Public Cloud Module 15-SP2 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP2-2023-1723=1 * Public Cloud Module 15-SP3 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP3-2023-1723=1 * Public Cloud Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2023-1723=1 ## Package List: * Public Cloud Module 15-SP1 (aarch64 ppc64le s390x x86_64) * google-cloud-sap-agent-1.0-150100.3.3.1 * Public Cloud Module 15-SP2 (aarch64 ppc64le s390x x86_64) * google-cloud-sap-agent-1.0-150100.3.3.1 * Public Cloud Module 15-SP3 (aarch64 ppc64le s390x x86_64) * google-cloud-sap-agent-1.0-150100.3.3.1 * Public Cloud Module 15-SP4 (aarch64 ppc64le s390x x86_64) * google-cloud-sap-agent-1.0-150100.3.3.1 ## References: * https://jira.suse.com/browse/PED-2921 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Apr 3 08:30:02 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 03 Apr 2023 08:30:02 -0000 Subject: SUSE-RU-2023:1722-1: moderate: Recommended update for google-cloud-sap-agent Message-ID: <168051060260.3049.11513193865218945477@smelt2.suse.de> # Recommended update for google-cloud-sap-agent Announcement ID: SUSE-RU-2023:1722-1 Rating: moderate References: Affected Products: * Public Cloud Module 12 * SUSE Linux Enterprise High Performance Computing 12 SP2 * SUSE Linux Enterprise High Performance Computing 12 SP3 * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 * SUSE Linux Enterprise Server 12 SP1 * SUSE Linux Enterprise Server 12 SP2 * SUSE Linux Enterprise Server 12 SP3 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 * SUSE Linux Enterprise Server for SAP Applications 12 SP1 * SUSE Linux Enterprise Server for SAP Applications 12 SP2 * SUSE Linux Enterprise Server for SAP Applications 12 SP3 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that contains one feature can now be installed. ## Description: This update for google-cloud-sap-agent fixes the following issues: * Initial build (#jsc-PED-2879) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Public Cloud Module 12 zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2023-1722=1 ## Package List: * Public Cloud Module 12 (aarch64 ppc64le s390x x86_64) * google-cloud-sap-agent-1.0-6.3.1 ## References: * https://jira.suse.com/browse/PED-2921 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Apr 3 08:30:04 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 03 Apr 2023 08:30:04 -0000 Subject: SUSE-RU-2023:1721-1: low: Recommended update for sle-module-legacy-release Message-ID: <168051060447.3049.16502238509897133113@smelt2.suse.de> # Recommended update for sle-module-legacy-release Announcement ID: SUSE-RU-2023:1721-1 Rating: low References: * #1207980 Affected Products: * SUSE CaaS Platform 4.0 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 An update that has one recommended fix can now be installed. ## Description: This update for sle-module-legacy-release provides the following fix: * Adjust the EOL date for the product. (bsc#1207980) ## Patch Instructions: To install this SUSE Low update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-1721=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-1721=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. ## Package List: * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * sle-module-legacy-release-15.1-150100.117.3.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * sle-module-legacy-release-15.1-150100.117.3.1 * SUSE CaaS Platform 4.0 (x86_64) * sle-module-legacy-release-15.1-150100.117.3.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1207980 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Apr 3 12:30:02 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 03 Apr 2023 12:30:02 -0000 Subject: SUSE-SU-2023:1736-1: important: Security update for MozillaThunderbird Message-ID: <168052500275.21954.11245158238081952271@smelt2.suse.de> # Security update for MozillaThunderbird Announcement ID: SUSE-SU-2023:1736-1 Rating: important References: * #1209173 * #1209953 Cross-References: * CVE-2023-25751 * CVE-2023-25752 * CVE-2023-28162 * CVE-2023-28163 * CVE-2023-28164 * CVE-2023-28176 * CVE-2023-28427 CVSS scores: * CVE-2023-28427 ( SUSE ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H * CVE-2023-28427 ( NVD ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Workstation Extension 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 * SUSE Package Hub 15 15-SP4 An update that solves seven vulnerabilities can now be installed. ## Description: This update for MozillaThunderbird fixes the following issues: MFSA 2023-12 (bsc#1209953): * CVE-2023-28427: Matrix SDK bundled with Thunderbird vulnerable to denial-of- service attack (bmo#1822595) MFSA 2023-11 (bsc#1209173): * CVE-2023-25751: Incorrect code generation during JIT compilation (bmo#1814899). * CVE-2023-28164: URL being dragged from a removed cross-origin iframe into the same tab triggered navigation (bmo#1809122). * CVE-2023-28162: Invalid downcast in Worklets (bmo#1811327). * CVE-2023-25752: Potential out-of-bounds when accessing throttled streams (bmo#1811627). * CVE-2023-28163: Windows Save As dialog resolved environment variables (bmo#1817768) * CVE-2023-28176: Memory safety bugs fixed in Thunderbird 102.9 (bmo#1808352, bmo#1811637, bmo#1815904, bmo#1817442, bmo#1818674). Mozilla Thunderbird 102.9: * fixed: Notification about a sender's changed OpenPGP key was not immediately visible (bmo#1814003) * fixed: TLS Certificate Override dialog did not appear when retrieving messages via IMAP using "Get Messages" context menu (bmo#1816596) * fixed: Spellcheck dictionaries were missing from localized Thunderbird builds that should have included them (bmo#1818257) * fixed: Tooltips for "Show/Hide" calendar toggle did not display (bmo#1809557) * fixed: Various security fixes Mozilla Thunderbird 102.9.1: * fixed: Thunderbird was unable to open file URLs from command line (URLs beginning with "file://") (bmo#1816343) * fixed: Source strings for localized builds not uploaded to FTP as expected (bmo#1817086) * fixed: Visual and theme improvements (bmo#1821358, bmo#1822286) * fixed: Security fixes ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-1736=1 * SUSE Package Hub 15 15-SP4 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2023-1736=1 * SUSE Linux Enterprise Workstation Extension 15 SP4 zypper in -t patch SUSE-SLE-Product-WE-15-SP4-2023-1736=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * MozillaThunderbird-debugsource-102.9.1-150200.8.110.2 * MozillaThunderbird-debuginfo-102.9.1-150200.8.110.2 * MozillaThunderbird-translations-common-102.9.1-150200.8.110.2 * MozillaThunderbird-102.9.1-150200.8.110.2 * MozillaThunderbird-translations-other-102.9.1-150200.8.110.2 * SUSE Package Hub 15 15-SP4 (aarch64 ppc64le s390x) * MozillaThunderbird-debugsource-102.9.1-150200.8.110.2 * MozillaThunderbird-debuginfo-102.9.1-150200.8.110.2 * MozillaThunderbird-translations-common-102.9.1-150200.8.110.2 * MozillaThunderbird-102.9.1-150200.8.110.2 * MozillaThunderbird-translations-other-102.9.1-150200.8.110.2 * SUSE Linux Enterprise Workstation Extension 15 SP4 (x86_64) * MozillaThunderbird-debugsource-102.9.1-150200.8.110.2 * MozillaThunderbird-debuginfo-102.9.1-150200.8.110.2 * MozillaThunderbird-translations-common-102.9.1-150200.8.110.2 * MozillaThunderbird-102.9.1-150200.8.110.2 * MozillaThunderbird-translations-other-102.9.1-150200.8.110.2 ## References: * https://www.suse.com/security/cve/CVE-2023-25751.html * https://www.suse.com/security/cve/CVE-2023-25752.html * https://www.suse.com/security/cve/CVE-2023-28162.html * https://www.suse.com/security/cve/CVE-2023-28163.html * https://www.suse.com/security/cve/CVE-2023-28164.html * https://www.suse.com/security/cve/CVE-2023-28176.html * https://www.suse.com/security/cve/CVE-2023-28427.html * https://bugzilla.suse.com/show_bug.cgi?id=1209173 * https://bugzilla.suse.com/show_bug.cgi?id=1209953 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Apr 3 12:30:08 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 03 Apr 2023 12:30:08 -0000 Subject: SUSE-RU-2023:1735-1: important: Recommended update for nvme-cli Message-ID: <168052500839.21954.5794287869839875289@smelt2.suse.de> # Recommended update for nvme-cli Announcement ID: SUSE-RU-2023:1735-1 Rating: important References: * #1186689 * #1207435 * #1208001 * #1208075 * #1209550 * #1209564 Affected Products: * Basesystem Module 15-SP4 * openSUSE Leap 15.4 * openSUSE Leap Micro 5.3 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has six recommended fixes can now be installed. ## Description: This update for nvme-cli fixes the following issues: * Switch from quilt based to git based maintenance * Sanitize traddr and trsvcid avoid buffer overrun (bsc#1207435) * Extend udev rule to pass --host-interface argument to nvme-cli (bsc#1208001) * Build documentation to be up to date * Fix build warning (git-fixes) * Improvements for supported-log-pages (bsc#1209550) * Fix read command (bsc#1209564) * Fix mounting filesystems via fstab (bsc#1208075) * Allow tracking unique discover controllers (bsc#1186689) ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-1735=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-1735=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-1735=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-1735=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-1735=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-1735=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-1735=1 ## Package List: * openSUSE Leap Micro 5.3 (aarch64 x86_64) * nvme-cli-debuginfo-2.0+30.g86f82c58cb97-150400.3.15.1 * libnvme1-debuginfo-1.0+28.g0e21f3af122a-150400.3.18.1 * libnvme1-1.0+28.g0e21f3af122a-150400.3.18.1 * libnvme-debuginfo-1.0+28.g0e21f3af122a-150400.3.18.1 * nvme-cli-2.0+30.g86f82c58cb97-150400.3.15.1 * nvme-cli-debugsource-2.0+30.g86f82c58cb97-150400.3.15.1 * libnvme-debugsource-1.0+28.g0e21f3af122a-150400.3.18.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * nvme-cli-debuginfo-2.0+30.g86f82c58cb97-150400.3.15.1 * nvme-cli-regress-script-2.0+30.g86f82c58cb97-150400.3.15.1 * libnvme1-debuginfo-1.0+28.g0e21f3af122a-150400.3.18.1 * libnvme-devel-1.0+28.g0e21f3af122a-150400.3.18.1 * nvme-cli-zsh-completion-2.0+30.g86f82c58cb97-150400.3.15.1 * python3-libnvme-debuginfo-1.0+28.g0e21f3af122a-150400.3.18.1 * nvme-cli-bash-completion-2.0+30.g86f82c58cb97-150400.3.15.1 * libnvme1-1.0+28.g0e21f3af122a-150400.3.18.1 * libnvme-debuginfo-1.0+28.g0e21f3af122a-150400.3.18.1 * nvme-cli-2.0+30.g86f82c58cb97-150400.3.15.1 * nvme-cli-debugsource-2.0+30.g86f82c58cb97-150400.3.15.1 * libnvme-debugsource-1.0+28.g0e21f3af122a-150400.3.18.1 * python3-libnvme-1.0+28.g0e21f3af122a-150400.3.18.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * nvme-cli-debuginfo-2.0+30.g86f82c58cb97-150400.3.15.1 * libnvme1-debuginfo-1.0+28.g0e21f3af122a-150400.3.18.1 * libnvme1-1.0+28.g0e21f3af122a-150400.3.18.1 * libnvme-debuginfo-1.0+28.g0e21f3af122a-150400.3.18.1 * nvme-cli-2.0+30.g86f82c58cb97-150400.3.15.1 * nvme-cli-debugsource-2.0+30.g86f82c58cb97-150400.3.15.1 * libnvme-debugsource-1.0+28.g0e21f3af122a-150400.3.18.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * nvme-cli-debuginfo-2.0+30.g86f82c58cb97-150400.3.15.1 * libnvme1-debuginfo-1.0+28.g0e21f3af122a-150400.3.18.1 * libnvme1-1.0+28.g0e21f3af122a-150400.3.18.1 * libnvme-debuginfo-1.0+28.g0e21f3af122a-150400.3.18.1 * nvme-cli-2.0+30.g86f82c58cb97-150400.3.15.1 * nvme-cli-debugsource-2.0+30.g86f82c58cb97-150400.3.15.1 * libnvme-debugsource-1.0+28.g0e21f3af122a-150400.3.18.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * nvme-cli-debuginfo-2.0+30.g86f82c58cb97-150400.3.15.1 * libnvme1-debuginfo-1.0+28.g0e21f3af122a-150400.3.18.1 * libnvme1-1.0+28.g0e21f3af122a-150400.3.18.1 * libnvme-debuginfo-1.0+28.g0e21f3af122a-150400.3.18.1 * nvme-cli-2.0+30.g86f82c58cb97-150400.3.15.1 * nvme-cli-debugsource-2.0+30.g86f82c58cb97-150400.3.15.1 * libnvme-debugsource-1.0+28.g0e21f3af122a-150400.3.18.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * nvme-cli-debuginfo-2.0+30.g86f82c58cb97-150400.3.15.1 * libnvme1-debuginfo-1.0+28.g0e21f3af122a-150400.3.18.1 * libnvme1-1.0+28.g0e21f3af122a-150400.3.18.1 * libnvme-debuginfo-1.0+28.g0e21f3af122a-150400.3.18.1 * nvme-cli-2.0+30.g86f82c58cb97-150400.3.15.1 * nvme-cli-debugsource-2.0+30.g86f82c58cb97-150400.3.15.1 * libnvme-debugsource-1.0+28.g0e21f3af122a-150400.3.18.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * nvme-cli-debuginfo-2.0+30.g86f82c58cb97-150400.3.15.1 * libnvme1-debuginfo-1.0+28.g0e21f3af122a-150400.3.18.1 * libnvme-devel-1.0+28.g0e21f3af122a-150400.3.18.1 * nvme-cli-zsh-completion-2.0+30.g86f82c58cb97-150400.3.15.1 * python3-libnvme-debuginfo-1.0+28.g0e21f3af122a-150400.3.18.1 * nvme-cli-bash-completion-2.0+30.g86f82c58cb97-150400.3.15.1 * libnvme1-1.0+28.g0e21f3af122a-150400.3.18.1 * libnvme-debuginfo-1.0+28.g0e21f3af122a-150400.3.18.1 * nvme-cli-2.0+30.g86f82c58cb97-150400.3.15.1 * nvme-cli-debugsource-2.0+30.g86f82c58cb97-150400.3.15.1 * libnvme-debugsource-1.0+28.g0e21f3af122a-150400.3.18.1 * python3-libnvme-1.0+28.g0e21f3af122a-150400.3.18.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1186689 * https://bugzilla.suse.com/show_bug.cgi?id=1207435 * https://bugzilla.suse.com/show_bug.cgi?id=1208001 * https://bugzilla.suse.com/show_bug.cgi?id=1208075 * https://bugzilla.suse.com/show_bug.cgi?id=1209550 * https://bugzilla.suse.com/show_bug.cgi?id=1209564 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Apr 3 12:30:10 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 03 Apr 2023 12:30:10 -0000 Subject: SUSE-SU-2023:1734-1: moderate: Security update for ImageMagick Message-ID: <168052501005.21954.3453117289349854476@smelt2.suse.de> # Security update for ImageMagick Announcement ID: SUSE-SU-2023:1734-1 Rating: moderate References: * #1209141 Cross-References: * CVE-2023-1289 CVSS scores: * CVE-2023-1289 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-1289 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 * SUSE Linux Enterprise Workstation Extension 12 12-SP5 An update that solves one vulnerability can now be installed. ## Description: This update for ImageMagick fixes the following issues: * CVE-2023-1289: Fixed segmentation fault and possible DoS via specially crafted SVG. (bsc#1209141) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-1734=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-1734=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-1734=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-1734=1 * SUSE Linux Enterprise Workstation Extension 12 12-SP5 zypper in -t patch SUSE-SLE-WE-12-SP5-2023-1734=1 ## Package List: * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * ImageMagick-debuginfo-6.8.8.1-71.186.1 * libMagick++-6_Q16-3-6.8.8.1-71.186.1 * ImageMagick-devel-6.8.8.1-71.186.1 * ImageMagick-6.8.8.1-71.186.1 * ImageMagick-debugsource-6.8.8.1-71.186.1 * libMagick++-6_Q16-3-debuginfo-6.8.8.1-71.186.1 * perl-PerlMagick-debuginfo-6.8.8.1-71.186.1 * ImageMagick-config-6-upstream-6.8.8.1-71.186.1 * ImageMagick-config-6-SUSE-6.8.8.1-71.186.1 * libMagick++-devel-6.8.8.1-71.186.1 * perl-PerlMagick-6.8.8.1-71.186.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * ImageMagick-debuginfo-6.8.8.1-71.186.1 * ImageMagick-debugsource-6.8.8.1-71.186.1 * libMagickCore-6_Q16-1-debuginfo-6.8.8.1-71.186.1 * libMagickCore-6_Q16-1-6.8.8.1-71.186.1 * libMagickWand-6_Q16-1-6.8.8.1-71.186.1 * ImageMagick-config-6-upstream-6.8.8.1-71.186.1 * ImageMagick-config-6-SUSE-6.8.8.1-71.186.1 * libMagickWand-6_Q16-1-debuginfo-6.8.8.1-71.186.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * ImageMagick-debuginfo-6.8.8.1-71.186.1 * ImageMagick-debugsource-6.8.8.1-71.186.1 * libMagickCore-6_Q16-1-debuginfo-6.8.8.1-71.186.1 * libMagickCore-6_Q16-1-6.8.8.1-71.186.1 * libMagickWand-6_Q16-1-6.8.8.1-71.186.1 * ImageMagick-config-6-upstream-6.8.8.1-71.186.1 * ImageMagick-config-6-SUSE-6.8.8.1-71.186.1 * libMagickWand-6_Q16-1-debuginfo-6.8.8.1-71.186.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * ImageMagick-debuginfo-6.8.8.1-71.186.1 * ImageMagick-debugsource-6.8.8.1-71.186.1 * libMagickCore-6_Q16-1-debuginfo-6.8.8.1-71.186.1 * libMagickCore-6_Q16-1-6.8.8.1-71.186.1 * libMagickWand-6_Q16-1-6.8.8.1-71.186.1 * ImageMagick-config-6-upstream-6.8.8.1-71.186.1 * ImageMagick-config-6-SUSE-6.8.8.1-71.186.1 * libMagickWand-6_Q16-1-debuginfo-6.8.8.1-71.186.1 * SUSE Linux Enterprise Workstation Extension 12 12-SP5 (x86_64) * libMagickCore-6_Q16-1-32bit-6.8.8.1-71.186.1 * libMagickCore-6_Q16-1-debuginfo-32bit-6.8.8.1-71.186.1 * ImageMagick-debuginfo-6.8.8.1-71.186.1 * libMagick++-6_Q16-3-6.8.8.1-71.186.1 * ImageMagick-6.8.8.1-71.186.1 * ImageMagick-debugsource-6.8.8.1-71.186.1 * libMagick++-6_Q16-3-debuginfo-6.8.8.1-71.186.1 ## References: * https://www.suse.com/security/cve/CVE-2023-1289.html * https://bugzilla.suse.com/show_bug.cgi?id=1209141 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Apr 3 12:30:12 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 03 Apr 2023 12:30:12 -0000 Subject: SUSE-SU-2023:1733-1: moderate: Security update for ImageMagick Message-ID: <168052501206.21954.15477309505826518809@smelt2.suse.de> # Security update for ImageMagick Announcement ID: SUSE-SU-2023:1733-1 Rating: moderate References: * #1209141 Cross-References: * CVE-2023-1289 CVSS scores: * CVE-2023-1289 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-1289 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: * Desktop Applications Module 15-SP4 * Development Tools Module 15-SP4 * openSUSE Leap 15.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves one vulnerability can now be installed. ## Description: This update for ImageMagick fixes the following issues: * CVE-2023-1289: Fixed segmentation fault and possible DoS via specially crafted SVG. (bsc#1209141) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-1733=1 * Desktop Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2023-1733=1 * Development Tools Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-1733=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * ImageMagick-debugsource-7.1.0.9-150400.6.15.1 * libMagickCore-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.15.1 * libMagickWand-7_Q16HDRI10-7.1.0.9-150400.6.15.1 * perl-PerlMagick-debuginfo-7.1.0.9-150400.6.15.1 * libMagick++-7_Q16HDRI5-debuginfo-7.1.0.9-150400.6.15.1 * libMagickCore-7_Q16HDRI10-7.1.0.9-150400.6.15.1 * ImageMagick-devel-7.1.0.9-150400.6.15.1 * libMagickWand-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.15.1 * ImageMagick-debuginfo-7.1.0.9-150400.6.15.1 * ImageMagick-extra-debuginfo-7.1.0.9-150400.6.15.1 * libMagick++-devel-7.1.0.9-150400.6.15.1 * ImageMagick-config-7-SUSE-7.1.0.9-150400.6.15.1 * ImageMagick-config-7-upstream-7.1.0.9-150400.6.15.1 * libMagick++-7_Q16HDRI5-7.1.0.9-150400.6.15.1 * ImageMagick-extra-7.1.0.9-150400.6.15.1 * perl-PerlMagick-7.1.0.9-150400.6.15.1 * ImageMagick-7.1.0.9-150400.6.15.1 * openSUSE Leap 15.4 (x86_64) * libMagickCore-7_Q16HDRI10-32bit-7.1.0.9-150400.6.15.1 * libMagickWand-7_Q16HDRI10-32bit-7.1.0.9-150400.6.15.1 * libMagick++-7_Q16HDRI5-32bit-7.1.0.9-150400.6.15.1 * libMagickCore-7_Q16HDRI10-32bit-debuginfo-7.1.0.9-150400.6.15.1 * ImageMagick-devel-32bit-7.1.0.9-150400.6.15.1 * libMagick++-7_Q16HDRI5-32bit-debuginfo-7.1.0.9-150400.6.15.1 * libMagickWand-7_Q16HDRI10-32bit-debuginfo-7.1.0.9-150400.6.15.1 * libMagick++-devel-32bit-7.1.0.9-150400.6.15.1 * openSUSE Leap 15.4 (noarch) * ImageMagick-doc-7.1.0.9-150400.6.15.1 * Desktop Applications Module 15-SP4 (aarch64 ppc64le s390x x86_64) * ImageMagick-debugsource-7.1.0.9-150400.6.15.1 * libMagickCore-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.15.1 * libMagickWand-7_Q16HDRI10-7.1.0.9-150400.6.15.1 * libMagick++-7_Q16HDRI5-debuginfo-7.1.0.9-150400.6.15.1 * libMagickCore-7_Q16HDRI10-7.1.0.9-150400.6.15.1 * ImageMagick-devel-7.1.0.9-150400.6.15.1 * ImageMagick-debuginfo-7.1.0.9-150400.6.15.1 * libMagick++-devel-7.1.0.9-150400.6.15.1 * ImageMagick-config-7-SUSE-7.1.0.9-150400.6.15.1 * ImageMagick-config-7-upstream-7.1.0.9-150400.6.15.1 * libMagick++-7_Q16HDRI5-7.1.0.9-150400.6.15.1 * libMagickWand-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.15.1 * ImageMagick-7.1.0.9-150400.6.15.1 * Development Tools Module 15-SP4 (aarch64 ppc64le s390x x86_64) * perl-PerlMagick-debuginfo-7.1.0.9-150400.6.15.1 * ImageMagick-debugsource-7.1.0.9-150400.6.15.1 * perl-PerlMagick-7.1.0.9-150400.6.15.1 * ImageMagick-debuginfo-7.1.0.9-150400.6.15.1 ## References: * https://www.suse.com/security/cve/CVE-2023-1289.html * https://bugzilla.suse.com/show_bug.cgi?id=1209141 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Apr 3 12:30:13 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 03 Apr 2023 12:30:13 -0000 Subject: SUSE-RU-2023:1732-1: low: Recommended update for google-noto-sans-cjk-fonts Message-ID: <168052501387.21954.2624524369091290363@smelt2.suse.de> # Recommended update for google-noto-sans-cjk-fonts Announcement ID: SUSE-RU-2023:1732-1 Rating: low References: * #1203741 Affected Products: * Basesystem Module 15-SP4 * openSUSE Leap 15.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has one recommended fix can now be installed. ## Description: This update for google-noto-sans-cjk-fonts fixes the following issues: * Solved a "Fails to Build From Source" (FTBFS) issue. (bsc#1203741) * Use '%license' to store OFL license text instead of '%doc' ## Patch Instructions: To install this SUSE Low update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-1732=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-1732=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-1732=1 ## Package List: * openSUSE Leap 15.4 (noarch) * noto-sans-sc-light-fonts-20170403-150200.10.3.1 * noto-sans-sc-fonts-20170403-150200.10.3.1 * noto-sans-jp-regular-fonts-20170403-150200.10.3.1 * noto-sans-kr-thin-fonts-20170403-150200.10.3.1 * noto-sans-jp-light-fonts-20170403-150200.10.3.1 * noto-sans-sc-fonts-full-20170403-150200.10.3.1 * noto-sans-sc-regular-fonts-20170403-150200.10.3.1 * noto-sans-kr-black-fonts-20170403-150200.10.3.1 * noto-sans-sc-medium-fonts-20170403-150200.10.3.1 * noto-sans-kr-fonts-full-20170403-150200.10.3.1 * noto-sans-tc-black-fonts-20170403-150200.10.3.1 * noto-sans-cjk-fonts-20170403-150200.10.3.1 * noto-sans-jp-mono-fonts-20170403-150200.10.3.1 * noto-sans-sc-black-fonts-20170403-150200.10.3.1 * noto-sans-jp-fonts-20170403-150200.10.3.1 * noto-sans-jp-bold-fonts-20170403-150200.10.3.1 * noto-sans-sc-bold-fonts-20170403-150200.10.3.1 * noto-sans-sc-thin-fonts-20170403-150200.10.3.1 * noto-sans-tc-mono-fonts-20170403-150200.10.3.1 * noto-sans-jp-fonts-full-20170403-150200.10.3.1 * noto-sans-tc-fonts-20170403-150200.10.3.1 * noto-sans-jp-medium-fonts-20170403-150200.10.3.1 * noto-sans-tc-light-fonts-20170403-150200.10.3.1 * noto-sans-sc-mono-fonts-20170403-150200.10.3.1 * noto-sans-tc-medium-fonts-20170403-150200.10.3.1 * noto-sans-jp-black-fonts-20170403-150200.10.3.1 * noto-sans-kr-medium-fonts-20170403-150200.10.3.1 * noto-sans-tc-bold-fonts-20170403-150200.10.3.1 * noto-sans-sc-demilight-fonts-20170403-150200.10.3.1 * noto-sans-kr-regular-fonts-20170403-150200.10.3.1 * noto-sans-kr-bold-fonts-20170403-150200.10.3.1 * noto-sans-jp-thin-fonts-20170403-150200.10.3.1 * noto-sans-kr-demilight-fonts-20170403-150200.10.3.1 * noto-sans-tc-fonts-full-20170403-150200.10.3.1 * noto-sans-kr-mono-fonts-20170403-150200.10.3.1 * noto-sans-tc-demilight-fonts-20170403-150200.10.3.1 * noto-sans-tc-thin-fonts-20170403-150200.10.3.1 * noto-sans-kr-fonts-20170403-150200.10.3.1 * noto-sans-jp-demilight-fonts-20170403-150200.10.3.1 * noto-sans-tc-regular-fonts-20170403-150200.10.3.1 * noto-sans-kr-light-fonts-20170403-150200.10.3.1 * Basesystem Module 15-SP4 (noarch) * noto-sans-sc-light-fonts-20170403-150200.10.3.1 * noto-sans-sc-fonts-20170403-150200.10.3.1 * noto-sans-jp-regular-fonts-20170403-150200.10.3.1 * noto-sans-kr-thin-fonts-20170403-150200.10.3.1 * noto-sans-jp-light-fonts-20170403-150200.10.3.1 * noto-sans-sc-fonts-full-20170403-150200.10.3.1 * noto-sans-sc-regular-fonts-20170403-150200.10.3.1 * noto-sans-kr-black-fonts-20170403-150200.10.3.1 * noto-sans-sc-medium-fonts-20170403-150200.10.3.1 * noto-sans-kr-fonts-full-20170403-150200.10.3.1 * noto-sans-tc-black-fonts-20170403-150200.10.3.1 * noto-sans-cjk-fonts-20170403-150200.10.3.1 * noto-sans-jp-mono-fonts-20170403-150200.10.3.1 * noto-sans-sc-black-fonts-20170403-150200.10.3.1 * noto-sans-jp-fonts-20170403-150200.10.3.1 * noto-sans-jp-bold-fonts-20170403-150200.10.3.1 * noto-sans-sc-bold-fonts-20170403-150200.10.3.1 * noto-sans-sc-thin-fonts-20170403-150200.10.3.1 * noto-sans-tc-mono-fonts-20170403-150200.10.3.1 * noto-sans-jp-fonts-full-20170403-150200.10.3.1 * noto-sans-tc-fonts-20170403-150200.10.3.1 * noto-sans-jp-medium-fonts-20170403-150200.10.3.1 * noto-sans-tc-light-fonts-20170403-150200.10.3.1 * noto-sans-sc-mono-fonts-20170403-150200.10.3.1 * noto-sans-tc-medium-fonts-20170403-150200.10.3.1 * noto-sans-jp-black-fonts-20170403-150200.10.3.1 * noto-sans-kr-medium-fonts-20170403-150200.10.3.1 * noto-sans-tc-bold-fonts-20170403-150200.10.3.1 * noto-sans-sc-demilight-fonts-20170403-150200.10.3.1 * noto-sans-kr-regular-fonts-20170403-150200.10.3.1 * noto-sans-kr-bold-fonts-20170403-150200.10.3.1 * noto-sans-jp-thin-fonts-20170403-150200.10.3.1 * noto-sans-kr-demilight-fonts-20170403-150200.10.3.1 * noto-sans-tc-fonts-full-20170403-150200.10.3.1 * noto-sans-kr-mono-fonts-20170403-150200.10.3.1 * noto-sans-tc-demilight-fonts-20170403-150200.10.3.1 * noto-sans-tc-thin-fonts-20170403-150200.10.3.1 * noto-sans-kr-fonts-20170403-150200.10.3.1 * noto-sans-jp-demilight-fonts-20170403-150200.10.3.1 * noto-sans-tc-regular-fonts-20170403-150200.10.3.1 * noto-sans-kr-light-fonts-20170403-150200.10.3.1 * SUSE Linux Enterprise Real Time 15 SP3 (noarch) * noto-sans-sc-light-fonts-20170403-150200.10.3.1 * noto-sans-sc-fonts-20170403-150200.10.3.1 * noto-sans-jp-regular-fonts-20170403-150200.10.3.1 * noto-sans-kr-thin-fonts-20170403-150200.10.3.1 * noto-sans-jp-light-fonts-20170403-150200.10.3.1 * noto-sans-sc-fonts-full-20170403-150200.10.3.1 * noto-sans-sc-regular-fonts-20170403-150200.10.3.1 * noto-sans-kr-black-fonts-20170403-150200.10.3.1 * noto-sans-sc-medium-fonts-20170403-150200.10.3.1 * noto-sans-kr-fonts-full-20170403-150200.10.3.1 * noto-sans-tc-black-fonts-20170403-150200.10.3.1 * noto-sans-cjk-fonts-20170403-150200.10.3.1 * noto-sans-jp-mono-fonts-20170403-150200.10.3.1 * noto-sans-sc-black-fonts-20170403-150200.10.3.1 * noto-sans-jp-fonts-20170403-150200.10.3.1 * noto-sans-jp-bold-fonts-20170403-150200.10.3.1 * noto-sans-sc-bold-fonts-20170403-150200.10.3.1 * noto-sans-sc-thin-fonts-20170403-150200.10.3.1 * noto-sans-tc-mono-fonts-20170403-150200.10.3.1 * noto-sans-jp-fonts-full-20170403-150200.10.3.1 * noto-sans-tc-fonts-20170403-150200.10.3.1 * noto-sans-jp-medium-fonts-20170403-150200.10.3.1 * noto-sans-tc-light-fonts-20170403-150200.10.3.1 * noto-sans-sc-mono-fonts-20170403-150200.10.3.1 * noto-sans-tc-medium-fonts-20170403-150200.10.3.1 * noto-sans-jp-black-fonts-20170403-150200.10.3.1 * noto-sans-kr-medium-fonts-20170403-150200.10.3.1 * noto-sans-tc-bold-fonts-20170403-150200.10.3.1 * noto-sans-sc-demilight-fonts-20170403-150200.10.3.1 * noto-sans-kr-regular-fonts-20170403-150200.10.3.1 * noto-sans-kr-bold-fonts-20170403-150200.10.3.1 * noto-sans-jp-thin-fonts-20170403-150200.10.3.1 * noto-sans-kr-demilight-fonts-20170403-150200.10.3.1 * noto-sans-tc-fonts-full-20170403-150200.10.3.1 * noto-sans-kr-mono-fonts-20170403-150200.10.3.1 * noto-sans-tc-demilight-fonts-20170403-150200.10.3.1 * noto-sans-tc-thin-fonts-20170403-150200.10.3.1 * noto-sans-kr-fonts-20170403-150200.10.3.1 * noto-sans-jp-demilight-fonts-20170403-150200.10.3.1 * noto-sans-tc-regular-fonts-20170403-150200.10.3.1 * noto-sans-kr-light-fonts-20170403-150200.10.3.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1203741 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Apr 3 12:30:16 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 03 Apr 2023 12:30:16 -0000 Subject: SUSE-RU-2023:1731-1: important: Recommended update for yast2-network Message-ID: <168052501600.21954.9500395949739035357@smelt2.suse.de> # Recommended update for yast2-network Announcement ID: SUSE-RU-2023:1731-1 Rating: important References: * #1207221 * #1208796 Affected Products: * Basesystem Module 15-SP4 * openSUSE Leap 15.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has two recommended fixes can now be installed. ## Description: This update for yast2-network fixes the following issues: * Fix build failure (introduced by the previous fix for bsc#1207221) (bsc#1208796) ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-1731=1 * SUSE Linux Enterprise High Performance Computing 15 SP4 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2023-1731=1 * SUSE Linux Enterprise Server 15 SP4 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2023-1731=1 * SUSE Manager Server 4.3 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2023-1731=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2023-1731=1 * SUSE Linux Enterprise Desktop 15 SP4 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2023-1731=1 * SUSE Manager Retail Branch Server 4.3 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2023-1731=1 * SUSE Manager Proxy 4.3 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2023-1731=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-1731=1 ## Package List: * openSUSE Leap 15.4 (noarch) * yast2-network-4.4.56-150400.3.18.1 * SUSE Linux Enterprise High Performance Computing 15 SP4 (noarch) * yast2-network-4.4.56-150400.3.18.1 * SUSE Linux Enterprise Server 15 SP4 (noarch) * yast2-network-4.4.56-150400.3.18.1 * SUSE Manager Server 4.3 (noarch) * yast2-network-4.4.56-150400.3.18.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch) * yast2-network-4.4.56-150400.3.18.1 * SUSE Linux Enterprise Desktop 15 SP4 (noarch) * yast2-network-4.4.56-150400.3.18.1 * SUSE Manager Retail Branch Server 4.3 (noarch) * yast2-network-4.4.56-150400.3.18.1 * SUSE Manager Proxy 4.3 (noarch) * yast2-network-4.4.56-150400.3.18.1 * Basesystem Module 15-SP4 (noarch) * yast2-network-4.4.56-150400.3.18.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1207221 * https://bugzilla.suse.com/show_bug.cgi?id=1208796 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Apr 3 12:30:16 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 03 Apr 2023 12:30:16 -0000 Subject: SUSE-RU-2023:1729-1: important: Recommended update for python-yarl Message-ID: <168052501696.21954.3669543226937046226@smelt2.suse.de> # Recommended update for python-yarl Announcement ID: SUSE-RU-2023:1729-1 Rating: important References: Affected Products: * openSUSE Leap 15.4 * Public Cloud Module 15-SP3 * Public Cloud Module 15-SP4 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.2 * SUSE Manager Server 4.2 Module 4.2 * SUSE Manager Server 4.3 * SUSE Manager Server 4.3 Module 4.3 An update that can now be installed. ## Description: This update for python-yarl fixes the following issues: * Skip failing tests to resolve build failures ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-1729=1 * Public Cloud Module 15-SP3 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP3-2023-1729=1 * Public Cloud Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2023-1729=1 * SUSE Manager Server 4.2 Module 4.2 zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.2-2023-1729=1 * SUSE Manager Server 4.3 Module 4.3 zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.3-2023-1729=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * python-yarl-debugsource-1.3.0-150200.3.6.1 * python3-yarl-debuginfo-1.3.0-150200.3.6.1 * python3-yarl-1.3.0-150200.3.6.1 * Public Cloud Module 15-SP3 (aarch64 ppc64le s390x x86_64) * python-yarl-debugsource-1.3.0-150200.3.6.1 * python3-yarl-debuginfo-1.3.0-150200.3.6.1 * python3-yarl-1.3.0-150200.3.6.1 * Public Cloud Module 15-SP4 (aarch64 ppc64le s390x x86_64) * python-yarl-debugsource-1.3.0-150200.3.6.1 * python3-yarl-debuginfo-1.3.0-150200.3.6.1 * python3-yarl-1.3.0-150200.3.6.1 * SUSE Manager Server 4.2 Module 4.2 (aarch64 ppc64le s390x x86_64) * python3-yarl-debuginfo-1.3.0-150200.3.6.1 * python-yarl-debugsource-1.3.0-150200.3.6.1 * python3-yarl-1.3.0-150200.3.6.1 * SUSE Manager Server 4.3 Module 4.3 (aarch64 ppc64le s390x x86_64) * python-yarl-debugsource-1.3.0-150200.3.6.1 * python3-yarl-debuginfo-1.3.0-150200.3.6.1 * python3-yarl-1.3.0-150200.3.6.1 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Apr 3 12:30:17 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 03 Apr 2023 12:30:17 -0000 Subject: SUSE-RU-2023:1728-1: important: Recommended update for python-yarl Message-ID: <168052501787.21954.10306695055031589169@smelt2.suse.de> # Recommended update for python-yarl Announcement ID: SUSE-RU-2023:1728-1 Rating: important References: Affected Products: * Public Cloud Module 15-SP2 * Public Cloud Module 15-SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Manager Proxy 4.0 * SUSE Manager Proxy 4.1 * SUSE Manager Retail Branch Server 4.0 * SUSE Manager Retail Branch Server 4.1 * SUSE Manager Server 4.0 * SUSE Manager Server 4.1 An update that can now be installed. ## Description: This update for python-yarl fixes the following issues: * Skip failing tests to resolve build failures ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Public Cloud Module 15-SP1 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP1-2023-1728=1 * Public Cloud Module 15-SP2 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP2-2023-1728=1 ## Package List: * Public Cloud Module 15-SP1 (aarch64 ppc64le s390x x86_64) * python-yarl-debugsource-1.3.0-150100.3.9.1 * python3-yarl-debuginfo-1.3.0-150100.3.9.1 * python3-yarl-1.3.0-150100.3.9.1 * Public Cloud Module 15-SP2 (aarch64 ppc64le s390x x86_64) * python-yarl-debugsource-1.3.0-150100.3.9.1 * python3-yarl-debuginfo-1.3.0-150100.3.9.1 * python3-yarl-1.3.0-150100.3.9.1 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Apr 3 12:30:20 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 03 Apr 2023 12:30:20 -0000 Subject: SUSE-RU-2023:1727-1: moderate: Recommended update for 389-ds Message-ID: <168052502062.21954.14659667004527100713@smelt2.suse.de> # Recommended update for 389-ds Announcement ID: SUSE-RU-2023:1727-1 Rating: moderate References: * #1205996 * #1206563 Affected Products: * openSUSE Leap 15.4 * Server Applications Module 15-SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has two recommended fixes can now be installed. ## Description: This update for 389-ds fixes the following issues: * Prevent memory access violation in `cl5configtrim` (bsc#1205996) * Improve pam_saslauthd migration handling from openldap (bsc#1206563) * Add functionality to do bulk updates to entries * Improve `saslauthd` migration options * Update plugins for new split PAM and LDAP pass thru auth * Add specialized group edit modal to the UI * 'dsidm' now asks for the old password on password reset * Prevent virtual attribute indexing * Allow mutliple MemberOf fixup tasks with different bases/filters ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-1727=1 * Server Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2023-1727=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * 389-ds-debugsource-2.0.17~git20.ff6dbd9-150400.3.23.1 * 389-ds-snmp-debuginfo-2.0.17~git20.ff6dbd9-150400.3.23.1 * 389-ds-debuginfo-2.0.17~git20.ff6dbd9-150400.3.23.1 * 389-ds-snmp-2.0.17~git20.ff6dbd9-150400.3.23.1 * libsvrcore0-2.0.17~git20.ff6dbd9-150400.3.23.1 * 389-ds-2.0.17~git20.ff6dbd9-150400.3.23.1 * libsvrcore0-debuginfo-2.0.17~git20.ff6dbd9-150400.3.23.1 * lib389-2.0.17~git20.ff6dbd9-150400.3.23.1 * 389-ds-devel-2.0.17~git20.ff6dbd9-150400.3.23.1 * Server Applications Module 15-SP4 (aarch64 ppc64le s390x x86_64) * 389-ds-debugsource-2.0.17~git20.ff6dbd9-150400.3.23.1 * 389-ds-debuginfo-2.0.17~git20.ff6dbd9-150400.3.23.1 * libsvrcore0-2.0.17~git20.ff6dbd9-150400.3.23.1 * 389-ds-2.0.17~git20.ff6dbd9-150400.3.23.1 * libsvrcore0-debuginfo-2.0.17~git20.ff6dbd9-150400.3.23.1 * lib389-2.0.17~git20.ff6dbd9-150400.3.23.1 * 389-ds-devel-2.0.17~git20.ff6dbd9-150400.3.23.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1205996 * https://bugzilla.suse.com/show_bug.cgi?id=1206563 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Apr 3 12:30:25 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 03 Apr 2023 12:30:25 -0000 Subject: SUSE-SU-2023:1726-1: important: Security update for runc Message-ID: <168052502503.21954.12519588146777833548@smelt2.suse.de> # Security update for runc Announcement ID: SUSE-SU-2023:1726-1 Rating: important References: * #1168481 * #1208962 * #1209884 * #1209888 Cross-References: * CVE-2023-25809 * CVE-2023-27561 * CVE-2023-28642 CVSS scores: * CVE-2023-25809 ( SUSE ): 2.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:L * CVE-2023-25809 ( NVD ): 5.0 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L * CVE-2023-27561 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-27561 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-28642 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L * CVE-2023-28642 ( NVD ): 6.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L Affected Products: * Containers Module 12 * SUSE Linux Enterprise High Performance Computing 12 SP2 * SUSE Linux Enterprise High Performance Computing 12 SP3 * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 * SUSE Linux Enterprise Server 12 SP1 * SUSE Linux Enterprise Server 12 SP2 * SUSE Linux Enterprise Server 12 SP3 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 * SUSE Linux Enterprise Server for SAP Applications 12 SP1 * SUSE Linux Enterprise Server for SAP Applications 12 SP2 * SUSE Linux Enterprise Server for SAP Applications 12 SP3 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves three vulnerabilities and has one fix can now be installed. ## Description: This update for runc fixes the following issues: Update to runc v1.1.5: Security fixes: * CVE-2023-25809: Fixed rootless `/sys/fs/cgroup` is writable when cgroupns isn't unshared (bnc#1209884). * CVE-2023-27561: Fixed regression that reintroduced CVE-2019-19921 vulnerability (bnc#1208962). * CVE-2023-28642: Fixed AppArmor/SELinux bypass with symlinked /proc (bnc#1209888). Other fixes: * Fix the inability to use `/dev/null` when inside a container. * Fix changing the ownership of host's `/dev/null` caused by fd redirection (bsc#1168481). * Fix rare runc exec/enter unshare error on older kernels. * nsexec: Check for errors in `write_log()`. * Drop version-specific Go requirement. ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Containers Module 12 zypper in -t patch SUSE-SLE-Module-Containers-12-2023-1726=1 ## Package List: * Containers Module 12 (ppc64le s390x x86_64) * runc-debuginfo-1.1.5-16.29.1 * runc-1.1.5-16.29.1 ## References: * https://www.suse.com/security/cve/CVE-2023-25809.html * https://www.suse.com/security/cve/CVE-2023-27561.html * https://www.suse.com/security/cve/CVE-2023-28642.html * https://bugzilla.suse.com/show_bug.cgi?id=1168481 * https://bugzilla.suse.com/show_bug.cgi?id=1208962 * https://bugzilla.suse.com/show_bug.cgi?id=1209884 * https://bugzilla.suse.com/show_bug.cgi?id=1209888 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Apr 3 12:30:26 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 03 Apr 2023 12:30:26 -0000 Subject: SUSE-RU-2023:1725-1: moderate: Recommended update for openvpn Message-ID: <168052502698.21954.1554477696709290578@smelt2.suse.de> # Recommended update for openvpn Announcement ID: SUSE-RU-2023:1725-1 Rating: moderate References: * #1202792 Affected Products: * Basesystem Module 15-SP4 * openSUSE Leap 15.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has one recommended fix can now be installed. ## Description: This update for openvpn fixes the following issues: * Add back `--enable-iproute2` as default option (bsc#1202792) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-1725=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-1725=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * openvpn-devel-2.5.6-150400.3.6.1 * openvpn-2.5.6-150400.3.6.1 * openvpn-debugsource-2.5.6-150400.3.6.1 * openvpn-debuginfo-2.5.6-150400.3.6.1 * openvpn-auth-pam-plugin-2.5.6-150400.3.6.1 * openvpn-down-root-plugin-2.5.6-150400.3.6.1 * openvpn-down-root-plugin-debuginfo-2.5.6-150400.3.6.1 * openvpn-auth-pam-plugin-debuginfo-2.5.6-150400.3.6.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * openvpn-devel-2.5.6-150400.3.6.1 * openvpn-2.5.6-150400.3.6.1 * openvpn-debugsource-2.5.6-150400.3.6.1 * openvpn-debuginfo-2.5.6-150400.3.6.1 * openvpn-auth-pam-plugin-2.5.6-150400.3.6.1 * openvpn-auth-pam-plugin-debuginfo-2.5.6-150400.3.6.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1202792 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Apr 3 12:30:28 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 03 Apr 2023 12:30:28 -0000 Subject: SUSE-FU-2023:1724-1: important: Feature update for perl-Capture-Tiny Message-ID: <168052502802.21954.14921791392896104985@smelt2.suse.de> # Feature update for perl-Capture-Tiny Announcement ID: SUSE-FU-2023:1724-1 Rating: important References: Affected Products: * Development Tools Module 15-SP4 * openSUSE Leap 15.4 * SUSE CaaS Platform 4.0 * SUSE Enterprise Storage 7 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that contains one feature can now be installed. ## Description: This update for perl-Capture-Tiny fixes the following issues: Version update from 0.46 to 0.48 (jsc#PED-3666): * Appends PID to random file names for tee signalling, to avoid name collision when used in multiple forked processes ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-1724=1 * Development Tools Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-1724=1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-1724=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-1724=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-1724=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-1724=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-1724=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-1724=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-1724=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-1724=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-1724=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-1724=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-1724=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-1724=1 * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-1724=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. ## Package List: * openSUSE Leap 15.4 (noarch) * perl-Capture-Tiny-0.48-150000.3.3.1 * Development Tools Module 15-SP4 (noarch) * perl-Capture-Tiny-0.48-150000.3.3.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (noarch) * perl-Capture-Tiny-0.48-150000.3.3.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * perl-Capture-Tiny-0.48-150000.3.3.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * perl-Capture-Tiny-0.48-150000.3.3.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * perl-Capture-Tiny-0.48-150000.3.3.1 * SUSE Linux Enterprise Real Time 15 SP3 (noarch) * perl-Capture-Tiny-0.48-150000.3.3.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (noarch) * perl-Capture-Tiny-0.48-150000.3.3.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch) * perl-Capture-Tiny-0.48-150000.3.3.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * perl-Capture-Tiny-0.48-150000.3.3.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (noarch) * perl-Capture-Tiny-0.48-150000.3.3.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch) * perl-Capture-Tiny-0.48-150000.3.3.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * perl-Capture-Tiny-0.48-150000.3.3.1 * SUSE Enterprise Storage 7.1 (noarch) * perl-Capture-Tiny-0.48-150000.3.3.1 * SUSE Enterprise Storage 7 (noarch) * perl-Capture-Tiny-0.48-150000.3.3.1 * SUSE CaaS Platform 4.0 (noarch) * perl-Capture-Tiny-0.48-150000.3.3.1 ## References: * https://jira.suse.com/browse/PED-3666 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Apr 3 12:30:29 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 03 Apr 2023 12:30:29 -0000 Subject: SUSE-SU-2023:0772-1: moderate: Security update for drbd Message-ID: <168052502987.21954.12821894350276259546@smelt2.suse.de> # Security update for drbd Announcement ID: SUSE-SU-2023:0772-1 Rating: moderate References: * #1209188 Affected Products: * SUSE Linux Enterprise High Availability Extension 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 Business Critical Linux 15-SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Manager Proxy 4.0 * SUSE Manager Retail Branch Server 4.0 * SUSE Manager Server 4.0 An update that has one fix can now be installed. ## Description: This update of drbd fixes the following issues: * rebuild the package with the new secure boot key (bsc#1209188). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Availability Extension 15 SP1 zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2023-772=1 ## Package List: * SUSE Linux Enterprise High Availability Extension 15 SP1 (aarch64 ppc64le s390x x86_64) * drbd-kmp-default-debuginfo-9.0.16+git.ab9777df_k4.12.14_150100.197.134-150100.8.29.1 * drbd-9.0.16+git.ab9777df-150100.8.29.1 * drbd-kmp-default-9.0.16+git.ab9777df_k4.12.14_150100.197.134-150100.8.29.1 * drbd-debugsource-9.0.16+git.ab9777df-150100.8.29.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1209188 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Apr 3 12:30:31 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 03 Apr 2023 12:30:31 -0000 Subject: SUSE-SU-2023:0771-1: moderate: Security update for drbd Message-ID: <168052503188.21954.7791565497494313207@smelt2.suse.de> # Security update for drbd Announcement ID: SUSE-SU-2023:0771-1 Rating: moderate References: * #1209188 Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Real Time 12 SP5 * SUSE Linux Enterprise Server 12 SP5 An update that has one fix can now be installed. ## Description: This update of drbd fixes the following issues: * rebuild the package with the new secure boot key (bsc#1209188). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Real Time 12 SP5 zypper in -t patch SUSE-SLE-RT-12-SP5-2023-771=1 ## Package List: * SUSE Linux Enterprise Real Time 12 SP5 (x86_64) * drbd-kmp-rt-9.0.14+git.62f906cf_k4.12.14_10.115-4.10.1 * drbd-kmp-rt-debuginfo-9.0.14+git.62f906cf_k4.12.14_10.115-4.10.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1209188 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Apr 3 12:30:38 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 03 Apr 2023 12:30:38 -0000 Subject: SUSE-SU-2023:0767-1: important: Security update for the Linux Kernel Message-ID: <168052503809.21954.10663396768272360166@smelt2.suse.de> # Security update for the Linux Kernel Announcement ID: SUSE-SU-2023:0767-1 Rating: important References: * #1203331 * #1203332 * #1207051 * #1207795 * #1208700 * #1209188 Cross-References: * CVE-2022-36280 * CVE-2022-38096 * CVE-2023-0590 * CVE-2023-23559 * CVE-2023-26545 CVSS scores: * CVE-2022-36280 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-36280 ( NVD ): 6.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:H * CVE-2022-38096 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-38096 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-0590 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-0590 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-23559 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L * CVE-2023-23559 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-26545 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-26545 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP2 * SUSE Linux Enterprise Server 12 SP2 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 An update that solves five vulnerabilities and has one fix can now be installed. ## Description: The SUSE Linux Enterprise 12 SP2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: * CVE-2023-26545: Fixed double free in net/mpls/af_mpls.c upon an allocation failure (bsc#1208700). * CVE-2023-23559: Fixed integer overflow in rndis_wlan that leads to a buffer overflow (bsc#1207051). * CVE-2022-38096: Fixed NULL-ptr deref in vmw_cmd_dx_define_query() (bsc#1203331). * CVE-2022-36280: Fixed out-of-bounds memory access vulnerability found in vmwgfx driver (bsc#1203332). * CVE-2023-0590: Fixed race condition in qdisc_graft() (bsc#1207795). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2023-767=1 ## Package List: * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 (nosrc x86_64) * kernel-default-4.4.121-92.202.5 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 (x86_64) * kernel-default-base-debuginfo-4.4.121-92.202.5 * kernel-default-devel-4.4.121-92.202.5 * kernel-default-base-4.4.121-92.202.5 * kernel-default-debuginfo-4.4.121-92.202.5 * kernel-syms-4.4.121-92.202.6 * kernel-default-debugsource-4.4.121-92.202.5 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 (noarch) * kernel-devel-4.4.121-92.202.6 * kernel-macros-4.4.121-92.202.6 * kernel-source-4.4.121-92.202.6 ## References: * https://www.suse.com/security/cve/CVE-2022-36280.html * https://www.suse.com/security/cve/CVE-2022-38096.html * https://www.suse.com/security/cve/CVE-2023-0590.html * https://www.suse.com/security/cve/CVE-2023-23559.html * https://www.suse.com/security/cve/CVE-2023-26545.html * https://bugzilla.suse.com/show_bug.cgi?id=1203331 * https://bugzilla.suse.com/show_bug.cgi?id=1203332 * https://bugzilla.suse.com/show_bug.cgi?id=1207051 * https://bugzilla.suse.com/show_bug.cgi?id=1207795 * https://bugzilla.suse.com/show_bug.cgi?id=1208700 * https://bugzilla.suse.com/show_bug.cgi?id=1209188 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Apr 3 16:30:05 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 03 Apr 2023 16:30:05 -0000 Subject: SUSE-SU-2023:1740-3: moderate: Security update for yaml-cpp Message-ID: <168053940508.18163.6250970889679357620@smelt2.suse.de> # Security update for yaml-cpp Announcement ID: SUSE-SU-2023:1740-3 Rating: moderate References: * #1121227 * #1121230 * #1122004 * #1122021 Cross-References: * CVE-2018-20573 * CVE-2018-20574 * CVE-2019-6285 * CVE-2019-6292 CVSS scores: * CVE-2018-20573 ( SUSE ): 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2018-20573 ( NVD ): 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2018-20574 ( SUSE ): 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2018-20574 ( NVD ): 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2019-6285 ( SUSE ): 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2019-6285 ( NVD ): 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2019-6292 ( SUSE ): 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2019-6292 ( NVD ): 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: * SUSE Enterprise Storage 7 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 An update that solves four vulnerabilities can now be installed. ## Description: This update for yaml-cpp fixes the following issues: * CVE-2018-20573: Fixed remote DOS via a crafted YAML file in function Scanner:EnsureTokensInQueue (bsc#1121227). * CVE-2018-20574: Fixed remote DOS via a crafted YAML file in function SingleDocParser:HandleFlowMap (bsc#1121230). * CVE-2019-6285: Fixed remote DOS via a crafted YAML file in function SingleDocParser::HandleFlowSequence (bsc#1122004). * CVE-2019-6292: Fixed DOS by stack consumption in singledocparser.cpp (bsc#1122021). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-1740=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-1740=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-1740=1 * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-1740=1 ## Package List: * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * libyaml-cpp0_6-debuginfo-0.6.1-4.5.1 * yaml-cpp-devel-0.6.1-4.5.1 * libyaml-cpp0_6-0.6.1-4.5.1 * yaml-cpp-debugsource-0.6.1-4.5.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * libyaml-cpp0_6-debuginfo-0.6.1-4.5.1 * yaml-cpp-devel-0.6.1-4.5.1 * libyaml-cpp0_6-0.6.1-4.5.1 * yaml-cpp-debugsource-0.6.1-4.5.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * libyaml-cpp0_6-debuginfo-0.6.1-4.5.1 * yaml-cpp-devel-0.6.1-4.5.1 * libyaml-cpp0_6-0.6.1-4.5.1 * yaml-cpp-debugsource-0.6.1-4.5.1 * SUSE Enterprise Storage 7 (aarch64 x86_64) * libyaml-cpp0_6-debuginfo-0.6.1-4.5.1 * yaml-cpp-devel-0.6.1-4.5.1 * libyaml-cpp0_6-0.6.1-4.5.1 * yaml-cpp-debugsource-0.6.1-4.5.1 ## References: * https://www.suse.com/security/cve/CVE-2018-20573.html * https://www.suse.com/security/cve/CVE-2018-20574.html * https://www.suse.com/security/cve/CVE-2019-6285.html * https://www.suse.com/security/cve/CVE-2019-6292.html * https://bugzilla.suse.com/show_bug.cgi?id=1121227 * https://bugzilla.suse.com/show_bug.cgi?id=1121230 * https://bugzilla.suse.com/show_bug.cgi?id=1122004 * https://bugzilla.suse.com/show_bug.cgi?id=1122021 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Apr 3 16:30:07 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 03 Apr 2023 16:30:07 -0000 Subject: SUSE-SU-2023:1739-1: moderate: Security update for pgadmin4 Message-ID: <168053940710.18163.285757218636961011@smelt2.suse.de> # Security update for pgadmin4 Announcement ID: SUSE-SU-2023:1739-1 Rating: moderate References: * #1207238 Cross-References: * CVE-2023-22298 CVSS scores: * CVE-2023-22298 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N * CVE-2023-22298 ( NVD ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Affected Products: * openSUSE Leap 15.4 * Server Applications Module 15-SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves one vulnerability can now be installed. ## Description: This update for pgadmin4 fixes the following issues: * CVE-2023-22298: Fixed an open redirect vulnerability (bsc#1207238). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-1739=1 * Server Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2023-1739=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-1739=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * pgadmin4-4.30-150300.3.6.1 * pgadmin4-debuginfo-4.30-150300.3.6.1 * openSUSE Leap 15.4 (noarch) * pgadmin4-doc-4.30-150300.3.6.1 * pgadmin4-web-uwsgi-4.30-150300.3.6.1 * pgadmin4-web-4.30-150300.3.6.1 * Server Applications Module 15-SP4 (aarch64 ppc64le s390x x86_64) * pgadmin4-4.30-150300.3.6.1 * pgadmin4-debuginfo-4.30-150300.3.6.1 * Server Applications Module 15-SP4 (noarch) * pgadmin4-doc-4.30-150300.3.6.1 * pgadmin4-web-4.30-150300.3.6.1 * SUSE Linux Enterprise Real Time 15 SP3 (x86_64) * pgadmin4-4.30-150300.3.6.1 * pgadmin4-debuginfo-4.30-150300.3.6.1 * SUSE Linux Enterprise Real Time 15 SP3 (noarch) * pgadmin4-doc-4.30-150300.3.6.1 * pgadmin4-web-4.30-150300.3.6.1 ## References: * https://www.suse.com/security/cve/CVE-2023-22298.html * https://bugzilla.suse.com/show_bug.cgi?id=1207238 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Apr 3 16:30:09 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 03 Apr 2023 16:30:09 -0000 Subject: SUSE-SU-2023:1738-1: moderate: Security update for openssl Message-ID: <168053940903.18163.611489481843536775@smelt2.suse.de> # Security update for openssl Announcement ID: SUSE-SU-2023:1738-1 Rating: moderate References: * #1209624 Cross-References: * CVE-2023-0464 CVSS scores: * CVE-2023-0464 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2023-0464 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP2 * SUSE Linux Enterprise Server 12 SP2 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 An update that solves one vulnerability can now be installed. ## Description: This update for openssl fixes the following issues: * CVE-2023-0464: Fixed excessive Resource Usage Verifying X.509 Policy Constraints (bsc#1209624). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2023-1738=1 ## Package List: * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 (x86_64) * libopenssl1_0_0-debuginfo-1.0.2j-60.89.1 * openssl-debuginfo-1.0.2j-60.89.1 * libopenssl1_0_0-debuginfo-32bit-1.0.2j-60.89.1 * openssl-debugsource-1.0.2j-60.89.1 * libopenssl-devel-1.0.2j-60.89.1 * libopenssl1_0_0-hmac-1.0.2j-60.89.1 * libopenssl1_0_0-hmac-32bit-1.0.2j-60.89.1 * openssl-1.0.2j-60.89.1 * libopenssl1_0_0-32bit-1.0.2j-60.89.1 * libopenssl1_0_0-1.0.2j-60.89.1 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 (noarch) * openssl-doc-1.0.2j-60.89.1 ## References: * https://www.suse.com/security/cve/CVE-2023-0464.html * https://bugzilla.suse.com/show_bug.cgi?id=1209624 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Apr 3 16:30:11 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 03 Apr 2023 16:30:11 -0000 Subject: SUSE-SU-2023:1737-1: moderate: Security update for compat-openssl098 Message-ID: <168053941100.18163.3417573319255791398@smelt2.suse.de> # Security update for compat-openssl098 Announcement ID: SUSE-SU-2023:1737-1 Rating: moderate References: * #1209624 Cross-References: * CVE-2023-0464 CVSS scores: * CVE-2023-0464 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2023-0464 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * Legacy Module 12 * SUSE Linux Enterprise High Performance Computing 12 SP2 * SUSE Linux Enterprise High Performance Computing 12 SP3 * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 * SUSE Linux Enterprise Server 12 SP1 * SUSE Linux Enterprise Server 12 SP2 * SUSE Linux Enterprise Server 12 SP3 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 * SUSE Linux Enterprise Server for SAP Applications 12 SP1 * SUSE Linux Enterprise Server for SAP Applications 12 SP2 * SUSE Linux Enterprise Server for SAP Applications 12 SP3 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for compat-openssl098 fixes the following issues: * CVE-2023-0464: Fixed excessive Resource Usage Verifying X.509 Policy Constraints (bsc#1209624). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Legacy Module 12 zypper in -t patch SUSE-SLE-Module-Legacy-12-2023-1737=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 zypper in -t patch SUSE-SLE-SAP-12-SP4-2023-1737=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SAP-12-SP5-2023-1737=1 ## Package List: * Legacy Module 12 (s390x x86_64) * libopenssl0_9_8-debuginfo-0.9.8j-106.45.1 * libopenssl0_9_8-32bit-0.9.8j-106.45.1 * libopenssl0_9_8-debuginfo-32bit-0.9.8j-106.45.1 * libopenssl0_9_8-0.9.8j-106.45.1 * compat-openssl098-debugsource-0.9.8j-106.45.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 (x86_64) * libopenssl0_9_8-0.9.8j-106.45.1 * compat-openssl098-debugsource-0.9.8j-106.45.1 * libopenssl0_9_8-debuginfo-0.9.8j-106.45.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (x86_64) * libopenssl0_9_8-0.9.8j-106.45.1 * compat-openssl098-debugsource-0.9.8j-106.45.1 * libopenssl0_9_8-debuginfo-0.9.8j-106.45.1 ## References: * https://www.suse.com/security/cve/CVE-2023-0464.html * https://bugzilla.suse.com/show_bug.cgi?id=1209624 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Apr 4 07:04:01 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 4 Apr 2023 09:04:01 +0200 (CEST) Subject: SUSE-CU-2023:935-1: Recommended update of suse/389-ds Message-ID: <20230404070401.5FDA7F36D@maintenance.suse.de> SUSE Container Update Advisory: suse/389-ds ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:935-1 Container Tags : suse/389-ds:2.0 , suse/389-ds:2.0-20.23 , suse/389-ds:latest Container Release : 20.23 Severity : moderate Type : recommended References : 1205996 1206563 ----------------------------------------------------------------- The container suse/389-ds was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1727-1 Released: Mon Apr 3 10:52:24 2023 Summary: Recommended update for 389-ds Type: recommended Severity: moderate References: 1205996,1206563 This update for 389-ds fixes the following issues: - Prevent memory access violation in `cl5configtrim` (bsc#1205996) - Improve pam_saslauthd migration handling from openldap (bsc#1206563) - Add functionality to do bulk updates to entries - Improve `saslauthd` migration options - Update plugins for new split PAM and LDAP pass thru auth - Add specialized group edit modal to the UI - 'dsidm' now asks for the old password on password reset - Prevent virtual attribute indexing - Allow mutliple MemberOf fixup tasks with different bases/filters The following package changes have been done: - libsvrcore0-2.0.17~git20.ff6dbd9-150400.3.23.1 updated - lib389-2.0.17~git20.ff6dbd9-150400.3.23.1 updated - 389-ds-2.0.17~git20.ff6dbd9-150400.3.23.1 updated From sle-updates at lists.suse.com Tue Apr 4 07:05:43 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 4 Apr 2023 09:05:43 +0200 (CEST) Subject: SUSE-CU-2023:938-1: Security update of bci/golang Message-ID: <20230404070543.C1D5AF36D@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:938-1 Container Tags : bci/golang:1.19 , bci/golang:1.19-22.18 Container Release : 22.18 Severity : moderate Type : security References : 1207571 1207957 1207975 1208358 CVE-2023-0687 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1718-1 Released: Fri Mar 31 15:47:34 2023 Summary: Security update for glibc Type: security Severity: moderate References: 1207571,1207957,1207975,1208358,CVE-2023-0687 This update for glibc fixes the following issues: Security issue fixed: - CVE-2023-0687: Fix allocated buffer overflow in gmon (bsc#1207975) Other issues fixed: - Fix avx2 strncmp offset compare condition check (bsc#1208358) - elf: Allow dlopen of filter object to work (bsc#1207571) - powerpc: Fix unrecognized instruction errors with recent GCC - x86: Cache computation for AMD architecture (bsc#1207957) The following package changes have been done: - glibc-2.31-150300.46.1 updated - glibc-devel-2.31-150300.46.1 updated - container:sles15-image-15.0.0-27.14.47 updated From sle-updates at lists.suse.com Tue Apr 4 07:06:21 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 4 Apr 2023 09:06:21 +0200 (CEST) Subject: SUSE-CU-2023:939-1: Security update of bci/nodejs Message-ID: <20230404070621.325EDF36D@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:939-1 Container Tags : bci/node:16 , bci/node:16-15.21 , bci/nodejs:16 , bci/nodejs:16-15.21 Container Release : 15.21 Severity : moderate Type : security References : 1207571 1207957 1207975 1208358 CVE-2023-0687 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1718-1 Released: Fri Mar 31 15:47:34 2023 Summary: Security update for glibc Type: security Severity: moderate References: 1207571,1207957,1207975,1208358,CVE-2023-0687 This update for glibc fixes the following issues: Security issue fixed: - CVE-2023-0687: Fix allocated buffer overflow in gmon (bsc#1207975) Other issues fixed: - Fix avx2 strncmp offset compare condition check (bsc#1208358) - elf: Allow dlopen of filter object to work (bsc#1207571) - powerpc: Fix unrecognized instruction errors with recent GCC - x86: Cache computation for AMD architecture (bsc#1207957) The following package changes have been done: - glibc-2.31-150300.46.1 updated - container:sles15-image-15.0.0-27.14.47 updated From sle-updates at lists.suse.com Tue Apr 4 08:30:02 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 04 Apr 2023 08:30:02 -0000 Subject: SUSE-SU-2023:1748-1: moderate: Security update for openssl-1_1 Message-ID: <168059700243.13137.3185311323554408242@smelt2.suse.de> # Security update for openssl-1_1 Announcement ID: SUSE-SU-2023:1748-1 Rating: moderate References: * #1209624 Cross-References: * CVE-2023-0464 CVSS scores: * CVE-2023-0464 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2023-0464 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE CaaS Platform 4.0 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 An update that solves one vulnerability can now be installed. ## Description: This update for openssl-1_1 fixes the following issues: * CVE-2023-0464: Fixed excessive Resource Usage Verifying X.509 Policy Constraints (bsc#1209624). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-1748=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-1748=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-1748=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. ## Package List: * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * libopenssl1_1-hmac-1.1.0i-150100.14.45.1 * openssl-1_1-1.1.0i-150100.14.45.1 * libopenssl1_1-1.1.0i-150100.14.45.1 * libopenssl1_1-debuginfo-1.1.0i-150100.14.45.1 * openssl-1_1-debuginfo-1.1.0i-150100.14.45.1 * openssl-1_1-debugsource-1.1.0i-150100.14.45.1 * libopenssl-1_1-devel-1.1.0i-150100.14.45.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (x86_64) * libopenssl1_1-32bit-debuginfo-1.1.0i-150100.14.45.1 * libopenssl1_1-32bit-1.1.0i-150100.14.45.1 * libopenssl-1_1-devel-32bit-1.1.0i-150100.14.45.1 * libopenssl1_1-hmac-32bit-1.1.0i-150100.14.45.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * libopenssl1_1-hmac-1.1.0i-150100.14.45.1 * openssl-1_1-1.1.0i-150100.14.45.1 * libopenssl1_1-1.1.0i-150100.14.45.1 * libopenssl1_1-debuginfo-1.1.0i-150100.14.45.1 * openssl-1_1-debuginfo-1.1.0i-150100.14.45.1 * openssl-1_1-debugsource-1.1.0i-150100.14.45.1 * libopenssl-1_1-devel-1.1.0i-150100.14.45.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (x86_64) * libopenssl1_1-32bit-debuginfo-1.1.0i-150100.14.45.1 * libopenssl1_1-32bit-1.1.0i-150100.14.45.1 * libopenssl-1_1-devel-32bit-1.1.0i-150100.14.45.1 * libopenssl1_1-hmac-32bit-1.1.0i-150100.14.45.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * libopenssl1_1-hmac-1.1.0i-150100.14.45.1 * openssl-1_1-1.1.0i-150100.14.45.1 * libopenssl1_1-1.1.0i-150100.14.45.1 * libopenssl1_1-debuginfo-1.1.0i-150100.14.45.1 * openssl-1_1-debuginfo-1.1.0i-150100.14.45.1 * openssl-1_1-debugsource-1.1.0i-150100.14.45.1 * libopenssl-1_1-devel-1.1.0i-150100.14.45.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (x86_64) * libopenssl1_1-32bit-debuginfo-1.1.0i-150100.14.45.1 * libopenssl1_1-32bit-1.1.0i-150100.14.45.1 * libopenssl-1_1-devel-32bit-1.1.0i-150100.14.45.1 * libopenssl1_1-hmac-32bit-1.1.0i-150100.14.45.1 * SUSE CaaS Platform 4.0 (x86_64) * libopenssl1_1-32bit-1.1.0i-150100.14.45.1 * libopenssl1_1-hmac-1.1.0i-150100.14.45.1 * libopenssl1_1-1.1.0i-150100.14.45.1 * openssl-1_1-1.1.0i-150100.14.45.1 * libopenssl1_1-debuginfo-1.1.0i-150100.14.45.1 * openssl-1_1-debuginfo-1.1.0i-150100.14.45.1 * libopenssl1_1-hmac-32bit-1.1.0i-150100.14.45.1 * libopenssl-1_1-devel-32bit-1.1.0i-150100.14.45.1 * libopenssl1_1-32bit-debuginfo-1.1.0i-150100.14.45.1 * openssl-1_1-debugsource-1.1.0i-150100.14.45.1 * libopenssl-1_1-devel-1.1.0i-150100.14.45.1 ## References: * https://www.suse.com/security/cve/CVE-2023-0464.html * https://bugzilla.suse.com/show_bug.cgi?id=1209624 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Apr 4 08:30:04 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 04 Apr 2023 08:30:04 -0000 Subject: SUSE-SU-2023:1747-1: moderate: Security update for openssl-1_1 Message-ID: <168059700452.13137.2149260038785683450@smelt2.suse.de> # Security update for openssl-1_1 Announcement ID: SUSE-SU-2023:1747-1 Rating: moderate References: * #1209624 Cross-References: * CVE-2023-0464 CVSS scores: * CVE-2023-0464 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2023-0464 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 * SUSE OpenStack Cloud 9 * SUSE OpenStack Cloud Crowbar 9 An update that solves one vulnerability can now be installed. ## Description: This update for openssl-1_1 fixes the following issues: * CVE-2023-0464: Fixed excessive Resource Usage Verifying X.509 Policy Constraints (bsc#1209624). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE OpenStack Cloud 9 zypper in -t patch SUSE-OpenStack-Cloud-9-2023-1747=1 * SUSE OpenStack Cloud Crowbar 9 zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2023-1747=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 zypper in -t patch SUSE-SLE-SAP-12-SP4-2023-1747=1 * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-1747=1 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 zypper in -t patch SUSE-SLE-SERVER-12-SP4-ESPOS-2023-1747=1 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2023-1747=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-1747=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-1747=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-1747=1 ## Package List: * SUSE OpenStack Cloud 9 (x86_64) * libopenssl1_1-debuginfo-32bit-1.1.1d-2.78.1 * openssl-1_1-debuginfo-1.1.1d-2.78.1 * libopenssl1_1-debuginfo-1.1.1d-2.78.1 * openssl-1_1-debugsource-1.1.1d-2.78.1 * openssl-1_1-1.1.1d-2.78.1 * libopenssl1_1-hmac-32bit-1.1.1d-2.78.1 * libopenssl1_1-1.1.1d-2.78.1 * libopenssl1_1-hmac-1.1.1d-2.78.1 * libopenssl1_1-32bit-1.1.1d-2.78.1 * SUSE OpenStack Cloud Crowbar 9 (x86_64) * libopenssl1_1-debuginfo-32bit-1.1.1d-2.78.1 * openssl-1_1-debuginfo-1.1.1d-2.78.1 * libopenssl1_1-debuginfo-1.1.1d-2.78.1 * openssl-1_1-debugsource-1.1.1d-2.78.1 * openssl-1_1-1.1.1d-2.78.1 * libopenssl1_1-hmac-32bit-1.1.1d-2.78.1 * libopenssl1_1-1.1.1d-2.78.1 * libopenssl1_1-hmac-1.1.1d-2.78.1 * libopenssl1_1-32bit-1.1.1d-2.78.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 (ppc64le x86_64) * openssl-1_1-debuginfo-1.1.1d-2.78.1 * libopenssl1_1-debuginfo-1.1.1d-2.78.1 * openssl-1_1-debugsource-1.1.1d-2.78.1 * openssl-1_1-1.1.1d-2.78.1 * libopenssl1_1-1.1.1d-2.78.1 * libopenssl1_1-hmac-1.1.1d-2.78.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 (x86_64) * libopenssl1_1-debuginfo-32bit-1.1.1d-2.78.1 * libopenssl1_1-hmac-32bit-1.1.1d-2.78.1 * libopenssl1_1-32bit-1.1.1d-2.78.1 * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * openssl-1_1-debuginfo-1.1.1d-2.78.1 * openssl-1_1-debugsource-1.1.1d-2.78.1 * libopenssl-1_1-devel-1.1.1d-2.78.1 * SUSE Linux Enterprise Software Development Kit 12 SP5 (s390x x86_64) * libopenssl-1_1-devel-32bit-1.1.1d-2.78.1 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 (aarch64 x86_64) * openssl-1_1-debuginfo-1.1.1d-2.78.1 * libopenssl1_1-debuginfo-1.1.1d-2.78.1 * openssl-1_1-debugsource-1.1.1d-2.78.1 * openssl-1_1-1.1.1d-2.78.1 * libopenssl1_1-1.1.1d-2.78.1 * libopenssl1_1-hmac-1.1.1d-2.78.1 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 (x86_64) * libopenssl1_1-debuginfo-32bit-1.1.1d-2.78.1 * libopenssl1_1-hmac-32bit-1.1.1d-2.78.1 * libopenssl1_1-32bit-1.1.1d-2.78.1 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 (aarch64 ppc64le s390x x86_64) * openssl-1_1-debuginfo-1.1.1d-2.78.1 * libopenssl1_1-debuginfo-1.1.1d-2.78.1 * openssl-1_1-debugsource-1.1.1d-2.78.1 * openssl-1_1-1.1.1d-2.78.1 * libopenssl1_1-1.1.1d-2.78.1 * libopenssl1_1-hmac-1.1.1d-2.78.1 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 (s390x x86_64) * libopenssl1_1-debuginfo-32bit-1.1.1d-2.78.1 * libopenssl1_1-hmac-32bit-1.1.1d-2.78.1 * libopenssl1_1-32bit-1.1.1d-2.78.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * openssl-1_1-debuginfo-1.1.1d-2.78.1 * libopenssl1_1-debuginfo-1.1.1d-2.78.1 * openssl-1_1-debugsource-1.1.1d-2.78.1 * openssl-1_1-1.1.1d-2.78.1 * libopenssl1_1-1.1.1d-2.78.1 * libopenssl1_1-hmac-1.1.1d-2.78.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (x86_64) * libopenssl1_1-debuginfo-32bit-1.1.1d-2.78.1 * libopenssl1_1-hmac-32bit-1.1.1d-2.78.1 * libopenssl1_1-32bit-1.1.1d-2.78.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * openssl-1_1-debuginfo-1.1.1d-2.78.1 * libopenssl1_1-debuginfo-1.1.1d-2.78.1 * openssl-1_1-debugsource-1.1.1d-2.78.1 * openssl-1_1-1.1.1d-2.78.1 * libopenssl1_1-1.1.1d-2.78.1 * libopenssl1_1-hmac-1.1.1d-2.78.1 * SUSE Linux Enterprise Server 12 SP5 (s390x x86_64) * libopenssl1_1-debuginfo-32bit-1.1.1d-2.78.1 * libopenssl1_1-hmac-32bit-1.1.1d-2.78.1 * libopenssl1_1-32bit-1.1.1d-2.78.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * openssl-1_1-debuginfo-1.1.1d-2.78.1 * libopenssl1_1-debuginfo-1.1.1d-2.78.1 * openssl-1_1-debugsource-1.1.1d-2.78.1 * openssl-1_1-1.1.1d-2.78.1 * libopenssl1_1-1.1.1d-2.78.1 * libopenssl1_1-hmac-1.1.1d-2.78.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (x86_64) * libopenssl1_1-debuginfo-32bit-1.1.1d-2.78.1 * libopenssl1_1-hmac-32bit-1.1.1d-2.78.1 * libopenssl1_1-32bit-1.1.1d-2.78.1 ## References: * https://www.suse.com/security/cve/CVE-2023-0464.html * https://bugzilla.suse.com/show_bug.cgi?id=1209624 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Apr 4 08:30:06 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 04 Apr 2023 08:30:06 -0000 Subject: SUSE-SU-2023:1746-1: moderate: Security update for openssl-3 Message-ID: <168059700657.13137.15071713038668759262@smelt2.suse.de> # Security update for openssl-3 Announcement ID: SUSE-SU-2023:1746-1 Rating: moderate References: * #1209624 Cross-References: * CVE-2023-0464 CVSS scores: * CVE-2023-0464 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2023-0464 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * Basesystem Module 15-SP4 * openSUSE Leap 15.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves one vulnerability can now be installed. ## Description: This update for openssl-3 fixes the following issues: * CVE-2023-0464: Fixed excessive Resource Usage Verifying X.509 Policy Constraints (bsc#1209624). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-1746=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-1746=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * openssl-3-3.0.1-150400.4.20.1 * libopenssl-3-devel-3.0.1-150400.4.20.1 * openssl-3-debugsource-3.0.1-150400.4.20.1 * libopenssl3-3.0.1-150400.4.20.1 * openssl-3-debuginfo-3.0.1-150400.4.20.1 * libopenssl3-debuginfo-3.0.1-150400.4.20.1 * openSUSE Leap 15.4 (x86_64) * libopenssl3-32bit-3.0.1-150400.4.20.1 * libopenssl-3-devel-32bit-3.0.1-150400.4.20.1 * libopenssl3-32bit-debuginfo-3.0.1-150400.4.20.1 * openSUSE Leap 15.4 (noarch) * openssl-3-doc-3.0.1-150400.4.20.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * openssl-3-3.0.1-150400.4.20.1 * libopenssl-3-devel-3.0.1-150400.4.20.1 * openssl-3-debugsource-3.0.1-150400.4.20.1 * libopenssl3-3.0.1-150400.4.20.1 * openssl-3-debuginfo-3.0.1-150400.4.20.1 * libopenssl3-debuginfo-3.0.1-150400.4.20.1 ## References: * https://www.suse.com/security/cve/CVE-2023-0464.html * https://bugzilla.suse.com/show_bug.cgi?id=1209624 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Apr 4 08:30:08 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 04 Apr 2023 08:30:08 -0000 Subject: SUSE-SU-2023:1745-1: moderate: Security update for openssl-1_1 Message-ID: <168059700884.13137.2061553251873107214@smelt2.suse.de> # Security update for openssl-1_1 Announcement ID: SUSE-SU-2023:1745-1 Rating: moderate References: * #1209624 Cross-References: * CVE-2023-0464 CVSS scores: * CVE-2023-0464 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2023-0464 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * Basesystem Module 15-SP4 * openSUSE Leap 15.4 * openSUSE Leap Micro 5.3 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves one vulnerability can now be installed. ## Description: This update for openssl-1_1 fixes the following issues: * CVE-2023-0464: Fixed excessive Resource Usage Verifying X.509 Policy Constraints (bsc#1209624). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-1745=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-1745=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-1745=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-1745=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-1745=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-1745=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-1745=1 ## Package List: * openSUSE Leap Micro 5.3 (aarch64 x86_64) * openssl-1_1-1.1.1l-150400.7.31.2 * libopenssl1_1-hmac-1.1.1l-150400.7.31.2 * openssl-1_1-debugsource-1.1.1l-150400.7.31.2 * libopenssl1_1-debuginfo-1.1.1l-150400.7.31.2 * libopenssl-1_1-devel-1.1.1l-150400.7.31.2 * libopenssl1_1-1.1.1l-150400.7.31.2 * openssl-1_1-debuginfo-1.1.1l-150400.7.31.2 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * openssl-1_1-1.1.1l-150400.7.31.2 * libopenssl1_1-hmac-1.1.1l-150400.7.31.2 * openssl-1_1-debugsource-1.1.1l-150400.7.31.2 * libopenssl1_1-debuginfo-1.1.1l-150400.7.31.2 * libopenssl-1_1-devel-1.1.1l-150400.7.31.2 * libopenssl1_1-1.1.1l-150400.7.31.2 * openssl-1_1-debuginfo-1.1.1l-150400.7.31.2 * openSUSE Leap 15.4 (x86_64) * libopenssl-1_1-devel-32bit-1.1.1l-150400.7.31.2 * libopenssl1_1-32bit-1.1.1l-150400.7.31.2 * libopenssl1_1-32bit-debuginfo-1.1.1l-150400.7.31.2 * libopenssl1_1-hmac-32bit-1.1.1l-150400.7.31.2 * openSUSE Leap 15.4 (noarch) * openssl-1_1-doc-1.1.1l-150400.7.31.2 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * openssl-1_1-1.1.1l-150400.7.31.2 * libopenssl1_1-hmac-1.1.1l-150400.7.31.2 * openssl-1_1-debugsource-1.1.1l-150400.7.31.2 * libopenssl1_1-debuginfo-1.1.1l-150400.7.31.2 * libopenssl-1_1-devel-1.1.1l-150400.7.31.2 * libopenssl1_1-1.1.1l-150400.7.31.2 * openssl-1_1-debuginfo-1.1.1l-150400.7.31.2 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * openssl-1_1-1.1.1l-150400.7.31.2 * libopenssl1_1-hmac-1.1.1l-150400.7.31.2 * openssl-1_1-debugsource-1.1.1l-150400.7.31.2 * libopenssl1_1-debuginfo-1.1.1l-150400.7.31.2 * libopenssl-1_1-devel-1.1.1l-150400.7.31.2 * libopenssl1_1-1.1.1l-150400.7.31.2 * openssl-1_1-debuginfo-1.1.1l-150400.7.31.2 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * openssl-1_1-1.1.1l-150400.7.31.2 * libopenssl1_1-hmac-1.1.1l-150400.7.31.2 * openssl-1_1-debugsource-1.1.1l-150400.7.31.2 * libopenssl1_1-debuginfo-1.1.1l-150400.7.31.2 * libopenssl-1_1-devel-1.1.1l-150400.7.31.2 * libopenssl1_1-1.1.1l-150400.7.31.2 * openssl-1_1-debuginfo-1.1.1l-150400.7.31.2 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * openssl-1_1-1.1.1l-150400.7.31.2 * libopenssl1_1-hmac-1.1.1l-150400.7.31.2 * openssl-1_1-debugsource-1.1.1l-150400.7.31.2 * libopenssl1_1-debuginfo-1.1.1l-150400.7.31.2 * libopenssl-1_1-devel-1.1.1l-150400.7.31.2 * libopenssl1_1-1.1.1l-150400.7.31.2 * openssl-1_1-debuginfo-1.1.1l-150400.7.31.2 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * openssl-1_1-1.1.1l-150400.7.31.2 * libopenssl1_1-hmac-1.1.1l-150400.7.31.2 * openssl-1_1-debugsource-1.1.1l-150400.7.31.2 * libopenssl1_1-debuginfo-1.1.1l-150400.7.31.2 * libopenssl-1_1-devel-1.1.1l-150400.7.31.2 * libopenssl1_1-1.1.1l-150400.7.31.2 * openssl-1_1-debuginfo-1.1.1l-150400.7.31.2 * Basesystem Module 15-SP4 (x86_64) * libopenssl-1_1-devel-32bit-1.1.1l-150400.7.31.2 * libopenssl1_1-32bit-1.1.1l-150400.7.31.2 * libopenssl1_1-32bit-debuginfo-1.1.1l-150400.7.31.2 * libopenssl1_1-hmac-32bit-1.1.1l-150400.7.31.2 ## References: * https://www.suse.com/security/cve/CVE-2023-0464.html * https://bugzilla.suse.com/show_bug.cgi?id=1209624 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Apr 4 08:30:11 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 04 Apr 2023 08:30:11 -0000 Subject: SUSE-RU-2023:1744-1: moderate: Recommended update for patterns-gnome Message-ID: <168059701146.13137.1036232282235457743@smelt2.suse.de> # Recommended update for patterns-gnome Announcement ID: SUSE-RU-2023:1744-1 Rating: moderate References: * #1203966 Affected Products: * Desktop Applications Module 15-SP4 * openSUSE Leap 15.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Workstation Extension 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has one recommended fix can now be installed. ## Description: This update for patterns-gnome fixes the following issues: * Add requirement for xorg-x11-fonts to fix gnome-shell starting failure (bsc#1203966) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-1744=1 * Desktop Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2023-1744=1 * SUSE Linux Enterprise Workstation Extension 15 SP4 zypper in -t patch SUSE-SLE-Product-WE-15-SP4-2023-1744=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * patterns-gnome-gnome-20201210-150400.7.3.1 * patterns-gnome-gnome_imaging-20201210-150400.7.3.1 * patterns-gnome-gnome_basis-20201210-150400.7.3.1 * patterns-gnome-gnome_x11-20201210-150400.7.3.1 * patterns-gnome-gnome_basic-20201210-150400.7.3.1 * patterns-gnome-gnome_multimedia-20201210-150400.7.3.1 * Desktop Applications Module 15-SP4 (aarch64 ppc64le s390x x86_64) * patterns-gnome-gnome_basis-20201210-150400.7.3.1 * patterns-gnome-gnome_basic-20201210-150400.7.3.1 * SUSE Linux Enterprise Workstation Extension 15 SP4 (x86_64) * patterns-gnome-gnome_x11-20201210-150400.7.3.1 * patterns-gnome-gnome-20201210-150400.7.3.1 * patterns-gnome-gnome_imaging-20201210-150400.7.3.1 * patterns-gnome-gnome_multimedia-20201210-150400.7.3.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1203966 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Apr 4 08:30:14 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 04 Apr 2023 08:30:14 -0000 Subject: SUSE-RU-2023:1743-1: moderate: Recommended update for yast2-storage-ng Message-ID: <168059701428.13137.4101392417456193983@smelt2.suse.de> # Recommended update for yast2-storage-ng Announcement ID: SUSE-RU-2023:1743-1 Rating: moderate References: * #1200975 Affected Products: * Basesystem Module 15-SP4 * openSUSE Leap 15.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has one recommended fix can now be installed. ## Description: This update for yast2-storage-ng fixes the following issues: * Fix to properly identify Dell BOSS storage devices (bsc#1200975) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-1743=1 * SUSE Linux Enterprise High Performance Computing 15 SP4 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2023-1743=1 * SUSE Linux Enterprise Server 15 SP4 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2023-1743=1 * SUSE Manager Server 4.3 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2023-1743=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2023-1743=1 * SUSE Linux Enterprise Desktop 15 SP4 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2023-1743=1 * SUSE Manager Retail Branch Server 4.3 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2023-1743=1 * SUSE Manager Proxy 4.3 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2023-1743=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-1743=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * yast2-storage-ng-4.4.42-150400.3.9.1 * SUSE Linux Enterprise High Performance Computing 15 SP4 (aarch64 x86_64) * yast2-storage-ng-4.4.42-150400.3.9.1 * SUSE Linux Enterprise Server 15 SP4 (aarch64 ppc64le s390x x86_64) * yast2-storage-ng-4.4.42-150400.3.9.1 * SUSE Manager Server 4.3 (ppc64le s390x x86_64) * yast2-storage-ng-4.4.42-150400.3.9.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * yast2-storage-ng-4.4.42-150400.3.9.1 * SUSE Linux Enterprise Desktop 15 SP4 (x86_64) * yast2-storage-ng-4.4.42-150400.3.9.1 * SUSE Manager Retail Branch Server 4.3 (x86_64) * yast2-storage-ng-4.4.42-150400.3.9.1 * SUSE Manager Proxy 4.3 (x86_64) * yast2-storage-ng-4.4.42-150400.3.9.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * yast2-storage-ng-4.4.42-150400.3.9.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1200975 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Apr 4 08:30:16 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 04 Apr 2023 08:30:16 -0000 Subject: SUSE-RU-2023:1742-1: moderate: Recommended update for gdm Message-ID: <168059701634.13137.1505357311169076435@smelt2.suse.de> # Recommended update for gdm Announcement ID: SUSE-RU-2023:1742-1 Rating: moderate References: * #1205664 Affected Products: * Desktop Applications Module 15-SP4 * openSUSE Leap 15.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that contains one feature and has one recommended fix can now be installed. ## Description: This update for gdm fixes the following issues: * Update gdm-fingerprint.pamd and gdm-smartcard.pamd with correct configuration to make them work (bsc#1205664) * Enable split authentication * Made preparations for first boot setup for a possible implementation in a future release of SUSE Linux Enterprise Desktop (jsc#PED-1719) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-1742=1 * Desktop Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2023-1742=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * gdm-debugsource-41.3-150400.4.6.1 * libgdm1-41.3-150400.4.6.1 * gdm-devel-41.3-150400.4.6.1 * gdm-debuginfo-41.3-150400.4.6.1 * libgdm1-debuginfo-41.3-150400.4.6.1 * gdm-41.3-150400.4.6.1 * typelib-1_0-Gdm-1_0-41.3-150400.4.6.1 * openSUSE Leap 15.4 (noarch) * gdm-systemd-41.3-150400.4.6.1 * gdmflexiserver-41.3-150400.4.6.1 * gdm-schema-41.3-150400.4.6.1 * gdm-branding-upstream-41.3-150400.4.6.1 * gdm-lang-41.3-150400.4.6.1 * Desktop Applications Module 15-SP4 (aarch64 ppc64le s390x x86_64) * gdm-debugsource-41.3-150400.4.6.1 * libgdm1-41.3-150400.4.6.1 * gdm-devel-41.3-150400.4.6.1 * gdm-debuginfo-41.3-150400.4.6.1 * libgdm1-debuginfo-41.3-150400.4.6.1 * gdm-41.3-150400.4.6.1 * typelib-1_0-Gdm-1_0-41.3-150400.4.6.1 * Desktop Applications Module 15-SP4 (noarch) * gdm-systemd-41.3-150400.4.6.1 * gdmflexiserver-41.3-150400.4.6.1 * gdm-lang-41.3-150400.4.6.1 * gdm-schema-41.3-150400.4.6.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1205664 * https://jira.suse.com/browse/PED-1719 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Apr 4 08:30:20 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 04 Apr 2023 08:30:20 -0000 Subject: SUSE-RU-2023:1741-1: important: Recommended update for pmix Message-ID: <168059702015.13137.8917251345978119609@smelt2.suse.de> # Recommended update for pmix Announcement ID: SUSE-RU-2023:1741-1 Rating: important References: * #1209260 * #1209473 Affected Products: * HPC Module 15-SP4 * openSUSE Leap 15.4 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 An update that has two recommended fixes can now be installed. ## Description: This update for pmix fixes the following issues: * Move the requirement for pmix-runtime-config to libpmix2 and make it version-independent (bsc#1209473) * Fix for Slurm requiring pmix-devel (bsc#1209260) * New subpackages: * pmix-munge-plugin: Includes the psec munge plugin, to avoid dependency issues with the main package * pmix-test: Test package that includes Pmix to give users the opportunity to test their setup. Test files are installed in `/usr/lib/pmix/tests` to avoid conflicts on 32 bits systems ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-1741=1 * HPC Module 15-SP4 zypper in -t patch SUSE-SLE-Module-HPC-15-SP4-2023-1741=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-1741=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-1741=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * pmix-plugins-3.2.3-150300.3.5.1 * pmix-test-debuginfo-3.2.3-150300.3.5.1 * pmix-3.2.3-150300.3.5.1 * pmix-test-3.2.3-150300.3.5.1 * libpmix2-debuginfo-3.2.3-150300.3.5.1 * pmix-debugsource-3.2.3-150300.3.5.1 * libpmix2-3.2.3-150300.3.5.1 * pmix-debuginfo-3.2.3-150300.3.5.1 * libmca_common_dstore1-3.2.3-150300.3.5.1 * pmix-devel-3.2.3-150300.3.5.1 * pmix-plugins-debuginfo-3.2.3-150300.3.5.1 * libmca_common_dstore1-debuginfo-3.2.3-150300.3.5.1 * pmix-plugin-munge-debuginfo-3.2.3-150300.3.5.1 * pmix-plugin-munge-3.2.3-150300.3.5.1 * openSUSE Leap 15.4 (noarch) * pmix-mca-params-3.2.3-150300.3.5.1 * pmix-headers-3.2.3-150300.3.5.1 * HPC Module 15-SP4 (aarch64 x86_64) * pmix-plugins-3.2.3-150300.3.5.1 * pmix-test-debuginfo-3.2.3-150300.3.5.1 * pmix-3.2.3-150300.3.5.1 * pmix-test-3.2.3-150300.3.5.1 * libpmix2-debuginfo-3.2.3-150300.3.5.1 * pmix-debugsource-3.2.3-150300.3.5.1 * libpmix2-3.2.3-150300.3.5.1 * pmix-debuginfo-3.2.3-150300.3.5.1 * libmca_common_dstore1-3.2.3-150300.3.5.1 * pmix-plugins-debuginfo-3.2.3-150300.3.5.1 * libmca_common_dstore1-debuginfo-3.2.3-150300.3.5.1 * pmix-plugin-munge-debuginfo-3.2.3-150300.3.5.1 * pmix-plugin-munge-3.2.3-150300.3.5.1 * HPC Module 15-SP4 (noarch) * pmix-mca-params-3.2.3-150300.3.5.1 * pmix-headers-3.2.3-150300.3.5.1 * HPC Module 15-SP4 (x86_64) * pmix-devel-3.2.3-150300.3.5.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * pmix-plugins-3.2.3-150300.3.5.1 * pmix-test-debuginfo-3.2.3-150300.3.5.1 * pmix-3.2.3-150300.3.5.1 * pmix-test-3.2.3-150300.3.5.1 * libpmix2-debuginfo-3.2.3-150300.3.5.1 * pmix-debugsource-3.2.3-150300.3.5.1 * libpmix2-3.2.3-150300.3.5.1 * pmix-debuginfo-3.2.3-150300.3.5.1 * libmca_common_dstore1-3.2.3-150300.3.5.1 * pmix-plugins-debuginfo-3.2.3-150300.3.5.1 * libmca_common_dstore1-debuginfo-3.2.3-150300.3.5.1 * pmix-plugin-munge-debuginfo-3.2.3-150300.3.5.1 * pmix-plugin-munge-3.2.3-150300.3.5.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * pmix-mca-params-3.2.3-150300.3.5.1 * pmix-headers-3.2.3-150300.3.5.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (x86_64) * pmix-devel-3.2.3-150300.3.5.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * pmix-plugins-3.2.3-150300.3.5.1 * pmix-test-debuginfo-3.2.3-150300.3.5.1 * pmix-3.2.3-150300.3.5.1 * pmix-test-3.2.3-150300.3.5.1 * libpmix2-debuginfo-3.2.3-150300.3.5.1 * pmix-debugsource-3.2.3-150300.3.5.1 * libpmix2-3.2.3-150300.3.5.1 * pmix-debuginfo-3.2.3-150300.3.5.1 * libmca_common_dstore1-3.2.3-150300.3.5.1 * pmix-plugins-debuginfo-3.2.3-150300.3.5.1 * libmca_common_dstore1-debuginfo-3.2.3-150300.3.5.1 * pmix-plugin-munge-debuginfo-3.2.3-150300.3.5.1 * pmix-plugin-munge-3.2.3-150300.3.5.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * pmix-mca-params-3.2.3-150300.3.5.1 * pmix-headers-3.2.3-150300.3.5.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (x86_64) * pmix-devel-3.2.3-150300.3.5.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1209260 * https://bugzilla.suse.com/show_bug.cgi?id=1209473 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Apr 4 12:30:02 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 04 Apr 2023 12:30:02 -0000 Subject: SUSE-SU-2023:1760-1: moderate: Security update for oracleasm Message-ID: <168061140227.8599.8615876697373023987@smelt2.suse.de> # Security update for oracleasm Announcement ID: SUSE-SU-2023:1760-1 Rating: moderate References: * #1209188 Affected Products: * openSUSE Leap 15.4 * Server Applications Module 15-SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has one fix can now be installed. ## Description: This update of oracleasm fixes the following issues: * rebuild the package with the new secure boot key (bsc#1209188). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-1760=1 * Server Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2023-1760=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * oracleasm-debugsource-2.0.8-150400.25.7.1 * oracleasm-kmp-default-debuginfo-2.0.8_k5.14.21_150400.24.46-150400.25.7.1 * oracleasm-kmp-default-2.0.8_k5.14.21_150400.24.46-150400.25.7.1 * openSUSE Leap 15.4 (aarch64) * oracleasm-kmp-64kb-debuginfo-2.0.8_k5.14.21_150400.24.46-150400.25.7.1 * oracleasm-kmp-64kb-2.0.8_k5.14.21_150400.24.46-150400.25.7.1 * Server Applications Module 15-SP4 (aarch64 ppc64le s390x x86_64) * oracleasm-kmp-default-debuginfo-2.0.8_k5.14.21_150400.24.46-150400.25.7.1 * oracleasm-kmp-default-2.0.8_k5.14.21_150400.24.46-150400.25.7.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1209188 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Apr 4 12:30:04 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 04 Apr 2023 12:30:04 -0000 Subject: SUSE-SU-2023:1759-1: moderate: Security update for dpdk Message-ID: <168061140441.8599.12675434212951844878@smelt2.suse.de> # Security update for dpdk Announcement ID: SUSE-SU-2023:1759-1 Rating: moderate References: * #1209188 Affected Products: * openSUSE Leap 15.4 * Server Applications Module 15-SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has one fix can now be installed. ## Description: This update of dpdk fixes the following issues: * rebuild the package with the new secure boot key (bsc#1209188). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-1759=1 * Server Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2023-1759=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le x86_64) * dpdk-examples-debuginfo-19.11.10-150400.4.9.1 * dpdk-debuginfo-19.11.10-150400.4.9.1 * dpdk-kmp-default-debuginfo-19.11.10_k5.14.21_150400.24.46-150400.4.9.1 * libdpdk-20_0-19.11.10-150400.4.9.1 * dpdk-devel-debuginfo-19.11.10-150400.4.9.1 * libdpdk-20_0-debuginfo-19.11.10-150400.4.9.1 * dpdk-debugsource-19.11.10-150400.4.9.1 * dpdk-19.11.10-150400.4.9.1 * dpdk-tools-19.11.10-150400.4.9.1 * dpdk-kmp-default-19.11.10_k5.14.21_150400.24.46-150400.4.9.1 * dpdk-tools-debuginfo-19.11.10-150400.4.9.1 * dpdk-devel-19.11.10-150400.4.9.1 * dpdk-examples-19.11.10-150400.4.9.1 * openSUSE Leap 15.4 (noarch) * dpdk-doc-19.11.10-150400.4.9.1 * dpdk-thunderx-doc-19.11.10-150400.4.9.1 * openSUSE Leap 15.4 (aarch64) * dpdk-thunderx-debugsource-19.11.10-150400.4.9.1 * dpdk-thunderx-kmp-default-19.11.10_k5.14.21_150400.24.46-150400.4.9.1 * dpdk-thunderx-tools-19.11.10-150400.4.9.1 * dpdk-thunderx-tools-debuginfo-19.11.10-150400.4.9.1 * dpdk-thunderx-kmp-default-debuginfo-19.11.10_k5.14.21_150400.24.46-150400.4.9.1 * dpdk-thunderx-19.11.10-150400.4.9.1 * dpdk-thunderx-devel-debuginfo-19.11.10-150400.4.9.1 * dpdk-thunderx-examples-debuginfo-19.11.10-150400.4.9.1 * dpdk-thunderx-debuginfo-19.11.10-150400.4.9.1 * dpdk-thunderx-examples-19.11.10-150400.4.9.1 * dpdk-thunderx-devel-19.11.10-150400.4.9.1 * Server Applications Module 15-SP4 (aarch64 ppc64le x86_64) * dpdk-debuginfo-19.11.10-150400.4.9.1 * dpdk-kmp-default-debuginfo-19.11.10_k5.14.21_150400.24.46-150400.4.9.1 * libdpdk-20_0-19.11.10-150400.4.9.1 * dpdk-devel-debuginfo-19.11.10-150400.4.9.1 * libdpdk-20_0-debuginfo-19.11.10-150400.4.9.1 * dpdk-debugsource-19.11.10-150400.4.9.1 * dpdk-19.11.10-150400.4.9.1 * dpdk-tools-19.11.10-150400.4.9.1 * dpdk-kmp-default-19.11.10_k5.14.21_150400.24.46-150400.4.9.1 * dpdk-tools-debuginfo-19.11.10-150400.4.9.1 * dpdk-devel-19.11.10-150400.4.9.1 * Server Applications Module 15-SP4 (aarch64) * dpdk-thunderx-debugsource-19.11.10-150400.4.9.1 * dpdk-thunderx-kmp-default-19.11.10_k5.14.21_150400.24.46-150400.4.9.1 * dpdk-thunderx-kmp-default-debuginfo-19.11.10_k5.14.21_150400.24.46-150400.4.9.1 * dpdk-thunderx-19.11.10-150400.4.9.1 * dpdk-thunderx-devel-debuginfo-19.11.10-150400.4.9.1 * dpdk-thunderx-debuginfo-19.11.10-150400.4.9.1 * dpdk-thunderx-devel-19.11.10-150400.4.9.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1209188 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Apr 4 12:30:06 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 04 Apr 2023 12:30:06 -0000 Subject: SUSE-SU-2023:1758-1: moderate: Security update for drbd Message-ID: <168061140656.8599.13059919441551062827@smelt2.suse.de> # Security update for drbd Announcement ID: SUSE-SU-2023:1758-1 Rating: moderate References: * #1209188 Affected Products: * openSUSE Leap 15.4 * openSUSE Leap Micro 5.3 * SUSE Linux Enterprise High Availability Extension 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has one fix can now be installed. ## Description: This update of drbd fixes the following issues: * rebuild the package with the new secure boot key (bsc#1209188). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-1758=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-1758=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-1758=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-1758=1 * SUSE Linux Enterprise High Availability Extension 15 SP4 zypper in -t patch SUSE-SLE-Product-HA-15-SP4-2023-1758=1 ## Package List: * openSUSE Leap Micro 5.3 (aarch64 x86_64) * drbd-9.0.30~1+git.10bee2d5-150400.3.4.1 * drbd-debugsource-9.0.30~1+git.10bee2d5-150400.3.4.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * drbd-9.0.30~1+git.10bee2d5-150400.3.4.1 * drbd-kmp-default-9.0.30~1+git.10bee2d5_k5.14.21_150400.24.46-150400.3.4.1 * drbd-debugsource-9.0.30~1+git.10bee2d5-150400.3.4.1 * drbd-kmp-default-debuginfo-9.0.30~1+git.10bee2d5_k5.14.21_150400.24.46-150400.3.4.1 * openSUSE Leap 15.4 (aarch64) * drbd-kmp-64kb-9.0.30~1+git.10bee2d5_k5.14.21_150400.24.46-150400.3.4.1 * drbd-kmp-64kb-debuginfo-9.0.30~1+git.10bee2d5_k5.14.21_150400.24.46-150400.3.4.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * drbd-9.0.30~1+git.10bee2d5-150400.3.4.1 * drbd-debugsource-9.0.30~1+git.10bee2d5-150400.3.4.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * drbd-9.0.30~1+git.10bee2d5-150400.3.4.1 * drbd-debugsource-9.0.30~1+git.10bee2d5-150400.3.4.1 * SUSE Linux Enterprise High Availability Extension 15 SP4 (aarch64 ppc64le s390x x86_64) * drbd-9.0.30~1+git.10bee2d5-150400.3.4.1 * drbd-kmp-default-9.0.30~1+git.10bee2d5_k5.14.21_150400.24.46-150400.3.4.1 * drbd-debugsource-9.0.30~1+git.10bee2d5-150400.3.4.1 * drbd-kmp-default-debuginfo-9.0.30~1+git.10bee2d5_k5.14.21_150400.24.46-150400.3.4.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1209188 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Apr 4 12:30:08 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 04 Apr 2023 12:30:08 -0000 Subject: SUSE-RU-2023:1757-1: important: Recommended update for smartmontools Message-ID: <168061140885.8599.4285036260237487849@smelt2.suse.de> # Recommended update for smartmontools Announcement ID: SUSE-RU-2023:1757-1 Rating: important References: * #1208905 Affected Products: * Basesystem Module 15-SP4 * openSUSE Leap 15.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has one recommended fix can now be installed. ## Description: This update for smartmontools fixes the following issues: * Fix `smartctl` issue affecting NVMe on big endian systems (bsc#1208905) ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-1757=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-1757=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-1757=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * smartmontools-debuginfo-7.2-150300.8.8.1 * smartmontools-7.2-150300.8.8.1 * smartmontools-debugsource-7.2-150300.8.8.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * smartmontools-debuginfo-7.2-150300.8.8.1 * smartmontools-7.2-150300.8.8.1 * smartmontools-debugsource-7.2-150300.8.8.1 * SUSE Linux Enterprise Real Time 15 SP3 (x86_64) * smartmontools-debuginfo-7.2-150300.8.8.1 * smartmontools-7.2-150300.8.8.1 * smartmontools-debugsource-7.2-150300.8.8.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1208905 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Apr 4 12:30:10 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 04 Apr 2023 12:30:10 -0000 Subject: SUSE-SU-2023:1756-1: moderate: Security update for ImageMagick Message-ID: <168061141041.8599.17583367110963775720@smelt2.suse.de> # Security update for ImageMagick Announcement ID: SUSE-SU-2023:1756-1 Rating: moderate References: * #1209141 Cross-References: * CVE-2023-1289 CVSS scores: * CVE-2023-1289 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-1289 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise Real Time 15 SP3 An update that solves one vulnerability can now be installed. ## Description: This update for ImageMagick fixes the following issues: * CVE-2023-1289: Fixed segmentation fault and possible DoS via specially crafted SVG. (bsc#1209141) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-1756=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-1756=1 ## Package List: * openSUSE Leap 15.4 (x86_64) * libMagickWand-7_Q16HDRI6-32bit-debuginfo-7.0.7.34-150200.10.45.1 * libMagick++-7_Q16HDRI4-32bit-7.0.7.34-150200.10.45.1 * libMagick++-7_Q16HDRI4-32bit-debuginfo-7.0.7.34-150200.10.45.1 * libMagickCore-7_Q16HDRI6-32bit-7.0.7.34-150200.10.45.1 * libMagickWand-7_Q16HDRI6-32bit-7.0.7.34-150200.10.45.1 * libMagickCore-7_Q16HDRI6-32bit-debuginfo-7.0.7.34-150200.10.45.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * libMagick++-7_Q16HDRI4-7.0.7.34-150200.10.45.1 * libMagickCore-7_Q16HDRI6-7.0.7.34-150200.10.45.1 * libMagickCore-7_Q16HDRI6-debuginfo-7.0.7.34-150200.10.45.1 * libMagickWand-7_Q16HDRI6-7.0.7.34-150200.10.45.1 * libMagickWand-7_Q16HDRI6-debuginfo-7.0.7.34-150200.10.45.1 * libMagick++-7_Q16HDRI4-debuginfo-7.0.7.34-150200.10.45.1 * SUSE Linux Enterprise Real Time 15 SP3 (x86_64) * libMagick++-7_Q16HDRI4-7.0.7.34-150200.10.45.1 * ImageMagick-debuginfo-7.0.7.34-150200.10.45.1 * perl-PerlMagick-7.0.7.34-150200.10.45.1 * libMagickCore-7_Q16HDRI6-7.0.7.34-150200.10.45.1 * libMagickCore-7_Q16HDRI6-debuginfo-7.0.7.34-150200.10.45.1 * ImageMagick-debugsource-7.0.7.34-150200.10.45.1 * libMagickWand-7_Q16HDRI6-7.0.7.34-150200.10.45.1 * ImageMagick-devel-7.0.7.34-150200.10.45.1 * libMagick++-devel-7.0.7.34-150200.10.45.1 * libMagick++-7_Q16HDRI4-debuginfo-7.0.7.34-150200.10.45.1 * libMagickWand-7_Q16HDRI6-debuginfo-7.0.7.34-150200.10.45.1 * perl-PerlMagick-debuginfo-7.0.7.34-150200.10.45.1 * ImageMagick-7.0.7.34-150200.10.45.1 * ImageMagick-config-7-SUSE-7.0.7.34-150200.10.45.1 * ImageMagick-config-7-upstream-7.0.7.34-150200.10.45.1 ## References: * https://www.suse.com/security/cve/CVE-2023-1289.html * https://bugzilla.suse.com/show_bug.cgi?id=1209141 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Apr 4 12:30:12 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 04 Apr 2023 12:30:12 -0000 Subject: SUSE-SU-2023:1754-1: moderate: Security update for openssl1 Message-ID: <168061141235.8599.2828747364232596926@smelt2.suse.de> # Security update for openssl1 Announcement ID: SUSE-SU-2023:1754-1 Rating: moderate References: * #1209624 Cross-References: * CVE-2023-0464 CVSS scores: * CVE-2023-0464 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2023-0464 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise Server 11 SP4 * SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE 11-SP4 An update that solves one vulnerability can now be installed. ## Description: This update for openssl1 fixes the following issues: * CVE-2023-0464: Fixed excessive Resource Usage Verifying X.509 Policy Constraints (bsc#1209624). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE 11-SP4 zypper in -t patch SUSE-SLE-SERVER-11-SP4-LTSS-EXTREME-CORE-2023-1754=1 * SUSE Linux Enterprise Server 11 SP4 zypper in -t patch SUSE-SLE-SERVER-11-SP4-LTSS-EXTREME-CORE-2023-1754=1 ## Package List: * SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE 11-SP4 (x86_64) * openssl1-doc-1.0.1g-0.58.59.1 * openssl1-1.0.1g-0.58.59.1 * libopenssl1_0_0-32bit-1.0.1g-0.58.59.1 * libopenssl1-devel-1.0.1g-0.58.59.1 * libopenssl1_0_0-1.0.1g-0.58.59.1 * SUSE Linux Enterprise Server 11 SP4 (x86_64) * openssl1-doc-1.0.1g-0.58.59.1 * openssl1-1.0.1g-0.58.59.1 * libopenssl1_0_0-32bit-1.0.1g-0.58.59.1 * libopenssl1-devel-1.0.1g-0.58.59.1 * libopenssl1_0_0-1.0.1g-0.58.59.1 ## References: * https://www.suse.com/security/cve/CVE-2023-0464.html * https://bugzilla.suse.com/show_bug.cgi?id=1209624 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Apr 4 12:30:13 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 04 Apr 2023 12:30:13 -0000 Subject: SUSE-RU-2023:1753-1: moderate: Recommended update for systemd-presets-common-SUSE Message-ID: <168061141351.8599.7947736254439399856@smelt2.suse.de> # Recommended update for systemd-presets-common-SUSE Announcement ID: SUSE-RU-2023:1753-1 Rating: moderate References: Affected Products: * Basesystem Module 15-SP4 * openSUSE Leap 15.4 * SUSE CaaS Platform 4.0 * SUSE Enterprise Storage 7 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 An update that contains one feature can now be installed. ## Description: This update for systemd-presets-common-SUSE fixes the following issue: * Enable systemd-pstore.service by default (jsc#PED-2663) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-1753=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-1753=1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-1753=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-1753=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-1753=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-1753=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-1753=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-1753=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-1753=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-1753=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-1753=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-1753=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-1753=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-1753=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-1753=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-1753=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-1753=1 * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-1753=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-1753=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-1753=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-1753=1 ## Package List: * openSUSE Leap 15.4 (noarch) * systemd-presets-common-SUSE-15-150100.8.20.1 * Basesystem Module 15-SP4 (noarch) * systemd-presets-common-SUSE-15-150100.8.20.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (noarch) * systemd-presets-common-SUSE-15-150100.8.20.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * systemd-presets-common-SUSE-15-150100.8.20.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * systemd-presets-common-SUSE-15-150100.8.20.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * systemd-presets-common-SUSE-15-150100.8.20.1 * SUSE Linux Enterprise Real Time 15 SP3 (noarch) * systemd-presets-common-SUSE-15-150100.8.20.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (noarch) * systemd-presets-common-SUSE-15-150100.8.20.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch) * systemd-presets-common-SUSE-15-150100.8.20.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * systemd-presets-common-SUSE-15-150100.8.20.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (noarch) * systemd-presets-common-SUSE-15-150100.8.20.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch) * systemd-presets-common-SUSE-15-150100.8.20.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * systemd-presets-common-SUSE-15-150100.8.20.1 * SUSE Manager Proxy 4.2 (noarch) * systemd-presets-common-SUSE-15-150100.8.20.1 * SUSE Manager Retail Branch Server 4.2 (noarch) * systemd-presets-common-SUSE-15-150100.8.20.1 * SUSE Manager Server 4.2 (noarch) * systemd-presets-common-SUSE-15-150100.8.20.1 * SUSE Enterprise Storage 7.1 (noarch) * systemd-presets-common-SUSE-15-150100.8.20.1 * SUSE Enterprise Storage 7 (noarch) * systemd-presets-common-SUSE-15-150100.8.20.1 * SUSE CaaS Platform 4.0 (noarch) * systemd-presets-common-SUSE-15-150100.8.20.1 * SUSE Linux Enterprise Micro 5.1 (noarch) * systemd-presets-common-SUSE-15-150100.8.20.1 * SUSE Linux Enterprise Micro 5.2 (noarch) * systemd-presets-common-SUSE-15-150100.8.20.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (noarch) * systemd-presets-common-SUSE-15-150100.8.20.1 ## References: * https://jira.suse.com/browse/PED-2663 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Apr 4 12:30:15 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 04 Apr 2023 12:30:15 -0000 Subject: SUSE-SU-2023:1752-1: moderate: Security update for terraform-provider-helm Message-ID: <168061141529.8599.826477702061481452@smelt2.suse.de> # Security update for terraform-provider-helm Announcement ID: SUSE-SU-2023:1752-1 Rating: moderate References: * #1208086 Cross-References: * CVE-2023-25165 CVSS scores: * CVE-2023-25165 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2023-25165 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N Affected Products: * openSUSE Leap 15.4 * Public Cloud Module 15-SP2 * Public Cloud Module 15-SP3 * Public Cloud Module 15-SP4 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.1 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.1 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.1 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 An update that solves one vulnerability can now be installed. ## Description: This update for terraform-provider-helm fixes the following issues: Updated terraform-provider-helm to version 2.9.0: * CVE-2023-25165: Fixed getHostByName Function Information Disclosure in helm embedded in the package (bsc#1208086). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-1752=1 * Public Cloud Module 15-SP2 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP2-2023-1752=1 * Public Cloud Module 15-SP3 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP3-2023-1752=1 * Public Cloud Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2023-1752=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * terraform-provider-helm-2.9.0-150200.6.8.1 * Public Cloud Module 15-SP2 (aarch64 ppc64le s390x x86_64) * terraform-provider-helm-2.9.0-150200.6.8.1 * Public Cloud Module 15-SP3 (aarch64 ppc64le s390x x86_64) * terraform-provider-helm-2.9.0-150200.6.8.1 * Public Cloud Module 15-SP4 (aarch64 ppc64le s390x x86_64) * terraform-provider-helm-2.9.0-150200.6.8.1 ## References: * https://www.suse.com/security/cve/CVE-2023-25165.html * https://bugzilla.suse.com/show_bug.cgi?id=1208086 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Apr 4 12:30:17 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 04 Apr 2023 12:30:17 -0000 Subject: SUSE-RU-2023:1751-1: moderate: Recommended update for clone-master-clean-up Message-ID: <168061141730.8599.7354145832000898751@smelt2.suse.de> # Recommended update for clone-master-clean-up Announcement ID: SUSE-RU-2023:1751-1 Rating: moderate References: * #1207993 Affected Products: * openSUSE Leap 15.4 * Server Applications Module 15-SP4 * SUSE CaaS Platform 4.0 * SUSE Enterprise Storage 7 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 An update that has one recommended fix can now be installed. ## Description: This update for clone-master-clean-up fixes the following issue: * clone-master-clean-up fails when /etc/iscsi/initiatorname.iscsi doesn't exist (bsc#1207993) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-1751=1 * Server Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2023-1751=1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-1751=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-1751=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-1751=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-1751=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-1751=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-1751=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-1751=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-1751=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-1751=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-1751=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-1751=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-1751=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-1751=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-1751=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-1751=1 * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-1751=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. ## Package List: * openSUSE Leap 15.4 (noarch) * clone-master-clean-up-1.11-150100.3.20.1 * Server Applications Module 15-SP4 (noarch) * clone-master-clean-up-1.11-150100.3.20.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (noarch) * clone-master-clean-up-1.11-150100.3.20.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * clone-master-clean-up-1.11-150100.3.20.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * clone-master-clean-up-1.11-150100.3.20.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * clone-master-clean-up-1.11-150100.3.20.1 * SUSE Linux Enterprise Real Time 15 SP3 (noarch) * clone-master-clean-up-1.11-150100.3.20.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (noarch) * clone-master-clean-up-1.11-150100.3.20.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch) * clone-master-clean-up-1.11-150100.3.20.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * clone-master-clean-up-1.11-150100.3.20.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (noarch) * clone-master-clean-up-1.11-150100.3.20.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch) * clone-master-clean-up-1.11-150100.3.20.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * clone-master-clean-up-1.11-150100.3.20.1 * SUSE Manager Proxy 4.2 (noarch) * clone-master-clean-up-1.11-150100.3.20.1 * SUSE Manager Retail Branch Server 4.2 (noarch) * clone-master-clean-up-1.11-150100.3.20.1 * SUSE Manager Server 4.2 (noarch) * clone-master-clean-up-1.11-150100.3.20.1 * SUSE Enterprise Storage 7.1 (noarch) * clone-master-clean-up-1.11-150100.3.20.1 * SUSE Enterprise Storage 7 (noarch) * clone-master-clean-up-1.11-150100.3.20.1 * SUSE CaaS Platform 4.0 (noarch) * clone-master-clean-up-1.11-150100.3.20.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1207993 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Apr 4 12:30:24 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 04 Apr 2023 12:30:24 -0000 Subject: SUSE-RU-2023:1750-1: low: Recommended update for rear27a Message-ID: <168061142463.8599.12776796837878735158@smelt2.suse.de> # Recommended update for rear27a Announcement ID: SUSE-RU-2023:1750-1 Rating: low References: * #859436 * #861871 * #877042 * #946006 * #950610 Affected Products: * SUSE Linux Enterprise High Availability Extension 15 SP2 * SUSE Linux Enterprise High Availability Extension 15 SP3 * SUSE Linux Enterprise High Availability Extension 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 Business Critical Linux 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 Business Critical Linux 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.1 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.1 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.1 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 An update that contains three features and has five recommended fixes can now be installed. ## Description: This update for rear27a fixes the following issues: * New package rear27a for SUSE Linux Enterprise ## Patch Instructions: To install this SUSE Low update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Availability Extension 15 SP2 zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2023-1750=1 * SUSE Linux Enterprise High Availability Extension 15 SP3 zypper in -t patch SUSE-SLE-Product-HA-15-SP3-2023-1750=1 * SUSE Linux Enterprise High Availability Extension 15 SP4 zypper in -t patch SUSE-SLE-Product-HA-15-SP4-2023-1750=1 ## Package List: * SUSE Linux Enterprise High Availability Extension 15 SP2 (ppc64le x86_64) * rear27a-2.7-150200.5.3.4 * SUSE Linux Enterprise High Availability Extension 15 SP3 (ppc64le x86_64) * rear27a-2.7-150200.5.3.4 * SUSE Linux Enterprise High Availability Extension 15 SP4 (ppc64le x86_64) * rear27a-2.7-150200.5.3.4 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=859436 * https://bugzilla.suse.com/show_bug.cgi?id=861871 * https://bugzilla.suse.com/show_bug.cgi?id=877042 * https://bugzilla.suse.com/show_bug.cgi?id=946006 * https://bugzilla.suse.com/show_bug.cgi?id=950610 * https://jira.suse.com/browse/PED-1325 * https://jira.suse.com/browse/PED-2792 * https://jira.suse.com/browse/PED-960 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Apr 4 12:30:26 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 04 Apr 2023 12:30:26 -0000 Subject: SUSE-RU-2023:1749-1: moderate: Recommended update for sssd Message-ID: <168061142662.8599.17088411442957520582@smelt2.suse.de> # Recommended update for sssd Announcement ID: SUSE-RU-2023:1749-1 Rating: moderate References: * #1206539 Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 An update that contains one feature and has one recommended fix can now be installed. ## Description: This update for sssd fixes the following issues: * Add LDAPS support for the AD provider (bsc#1206539, jsc#PED-3238) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-1749=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-1749=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-1749=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-1749=1 ## Package List: * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * sssd-debugsource-1.16.1-7.52.1 * libsss_idmap-devel-1.16.1-7.52.1 * libipa_hbac-devel-1.16.1-7.52.1 * libsss_nss_idmap-devel-1.16.1-7.52.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * sssd-proxy-1.16.1-7.52.1 * sssd-krb5-1.16.1-7.52.1 * sssd-common-1.16.1-7.52.1 * libsss_simpleifp0-1.16.1-7.52.1 * libipa_hbac0-1.16.1-7.52.1 * sssd-debugsource-1.16.1-7.52.1 * sssd-ad-1.16.1-7.52.1 * python-sssd-config-1.16.1-7.52.1 * libsss_idmap0-debuginfo-1.16.1-7.52.1 * libsss_certmap0-1.16.1-7.52.1 * sssd-krb5-debuginfo-1.16.1-7.52.1 * libsss_certmap0-debuginfo-1.16.1-7.52.1 * sssd-ldap-1.16.1-7.52.1 * libsss_nss_idmap0-1.16.1-7.52.1 * python-sssd-config-debuginfo-1.16.1-7.52.1 * libsss_idmap0-1.16.1-7.52.1 * sssd-tools-debuginfo-1.16.1-7.52.1 * sssd-1.16.1-7.52.1 * sssd-dbus-1.16.1-7.52.1 * sssd-common-debuginfo-1.16.1-7.52.1 * sssd-krb5-common-1.16.1-7.52.1 * sssd-ipa-debuginfo-1.16.1-7.52.1 * libsss_nss_idmap0-debuginfo-1.16.1-7.52.1 * libsss_simpleifp0-debuginfo-1.16.1-7.52.1 * sssd-dbus-debuginfo-1.16.1-7.52.1 * sssd-tools-1.16.1-7.52.1 * sssd-ad-debuginfo-1.16.1-7.52.1 * sssd-krb5-common-debuginfo-1.16.1-7.52.1 * sssd-proxy-debuginfo-1.16.1-7.52.1 * sssd-ldap-debuginfo-1.16.1-7.52.1 * libipa_hbac0-debuginfo-1.16.1-7.52.1 * sssd-ipa-1.16.1-7.52.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64) * libsss_nss_idmap-devel-1.16.1-7.52.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (x86_64) * sssd-common-32bit-1.16.1-7.52.1 * sssd-common-debuginfo-32bit-1.16.1-7.52.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * sssd-proxy-1.16.1-7.52.1 * sssd-krb5-1.16.1-7.52.1 * sssd-common-1.16.1-7.52.1 * libsss_simpleifp0-1.16.1-7.52.1 * libipa_hbac0-1.16.1-7.52.1 * sssd-debugsource-1.16.1-7.52.1 * sssd-ad-1.16.1-7.52.1 * python-sssd-config-1.16.1-7.52.1 * libsss_idmap0-debuginfo-1.16.1-7.52.1 * libsss_certmap0-1.16.1-7.52.1 * sssd-krb5-debuginfo-1.16.1-7.52.1 * libsss_certmap0-debuginfo-1.16.1-7.52.1 * sssd-ldap-1.16.1-7.52.1 * libsss_nss_idmap0-1.16.1-7.52.1 * python-sssd-config-debuginfo-1.16.1-7.52.1 * libsss_idmap0-1.16.1-7.52.1 * sssd-tools-debuginfo-1.16.1-7.52.1 * sssd-1.16.1-7.52.1 * sssd-dbus-1.16.1-7.52.1 * sssd-common-debuginfo-1.16.1-7.52.1 * sssd-krb5-common-1.16.1-7.52.1 * sssd-ipa-debuginfo-1.16.1-7.52.1 * libsss_nss_idmap0-debuginfo-1.16.1-7.52.1 * libsss_simpleifp0-debuginfo-1.16.1-7.52.1 * sssd-dbus-debuginfo-1.16.1-7.52.1 * sssd-tools-1.16.1-7.52.1 * sssd-ad-debuginfo-1.16.1-7.52.1 * sssd-krb5-common-debuginfo-1.16.1-7.52.1 * sssd-proxy-debuginfo-1.16.1-7.52.1 * sssd-ldap-debuginfo-1.16.1-7.52.1 * libipa_hbac0-debuginfo-1.16.1-7.52.1 * sssd-ipa-1.16.1-7.52.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64) * libsss_nss_idmap-devel-1.16.1-7.52.1 * SUSE Linux Enterprise Server 12 SP5 (s390x x86_64) * sssd-common-32bit-1.16.1-7.52.1 * sssd-common-debuginfo-32bit-1.16.1-7.52.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * sssd-proxy-1.16.1-7.52.1 * sssd-krb5-1.16.1-7.52.1 * sssd-common-1.16.1-7.52.1 * libsss_simpleifp0-1.16.1-7.52.1 * libipa_hbac0-1.16.1-7.52.1 * sssd-debugsource-1.16.1-7.52.1 * sssd-ad-1.16.1-7.52.1 * python-sssd-config-1.16.1-7.52.1 * libsss_idmap0-debuginfo-1.16.1-7.52.1 * libsss_certmap0-1.16.1-7.52.1 * sssd-krb5-debuginfo-1.16.1-7.52.1 * libsss_certmap0-debuginfo-1.16.1-7.52.1 * sssd-ldap-1.16.1-7.52.1 * libsss_nss_idmap0-1.16.1-7.52.1 * python-sssd-config-debuginfo-1.16.1-7.52.1 * libsss_idmap0-1.16.1-7.52.1 * sssd-tools-debuginfo-1.16.1-7.52.1 * sssd-1.16.1-7.52.1 * sssd-dbus-1.16.1-7.52.1 * sssd-common-debuginfo-1.16.1-7.52.1 * sssd-krb5-common-1.16.1-7.52.1 * sssd-ipa-debuginfo-1.16.1-7.52.1 * libsss_nss_idmap0-debuginfo-1.16.1-7.52.1 * libsss_simpleifp0-debuginfo-1.16.1-7.52.1 * sssd-dbus-debuginfo-1.16.1-7.52.1 * sssd-tools-1.16.1-7.52.1 * sssd-ad-debuginfo-1.16.1-7.52.1 * sssd-krb5-common-debuginfo-1.16.1-7.52.1 * sssd-proxy-debuginfo-1.16.1-7.52.1 * sssd-ldap-debuginfo-1.16.1-7.52.1 * libipa_hbac0-debuginfo-1.16.1-7.52.1 * sssd-ipa-1.16.1-7.52.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (x86_64) * sssd-common-32bit-1.16.1-7.52.1 * sssd-common-debuginfo-32bit-1.16.1-7.52.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1206539 * https://jira.suse.com/browse/PED-3238 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Apr 4 16:30:01 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 04 Apr 2023 16:30:01 -0000 Subject: SUSE-RU-2023:1765-1: moderate: Recommended update for rust, rust1.68 Message-ID: <168062580124.24437.12543219698490965067@smelt2.suse.de> # Recommended update for rust, rust1.68 Announcement ID: SUSE-RU-2023:1765-1 Rating: moderate References: Affected Products: * Development Tools Module 15-SP4 * openSUSE Leap 15.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that contains one feature can now be installed. ## Description: This update for rust, rust1.68 fixes the following issues: Changes in rust: * Update to version 1.68.0 - for details see the rust1.68 package Changes in rust1.68: * Re-add obsoletes on rust1.62 to prevent file conflicts. # Version 1.68.0 (2023-03-09) ## Language * Stabilize default_alloc_error_handler This allows usage of `alloc` on stable without requiring the definition of a handler for allocation failure. Defining custom handlers is still unstable. * Stabilize `efiapi` calling convention. * Remove implicit promotion for types with drop glue ## Compiler * Change `bindings_with_variant_name` to deny-by-default * Allow .. to be parsed as let initializer * Add `armv7-sony-vita-newlibeabihf` as a tier 3 target * Always check alignment during compile-time const evaluation * Disable "split dwarf inlining" by default. * Add vendor to Fuchsia's target triple * Enable sanitizers for s390x-linux ## Libraries * Loosen the bound on the Debug implementation of Weak. * Make `std::task::Context` !Send and !Sync * PhantomData layout guarantees * Don't derive Debug for `OnceWith` & `RepeatWith` * Implement DerefMut for PathBuf * Add O(1) `Vec -> VecDeque` conversion guarantee * Leak amplification for peek_mut() to ensure BinaryHeap's invariant is always met ## Stabilized APIs * `{core,std}::pin::pin!` * `impl From<bool> for {f32,f64}` * `std::path::MAIN_SEPARATOR_STR` * `impl DerefMut for PathBuf` These APIs are now stable in const contexts: * `VecDeque::new` ## Cargo * Stabilize sparse registry support for crates.io * `cargo build --verbose` tells you more about why it recompiles. * Show progress of crates.io index update even `net.git-fetch-with-cli` option enabled ## Misc ## Compatibility Notes * Add `SEMICOLON_IN_EXPRESSIONS_FROM_MACROS` to future-incompat report * Only specify `--target` by default for `-Zgcc-ld=lld` on wasm * Bump `IMPLIED_BOUNDS_ENTAILMENT` to Deny + ReportNow * `std::task::Context` no longer implements Send and Sync ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-1765=1 * Development Tools Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-1765=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * rust1.68-debuginfo-1.68.0-150400.9.3.1 * cargo1.68-1.68.0-150400.9.3.1 * rust-1.68.0-150400.24.12.1 * cargo1.68-debuginfo-1.68.0-150400.9.3.1 * cargo-1.68.0-150400.24.12.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 nosrc) * rust1.68-1.68.0-150400.9.3.1 * Development Tools Module 15-SP4 (aarch64 ppc64le s390x x86_64) * rust1.68-debuginfo-1.68.0-150400.9.3.1 * cargo1.68-1.68.0-150400.9.3.1 * rust-1.68.0-150400.24.12.1 * cargo1.68-debuginfo-1.68.0-150400.9.3.1 * cargo-1.68.0-150400.24.12.1 * Development Tools Module 15-SP4 (aarch64 ppc64le s390x x86_64 nosrc) * rust1.68-1.68.0-150400.9.3.1 ## References: * https://jira.suse.com/browse/SLE-18626 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Apr 4 16:30:03 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 04 Apr 2023 16:30:03 -0000 Subject: SUSE-SU-2023:1764-1: moderate: Security update for openssl Message-ID: <168062580345.24437.15786647644444363418@smelt2.suse.de> # Security update for openssl Announcement ID: SUSE-SU-2023:1764-1 Rating: moderate References: * #1209624 Cross-References: * CVE-2023-0464 CVSS scores: * CVE-2023-0464 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2023-0464 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise Server 11 SP4 * SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE 11-SP4 An update that solves one vulnerability can now be installed. ## Description: This update for openssl fixes the following issues: * CVE-2023-0464: Fixed excessive Resource Usage Verifying X.509 Policy Constraints (bsc#1209624). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE 11-SP4 zypper in -t patch SUSE-SLE-SERVER-11-SP4-LTSS-EXTREME-CORE-2023-1764=1 * SUSE Linux Enterprise Server 11 SP4 zypper in -t patch SUSE-SLE-SERVER-11-SP4-LTSS-EXTREME-CORE-2023-1764=1 ## Package List: * SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE 11-SP4 (x86_64) * libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.63.1 * openssl-doc-0.9.8j-0.106.63.1 * libopenssl0_9_8-32bit-0.9.8j-0.106.63.1 * libopenssl0_9_8-0.9.8j-0.106.63.1 * openssl-0.9.8j-0.106.63.1 * libopenssl0_9_8-hmac-0.9.8j-0.106.63.1 * SUSE Linux Enterprise Server 11 SP4 (x86_64) * libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.63.1 * openssl-doc-0.9.8j-0.106.63.1 * libopenssl0_9_8-32bit-0.9.8j-0.106.63.1 * libopenssl0_9_8-0.9.8j-0.106.63.1 * openssl-0.9.8j-0.106.63.1 * libopenssl0_9_8-hmac-0.9.8j-0.106.63.1 ## References: * https://www.suse.com/security/cve/CVE-2023-0464.html * https://bugzilla.suse.com/show_bug.cgi?id=1209624 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Apr 4 16:30:05 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 04 Apr 2023 16:30:05 -0000 Subject: SUSE-SU-2023:1763-1: moderate: Security update for python-cryptography Message-ID: <168062580534.24437.9101949606801824501@smelt2.suse.de> # Security update for python-cryptography Announcement ID: SUSE-SU-2023:1763-1 Rating: moderate References: * #1208036 Cross-References: * CVE-2023-23931 CVSS scores: * CVE-2023-23931 ( SUSE ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2023-23931 ( NVD ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L Affected Products: * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Real Time 15 SP3 An update that solves one vulnerability can now be installed. ## Description: This update for python-cryptography fixes the following issues: * CVE-2023-23931: Fixed memory corruption in Cipher.update_into (bsc#1208036). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-1763=1 * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-1763=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-1763=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-1763=1 ## Package List: * SUSE Linux Enterprise Real Time 15 SP3 (x86_64) * python3-cryptography-debuginfo-3.3.2-150200.19.1 * python-cryptography-debugsource-3.3.2-150200.19.1 * python-cryptography-debuginfo-3.3.2-150200.19.1 * python3-cryptography-3.3.2-150200.19.1 * SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64) * python3-cryptography-debuginfo-3.3.2-150200.19.1 * python-cryptography-debugsource-3.3.2-150200.19.1 * python-cryptography-debuginfo-3.3.2-150200.19.1 * python3-cryptography-3.3.2-150200.19.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * python3-cryptography-debuginfo-3.3.2-150200.19.1 * python-cryptography-debugsource-3.3.2-150200.19.1 * python-cryptography-debuginfo-3.3.2-150200.19.1 * python3-cryptography-3.3.2-150200.19.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * python3-cryptography-debuginfo-3.3.2-150200.19.1 * python-cryptography-debugsource-3.3.2-150200.19.1 * python-cryptography-debuginfo-3.3.2-150200.19.1 * python3-cryptography-3.3.2-150200.19.1 ## References: * https://www.suse.com/security/cve/CVE-2023-23931.html * https://bugzilla.suse.com/show_bug.cgi?id=1208036 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Apr 4 16:30:07 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 04 Apr 2023 16:30:07 -0000 Subject: SUSE-SU-2023:1762-1: moderate: Security update for wireshark Message-ID: <168062580731.24437.9978733443295776448@smelt2.suse.de> # Security update for wireshark Announcement ID: SUSE-SU-2023:1762-1 Rating: moderate References: * #1208914 Cross-References: * CVE-2023-1161 CVSS scores: * CVE-2023-1161 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L * CVE-2023-1161 ( NVD ): 6.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L Affected Products: * Basesystem Module 15-SP4 * Desktop Applications Module 15-SP4 * openSUSE Leap 15.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves one vulnerability can now be installed. ## Description: This update for wireshark fixes the following issues: * CVE-2023-1161: Fixed crash in ISO 15765 and ISO 10681 dissector (bsc#1208914). Update to 3.6.12: * https://www.wireshark.org/docs/relnotes/wireshark-3.6.12.html ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-1762=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-1762=1 * Desktop Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2023-1762=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-1762=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * libwiretap12-debuginfo-3.6.12-150000.3.86.1 * wireshark-3.6.12-150000.3.86.1 * libwsutil13-debuginfo-3.6.12-150000.3.86.1 * wireshark-devel-3.6.12-150000.3.86.1 * wireshark-ui-qt-debuginfo-3.6.12-150000.3.86.1 * wireshark-debugsource-3.6.12-150000.3.86.1 * wireshark-ui-qt-3.6.12-150000.3.86.1 * libwiretap12-3.6.12-150000.3.86.1 * wireshark-debuginfo-3.6.12-150000.3.86.1 * libwireshark15-debuginfo-3.6.12-150000.3.86.1 * libwsutil13-3.6.12-150000.3.86.1 * libwireshark15-3.6.12-150000.3.86.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * libwiretap12-debuginfo-3.6.12-150000.3.86.1 * wireshark-3.6.12-150000.3.86.1 * libwsutil13-debuginfo-3.6.12-150000.3.86.1 * wireshark-debugsource-3.6.12-150000.3.86.1 * libwiretap12-3.6.12-150000.3.86.1 * wireshark-debuginfo-3.6.12-150000.3.86.1 * libwireshark15-debuginfo-3.6.12-150000.3.86.1 * libwsutil13-3.6.12-150000.3.86.1 * libwireshark15-3.6.12-150000.3.86.1 * Desktop Applications Module 15-SP4 (aarch64 ppc64le s390x x86_64) * wireshark-ui-qt-debuginfo-3.6.12-150000.3.86.1 * wireshark-devel-3.6.12-150000.3.86.1 * wireshark-debugsource-3.6.12-150000.3.86.1 * wireshark-ui-qt-3.6.12-150000.3.86.1 * wireshark-debuginfo-3.6.12-150000.3.86.1 * SUSE Linux Enterprise Real Time 15 SP3 (x86_64) * libwiretap12-debuginfo-3.6.12-150000.3.86.1 * wireshark-3.6.12-150000.3.86.1 * libwsutil13-debuginfo-3.6.12-150000.3.86.1 * wireshark-devel-3.6.12-150000.3.86.1 * wireshark-ui-qt-debuginfo-3.6.12-150000.3.86.1 * wireshark-debugsource-3.6.12-150000.3.86.1 * wireshark-ui-qt-3.6.12-150000.3.86.1 * libwiretap12-3.6.12-150000.3.86.1 * wireshark-debuginfo-3.6.12-150000.3.86.1 * libwireshark15-debuginfo-3.6.12-150000.3.86.1 * libwsutil13-3.6.12-150000.3.86.1 * libwireshark15-3.6.12-150000.3.86.1 ## References: * https://www.suse.com/security/cve/CVE-2023-1161.html * https://bugzilla.suse.com/show_bug.cgi?id=1208914 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Apr 4 16:30:09 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 04 Apr 2023 16:30:09 -0000 Subject: SUSE-SU-2023:1761-1: moderate: Security update for aws-efs-utils.11048 Message-ID: <168062580991.24437.5533073552148217745@smelt2.suse.de> # Security update for aws-efs-utils.11048 Announcement ID: SUSE-SU-2023:1761-1 Rating: moderate References: * #1206737 Cross-References: * CVE-2022-46174 CVSS scores: * CVE-2022-46174 ( SUSE ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2022-46174 ( NVD ): 4.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L Affected Products: * Public Cloud Module 12 * SUSE Linux Enterprise High Performance Computing 12 SP2 * SUSE Linux Enterprise High Performance Computing 12 SP3 * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 * SUSE Linux Enterprise Server 12 SP1 * SUSE Linux Enterprise Server 12 SP2 * SUSE Linux Enterprise Server 12 SP3 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 * SUSE Linux Enterprise Server for SAP Applications 12 SP1 * SUSE Linux Enterprise Server for SAP Applications 12 SP2 * SUSE Linux Enterprise Server for SAP Applications 12 SP3 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for aws-efs-utils.11048 fixes the following issues: * CVE-2022-46174: Fixed potential tlsport selection collision by using state file as tlsport lock file (bsc#1206737). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Public Cloud Module 12 zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2023-1761=1 ## Package List: * Public Cloud Module 12 (noarch) * aws-efs-utils-1.7-1.6.1 ## References: * https://www.suse.com/security/cve/CVE-2022-46174.html * https://bugzilla.suse.com/show_bug.cgi?id=1206737 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Apr 5 07:03:03 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 5 Apr 2023 09:03:03 +0200 (CEST) Subject: SUSE-CU-2023:942-1: Security update of suse/sles/15.5/cdi-apiserver Message-ID: <20230405070303.6F77CF36D@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.5/cdi-apiserver ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:942-1 Container Tags : suse/sles/15.5/cdi-apiserver:1.55.0 , suse/sles/15.5/cdi-apiserver:1.55.0-150500.3.16 , suse/sles/15.5/cdi-apiserver:1.55.0.17.187 Container Release : 17.187 Severity : moderate Type : security References : 1203537 1207571 1207957 1207975 1208358 1209209 1209210 1209211 1209212 1209214 1209533 CVE-2022-4899 CVE-2023-0687 CVE-2023-27533 CVE-2023-27534 CVE-2023-27535 CVE-2023-27536 CVE-2023-27538 ----------------------------------------------------------------- The container suse/sles/15.5/cdi-apiserver was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:776-1 Released: Thu Mar 16 17:29:23 2023 Summary: Recommended update for gcc12 Type: recommended Severity: moderate References: This update for gcc12 fixes the following issues: This update ships gcc12 also to the SUSE Linux Enterprise 15 SP1 LTSS and 15 SP2 LTSS products. SUSE Linux Enterprise 15 SP3 and SP4 get only refreshed builds without changes This update ship the GCC 12 compiler suite and its base libraries. The compiler baselibraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 11 ones. The new compilers for C, C++, and Fortran are provided in the SUSE Linux Enterprise Module for Development Tools. To use gcc12 compilers use: - install 'gcc12' or 'gcc12-c++' or one of the other 'gcc12-COMPILER' frontend packages. - override your makefile to use CC=gcc12, CXX=g++12 and similar overrides for the other languages. For a full changelog with all new GCC12 features, check out https://gcc.gnu.org/gcc-12/changes.html ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1582-1 Released: Mon Mar 27 10:31:52 2023 Summary: Security update for curl Type: security Severity: moderate References: 1209209,1209210,1209211,1209212,1209214,CVE-2023-27533,CVE-2023-27534,CVE-2023-27535,CVE-2023-27536,CVE-2023-27538 This update for curl fixes the following issues: - CVE-2023-27533: Fixed TELNET option IAC injection (bsc#1209209). - CVE-2023-27534: Fixed SFTP path ~ resolving discrepancy (bsc#1209210). - CVE-2023-27535: Fixed FTP too eager connection reuse (bsc#1209211). - CVE-2023-27536: Fixed GSS delegation too eager connection reuse (bsc#1209212). - CVE-2023-27538: Fixed SSH connection too eager reuse still (bsc#1209214). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1662-1 Released: Wed Mar 29 10:36:23 2023 Summary: Recommended update for patterns-base Type: recommended Severity: moderate References: 1203537 This update for patterns-base fixes the following issues: - change label of FIPS 140-2 to 140-3 to reflect our current certifications (bsc#1203537) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1688-1 Released: Wed Mar 29 18:19:10 2023 Summary: Security update for zstd Type: security Severity: moderate References: 1209533,CVE-2022-4899 This update for zstd fixes the following issues: - CVE-2022-4899: Fixed buffer overrun in util.c (bsc#1209533). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1718-1 Released: Fri Mar 31 15:47:34 2023 Summary: Security update for glibc Type: security Severity: moderate References: 1207571,1207957,1207975,1208358,CVE-2023-0687 This update for glibc fixes the following issues: Security issue fixed: - CVE-2023-0687: Fix allocated buffer overflow in gmon (bsc#1207975) Other issues fixed: - Fix avx2 strncmp offset compare condition check (bsc#1208358) - elf: Allow dlopen of filter object to work (bsc#1207571) - powerpc: Fix unrecognized instruction errors with recent GCC - x86: Cache computation for AMD architecture (bsc#1207957) The following package changes have been done: - glibc-2.31-150300.46.1 updated - libzstd1-1.5.0-150400.3.3.1 updated - libz1-1.2.13-150500.1.16 updated - libuuid1-2.37.4-150500.7.10 updated - libsmartcols1-2.37.4-150500.7.10 updated - libblkid1-2.37.4-150500.7.10 updated - libgcrypt20-1.9.4-150500.10.14 updated - libgcrypt20-hmac-1.9.4-150500.10.14 updated - libfdisk1-2.37.4-150500.7.10 updated - libgcc_s1-12.2.1+git416-150000.1.7.1 updated - libstdc++6-12.2.1+git416-150000.1.7.1 updated - libopenssl1_1-1.1.1l-150500.13.5 updated - libopenssl1_1-hmac-1.1.1l-150500.13.5 updated - libmount1-2.37.4-150500.7.10 updated - patterns-base-fips-20200124-150400.20.4.1 updated - libcurl4-7.79.1-150400.5.18.1 updated - sles-release-15.5-150500.37.4 updated - util-linux-2.37.4-150500.7.10 updated - containerized-data-importer-api-1.55.0-150500.3.16 updated - container:sles15-image-15.0.0-34.15 updated From sle-updates at lists.suse.com Wed Apr 5 07:03:06 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 5 Apr 2023 09:03:06 +0200 (CEST) Subject: SUSE-CU-2023:943-1: Security update of suse/sles/15.5/cdi-cloner Message-ID: <20230405070306.6B9E8F36D@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.5/cdi-cloner ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:943-1 Container Tags : suse/sles/15.5/cdi-cloner:1.55.0 , suse/sles/15.5/cdi-cloner:1.55.0-150500.3.16 , suse/sles/15.5/cdi-cloner:1.55.0.17.185 Container Release : 17.185 Severity : moderate Type : security References : 1203537 1207571 1207957 1207975 1208358 1209209 1209210 1209211 1209212 1209214 1209533 CVE-2022-4899 CVE-2023-0687 CVE-2023-27533 CVE-2023-27534 CVE-2023-27535 CVE-2023-27536 CVE-2023-27538 ----------------------------------------------------------------- The container suse/sles/15.5/cdi-cloner was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:776-1 Released: Thu Mar 16 17:29:23 2023 Summary: Recommended update for gcc12 Type: recommended Severity: moderate References: This update for gcc12 fixes the following issues: This update ships gcc12 also to the SUSE Linux Enterprise 15 SP1 LTSS and 15 SP2 LTSS products. SUSE Linux Enterprise 15 SP3 and SP4 get only refreshed builds without changes This update ship the GCC 12 compiler suite and its base libraries. The compiler baselibraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 11 ones. The new compilers for C, C++, and Fortran are provided in the SUSE Linux Enterprise Module for Development Tools. To use gcc12 compilers use: - install 'gcc12' or 'gcc12-c++' or one of the other 'gcc12-COMPILER' frontend packages. - override your makefile to use CC=gcc12, CXX=g++12 and similar overrides for the other languages. For a full changelog with all new GCC12 features, check out https://gcc.gnu.org/gcc-12/changes.html ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1582-1 Released: Mon Mar 27 10:31:52 2023 Summary: Security update for curl Type: security Severity: moderate References: 1209209,1209210,1209211,1209212,1209214,CVE-2023-27533,CVE-2023-27534,CVE-2023-27535,CVE-2023-27536,CVE-2023-27538 This update for curl fixes the following issues: - CVE-2023-27533: Fixed TELNET option IAC injection (bsc#1209209). - CVE-2023-27534: Fixed SFTP path ~ resolving discrepancy (bsc#1209210). - CVE-2023-27535: Fixed FTP too eager connection reuse (bsc#1209211). - CVE-2023-27536: Fixed GSS delegation too eager connection reuse (bsc#1209212). - CVE-2023-27538: Fixed SSH connection too eager reuse still (bsc#1209214). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1662-1 Released: Wed Mar 29 10:36:23 2023 Summary: Recommended update for patterns-base Type: recommended Severity: moderate References: 1203537 This update for patterns-base fixes the following issues: - change label of FIPS 140-2 to 140-3 to reflect our current certifications (bsc#1203537) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1688-1 Released: Wed Mar 29 18:19:10 2023 Summary: Security update for zstd Type: security Severity: moderate References: 1209533,CVE-2022-4899 This update for zstd fixes the following issues: - CVE-2022-4899: Fixed buffer overrun in util.c (bsc#1209533). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1718-1 Released: Fri Mar 31 15:47:34 2023 Summary: Security update for glibc Type: security Severity: moderate References: 1207571,1207957,1207975,1208358,CVE-2023-0687 This update for glibc fixes the following issues: Security issue fixed: - CVE-2023-0687: Fix allocated buffer overflow in gmon (bsc#1207975) Other issues fixed: - Fix avx2 strncmp offset compare condition check (bsc#1208358) - elf: Allow dlopen of filter object to work (bsc#1207571) - powerpc: Fix unrecognized instruction errors with recent GCC - x86: Cache computation for AMD architecture (bsc#1207957) The following package changes have been done: - glibc-2.31-150300.46.1 updated - libzstd1-1.5.0-150400.3.3.1 updated - libz1-1.2.13-150500.1.16 updated - libuuid1-2.37.4-150500.7.10 updated - libsmartcols1-2.37.4-150500.7.10 updated - libblkid1-2.37.4-150500.7.10 updated - libgcrypt20-1.9.4-150500.10.14 updated - libgcrypt20-hmac-1.9.4-150500.10.14 updated - libfdisk1-2.37.4-150500.7.10 updated - libgcc_s1-12.2.1+git416-150000.1.7.1 updated - libstdc++6-12.2.1+git416-150000.1.7.1 updated - libopenssl1_1-1.1.1l-150500.13.5 updated - libopenssl1_1-hmac-1.1.1l-150500.13.5 updated - libmount1-2.37.4-150500.7.10 updated - patterns-base-fips-20200124-150400.20.4.1 updated - libcurl4-7.79.1-150400.5.18.1 updated - sles-release-15.5-150500.37.4 updated - util-linux-2.37.4-150500.7.10 updated - curl-7.79.1-150400.5.18.1 updated - containerized-data-importer-cloner-1.55.0-150500.3.16 updated - container:sles15-image-15.0.0-34.15 updated From sle-updates at lists.suse.com Wed Apr 5 07:03:09 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 5 Apr 2023 09:03:09 +0200 (CEST) Subject: SUSE-CU-2023:944-1: Security update of suse/sles/15.5/cdi-controller Message-ID: <20230405070309.7C9DCF36D@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.5/cdi-controller ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:944-1 Container Tags : suse/sles/15.5/cdi-controller:1.55.0 , suse/sles/15.5/cdi-controller:1.55.0-150500.3.16 , suse/sles/15.5/cdi-controller:1.55.0.17.186 Container Release : 17.186 Severity : moderate Type : security References : 1203537 1207571 1207957 1207975 1208358 1209209 1209210 1209211 1209212 1209214 1209533 CVE-2022-4899 CVE-2023-0687 CVE-2023-27533 CVE-2023-27534 CVE-2023-27535 CVE-2023-27536 CVE-2023-27538 ----------------------------------------------------------------- The container suse/sles/15.5/cdi-controller was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:776-1 Released: Thu Mar 16 17:29:23 2023 Summary: Recommended update for gcc12 Type: recommended Severity: moderate References: This update for gcc12 fixes the following issues: This update ships gcc12 also to the SUSE Linux Enterprise 15 SP1 LTSS and 15 SP2 LTSS products. SUSE Linux Enterprise 15 SP3 and SP4 get only refreshed builds without changes This update ship the GCC 12 compiler suite and its base libraries. The compiler baselibraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 11 ones. The new compilers for C, C++, and Fortran are provided in the SUSE Linux Enterprise Module for Development Tools. To use gcc12 compilers use: - install 'gcc12' or 'gcc12-c++' or one of the other 'gcc12-COMPILER' frontend packages. - override your makefile to use CC=gcc12, CXX=g++12 and similar overrides for the other languages. For a full changelog with all new GCC12 features, check out https://gcc.gnu.org/gcc-12/changes.html ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1582-1 Released: Mon Mar 27 10:31:52 2023 Summary: Security update for curl Type: security Severity: moderate References: 1209209,1209210,1209211,1209212,1209214,CVE-2023-27533,CVE-2023-27534,CVE-2023-27535,CVE-2023-27536,CVE-2023-27538 This update for curl fixes the following issues: - CVE-2023-27533: Fixed TELNET option IAC injection (bsc#1209209). - CVE-2023-27534: Fixed SFTP path ~ resolving discrepancy (bsc#1209210). - CVE-2023-27535: Fixed FTP too eager connection reuse (bsc#1209211). - CVE-2023-27536: Fixed GSS delegation too eager connection reuse (bsc#1209212). - CVE-2023-27538: Fixed SSH connection too eager reuse still (bsc#1209214). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1662-1 Released: Wed Mar 29 10:36:23 2023 Summary: Recommended update for patterns-base Type: recommended Severity: moderate References: 1203537 This update for patterns-base fixes the following issues: - change label of FIPS 140-2 to 140-3 to reflect our current certifications (bsc#1203537) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1688-1 Released: Wed Mar 29 18:19:10 2023 Summary: Security update for zstd Type: security Severity: moderate References: 1209533,CVE-2022-4899 This update for zstd fixes the following issues: - CVE-2022-4899: Fixed buffer overrun in util.c (bsc#1209533). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1718-1 Released: Fri Mar 31 15:47:34 2023 Summary: Security update for glibc Type: security Severity: moderate References: 1207571,1207957,1207975,1208358,CVE-2023-0687 This update for glibc fixes the following issues: Security issue fixed: - CVE-2023-0687: Fix allocated buffer overflow in gmon (bsc#1207975) Other issues fixed: - Fix avx2 strncmp offset compare condition check (bsc#1208358) - elf: Allow dlopen of filter object to work (bsc#1207571) - powerpc: Fix unrecognized instruction errors with recent GCC - x86: Cache computation for AMD architecture (bsc#1207957) The following package changes have been done: - glibc-2.31-150300.46.1 updated - libzstd1-1.5.0-150400.3.3.1 updated - libz1-1.2.13-150500.1.16 updated - libuuid1-2.37.4-150500.7.10 updated - libsmartcols1-2.37.4-150500.7.10 updated - libblkid1-2.37.4-150500.7.10 updated - libgcrypt20-1.9.4-150500.10.14 updated - libgcrypt20-hmac-1.9.4-150500.10.14 updated - libfdisk1-2.37.4-150500.7.10 updated - libgcc_s1-12.2.1+git416-150000.1.7.1 updated - libstdc++6-12.2.1+git416-150000.1.7.1 updated - libopenssl1_1-1.1.1l-150500.13.5 updated - libopenssl1_1-hmac-1.1.1l-150500.13.5 updated - libmount1-2.37.4-150500.7.10 updated - patterns-base-fips-20200124-150400.20.4.1 updated - libcurl4-7.79.1-150400.5.18.1 updated - sles-release-15.5-150500.37.4 updated - util-linux-2.37.4-150500.7.10 updated - containerized-data-importer-controller-1.55.0-150500.3.16 updated - container:sles15-image-15.0.0-34.15 updated From sle-updates at lists.suse.com Wed Apr 5 07:03:12 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 5 Apr 2023 09:03:12 +0200 (CEST) Subject: SUSE-CU-2023:945-1: Security update of suse/sles/15.5/cdi-importer Message-ID: <20230405070312.CA854F36D@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.5/cdi-importer ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:945-1 Container Tags : suse/sles/15.5/cdi-importer:1.55.0 , suse/sles/15.5/cdi-importer:1.55.0-150500.3.16 , suse/sles/15.5/cdi-importer:1.55.0.17.247 Container Release : 17.247 Severity : important Type : security References : 1202853 1203355 1203537 1207183 1207571 1207957 1207975 1208237 1208358 1208471 1209001 1209209 1209210 1209211 1209212 1209214 1209533 CVE-2022-4899 CVE-2023-0687 CVE-2023-24329 CVE-2023-27533 CVE-2023-27534 CVE-2023-27535 CVE-2023-27536 CVE-2023-27538 ----------------------------------------------------------------- The container suse/sles/15.5/cdi-importer was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:632-1 Released: Mon Mar 6 20:33:59 2023 Summary: Recommended update for gnutls Type: recommended Severity: moderate References: 1207183,1208237 This update for gnutls fixes the following issues: - FIPS: Fix pct_test() return code in case of error (bsc#1207183) - Increase the limit of TLS PSK usernames from 128 to 65535 characters. [bsc#1208237, jsc#PED-1562] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:709-1 Released: Fri Mar 10 16:04:41 2023 Summary: Recommended update for console-setup Type: recommended Severity: moderate References: 1202853 This update for console-setup and kbd fixes the following issue: - Fix Caps_Lock mapping for us.map and others (bsc#1202853) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:743-1 Released: Wed Mar 15 11:18:23 2023 Summary: Recommended update for gnutls Type: recommended Severity: moderate References: 1209001 This update for gnutls fixes the following issues: FIPS: Establish PBKDF2 additional requirements [bsc#1209001] * Set the minimum output key length to 112 bits (FIPS 140-3 IG D.N) * Set the minimum salt length to 128 bits (SP 800-132 sec. 5.1) * Set the minimum iterations count to 1000 (SP 800-132 sec 5.2) * Set the minimum passlen of 20 characters (SP SP800-132 sec 5) * Add regression tests for the new PBKDF2 requirements. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:776-1 Released: Thu Mar 16 17:29:23 2023 Summary: Recommended update for gcc12 Type: recommended Severity: moderate References: This update for gcc12 fixes the following issues: This update ships gcc12 also to the SUSE Linux Enterprise 15 SP1 LTSS and 15 SP2 LTSS products. SUSE Linux Enterprise 15 SP3 and SP4 get only refreshed builds without changes This update ship the GCC 12 compiler suite and its base libraries. The compiler baselibraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 11 ones. The new compilers for C, C++, and Fortran are provided in the SUSE Linux Enterprise Module for Development Tools. To use gcc12 compilers use: - install 'gcc12' or 'gcc12-c++' or one of the other 'gcc12-COMPILER' frontend packages. - override your makefile to use CC=gcc12, CXX=g++12 and similar overrides for the other languages. For a full changelog with all new GCC12 features, check out https://gcc.gnu.org/gcc-12/changes.html ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:868-1 Released: Wed Mar 22 09:41:01 2023 Summary: Security update for python3 Type: security Severity: important References: 1203355,1208471,CVE-2023-24329 This update for python3 fixes the following issues: - CVE-2023-24329: Fixed a blocklist bypass via the urllib.parse component when supplying a URL that starts with blank characters (bsc#1208471). The following non-security bug was fixed: - Eliminate unnecessary and dangerous calls to PyThread_exit_thread() (bsc#1203355). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1582-1 Released: Mon Mar 27 10:31:52 2023 Summary: Security update for curl Type: security Severity: moderate References: 1209209,1209210,1209211,1209212,1209214,CVE-2023-27533,CVE-2023-27534,CVE-2023-27535,CVE-2023-27536,CVE-2023-27538 This update for curl fixes the following issues: - CVE-2023-27533: Fixed TELNET option IAC injection (bsc#1209209). - CVE-2023-27534: Fixed SFTP path ~ resolving discrepancy (bsc#1209210). - CVE-2023-27535: Fixed FTP too eager connection reuse (bsc#1209211). - CVE-2023-27536: Fixed GSS delegation too eager connection reuse (bsc#1209212). - CVE-2023-27538: Fixed SSH connection too eager reuse still (bsc#1209214). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1662-1 Released: Wed Mar 29 10:36:23 2023 Summary: Recommended update for patterns-base Type: recommended Severity: moderate References: 1203537 This update for patterns-base fixes the following issues: - change label of FIPS 140-2 to 140-3 to reflect our current certifications (bsc#1203537) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1688-1 Released: Wed Mar 29 18:19:10 2023 Summary: Security update for zstd Type: security Severity: moderate References: 1209533,CVE-2022-4899 This update for zstd fixes the following issues: - CVE-2022-4899: Fixed buffer overrun in util.c (bsc#1209533). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1718-1 Released: Fri Mar 31 15:47:34 2023 Summary: Security update for glibc Type: security Severity: moderate References: 1207571,1207957,1207975,1208358,CVE-2023-0687 This update for glibc fixes the following issues: Security issue fixed: - CVE-2023-0687: Fix allocated buffer overflow in gmon (bsc#1207975) Other issues fixed: - Fix avx2 strncmp offset compare condition check (bsc#1208358) - elf: Allow dlopen of filter object to work (bsc#1207571) - powerpc: Fix unrecognized instruction errors with recent GCC - x86: Cache computation for AMD architecture (bsc#1207957) The following package changes have been done: - glibc-2.31-150300.46.1 updated - libzstd1-1.5.0-150400.3.3.1 updated - libz1-1.2.13-150500.1.16 updated - libuuid1-2.37.4-150500.7.10 updated - libsmartcols1-2.37.4-150500.7.10 updated - libblkid1-2.37.4-150500.7.10 updated - libgcrypt20-1.9.4-150500.10.14 updated - libgcrypt20-hmac-1.9.4-150500.10.14 updated - libfdisk1-2.37.4-150500.7.10 updated - libgcc_s1-12.2.1+git416-150000.1.7.1 updated - libstdc++6-12.2.1+git416-150000.1.7.1 updated - libopenssl1_1-1.1.1l-150500.13.5 updated - libopenssl1_1-hmac-1.1.1l-150500.13.5 updated - libmount1-2.37.4-150500.7.10 updated - patterns-base-fips-20200124-150400.20.4.1 updated - libcurl4-7.79.1-150400.5.18.1 updated - sles-release-15.5-150500.37.4 updated - util-linux-2.37.4-150500.7.10 updated - curl-7.79.1-150400.5.18.1 updated - kbd-legacy-2.4.0-150400.5.3.1 updated - libnettle8-3.8.1-150500.2.20 updated - qemu-block-curl-7.1.0-150500.47.6 updated - kbd-2.4.0-150400.5.3.1 updated - libpython3_6m1_0-3.6.15-150300.10.45.1 updated - python3-base-3.6.15-150300.10.45.1 updated - libhogweed6-3.8.1-150500.2.20 updated - libmpath0-0.9.4+71+suse.c648a77-150500.1.1 updated - libgnutls30-3.7.3-150400.4.35.1 updated - libgnutls30-hmac-3.7.3-150400.4.35.1 updated - qemu-tools-7.1.0-150500.47.6 updated - containerized-data-importer-importer-1.55.0-150500.3.16 updated - libcontainers-common-20230214-150500.2.1 updated - container:sles15-image-15.0.0-34.15 updated From sle-updates at lists.suse.com Wed Apr 5 07:03:15 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 5 Apr 2023 09:03:15 +0200 (CEST) Subject: SUSE-CU-2023:946-1: Security update of suse/sles/15.5/cdi-operator Message-ID: <20230405070315.B3790F36D@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.5/cdi-operator ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:946-1 Container Tags : suse/sles/15.5/cdi-operator:1.55.0 , suse/sles/15.5/cdi-operator:1.55.0-150500.3.16 , suse/sles/15.5/cdi-operator:1.55.0.17.186 Container Release : 17.186 Severity : moderate Type : security References : 1203537 1207571 1207957 1207975 1208358 1209209 1209210 1209211 1209212 1209214 1209533 CVE-2022-4899 CVE-2023-0687 CVE-2023-27533 CVE-2023-27534 CVE-2023-27535 CVE-2023-27536 CVE-2023-27538 ----------------------------------------------------------------- The container suse/sles/15.5/cdi-operator was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:776-1 Released: Thu Mar 16 17:29:23 2023 Summary: Recommended update for gcc12 Type: recommended Severity: moderate References: This update for gcc12 fixes the following issues: This update ships gcc12 also to the SUSE Linux Enterprise 15 SP1 LTSS and 15 SP2 LTSS products. SUSE Linux Enterprise 15 SP3 and SP4 get only refreshed builds without changes This update ship the GCC 12 compiler suite and its base libraries. The compiler baselibraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 11 ones. The new compilers for C, C++, and Fortran are provided in the SUSE Linux Enterprise Module for Development Tools. To use gcc12 compilers use: - install 'gcc12' or 'gcc12-c++' or one of the other 'gcc12-COMPILER' frontend packages. - override your makefile to use CC=gcc12, CXX=g++12 and similar overrides for the other languages. For a full changelog with all new GCC12 features, check out https://gcc.gnu.org/gcc-12/changes.html ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1582-1 Released: Mon Mar 27 10:31:52 2023 Summary: Security update for curl Type: security Severity: moderate References: 1209209,1209210,1209211,1209212,1209214,CVE-2023-27533,CVE-2023-27534,CVE-2023-27535,CVE-2023-27536,CVE-2023-27538 This update for curl fixes the following issues: - CVE-2023-27533: Fixed TELNET option IAC injection (bsc#1209209). - CVE-2023-27534: Fixed SFTP path ~ resolving discrepancy (bsc#1209210). - CVE-2023-27535: Fixed FTP too eager connection reuse (bsc#1209211). - CVE-2023-27536: Fixed GSS delegation too eager connection reuse (bsc#1209212). - CVE-2023-27538: Fixed SSH connection too eager reuse still (bsc#1209214). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1662-1 Released: Wed Mar 29 10:36:23 2023 Summary: Recommended update for patterns-base Type: recommended Severity: moderate References: 1203537 This update for patterns-base fixes the following issues: - change label of FIPS 140-2 to 140-3 to reflect our current certifications (bsc#1203537) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1688-1 Released: Wed Mar 29 18:19:10 2023 Summary: Security update for zstd Type: security Severity: moderate References: 1209533,CVE-2022-4899 This update for zstd fixes the following issues: - CVE-2022-4899: Fixed buffer overrun in util.c (bsc#1209533). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1718-1 Released: Fri Mar 31 15:47:34 2023 Summary: Security update for glibc Type: security Severity: moderate References: 1207571,1207957,1207975,1208358,CVE-2023-0687 This update for glibc fixes the following issues: Security issue fixed: - CVE-2023-0687: Fix allocated buffer overflow in gmon (bsc#1207975) Other issues fixed: - Fix avx2 strncmp offset compare condition check (bsc#1208358) - elf: Allow dlopen of filter object to work (bsc#1207571) - powerpc: Fix unrecognized instruction errors with recent GCC - x86: Cache computation for AMD architecture (bsc#1207957) The following package changes have been done: - glibc-2.31-150300.46.1 updated - libzstd1-1.5.0-150400.3.3.1 updated - libz1-1.2.13-150500.1.16 updated - libuuid1-2.37.4-150500.7.10 updated - libsmartcols1-2.37.4-150500.7.10 updated - libblkid1-2.37.4-150500.7.10 updated - libgcrypt20-1.9.4-150500.10.14 updated - libgcrypt20-hmac-1.9.4-150500.10.14 updated - libfdisk1-2.37.4-150500.7.10 updated - libgcc_s1-12.2.1+git416-150000.1.7.1 updated - libstdc++6-12.2.1+git416-150000.1.7.1 updated - libopenssl1_1-1.1.1l-150500.13.5 updated - libopenssl1_1-hmac-1.1.1l-150500.13.5 updated - libmount1-2.37.4-150500.7.10 updated - patterns-base-fips-20200124-150400.20.4.1 updated - libcurl4-7.79.1-150400.5.18.1 updated - sles-release-15.5-150500.37.4 updated - util-linux-2.37.4-150500.7.10 updated - containerized-data-importer-operator-1.55.0-150500.3.16 updated - container:sles15-image-15.0.0-34.15 updated From sle-updates at lists.suse.com Wed Apr 5 07:03:21 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 5 Apr 2023 09:03:21 +0200 (CEST) Subject: SUSE-CU-2023:948-1: Security update of suse/sles/15.5/cdi-uploadserver Message-ID: <20230405070321.36D22F36D@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.5/cdi-uploadserver ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:948-1 Container Tags : suse/sles/15.5/cdi-uploadserver:1.55.0 , suse/sles/15.5/cdi-uploadserver:1.55.0-150500.3.16 , suse/sles/15.5/cdi-uploadserver:1.55.0.17.244 Container Release : 17.244 Severity : important Type : security References : 1203355 1203537 1207183 1207571 1207957 1207975 1208237 1208358 1208471 1209001 1209209 1209210 1209211 1209212 1209214 1209533 CVE-2022-4899 CVE-2023-0687 CVE-2023-24329 CVE-2023-27533 CVE-2023-27534 CVE-2023-27535 CVE-2023-27536 CVE-2023-27538 ----------------------------------------------------------------- The container suse/sles/15.5/cdi-uploadserver was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:632-1 Released: Mon Mar 6 20:33:59 2023 Summary: Recommended update for gnutls Type: recommended Severity: moderate References: 1207183,1208237 This update for gnutls fixes the following issues: - FIPS: Fix pct_test() return code in case of error (bsc#1207183) - Increase the limit of TLS PSK usernames from 128 to 65535 characters. [bsc#1208237, jsc#PED-1562] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:743-1 Released: Wed Mar 15 11:18:23 2023 Summary: Recommended update for gnutls Type: recommended Severity: moderate References: 1209001 This update for gnutls fixes the following issues: FIPS: Establish PBKDF2 additional requirements [bsc#1209001] * Set the minimum output key length to 112 bits (FIPS 140-3 IG D.N) * Set the minimum salt length to 128 bits (SP 800-132 sec. 5.1) * Set the minimum iterations count to 1000 (SP 800-132 sec 5.2) * Set the minimum passlen of 20 characters (SP SP800-132 sec 5) * Add regression tests for the new PBKDF2 requirements. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:776-1 Released: Thu Mar 16 17:29:23 2023 Summary: Recommended update for gcc12 Type: recommended Severity: moderate References: This update for gcc12 fixes the following issues: This update ships gcc12 also to the SUSE Linux Enterprise 15 SP1 LTSS and 15 SP2 LTSS products. SUSE Linux Enterprise 15 SP3 and SP4 get only refreshed builds without changes This update ship the GCC 12 compiler suite and its base libraries. The compiler baselibraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 11 ones. The new compilers for C, C++, and Fortran are provided in the SUSE Linux Enterprise Module for Development Tools. To use gcc12 compilers use: - install 'gcc12' or 'gcc12-c++' or one of the other 'gcc12-COMPILER' frontend packages. - override your makefile to use CC=gcc12, CXX=g++12 and similar overrides for the other languages. For a full changelog with all new GCC12 features, check out https://gcc.gnu.org/gcc-12/changes.html ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:868-1 Released: Wed Mar 22 09:41:01 2023 Summary: Security update for python3 Type: security Severity: important References: 1203355,1208471,CVE-2023-24329 This update for python3 fixes the following issues: - CVE-2023-24329: Fixed a blocklist bypass via the urllib.parse component when supplying a URL that starts with blank characters (bsc#1208471). The following non-security bug was fixed: - Eliminate unnecessary and dangerous calls to PyThread_exit_thread() (bsc#1203355). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1582-1 Released: Mon Mar 27 10:31:52 2023 Summary: Security update for curl Type: security Severity: moderate References: 1209209,1209210,1209211,1209212,1209214,CVE-2023-27533,CVE-2023-27534,CVE-2023-27535,CVE-2023-27536,CVE-2023-27538 This update for curl fixes the following issues: - CVE-2023-27533: Fixed TELNET option IAC injection (bsc#1209209). - CVE-2023-27534: Fixed SFTP path ~ resolving discrepancy (bsc#1209210). - CVE-2023-27535: Fixed FTP too eager connection reuse (bsc#1209211). - CVE-2023-27536: Fixed GSS delegation too eager connection reuse (bsc#1209212). - CVE-2023-27538: Fixed SSH connection too eager reuse still (bsc#1209214). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1662-1 Released: Wed Mar 29 10:36:23 2023 Summary: Recommended update for patterns-base Type: recommended Severity: moderate References: 1203537 This update for patterns-base fixes the following issues: - change label of FIPS 140-2 to 140-3 to reflect our current certifications (bsc#1203537) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1688-1 Released: Wed Mar 29 18:19:10 2023 Summary: Security update for zstd Type: security Severity: moderate References: 1209533,CVE-2022-4899 This update for zstd fixes the following issues: - CVE-2022-4899: Fixed buffer overrun in util.c (bsc#1209533). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1718-1 Released: Fri Mar 31 15:47:34 2023 Summary: Security update for glibc Type: security Severity: moderate References: 1207571,1207957,1207975,1208358,CVE-2023-0687 This update for glibc fixes the following issues: Security issue fixed: - CVE-2023-0687: Fix allocated buffer overflow in gmon (bsc#1207975) Other issues fixed: - Fix avx2 strncmp offset compare condition check (bsc#1208358) - elf: Allow dlopen of filter object to work (bsc#1207571) - powerpc: Fix unrecognized instruction errors with recent GCC - x86: Cache computation for AMD architecture (bsc#1207957) The following package changes have been done: - glibc-2.31-150300.46.1 updated - libzstd1-1.5.0-150400.3.3.1 updated - libz1-1.2.13-150500.1.16 updated - libuuid1-2.37.4-150500.7.10 updated - libsmartcols1-2.37.4-150500.7.10 updated - libblkid1-2.37.4-150500.7.10 updated - libgcrypt20-1.9.4-150500.10.14 updated - libgcrypt20-hmac-1.9.4-150500.10.14 updated - libfdisk1-2.37.4-150500.7.10 updated - libgcc_s1-12.2.1+git416-150000.1.7.1 updated - libstdc++6-12.2.1+git416-150000.1.7.1 updated - libopenssl1_1-1.1.1l-150500.13.5 updated - libopenssl1_1-hmac-1.1.1l-150500.13.5 updated - libmount1-2.37.4-150500.7.10 updated - patterns-base-fips-20200124-150400.20.4.1 updated - libcurl4-7.79.1-150400.5.18.1 updated - sles-release-15.5-150500.37.4 updated - util-linux-2.37.4-150500.7.10 updated - curl-7.79.1-150400.5.18.1 updated - libnettle8-3.8.1-150500.2.20 updated - libpython3_6m1_0-3.6.15-150300.10.45.1 updated - python3-base-3.6.15-150300.10.45.1 updated - libhogweed6-3.8.1-150500.2.20 updated - libmpath0-0.9.4+71+suse.c648a77-150500.1.1 updated - libgnutls30-3.7.3-150400.4.35.1 updated - libgnutls30-hmac-3.7.3-150400.4.35.1 updated - qemu-tools-7.1.0-150500.47.6 updated - containerized-data-importer-uploadserver-1.55.0-150500.3.16 updated - container:sles15-image-15.0.0-34.15 updated From sle-updates at lists.suse.com Wed Apr 5 07:03:18 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 5 Apr 2023 09:03:18 +0200 (CEST) Subject: SUSE-CU-2023:947-1: Security update of suse/sles/15.5/cdi-uploadproxy Message-ID: <20230405070318.6B464F36D@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.5/cdi-uploadproxy ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:947-1 Container Tags : suse/sles/15.5/cdi-uploadproxy:1.55.0 , suse/sles/15.5/cdi-uploadproxy:1.55.0-150500.3.16 , suse/sles/15.5/cdi-uploadproxy:1.55.0.17.186 Container Release : 17.186 Severity : moderate Type : security References : 1203537 1207571 1207957 1207975 1208358 1209209 1209210 1209211 1209212 1209214 1209533 CVE-2022-4899 CVE-2023-0687 CVE-2023-27533 CVE-2023-27534 CVE-2023-27535 CVE-2023-27536 CVE-2023-27538 ----------------------------------------------------------------- The container suse/sles/15.5/cdi-uploadproxy was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:776-1 Released: Thu Mar 16 17:29:23 2023 Summary: Recommended update for gcc12 Type: recommended Severity: moderate References: This update for gcc12 fixes the following issues: This update ships gcc12 also to the SUSE Linux Enterprise 15 SP1 LTSS and 15 SP2 LTSS products. SUSE Linux Enterprise 15 SP3 and SP4 get only refreshed builds without changes This update ship the GCC 12 compiler suite and its base libraries. The compiler baselibraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 11 ones. The new compilers for C, C++, and Fortran are provided in the SUSE Linux Enterprise Module for Development Tools. To use gcc12 compilers use: - install 'gcc12' or 'gcc12-c++' or one of the other 'gcc12-COMPILER' frontend packages. - override your makefile to use CC=gcc12, CXX=g++12 and similar overrides for the other languages. For a full changelog with all new GCC12 features, check out https://gcc.gnu.org/gcc-12/changes.html ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1582-1 Released: Mon Mar 27 10:31:52 2023 Summary: Security update for curl Type: security Severity: moderate References: 1209209,1209210,1209211,1209212,1209214,CVE-2023-27533,CVE-2023-27534,CVE-2023-27535,CVE-2023-27536,CVE-2023-27538 This update for curl fixes the following issues: - CVE-2023-27533: Fixed TELNET option IAC injection (bsc#1209209). - CVE-2023-27534: Fixed SFTP path ~ resolving discrepancy (bsc#1209210). - CVE-2023-27535: Fixed FTP too eager connection reuse (bsc#1209211). - CVE-2023-27536: Fixed GSS delegation too eager connection reuse (bsc#1209212). - CVE-2023-27538: Fixed SSH connection too eager reuse still (bsc#1209214). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1662-1 Released: Wed Mar 29 10:36:23 2023 Summary: Recommended update for patterns-base Type: recommended Severity: moderate References: 1203537 This update for patterns-base fixes the following issues: - change label of FIPS 140-2 to 140-3 to reflect our current certifications (bsc#1203537) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1688-1 Released: Wed Mar 29 18:19:10 2023 Summary: Security update for zstd Type: security Severity: moderate References: 1209533,CVE-2022-4899 This update for zstd fixes the following issues: - CVE-2022-4899: Fixed buffer overrun in util.c (bsc#1209533). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1718-1 Released: Fri Mar 31 15:47:34 2023 Summary: Security update for glibc Type: security Severity: moderate References: 1207571,1207957,1207975,1208358,CVE-2023-0687 This update for glibc fixes the following issues: Security issue fixed: - CVE-2023-0687: Fix allocated buffer overflow in gmon (bsc#1207975) Other issues fixed: - Fix avx2 strncmp offset compare condition check (bsc#1208358) - elf: Allow dlopen of filter object to work (bsc#1207571) - powerpc: Fix unrecognized instruction errors with recent GCC - x86: Cache computation for AMD architecture (bsc#1207957) The following package changes have been done: - glibc-2.31-150300.46.1 updated - libzstd1-1.5.0-150400.3.3.1 updated - libz1-1.2.13-150500.1.16 updated - libuuid1-2.37.4-150500.7.10 updated - libsmartcols1-2.37.4-150500.7.10 updated - libblkid1-2.37.4-150500.7.10 updated - libgcrypt20-1.9.4-150500.10.14 updated - libgcrypt20-hmac-1.9.4-150500.10.14 updated - libfdisk1-2.37.4-150500.7.10 updated - libgcc_s1-12.2.1+git416-150000.1.7.1 updated - libstdc++6-12.2.1+git416-150000.1.7.1 updated - libopenssl1_1-1.1.1l-150500.13.5 updated - libopenssl1_1-hmac-1.1.1l-150500.13.5 updated - libmount1-2.37.4-150500.7.10 updated - patterns-base-fips-20200124-150400.20.4.1 updated - libcurl4-7.79.1-150400.5.18.1 updated - sles-release-15.5-150500.37.4 updated - util-linux-2.37.4-150500.7.10 updated - containerized-data-importer-uploadproxy-1.55.0-150500.3.16 updated - container:sles15-image-15.0.0-34.15 updated From sle-updates at lists.suse.com Wed Apr 5 07:03:25 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 5 Apr 2023 09:03:25 +0200 (CEST) Subject: SUSE-CU-2023:949-1: Security update of suse/sles/15.5/virt-api Message-ID: <20230405070325.DAA7CF36D@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.5/virt-api ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:949-1 Container Tags : suse/sles/15.5/virt-api:0.58.0 , suse/sles/15.5/virt-api:0.58.0-150500.4.19 , suse/sles/15.5/virt-api:0.58.0.17.219 Container Release : 17.219 Severity : moderate Type : security References : 1203537 1207571 1207957 1207975 1208358 1209209 1209210 1209211 1209212 1209214 1209533 CVE-2022-4899 CVE-2023-0687 CVE-2023-27533 CVE-2023-27534 CVE-2023-27535 CVE-2023-27536 CVE-2023-27538 ----------------------------------------------------------------- The container suse/sles/15.5/virt-api was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:776-1 Released: Thu Mar 16 17:29:23 2023 Summary: Recommended update for gcc12 Type: recommended Severity: moderate References: This update for gcc12 fixes the following issues: This update ships gcc12 also to the SUSE Linux Enterprise 15 SP1 LTSS and 15 SP2 LTSS products. SUSE Linux Enterprise 15 SP3 and SP4 get only refreshed builds without changes This update ship the GCC 12 compiler suite and its base libraries. The compiler baselibraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 11 ones. The new compilers for C, C++, and Fortran are provided in the SUSE Linux Enterprise Module for Development Tools. To use gcc12 compilers use: - install 'gcc12' or 'gcc12-c++' or one of the other 'gcc12-COMPILER' frontend packages. - override your makefile to use CC=gcc12, CXX=g++12 and similar overrides for the other languages. For a full changelog with all new GCC12 features, check out https://gcc.gnu.org/gcc-12/changes.html ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1582-1 Released: Mon Mar 27 10:31:52 2023 Summary: Security update for curl Type: security Severity: moderate References: 1209209,1209210,1209211,1209212,1209214,CVE-2023-27533,CVE-2023-27534,CVE-2023-27535,CVE-2023-27536,CVE-2023-27538 This update for curl fixes the following issues: - CVE-2023-27533: Fixed TELNET option IAC injection (bsc#1209209). - CVE-2023-27534: Fixed SFTP path ~ resolving discrepancy (bsc#1209210). - CVE-2023-27535: Fixed FTP too eager connection reuse (bsc#1209211). - CVE-2023-27536: Fixed GSS delegation too eager connection reuse (bsc#1209212). - CVE-2023-27538: Fixed SSH connection too eager reuse still (bsc#1209214). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1662-1 Released: Wed Mar 29 10:36:23 2023 Summary: Recommended update for patterns-base Type: recommended Severity: moderate References: 1203537 This update for patterns-base fixes the following issues: - change label of FIPS 140-2 to 140-3 to reflect our current certifications (bsc#1203537) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1688-1 Released: Wed Mar 29 18:19:10 2023 Summary: Security update for zstd Type: security Severity: moderate References: 1209533,CVE-2022-4899 This update for zstd fixes the following issues: - CVE-2022-4899: Fixed buffer overrun in util.c (bsc#1209533). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1718-1 Released: Fri Mar 31 15:47:34 2023 Summary: Security update for glibc Type: security Severity: moderate References: 1207571,1207957,1207975,1208358,CVE-2023-0687 This update for glibc fixes the following issues: Security issue fixed: - CVE-2023-0687: Fix allocated buffer overflow in gmon (bsc#1207975) Other issues fixed: - Fix avx2 strncmp offset compare condition check (bsc#1208358) - elf: Allow dlopen of filter object to work (bsc#1207571) - powerpc: Fix unrecognized instruction errors with recent GCC - x86: Cache computation for AMD architecture (bsc#1207957) The following package changes have been done: - glibc-2.31-150300.46.1 updated - libzstd1-1.5.0-150400.3.3.1 updated - libz1-1.2.13-150500.1.16 updated - libuuid1-2.37.4-150500.7.10 updated - libsmartcols1-2.37.4-150500.7.10 updated - libblkid1-2.37.4-150500.7.10 updated - libgcrypt20-1.9.4-150500.10.14 updated - libgcrypt20-hmac-1.9.4-150500.10.14 updated - libfdisk1-2.37.4-150500.7.10 updated - libgcc_s1-12.2.1+git416-150000.1.7.1 updated - libstdc++6-12.2.1+git416-150000.1.7.1 updated - libopenssl1_1-1.1.1l-150500.13.5 updated - libopenssl1_1-hmac-1.1.1l-150500.13.5 updated - libmount1-2.37.4-150500.7.10 updated - patterns-base-fips-20200124-150400.20.4.1 updated - libcurl4-7.79.1-150400.5.18.1 updated - sles-release-15.5-150500.37.4 updated - util-linux-2.37.4-150500.7.10 updated - kubevirt-virt-api-0.58.0-150500.4.19 updated - container:sles15-image-15.0.0-34.15 updated From sle-updates at lists.suse.com Wed Apr 5 07:03:28 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 5 Apr 2023 09:03:28 +0200 (CEST) Subject: SUSE-CU-2023:950-1: Security update of suse/sles/15.5/virt-controller Message-ID: <20230405070328.DF403F36D@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.5/virt-controller ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:950-1 Container Tags : suse/sles/15.5/virt-controller:0.58.0 , suse/sles/15.5/virt-controller:0.58.0-150500.4.19 , suse/sles/15.5/virt-controller:0.58.0.17.219 Container Release : 17.219 Severity : moderate Type : security References : 1203537 1207571 1207957 1207975 1208358 1209209 1209210 1209211 1209212 1209214 1209533 CVE-2022-4899 CVE-2023-0687 CVE-2023-27533 CVE-2023-27534 CVE-2023-27535 CVE-2023-27536 CVE-2023-27538 ----------------------------------------------------------------- The container suse/sles/15.5/virt-controller was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:776-1 Released: Thu Mar 16 17:29:23 2023 Summary: Recommended update for gcc12 Type: recommended Severity: moderate References: This update for gcc12 fixes the following issues: This update ships gcc12 also to the SUSE Linux Enterprise 15 SP1 LTSS and 15 SP2 LTSS products. SUSE Linux Enterprise 15 SP3 and SP4 get only refreshed builds without changes This update ship the GCC 12 compiler suite and its base libraries. The compiler baselibraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 11 ones. The new compilers for C, C++, and Fortran are provided in the SUSE Linux Enterprise Module for Development Tools. To use gcc12 compilers use: - install 'gcc12' or 'gcc12-c++' or one of the other 'gcc12-COMPILER' frontend packages. - override your makefile to use CC=gcc12, CXX=g++12 and similar overrides for the other languages. For a full changelog with all new GCC12 features, check out https://gcc.gnu.org/gcc-12/changes.html ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1582-1 Released: Mon Mar 27 10:31:52 2023 Summary: Security update for curl Type: security Severity: moderate References: 1209209,1209210,1209211,1209212,1209214,CVE-2023-27533,CVE-2023-27534,CVE-2023-27535,CVE-2023-27536,CVE-2023-27538 This update for curl fixes the following issues: - CVE-2023-27533: Fixed TELNET option IAC injection (bsc#1209209). - CVE-2023-27534: Fixed SFTP path ~ resolving discrepancy (bsc#1209210). - CVE-2023-27535: Fixed FTP too eager connection reuse (bsc#1209211). - CVE-2023-27536: Fixed GSS delegation too eager connection reuse (bsc#1209212). - CVE-2023-27538: Fixed SSH connection too eager reuse still (bsc#1209214). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1662-1 Released: Wed Mar 29 10:36:23 2023 Summary: Recommended update for patterns-base Type: recommended Severity: moderate References: 1203537 This update for patterns-base fixes the following issues: - change label of FIPS 140-2 to 140-3 to reflect our current certifications (bsc#1203537) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1688-1 Released: Wed Mar 29 18:19:10 2023 Summary: Security update for zstd Type: security Severity: moderate References: 1209533,CVE-2022-4899 This update for zstd fixes the following issues: - CVE-2022-4899: Fixed buffer overrun in util.c (bsc#1209533). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1718-1 Released: Fri Mar 31 15:47:34 2023 Summary: Security update for glibc Type: security Severity: moderate References: 1207571,1207957,1207975,1208358,CVE-2023-0687 This update for glibc fixes the following issues: Security issue fixed: - CVE-2023-0687: Fix allocated buffer overflow in gmon (bsc#1207975) Other issues fixed: - Fix avx2 strncmp offset compare condition check (bsc#1208358) - elf: Allow dlopen of filter object to work (bsc#1207571) - powerpc: Fix unrecognized instruction errors with recent GCC - x86: Cache computation for AMD architecture (bsc#1207957) The following package changes have been done: - glibc-2.31-150300.46.1 updated - libzstd1-1.5.0-150400.3.3.1 updated - libz1-1.2.13-150500.1.16 updated - libuuid1-2.37.4-150500.7.10 updated - libsmartcols1-2.37.4-150500.7.10 updated - libblkid1-2.37.4-150500.7.10 updated - libgcrypt20-1.9.4-150500.10.14 updated - libgcrypt20-hmac-1.9.4-150500.10.14 updated - libfdisk1-2.37.4-150500.7.10 updated - libgcc_s1-12.2.1+git416-150000.1.7.1 updated - libstdc++6-12.2.1+git416-150000.1.7.1 updated - libopenssl1_1-1.1.1l-150500.13.5 updated - libopenssl1_1-hmac-1.1.1l-150500.13.5 updated - libmount1-2.37.4-150500.7.10 updated - patterns-base-fips-20200124-150400.20.4.1 updated - libcurl4-7.79.1-150400.5.18.1 updated - sles-release-15.5-150500.37.4 updated - util-linux-2.37.4-150500.7.10 updated - kubevirt-virt-controller-0.58.0-150500.4.19 updated - container:sles15-image-15.0.0-34.15 updated From sle-updates at lists.suse.com Wed Apr 5 07:03:31 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 5 Apr 2023 09:03:31 +0200 (CEST) Subject: SUSE-CU-2023:951-1: Security update of suse/sles/15.5/virt-exportproxy Message-ID: <20230405070331.C96D6F36D@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.5/virt-exportproxy ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:951-1 Container Tags : suse/sles/15.5/virt-exportproxy:0.58.0 , suse/sles/15.5/virt-exportproxy:0.58.0-150500.4.19 , suse/sles/15.5/virt-exportproxy:0.58.0.1.217 Container Release : 1.217 Severity : moderate Type : security References : 1203537 1207571 1207957 1207975 1208358 1209209 1209210 1209211 1209212 1209214 1209533 CVE-2022-4899 CVE-2023-0687 CVE-2023-27533 CVE-2023-27534 CVE-2023-27535 CVE-2023-27536 CVE-2023-27538 ----------------------------------------------------------------- The container suse/sles/15.5/virt-exportproxy was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:776-1 Released: Thu Mar 16 17:29:23 2023 Summary: Recommended update for gcc12 Type: recommended Severity: moderate References: This update for gcc12 fixes the following issues: This update ships gcc12 also to the SUSE Linux Enterprise 15 SP1 LTSS and 15 SP2 LTSS products. SUSE Linux Enterprise 15 SP3 and SP4 get only refreshed builds without changes This update ship the GCC 12 compiler suite and its base libraries. The compiler baselibraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 11 ones. The new compilers for C, C++, and Fortran are provided in the SUSE Linux Enterprise Module for Development Tools. To use gcc12 compilers use: - install 'gcc12' or 'gcc12-c++' or one of the other 'gcc12-COMPILER' frontend packages. - override your makefile to use CC=gcc12, CXX=g++12 and similar overrides for the other languages. For a full changelog with all new GCC12 features, check out https://gcc.gnu.org/gcc-12/changes.html ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1582-1 Released: Mon Mar 27 10:31:52 2023 Summary: Security update for curl Type: security Severity: moderate References: 1209209,1209210,1209211,1209212,1209214,CVE-2023-27533,CVE-2023-27534,CVE-2023-27535,CVE-2023-27536,CVE-2023-27538 This update for curl fixes the following issues: - CVE-2023-27533: Fixed TELNET option IAC injection (bsc#1209209). - CVE-2023-27534: Fixed SFTP path ~ resolving discrepancy (bsc#1209210). - CVE-2023-27535: Fixed FTP too eager connection reuse (bsc#1209211). - CVE-2023-27536: Fixed GSS delegation too eager connection reuse (bsc#1209212). - CVE-2023-27538: Fixed SSH connection too eager reuse still (bsc#1209214). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1662-1 Released: Wed Mar 29 10:36:23 2023 Summary: Recommended update for patterns-base Type: recommended Severity: moderate References: 1203537 This update for patterns-base fixes the following issues: - change label of FIPS 140-2 to 140-3 to reflect our current certifications (bsc#1203537) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1688-1 Released: Wed Mar 29 18:19:10 2023 Summary: Security update for zstd Type: security Severity: moderate References: 1209533,CVE-2022-4899 This update for zstd fixes the following issues: - CVE-2022-4899: Fixed buffer overrun in util.c (bsc#1209533). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1718-1 Released: Fri Mar 31 15:47:34 2023 Summary: Security update for glibc Type: security Severity: moderate References: 1207571,1207957,1207975,1208358,CVE-2023-0687 This update for glibc fixes the following issues: Security issue fixed: - CVE-2023-0687: Fix allocated buffer overflow in gmon (bsc#1207975) Other issues fixed: - Fix avx2 strncmp offset compare condition check (bsc#1208358) - elf: Allow dlopen of filter object to work (bsc#1207571) - powerpc: Fix unrecognized instruction errors with recent GCC - x86: Cache computation for AMD architecture (bsc#1207957) The following package changes have been done: - glibc-2.31-150300.46.1 updated - libzstd1-1.5.0-150400.3.3.1 updated - libz1-1.2.13-150500.1.16 updated - libuuid1-2.37.4-150500.7.10 updated - libsmartcols1-2.37.4-150500.7.10 updated - libblkid1-2.37.4-150500.7.10 updated - libgcrypt20-1.9.4-150500.10.14 updated - libgcrypt20-hmac-1.9.4-150500.10.14 updated - libfdisk1-2.37.4-150500.7.10 updated - libgcc_s1-12.2.1+git416-150000.1.7.1 updated - libstdc++6-12.2.1+git416-150000.1.7.1 updated - libopenssl1_1-1.1.1l-150500.13.5 updated - libopenssl1_1-hmac-1.1.1l-150500.13.5 updated - libmount1-2.37.4-150500.7.10 updated - patterns-base-fips-20200124-150400.20.4.1 updated - libcurl4-7.79.1-150400.5.18.1 updated - sles-release-15.5-150500.37.4 updated - util-linux-2.37.4-150500.7.10 updated - kubevirt-virt-exportproxy-0.58.0-150500.4.19 updated - container:sles15-image-15.0.0-34.15 updated From sle-updates at lists.suse.com Wed Apr 5 07:03:34 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 5 Apr 2023 09:03:34 +0200 (CEST) Subject: SUSE-CU-2023:952-1: Security update of suse/sles/15.5/virt-exportserver Message-ID: <20230405070334.8F011F36D@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.5/virt-exportserver ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:952-1 Container Tags : suse/sles/15.5/virt-exportserver:0.58.0 , suse/sles/15.5/virt-exportserver:0.58.0-150500.4.19 , suse/sles/15.5/virt-exportserver:0.58.0.1.217 Container Release : 1.217 Severity : moderate Type : security References : 1203537 1207571 1207957 1207975 1208358 1209209 1209210 1209211 1209212 1209214 1209533 CVE-2022-4899 CVE-2023-0687 CVE-2023-27533 CVE-2023-27534 CVE-2023-27535 CVE-2023-27536 CVE-2023-27538 ----------------------------------------------------------------- The container suse/sles/15.5/virt-exportserver was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:776-1 Released: Thu Mar 16 17:29:23 2023 Summary: Recommended update for gcc12 Type: recommended Severity: moderate References: This update for gcc12 fixes the following issues: This update ships gcc12 also to the SUSE Linux Enterprise 15 SP1 LTSS and 15 SP2 LTSS products. SUSE Linux Enterprise 15 SP3 and SP4 get only refreshed builds without changes This update ship the GCC 12 compiler suite and its base libraries. The compiler baselibraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 11 ones. The new compilers for C, C++, and Fortran are provided in the SUSE Linux Enterprise Module for Development Tools. To use gcc12 compilers use: - install 'gcc12' or 'gcc12-c++' or one of the other 'gcc12-COMPILER' frontend packages. - override your makefile to use CC=gcc12, CXX=g++12 and similar overrides for the other languages. For a full changelog with all new GCC12 features, check out https://gcc.gnu.org/gcc-12/changes.html ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1582-1 Released: Mon Mar 27 10:31:52 2023 Summary: Security update for curl Type: security Severity: moderate References: 1209209,1209210,1209211,1209212,1209214,CVE-2023-27533,CVE-2023-27534,CVE-2023-27535,CVE-2023-27536,CVE-2023-27538 This update for curl fixes the following issues: - CVE-2023-27533: Fixed TELNET option IAC injection (bsc#1209209). - CVE-2023-27534: Fixed SFTP path ~ resolving discrepancy (bsc#1209210). - CVE-2023-27535: Fixed FTP too eager connection reuse (bsc#1209211). - CVE-2023-27536: Fixed GSS delegation too eager connection reuse (bsc#1209212). - CVE-2023-27538: Fixed SSH connection too eager reuse still (bsc#1209214). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1662-1 Released: Wed Mar 29 10:36:23 2023 Summary: Recommended update for patterns-base Type: recommended Severity: moderate References: 1203537 This update for patterns-base fixes the following issues: - change label of FIPS 140-2 to 140-3 to reflect our current certifications (bsc#1203537) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1688-1 Released: Wed Mar 29 18:19:10 2023 Summary: Security update for zstd Type: security Severity: moderate References: 1209533,CVE-2022-4899 This update for zstd fixes the following issues: - CVE-2022-4899: Fixed buffer overrun in util.c (bsc#1209533). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1718-1 Released: Fri Mar 31 15:47:34 2023 Summary: Security update for glibc Type: security Severity: moderate References: 1207571,1207957,1207975,1208358,CVE-2023-0687 This update for glibc fixes the following issues: Security issue fixed: - CVE-2023-0687: Fix allocated buffer overflow in gmon (bsc#1207975) Other issues fixed: - Fix avx2 strncmp offset compare condition check (bsc#1208358) - elf: Allow dlopen of filter object to work (bsc#1207571) - powerpc: Fix unrecognized instruction errors with recent GCC - x86: Cache computation for AMD architecture (bsc#1207957) The following package changes have been done: - glibc-2.31-150300.46.1 updated - libzstd1-1.5.0-150400.3.3.1 updated - libz1-1.2.13-150500.1.16 updated - libuuid1-2.37.4-150500.7.10 updated - libsmartcols1-2.37.4-150500.7.10 updated - libblkid1-2.37.4-150500.7.10 updated - libgcrypt20-1.9.4-150500.10.14 updated - libgcrypt20-hmac-1.9.4-150500.10.14 updated - libfdisk1-2.37.4-150500.7.10 updated - libgcc_s1-12.2.1+git416-150000.1.7.1 updated - libstdc++6-12.2.1+git416-150000.1.7.1 updated - libopenssl1_1-1.1.1l-150500.13.5 updated - libopenssl1_1-hmac-1.1.1l-150500.13.5 updated - libmount1-2.37.4-150500.7.10 updated - patterns-base-fips-20200124-150400.20.4.1 updated - libcurl4-7.79.1-150400.5.18.1 updated - sles-release-15.5-150500.37.4 updated - util-linux-2.37.4-150500.7.10 updated - kubevirt-virt-exportserver-0.58.0-150500.4.19 updated - container:sles15-image-15.0.0-34.15 updated From sle-updates at lists.suse.com Wed Apr 5 07:03:37 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 5 Apr 2023 09:03:37 +0200 (CEST) Subject: SUSE-CU-2023:953-1: Security update of suse/sles/15.5/virt-handler Message-ID: <20230405070337.54DC9F36D@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.5/virt-handler ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:953-1 Container Tags : suse/sles/15.5/virt-handler:0.58.0 , suse/sles/15.5/virt-handler:0.58.0-150500.4.19 , suse/sles/15.5/virt-handler:0.58.0.18.278 Container Release : 18.278 Severity : important Type : security References : 1202853 1203355 1203537 1207183 1207571 1207957 1207975 1208237 1208358 1208471 1209001 1209209 1209210 1209211 1209212 1209214 1209533 CVE-2022-4899 CVE-2023-0687 CVE-2023-24329 CVE-2023-27533 CVE-2023-27534 CVE-2023-27535 CVE-2023-27536 CVE-2023-27538 ----------------------------------------------------------------- The container suse/sles/15.5/virt-handler was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:632-1 Released: Mon Mar 6 20:33:59 2023 Summary: Recommended update for gnutls Type: recommended Severity: moderate References: 1207183,1208237 This update for gnutls fixes the following issues: - FIPS: Fix pct_test() return code in case of error (bsc#1207183) - Increase the limit of TLS PSK usernames from 128 to 65535 characters. [bsc#1208237, jsc#PED-1562] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:709-1 Released: Fri Mar 10 16:04:41 2023 Summary: Recommended update for console-setup Type: recommended Severity: moderate References: 1202853 This update for console-setup and kbd fixes the following issue: - Fix Caps_Lock mapping for us.map and others (bsc#1202853) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:743-1 Released: Wed Mar 15 11:18:23 2023 Summary: Recommended update for gnutls Type: recommended Severity: moderate References: 1209001 This update for gnutls fixes the following issues: FIPS: Establish PBKDF2 additional requirements [bsc#1209001] * Set the minimum output key length to 112 bits (FIPS 140-3 IG D.N) * Set the minimum salt length to 128 bits (SP 800-132 sec. 5.1) * Set the minimum iterations count to 1000 (SP 800-132 sec 5.2) * Set the minimum passlen of 20 characters (SP SP800-132 sec 5) * Add regression tests for the new PBKDF2 requirements. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:776-1 Released: Thu Mar 16 17:29:23 2023 Summary: Recommended update for gcc12 Type: recommended Severity: moderate References: This update for gcc12 fixes the following issues: This update ships gcc12 also to the SUSE Linux Enterprise 15 SP1 LTSS and 15 SP2 LTSS products. SUSE Linux Enterprise 15 SP3 and SP4 get only refreshed builds without changes This update ship the GCC 12 compiler suite and its base libraries. The compiler baselibraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 11 ones. The new compilers for C, C++, and Fortran are provided in the SUSE Linux Enterprise Module for Development Tools. To use gcc12 compilers use: - install 'gcc12' or 'gcc12-c++' or one of the other 'gcc12-COMPILER' frontend packages. - override your makefile to use CC=gcc12, CXX=g++12 and similar overrides for the other languages. For a full changelog with all new GCC12 features, check out https://gcc.gnu.org/gcc-12/changes.html ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:868-1 Released: Wed Mar 22 09:41:01 2023 Summary: Security update for python3 Type: security Severity: important References: 1203355,1208471,CVE-2023-24329 This update for python3 fixes the following issues: - CVE-2023-24329: Fixed a blocklist bypass via the urllib.parse component when supplying a URL that starts with blank characters (bsc#1208471). The following non-security bug was fixed: - Eliminate unnecessary and dangerous calls to PyThread_exit_thread() (bsc#1203355). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1582-1 Released: Mon Mar 27 10:31:52 2023 Summary: Security update for curl Type: security Severity: moderate References: 1209209,1209210,1209211,1209212,1209214,CVE-2023-27533,CVE-2023-27534,CVE-2023-27535,CVE-2023-27536,CVE-2023-27538 This update for curl fixes the following issues: - CVE-2023-27533: Fixed TELNET option IAC injection (bsc#1209209). - CVE-2023-27534: Fixed SFTP path ~ resolving discrepancy (bsc#1209210). - CVE-2023-27535: Fixed FTP too eager connection reuse (bsc#1209211). - CVE-2023-27536: Fixed GSS delegation too eager connection reuse (bsc#1209212). - CVE-2023-27538: Fixed SSH connection too eager reuse still (bsc#1209214). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1662-1 Released: Wed Mar 29 10:36:23 2023 Summary: Recommended update for patterns-base Type: recommended Severity: moderate References: 1203537 This update for patterns-base fixes the following issues: - change label of FIPS 140-2 to 140-3 to reflect our current certifications (bsc#1203537) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1688-1 Released: Wed Mar 29 18:19:10 2023 Summary: Security update for zstd Type: security Severity: moderate References: 1209533,CVE-2022-4899 This update for zstd fixes the following issues: - CVE-2022-4899: Fixed buffer overrun in util.c (bsc#1209533). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1718-1 Released: Fri Mar 31 15:47:34 2023 Summary: Security update for glibc Type: security Severity: moderate References: 1207571,1207957,1207975,1208358,CVE-2023-0687 This update for glibc fixes the following issues: Security issue fixed: - CVE-2023-0687: Fix allocated buffer overflow in gmon (bsc#1207975) Other issues fixed: - Fix avx2 strncmp offset compare condition check (bsc#1208358) - elf: Allow dlopen of filter object to work (bsc#1207571) - powerpc: Fix unrecognized instruction errors with recent GCC - x86: Cache computation for AMD architecture (bsc#1207957) The following package changes have been done: - glibc-2.31-150300.46.1 updated - libzstd1-1.5.0-150400.3.3.1 updated - libz1-1.2.13-150500.1.16 updated - libuuid1-2.37.4-150500.7.10 updated - libsmartcols1-2.37.4-150500.7.10 updated - libblkid1-2.37.4-150500.7.10 updated - libgcrypt20-1.9.4-150500.10.14 updated - libgcrypt20-hmac-1.9.4-150500.10.14 updated - libfdisk1-2.37.4-150500.7.10 updated - libgcc_s1-12.2.1+git416-150000.1.7.1 updated - libstdc++6-12.2.1+git416-150000.1.7.1 updated - libopenssl1_1-1.1.1l-150500.13.5 updated - libopenssl1_1-hmac-1.1.1l-150500.13.5 updated - libmount1-2.37.4-150500.7.10 updated - patterns-base-fips-20200124-150400.20.4.1 updated - libcurl4-7.79.1-150400.5.18.1 updated - sles-release-15.5-150500.37.4 updated - util-linux-2.37.4-150500.7.10 updated - curl-7.79.1-150400.5.18.1 updated - kbd-legacy-2.4.0-150400.5.3.1 updated - kubevirt-container-disk-0.58.0-150500.4.19 updated - kubevirt-virt-handler-0.58.0-150500.4.19 updated - libnettle8-3.8.1-150500.2.20 updated - kbd-2.4.0-150400.5.3.1 updated - libpython3_6m1_0-3.6.15-150300.10.45.1 updated - python3-base-3.6.15-150300.10.45.1 updated - libhogweed6-3.8.1-150500.2.20 updated - libmpath0-0.9.4+71+suse.c648a77-150500.1.1 updated - libgnutls30-3.7.3-150400.4.35.1 updated - libgnutls30-hmac-3.7.3-150400.4.35.1 updated - qemu-tools-7.1.0-150500.47.6 updated - container:sles15-image-15.0.0-34.15 updated From sle-updates at lists.suse.com Wed Apr 5 07:03:40 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 5 Apr 2023 09:03:40 +0200 (CEST) Subject: SUSE-CU-2023:954-1: Security update of suse/sles/15.5/virt-launcher Message-ID: <20230405070340.43B7EF36D@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.5/virt-launcher ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:954-1 Container Tags : suse/sles/15.5/virt-launcher:0.58.0 , suse/sles/15.5/virt-launcher:0.58.0-150500.4.19 , suse/sles/15.5/virt-launcher:0.58.0.20.112 Container Release : 20.112 Severity : important Type : security References : 1202853 1203355 1203537 1204425 1206623 1207183 1207571 1207780 1207957 1207975 1208036 1208237 1208358 1208471 1208828 1208881 1208957 1208959 1209001 1209209 1209210 1209211 1209212 1209214 1209533 CVE-2022-3555 CVE-2022-4899 CVE-2023-0512 CVE-2023-0687 CVE-2023-1127 CVE-2023-1170 CVE-2023-1175 CVE-2023-23931 CVE-2023-24329 CVE-2023-27533 CVE-2023-27534 CVE-2023-27535 CVE-2023-27536 CVE-2023-27538 ----------------------------------------------------------------- The container suse/sles/15.5/virt-launcher was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:622-1 Released: Mon Mar 6 11:17:57 2023 Summary: Recommended update for tcl Type: recommended Severity: moderate References: 1206623 This update for tcl fixes the following issues: - Fix string compare -length on big endian and improve string equal on little endian. (bsc#1206623) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:632-1 Released: Mon Mar 6 20:33:59 2023 Summary: Recommended update for gnutls Type: recommended Severity: moderate References: 1207183,1208237 This update for gnutls fixes the following issues: - FIPS: Fix pct_test() return code in case of error (bsc#1207183) - Increase the limit of TLS PSK usernames from 128 to 65535 characters. [bsc#1208237, jsc#PED-1562] ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:668-1 Released: Wed Mar 8 11:17:33 2023 Summary: Security update for libX11 Type: security Severity: moderate References: 1204425,1208881,CVE-2022-3555 This update for libX11 fixes the following issues: - Fixed a regression introduced with security update for CVE-2022-3555 (bsc#1204425, bsc#1208881) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:709-1 Released: Fri Mar 10 16:04:41 2023 Summary: Recommended update for console-setup Type: recommended Severity: moderate References: 1202853 This update for console-setup and kbd fixes the following issue: - Fix Caps_Lock mapping for us.map and others (bsc#1202853) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:722-1 Released: Tue Mar 14 14:57:15 2023 Summary: Security update for python-cryptography Type: security Severity: moderate References: 1208036,CVE-2023-23931 This update for python-cryptography fixes the following issues: - CVE-2023-23931: Fixed memory corruption due to invalidly changed immutable object (bsc#1208036). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:743-1 Released: Wed Mar 15 11:18:23 2023 Summary: Recommended update for gnutls Type: recommended Severity: moderate References: 1209001 This update for gnutls fixes the following issues: FIPS: Establish PBKDF2 additional requirements [bsc#1209001] * Set the minimum output key length to 112 bits (FIPS 140-3 IG D.N) * Set the minimum salt length to 128 bits (SP 800-132 sec. 5.1) * Set the minimum iterations count to 1000 (SP 800-132 sec 5.2) * Set the minimum passlen of 20 characters (SP SP800-132 sec 5) * Add regression tests for the new PBKDF2 requirements. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:776-1 Released: Thu Mar 16 17:29:23 2023 Summary: Recommended update for gcc12 Type: recommended Severity: moderate References: This update for gcc12 fixes the following issues: This update ships gcc12 also to the SUSE Linux Enterprise 15 SP1 LTSS and 15 SP2 LTSS products. SUSE Linux Enterprise 15 SP3 and SP4 get only refreshed builds without changes This update ship the GCC 12 compiler suite and its base libraries. The compiler baselibraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 11 ones. The new compilers for C, C++, and Fortran are provided in the SUSE Linux Enterprise Module for Development Tools. To use gcc12 compilers use: - install 'gcc12' or 'gcc12-c++' or one of the other 'gcc12-COMPILER' frontend packages. - override your makefile to use CC=gcc12, CXX=g++12 and similar overrides for the other languages. For a full changelog with all new GCC12 features, check out https://gcc.gnu.org/gcc-12/changes.html ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:781-1 Released: Thu Mar 16 19:07:00 2023 Summary: Security update for vim Type: security Severity: important References: 1207780,1208828,1208957,1208959,CVE-2023-0512,CVE-2023-1127,CVE-2023-1170,CVE-2023-1175 This update for vim fixes the following issues: - CVE-2023-0512: Fixed a divide By Zero (bsc#1207780). - CVE-2023-1175: vim: an incorrect calculation of buffer size (bsc#1208957). - CVE-2023-1170: Fixed a heap-based Buffer Overflow (bsc#1208959). - CVE-2023-1127: Fixed divide by zero in scrolldown() (bsc#1208828). Updated to version 9.0 with patch level 1386. - https://github.com/vim/vim/compare/v9.0.1234...v9.0.1386 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:868-1 Released: Wed Mar 22 09:41:01 2023 Summary: Security update for python3 Type: security Severity: important References: 1203355,1208471,CVE-2023-24329 This update for python3 fixes the following issues: - CVE-2023-24329: Fixed a blocklist bypass via the urllib.parse component when supplying a URL that starts with blank characters (bsc#1208471). The following non-security bug was fixed: - Eliminate unnecessary and dangerous calls to PyThread_exit_thread() (bsc#1203355). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1582-1 Released: Mon Mar 27 10:31:52 2023 Summary: Security update for curl Type: security Severity: moderate References: 1209209,1209210,1209211,1209212,1209214,CVE-2023-27533,CVE-2023-27534,CVE-2023-27535,CVE-2023-27536,CVE-2023-27538 This update for curl fixes the following issues: - CVE-2023-27533: Fixed TELNET option IAC injection (bsc#1209209). - CVE-2023-27534: Fixed SFTP path ~ resolving discrepancy (bsc#1209210). - CVE-2023-27535: Fixed FTP too eager connection reuse (bsc#1209211). - CVE-2023-27536: Fixed GSS delegation too eager connection reuse (bsc#1209212). - CVE-2023-27538: Fixed SSH connection too eager reuse still (bsc#1209214). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1662-1 Released: Wed Mar 29 10:36:23 2023 Summary: Recommended update for patterns-base Type: recommended Severity: moderate References: 1203537 This update for patterns-base fixes the following issues: - change label of FIPS 140-2 to 140-3 to reflect our current certifications (bsc#1203537) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1688-1 Released: Wed Mar 29 18:19:10 2023 Summary: Security update for zstd Type: security Severity: moderate References: 1209533,CVE-2022-4899 This update for zstd fixes the following issues: - CVE-2022-4899: Fixed buffer overrun in util.c (bsc#1209533). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1718-1 Released: Fri Mar 31 15:47:34 2023 Summary: Security update for glibc Type: security Severity: moderate References: 1207571,1207957,1207975,1208358,CVE-2023-0687 This update for glibc fixes the following issues: Security issue fixed: - CVE-2023-0687: Fix allocated buffer overflow in gmon (bsc#1207975) Other issues fixed: - Fix avx2 strncmp offset compare condition check (bsc#1208358) - elf: Allow dlopen of filter object to work (bsc#1207571) - powerpc: Fix unrecognized instruction errors with recent GCC - x86: Cache computation for AMD architecture (bsc#1207957) The following package changes have been done: - glibc-2.31-150300.46.1 updated - libzstd1-1.5.0-150400.3.3.1 updated - libz1-1.2.13-150500.1.16 updated - libuuid1-2.37.4-150500.7.10 updated - libsmartcols1-2.37.4-150500.7.10 updated - libblkid1-2.37.4-150500.7.10 updated - libgcrypt20-1.9.4-150500.10.14 updated - libgcrypt20-hmac-1.9.4-150500.10.14 updated - libfdisk1-2.37.4-150500.7.10 updated - libgcc_s1-12.2.1+git416-150000.1.7.1 updated - libstdc++6-12.2.1+git416-150000.1.7.1 updated - libopenssl1_1-1.1.1l-150500.13.5 updated - libopenssl1_1-hmac-1.1.1l-150500.13.5 updated - libmount1-2.37.4-150500.7.10 updated - patterns-base-fips-20200124-150400.20.4.1 updated - libcurl4-7.79.1-150400.5.18.1 updated - sles-release-15.5-150500.37.4 updated - util-linux-2.37.4-150500.7.10 updated - curl-7.79.1-150400.5.18.1 updated - kbd-legacy-2.4.0-150400.5.3.1 updated - kubevirt-container-disk-0.58.0-150500.4.19 updated - libX11-data-1.6.5-150000.3.27.1 updated - libnettle8-3.8.1-150500.2.20 updated - libslirp0-4.7.0+44-150500.2.1 updated - qemu-accel-tcg-x86-7.1.0-150500.47.6 updated - qemu-ipxe-1.0.0+-150500.47.6 updated - qemu-seabios-1.16.0_0_gd239552-150500.47.6 updated - qemu-sgabios-8-150500.47.6 updated - qemu-vgabios-1.16.0_0_gd239552-150500.47.6 updated - vim-data-common-9.0.1386-150000.5.37.1 updated - kbd-2.4.0-150400.5.3.1 updated - libpython3_6m1_0-3.6.15-150300.10.45.1 updated - python3-base-3.6.15-150300.10.45.1 updated - python3-3.6.15-150300.10.45.1 updated - libhogweed6-3.8.1-150500.2.20 updated - libmpath0-0.9.4+71+suse.c648a77-150500.1.1 updated - qemu-hw-usb-redirect-7.1.0-150500.47.6 updated - tcl-8.6.12-150300.14.9.1 updated - vim-small-9.0.1386-150000.5.37.1 updated - libX11-6-1.6.5-150000.3.27.1 updated - libgnutls30-3.7.3-150400.4.35.1 updated - libgnutls30-hmac-3.7.3-150400.4.35.1 updated - xen-libs-4.17.0_06-150500.1.2 updated - gnutls-3.7.3-150400.4.35.1 updated - qemu-tools-7.1.0-150500.47.6 updated - kubevirt-virt-launcher-0.58.0-150500.4.19 updated - python3-cryptography-3.3.2-150400.16.6.1 updated - qemu-x86-7.1.0-150500.47.6 updated - qemu-7.1.0-150500.47.6 updated - container:sles15-image-15.0.0-34.15 updated From sle-updates at lists.suse.com Wed Apr 5 07:03:43 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 5 Apr 2023 09:03:43 +0200 (CEST) Subject: SUSE-CU-2023:955-1: Security update of suse/sles/15.5/libguestfs-tools Message-ID: <20230405070343.19EF2F36D@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.5/libguestfs-tools ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:955-1 Container Tags : suse/sles/15.5/libguestfs-tools:0.58.0 , suse/sles/15.5/libguestfs-tools:0.58.0-150500.4.19 , suse/sles/15.5/libguestfs-tools:0.58.0.17.207 Container Release : 17.207 Severity : important Type : security References : 1178233 1202853 1203248 1203249 1203355 1203537 1203715 1204425 1204548 1204956 1205570 1205636 1206623 1206949 1207183 1207571 1207957 1207975 1208237 1208358 1208471 1208881 1209001 1209209 1209210 1209211 1209212 1209214 1209533 CVE-2022-3555 CVE-2022-4899 CVE-2023-0687 CVE-2023-24329 CVE-2023-27533 CVE-2023-27534 CVE-2023-27535 CVE-2023-27536 CVE-2023-27538 ----------------------------------------------------------------- The container suse/sles/15.5/libguestfs-tools was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:622-1 Released: Mon Mar 6 11:17:57 2023 Summary: Recommended update for tcl Type: recommended Severity: moderate References: 1206623 This update for tcl fixes the following issues: - Fix string compare -length on big endian and improve string equal on little endian. (bsc#1206623) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:632-1 Released: Mon Mar 6 20:33:59 2023 Summary: Recommended update for gnutls Type: recommended Severity: moderate References: 1207183,1208237 This update for gnutls fixes the following issues: - FIPS: Fix pct_test() return code in case of error (bsc#1207183) - Increase the limit of TLS PSK usernames from 128 to 65535 characters. [bsc#1208237, jsc#PED-1562] ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:668-1 Released: Wed Mar 8 11:17:33 2023 Summary: Security update for libX11 Type: security Severity: moderate References: 1204425,1208881,CVE-2022-3555 This update for libX11 fixes the following issues: - Fixed a regression introduced with security update for CVE-2022-3555 (bsc#1204425, bsc#1208881) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:709-1 Released: Fri Mar 10 16:04:41 2023 Summary: Recommended update for console-setup Type: recommended Severity: moderate References: 1202853 This update for console-setup and kbd fixes the following issue: - Fix Caps_Lock mapping for us.map and others (bsc#1202853) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:743-1 Released: Wed Mar 15 11:18:23 2023 Summary: Recommended update for gnutls Type: recommended Severity: moderate References: 1209001 This update for gnutls fixes the following issues: FIPS: Establish PBKDF2 additional requirements [bsc#1209001] * Set the minimum output key length to 112 bits (FIPS 140-3 IG D.N) * Set the minimum salt length to 128 bits (SP 800-132 sec. 5.1) * Set the minimum iterations count to 1000 (SP 800-132 sec 5.2) * Set the minimum passlen of 20 characters (SP SP800-132 sec 5) * Add regression tests for the new PBKDF2 requirements. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:776-1 Released: Thu Mar 16 17:29:23 2023 Summary: Recommended update for gcc12 Type: recommended Severity: moderate References: This update for gcc12 fixes the following issues: This update ships gcc12 also to the SUSE Linux Enterprise 15 SP1 LTSS and 15 SP2 LTSS products. SUSE Linux Enterprise 15 SP3 and SP4 get only refreshed builds without changes This update ship the GCC 12 compiler suite and its base libraries. The compiler baselibraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 11 ones. The new compilers for C, C++, and Fortran are provided in the SUSE Linux Enterprise Module for Development Tools. To use gcc12 compilers use: - install 'gcc12' or 'gcc12-c++' or one of the other 'gcc12-COMPILER' frontend packages. - override your makefile to use CC=gcc12, CXX=g++12 and similar overrides for the other languages. For a full changelog with all new GCC12 features, check out https://gcc.gnu.org/gcc-12/changes.html ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:788-1 Released: Thu Mar 16 19:37:59 2023 Summary: Recommended update for libsolv, libzypp, zypper Type: recommended Severity: important References: 1178233,1203248,1203249,1203715,1204548,1204956,1205570,1205636,1206949 This update for libsolv, libzypp, zypper fixes the following issues: libsolv: - Do not autouninstall SUSE PTF packages - Ensure 'duplinvolvedmap_all' is reset when a solver is reused - Fix 'keep installed' jobs not disabling 'best update' rules - New '-P' and '-W' options for `testsolv` - New introspection interface for weak dependencies similar to ruleinfos - Ensure special case file dependencies are written correctly in the testcase writer - Support better info about alternatives - Support decision reason queries - Support merging of related decisions - Support stringification of multiple solvables - Support stringification of ruleinfo, decisioninfo and decision reasons libzypp: - Avoid calling getsockopt when we know the info already. This patch should fix logging on WSL, getsockopt seems to not be fully supported but the code required it when accepting new socket connections (bsc#1178233) - Avoid redirecting 'history.logfile=/dev/null' into the target - Create '.no_auto_prune' in the package cache dir to prevent auto cleanup of orphaned repositories (bsc#1204956) - Enhance yaml-cpp detection - Improve download of optional files - MultiCurl: Make sure to reset the progress function when falling back. - Properly reset range requests (bsc#1204548) - Removing a PTF without enabled repos should always fail (bsc#1203248) Without enabled repos, the dependent PTF-packages would be removed (not replaced!) as well. To remove a PTF `zypper install -- -PTF` or a dedicated `zypper removeptf PTF` should be used. This will update the installed PTF packages to theit latest version. - Skip media.1/media download for http repo status calc. This patch allows zypp to skip a extra media.1/media download to calculate if a repository needs to be refreshed. This optimisation only takes place if the repo does specify only downloading base urls. - Use a dynamic fallback for BLKSIZE in downloads. When not receiving a blocklist via metalink file from the server MediaMultiCurl used to fallback to a fixed, relatively small BLKSIZE. This patch changes the fallback into a dynamic value based on the filesize using a similar metric as the MirrorCache implementation on the server side. - ProgressData: enforce reporting the INIT||END state (bsc#1206949) - ps: fix service detection on newer Tumbleweed systems (bsc#1205636) zypper: - Allow to (re)add a service with the same URL (bsc#1203715) - Bump dependency requirement to libzypp-devel 17.31.7 or greater - Explain outdatedness of repositories - patterns: Avoid dispylaing superfluous @System entries (bsc#1205570) - Provide `removeptf` command (bsc#1203249) A remove command which prefers replacing dependant packages to removing them as well. A PTF is typically removed as soon as the fix it provides is applied to the latest official update of the dependant packages. However it is not desired for the dependant packages to be removed together with the PTF, which is what the remove command would do. The `removeptf` command however will aim to replace the dependant packages by their official update versions. - Update man page and explain '.no_auto_prune' (bsc#1204956) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:868-1 Released: Wed Mar 22 09:41:01 2023 Summary: Security update for python3 Type: security Severity: important References: 1203355,1208471,CVE-2023-24329 This update for python3 fixes the following issues: - CVE-2023-24329: Fixed a blocklist bypass via the urllib.parse component when supplying a URL that starts with blank characters (bsc#1208471). The following non-security bug was fixed: - Eliminate unnecessary and dangerous calls to PyThread_exit_thread() (bsc#1203355). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1582-1 Released: Mon Mar 27 10:31:52 2023 Summary: Security update for curl Type: security Severity: moderate References: 1209209,1209210,1209211,1209212,1209214,CVE-2023-27533,CVE-2023-27534,CVE-2023-27535,CVE-2023-27536,CVE-2023-27538 This update for curl fixes the following issues: - CVE-2023-27533: Fixed TELNET option IAC injection (bsc#1209209). - CVE-2023-27534: Fixed SFTP path ~ resolving discrepancy (bsc#1209210). - CVE-2023-27535: Fixed FTP too eager connection reuse (bsc#1209211). - CVE-2023-27536: Fixed GSS delegation too eager connection reuse (bsc#1209212). - CVE-2023-27538: Fixed SSH connection too eager reuse still (bsc#1209214). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1662-1 Released: Wed Mar 29 10:36:23 2023 Summary: Recommended update for patterns-base Type: recommended Severity: moderate References: 1203537 This update for patterns-base fixes the following issues: - change label of FIPS 140-2 to 140-3 to reflect our current certifications (bsc#1203537) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1688-1 Released: Wed Mar 29 18:19:10 2023 Summary: Security update for zstd Type: security Severity: moderate References: 1209533,CVE-2022-4899 This update for zstd fixes the following issues: - CVE-2022-4899: Fixed buffer overrun in util.c (bsc#1209533). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1718-1 Released: Fri Mar 31 15:47:34 2023 Summary: Security update for glibc Type: security Severity: moderate References: 1207571,1207957,1207975,1208358,CVE-2023-0687 This update for glibc fixes the following issues: Security issue fixed: - CVE-2023-0687: Fix allocated buffer overflow in gmon (bsc#1207975) Other issues fixed: - Fix avx2 strncmp offset compare condition check (bsc#1208358) - elf: Allow dlopen of filter object to work (bsc#1207571) - powerpc: Fix unrecognized instruction errors with recent GCC - x86: Cache computation for AMD architecture (bsc#1207957) The following package changes have been done: - glibc-2.31-150300.46.1 updated - libzstd1-1.5.0-150400.3.3.1 updated - libz1-1.2.13-150500.1.16 updated - libuuid1-2.37.4-150500.7.10 updated - libsmartcols1-2.37.4-150500.7.10 updated - libblkid1-2.37.4-150500.7.10 updated - libgcrypt20-1.9.4-150500.10.14 updated - libgcrypt20-hmac-1.9.4-150500.10.14 updated - libfdisk1-2.37.4-150500.7.10 updated - libgcc_s1-12.2.1+git416-150000.1.7.1 updated - libstdc++6-12.2.1+git416-150000.1.7.1 updated - libopenssl1_1-1.1.1l-150500.13.5 updated - libopenssl1_1-hmac-1.1.1l-150500.13.5 updated - libmount1-2.37.4-150500.7.10 updated - patterns-base-fips-20200124-150400.20.4.1 updated - libcurl4-7.79.1-150400.5.18.1 updated - sles-release-15.5-150500.37.4 updated - libsolv-tools-0.7.23-150400.3.3.1 updated - libzypp-17.31.8-150400.3.14.1 updated - zypper-1.14.59-150400.3.12.2 updated - util-linux-2.37.4-150500.7.10 updated - curl-7.79.1-150400.5.18.1 updated - btrfsprogs-udev-rules-5.14-150500.8.20 updated - kbd-legacy-2.4.0-150400.5.3.1 updated - libX11-data-1.6.5-150000.3.27.1 updated - libnettle8-3.8.1-150500.2.20 updated - libslirp0-4.7.0+44-150500.2.1 updated - mdadm-4.2-150500.2.7 updated - qemu-accel-tcg-x86-7.1.0-150500.47.6 updated - qemu-ipxe-1.0.0+-150500.47.6 updated - qemu-seabios-1.16.0_0_gd239552-150500.47.6 updated - qemu-sgabios-8-150500.47.6 updated - qemu-vgabios-1.16.0_0_gd239552-150500.47.6 updated - zstd-1.5.0-150400.3.3.1 updated - kbd-2.4.0-150400.5.3.1 updated - python3-base-3.6.15-150300.10.45.1 updated - libpython3_6m1_0-3.6.15-150300.10.45.1 updated - libhogweed6-3.8.1-150500.2.20 updated - btrfsprogs-5.14-150500.8.20 updated - libmpath0-0.9.4+71+suse.c648a77-150500.1.1 updated - tcl-8.6.12-150300.14.9.1 updated - libX11-6-1.6.5-150000.3.27.1 updated - libgnutls30-3.7.3-150400.4.35.1 updated - libgnutls30-hmac-3.7.3-150400.4.35.1 updated - xen-libs-4.17.0_06-150500.1.2 updated - qemu-tools-7.1.0-150500.47.6 updated - supermin-5.2.2-150500.1.2 updated - dracut-mkinitrd-deprecated-055+suse.353.g5603b001-150500.1.5 updated - dracut-055+suse.353.g5603b001-150500.1.5 updated - kernel-kvmsmall-5.14.21-150500.46.4 updated - dracut-fips-055+suse.353.g5603b001-150500.1.5 updated - qemu-x86-7.1.0-150500.47.6 updated - qemu-7.1.0-150500.47.6 updated - libguestfs0-1.48.4-150500.1.10 updated - libguestfs-1.48.4-150500.1.10 updated - libguestfs-devel-1.48.4-150500.1.10 updated - container:sles15-image-15.0.0-34.15 updated From sle-updates at lists.suse.com Wed Apr 5 07:03:45 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 5 Apr 2023 09:03:45 +0200 (CEST) Subject: SUSE-CU-2023:956-1: Security update of suse/sles/15.5/virt-operator Message-ID: <20230405070345.BF96DF36D@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.5/virt-operator ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:956-1 Container Tags : suse/sles/15.5/virt-operator:0.58.0 , suse/sles/15.5/virt-operator:0.58.0-150500.4.19 , suse/sles/15.5/virt-operator:0.58.0.17.219 Container Release : 17.219 Severity : moderate Type : security References : 1203537 1207571 1207957 1207975 1208358 1209209 1209210 1209211 1209212 1209214 1209533 CVE-2022-4899 CVE-2023-0687 CVE-2023-27533 CVE-2023-27534 CVE-2023-27535 CVE-2023-27536 CVE-2023-27538 ----------------------------------------------------------------- The container suse/sles/15.5/virt-operator was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:776-1 Released: Thu Mar 16 17:29:23 2023 Summary: Recommended update for gcc12 Type: recommended Severity: moderate References: This update for gcc12 fixes the following issues: This update ships gcc12 also to the SUSE Linux Enterprise 15 SP1 LTSS and 15 SP2 LTSS products. SUSE Linux Enterprise 15 SP3 and SP4 get only refreshed builds without changes This update ship the GCC 12 compiler suite and its base libraries. The compiler baselibraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 11 ones. The new compilers for C, C++, and Fortran are provided in the SUSE Linux Enterprise Module for Development Tools. To use gcc12 compilers use: - install 'gcc12' or 'gcc12-c++' or one of the other 'gcc12-COMPILER' frontend packages. - override your makefile to use CC=gcc12, CXX=g++12 and similar overrides for the other languages. For a full changelog with all new GCC12 features, check out https://gcc.gnu.org/gcc-12/changes.html ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1582-1 Released: Mon Mar 27 10:31:52 2023 Summary: Security update for curl Type: security Severity: moderate References: 1209209,1209210,1209211,1209212,1209214,CVE-2023-27533,CVE-2023-27534,CVE-2023-27535,CVE-2023-27536,CVE-2023-27538 This update for curl fixes the following issues: - CVE-2023-27533: Fixed TELNET option IAC injection (bsc#1209209). - CVE-2023-27534: Fixed SFTP path ~ resolving discrepancy (bsc#1209210). - CVE-2023-27535: Fixed FTP too eager connection reuse (bsc#1209211). - CVE-2023-27536: Fixed GSS delegation too eager connection reuse (bsc#1209212). - CVE-2023-27538: Fixed SSH connection too eager reuse still (bsc#1209214). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1662-1 Released: Wed Mar 29 10:36:23 2023 Summary: Recommended update for patterns-base Type: recommended Severity: moderate References: 1203537 This update for patterns-base fixes the following issues: - change label of FIPS 140-2 to 140-3 to reflect our current certifications (bsc#1203537) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1688-1 Released: Wed Mar 29 18:19:10 2023 Summary: Security update for zstd Type: security Severity: moderate References: 1209533,CVE-2022-4899 This update for zstd fixes the following issues: - CVE-2022-4899: Fixed buffer overrun in util.c (bsc#1209533). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1718-1 Released: Fri Mar 31 15:47:34 2023 Summary: Security update for glibc Type: security Severity: moderate References: 1207571,1207957,1207975,1208358,CVE-2023-0687 This update for glibc fixes the following issues: Security issue fixed: - CVE-2023-0687: Fix allocated buffer overflow in gmon (bsc#1207975) Other issues fixed: - Fix avx2 strncmp offset compare condition check (bsc#1208358) - elf: Allow dlopen of filter object to work (bsc#1207571) - powerpc: Fix unrecognized instruction errors with recent GCC - x86: Cache computation for AMD architecture (bsc#1207957) The following package changes have been done: - glibc-2.31-150300.46.1 updated - libzstd1-1.5.0-150400.3.3.1 updated - libz1-1.2.13-150500.1.16 updated - libuuid1-2.37.4-150500.7.10 updated - libsmartcols1-2.37.4-150500.7.10 updated - libblkid1-2.37.4-150500.7.10 updated - libgcrypt20-1.9.4-150500.10.14 updated - libgcrypt20-hmac-1.9.4-150500.10.14 updated - libfdisk1-2.37.4-150500.7.10 updated - libgcc_s1-12.2.1+git416-150000.1.7.1 updated - libstdc++6-12.2.1+git416-150000.1.7.1 updated - libopenssl1_1-1.1.1l-150500.13.5 updated - libopenssl1_1-hmac-1.1.1l-150500.13.5 updated - libmount1-2.37.4-150500.7.10 updated - patterns-base-fips-20200124-150400.20.4.1 updated - libcurl4-7.79.1-150400.5.18.1 updated - sles-release-15.5-150500.37.4 updated - util-linux-2.37.4-150500.7.10 updated - kubevirt-virt-operator-0.58.0-150500.4.19 updated - container:sles15-image-15.0.0-34.15 updated From sle-updates at lists.suse.com Wed Apr 5 08:30:01 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 05 Apr 2023 08:30:01 -0000 Subject: SUSE-SU-2023:1766-1: moderate: Security update for libheif Message-ID: <168068340125.6842.11846104655025067409@smelt2.suse.de> # Security update for libheif Announcement ID: SUSE-SU-2023:1766-1 Rating: moderate References: Affected Products: * Desktop Applications Module 15-SP4 * openSUSE Leap 15.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that can now be installed. ## Description: This update for libheif fixes the following issues: * CVE-2023-0996: Fixed a buffer overflow in heif_js_decode_image (bsc#1208640). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-1766=1 * Desktop Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2023-1766=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * libheif1-1.12.0-150400.3.8.1 * gdk-pixbuf-loader-libheif-1.12.0-150400.3.8.1 * libheif-debugsource-1.12.0-150400.3.8.1 * libheif1-debuginfo-1.12.0-150400.3.8.1 * libheif-devel-1.12.0-150400.3.8.1 * gdk-pixbuf-loader-libheif-debuginfo-1.12.0-150400.3.8.1 * openSUSE Leap 15.4 (x86_64) * libheif1-32bit-1.12.0-150400.3.8.1 * libheif1-32bit-debuginfo-1.12.0-150400.3.8.1 * Desktop Applications Module 15-SP4 (aarch64 ppc64le s390x x86_64) * libheif1-1.12.0-150400.3.8.1 * libheif1-debuginfo-1.12.0-150400.3.8.1 * libheif-debugsource-1.12.0-150400.3.8.1 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Apr 5 12:30:02 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 05 Apr 2023 12:30:02 -0000 Subject: SUSE-SU-2023:1775-1: important: Security update for python-Werkzeug Message-ID: <168069780253.8792.10458331859736513699@smelt2.suse.de> # Security update for python-Werkzeug Announcement ID: SUSE-SU-2023:1775-1 Rating: important References: * #1208283 Cross-References: * CVE-2023-25577 CVSS scores: * CVE-2023-25577 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-25577 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * Public Cloud Module 12 * SUSE Linux Enterprise High Performance Computing 12 SP2 * SUSE Linux Enterprise High Performance Computing 12 SP3 * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 * SUSE Linux Enterprise Server 12 SP1 * SUSE Linux Enterprise Server 12 SP2 * SUSE Linux Enterprise Server 12 SP3 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 * SUSE Linux Enterprise Server for SAP Applications 12 SP1 * SUSE Linux Enterprise Server for SAP Applications 12 SP2 * SUSE Linux Enterprise Server for SAP Applications 12 SP3 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for python-Werkzeug fixes the following issues: CVE-2023-25577: Fixed high resource usage when parsing multipart form data with many fields (bsc#1208283). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Public Cloud Module 12 zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2023-1775=1 ## Package List: * Public Cloud Module 12 (noarch) * python3-Werkzeug-0.12.2-10.13.1 * python-Werkzeug-0.12.2-10.13.1 ## References: * https://www.suse.com/security/cve/CVE-2023-25577.html * https://bugzilla.suse.com/show_bug.cgi?id=1208283 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Apr 5 12:30:09 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 05 Apr 2023 12:30:09 -0000 Subject: SUSE-RU-2023:1774-1: moderate: Recommended update for libcontainers-common Message-ID: <168069780929.8792.13273971070724079783@smelt2.suse.de> # Recommended update for libcontainers-common Announcement ID: SUSE-RU-2023:1774-1 Rating: moderate References: * #1171578 * #1175821 * #1182998 * #1197093 * #1200524 * #1205536 * #1207509 Affected Products: * Basesystem Module 15-SP4 * openSUSE Leap 15.4 * openSUSE Leap Micro 5.3 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that contains two features and has seven recommended fixes can now be installed. ## Description: This update for libcontainers-common fixes the following issues: * Add registry.suse.com to the unqualified-search-registries (bsc#1205536) * New upstream release 20230214 * bump c/storage to 1.45.3 * bump c/image to 5.24.1 * bump c/common to 0.51.0 * containers.conf: * add commented out options containers.read_only, engine.platform_to_oci_runtime, engine.events_container_create_inspect_data, network.volume_plugin_timeout, engine.runtimes.youki, machine.provider * remove deprecated setting containers.userns_size * add youki to engine.runtime_supports_json * shortnames.conf: pull in latest upstream version * storage.conf: add commented out option storage.transient_store * correct license to APACHE-2.0 * Changes introduced to c/storage's storage.conf which adds a driver_priority attribute would break consumers of libcontainer-common as long as those packages are vendoring an older c/storage version. (bsc#1207509) * storage.conf: Unset 'driver' and set 'driver_priority' to allow podman to use 'btrfs' if available and fallback to 'overlay' if not. * .spec: rm %post script to set 'btrfs' as storage driver in storage.conf * Remove registry.suse.com from search unqualified-search-registries * add requires on util-linux-systemd for findmnt in profile script * only set storage_driver env when no libpod exists * add container-storage-driver.sh (bsc#1197093) * postinstall script: slight cleanup, no functional change * set detached sigstore attachments for the SUSE controlled registries * Fix obvious typo in containers.conf * Resync containers.conf / storage.conf with Fedora * Create /etc/containers/registries.conf.d and add 000-shortnames.conf to it. * Use $() again in %post, but with a space for POSIX compliance * Add missing Requires(post): sed (bsc#1200524) * Make %post compatible with dash * Switch registries.conf to v2 format * Reintroduce SLE specific mounts config, to avoid errors on non-SLE systems * Require util-linux-systemd for %post scripts (bsc#1182998, jsc#SLE-12122, bsc#1175821) * Update default registry (bsc#1171578) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-1774=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-1774=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-1774=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-1774=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-1774=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-1774=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-1774=1 ## Package List: * openSUSE Leap Micro 5.3 (noarch) * libcontainers-common-20230214-150400.3.5.2 * openSUSE Leap 15.4 (noarch) * libcontainers-common-20230214-150400.3.5.2 * SUSE Linux Enterprise Micro for Rancher 5.3 (noarch) * libcontainers-common-20230214-150400.3.5.2 * SUSE Linux Enterprise Micro 5.3 (noarch) * libcontainers-common-20230214-150400.3.5.2 * SUSE Linux Enterprise Micro for Rancher 5.4 (noarch) * libcontainers-common-20230214-150400.3.5.2 * SUSE Linux Enterprise Micro 5.4 (noarch) * libcontainers-common-20230214-150400.3.5.2 * Basesystem Module 15-SP4 (noarch) * libcontainers-common-20230214-150400.3.5.2 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1171578 * https://bugzilla.suse.com/show_bug.cgi?id=1175821 * https://bugzilla.suse.com/show_bug.cgi?id=1182998 * https://bugzilla.suse.com/show_bug.cgi?id=1197093 * https://bugzilla.suse.com/show_bug.cgi?id=1200524 * https://bugzilla.suse.com/show_bug.cgi?id=1205536 * https://bugzilla.suse.com/show_bug.cgi?id=1207509 * https://jira.suse.com/browse/SLE-12122 * https://jira.suse.com/browse/SMO-143 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Apr 5 12:30:12 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 05 Apr 2023 12:30:12 -0000 Subject: SUSE-SU-2023:1773-1: important: Security update for liblouis Message-ID: <168069781238.8792.4983754602675840004@smelt2.suse.de> # Security update for liblouis Announcement ID: SUSE-SU-2023:1773-1 Rating: important References: * #1209429 * #1209432 Cross-References: * CVE-2023-26767 * CVE-2023-26769 CVSS scores: * CVE-2023-26767 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-26767 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-26769 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-26769 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.4 * SUSE Enterprise Storage 7 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 An update that solves two vulnerabilities can now be installed. ## Description: This update for liblouis fixes the following issues: * CVE-2023-26767: Fixed buffer overflow vulnerability in lou_logFile function (bsc#1209429). * CVE-2023-26769: Fixed buffer Overflow vulnerability in resolveSubtable function (bsc#1209432). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-1773=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-1773=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-1773=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-1773=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-1773=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-1773=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-1773=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-1773=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-1773=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-1773=1 * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-1773=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * liblouis19-3.11.0-150200.3.8.1 * liblouis19-debuginfo-3.11.0-150200.3.8.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * liblouis-data-3.11.0-150200.3.8.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * liblouis-devel-3.11.0-150200.3.8.1 * liblouis-debuginfo-3.11.0-150200.3.8.1 * liblouis19-3.11.0-150200.3.8.1 * python3-louis-3.11.0-150200.3.8.1 * liblouis19-debuginfo-3.11.0-150200.3.8.1 * liblouis-debugsource-3.11.0-150200.3.8.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * liblouis-data-3.11.0-150200.3.8.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * liblouis-devel-3.11.0-150200.3.8.1 * liblouis-debuginfo-3.11.0-150200.3.8.1 * liblouis19-3.11.0-150200.3.8.1 * python3-louis-3.11.0-150200.3.8.1 * liblouis19-debuginfo-3.11.0-150200.3.8.1 * liblouis-debugsource-3.11.0-150200.3.8.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * liblouis-data-3.11.0-150200.3.8.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * liblouis-devel-3.11.0-150200.3.8.1 * liblouis-debuginfo-3.11.0-150200.3.8.1 * liblouis19-3.11.0-150200.3.8.1 * python3-louis-3.11.0-150200.3.8.1 * liblouis19-debuginfo-3.11.0-150200.3.8.1 * liblouis-debugsource-3.11.0-150200.3.8.1 * SUSE Linux Enterprise Real Time 15 SP3 (noarch) * liblouis-data-3.11.0-150200.3.8.1 * SUSE Linux Enterprise Real Time 15 SP3 (x86_64) * liblouis-devel-3.11.0-150200.3.8.1 * liblouis-debuginfo-3.11.0-150200.3.8.1 * liblouis19-3.11.0-150200.3.8.1 * python3-louis-3.11.0-150200.3.8.1 * liblouis19-debuginfo-3.11.0-150200.3.8.1 * liblouis-debugsource-3.11.0-150200.3.8.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch) * liblouis-data-3.11.0-150200.3.8.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * liblouis-devel-3.11.0-150200.3.8.1 * liblouis-debuginfo-3.11.0-150200.3.8.1 * liblouis19-3.11.0-150200.3.8.1 * python3-louis-3.11.0-150200.3.8.1 * liblouis19-debuginfo-3.11.0-150200.3.8.1 * liblouis-debugsource-3.11.0-150200.3.8.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * liblouis-data-3.11.0-150200.3.8.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * liblouis-devel-3.11.0-150200.3.8.1 * liblouis-debuginfo-3.11.0-150200.3.8.1 * liblouis19-3.11.0-150200.3.8.1 * python3-louis-3.11.0-150200.3.8.1 * liblouis19-debuginfo-3.11.0-150200.3.8.1 * liblouis-debugsource-3.11.0-150200.3.8.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch) * liblouis-data-3.11.0-150200.3.8.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * liblouis-devel-3.11.0-150200.3.8.1 * liblouis-debuginfo-3.11.0-150200.3.8.1 * liblouis19-3.11.0-150200.3.8.1 * python3-louis-3.11.0-150200.3.8.1 * liblouis19-debuginfo-3.11.0-150200.3.8.1 * liblouis-debugsource-3.11.0-150200.3.8.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * liblouis-data-3.11.0-150200.3.8.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * liblouis-devel-3.11.0-150200.3.8.1 * liblouis-debuginfo-3.11.0-150200.3.8.1 * liblouis19-3.11.0-150200.3.8.1 * python3-louis-3.11.0-150200.3.8.1 * liblouis19-debuginfo-3.11.0-150200.3.8.1 * liblouis-debugsource-3.11.0-150200.3.8.1 * SUSE Enterprise Storage 7.1 (noarch) * liblouis-data-3.11.0-150200.3.8.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * liblouis-devel-3.11.0-150200.3.8.1 * liblouis-debuginfo-3.11.0-150200.3.8.1 * liblouis19-3.11.0-150200.3.8.1 * python3-louis-3.11.0-150200.3.8.1 * liblouis19-debuginfo-3.11.0-150200.3.8.1 * liblouis-debugsource-3.11.0-150200.3.8.1 * SUSE Enterprise Storage 7 (noarch) * liblouis-data-3.11.0-150200.3.8.1 * SUSE Enterprise Storage 7 (aarch64 x86_64) * liblouis-devel-3.11.0-150200.3.8.1 * liblouis-debuginfo-3.11.0-150200.3.8.1 * liblouis19-3.11.0-150200.3.8.1 * python3-louis-3.11.0-150200.3.8.1 * liblouis19-debuginfo-3.11.0-150200.3.8.1 * liblouis-debugsource-3.11.0-150200.3.8.1 ## References: * https://www.suse.com/security/cve/CVE-2023-26767.html * https://www.suse.com/security/cve/CVE-2023-26769.html * https://bugzilla.suse.com/show_bug.cgi?id=1209429 * https://bugzilla.suse.com/show_bug.cgi?id=1209432 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Apr 5 12:30:15 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 05 Apr 2023 12:30:15 -0000 Subject: SUSE-SU-2023:1772-1: important: Security update for liblouis Message-ID: <168069781537.8792.8796793828508875859@smelt2.suse.de> # Security update for liblouis Announcement ID: SUSE-SU-2023:1772-1 Rating: important References: * #1209429 * #1209432 Cross-References: * CVE-2023-26767 * CVE-2023-26769 CVSS scores: * CVE-2023-26767 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-26767 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-26769 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-26769 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.4 * SUSE CaaS Platform 4.0 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 An update that solves two vulnerabilities can now be installed. ## Description: This update for liblouis fixes the following issues: * CVE-2023-26767: Fixed buffer overflow vulnerability in lou_logFile function (bsc#1209429). * CVE-2023-26769: Fixed buffer Overflow vulnerability in resolveSubtable function (bsc#1209432). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-1772=1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-1772=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-1772=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-1772=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * liblouis14-3.3.0-150000.4.13.1 * liblouis14-debuginfo-3.3.0-150000.4.13.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * liblouis-debugsource-3.3.0-150000.4.13.1 * liblouis-debuginfo-3.3.0-150000.4.13.1 * python3-louis-3.3.0-150000.4.13.1 * liblouis14-debuginfo-3.3.0-150000.4.13.1 * liblouis14-3.3.0-150000.4.13.1 * liblouis-devel-3.3.0-150000.4.13.1 * liblouis-data-3.3.0-150000.4.13.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * liblouis-debugsource-3.3.0-150000.4.13.1 * liblouis-debuginfo-3.3.0-150000.4.13.1 * python3-louis-3.3.0-150000.4.13.1 * liblouis14-debuginfo-3.3.0-150000.4.13.1 * liblouis14-3.3.0-150000.4.13.1 * liblouis-devel-3.3.0-150000.4.13.1 * liblouis-data-3.3.0-150000.4.13.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * liblouis-debugsource-3.3.0-150000.4.13.1 * liblouis-debuginfo-3.3.0-150000.4.13.1 * python3-louis-3.3.0-150000.4.13.1 * liblouis14-debuginfo-3.3.0-150000.4.13.1 * liblouis14-3.3.0-150000.4.13.1 * liblouis-devel-3.3.0-150000.4.13.1 * liblouis-data-3.3.0-150000.4.13.1 * SUSE CaaS Platform 4.0 (x86_64) * liblouis-debugsource-3.3.0-150000.4.13.1 * liblouis-debuginfo-3.3.0-150000.4.13.1 * python3-louis-3.3.0-150000.4.13.1 * liblouis14-debuginfo-3.3.0-150000.4.13.1 * liblouis14-3.3.0-150000.4.13.1 * liblouis-devel-3.3.0-150000.4.13.1 * liblouis-data-3.3.0-150000.4.13.1 ## References: * https://www.suse.com/security/cve/CVE-2023-26767.html * https://www.suse.com/security/cve/CVE-2023-26769.html * https://bugzilla.suse.com/show_bug.cgi?id=1209429 * https://bugzilla.suse.com/show_bug.cgi?id=1209432 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Apr 5 12:30:18 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 05 Apr 2023 12:30:18 -0000 Subject: SUSE-SU-2023:1771-1: important: Security update for liblouis Message-ID: <168069781831.8792.7061021614150797685@smelt2.suse.de> # Security update for liblouis Announcement ID: SUSE-SU-2023:1771-1 Rating: important References: * #1209429 * #1209432 Cross-References: * CVE-2023-26767 * CVE-2023-26769 CVSS scores: * CVE-2023-26767 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-26767 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-26769 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-26769 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * Desktop Applications Module 15-SP4 * openSUSE Leap 15.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves two vulnerabilities can now be installed. ## Description: This update for liblouis fixes the following issues: * CVE-2023-26767: Fixed buffer overflow vulnerability in lou_logFile function (bsc#1209429). * CVE-2023-26769: Fixed buffer Overflow vulnerability in resolveSubtable function (bsc#1209432). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-1771=1 * Desktop Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2023-1771=1 ## Package List: * openSUSE Leap 15.4 (noarch) * liblouis-data-3.20.0-150400.3.8.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * liblouis20-3.20.0-150400.3.8.1 * liblouis20-debuginfo-3.20.0-150400.3.8.1 * liblouis-debugsource-3.20.0-150400.3.8.1 * liblouis-doc-3.20.0-150400.3.8.1 * liblouis-devel-3.20.0-150400.3.8.1 * liblouis-tools-3.20.0-150400.3.8.1 * liblouis-debuginfo-3.20.0-150400.3.8.1 * liblouis-tools-debuginfo-3.20.0-150400.3.8.1 * python3-louis-3.20.0-150400.3.8.1 * Desktop Applications Module 15-SP4 (noarch) * liblouis-data-3.20.0-150400.3.8.1 * Desktop Applications Module 15-SP4 (aarch64 ppc64le s390x x86_64) * liblouis20-3.20.0-150400.3.8.1 * liblouis20-debuginfo-3.20.0-150400.3.8.1 * liblouis-debugsource-3.20.0-150400.3.8.1 * liblouis-devel-3.20.0-150400.3.8.1 * liblouis-debuginfo-3.20.0-150400.3.8.1 * python3-louis-3.20.0-150400.3.8.1 ## References: * https://www.suse.com/security/cve/CVE-2023-26767.html * https://www.suse.com/security/cve/CVE-2023-26769.html * https://bugzilla.suse.com/show_bug.cgi?id=1209429 * https://bugzilla.suse.com/show_bug.cgi?id=1209432 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Apr 5 12:30:21 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 05 Apr 2023 12:30:21 -0000 Subject: SUSE-RU-2023:1770-1: moderate: Recommended update for python-kiwi Message-ID: <168069782101.8792.6050990538059317885@smelt2.suse.de> # Recommended update for python-kiwi Announcement ID: SUSE-RU-2023:1770-1 Rating: moderate References: * #1179562 * #1207128 Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that has two recommended fixes can now be installed. ## Description: This update for python-kiwi fixes the following issues: * Constraint development requirements as unit tests were set according to latest versions at a time. Unit tests would require a refactor to make them functional with latest pytest and mock versions. * Support hardlinks in builtin boot images it makes use of the same rsync flags that are being used to sync the root-tree into a filesystem image/device. (bsc#1207128) * Fixed validation of bool value in dracut module * This commit adds a reference to Issue SUSE-Enceladus/azure-li-services#255 and the report in bugzilla. (bsc#1179562) * Omit multipath module by default * Fixed multipath disk device assignment in kiwi lib * Increase overall allowed flake8 complexity level and delete the extra exceptions from code as much as possible * Fixed TestContainerImageOCI unit tests ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SAP-12-SP5-2023-1770=1 SUSE-SLE- SERVER-12-SP5-2023-1770=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-1770=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-1770=1 ## Package List: * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (x86_64) * kiwi-pxeboot-9.20.6-3.28.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * dracut-kiwi-oem-repart-9.20.6-3.28.1 * dracut-kiwi-lib-9.20.6-3.28.1 * kiwi-tools-9.20.6-3.28.1 * dracut-kiwi-overlay-9.20.6-3.28.1 * dracut-kiwi-live-9.20.6-3.28.1 * python-kiwi-debugsource-9.20.6-3.28.1 * python3-kiwi-9.20.6-3.28.1 * kiwi-man-pages-9.20.6-3.28.1 * kiwi-tools-debuginfo-9.20.6-3.28.1 * dracut-kiwi-oem-dump-9.20.6-3.28.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * dracut-kiwi-oem-repart-9.20.6-3.28.1 * dracut-kiwi-lib-9.20.6-3.28.1 * kiwi-tools-9.20.6-3.28.1 * dracut-kiwi-overlay-9.20.6-3.28.1 * dracut-kiwi-live-9.20.6-3.28.1 * python-kiwi-debugsource-9.20.6-3.28.1 * python3-kiwi-9.20.6-3.28.1 * kiwi-man-pages-9.20.6-3.28.1 * kiwi-tools-debuginfo-9.20.6-3.28.1 * dracut-kiwi-oem-dump-9.20.6-3.28.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * dracut-kiwi-oem-repart-9.20.6-3.28.1 * dracut-kiwi-lib-9.20.6-3.28.1 * kiwi-tools-9.20.6-3.28.1 * dracut-kiwi-overlay-9.20.6-3.28.1 * dracut-kiwi-live-9.20.6-3.28.1 * python-kiwi-debugsource-9.20.6-3.28.1 * python3-kiwi-9.20.6-3.28.1 * kiwi-man-pages-9.20.6-3.28.1 * kiwi-tools-debuginfo-9.20.6-3.28.1 * dracut-kiwi-oem-dump-9.20.6-3.28.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1179562 * https://bugzilla.suse.com/show_bug.cgi?id=1207128 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Apr 5 12:30:23 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 05 Apr 2023 12:30:23 -0000 Subject: SUSE-SU-2023:1769-1: important: Security update for tomcat Message-ID: <168069782377.8792.12808139333722960109@smelt2.suse.de> # Security update for tomcat Announcement ID: SUSE-SU-2023:1769-1 Rating: important References: * #1208513 * #1209622 Cross-References: * CVE-2023-24998 * CVE-2023-28708 CVSS scores: * CVE-2023-24998 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-24998 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-28708 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2023-28708 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N Affected Products: * openSUSE Leap 15.4 * SUSE Enterprise Storage 7 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 * Web and Scripting Module 15-SP4 An update that solves two vulnerabilities can now be installed. ## Description: This update for tomcat fixes the following issues: * CVE-2023-28708: Fixed information disclosure by not including the secure attribute (bsc#1209622). * CVE-2023-24998: Fixed FileUpload deny-of-service with excessive parts (bsc#1208513). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-1769=1 * Web and Scripting Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP4-2023-1769=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-1769=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-1769=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-1769=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-1769=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-1769=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-1769=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-1769=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-1769=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-1769=1 * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-1769=1 ## Package List: * openSUSE Leap 15.4 (noarch) * tomcat-docs-webapp-9.0.43-150200.35.1 * tomcat-javadoc-9.0.43-150200.35.1 * tomcat-lib-9.0.43-150200.35.1 * tomcat-servlet-4_0-api-9.0.43-150200.35.1 * tomcat-jsp-2_3-api-9.0.43-150200.35.1 * tomcat-admin-webapps-9.0.43-150200.35.1 * tomcat-9.0.43-150200.35.1 * tomcat-webapps-9.0.43-150200.35.1 * tomcat-jsvc-9.0.43-150200.35.1 * tomcat-embed-9.0.43-150200.35.1 * tomcat-el-3_0-api-9.0.43-150200.35.1 * Web and Scripting Module 15-SP4 (noarch) * tomcat-lib-9.0.43-150200.35.1 * tomcat-servlet-4_0-api-9.0.43-150200.35.1 * tomcat-jsp-2_3-api-9.0.43-150200.35.1 * tomcat-admin-webapps-9.0.43-150200.35.1 * tomcat-9.0.43-150200.35.1 * tomcat-webapps-9.0.43-150200.35.1 * tomcat-el-3_0-api-9.0.43-150200.35.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * tomcat-lib-9.0.43-150200.35.1 * tomcat-servlet-4_0-api-9.0.43-150200.35.1 * tomcat-jsp-2_3-api-9.0.43-150200.35.1 * tomcat-admin-webapps-9.0.43-150200.35.1 * tomcat-9.0.43-150200.35.1 * tomcat-webapps-9.0.43-150200.35.1 * tomcat-el-3_0-api-9.0.43-150200.35.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * tomcat-lib-9.0.43-150200.35.1 * tomcat-servlet-4_0-api-9.0.43-150200.35.1 * tomcat-jsp-2_3-api-9.0.43-150200.35.1 * tomcat-admin-webapps-9.0.43-150200.35.1 * tomcat-9.0.43-150200.35.1 * tomcat-webapps-9.0.43-150200.35.1 * tomcat-el-3_0-api-9.0.43-150200.35.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * tomcat-lib-9.0.43-150200.35.1 * tomcat-servlet-4_0-api-9.0.43-150200.35.1 * tomcat-jsp-2_3-api-9.0.43-150200.35.1 * tomcat-admin-webapps-9.0.43-150200.35.1 * tomcat-9.0.43-150200.35.1 * tomcat-webapps-9.0.43-150200.35.1 * tomcat-el-3_0-api-9.0.43-150200.35.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch) * tomcat-lib-9.0.43-150200.35.1 * tomcat-servlet-4_0-api-9.0.43-150200.35.1 * tomcat-jsp-2_3-api-9.0.43-150200.35.1 * tomcat-admin-webapps-9.0.43-150200.35.1 * tomcat-9.0.43-150200.35.1 * tomcat-webapps-9.0.43-150200.35.1 * tomcat-el-3_0-api-9.0.43-150200.35.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * tomcat-lib-9.0.43-150200.35.1 * tomcat-servlet-4_0-api-9.0.43-150200.35.1 * tomcat-jsp-2_3-api-9.0.43-150200.35.1 * tomcat-admin-webapps-9.0.43-150200.35.1 * tomcat-9.0.43-150200.35.1 * tomcat-webapps-9.0.43-150200.35.1 * tomcat-el-3_0-api-9.0.43-150200.35.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch) * tomcat-lib-9.0.43-150200.35.1 * tomcat-servlet-4_0-api-9.0.43-150200.35.1 * tomcat-jsp-2_3-api-9.0.43-150200.35.1 * tomcat-admin-webapps-9.0.43-150200.35.1 * tomcat-9.0.43-150200.35.1 * tomcat-webapps-9.0.43-150200.35.1 * tomcat-el-3_0-api-9.0.43-150200.35.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * tomcat-lib-9.0.43-150200.35.1 * tomcat-servlet-4_0-api-9.0.43-150200.35.1 * tomcat-jsp-2_3-api-9.0.43-150200.35.1 * tomcat-admin-webapps-9.0.43-150200.35.1 * tomcat-9.0.43-150200.35.1 * tomcat-webapps-9.0.43-150200.35.1 * tomcat-el-3_0-api-9.0.43-150200.35.1 * SUSE Manager Server 4.2 (noarch) * tomcat-lib-9.0.43-150200.35.1 * tomcat-servlet-4_0-api-9.0.43-150200.35.1 * tomcat-jsp-2_3-api-9.0.43-150200.35.1 * tomcat-admin-webapps-9.0.43-150200.35.1 * tomcat-9.0.43-150200.35.1 * tomcat-webapps-9.0.43-150200.35.1 * tomcat-el-3_0-api-9.0.43-150200.35.1 * SUSE Enterprise Storage 7.1 (noarch) * tomcat-lib-9.0.43-150200.35.1 * tomcat-servlet-4_0-api-9.0.43-150200.35.1 * tomcat-jsp-2_3-api-9.0.43-150200.35.1 * tomcat-admin-webapps-9.0.43-150200.35.1 * tomcat-9.0.43-150200.35.1 * tomcat-webapps-9.0.43-150200.35.1 * tomcat-el-3_0-api-9.0.43-150200.35.1 * SUSE Enterprise Storage 7 (noarch) * tomcat-lib-9.0.43-150200.35.1 * tomcat-servlet-4_0-api-9.0.43-150200.35.1 * tomcat-jsp-2_3-api-9.0.43-150200.35.1 * tomcat-admin-webapps-9.0.43-150200.35.1 * tomcat-9.0.43-150200.35.1 * tomcat-webapps-9.0.43-150200.35.1 * tomcat-el-3_0-api-9.0.43-150200.35.1 ## References: * https://www.suse.com/security/cve/CVE-2023-24998.html * https://www.suse.com/security/cve/CVE-2023-28708.html * https://bugzilla.suse.com/show_bug.cgi?id=1208513 * https://bugzilla.suse.com/show_bug.cgi?id=1209622 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Apr 5 12:30:24 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 05 Apr 2023 12:30:24 -0000 Subject: SUSE-SU-2023:1768-1: moderate: Security update for skopeo Message-ID: <168069782482.8792.13778397748307376847@smelt2.suse.de> # Security update for skopeo Announcement ID: SUSE-SU-2023:1768-1 Rating: moderate References: Affected Products: * Basesystem Module 15-SP4 * openSUSE Leap 15.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that can now be installed. ## Description: This update for skopeo fixes the following issue: * rebuild against the current go1.19 version to make sure bugs and security issues are fixed. ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-1768=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-1768=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-1768=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * skopeo-debuginfo-0.1.41-150000.4.14.1 * skopeo-0.1.41-150000.4.14.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * skopeo-debuginfo-0.1.41-150000.4.14.1 * skopeo-0.1.41-150000.4.14.1 * SUSE Linux Enterprise Real Time 15 SP3 (x86_64) * skopeo-debuginfo-0.1.41-150000.4.14.1 * skopeo-0.1.41-150000.4.14.1 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Apr 5 12:30:26 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 05 Apr 2023 12:30:26 -0000 Subject: SUSE-SU-2023:1767-1: moderate: Security update for python-cryptography Message-ID: <168069782660.8792.3291873660590040485@smelt2.suse.de> # Security update for python-cryptography Announcement ID: SUSE-SU-2023:1767-1 Rating: moderate References: * #1208036 Cross-References: * CVE-2023-23931 CVSS scores: * CVE-2023-23931 ( SUSE ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2023-23931 ( NVD ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for python-cryptography fixes the following issues: * CVE-2023-23931: Fixed memory corruption in Cipher.update_into (bsc#1208036). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-1767=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-1767=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-1767=1 ## Package List: * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * python-cryptography-2.8-7.40.1 * python-cryptography-debuginfo-2.8-7.40.1 * python3-cryptography-debuginfo-2.8-7.40.1 * python3-cryptography-2.8-7.40.1 * python-cryptography-debugsource-2.8-7.40.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * python-cryptography-2.8-7.40.1 * python-cryptography-debuginfo-2.8-7.40.1 * python3-cryptography-debuginfo-2.8-7.40.1 * python3-cryptography-2.8-7.40.1 * python-cryptography-debugsource-2.8-7.40.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * python-cryptography-2.8-7.40.1 * python-cryptography-debuginfo-2.8-7.40.1 * python3-cryptography-debuginfo-2.8-7.40.1 * python3-cryptography-2.8-7.40.1 * python-cryptography-debugsource-2.8-7.40.1 ## References: * https://www.suse.com/security/cve/CVE-2023-23931.html * https://bugzilla.suse.com/show_bug.cgi?id=1208036 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Apr 5 16:30:09 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 05 Apr 2023 16:30:09 -0000 Subject: SUSE-SU-2023:1776-1: important: Security update for systemd Message-ID: <168071220975.13066.16136539481380913218@smelt2.suse.de> # Security update for systemd Announcement ID: SUSE-SU-2023:1776-1 Rating: important References: * #1191502 * #1195529 * #1197244 * #1198507 * #1204423 * #1204968 * #1205000 * #1206985 * #1208958 Cross-References: * CVE-2022-3821 * CVE-2022-4415 * CVE-2023-26604 CVSS scores: * CVE-2022-3821 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-3821 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-4415 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2022-4415 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2023-26604 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-26604 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP2 * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise Server 12 SP2 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE OpenStack Cloud 9 * SUSE OpenStack Cloud Crowbar 9 An update that solves three vulnerabilities and has six fixes can now be installed. ## Description: This update for systemd fixes the following issues: * CVE-2023-26604: Fixed a privilege escalation via the less pager. (bsc#1208958) * CVE-2022-4415: Fixed systemd-coredump that did not respect the fs.suid_dumpable kernel setting (bsc#1205000). * CVE-2022-3821: Fixed buffer overrun in format_timespan() function (bsc#1204968). Bug fixes: * Restrict cpu rule to x86_64, and also update the rule files to make use of the "CONST{arch}" syntax (bsc#1204423). * Fixed 'systemd --user' call pam_loginuid when creating user at .service (bsc#1198507). * Fixed 'systemd-detect-virt' refine hypervisor detection (bsc#1197244). * Fixed 'udev' 60-persistent-storage-tape.rules: handle duplicate device ID (bsc#1195529). * Fixed 'man' tweak description of auto/noauto (bsc#1191502). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE OpenStack Cloud 9 zypper in -t patch SUSE-OpenStack-Cloud-9-2023-1776=1 * SUSE OpenStack Cloud Crowbar 9 zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2023-1776=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 zypper in -t patch SUSE-SLE-SAP-12-SP4-2023-1776=1 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2023-1776=1 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 zypper in -t patch SUSE-SLE-SERVER-12-SP4-ESPOS-2023-1776=1 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2023-1776=1 ## Package List: * SUSE OpenStack Cloud 9 (x86_64) * libsystemd0-228-150.108.2 * systemd-228-150.108.2 * libudev-devel-228-150.108.2 * libudev1-debuginfo-228-150.108.2 * libsystemd0-32bit-228-150.108.2 * udev-debuginfo-228-150.108.2 * libudev1-debuginfo-32bit-228-150.108.2 * systemd-sysvinit-228-150.108.2 * systemd-debuginfo-32bit-228-150.108.2 * libudev1-228-150.108.2 * libudev1-32bit-228-150.108.2 * systemd-debuginfo-228-150.108.2 * systemd-devel-228-150.108.2 * libsystemd0-debuginfo-32bit-228-150.108.2 * systemd-32bit-228-150.108.2 * libsystemd0-debuginfo-228-150.108.2 * udev-228-150.108.2 * systemd-debugsource-228-150.108.2 * SUSE OpenStack Cloud 9 (noarch) * systemd-bash-completion-228-150.108.2 * SUSE OpenStack Cloud Crowbar 9 (x86_64) * libsystemd0-228-150.108.2 * systemd-228-150.108.2 * libudev-devel-228-150.108.2 * libudev1-debuginfo-228-150.108.2 * libsystemd0-32bit-228-150.108.2 * udev-debuginfo-228-150.108.2 * libudev1-debuginfo-32bit-228-150.108.2 * systemd-sysvinit-228-150.108.2 * systemd-debuginfo-32bit-228-150.108.2 * libudev1-228-150.108.2 * libudev1-32bit-228-150.108.2 * systemd-debuginfo-228-150.108.2 * systemd-devel-228-150.108.2 * libsystemd0-debuginfo-32bit-228-150.108.2 * systemd-32bit-228-150.108.2 * libsystemd0-debuginfo-228-150.108.2 * udev-228-150.108.2 * systemd-debugsource-228-150.108.2 * SUSE OpenStack Cloud Crowbar 9 (noarch) * systemd-bash-completion-228-150.108.2 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 (ppc64le x86_64) * libsystemd0-228-150.108.2 * systemd-228-150.108.2 * libudev-devel-228-150.108.2 * libudev1-debuginfo-228-150.108.2 * systemd-sysvinit-228-150.108.2 * libudev1-228-150.108.2 * systemd-devel-228-150.108.2 * systemd-debuginfo-228-150.108.2 * udev-debuginfo-228-150.108.2 * libsystemd0-debuginfo-228-150.108.2 * udev-228-150.108.2 * systemd-debugsource-228-150.108.2 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 (noarch) * systemd-bash-completion-228-150.108.2 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 (x86_64) * libsystemd0-32bit-228-150.108.2 * libudev1-debuginfo-32bit-228-150.108.2 * systemd-debuginfo-32bit-228-150.108.2 * libudev1-32bit-228-150.108.2 * libsystemd0-debuginfo-32bit-228-150.108.2 * systemd-32bit-228-150.108.2 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 (x86_64) * libsystemd0-228-150.108.2 * systemd-228-150.108.2 * libudev1-debuginfo-228-150.108.2 * libsystemd0-32bit-228-150.108.2 * udev-debuginfo-228-150.108.2 * libudev1-debuginfo-32bit-228-150.108.2 * systemd-sysvinit-228-150.108.2 * systemd-debuginfo-32bit-228-150.108.2 * libudev1-228-150.108.2 * libudev1-32bit-228-150.108.2 * systemd-debuginfo-228-150.108.2 * systemd-devel-228-150.108.2 * libsystemd0-debuginfo-32bit-228-150.108.2 * systemd-32bit-228-150.108.2 * libsystemd0-debuginfo-228-150.108.2 * udev-228-150.108.2 * systemd-debugsource-228-150.108.2 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 (noarch) * systemd-bash-completion-228-150.108.2 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 (aarch64 x86_64) * libsystemd0-228-150.108.2 * systemd-228-150.108.2 * libudev-devel-228-150.108.2 * libudev1-debuginfo-228-150.108.2 * systemd-sysvinit-228-150.108.2 * libudev1-228-150.108.2 * systemd-devel-228-150.108.2 * systemd-debuginfo-228-150.108.2 * udev-debuginfo-228-150.108.2 * libsystemd0-debuginfo-228-150.108.2 * udev-228-150.108.2 * systemd-debugsource-228-150.108.2 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 (noarch) * systemd-bash-completion-228-150.108.2 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 (x86_64) * libsystemd0-32bit-228-150.108.2 * libudev1-debuginfo-32bit-228-150.108.2 * systemd-debuginfo-32bit-228-150.108.2 * libudev1-32bit-228-150.108.2 * libsystemd0-debuginfo-32bit-228-150.108.2 * systemd-32bit-228-150.108.2 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 (aarch64 ppc64le s390x x86_64) * libsystemd0-228-150.108.2 * systemd-228-150.108.2 * libudev-devel-228-150.108.2 * libudev1-debuginfo-228-150.108.2 * systemd-sysvinit-228-150.108.2 * libudev1-228-150.108.2 * systemd-devel-228-150.108.2 * systemd-debuginfo-228-150.108.2 * udev-debuginfo-228-150.108.2 * libsystemd0-debuginfo-228-150.108.2 * udev-228-150.108.2 * systemd-debugsource-228-150.108.2 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 (noarch) * systemd-bash-completion-228-150.108.2 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 (s390x x86_64) * libsystemd0-32bit-228-150.108.2 * libudev1-debuginfo-32bit-228-150.108.2 * systemd-debuginfo-32bit-228-150.108.2 * libudev1-32bit-228-150.108.2 * libsystemd0-debuginfo-32bit-228-150.108.2 * systemd-32bit-228-150.108.2 ## References: * https://www.suse.com/security/cve/CVE-2022-3821.html * https://www.suse.com/security/cve/CVE-2022-4415.html * https://www.suse.com/security/cve/CVE-2023-26604.html * https://bugzilla.suse.com/show_bug.cgi?id=1191502 * https://bugzilla.suse.com/show_bug.cgi?id=1195529 * https://bugzilla.suse.com/show_bug.cgi?id=1197244 * https://bugzilla.suse.com/show_bug.cgi?id=1198507 * https://bugzilla.suse.com/show_bug.cgi?id=1204423 * https://bugzilla.suse.com/show_bug.cgi?id=1204968 * https://bugzilla.suse.com/show_bug.cgi?id=1205000 * https://bugzilla.suse.com/show_bug.cgi?id=1206985 * https://bugzilla.suse.com/show_bug.cgi?id=1208958 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Apr 6 07:06:14 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 6 Apr 2023 09:06:14 +0200 (CEST) Subject: SUSE-CU-2023:963-1: Security update of suse/sles12sp4 Message-ID: <20230406070614.1283CF36E@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp4 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:963-1 Container Tags : suse/sles12sp4:26.584 , suse/sles12sp4:latest Container Release : 26.584 Severity : important Type : security References : 1191502 1195529 1197244 1198507 1204423 1204968 1205000 1206985 1208958 CVE-2022-3821 CVE-2022-4415 CVE-2023-26604 ----------------------------------------------------------------- The container suse/sles12sp4 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1776-1 Released: Wed Apr 5 15:20:19 2023 Summary: Security update for systemd Type: security Severity: important References: 1191502,1195529,1197244,1198507,1204423,1204968,1205000,1206985,1208958,CVE-2022-3821,CVE-2022-4415,CVE-2023-26604 This update for systemd fixes the following issues: - CVE-2023-26604: Fixed a privilege escalation via the less pager. (bsc#1208958) - CVE-2022-4415: Fixed systemd-coredump that did not respect the fs.suid_dumpable kernel setting (bsc#1205000). - CVE-2022-3821: Fixed buffer overrun in format_timespan() function (bsc#1204968). Bug fixes: - Restrict cpu rule to x86_64, and also update the rule files to make use of the 'CONST{arch}' syntax (bsc#1204423). - Fixed 'systemd --user' call pam_loginuid when creating user at .service (bsc#1198507). - Fixed 'systemd-detect-virt' refine hypervisor detection (bsc#1197244). - Fixed 'udev' 60-persistent-storage-tape.rules: handle duplicate device ID (bsc#1195529). - Fixed 'man' tweak description of auto/noauto (bsc#1191502). The following package changes have been done: - base-container-licenses-3.0-1.342 updated - container-suseconnect-2.0.0-1.225 updated - libsystemd0-228-150.108.2 updated - libudev1-228-150.108.2 updated From sle-updates at lists.suse.com Thu Apr 6 07:08:51 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 6 Apr 2023 09:08:51 +0200 (CEST) Subject: SUSE-CU-2023:964-1: Security update of suse/sle15 Message-ID: <20230406070851.C02FAF36E@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:964-1 Container Tags : suse/sle15:15.1 , suse/sle15:15.1.6.2.751 Container Release : 6.2.751 Severity : moderate Type : security References : 1209624 CVE-2023-0464 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1748-1 Released: Tue Apr 4 09:06:59 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1209624,CVE-2023-0464 This update for openssl-1_1 fixes the following issues: - CVE-2023-0464: Fixed excessive Resource Usage Verifying X.509 Policy Constraints (bsc#1209624). The following package changes have been done: - libopenssl1_1-1.1.0i-150100.14.45.1 updated - openssl-1_1-1.1.0i-150100.14.45.1 updated From sle-updates at lists.suse.com Thu Apr 6 07:09:37 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 6 Apr 2023 09:09:37 +0200 (CEST) Subject: SUSE-CU-2023:965-1: Security update of suse/389-ds Message-ID: <20230406070937.40AB0F36E@maintenance.suse.de> SUSE Container Update Advisory: suse/389-ds ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:965-1 Container Tags : suse/389-ds:2.0 , suse/389-ds:2.0-20.25 , suse/389-ds:latest Container Release : 20.25 Severity : moderate Type : security References : 1209624 CVE-2023-0464 ----------------------------------------------------------------- The container suse/389-ds was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1745-1 Released: Tue Apr 4 09:05:23 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1209624,CVE-2023-0464 This update for openssl-1_1 fixes the following issues: - CVE-2023-0464: Fixed excessive Resource Usage Verifying X.509 Policy Constraints (bsc#1209624). The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.31.2 updated - libopenssl1_1-hmac-1.1.1l-150400.7.31.2 updated - openssl-1_1-1.1.1l-150400.7.31.2 updated - container:sles15-image-15.0.0-27.14.48 updated From sle-updates at lists.suse.com Thu Apr 6 07:10:21 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 6 Apr 2023 09:10:21 +0200 (CEST) Subject: SUSE-CU-2023:966-1: Security update of bci/dotnet-aspnet Message-ID: <20230406071021.704BFF36E@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:966-1 Container Tags : bci/dotnet-aspnet:6.0 , bci/dotnet-aspnet:6.0-30.14 , bci/dotnet-aspnet:6.0.15 , bci/dotnet-aspnet:6.0.15-30.14 Container Release : 30.14 Severity : moderate Type : security References : 1209624 CVE-2023-0464 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1745-1 Released: Tue Apr 4 09:05:23 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1209624,CVE-2023-0464 This update for openssl-1_1 fixes the following issues: - CVE-2023-0464: Fixed excessive Resource Usage Verifying X.509 Policy Constraints (bsc#1209624). The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.31.2 updated - libopenssl1_1-hmac-1.1.1l-150400.7.31.2 updated From sle-updates at lists.suse.com Thu Apr 6 07:10:27 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 6 Apr 2023 09:10:27 +0200 (CEST) Subject: SUSE-CU-2023:967-1: Security update of bci/dotnet-aspnet Message-ID: <20230406071027.95047F36E@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:967-1 Container Tags : bci/dotnet-aspnet:7.0 , bci/dotnet-aspnet:7.0-10.14 , bci/dotnet-aspnet:7.0.4 , bci/dotnet-aspnet:7.0.4-10.14 , bci/dotnet-aspnet:latest Container Release : 10.14 Severity : moderate Type : security References : 1209624 CVE-2023-0464 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1745-1 Released: Tue Apr 4 09:05:23 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1209624,CVE-2023-0464 This update for openssl-1_1 fixes the following issues: - CVE-2023-0464: Fixed excessive Resource Usage Verifying X.509 Policy Constraints (bsc#1209624). The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.31.2 updated - libopenssl1_1-hmac-1.1.1l-150400.7.31.2 updated From sle-updates at lists.suse.com Thu Apr 6 07:11:18 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 6 Apr 2023 09:11:18 +0200 (CEST) Subject: SUSE-CU-2023:968-1: Security update of bci/dotnet-sdk Message-ID: <20230406071118.E5802F36E@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:968-1 Container Tags : bci/dotnet-sdk:6.0 , bci/dotnet-sdk:6.0-32.17 , bci/dotnet-sdk:6.0.15 , bci/dotnet-sdk:6.0.15-32.17 Container Release : 32.17 Severity : moderate Type : security References : 1209624 CVE-2023-0464 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1745-1 Released: Tue Apr 4 09:05:23 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1209624,CVE-2023-0464 This update for openssl-1_1 fixes the following issues: - CVE-2023-0464: Fixed excessive Resource Usage Verifying X.509 Policy Constraints (bsc#1209624). The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.31.2 updated - libopenssl1_1-hmac-1.1.1l-150400.7.31.2 updated From sle-updates at lists.suse.com Thu Apr 6 07:11:26 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 6 Apr 2023 09:11:26 +0200 (CEST) Subject: SUSE-CU-2023:969-1: Security update of bci/dotnet-sdk Message-ID: <20230406071126.C3909F36E@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:969-1 Container Tags : bci/dotnet-sdk:7.0 , bci/dotnet-sdk:7.0-10.17 , bci/dotnet-sdk:7.0.4 , bci/dotnet-sdk:7.0.4-10.17 , bci/dotnet-sdk:latest Container Release : 10.17 Severity : moderate Type : security References : 1209624 CVE-2023-0464 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1745-1 Released: Tue Apr 4 09:05:23 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1209624,CVE-2023-0464 This update for openssl-1_1 fixes the following issues: - CVE-2023-0464: Fixed excessive Resource Usage Verifying X.509 Policy Constraints (bsc#1209624). The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.31.2 updated - libopenssl1_1-hmac-1.1.1l-150400.7.31.2 updated From sle-updates at lists.suse.com Thu Apr 6 07:12:09 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 6 Apr 2023 09:12:09 +0200 (CEST) Subject: SUSE-CU-2023:970-1: Security update of bci/dotnet-runtime Message-ID: <20230406071209.42293F36E@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:970-1 Container Tags : bci/dotnet-runtime:6.0 , bci/dotnet-runtime:6.0-29.16 , bci/dotnet-runtime:6.0.15 , bci/dotnet-runtime:6.0.15-29.16 Container Release : 29.16 Severity : moderate Type : security References : 1209624 CVE-2023-0464 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1745-1 Released: Tue Apr 4 09:05:23 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1209624,CVE-2023-0464 This update for openssl-1_1 fixes the following issues: - CVE-2023-0464: Fixed excessive Resource Usage Verifying X.509 Policy Constraints (bsc#1209624). The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.31.2 updated - libopenssl1_1-hmac-1.1.1l-150400.7.31.2 updated From sle-updates at lists.suse.com Thu Apr 6 07:12:14 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 6 Apr 2023 09:12:14 +0200 (CEST) Subject: SUSE-CU-2023:971-1: Security update of bci/dotnet-runtime Message-ID: <20230406071214.D2BABF36E@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:971-1 Container Tags : bci/dotnet-runtime:7.0 , bci/dotnet-runtime:7.0-10.16 , bci/dotnet-runtime:7.0.4 , bci/dotnet-runtime:7.0.4-10.16 , bci/dotnet-runtime:latest Container Release : 10.16 Severity : moderate Type : security References : 1209624 CVE-2023-0464 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1745-1 Released: Tue Apr 4 09:05:23 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1209624,CVE-2023-0464 This update for openssl-1_1 fixes the following issues: - CVE-2023-0464: Fixed excessive Resource Usage Verifying X.509 Policy Constraints (bsc#1209624). The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.31.2 updated - libopenssl1_1-hmac-1.1.1l-150400.7.31.2 updated From sle-updates at lists.suse.com Thu Apr 6 07:12:44 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 6 Apr 2023 09:12:44 +0200 (CEST) Subject: SUSE-CU-2023:972-1: Security update of bci/golang Message-ID: <20230406071244.6FD8BF36E@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:972-1 Container Tags : bci/golang:1.19 , bci/golang:1.19-22.19 Container Release : 22.19 Severity : moderate Type : security References : 1209624 CVE-2023-0464 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1745-1 Released: Tue Apr 4 09:05:23 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1209624,CVE-2023-0464 This update for openssl-1_1 fixes the following issues: - CVE-2023-0464: Fixed excessive Resource Usage Verifying X.509 Policy Constraints (bsc#1209624). The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.31.2 updated - libopenssl1_1-hmac-1.1.1l-150400.7.31.2 updated From sle-updates at lists.suse.com Thu Apr 6 07:12:48 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 6 Apr 2023 09:12:48 +0200 (CEST) Subject: SUSE-CU-2023:973-1: Security update of bci/golang Message-ID: <20230406071248.5F950F36E@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:973-1 Container Tags : bci/golang:1.20 , bci/golang:1.20-2.18 , bci/golang:latest Container Release : 2.18 Severity : moderate Type : security References : 1209624 CVE-2023-0464 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1745-1 Released: Tue Apr 4 09:05:23 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1209624,CVE-2023-0464 This update for openssl-1_1 fixes the following issues: - CVE-2023-0464: Fixed excessive Resource Usage Verifying X.509 Policy Constraints (bsc#1209624). The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.31.2 updated - libopenssl1_1-hmac-1.1.1l-150400.7.31.2 updated From sle-updates at lists.suse.com Thu Apr 6 07:13:29 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 6 Apr 2023 09:13:29 +0200 (CEST) Subject: SUSE-CU-2023:974-1: Security update of bci/bci-init Message-ID: <20230406071329.7AA73F36E@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:974-1 Container Tags : bci/bci-init:15.4 , bci/bci-init:15.4.26.24 , bci/bci-init:latest Container Release : 26.24 Severity : moderate Type : security References : 1209624 CVE-2023-0464 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1745-1 Released: Tue Apr 4 09:05:23 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1209624,CVE-2023-0464 This update for openssl-1_1 fixes the following issues: - CVE-2023-0464: Fixed excessive Resource Usage Verifying X.509 Policy Constraints (bsc#1209624). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1753-1 Released: Tue Apr 4 11:55:00 2023 Summary: Recommended update for systemd-presets-common-SUSE Type: recommended Severity: moderate References: This update for systemd-presets-common-SUSE fixes the following issue: - Enable systemd-pstore.service by default (jsc#PED-2663) The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.31.2 updated - libopenssl1_1-hmac-1.1.1l-150400.7.31.2 updated - systemd-presets-common-SUSE-15-150100.8.20.1 updated - container:sles15-image-15.0.0-27.14.48 updated From sle-updates at lists.suse.com Thu Apr 6 07:14:09 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 6 Apr 2023 09:14:09 +0200 (CEST) Subject: SUSE-CU-2023:975-1: Security update of bci/nodejs Message-ID: <20230406071409.C6F90F36E@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:975-1 Container Tags : bci/node:14 , bci/node:14-37.23 , bci/nodejs:14 , bci/nodejs:14-37.23 Container Release : 37.23 Severity : moderate Type : security References : 1209624 CVE-2023-0464 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1745-1 Released: Tue Apr 4 09:05:23 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1209624,CVE-2023-0464 This update for openssl-1_1 fixes the following issues: - CVE-2023-0464: Fixed excessive Resource Usage Verifying X.509 Policy Constraints (bsc#1209624). The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.31.2 updated - libopenssl1_1-hmac-1.1.1l-150400.7.31.2 updated From sle-updates at lists.suse.com Thu Apr 6 07:14:42 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 6 Apr 2023 09:14:42 +0200 (CEST) Subject: SUSE-CU-2023:976-1: Security update of bci/nodejs Message-ID: <20230406071442.6F54EF36E@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:976-1 Container Tags : bci/node:16 , bci/node:16-15.22 , bci/nodejs:16 , bci/nodejs:16-15.22 Container Release : 15.22 Severity : moderate Type : security References : 1209624 CVE-2023-0464 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1745-1 Released: Tue Apr 4 09:05:23 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1209624,CVE-2023-0464 This update for openssl-1_1 fixes the following issues: - CVE-2023-0464: Fixed excessive Resource Usage Verifying X.509 Policy Constraints (bsc#1209624). The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.31.2 updated - libopenssl1_1-hmac-1.1.1l-150400.7.31.2 updated From sle-updates at lists.suse.com Thu Apr 6 07:14:49 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 6 Apr 2023 09:14:49 +0200 (CEST) Subject: SUSE-CU-2023:977-1: Security update of bci/nodejs Message-ID: <20230406071449.21FB6F36E@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:977-1 Container Tags : bci/node:18 , bci/node:18-3.21 , bci/node:latest , bci/nodejs:18 , bci/nodejs:18-3.21 , bci/nodejs:latest Container Release : 3.21 Severity : moderate Type : security References : 1209624 CVE-2023-0464 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1745-1 Released: Tue Apr 4 09:05:23 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1209624,CVE-2023-0464 This update for openssl-1_1 fixes the following issues: - CVE-2023-0464: Fixed excessive Resource Usage Verifying X.509 Policy Constraints (bsc#1209624). The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.31.2 updated - libopenssl1_1-hmac-1.1.1l-150400.7.31.2 updated From sle-updates at lists.suse.com Thu Apr 6 07:15:39 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 6 Apr 2023 09:15:39 +0200 (CEST) Subject: SUSE-CU-2023:978-1: Security update of bci/openjdk-devel Message-ID: <20230406071539.99B80F36E@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:978-1 Container Tags : bci/openjdk-devel:11 , bci/openjdk-devel:11-39.41 Container Release : 39.41 Severity : moderate Type : security References : 1209624 CVE-2023-0464 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1745-1 Released: Tue Apr 4 09:05:23 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1209624,CVE-2023-0464 This update for openssl-1_1 fixes the following issues: - CVE-2023-0464: Fixed excessive Resource Usage Verifying X.509 Policy Constraints (bsc#1209624). The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.31.2 updated - libopenssl1_1-hmac-1.1.1l-150400.7.31.2 updated - openssl-1_1-1.1.1l-150400.7.31.2 updated - container:bci-openjdk-11-15.4.11-35.21 updated From sle-updates at lists.suse.com Thu Apr 6 07:16:21 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 6 Apr 2023 09:16:21 +0200 (CEST) Subject: SUSE-CU-2023:979-1: Security update of bci/openjdk Message-ID: <20230406071621.8C232F36E@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:979-1 Container Tags : bci/openjdk:11 , bci/openjdk:11-35.21 Container Release : 35.21 Severity : moderate Type : security References : 1209624 CVE-2023-0464 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1745-1 Released: Tue Apr 4 09:05:23 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1209624,CVE-2023-0464 This update for openssl-1_1 fixes the following issues: - CVE-2023-0464: Fixed excessive Resource Usage Verifying X.509 Policy Constraints (bsc#1209624). The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.31.2 updated - libopenssl1_1-hmac-1.1.1l-150400.7.31.2 updated - openssl-1_1-1.1.1l-150400.7.31.2 updated From sle-updates at lists.suse.com Thu Apr 6 07:16:43 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 6 Apr 2023 09:16:43 +0200 (CEST) Subject: SUSE-CU-2023:980-1: Security update of bci/openjdk-devel Message-ID: <20230406071643.3E060F36E@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:980-1 Container Tags : bci/openjdk-devel:17 , bci/openjdk-devel:17-14.43 , bci/openjdk-devel:latest Container Release : 14.43 Severity : moderate Type : security References : 1209624 CVE-2023-0464 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1745-1 Released: Tue Apr 4 09:05:23 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1209624,CVE-2023-0464 This update for openssl-1_1 fixes the following issues: - CVE-2023-0464: Fixed excessive Resource Usage Verifying X.509 Policy Constraints (bsc#1209624). The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.31.2 updated - libopenssl1_1-hmac-1.1.1l-150400.7.31.2 updated - openssl-1_1-1.1.1l-150400.7.31.2 updated - container:bci-openjdk-17-15.4.17-13.22 updated From sle-updates at lists.suse.com Thu Apr 6 07:17:00 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 6 Apr 2023 09:17:00 +0200 (CEST) Subject: SUSE-CU-2023:981-1: Security update of bci/openjdk Message-ID: <20230406071700.20A09F36E@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:981-1 Container Tags : bci/openjdk:17 , bci/openjdk:17-13.22 , bci/openjdk:latest Container Release : 13.22 Severity : moderate Type : security References : 1209624 CVE-2023-0464 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1745-1 Released: Tue Apr 4 09:05:23 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1209624,CVE-2023-0464 This update for openssl-1_1 fixes the following issues: - CVE-2023-0464: Fixed excessive Resource Usage Verifying X.509 Policy Constraints (bsc#1209624). The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.31.2 updated - libopenssl1_1-hmac-1.1.1l-150400.7.31.2 updated - openssl-1_1-1.1.1l-150400.7.31.2 updated From sle-updates at lists.suse.com Thu Apr 6 07:17:02 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 6 Apr 2023 09:17:02 +0200 (CEST) Subject: SUSE-CU-2023:982-1: Security update of bci/php-apache Message-ID: <20230406071702.7E044F36E@maintenance.suse.de> SUSE Container Update Advisory: bci/php-apache ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:982-1 Container Tags : bci/php-apache:8 , bci/php-apache:8-2.20 Container Release : 2.20 Severity : moderate Type : security References : 1209624 CVE-2023-0464 ----------------------------------------------------------------- The container bci/php-apache was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1745-1 Released: Tue Apr 4 09:05:23 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1209624,CVE-2023-0464 This update for openssl-1_1 fixes the following issues: - CVE-2023-0464: Fixed excessive Resource Usage Verifying X.509 Policy Constraints (bsc#1209624). The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.31.2 updated - libopenssl1_1-hmac-1.1.1l-150400.7.31.2 updated From sle-updates at lists.suse.com Thu Apr 6 07:17:04 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 6 Apr 2023 09:17:04 +0200 (CEST) Subject: SUSE-CU-2023:983-1: Security update of bci/php-fpm Message-ID: <20230406071704.B493CF36E@maintenance.suse.de> SUSE Container Update Advisory: bci/php-fpm ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:983-1 Container Tags : bci/php-fpm:8 , bci/php-fpm:8-2.19 Container Release : 2.19 Severity : moderate Type : security References : 1209624 CVE-2023-0464 ----------------------------------------------------------------- The container bci/php-fpm was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1745-1 Released: Tue Apr 4 09:05:23 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1209624,CVE-2023-0464 This update for openssl-1_1 fixes the following issues: - CVE-2023-0464: Fixed excessive Resource Usage Verifying X.509 Policy Constraints (bsc#1209624). The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.31.2 updated - libopenssl1_1-hmac-1.1.1l-150400.7.31.2 updated From sle-updates at lists.suse.com Thu Apr 6 08:28:43 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 6 Apr 2023 10:28:43 +0200 (CEST) Subject: SUSE-CU-2023:984-1: Security update of suse/registry Message-ID: <20230406082843.D0392F36E@maintenance.suse.de> SUSE Container Update Advisory: suse/registry ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:984-1 Container Tags : suse/registry:2.8 , suse/registry:2.8-6.14 , suse/registry:latest Container Release : 6.14 Severity : moderate Type : security References : 1209624 CVE-2023-0464 ----------------------------------------------------------------- The container suse/registry was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1745-1 Released: Tue Apr 4 09:05:23 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1209624,CVE-2023-0464 This update for openssl-1_1 fixes the following issues: - CVE-2023-0464: Fixed excessive Resource Usage Verifying X.509 Policy Constraints (bsc#1209624). The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.31.2 updated - openssl-1_1-1.1.1l-150400.7.31.2 updated From sle-updates at lists.suse.com Thu Apr 6 08:28:46 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 6 Apr 2023 10:28:46 +0200 (CEST) Subject: SUSE-CU-2023:983-1: Security update of bci/php-fpm Message-ID: <20230406082846.1CAF7F36E@maintenance.suse.de> SUSE Container Update Advisory: bci/php-fpm ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:983-1 Container Tags : bci/php-fpm:8 , bci/php-fpm:8-2.19 Container Release : 2.19 Severity : moderate Type : security References : 1209624 CVE-2023-0464 ----------------------------------------------------------------- The container bci/php-fpm was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1745-1 Released: Tue Apr 4 09:05:23 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1209624,CVE-2023-0464 This update for openssl-1_1 fixes the following issues: - CVE-2023-0464: Fixed excessive Resource Usage Verifying X.509 Policy Constraints (bsc#1209624). The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.31.2 updated - libopenssl1_1-hmac-1.1.1l-150400.7.31.2 updated From sle-updates at lists.suse.com Thu Apr 6 08:28:48 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 6 Apr 2023 10:28:48 +0200 (CEST) Subject: SUSE-CU-2023:985-1: Security update of bci/php Message-ID: <20230406082848.D2777F36E@maintenance.suse.de> SUSE Container Update Advisory: bci/php ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:985-1 Container Tags : bci/php:8 , bci/php:8-2.19 Container Release : 2.19 Severity : moderate Type : security References : 1209624 CVE-2023-0464 ----------------------------------------------------------------- The container bci/php was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1745-1 Released: Tue Apr 4 09:05:23 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1209624,CVE-2023-0464 This update for openssl-1_1 fixes the following issues: - CVE-2023-0464: Fixed excessive Resource Usage Verifying X.509 Policy Constraints (bsc#1209624). The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.31.2 updated - libopenssl1_1-hmac-1.1.1l-150400.7.31.2 updated From sle-updates at lists.suse.com Thu Apr 6 08:29:23 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 6 Apr 2023 10:29:23 +0200 (CEST) Subject: SUSE-CU-2023:986-1: Security update of bci/python Message-ID: <20230406082923.C7925F36E@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:986-1 Container Tags : bci/python:3 , bci/python:3-12.19 , bci/python:3.10 , bci/python:3.10-12.19 , bci/python:latest Container Release : 12.19 Severity : moderate Type : security References : 1209624 CVE-2023-0464 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1745-1 Released: Tue Apr 4 09:05:23 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1209624,CVE-2023-0464 This update for openssl-1_1 fixes the following issues: - CVE-2023-0464: Fixed excessive Resource Usage Verifying X.509 Policy Constraints (bsc#1209624). The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.31.2 updated - libopenssl1_1-hmac-1.1.1l-150400.7.31.2 updated - openssl-1_1-1.1.1l-150400.7.31.2 updated From sle-updates at lists.suse.com Thu Apr 6 08:30:01 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 6 Apr 2023 10:30:01 +0200 (CEST) Subject: SUSE-CU-2023:987-1: Security update of bci/python Message-ID: <20230406083001.14921F36E@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:987-1 Container Tags : bci/python:3 , bci/python:3-35.20 , bci/python:3.6 , bci/python:3.6-35.20 Container Release : 35.20 Severity : moderate Type : security References : 1209624 CVE-2023-0464 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1745-1 Released: Tue Apr 4 09:05:23 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1209624,CVE-2023-0464 This update for openssl-1_1 fixes the following issues: - CVE-2023-0464: Fixed excessive Resource Usage Verifying X.509 Policy Constraints (bsc#1209624). The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.31.2 updated - libopenssl1_1-hmac-1.1.1l-150400.7.31.2 updated - openssl-1_1-1.1.1l-150400.7.31.2 updated From sle-updates at lists.suse.com Thu Apr 6 08:30:02 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 06 Apr 2023 08:30:02 -0000 Subject: SUSE-RU-2023:1785-1: moderate: Recommended update for yast2-installation Message-ID: <168076980259.13947.9840954616424253945@smelt2.suse.de> # Recommended update for yast2-installation Announcement ID: SUSE-RU-2023:1785-1 Rating: moderate References: * #1191160 Affected Products: * SUSE Enterprise Storage 7 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 An update that has one recommended fix can now be installed. ## Description: This update for yast2-installation fixes the following issues: * Fix file copying when using relurl:// and file:// naming schemes (bsc#1191160) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 15 SP2 zypper in -t patch SUSE-SLE-INSTALLER-15-SP2-2023-1785=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-1785=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-1785=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-1785=1 * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-1785=1 ## Package List: * SUSE Linux Enterprise Server 15 SP2 (noarch) * yast2-installation-4.2.55-150200.3.37.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * yast2-installation-4.2.55-150200.3.37.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch) * yast2-installation-4.2.55-150200.3.37.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch) * yast2-installation-4.2.55-150200.3.37.1 * SUSE Enterprise Storage 7 (noarch) * yast2-installation-4.2.55-150200.3.37.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1191160 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Apr 6 08:30:04 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 06 Apr 2023 08:30:04 -0000 Subject: SUSE-RU-2023:1784-1: moderate: Recommended update for python-parallax Message-ID: <168076980469.13947.13994094795574486408@smelt2.suse.de> # Recommended update for python-parallax Announcement ID: SUSE-RU-2023:1784-1 Rating: moderate References: * #1208817 Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise High Availability Extension 15 SP2 * SUSE Linux Enterprise High Availability Extension 15 SP3 * SUSE Linux Enterprise High Availability Extension 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 Business Critical Linux 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 Business Critical Linux 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.1 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.1 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.1 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 An update that has one recommended fix can now be installed. ## Description: This update for python-parallax fixes the following issues: * Fix command failure when thread is started more than once (bsc#1208817) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-1784=1 * SUSE Linux Enterprise High Availability Extension 15 SP2 zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2023-1784=1 * SUSE Linux Enterprise High Availability Extension 15 SP3 zypper in -t patch SUSE-SLE-Product-HA-15-SP3-2023-1784=1 * SUSE Linux Enterprise High Availability Extension 15 SP4 zypper in -t patch SUSE-SLE-Product-HA-15-SP4-2023-1784=1 ## Package List: * openSUSE Leap 15.4 (noarch) * python3-parallax-1.0.8-150200.4.12.1 * SUSE Linux Enterprise High Availability Extension 15 SP2 (noarch) * python3-parallax-1.0.8-150200.4.12.1 * SUSE Linux Enterprise High Availability Extension 15 SP3 (noarch) * python3-parallax-1.0.8-150200.4.12.1 * SUSE Linux Enterprise High Availability Extension 15 SP4 (noarch) * python3-parallax-1.0.8-150200.4.12.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1208817 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Apr 6 08:30:07 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 06 Apr 2023 08:30:07 -0000 Subject: SUSE-RU-2023:1783-1: important: Recommended update for python3 Message-ID: <168076980733.13947.16483555781321163179@smelt2.suse.de> # Recommended update for python3 Announcement ID: SUSE-RU-2023:1783-1 Rating: important References: * #1203355 Affected Products: * SUSE CaaS Platform 4.0 * SUSE Enterprise Storage 7 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 An update that has one recommended fix can now be installed. ## Description: This update for python3 fixes the following issues: * Fix unnecessary and dangerous calls to PyThread_exit_thread() (bsc#1203355) ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-1783=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-1783=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-1783=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-1783=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-1783=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-1783=1 * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-1783=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-1783=1 ## Package List: * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * libpython3_6m1_0-debuginfo-3.6.15-150000.3.127.1 * python3-devel-debuginfo-3.6.15-150000.3.127.1 * python3-3.6.15-150000.3.127.1 * python3-tk-3.6.15-150000.3.127.1 * python3-debugsource-3.6.15-150000.3.127.1 * python3-tk-debuginfo-3.6.15-150000.3.127.1 * python3-curses-3.6.15-150000.3.127.1 * python3-devel-3.6.15-150000.3.127.1 * python3-base-3.6.15-150000.3.127.1 * python3-base-debuginfo-3.6.15-150000.3.127.1 * python3-idle-3.6.15-150000.3.127.1 * python3-testsuite-3.6.15-150000.3.127.1 * python3-dbm-debuginfo-3.6.15-150000.3.127.1 * python3-curses-debuginfo-3.6.15-150000.3.127.1 * python3-dbm-3.6.15-150000.3.127.1 * libpython3_6m1_0-3.6.15-150000.3.127.1 * python3-core-debugsource-3.6.15-150000.3.127.1 * python3-debuginfo-3.6.15-150000.3.127.1 * python3-tools-3.6.15-150000.3.127.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * libpython3_6m1_0-debuginfo-3.6.15-150000.3.127.1 * python3-devel-debuginfo-3.6.15-150000.3.127.1 * python3-3.6.15-150000.3.127.1 * python3-tk-3.6.15-150000.3.127.1 * python3-debugsource-3.6.15-150000.3.127.1 * python3-tk-debuginfo-3.6.15-150000.3.127.1 * python3-curses-3.6.15-150000.3.127.1 * python3-devel-3.6.15-150000.3.127.1 * python3-base-3.6.15-150000.3.127.1 * python3-base-debuginfo-3.6.15-150000.3.127.1 * python3-idle-3.6.15-150000.3.127.1 * python3-dbm-debuginfo-3.6.15-150000.3.127.1 * python3-curses-debuginfo-3.6.15-150000.3.127.1 * python3-dbm-3.6.15-150000.3.127.1 * libpython3_6m1_0-3.6.15-150000.3.127.1 * python3-core-debugsource-3.6.15-150000.3.127.1 * python3-debuginfo-3.6.15-150000.3.127.1 * python3-tools-3.6.15-150000.3.127.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * libpython3_6m1_0-debuginfo-3.6.15-150000.3.127.1 * python3-devel-debuginfo-3.6.15-150000.3.127.1 * python3-3.6.15-150000.3.127.1 * python3-tk-3.6.15-150000.3.127.1 * python3-debugsource-3.6.15-150000.3.127.1 * python3-tk-debuginfo-3.6.15-150000.3.127.1 * python3-curses-3.6.15-150000.3.127.1 * python3-devel-3.6.15-150000.3.127.1 * python3-base-3.6.15-150000.3.127.1 * python3-base-debuginfo-3.6.15-150000.3.127.1 * python3-idle-3.6.15-150000.3.127.1 * python3-testsuite-3.6.15-150000.3.127.1 * python3-dbm-debuginfo-3.6.15-150000.3.127.1 * python3-curses-debuginfo-3.6.15-150000.3.127.1 * python3-dbm-3.6.15-150000.3.127.1 * libpython3_6m1_0-3.6.15-150000.3.127.1 * python3-core-debugsource-3.6.15-150000.3.127.1 * python3-debuginfo-3.6.15-150000.3.127.1 * python3-tools-3.6.15-150000.3.127.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * libpython3_6m1_0-debuginfo-3.6.15-150000.3.127.1 * python3-devel-debuginfo-3.6.15-150000.3.127.1 * python3-3.6.15-150000.3.127.1 * python3-tk-3.6.15-150000.3.127.1 * python3-debugsource-3.6.15-150000.3.127.1 * python3-tk-debuginfo-3.6.15-150000.3.127.1 * python3-curses-3.6.15-150000.3.127.1 * python3-devel-3.6.15-150000.3.127.1 * python3-base-3.6.15-150000.3.127.1 * python3-base-debuginfo-3.6.15-150000.3.127.1 * python3-idle-3.6.15-150000.3.127.1 * python3-dbm-debuginfo-3.6.15-150000.3.127.1 * python3-curses-debuginfo-3.6.15-150000.3.127.1 * python3-dbm-3.6.15-150000.3.127.1 * libpython3_6m1_0-3.6.15-150000.3.127.1 * python3-core-debugsource-3.6.15-150000.3.127.1 * python3-debuginfo-3.6.15-150000.3.127.1 * python3-tools-3.6.15-150000.3.127.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * libpython3_6m1_0-debuginfo-3.6.15-150000.3.127.1 * python3-devel-debuginfo-3.6.15-150000.3.127.1 * python3-3.6.15-150000.3.127.1 * python3-tk-3.6.15-150000.3.127.1 * python3-debugsource-3.6.15-150000.3.127.1 * python3-tk-debuginfo-3.6.15-150000.3.127.1 * python3-curses-3.6.15-150000.3.127.1 * python3-devel-3.6.15-150000.3.127.1 * python3-base-3.6.15-150000.3.127.1 * python3-base-debuginfo-3.6.15-150000.3.127.1 * python3-idle-3.6.15-150000.3.127.1 * python3-testsuite-3.6.15-150000.3.127.1 * python3-dbm-debuginfo-3.6.15-150000.3.127.1 * python3-curses-debuginfo-3.6.15-150000.3.127.1 * python3-dbm-3.6.15-150000.3.127.1 * libpython3_6m1_0-3.6.15-150000.3.127.1 * python3-core-debugsource-3.6.15-150000.3.127.1 * python3-debuginfo-3.6.15-150000.3.127.1 * python3-tools-3.6.15-150000.3.127.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * libpython3_6m1_0-debuginfo-3.6.15-150000.3.127.1 * python3-devel-debuginfo-3.6.15-150000.3.127.1 * python3-3.6.15-150000.3.127.1 * python3-tk-3.6.15-150000.3.127.1 * python3-debugsource-3.6.15-150000.3.127.1 * python3-tk-debuginfo-3.6.15-150000.3.127.1 * python3-curses-3.6.15-150000.3.127.1 * python3-devel-3.6.15-150000.3.127.1 * python3-base-3.6.15-150000.3.127.1 * python3-base-debuginfo-3.6.15-150000.3.127.1 * python3-idle-3.6.15-150000.3.127.1 * python3-dbm-debuginfo-3.6.15-150000.3.127.1 * python3-curses-debuginfo-3.6.15-150000.3.127.1 * python3-dbm-3.6.15-150000.3.127.1 * libpython3_6m1_0-3.6.15-150000.3.127.1 * python3-core-debugsource-3.6.15-150000.3.127.1 * python3-debuginfo-3.6.15-150000.3.127.1 * python3-tools-3.6.15-150000.3.127.1 * SUSE Enterprise Storage 7 (aarch64 x86_64) * libpython3_6m1_0-debuginfo-3.6.15-150000.3.127.1 * python3-devel-debuginfo-3.6.15-150000.3.127.1 * python3-3.6.15-150000.3.127.1 * python3-tk-3.6.15-150000.3.127.1 * python3-debugsource-3.6.15-150000.3.127.1 * python3-tk-debuginfo-3.6.15-150000.3.127.1 * python3-curses-3.6.15-150000.3.127.1 * python3-devel-3.6.15-150000.3.127.1 * python3-base-3.6.15-150000.3.127.1 * python3-base-debuginfo-3.6.15-150000.3.127.1 * python3-idle-3.6.15-150000.3.127.1 * python3-dbm-debuginfo-3.6.15-150000.3.127.1 * python3-curses-debuginfo-3.6.15-150000.3.127.1 * python3-dbm-3.6.15-150000.3.127.1 * libpython3_6m1_0-3.6.15-150000.3.127.1 * python3-core-debugsource-3.6.15-150000.3.127.1 * python3-debuginfo-3.6.15-150000.3.127.1 * python3-tools-3.6.15-150000.3.127.1 * SUSE CaaS Platform 4.0 (x86_64) * libpython3_6m1_0-debuginfo-3.6.15-150000.3.127.1 * python3-devel-debuginfo-3.6.15-150000.3.127.1 * python3-3.6.15-150000.3.127.1 * python3-tk-3.6.15-150000.3.127.1 * python3-debugsource-3.6.15-150000.3.127.1 * python3-tk-debuginfo-3.6.15-150000.3.127.1 * python3-curses-3.6.15-150000.3.127.1 * python3-devel-3.6.15-150000.3.127.1 * python3-base-3.6.15-150000.3.127.1 * python3-base-debuginfo-3.6.15-150000.3.127.1 * python3-idle-3.6.15-150000.3.127.1 * python3-testsuite-3.6.15-150000.3.127.1 * python3-dbm-debuginfo-3.6.15-150000.3.127.1 * python3-curses-debuginfo-3.6.15-150000.3.127.1 * python3-dbm-3.6.15-150000.3.127.1 * libpython3_6m1_0-3.6.15-150000.3.127.1 * python3-core-debugsource-3.6.15-150000.3.127.1 * python3-debuginfo-3.6.15-150000.3.127.1 * python3-tools-3.6.15-150000.3.127.1 * SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64) * libpython3_6m1_0-debuginfo-3.6.15-150000.3.127.1 * python3-3.6.15-150000.3.127.1 * python3-debugsource-3.6.15-150000.3.127.1 * python3-base-3.6.15-150000.3.127.1 * python3-base-debuginfo-3.6.15-150000.3.127.1 * libpython3_6m1_0-3.6.15-150000.3.127.1 * python3-core-debugsource-3.6.15-150000.3.127.1 * python3-debuginfo-3.6.15-150000.3.127.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1203355 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Apr 6 08:30:09 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 06 Apr 2023 08:30:09 -0000 Subject: SUSE-RU-2023:1782-1: important: Recommended update for python3 Message-ID: <168076980998.13947.15797911502856658984@smelt2.suse.de> # Recommended update for python3 Announcement ID: SUSE-RU-2023:1782-1 Rating: important References: * #1203355 Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP2 * SUSE Linux Enterprise High Performance Computing 12 SP3 * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 * SUSE Linux Enterprise Server 12 SP1 * SUSE Linux Enterprise Server 12 SP2 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 * SUSE Linux Enterprise Server 12 SP3 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 * SUSE Linux Enterprise Server for SAP Applications 12 SP1 * SUSE Linux Enterprise Server for SAP Applications 12 SP2 * SUSE Linux Enterprise Server for SAP Applications 12 SP3 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 * SUSE OpenStack Cloud 9 * SUSE OpenStack Cloud Crowbar 9 * Web and Scripting Module 12 An update that has one recommended fix can now be installed. ## Description: This update for python3 fixes the following issues: * Fix unnecessary and dangerous calls to PyThread_exit_thread() (bsc#1203355) ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE OpenStack Cloud 9 zypper in -t patch SUSE-OpenStack-Cloud-9-2023-1782=1 * SUSE OpenStack Cloud Crowbar 9 zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2023-1782=1 * Web and Scripting Module 12 zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2023-1782=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 zypper in -t patch SUSE-SLE-SAP-12-SP4-2023-1782=1 * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-1782=1 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2023-1782=1 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 zypper in -t patch SUSE-SLE-SERVER-12-SP4-ESPOS-2023-1782=1 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2023-1782=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-1782=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-1782=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-1782=1 ## Package List: * SUSE OpenStack Cloud 9 (x86_64) * python3-base-debuginfo-3.4.10-25.111.1 * python3-base-3.4.10-25.111.1 * python3-3.4.10-25.111.1 * libpython3_4m1_0-3.4.10-25.111.1 * python3-debuginfo-3.4.10-25.111.1 * python3-base-debugsource-3.4.10-25.111.1 * python3-devel-debuginfo-3.4.10-25.111.1 * libpython3_4m1_0-debuginfo-3.4.10-25.111.1 * python3-curses-3.4.10-25.111.1 * python3-debugsource-3.4.10-25.111.1 * python3-curses-debuginfo-3.4.10-25.111.1 * python3-devel-3.4.10-25.111.1 * SUSE OpenStack Cloud Crowbar 9 (x86_64) * python3-base-debuginfo-3.4.10-25.111.1 * python3-base-3.4.10-25.111.1 * python3-3.4.10-25.111.1 * libpython3_4m1_0-3.4.10-25.111.1 * python3-debuginfo-3.4.10-25.111.1 * python3-base-debugsource-3.4.10-25.111.1 * python3-devel-debuginfo-3.4.10-25.111.1 * libpython3_4m1_0-debuginfo-3.4.10-25.111.1 * python3-curses-3.4.10-25.111.1 * python3-debugsource-3.4.10-25.111.1 * python3-curses-debuginfo-3.4.10-25.111.1 * python3-devel-3.4.10-25.111.1 * Web and Scripting Module 12 (aarch64 ppc64le s390x x86_64) * python3-base-debuginfo-3.4.10-25.111.1 * python3-base-3.4.10-25.111.1 * python3-3.4.10-25.111.1 * libpython3_4m1_0-3.4.10-25.111.1 * python3-debuginfo-3.4.10-25.111.1 * python3-base-debugsource-3.4.10-25.111.1 * libpython3_4m1_0-debuginfo-3.4.10-25.111.1 * python3-curses-3.4.10-25.111.1 * python3-debugsource-3.4.10-25.111.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 (ppc64le x86_64) * python3-base-debuginfo-3.4.10-25.111.1 * python3-base-3.4.10-25.111.1 * python3-3.4.10-25.111.1 * libpython3_4m1_0-3.4.10-25.111.1 * python3-debuginfo-3.4.10-25.111.1 * python3-base-debugsource-3.4.10-25.111.1 * python3-devel-debuginfo-3.4.10-25.111.1 * libpython3_4m1_0-debuginfo-3.4.10-25.111.1 * python3-curses-3.4.10-25.111.1 * python3-debugsource-3.4.10-25.111.1 * python3-curses-debuginfo-3.4.10-25.111.1 * python3-devel-3.4.10-25.111.1 * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * python3-base-debuginfo-3.4.10-25.111.1 * python3-debuginfo-3.4.10-25.111.1 * python3-dbm-debuginfo-3.4.10-25.111.1 * python3-base-debugsource-3.4.10-25.111.1 * python3-dbm-3.4.10-25.111.1 * python3-debugsource-3.4.10-25.111.1 * python3-devel-3.4.10-25.111.1 * SUSE Linux Enterprise Software Development Kit 12 SP5 (ppc64le s390x x86_64) * python3-devel-debuginfo-3.4.10-25.111.1 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 (x86_64) * python3-base-debuginfo-3.4.10-25.111.1 * python3-base-3.4.10-25.111.1 * python3-3.4.10-25.111.1 * libpython3_4m1_0-3.4.10-25.111.1 * python3-debuginfo-3.4.10-25.111.1 * python3-base-debugsource-3.4.10-25.111.1 * libpython3_4m1_0-debuginfo-3.4.10-25.111.1 * python3-curses-3.4.10-25.111.1 * python3-debugsource-3.4.10-25.111.1 * python3-curses-debuginfo-3.4.10-25.111.1 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 (aarch64 x86_64) * python3-base-debuginfo-3.4.10-25.111.1 * python3-base-3.4.10-25.111.1 * python3-3.4.10-25.111.1 * libpython3_4m1_0-3.4.10-25.111.1 * python3-debuginfo-3.4.10-25.111.1 * python3-base-debugsource-3.4.10-25.111.1 * libpython3_4m1_0-debuginfo-3.4.10-25.111.1 * python3-curses-3.4.10-25.111.1 * python3-debugsource-3.4.10-25.111.1 * python3-curses-debuginfo-3.4.10-25.111.1 * python3-devel-3.4.10-25.111.1 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 (x86_64) * python3-devel-debuginfo-3.4.10-25.111.1 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 (aarch64 ppc64le s390x x86_64) * python3-base-debuginfo-3.4.10-25.111.1 * python3-base-3.4.10-25.111.1 * python3-3.4.10-25.111.1 * libpython3_4m1_0-3.4.10-25.111.1 * python3-debuginfo-3.4.10-25.111.1 * python3-base-debugsource-3.4.10-25.111.1 * libpython3_4m1_0-debuginfo-3.4.10-25.111.1 * python3-curses-3.4.10-25.111.1 * python3-debugsource-3.4.10-25.111.1 * python3-curses-debuginfo-3.4.10-25.111.1 * python3-devel-3.4.10-25.111.1 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 (ppc64le s390x x86_64) * python3-devel-debuginfo-3.4.10-25.111.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * python3-base-debuginfo-3.4.10-25.111.1 * python3-base-3.4.10-25.111.1 * python3-3.4.10-25.111.1 * libpython3_4m1_0-3.4.10-25.111.1 * python3-tk-3.4.10-25.111.1 * python3-debuginfo-3.4.10-25.111.1 * python3-base-debugsource-3.4.10-25.111.1 * libpython3_4m1_0-debuginfo-3.4.10-25.111.1 * python3-curses-3.4.10-25.111.1 * python3-tk-debuginfo-3.4.10-25.111.1 * python3-debugsource-3.4.10-25.111.1 * python3-curses-debuginfo-3.4.10-25.111.1 * python3-devel-3.4.10-25.111.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (x86_64) * python3-base-debuginfo-32bit-3.4.10-25.111.1 * python3-devel-debuginfo-3.4.10-25.111.1 * libpython3_4m1_0-debuginfo-32bit-3.4.10-25.111.1 * libpython3_4m1_0-32bit-3.4.10-25.111.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * python3-base-debuginfo-3.4.10-25.111.1 * python3-base-3.4.10-25.111.1 * python3-3.4.10-25.111.1 * libpython3_4m1_0-3.4.10-25.111.1 * python3-tk-3.4.10-25.111.1 * python3-debuginfo-3.4.10-25.111.1 * python3-base-debugsource-3.4.10-25.111.1 * libpython3_4m1_0-debuginfo-3.4.10-25.111.1 * python3-curses-3.4.10-25.111.1 * python3-tk-debuginfo-3.4.10-25.111.1 * python3-debugsource-3.4.10-25.111.1 * python3-curses-debuginfo-3.4.10-25.111.1 * python3-devel-3.4.10-25.111.1 * SUSE Linux Enterprise Server 12 SP5 (ppc64le s390x x86_64) * python3-devel-debuginfo-3.4.10-25.111.1 * SUSE Linux Enterprise Server 12 SP5 (s390x x86_64) * python3-base-debuginfo-32bit-3.4.10-25.111.1 * libpython3_4m1_0-debuginfo-32bit-3.4.10-25.111.1 * libpython3_4m1_0-32bit-3.4.10-25.111.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * python3-base-debuginfo-3.4.10-25.111.1 * python3-base-3.4.10-25.111.1 * python3-3.4.10-25.111.1 * libpython3_4m1_0-3.4.10-25.111.1 * python3-tk-3.4.10-25.111.1 * python3-debuginfo-3.4.10-25.111.1 * python3-base-debugsource-3.4.10-25.111.1 * python3-devel-debuginfo-3.4.10-25.111.1 * libpython3_4m1_0-debuginfo-3.4.10-25.111.1 * python3-curses-3.4.10-25.111.1 * python3-tk-debuginfo-3.4.10-25.111.1 * python3-debugsource-3.4.10-25.111.1 * python3-curses-debuginfo-3.4.10-25.111.1 * python3-devel-3.4.10-25.111.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (x86_64) * python3-base-debuginfo-32bit-3.4.10-25.111.1 * libpython3_4m1_0-debuginfo-32bit-3.4.10-25.111.1 * libpython3_4m1_0-32bit-3.4.10-25.111.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1203355 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Apr 6 08:30:15 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 06 Apr 2023 08:30:15 -0000 Subject: SUSE-RU-2023:1780-1: important: Recommended update for python36 Message-ID: <168076981518.13947.2359427585198955357@smelt2.suse.de> # Recommended update for python36 Announcement ID: SUSE-RU-2023:1780-1 Rating: important References: * #1203355 Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 An update that has one recommended fix can now be installed. ## Description: This update for python36 fixes the following issues: * Fix unnecessary and dangerous calls to PyThread_exit_thread() (bsc#1203355) ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-1780=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-1780=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-1780=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-1780=1 ## Package List: * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * python36-devel-3.6.15-43.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * python36-debugsource-3.6.15-43.1 * python36-base-debuginfo-3.6.15-43.1 * libpython3_6m1_0-debuginfo-3.6.15-43.1 * python36-3.6.15-43.1 * libpython3_6m1_0-3.6.15-43.1 * python36-debuginfo-3.6.15-43.1 * python36-base-3.6.15-43.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (x86_64) * libpython3_6m1_0-debuginfo-32bit-3.6.15-43.1 * libpython3_6m1_0-32bit-3.6.15-43.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * python36-debugsource-3.6.15-43.1 * python36-base-debuginfo-3.6.15-43.1 * libpython3_6m1_0-debuginfo-3.6.15-43.1 * python36-3.6.15-43.1 * libpython3_6m1_0-3.6.15-43.1 * python36-debuginfo-3.6.15-43.1 * python36-base-3.6.15-43.1 * SUSE Linux Enterprise Server 12 SP5 (s390x x86_64) * libpython3_6m1_0-debuginfo-32bit-3.6.15-43.1 * libpython3_6m1_0-32bit-3.6.15-43.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * python36-debugsource-3.6.15-43.1 * python36-base-debuginfo-3.6.15-43.1 * libpython3_6m1_0-debuginfo-3.6.15-43.1 * python36-3.6.15-43.1 * libpython3_6m1_0-3.6.15-43.1 * python36-debuginfo-3.6.15-43.1 * python36-base-3.6.15-43.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (x86_64) * libpython3_6m1_0-debuginfo-32bit-3.6.15-43.1 * libpython3_6m1_0-32bit-3.6.15-43.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1203355 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Apr 6 08:30:18 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 06 Apr 2023 08:30:18 -0000 Subject: SUSE-RU-2023:1779-1: moderate: Recommended update for systemd Message-ID: <168076981851.13947.7592839085302375352@smelt2.suse.de> # Recommended update for systemd Announcement ID: SUSE-RU-2023:1779-1 Rating: moderate References: * #1208432 Affected Products: * Basesystem Module 15-SP4 * openSUSE Leap 15.4 * openSUSE Leap Micro 5.3 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has one recommended fix can now be installed. ## Description: This update for systemd fixes the following issues: * Fix return non-zero value when disabling SysVinit service (bsc#1208432) * Drop build requirement on libpci, it's not no longer needed * Move systemd-boot and all components managing (secure) UEFI boot into udev sub-package, so they aren't installed in systemd based containers ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-1779=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-1779=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-1779=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-1779=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-1779=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-1779=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-1779=1 ## Package List: * openSUSE Leap Micro 5.3 (aarch64 x86_64) * systemd-journal-remote-debuginfo-249.16-150400.8.25.7 * systemd-journal-remote-249.16-150400.8.25.7 * udev-debuginfo-249.16-150400.8.25.7 * systemd-container-debuginfo-249.16-150400.8.25.7 * systemd-sysvinit-249.16-150400.8.25.7 * systemd-debugsource-249.16-150400.8.25.7 * libudev1-debuginfo-249.16-150400.8.25.7 * udev-249.16-150400.8.25.7 * libudev1-249.16-150400.8.25.7 * libsystemd0-249.16-150400.8.25.7 * systemd-container-249.16-150400.8.25.7 * systemd-249.16-150400.8.25.7 * libsystemd0-debuginfo-249.16-150400.8.25.7 * systemd-debuginfo-249.16-150400.8.25.7 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * systemd-journal-remote-249.16-150400.8.25.7 * systemd-experimental-debuginfo-249.16-150400.8.25.7 * systemd-network-debuginfo-249.16-150400.8.25.7 * systemd-coredump-249.16-150400.8.25.7 * systemd-experimental-249.16-150400.8.25.7 * libsystemd0-249.16-150400.8.25.7 * systemd-journal-remote-debuginfo-249.16-150400.8.25.7 * systemd-coredump-debuginfo-249.16-150400.8.25.7 * udev-debuginfo-249.16-150400.8.25.7 * systemd-container-debuginfo-249.16-150400.8.25.7 * systemd-sysvinit-249.16-150400.8.25.7 * systemd-debugsource-249.16-150400.8.25.7 * udev-249.16-150400.8.25.7 * nss-myhostname-249.16-150400.8.25.7 * libudev1-249.16-150400.8.25.7 * systemd-devel-249.16-150400.8.25.7 * nss-systemd-debuginfo-249.16-150400.8.25.7 * systemd-debuginfo-249.16-150400.8.25.7 * systemd-portable-debuginfo-249.16-150400.8.25.7 * nss-systemd-249.16-150400.8.25.7 * systemd-network-249.16-150400.8.25.7 * systemd-249.16-150400.8.25.7 * systemd-testsuite-debuginfo-249.16-150400.8.25.7 * nss-myhostname-debuginfo-249.16-150400.8.25.7 * libudev1-debuginfo-249.16-150400.8.25.7 * systemd-testsuite-249.16-150400.8.25.7 * systemd-portable-249.16-150400.8.25.7 * systemd-container-249.16-150400.8.25.7 * systemd-doc-249.16-150400.8.25.7 * libsystemd0-debuginfo-249.16-150400.8.25.7 * openSUSE Leap 15.4 (x86_64) * systemd-32bit-249.16-150400.8.25.7 * libsystemd0-32bit-249.16-150400.8.25.7 * libudev1-32bit-249.16-150400.8.25.7 * systemd-32bit-debuginfo-249.16-150400.8.25.7 * nss-myhostname-32bit-249.16-150400.8.25.7 * libsystemd0-32bit-debuginfo-249.16-150400.8.25.7 * libudev1-32bit-debuginfo-249.16-150400.8.25.7 * nss-myhostname-32bit-debuginfo-249.16-150400.8.25.7 * openSUSE Leap 15.4 (noarch) * systemd-lang-249.16-150400.8.25.7 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * systemd-journal-remote-debuginfo-249.16-150400.8.25.7 * systemd-journal-remote-249.16-150400.8.25.7 * udev-debuginfo-249.16-150400.8.25.7 * systemd-container-debuginfo-249.16-150400.8.25.7 * systemd-sysvinit-249.16-150400.8.25.7 * systemd-debugsource-249.16-150400.8.25.7 * libudev1-debuginfo-249.16-150400.8.25.7 * udev-249.16-150400.8.25.7 * libudev1-249.16-150400.8.25.7 * libsystemd0-249.16-150400.8.25.7 * systemd-container-249.16-150400.8.25.7 * systemd-249.16-150400.8.25.7 * libsystemd0-debuginfo-249.16-150400.8.25.7 * systemd-debuginfo-249.16-150400.8.25.7 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * systemd-journal-remote-debuginfo-249.16-150400.8.25.7 * systemd-journal-remote-249.16-150400.8.25.7 * udev-debuginfo-249.16-150400.8.25.7 * systemd-container-debuginfo-249.16-150400.8.25.7 * systemd-sysvinit-249.16-150400.8.25.7 * systemd-debugsource-249.16-150400.8.25.7 * libudev1-debuginfo-249.16-150400.8.25.7 * udev-249.16-150400.8.25.7 * libudev1-249.16-150400.8.25.7 * libsystemd0-249.16-150400.8.25.7 * systemd-container-249.16-150400.8.25.7 * systemd-249.16-150400.8.25.7 * libsystemd0-debuginfo-249.16-150400.8.25.7 * systemd-debuginfo-249.16-150400.8.25.7 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * systemd-journal-remote-debuginfo-249.16-150400.8.25.7 * systemd-journal-remote-249.16-150400.8.25.7 * udev-debuginfo-249.16-150400.8.25.7 * systemd-container-debuginfo-249.16-150400.8.25.7 * systemd-sysvinit-249.16-150400.8.25.7 * systemd-debugsource-249.16-150400.8.25.7 * libudev1-debuginfo-249.16-150400.8.25.7 * udev-249.16-150400.8.25.7 * libudev1-249.16-150400.8.25.7 * libsystemd0-249.16-150400.8.25.7 * systemd-container-249.16-150400.8.25.7 * systemd-249.16-150400.8.25.7 * libsystemd0-debuginfo-249.16-150400.8.25.7 * systemd-debuginfo-249.16-150400.8.25.7 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * systemd-journal-remote-debuginfo-249.16-150400.8.25.7 * systemd-journal-remote-249.16-150400.8.25.7 * udev-debuginfo-249.16-150400.8.25.7 * systemd-container-debuginfo-249.16-150400.8.25.7 * systemd-sysvinit-249.16-150400.8.25.7 * systemd-debugsource-249.16-150400.8.25.7 * libudev1-debuginfo-249.16-150400.8.25.7 * udev-249.16-150400.8.25.7 * libudev1-249.16-150400.8.25.7 * libsystemd0-249.16-150400.8.25.7 * systemd-container-249.16-150400.8.25.7 * systemd-249.16-150400.8.25.7 * libsystemd0-debuginfo-249.16-150400.8.25.7 * systemd-debuginfo-249.16-150400.8.25.7 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * systemd-coredump-debuginfo-249.16-150400.8.25.7 * udev-debuginfo-249.16-150400.8.25.7 * systemd-container-debuginfo-249.16-150400.8.25.7 * systemd-sysvinit-249.16-150400.8.25.7 * systemd-debugsource-249.16-150400.8.25.7 * libudev1-debuginfo-249.16-150400.8.25.7 * udev-249.16-150400.8.25.7 * libudev1-249.16-150400.8.25.7 * systemd-devel-249.16-150400.8.25.7 * systemd-coredump-249.16-150400.8.25.7 * libsystemd0-249.16-150400.8.25.7 * systemd-container-249.16-150400.8.25.7 * systemd-249.16-150400.8.25.7 * systemd-doc-249.16-150400.8.25.7 * libsystemd0-debuginfo-249.16-150400.8.25.7 * systemd-debuginfo-249.16-150400.8.25.7 * Basesystem Module 15-SP4 (noarch) * systemd-lang-249.16-150400.8.25.7 * Basesystem Module 15-SP4 (x86_64) * systemd-32bit-249.16-150400.8.25.7 * libsystemd0-32bit-249.16-150400.8.25.7 * libudev1-32bit-249.16-150400.8.25.7 * systemd-32bit-debuginfo-249.16-150400.8.25.7 * libsystemd0-32bit-debuginfo-249.16-150400.8.25.7 * libudev1-32bit-debuginfo-249.16-150400.8.25.7 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1208432 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Apr 6 08:30:41 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 6 Apr 2023 10:30:41 +0200 (CEST) Subject: SUSE-CU-2023:988-1: Security update of bci/ruby Message-ID: <20230406083041.141BFF36E@maintenance.suse.de> SUSE Container Update Advisory: bci/ruby ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:988-1 Container Tags : bci/ruby:2 , bci/ruby:2-34.19 , bci/ruby:2.5 , bci/ruby:2.5-34.19 , bci/ruby:latest Container Release : 34.19 Severity : moderate Type : security References : 1209624 CVE-2023-0464 ----------------------------------------------------------------- The container bci/ruby was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1745-1 Released: Tue Apr 4 09:05:23 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1209624,CVE-2023-0464 This update for openssl-1_1 fixes the following issues: - CVE-2023-0464: Fixed excessive Resource Usage Verifying X.509 Policy Constraints (bsc#1209624). The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.31.2 updated - libopenssl1_1-hmac-1.1.1l-150400.7.31.2 updated From sle-updates at lists.suse.com Thu Apr 6 08:30:52 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 6 Apr 2023 10:30:52 +0200 (CEST) Subject: SUSE-CU-2023:989-1: Security update of bci/rust Message-ID: <20230406083052.4D071F36E@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:989-1 Container Tags : bci/rust:1.66 , bci/rust:1.66-4.19 Container Release : 4.19 Severity : moderate Type : security References : 1209624 CVE-2023-0464 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1745-1 Released: Tue Apr 4 09:05:23 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1209624,CVE-2023-0464 This update for openssl-1_1 fixes the following issues: - CVE-2023-0464: Fixed excessive Resource Usage Verifying X.509 Policy Constraints (bsc#1209624). The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.31.2 updated - libopenssl1_1-hmac-1.1.1l-150400.7.31.2 updated From sle-updates at lists.suse.com Thu Apr 6 08:30:58 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 6 Apr 2023 10:30:58 +0200 (CEST) Subject: SUSE-CU-2023:990-1: Security update of bci/rust Message-ID: <20230406083058.3CF6BF36E@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:990-1 Container Tags : bci/rust:1.67 , bci/rust:1.67-3.18 , bci/rust:latest Container Release : 3.18 Severity : moderate Type : security References : 1209624 CVE-2023-0464 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1745-1 Released: Tue Apr 4 09:05:23 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1209624,CVE-2023-0464 This update for openssl-1_1 fixes the following issues: - CVE-2023-0464: Fixed excessive Resource Usage Verifying X.509 Policy Constraints (bsc#1209624). The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.31.2 updated - libopenssl1_1-hmac-1.1.1l-150400.7.31.2 updated From sle-updates at lists.suse.com Thu Apr 6 08:31:27 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 6 Apr 2023 10:31:27 +0200 (CEST) Subject: SUSE-CU-2023:991-1: Security update of suse/sle15 Message-ID: <20230406083127.43115F36E@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:991-1 Container Tags : bci/bci-base:15.4 , bci/bci-base:15.4.27.14.48 , suse/sle15:15.4 , suse/sle15:15.4.27.14.48 Container Release : 27.14.48 Severity : moderate Type : security References : 1209624 CVE-2023-0464 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1745-1 Released: Tue Apr 4 09:05:23 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1209624,CVE-2023-0464 This update for openssl-1_1 fixes the following issues: - CVE-2023-0464: Fixed excessive Resource Usage Verifying X.509 Policy Constraints (bsc#1209624). The following package changes have been done: - libopenssl1_1-hmac-1.1.1l-150400.7.31.2 updated - libopenssl1_1-1.1.1l-150400.7.31.2 updated - openssl-1_1-1.1.1l-150400.7.31.2 updated From sle-updates at lists.suse.com Thu Apr 6 08:31:54 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 6 Apr 2023 10:31:54 +0200 (CEST) Subject: SUSE-CU-2023:992-1: Recommended update of suse/sle-micro/5.1/toolbox Message-ID: <20230406083154.35FCDF36E@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.1/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:992-1 Container Tags : suse/sle-micro/5.1/toolbox:11.1 , suse/sle-micro/5.1/toolbox:11.1-2.2.369 , suse/sle-micro/5.1/toolbox:latest Container Release : 2.2.369 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container suse/sle-micro/5.1/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1753-1 Released: Tue Apr 4 11:55:00 2023 Summary: Recommended update for systemd-presets-common-SUSE Type: recommended Severity: moderate References: This update for systemd-presets-common-SUSE fixes the following issue: - Enable systemd-pstore.service by default (jsc#PED-2663) The following package changes have been done: - systemd-presets-common-SUSE-15-150100.8.20.1 updated From sle-updates at lists.suse.com Thu Apr 6 08:33:10 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 6 Apr 2023 10:33:10 +0200 (CEST) Subject: SUSE-CU-2023:994-1: Recommended update of suse/sle-micro/5.2/toolbox Message-ID: <20230406083310.8A1D6F36E@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.2/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:994-1 Container Tags : suse/sle-micro/5.2/toolbox:11.1 , suse/sle-micro/5.2/toolbox:11.1-6.2.191 , suse/sle-micro/5.2/toolbox:latest Container Release : 6.2.191 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container suse/sle-micro/5.2/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1753-1 Released: Tue Apr 4 11:55:00 2023 Summary: Recommended update for systemd-presets-common-SUSE Type: recommended Severity: moderate References: This update for systemd-presets-common-SUSE fixes the following issue: - Enable systemd-pstore.service by default (jsc#PED-2663) The following package changes have been done: - systemd-presets-common-SUSE-15-150100.8.20.1 updated From sle-updates at lists.suse.com Thu Apr 6 16:30:04 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 06 Apr 2023 16:30:04 -0000 Subject: SUSE-SU-2023:1792-1: important: Security update for go1.19 Message-ID: <168079860407.26658.18202744565062854717@smelt2.suse.de> # Security update for go1.19 Announcement ID: SUSE-SU-2023:1792-1 Rating: important References: * #1200441 * #1210127 * #1210128 * #1210129 * #1210130 Cross-References: * CVE-2023-24534 * CVE-2023-24536 * CVE-2023-24537 * CVE-2023-24538 CVSS scores: * CVE-2023-24534 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-24536 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-24537 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-24538 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N Affected Products: * Development Tools Module 15-SP4 * openSUSE Leap 15.4 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves four vulnerabilities and has one fix can now be installed. ## Description: This update for go1.19 fixes the following issues: Update to 1.19.8 * CVE-2023-24534: security: net/http, net/textproto: denial of service from excessive memory allocation (bsc#1210127) * CVE-2023-24536: security: net/http, net/textproto, mime/multipart: denial of service from excessive resource consumption (bsc#1210128) * CVE-2023-24537: security: go/parser: infinite loop in parsing (bsc#1210129) * CVE-2023-24538: security: html/template: backticks not treated as string delimiters (bsc#1210130) * cmd/go: timeout on darwin-amd64-race builder * runtime/pprof: TestLabelSystemstack due to sample with no location * internal/testpty: fails on some Linux machines due to incorrect error handling * cmd/link: linker fails on linux/amd64 when gcc's lto options are used * cmd/link/internal/arm: off-by-one error in trampoline phase call reachability calculation * time: time zone lookup using extend string makes wrong start time for non- DST zones * runtime: crash on linux-ppc64le ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-1792=1 * Development Tools Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-1792=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-1792=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-1792=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-1792=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-1792=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-1792=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-1792=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * go1.19-doc-1.19.8-150000.1.26.1 * go1.19-1.19.8-150000.1.26.1 * openSUSE Leap 15.4 (aarch64 x86_64) * go1.19-race-1.19.8-150000.1.26.1 * Development Tools Module 15-SP4 (aarch64 ppc64le s390x x86_64) * go1.19-doc-1.19.8-150000.1.26.1 * go1.19-1.19.8-150000.1.26.1 * Development Tools Module 15-SP4 (aarch64 x86_64) * go1.19-race-1.19.8-150000.1.26.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * go1.19-doc-1.19.8-150000.1.26.1 * go1.19-1.19.8-150000.1.26.1 * go1.19-race-1.19.8-150000.1.26.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * go1.19-doc-1.19.8-150000.1.26.1 * go1.19-1.19.8-150000.1.26.1 * go1.19-race-1.19.8-150000.1.26.1 * SUSE Linux Enterprise Real Time 15 SP3 (x86_64) * go1.19-doc-1.19.8-150000.1.26.1 * go1.19-1.19.8-150000.1.26.1 * go1.19-race-1.19.8-150000.1.26.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * go1.19-doc-1.19.8-150000.1.26.1 * go1.19-1.19.8-150000.1.26.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 x86_64) * go1.19-race-1.19.8-150000.1.26.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * go1.19-doc-1.19.8-150000.1.26.1 * go1.19-1.19.8-150000.1.26.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (x86_64) * go1.19-race-1.19.8-150000.1.26.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * go1.19-doc-1.19.8-150000.1.26.1 * go1.19-1.19.8-150000.1.26.1 * go1.19-race-1.19.8-150000.1.26.1 ## References: * https://www.suse.com/security/cve/CVE-2023-24534.html * https://www.suse.com/security/cve/CVE-2023-24536.html * https://www.suse.com/security/cve/CVE-2023-24537.html * https://www.suse.com/security/cve/CVE-2023-24538.html * https://bugzilla.suse.com/show_bug.cgi?id=1200441 * https://bugzilla.suse.com/show_bug.cgi?id=1210127 * https://bugzilla.suse.com/show_bug.cgi?id=1210128 * https://bugzilla.suse.com/show_bug.cgi?id=1210129 * https://bugzilla.suse.com/show_bug.cgi?id=1210130 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Apr 6 16:30:08 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 06 Apr 2023 16:30:08 -0000 Subject: SUSE-SU-2023:1791-1: important: Security update for go1.20 Message-ID: <168079860819.26658.9459157104892999257@smelt2.suse.de> # Security update for go1.20 Announcement ID: SUSE-SU-2023:1791-1 Rating: important References: * #1206346 * #1210127 * #1210128 * #1210129 * #1210130 Cross-References: * CVE-2023-24534 * CVE-2023-24536 * CVE-2023-24537 * CVE-2023-24538 CVSS scores: * CVE-2023-24534 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-24536 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-24537 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-24538 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N Affected Products: * Development Tools Module 15-SP4 * openSUSE Leap 15.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves four vulnerabilities, contains one feature and has one fix can now be installed. ## Description: This update for go1.20 fixes the following issues: Update to version 1.20.3: * CVE-2023-24534: security: net/http, net/textproto: denial of service from excessive memory allocation (bsc#1210127) * CVE-2023-24536: security: net/http, net/textproto, mime/multipart: denial of service from excessive resource consumption (bsc#1210128) * CVE-2023-24537: security: go/parser: infinite loop in parsing (bsc#1210129) * CVE-2023-24538: security: html/template: backticks not treated as string delimiters (bsc#1210130) * x/text: building as a plugin failure on darwin/arm64 * cmd/go: timeout on darwin-amd64-race builder * internal/testpty: fails on some Linux machines due to incorrect error handling * cmd/link: Incorrect symbol linked in darwin/arm64 * cmd/link: linker fails on linux/amd64 when gcc's lto options are used * cmd/link/internal/arm: off-by-one error in trampoline phase call reachability calculation * time: time zone lookup using extend string makes wrong start time for non- DST zones * runtime: crash on linux-ppc64le * cmd/compile: crypto/elliptic build error under -linkshared mode * cmd/compile: unsafe.SliceData incoherent resuilt with nil argument ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-1791=1 * Development Tools Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-1791=1 ## Package List: * openSUSE Leap 15.4 (ppc64le s390x x86_64) * go1.20-1.20.3-150000.1.8.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * go1.20-doc-1.20.3-150000.1.8.1 * openSUSE Leap 15.4 (aarch64 x86_64) * go1.20-race-1.20.3-150000.1.8.1 * Development Tools Module 15-SP4 (aarch64 ppc64le s390x x86_64) * go1.20-1.20.3-150000.1.8.1 * go1.20-doc-1.20.3-150000.1.8.1 * Development Tools Module 15-SP4 (aarch64 x86_64) * go1.20-race-1.20.3-150000.1.8.1 ## References: * https://www.suse.com/security/cve/CVE-2023-24534.html * https://www.suse.com/security/cve/CVE-2023-24536.html * https://www.suse.com/security/cve/CVE-2023-24537.html * https://www.suse.com/security/cve/CVE-2023-24538.html * https://bugzilla.suse.com/show_bug.cgi?id=1206346 * https://bugzilla.suse.com/show_bug.cgi?id=1210127 * https://bugzilla.suse.com/show_bug.cgi?id=1210128 * https://bugzilla.suse.com/show_bug.cgi?id=1210129 * https://bugzilla.suse.com/show_bug.cgi?id=1210130 * https://jira.suse.com/browse/PED-1962 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Apr 6 16:30:12 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 06 Apr 2023 16:30:12 -0000 Subject: SUSE-SU-2023:1790-1: moderate: Security update for openssl-1_1 Message-ID: <168079861201.26658.5358536634475172131@smelt2.suse.de> # Security update for openssl-1_1 Announcement ID: SUSE-SU-2023:1790-1 Rating: moderate References: * #1209624 * #1209873 * #1209878 Cross-References: * CVE-2023-0464 * CVE-2023-0465 * CVE-2023-0466 CVSS scores: * CVE-2023-0464 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2023-0464 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-0465 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N * CVE-2023-0465 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2023-0466 ( SUSE ): 2.0 CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N * CVE-2023-0466 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Affected Products: * SUSE Enterprise Storage 7 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Manager Proxy 4.2 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Server 4.2 An update that solves three vulnerabilities can now be installed. ## Description: This update for openssl-1_1 fixes the following issues: * CVE-2023-0464: Fixed excessive Resource Usage Verifying X.509 Policy Constraints (bsc#1209624). * CVE-2023-0465: Invalid certificate policies in leaf certificates were silently ignored (bsc#1209878). * CVE-2023-0466: Certificate policy check were not enabled (bsc#1209873). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-1790=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-1790=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-1790=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-1790=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-1790=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-1790=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-1790=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-1790=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-1790=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-1790=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-1790=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-1790=1 * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-1790=1 * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-1790=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-1790=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-1790=1 ## Package List: * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * libopenssl1_1-hmac-1.1.1d-150200.11.62.1 * openssl-1_1-debugsource-1.1.1d-150200.11.62.1 * libopenssl1_1-debuginfo-1.1.1d-150200.11.62.1 * openssl-1_1-debuginfo-1.1.1d-150200.11.62.1 * libopenssl-1_1-devel-1.1.1d-150200.11.62.1 * openssl-1_1-1.1.1d-150200.11.62.1 * libopenssl1_1-1.1.1d-150200.11.62.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (x86_64) * libopenssl1_1-32bit-1.1.1d-150200.11.62.1 * libopenssl1_1-hmac-32bit-1.1.1d-150200.11.62.1 * libopenssl1_1-32bit-debuginfo-1.1.1d-150200.11.62.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * libopenssl1_1-hmac-1.1.1d-150200.11.62.1 * openssl-1_1-debugsource-1.1.1d-150200.11.62.1 * libopenssl1_1-debuginfo-1.1.1d-150200.11.62.1 * openssl-1_1-debuginfo-1.1.1d-150200.11.62.1 * libopenssl-1_1-devel-1.1.1d-150200.11.62.1 * openssl-1_1-1.1.1d-150200.11.62.1 * libopenssl1_1-1.1.1d-150200.11.62.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * openssl-1_1-doc-1.1.1d-150200.11.62.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (x86_64) * libopenssl1_1-32bit-1.1.1d-150200.11.62.1 * libopenssl-1_1-devel-32bit-1.1.1d-150200.11.62.1 * libopenssl1_1-hmac-32bit-1.1.1d-150200.11.62.1 * libopenssl1_1-32bit-debuginfo-1.1.1d-150200.11.62.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * libopenssl1_1-hmac-1.1.1d-150200.11.62.1 * openssl-1_1-debugsource-1.1.1d-150200.11.62.1 * libopenssl1_1-debuginfo-1.1.1d-150200.11.62.1 * openssl-1_1-debuginfo-1.1.1d-150200.11.62.1 * libopenssl-1_1-devel-1.1.1d-150200.11.62.1 * openssl-1_1-1.1.1d-150200.11.62.1 * libopenssl1_1-1.1.1d-150200.11.62.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * openssl-1_1-doc-1.1.1d-150200.11.62.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (x86_64) * libopenssl1_1-32bit-1.1.1d-150200.11.62.1 * libopenssl-1_1-devel-32bit-1.1.1d-150200.11.62.1 * libopenssl1_1-hmac-32bit-1.1.1d-150200.11.62.1 * libopenssl1_1-32bit-debuginfo-1.1.1d-150200.11.62.1 * SUSE Linux Enterprise Real Time 15 SP3 (x86_64) * libopenssl-1_1-devel-1.1.1d-150200.11.62.1 * libopenssl1_1-hmac-1.1.1d-150200.11.62.1 * libopenssl1_1-hmac-32bit-1.1.1d-150200.11.62.1 * openssl-1_1-debugsource-1.1.1d-150200.11.62.1 * libopenssl1_1-debuginfo-1.1.1d-150200.11.62.1 * openssl-1_1-debuginfo-1.1.1d-150200.11.62.1 * libopenssl1_1-32bit-1.1.1d-150200.11.62.1 * libopenssl-1_1-devel-32bit-1.1.1d-150200.11.62.1 * openssl-1_1-1.1.1d-150200.11.62.1 * libopenssl1_1-1.1.1d-150200.11.62.1 * libopenssl1_1-32bit-debuginfo-1.1.1d-150200.11.62.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * libopenssl1_1-hmac-1.1.1d-150200.11.62.1 * openssl-1_1-debugsource-1.1.1d-150200.11.62.1 * libopenssl1_1-debuginfo-1.1.1d-150200.11.62.1 * openssl-1_1-debuginfo-1.1.1d-150200.11.62.1 * libopenssl-1_1-devel-1.1.1d-150200.11.62.1 * openssl-1_1-1.1.1d-150200.11.62.1 * libopenssl1_1-1.1.1d-150200.11.62.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (x86_64) * libopenssl1_1-32bit-1.1.1d-150200.11.62.1 * libopenssl1_1-hmac-32bit-1.1.1d-150200.11.62.1 * libopenssl1_1-32bit-debuginfo-1.1.1d-150200.11.62.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * libopenssl1_1-hmac-1.1.1d-150200.11.62.1 * openssl-1_1-debugsource-1.1.1d-150200.11.62.1 * libopenssl1_1-debuginfo-1.1.1d-150200.11.62.1 * openssl-1_1-debuginfo-1.1.1d-150200.11.62.1 * libopenssl-1_1-devel-1.1.1d-150200.11.62.1 * openssl-1_1-1.1.1d-150200.11.62.1 * libopenssl1_1-1.1.1d-150200.11.62.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * openssl-1_1-doc-1.1.1d-150200.11.62.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (x86_64) * libopenssl1_1-32bit-1.1.1d-150200.11.62.1 * libopenssl-1_1-devel-32bit-1.1.1d-150200.11.62.1 * libopenssl1_1-hmac-32bit-1.1.1d-150200.11.62.1 * libopenssl1_1-32bit-debuginfo-1.1.1d-150200.11.62.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * libopenssl1_1-hmac-1.1.1d-150200.11.62.1 * openssl-1_1-debugsource-1.1.1d-150200.11.62.1 * libopenssl1_1-debuginfo-1.1.1d-150200.11.62.1 * openssl-1_1-debuginfo-1.1.1d-150200.11.62.1 * libopenssl-1_1-devel-1.1.1d-150200.11.62.1 * openssl-1_1-1.1.1d-150200.11.62.1 * libopenssl1_1-1.1.1d-150200.11.62.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (x86_64) * libopenssl1_1-32bit-1.1.1d-150200.11.62.1 * libopenssl1_1-hmac-32bit-1.1.1d-150200.11.62.1 * libopenssl1_1-32bit-debuginfo-1.1.1d-150200.11.62.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * libopenssl1_1-hmac-1.1.1d-150200.11.62.1 * openssl-1_1-debugsource-1.1.1d-150200.11.62.1 * libopenssl1_1-debuginfo-1.1.1d-150200.11.62.1 * openssl-1_1-debuginfo-1.1.1d-150200.11.62.1 * libopenssl-1_1-devel-1.1.1d-150200.11.62.1 * openssl-1_1-1.1.1d-150200.11.62.1 * libopenssl1_1-1.1.1d-150200.11.62.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * openssl-1_1-doc-1.1.1d-150200.11.62.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (x86_64) * libopenssl1_1-32bit-1.1.1d-150200.11.62.1 * libopenssl-1_1-devel-32bit-1.1.1d-150200.11.62.1 * libopenssl1_1-hmac-32bit-1.1.1d-150200.11.62.1 * libopenssl1_1-32bit-debuginfo-1.1.1d-150200.11.62.1 * SUSE Manager Proxy 4.2 (x86_64) * libopenssl-1_1-devel-1.1.1d-150200.11.62.1 * libopenssl1_1-hmac-1.1.1d-150200.11.62.1 * libopenssl1_1-hmac-32bit-1.1.1d-150200.11.62.1 * openssl-1_1-debugsource-1.1.1d-150200.11.62.1 * libopenssl1_1-debuginfo-1.1.1d-150200.11.62.1 * openssl-1_1-debuginfo-1.1.1d-150200.11.62.1 * libopenssl1_1-32bit-1.1.1d-150200.11.62.1 * libopenssl-1_1-devel-32bit-1.1.1d-150200.11.62.1 * openssl-1_1-1.1.1d-150200.11.62.1 * libopenssl1_1-1.1.1d-150200.11.62.1 * libopenssl1_1-32bit-debuginfo-1.1.1d-150200.11.62.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * libopenssl-1_1-devel-1.1.1d-150200.11.62.1 * libopenssl1_1-hmac-1.1.1d-150200.11.62.1 * libopenssl1_1-hmac-32bit-1.1.1d-150200.11.62.1 * openssl-1_1-debugsource-1.1.1d-150200.11.62.1 * libopenssl1_1-debuginfo-1.1.1d-150200.11.62.1 * openssl-1_1-debuginfo-1.1.1d-150200.11.62.1 * libopenssl1_1-32bit-1.1.1d-150200.11.62.1 * libopenssl-1_1-devel-32bit-1.1.1d-150200.11.62.1 * openssl-1_1-1.1.1d-150200.11.62.1 * libopenssl1_1-1.1.1d-150200.11.62.1 * libopenssl1_1-32bit-debuginfo-1.1.1d-150200.11.62.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * libopenssl1_1-hmac-1.1.1d-150200.11.62.1 * openssl-1_1-debugsource-1.1.1d-150200.11.62.1 * libopenssl1_1-debuginfo-1.1.1d-150200.11.62.1 * openssl-1_1-debuginfo-1.1.1d-150200.11.62.1 * libopenssl-1_1-devel-1.1.1d-150200.11.62.1 * openssl-1_1-1.1.1d-150200.11.62.1 * libopenssl1_1-1.1.1d-150200.11.62.1 * SUSE Manager Server 4.2 (x86_64) * libopenssl1_1-32bit-1.1.1d-150200.11.62.1 * libopenssl-1_1-devel-32bit-1.1.1d-150200.11.62.1 * libopenssl1_1-hmac-32bit-1.1.1d-150200.11.62.1 * libopenssl1_1-32bit-debuginfo-1.1.1d-150200.11.62.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * libopenssl1_1-hmac-1.1.1d-150200.11.62.1 * openssl-1_1-debugsource-1.1.1d-150200.11.62.1 * libopenssl1_1-debuginfo-1.1.1d-150200.11.62.1 * openssl-1_1-debuginfo-1.1.1d-150200.11.62.1 * libopenssl-1_1-devel-1.1.1d-150200.11.62.1 * openssl-1_1-1.1.1d-150200.11.62.1 * libopenssl1_1-1.1.1d-150200.11.62.1 * SUSE Enterprise Storage 7.1 (noarch) * openssl-1_1-doc-1.1.1d-150200.11.62.1 * SUSE Enterprise Storage 7.1 (x86_64) * libopenssl1_1-32bit-1.1.1d-150200.11.62.1 * libopenssl-1_1-devel-32bit-1.1.1d-150200.11.62.1 * libopenssl1_1-hmac-32bit-1.1.1d-150200.11.62.1 * libopenssl1_1-32bit-debuginfo-1.1.1d-150200.11.62.1 * SUSE Enterprise Storage 7 (aarch64 x86_64) * libopenssl1_1-hmac-1.1.1d-150200.11.62.1 * openssl-1_1-debugsource-1.1.1d-150200.11.62.1 * libopenssl1_1-debuginfo-1.1.1d-150200.11.62.1 * openssl-1_1-debuginfo-1.1.1d-150200.11.62.1 * libopenssl-1_1-devel-1.1.1d-150200.11.62.1 * openssl-1_1-1.1.1d-150200.11.62.1 * libopenssl1_1-1.1.1d-150200.11.62.1 * SUSE Enterprise Storage 7 (x86_64) * libopenssl1_1-32bit-1.1.1d-150200.11.62.1 * libopenssl1_1-hmac-32bit-1.1.1d-150200.11.62.1 * libopenssl1_1-32bit-debuginfo-1.1.1d-150200.11.62.1 * SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64) * libopenssl1_1-hmac-1.1.1d-150200.11.62.1 * openssl-1_1-debugsource-1.1.1d-150200.11.62.1 * libopenssl1_1-debuginfo-1.1.1d-150200.11.62.1 * openssl-1_1-debuginfo-1.1.1d-150200.11.62.1 * libopenssl-1_1-devel-1.1.1d-150200.11.62.1 * openssl-1_1-1.1.1d-150200.11.62.1 * libopenssl1_1-1.1.1d-150200.11.62.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * libopenssl1_1-hmac-1.1.1d-150200.11.62.1 * openssl-1_1-debugsource-1.1.1d-150200.11.62.1 * libopenssl1_1-debuginfo-1.1.1d-150200.11.62.1 * openssl-1_1-debuginfo-1.1.1d-150200.11.62.1 * libopenssl-1_1-devel-1.1.1d-150200.11.62.1 * openssl-1_1-1.1.1d-150200.11.62.1 * libopenssl1_1-1.1.1d-150200.11.62.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * libopenssl1_1-hmac-1.1.1d-150200.11.62.1 * openssl-1_1-debugsource-1.1.1d-150200.11.62.1 * libopenssl1_1-debuginfo-1.1.1d-150200.11.62.1 * openssl-1_1-debuginfo-1.1.1d-150200.11.62.1 * libopenssl-1_1-devel-1.1.1d-150200.11.62.1 * openssl-1_1-1.1.1d-150200.11.62.1 * libopenssl1_1-1.1.1d-150200.11.62.1 ## References: * https://www.suse.com/security/cve/CVE-2023-0464.html * https://www.suse.com/security/cve/CVE-2023-0465.html * https://www.suse.com/security/cve/CVE-2023-0466.html * https://bugzilla.suse.com/show_bug.cgi?id=1209624 * https://bugzilla.suse.com/show_bug.cgi?id=1209873 * https://bugzilla.suse.com/show_bug.cgi?id=1209878 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Apr 6 16:30:14 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 06 Apr 2023 16:30:14 -0000 Subject: SUSE-SU-2023:1789-1: moderate: Security update for conmon Message-ID: <168079861445.26658.6715081928488163330@smelt2.suse.de> # Security update for conmon Announcement ID: SUSE-SU-2023:1789-1 Rating: moderate References: * #1209307 Affected Products: * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 An update that has one fix can now be installed. ## Description: This update for conmon fixes the following issues: * rebuild against supported go 1.19 (bsc#1209307) * no functional changes. ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-1789=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-1789=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-1789=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-1789=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-1789=1 * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-1789=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-1789=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-1789=1 ## Package List: * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * conmon-2.1.5-150300.8.9.1 * conmon-debuginfo-2.1.5-150300.8.9.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * conmon-2.1.5-150300.8.9.1 * conmon-debuginfo-2.1.5-150300.8.9.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * conmon-2.1.5-150300.8.9.1 * conmon-debuginfo-2.1.5-150300.8.9.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * conmon-2.1.5-150300.8.9.1 * conmon-debuginfo-2.1.5-150300.8.9.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * conmon-2.1.5-150300.8.9.1 * conmon-debuginfo-2.1.5-150300.8.9.1 * SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64) * conmon-2.1.5-150300.8.9.1 * conmon-debuginfo-2.1.5-150300.8.9.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * conmon-2.1.5-150300.8.9.1 * conmon-debuginfo-2.1.5-150300.8.9.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * conmon-2.1.5-150300.8.9.1 * conmon-debuginfo-2.1.5-150300.8.9.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1209307 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Apr 6 16:30:16 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 06 Apr 2023 16:30:16 -0000 Subject: SUSE-SU-2023:1788-1: moderate: Security update for libgit2 Message-ID: <168079861687.26658.14614149629565133082@smelt2.suse.de> # Security update for libgit2 Announcement ID: SUSE-SU-2023:1788-1 Rating: moderate References: * #1207364 Cross-References: * CVE-2023-22742 CVSS scores: * CVE-2023-22742 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N * CVE-2023-22742 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N Affected Products: * Development Tools Module 15-SP4 * openSUSE Leap 15.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves one vulnerability can now be installed. ## Description: This update for libgit2 fixes the following issues: * CVE-2023-22742: Verify ssh remote host keys (bsc#1207364) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-1788=1 * Development Tools Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-1788=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * libgit2-1_3-1.3.0-150400.3.6.1 * libgit2-devel-1.3.0-150400.3.6.1 * libgit2-1_3-debuginfo-1.3.0-150400.3.6.1 * libgit2-debugsource-1.3.0-150400.3.6.1 * openSUSE Leap 15.4 (x86_64) * libgit2-1_3-32bit-1.3.0-150400.3.6.1 * libgit2-1_3-32bit-debuginfo-1.3.0-150400.3.6.1 * Development Tools Module 15-SP4 (aarch64 ppc64le s390x x86_64) * libgit2-1_3-1.3.0-150400.3.6.1 * libgit2-devel-1.3.0-150400.3.6.1 * libgit2-1_3-debuginfo-1.3.0-150400.3.6.1 * libgit2-debugsource-1.3.0-150400.3.6.1 ## References: * https://www.suse.com/security/cve/CVE-2023-22742.html * https://bugzilla.suse.com/show_bug.cgi?id=1207364 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Apr 6 16:30:19 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 06 Apr 2023 16:30:19 -0000 Subject: SUSE-RU-2023:1787-1: low: Recommended update for open-vm-tools Message-ID: <168079861908.26658.5151741198115793459@smelt2.suse.de> # Recommended update for open-vm-tools Announcement ID: SUSE-RU-2023:1787-1 Rating: low References: * #1208880 Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that contains one feature and has one recommended fix can now be installed. ## Description: This update for open-vm-tools fixes the following issue: * Ship missing open-vm-tools-salt-minion package. (bsc#1208880) ## Patch Instructions: To install this SUSE Low update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-1787=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-1787=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-1787=1 ## Package List: * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (x86_64) * open-vm-tools-salt-minion-12.1.0-4.47.5 * open-vm-tools-sdmp-12.1.0-4.47.5 * open-vm-tools-sdmp-debuginfo-12.1.0-4.47.5 * open-vm-tools-debugsource-12.1.0-4.47.5 * libvmtools0-12.1.0-4.47.5 * open-vm-tools-12.1.0-4.47.5 * open-vm-tools-desktop-12.1.0-4.47.5 * libvmtools0-debuginfo-12.1.0-4.47.5 * open-vm-tools-debuginfo-12.1.0-4.47.5 * open-vm-tools-desktop-debuginfo-12.1.0-4.47.5 * SUSE Linux Enterprise High Performance Computing 12 SP5 (x86_64) * open-vm-tools-salt-minion-12.1.0-4.47.5 * open-vm-tools-sdmp-12.1.0-4.47.5 * open-vm-tools-sdmp-debuginfo-12.1.0-4.47.5 * open-vm-tools-debugsource-12.1.0-4.47.5 * libvmtools0-12.1.0-4.47.5 * open-vm-tools-12.1.0-4.47.5 * open-vm-tools-desktop-12.1.0-4.47.5 * libvmtools0-debuginfo-12.1.0-4.47.5 * open-vm-tools-debuginfo-12.1.0-4.47.5 * open-vm-tools-desktop-debuginfo-12.1.0-4.47.5 * SUSE Linux Enterprise Server 12 SP5 (x86_64) * open-vm-tools-salt-minion-12.1.0-4.47.5 * open-vm-tools-sdmp-12.1.0-4.47.5 * open-vm-tools-sdmp-debuginfo-12.1.0-4.47.5 * open-vm-tools-debugsource-12.1.0-4.47.5 * libvmtools0-12.1.0-4.47.5 * open-vm-tools-12.1.0-4.47.5 * open-vm-tools-desktop-12.1.0-4.47.5 * libvmtools0-debuginfo-12.1.0-4.47.5 * open-vm-tools-debuginfo-12.1.0-4.47.5 * open-vm-tools-desktop-debuginfo-12.1.0-4.47.5 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1208880 * https://jira.suse.com/browse/MSC-590 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Apr 6 16:30:26 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 06 Apr 2023 16:30:26 -0000 Subject: SUSE-RU-2023:1786-1: moderate: Recommended update for libcontainers-common Message-ID: <168079862622.26658.1104636177211457204@smelt2.suse.de> # Recommended update for libcontainers-common Announcement ID: SUSE-RU-2023:1786-1 Rating: moderate References: * #1171578 * #1175821 * #1182998 * #1197093 * #1200524 * #1205536 * #1207509 Affected Products: * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Manager Proxy 4.2 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Server 4.2 An update that contains two features and has seven recommended fixes can now be installed. ## Description: This update for libcontainers-common fixes the following issues: * Add registry.suse.com to the unqualified-search-registries (bsc#1205536) * New upstream release 20230214 * bump c/storage to 1.45.3 * bump c/image to 5.24.1 * bump c/common to 0.51.0 * containers.conf: * add commented out options containers.read_only, engine.platform_to_oci_runtime, engine.events_container_create_inspect_data, network.volume_plugin_timeout, engine.runtimes.youki, machine.provider * remove deprecated setting containers.userns_size * add youki to engine.runtime_supports_json * shortnames.conf: pull in latest upstream version * storage.conf: add commented out option storage.transient_store * correct license to APACHE-2.0 * Changes introduced to c/storage's storage.conf which adds a driver_priority attribute would break consumers of libcontainer-common as long as those packages are vendoring an older c/storage version. (bsc#1207509) * storage.conf: Unset 'driver' and set 'driver_priority' to allow podman to use 'btrfs' if available and fallback to 'overlay' if not. * .spec: rm %post script to set 'btrfs' as storage driver in storage.conf * Remove registry.suse.com from search unqualified-search-registries * add requires on util-linux-systemd for findmnt in profile script * only set storage_driver env when no libpod exists * add container-storage-driver.sh (bsc#1197093) * postinstall script: slight cleanup, no functional change * set detached sigstore attachments for the SUSE controlled registries * Fix obvious typo in containers.conf * Resync containers.conf / storage.conf with Fedora * Create /etc/containers/registries.conf.d and add 000-shortnames.conf to it. * Use $() again in %post, but with a space for POSIX compliance * Add missing Requires(post): sed (bsc#1200524) * Make %post compatible with dash * Switch registries.conf to v2 format * Reintroduce SLE specific mounts config, to avoid errors on non-SLE systems * Require util-linux-systemd for %post scripts (bsc#1182998, jsc#SLE-12122, bsc#1175821) * Update default registry (bsc#1171578) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-1786=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-1786=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-1786=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-1786=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-1786=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-1786=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-1786=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-1786=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-1786=1 * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-1786=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-1786=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-1786=1 ## Package List: * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * libcontainers-common-20230214-150300.8.8.2 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * libcontainers-common-20230214-150300.8.8.2 * SUSE Linux Enterprise Real Time 15 SP3 (noarch) * libcontainers-common-20230214-150300.8.8.2 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * libcontainers-common-20230214-150300.8.8.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * libcontainers-common-20230214-150300.8.8.2 * SUSE Manager Proxy 4.2 (noarch) * libcontainers-common-20230214-150300.8.8.2 * SUSE Manager Retail Branch Server 4.2 (noarch) * libcontainers-common-20230214-150300.8.8.2 * SUSE Manager Server 4.2 (noarch) * libcontainers-common-20230214-150300.8.8.2 * SUSE Enterprise Storage 7.1 (noarch) * libcontainers-common-20230214-150300.8.8.2 * SUSE Linux Enterprise Micro 5.1 (noarch) * libcontainers-common-20230214-150300.8.8.2 * SUSE Linux Enterprise Micro 5.2 (noarch) * libcontainers-common-20230214-150300.8.8.2 * SUSE Linux Enterprise Micro for Rancher 5.2 (noarch) * libcontainers-common-20230214-150300.8.8.2 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1171578 * https://bugzilla.suse.com/show_bug.cgi?id=1175821 * https://bugzilla.suse.com/show_bug.cgi?id=1182998 * https://bugzilla.suse.com/show_bug.cgi?id=1197093 * https://bugzilla.suse.com/show_bug.cgi?id=1200524 * https://bugzilla.suse.com/show_bug.cgi?id=1205536 * https://bugzilla.suse.com/show_bug.cgi?id=1207509 * https://jira.suse.com/browse/SLE-12122 * https://jira.suse.com/browse/SMO-143 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Apr 7 07:03:40 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 7 Apr 2023 09:03:40 +0200 (CEST) Subject: SUSE-CU-2023:996-1: Recommended update of suse/sle-micro/5.3/toolbox Message-ID: <20230407070340.7A387F36E@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.3/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:996-1 Container Tags : suse/sle-micro/5.3/toolbox:12.1 , suse/sle-micro/5.3/toolbox:12.1-5.2.105 , suse/sle-micro/5.3/toolbox:latest Container Release : 5.2.105 Severity : moderate Type : recommended References : 1208432 ----------------------------------------------------------------- The container suse/sle-micro/5.3/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1779-1 Released: Thu Apr 6 08:16:58 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1208432 This update for systemd fixes the following issues: - Fix return non-zero value when disabling SysVinit service (bsc#1208432) - Drop build requirement on libpci, it's not no longer needed - Move systemd-boot and all components managing (secure) UEFI boot into udev sub-package, so they aren't installed in systemd based containers The following package changes have been done: - systemd-249.16-150400.8.25.7 updated From sle-updates at lists.suse.com Fri Apr 7 07:03:57 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 7 Apr 2023 09:03:57 +0200 (CEST) Subject: SUSE-CU-2023:998-1: Recommended update of suse/sle-micro/5.4/toolbox Message-ID: <20230407070357.2F1FAF36E@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.4/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:998-1 Container Tags : suse/sle-micro/5.4/toolbox:12.1 , suse/sle-micro/5.4/toolbox:12.1-4.2.2 , suse/sle-micro/5.4/toolbox:latest Container Release : 4.2.2 Severity : moderate Type : recommended References : 1208432 ----------------------------------------------------------------- The container suse/sle-micro/5.4/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1779-1 Released: Thu Apr 6 08:16:58 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1208432 This update for systemd fixes the following issues: - Fix return non-zero value when disabling SysVinit service (bsc#1208432) - Drop build requirement on libpci, it's not no longer needed - Move systemd-boot and all components managing (secure) UEFI boot into udev sub-package, so they aren't installed in systemd based containers The following package changes have been done: - systemd-249.16-150400.8.25.7 updated From sle-updates at lists.suse.com Fri Apr 7 07:06:11 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 7 Apr 2023 09:06:11 +0200 (CEST) Subject: SUSE-CU-2023:999-1: Security update of suse/sle15 Message-ID: <20230407070611.B1820F36E@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:999-1 Container Tags : suse/sle15:15.2 , suse/sle15:15.2.9.5.281 Container Release : 9.5.281 Severity : moderate Type : security References : 1209624 1209873 1209878 CVE-2023-0464 CVE-2023-0465 CVE-2023-0466 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1790-1 Released: Thu Apr 6 15:36:15 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1209624,1209873,1209878,CVE-2023-0464,CVE-2023-0465,CVE-2023-0466 This update for openssl-1_1 fixes the following issues: - CVE-2023-0464: Fixed excessive Resource Usage Verifying X.509 Policy Constraints (bsc#1209624). - CVE-2023-0465: Invalid certificate policies in leaf certificates were silently ignored (bsc#1209878). - CVE-2023-0466: Certificate policy check were not enabled (bsc#1209873). The following package changes have been done: - libopenssl1_1-hmac-1.1.1d-150200.11.62.1 updated - libopenssl1_1-1.1.1d-150200.11.62.1 updated - openssl-1_1-1.1.1d-150200.11.62.1 updated From sle-updates at lists.suse.com Fri Apr 7 07:07:39 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 7 Apr 2023 09:07:39 +0200 (CEST) Subject: SUSE-CU-2023:1000-1: Security update of suse/sle15 Message-ID: <20230407070739.ECB74F36E@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1000-1 Container Tags : bci/bci-base:15.3 , bci/bci-base:15.3.17.20.120 , suse/sle15:15.3 , suse/sle15:15.3.17.20.120 Container Release : 17.20.120 Severity : moderate Type : security References : 1209624 1209873 1209878 CVE-2023-0464 CVE-2023-0465 CVE-2023-0466 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1790-1 Released: Thu Apr 6 15:36:15 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1209624,1209873,1209878,CVE-2023-0464,CVE-2023-0465,CVE-2023-0466 This update for openssl-1_1 fixes the following issues: - CVE-2023-0464: Fixed excessive Resource Usage Verifying X.509 Policy Constraints (bsc#1209624). - CVE-2023-0465: Invalid certificate policies in leaf certificates were silently ignored (bsc#1209878). - CVE-2023-0466: Certificate policy check were not enabled (bsc#1209873). The following package changes have been done: - libopenssl1_1-hmac-1.1.1d-150200.11.62.1 updated - libopenssl1_1-1.1.1d-150200.11.62.1 updated - openssl-1_1-1.1.1d-150200.11.62.1 updated From sle-updates at lists.suse.com Fri Apr 7 07:08:19 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 7 Apr 2023 09:08:19 +0200 (CEST) Subject: SUSE-CU-2023:1001-1: Recommended update of suse/389-ds Message-ID: <20230407070819.BA906F36E@maintenance.suse.de> SUSE Container Update Advisory: suse/389-ds ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1001-1 Container Tags : suse/389-ds:2.0 , suse/389-ds:2.0-20.27 , suse/389-ds:latest Container Release : 20.27 Severity : moderate Type : recommended References : 1208432 ----------------------------------------------------------------- The container suse/389-ds was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1779-1 Released: Thu Apr 6 08:16:58 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1208432 This update for systemd fixes the following issues: - Fix return non-zero value when disabling SysVinit service (bsc#1208432) - Drop build requirement on libpci, it's not no longer needed - Move systemd-boot and all components managing (secure) UEFI boot into udev sub-package, so they aren't installed in systemd based containers The following package changes have been done: - libsystemd0-249.16-150400.8.25.7 updated - container:sles15-image-15.0.0-27.14.49 updated From sle-updates at lists.suse.com Fri Apr 7 07:09:01 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 7 Apr 2023 09:09:01 +0200 (CEST) Subject: SUSE-CU-2023:1002-1: Recommended update of bci/dotnet-aspnet Message-ID: <20230407070901.5ECD9F36E@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1002-1 Container Tags : bci/dotnet-aspnet:6.0 , bci/dotnet-aspnet:6.0-30.15 , bci/dotnet-aspnet:6.0.15 , bci/dotnet-aspnet:6.0.15-30.15 Container Release : 30.15 Severity : moderate Type : recommended References : 1208432 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1779-1 Released: Thu Apr 6 08:16:58 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1208432 This update for systemd fixes the following issues: - Fix return non-zero value when disabling SysVinit service (bsc#1208432) - Drop build requirement on libpci, it's not no longer needed - Move systemd-boot and all components managing (secure) UEFI boot into udev sub-package, so they aren't installed in systemd based containers The following package changes have been done: - libsystemd0-249.16-150400.8.25.7 updated - container:sles15-image-15.0.0-27.14.48 updated From sle-updates at lists.suse.com Fri Apr 7 07:09:07 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 7 Apr 2023 09:09:07 +0200 (CEST) Subject: SUSE-CU-2023:1003-1: Recommended update of bci/dotnet-aspnet Message-ID: <20230407070908.005A2F36E@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1003-1 Container Tags : bci/dotnet-aspnet:7.0 , bci/dotnet-aspnet:7.0-10.15 , bci/dotnet-aspnet:7.0.4 , bci/dotnet-aspnet:7.0.4-10.15 , bci/dotnet-aspnet:latest Container Release : 10.15 Severity : moderate Type : recommended References : 1208432 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1779-1 Released: Thu Apr 6 08:16:58 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1208432 This update for systemd fixes the following issues: - Fix return non-zero value when disabling SysVinit service (bsc#1208432) - Drop build requirement on libpci, it's not no longer needed - Move systemd-boot and all components managing (secure) UEFI boot into udev sub-package, so they aren't installed in systemd based containers The following package changes have been done: - libsystemd0-249.16-150400.8.25.7 updated - container:sles15-image-15.0.0-27.14.48 updated From sle-updates at lists.suse.com Fri Apr 7 07:09:57 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 7 Apr 2023 09:09:57 +0200 (CEST) Subject: SUSE-CU-2023:1004-1: Recommended update of bci/dotnet-sdk Message-ID: <20230407070957.8EB0AF36E@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1004-1 Container Tags : bci/dotnet-sdk:6.0 , bci/dotnet-sdk:6.0-32.18 , bci/dotnet-sdk:6.0.15 , bci/dotnet-sdk:6.0.15-32.18 Container Release : 32.18 Severity : moderate Type : recommended References : 1208432 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1779-1 Released: Thu Apr 6 08:16:58 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1208432 This update for systemd fixes the following issues: - Fix return non-zero value when disabling SysVinit service (bsc#1208432) - Drop build requirement on libpci, it's not no longer needed - Move systemd-boot and all components managing (secure) UEFI boot into udev sub-package, so they aren't installed in systemd based containers The following package changes have been done: - libsystemd0-249.16-150400.8.25.7 updated - container:sles15-image-15.0.0-27.14.48 updated From sle-updates at lists.suse.com Fri Apr 7 07:10:05 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 7 Apr 2023 09:10:05 +0200 (CEST) Subject: SUSE-CU-2023:1005-1: Recommended update of bci/dotnet-sdk Message-ID: <20230407071005.920DCF36E@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1005-1 Container Tags : bci/dotnet-sdk:7.0 , bci/dotnet-sdk:7.0-10.18 , bci/dotnet-sdk:7.0.4 , bci/dotnet-sdk:7.0.4-10.18 , bci/dotnet-sdk:latest Container Release : 10.18 Severity : moderate Type : recommended References : 1208432 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1779-1 Released: Thu Apr 6 08:16:58 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1208432 This update for systemd fixes the following issues: - Fix return non-zero value when disabling SysVinit service (bsc#1208432) - Drop build requirement on libpci, it's not no longer needed - Move systemd-boot and all components managing (secure) UEFI boot into udev sub-package, so they aren't installed in systemd based containers The following package changes have been done: - libsystemd0-249.16-150400.8.25.7 updated - container:sles15-image-15.0.0-27.14.48 updated From sle-updates at lists.suse.com Fri Apr 7 07:10:48 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 7 Apr 2023 09:10:48 +0200 (CEST) Subject: SUSE-CU-2023:1006-1: Recommended update of bci/dotnet-runtime Message-ID: <20230407071048.AAEFCF36E@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1006-1 Container Tags : bci/dotnet-runtime:6.0 , bci/dotnet-runtime:6.0-29.17 , bci/dotnet-runtime:6.0.15 , bci/dotnet-runtime:6.0.15-29.17 Container Release : 29.17 Severity : moderate Type : recommended References : 1208432 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1779-1 Released: Thu Apr 6 08:16:58 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1208432 This update for systemd fixes the following issues: - Fix return non-zero value when disabling SysVinit service (bsc#1208432) - Drop build requirement on libpci, it's not no longer needed - Move systemd-boot and all components managing (secure) UEFI boot into udev sub-package, so they aren't installed in systemd based containers The following package changes have been done: - libsystemd0-249.16-150400.8.25.7 updated - container:sles15-image-15.0.0-27.14.48 updated From sle-updates at lists.suse.com Fri Apr 7 07:10:54 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 7 Apr 2023 09:10:54 +0200 (CEST) Subject: SUSE-CU-2023:1007-1: Recommended update of bci/dotnet-runtime Message-ID: <20230407071054.659F6F36E@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1007-1 Container Tags : bci/dotnet-runtime:7.0 , bci/dotnet-runtime:7.0-10.17 , bci/dotnet-runtime:7.0.4 , bci/dotnet-runtime:7.0.4-10.17 , bci/dotnet-runtime:latest Container Release : 10.17 Severity : moderate Type : recommended References : 1208432 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1779-1 Released: Thu Apr 6 08:16:58 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1208432 This update for systemd fixes the following issues: - Fix return non-zero value when disabling SysVinit service (bsc#1208432) - Drop build requirement on libpci, it's not no longer needed - Move systemd-boot and all components managing (secure) UEFI boot into udev sub-package, so they aren't installed in systemd based containers The following package changes have been done: - libsystemd0-249.16-150400.8.25.7 updated - container:sles15-image-15.0.0-27.14.48 updated From sle-updates at lists.suse.com Fri Apr 7 07:11:22 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 7 Apr 2023 09:11:22 +0200 (CEST) Subject: SUSE-CU-2023:1008-1: Security update of bci/golang Message-ID: <20230407071122.8CA77F36E@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1008-1 Container Tags : bci/golang:1.19 , bci/golang:1.19-22.21 Container Release : 22.21 Severity : important Type : security References : 1200441 1208432 1210127 1210128 1210129 1210130 CVE-2023-24534 CVE-2023-24536 CVE-2023-24537 CVE-2023-24538 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1779-1 Released: Thu Apr 6 08:16:58 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1208432 This update for systemd fixes the following issues: - Fix return non-zero value when disabling SysVinit service (bsc#1208432) - Drop build requirement on libpci, it's not no longer needed - Move systemd-boot and all components managing (secure) UEFI boot into udev sub-package, so they aren't installed in systemd based containers ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1792-1 Released: Thu Apr 6 15:37:55 2023 Summary: Security update for go1.19 Type: security Severity: important References: 1200441,1210127,1210128,1210129,1210130,CVE-2023-24534,CVE-2023-24536,CVE-2023-24537,CVE-2023-24538 This update for go1.19 fixes the following issues: Update to 1.19.8 * CVE-2023-24534: security: net/http, net/textproto: denial of service from excessive memory allocation (bsc#1210127) * CVE-2023-24536: security: net/http, net/textproto, mime/multipart: denial of service from excessive resource consumption (bsc#1210128) * CVE-2023-24537: security: go/parser: infinite loop in parsing (bsc#1210129) * CVE-2023-24538: security: html/template: backticks not treated as string delimiters (bsc#1210130) * cmd/go: timeout on darwin-amd64-race builder * runtime/pprof: TestLabelSystemstack due to sample with no location * internal/testpty: fails on some Linux machines due to incorrect error handling * cmd/link: linker fails on linux/amd64 when gcc's lto options are used * cmd/link/internal/arm: off-by-one error in trampoline phase call reachability calculation * time: time zone lookup using extend string makes wrong start time for non-DST zones * runtime: crash on linux-ppc64le The following package changes have been done: - libudev1-249.16-150400.8.25.7 updated - libsystemd0-249.16-150400.8.25.7 updated - go1.19-1.19.8-150000.1.26.1 updated - container:sles15-image-15.0.0-27.14.49 updated From sle-updates at lists.suse.com Fri Apr 7 07:11:27 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 7 Apr 2023 09:11:27 +0200 (CEST) Subject: SUSE-CU-2023:1009-1: Security update of bci/golang Message-ID: <20230407071127.15588F36E@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1009-1 Container Tags : bci/golang:1.20 , bci/golang:1.20-2.21 , bci/golang:latest Container Release : 2.21 Severity : important Type : security References : 1206346 1208432 1210127 1210128 1210129 1210130 CVE-2023-24534 CVE-2023-24536 CVE-2023-24537 CVE-2023-24538 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1779-1 Released: Thu Apr 6 08:16:58 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1208432 This update for systemd fixes the following issues: - Fix return non-zero value when disabling SysVinit service (bsc#1208432) - Drop build requirement on libpci, it's not no longer needed - Move systemd-boot and all components managing (secure) UEFI boot into udev sub-package, so they aren't installed in systemd based containers ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1791-1 Released: Thu Apr 6 15:37:30 2023 Summary: Security update for go1.20 Type: security Severity: important References: 1206346,1210127,1210128,1210129,1210130,CVE-2023-24534,CVE-2023-24536,CVE-2023-24537,CVE-2023-24538 This update for go1.20 fixes the following issues: Update to version 1.20.3: * CVE-2023-24534: security: net/http, net/textproto: denial of service from excessive memory allocation (bsc#1210127) * CVE-2023-24536: security: net/http, net/textproto, mime/multipart: denial of service from excessive resource consumption (bsc#1210128) * CVE-2023-24537: security: go/parser: infinite loop in parsing (bsc#1210129) * CVE-2023-24538: security: html/template: backticks not treated as string delimiters (bsc#1210130) * x/text: building as a plugin failure on darwin/arm64 * cmd/go: timeout on darwin-amd64-race builder * internal/testpty: fails on some Linux machines due to incorrect error handling * cmd/link: Incorrect symbol linked in darwin/arm64 * cmd/link: linker fails on linux/amd64 when gcc's lto options are used * cmd/link/internal/arm: off-by-one error in trampoline phase call reachability calculation * time: time zone lookup using extend string makes wrong start time for non-DST zones * runtime: crash on linux-ppc64le * cmd/compile: crypto/elliptic build error under -linkshared mode * cmd/compile: unsafe.SliceData incoherent resuilt with nil argument The following package changes have been done: - libudev1-249.16-150400.8.25.7 updated - libsystemd0-249.16-150400.8.25.7 updated - go1.20-1.20.3-150000.1.8.1 updated - container:sles15-image-15.0.0-27.14.49 updated From sle-updates at lists.suse.com Fri Apr 7 07:12:05 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 7 Apr 2023 09:12:05 +0200 (CEST) Subject: SUSE-CU-2023:1010-1: Recommended update of bci/bci-init Message-ID: <20230407071205.A32A4F36E@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1010-1 Container Tags : bci/bci-init:15.4 , bci/bci-init:15.4.26.25 , bci/bci-init:latest Container Release : 26.25 Severity : moderate Type : recommended References : 1208432 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1779-1 Released: Thu Apr 6 08:16:58 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1208432 This update for systemd fixes the following issues: - Fix return non-zero value when disabling SysVinit service (bsc#1208432) - Drop build requirement on libpci, it's not no longer needed - Move systemd-boot and all components managing (secure) UEFI boot into udev sub-package, so they aren't installed in systemd based containers The following package changes have been done: - libudev1-249.16-150400.8.25.7 updated - libsystemd0-249.16-150400.8.25.7 updated - systemd-249.16-150400.8.25.7 updated From sle-updates at lists.suse.com Fri Apr 7 07:12:37 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 7 Apr 2023 09:12:37 +0200 (CEST) Subject: SUSE-CU-2023:1011-1: Recommended update of bci/nodejs Message-ID: <20230407071237.8A11DF36E@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1011-1 Container Tags : bci/node:16 , bci/node:16-15.23 , bci/nodejs:16 , bci/nodejs:16-15.23 Container Release : 15.23 Severity : moderate Type : recommended References : 1208432 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1779-1 Released: Thu Apr 6 08:16:58 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1208432 This update for systemd fixes the following issues: - Fix return non-zero value when disabling SysVinit service (bsc#1208432) - Drop build requirement on libpci, it's not no longer needed - Move systemd-boot and all components managing (secure) UEFI boot into udev sub-package, so they aren't installed in systemd based containers The following package changes have been done: - libudev1-249.16-150400.8.25.7 updated - libsystemd0-249.16-150400.8.25.7 updated - container:sles15-image-15.0.0-27.14.48 updated From sle-updates at lists.suse.com Fri Apr 7 07:12:44 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 7 Apr 2023 09:12:44 +0200 (CEST) Subject: SUSE-CU-2023:1012-1: Recommended update of bci/nodejs Message-ID: <20230407071244.677EFF36E@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1012-1 Container Tags : bci/node:18 , bci/node:18-3.22 , bci/node:latest , bci/nodejs:18 , bci/nodejs:18-3.22 , bci/nodejs:latest Container Release : 3.22 Severity : moderate Type : recommended References : 1208432 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1779-1 Released: Thu Apr 6 08:16:58 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1208432 This update for systemd fixes the following issues: - Fix return non-zero value when disabling SysVinit service (bsc#1208432) - Drop build requirement on libpci, it's not no longer needed - Move systemd-boot and all components managing (secure) UEFI boot into udev sub-package, so they aren't installed in systemd based containers The following package changes have been done: - libudev1-249.16-150400.8.25.7 updated - libsystemd0-249.16-150400.8.25.7 updated - container:sles15-image-15.0.0-27.14.48 updated From sle-updates at lists.suse.com Fri Apr 7 07:13:32 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 7 Apr 2023 09:13:32 +0200 (CEST) Subject: SUSE-CU-2023:1013-1: Recommended update of bci/openjdk-devel Message-ID: <20230407071332.3042AF36E@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1013-1 Container Tags : bci/openjdk-devel:11 , bci/openjdk-devel:11-39.43 Container Release : 39.43 Severity : moderate Type : recommended References : 1208432 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1779-1 Released: Thu Apr 6 08:16:58 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1208432 This update for systemd fixes the following issues: - Fix return non-zero value when disabling SysVinit service (bsc#1208432) - Drop build requirement on libpci, it's not no longer needed - Move systemd-boot and all components managing (secure) UEFI boot into udev sub-package, so they aren't installed in systemd based containers The following package changes have been done: - libudev1-249.16-150400.8.25.7 updated - libsystemd0-249.16-150400.8.25.7 updated - container:bci-openjdk-11-15.4.11-35.22 updated From sle-updates at lists.suse.com Fri Apr 7 07:14:12 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 7 Apr 2023 09:14:12 +0200 (CEST) Subject: SUSE-CU-2023:1014-1: Recommended update of bci/openjdk Message-ID: <20230407071412.03AACF36E@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1014-1 Container Tags : bci/openjdk:11 , bci/openjdk:11-35.22 Container Release : 35.22 Severity : moderate Type : recommended References : 1208432 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1779-1 Released: Thu Apr 6 08:16:58 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1208432 This update for systemd fixes the following issues: - Fix return non-zero value when disabling SysVinit service (bsc#1208432) - Drop build requirement on libpci, it's not no longer needed - Move systemd-boot and all components managing (secure) UEFI boot into udev sub-package, so they aren't installed in systemd based containers The following package changes have been done: - libsystemd0-249.16-150400.8.25.7 updated - container:sles15-image-15.0.0-27.14.48 updated From sle-updates at lists.suse.com Fri Apr 7 07:14:32 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 7 Apr 2023 09:14:32 +0200 (CEST) Subject: SUSE-CU-2023:1015-1: Recommended update of bci/openjdk-devel Message-ID: <20230407071432.E9395F36E@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1015-1 Container Tags : bci/openjdk-devel:17 , bci/openjdk-devel:17-14.45 , bci/openjdk-devel:latest Container Release : 14.45 Severity : moderate Type : recommended References : 1208432 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1779-1 Released: Thu Apr 6 08:16:58 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1208432 This update for systemd fixes the following issues: - Fix return non-zero value when disabling SysVinit service (bsc#1208432) - Drop build requirement on libpci, it's not no longer needed - Move systemd-boot and all components managing (secure) UEFI boot into udev sub-package, so they aren't installed in systemd based containers The following package changes have been done: - libudev1-249.16-150400.8.25.7 updated - libsystemd0-249.16-150400.8.25.7 updated - container:bci-openjdk-17-15.4.17-13.23 updated From sle-updates at lists.suse.com Fri Apr 7 07:14:48 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 7 Apr 2023 09:14:48 +0200 (CEST) Subject: SUSE-CU-2023:1016-1: Recommended update of bci/openjdk Message-ID: <20230407071448.3527FF36E@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1016-1 Container Tags : bci/openjdk:17 , bci/openjdk:17-13.23 , bci/openjdk:latest Container Release : 13.23 Severity : moderate Type : recommended References : 1208432 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1779-1 Released: Thu Apr 6 08:16:58 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1208432 This update for systemd fixes the following issues: - Fix return non-zero value when disabling SysVinit service (bsc#1208432) - Drop build requirement on libpci, it's not no longer needed - Move systemd-boot and all components managing (secure) UEFI boot into udev sub-package, so they aren't installed in systemd based containers The following package changes have been done: - libsystemd0-249.16-150400.8.25.7 updated - container:sles15-image-15.0.0-27.14.48 updated From sle-updates at lists.suse.com Fri Apr 7 07:14:50 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 7 Apr 2023 09:14:50 +0200 (CEST) Subject: SUSE-CU-2023:1017-1: Recommended update of bci/php-apache Message-ID: <20230407071450.AC7D4F36E@maintenance.suse.de> SUSE Container Update Advisory: bci/php-apache ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1017-1 Container Tags : bci/php-apache:8 , bci/php-apache:8-2.21 Container Release : 2.21 Severity : moderate Type : recommended References : 1208432 ----------------------------------------------------------------- The container bci/php-apache was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1779-1 Released: Thu Apr 6 08:16:58 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1208432 This update for systemd fixes the following issues: - Fix return non-zero value when disabling SysVinit service (bsc#1208432) - Drop build requirement on libpci, it's not no longer needed - Move systemd-boot and all components managing (secure) UEFI boot into udev sub-package, so they aren't installed in systemd based containers The following package changes have been done: - libsystemd0-249.16-150400.8.25.7 updated - container:sles15-image-15.0.0-27.14.48 updated From sle-updates at lists.suse.com Fri Apr 7 12:30:02 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 07 Apr 2023 12:30:02 -0000 Subject: SUSE-SU-2023:1796-1: moderate: Security update for conmon Message-ID: <168087060268.5579.17397524645135554051@smelt2.suse.de> # Security update for conmon Announcement ID: SUSE-SU-2023:1796-1 Rating: moderate References: * #1209307 Affected Products: * Containers Module 15-SP4 * openSUSE Leap 15.4 * openSUSE Leap Micro 5.3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has one fix can now be installed. ## Description: This update for conmon fixes the following issues: * rebuild against supported go 1.19 (bsc#1209307) * no functional changes. ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-1796=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-1796=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-1796=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-1796=1 * Containers Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Containers-15-SP4-2023-1796=1 ## Package List: * openSUSE Leap Micro 5.3 (aarch64 x86_64) * conmon-2.1.5-150400.3.6.1 * conmon-debuginfo-2.1.5-150400.3.6.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * conmon-2.1.5-150400.3.6.1 * conmon-debuginfo-2.1.5-150400.3.6.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * conmon-2.1.5-150400.3.6.1 * conmon-debuginfo-2.1.5-150400.3.6.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * conmon-2.1.5-150400.3.6.1 * conmon-debuginfo-2.1.5-150400.3.6.1 * Containers Module 15-SP4 (aarch64 ppc64le s390x x86_64) * conmon-2.1.5-150400.3.6.1 * conmon-debuginfo-2.1.5-150400.3.6.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1209307 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Apr 7 12:30:05 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 07 Apr 2023 12:30:05 -0000 Subject: SUSE-SU-2023:1795-1: moderate: Security update for openvswitch Message-ID: <168087060545.5579.8221914041907662539@smelt2.suse.de> # Security update for openvswitch Announcement ID: SUSE-SU-2023:1795-1 Rating: moderate References: * #1188524 * #1203865 Cross-References: * CVE-2021-36980 * CVE-2022-32166 CVSS scores: * CVE-2021-36980 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2021-36980 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2022-32166 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H * CVE-2022-32166 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 * SUSE Package Hub 15 15-SP4 An update that solves two vulnerabilities can now be installed. ## Description: This update for openvswitch fixes the following issues: * CVE-2021-36980: Fixed a use-after-free issue during the decoding of a RAW_ENCAP action (bsc#1188524). * CVE-2022-32166: Fixed a out of bounds read in minimask_equal() (bsc#1203865). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-1795=1 * SUSE Package Hub 15 15-SP4 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2023-1795=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le x86_64) * libdpdk-18_11-18.11.9-150100.4.23.1 * libdpdk-18_11-debuginfo-18.11.9-150100.4.23.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * openvswitch-ovn-host-debuginfo-2.11.5-150100.3.18.2 * openvswitch-ovn-vtep-2.11.5-150100.3.18.2 * openvswitch-ovn-vtep-debuginfo-2.11.5-150100.3.18.2 * openvswitch-ovn-docker-2.11.5-150100.3.18.2 * openvswitch-ovn-central-2.11.5-150100.3.18.2 * libopenvswitch-2_11-0-debuginfo-2.11.5-150100.3.18.2 * python3-ovs-debuginfo-2.11.5-150100.3.18.2 * openvswitch-ovn-common-debuginfo-2.11.5-150100.3.18.2 * openvswitch-ovn-common-2.11.5-150100.3.18.2 * openvswitch-ovn-central-debuginfo-2.11.5-150100.3.18.2 * openvswitch-ovn-host-2.11.5-150100.3.18.2 * libopenvswitch-2_11-0-2.11.5-150100.3.18.2 * SUSE Package Hub 15 15-SP4 (aarch64 ppc64le x86_64) * libdpdk-18_11-18.11.9-150100.4.23.1 * libdpdk-18_11-debuginfo-18.11.9-150100.4.23.1 * SUSE Package Hub 15 15-SP4 (aarch64 ppc64le s390x x86_64) * libopenvswitch-2_11-0-debuginfo-2.11.5-150100.3.18.2 * openvswitch-debuginfo-2.11.5-150100.3.18.2 * openvswitch-debugsource-2.11.5-150100.3.18.2 * libopenvswitch-2_11-0-2.11.5-150100.3.18.2 ## References: * https://www.suse.com/security/cve/CVE-2021-36980.html * https://www.suse.com/security/cve/CVE-2022-32166.html * https://bugzilla.suse.com/show_bug.cgi?id=1188524 * https://bugzilla.suse.com/show_bug.cgi?id=1203865 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Apr 7 12:30:08 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 07 Apr 2023 12:30:08 -0000 Subject: SUSE-SU-2023:1794-1: moderate: Security update for openssl-1_1 Message-ID: <168087060822.5579.13463583058173361157@smelt2.suse.de> # Security update for openssl-1_1 Announcement ID: SUSE-SU-2023:1794-1 Rating: moderate References: * #1209873 * #1209878 Cross-References: * CVE-2023-0465 * CVE-2023-0466 CVSS scores: * CVE-2023-0465 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N * CVE-2023-0465 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2023-0466 ( SUSE ): 2.0 CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N * CVE-2023-0466 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 * SUSE OpenStack Cloud 9 * SUSE OpenStack Cloud Crowbar 9 An update that solves two vulnerabilities can now be installed. ## Description: This update for openssl-1_1 fixes the following issues: * CVE-2023-0465: Invalid certificate policies in leaf certificates were silently ignored (bsc#1209878). * CVE-2023-0466: Certificate policy check were not enabled (bsc#1209873). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE OpenStack Cloud 9 zypper in -t patch SUSE-OpenStack-Cloud-9-2023-1794=1 * SUSE OpenStack Cloud Crowbar 9 zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2023-1794=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 zypper in -t patch SUSE-SLE-SAP-12-SP4-2023-1794=1 * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-1794=1 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 zypper in -t patch SUSE-SLE-SERVER-12-SP4-ESPOS-2023-1794=1 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2023-1794=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-1794=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-1794=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-1794=1 ## Package List: * SUSE OpenStack Cloud 9 (x86_64) * libopenssl1_1-1.1.1d-2.81.1 * libopenssl1_1-debuginfo-32bit-1.1.1d-2.81.1 * libopenssl1_1-hmac-1.1.1d-2.81.1 * openssl-1_1-debugsource-1.1.1d-2.81.1 * openssl-1_1-1.1.1d-2.81.1 * openssl-1_1-debuginfo-1.1.1d-2.81.1 * libopenssl1_1-32bit-1.1.1d-2.81.1 * libopenssl1_1-debuginfo-1.1.1d-2.81.1 * libopenssl1_1-hmac-32bit-1.1.1d-2.81.1 * SUSE OpenStack Cloud Crowbar 9 (x86_64) * libopenssl1_1-1.1.1d-2.81.1 * libopenssl1_1-debuginfo-32bit-1.1.1d-2.81.1 * libopenssl1_1-hmac-1.1.1d-2.81.1 * openssl-1_1-debugsource-1.1.1d-2.81.1 * openssl-1_1-1.1.1d-2.81.1 * openssl-1_1-debuginfo-1.1.1d-2.81.1 * libopenssl1_1-32bit-1.1.1d-2.81.1 * libopenssl1_1-debuginfo-1.1.1d-2.81.1 * libopenssl1_1-hmac-32bit-1.1.1d-2.81.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 (ppc64le x86_64) * libopenssl1_1-1.1.1d-2.81.1 * libopenssl1_1-hmac-1.1.1d-2.81.1 * openssl-1_1-debugsource-1.1.1d-2.81.1 * openssl-1_1-debuginfo-1.1.1d-2.81.1 * openssl-1_1-1.1.1d-2.81.1 * libopenssl1_1-debuginfo-1.1.1d-2.81.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 (x86_64) * libopenssl1_1-hmac-32bit-1.1.1d-2.81.1 * libopenssl1_1-debuginfo-32bit-1.1.1d-2.81.1 * libopenssl1_1-32bit-1.1.1d-2.81.1 * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * openssl-1_1-debuginfo-1.1.1d-2.81.1 * openssl-1_1-debugsource-1.1.1d-2.81.1 * libopenssl-1_1-devel-1.1.1d-2.81.1 * SUSE Linux Enterprise Software Development Kit 12 SP5 (s390x x86_64) * libopenssl-1_1-devel-32bit-1.1.1d-2.81.1 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 (aarch64 x86_64) * libopenssl1_1-1.1.1d-2.81.1 * libopenssl1_1-hmac-1.1.1d-2.81.1 * openssl-1_1-debugsource-1.1.1d-2.81.1 * openssl-1_1-debuginfo-1.1.1d-2.81.1 * openssl-1_1-1.1.1d-2.81.1 * libopenssl1_1-debuginfo-1.1.1d-2.81.1 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 (x86_64) * libopenssl1_1-hmac-32bit-1.1.1d-2.81.1 * libopenssl1_1-debuginfo-32bit-1.1.1d-2.81.1 * libopenssl1_1-32bit-1.1.1d-2.81.1 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 (aarch64 ppc64le s390x x86_64) * libopenssl1_1-1.1.1d-2.81.1 * libopenssl1_1-hmac-1.1.1d-2.81.1 * openssl-1_1-debugsource-1.1.1d-2.81.1 * openssl-1_1-debuginfo-1.1.1d-2.81.1 * openssl-1_1-1.1.1d-2.81.1 * libopenssl1_1-debuginfo-1.1.1d-2.81.1 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 (s390x x86_64) * libopenssl1_1-hmac-32bit-1.1.1d-2.81.1 * libopenssl1_1-debuginfo-32bit-1.1.1d-2.81.1 * libopenssl1_1-32bit-1.1.1d-2.81.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * libopenssl1_1-1.1.1d-2.81.1 * libopenssl1_1-hmac-1.1.1d-2.81.1 * openssl-1_1-debugsource-1.1.1d-2.81.1 * openssl-1_1-debuginfo-1.1.1d-2.81.1 * openssl-1_1-1.1.1d-2.81.1 * libopenssl1_1-debuginfo-1.1.1d-2.81.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (x86_64) * libopenssl1_1-hmac-32bit-1.1.1d-2.81.1 * libopenssl1_1-debuginfo-32bit-1.1.1d-2.81.1 * libopenssl1_1-32bit-1.1.1d-2.81.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * libopenssl1_1-1.1.1d-2.81.1 * libopenssl1_1-hmac-1.1.1d-2.81.1 * openssl-1_1-debugsource-1.1.1d-2.81.1 * openssl-1_1-debuginfo-1.1.1d-2.81.1 * openssl-1_1-1.1.1d-2.81.1 * libopenssl1_1-debuginfo-1.1.1d-2.81.1 * SUSE Linux Enterprise Server 12 SP5 (s390x x86_64) * libopenssl1_1-hmac-32bit-1.1.1d-2.81.1 * libopenssl1_1-debuginfo-32bit-1.1.1d-2.81.1 * libopenssl1_1-32bit-1.1.1d-2.81.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * libopenssl1_1-1.1.1d-2.81.1 * libopenssl1_1-hmac-1.1.1d-2.81.1 * openssl-1_1-debugsource-1.1.1d-2.81.1 * openssl-1_1-debuginfo-1.1.1d-2.81.1 * openssl-1_1-1.1.1d-2.81.1 * libopenssl1_1-debuginfo-1.1.1d-2.81.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (x86_64) * libopenssl1_1-hmac-32bit-1.1.1d-2.81.1 * libopenssl1_1-debuginfo-32bit-1.1.1d-2.81.1 * libopenssl1_1-32bit-1.1.1d-2.81.1 ## References: * https://www.suse.com/security/cve/CVE-2023-0465.html * https://www.suse.com/security/cve/CVE-2023-0466.html * https://bugzilla.suse.com/show_bug.cgi?id=1209873 * https://bugzilla.suse.com/show_bug.cgi?id=1209878 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Apr 7 16:30:02 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 07 Apr 2023 16:30:02 -0000 Subject: SUSE-SU-2023:1799-1: important: Security update for ghostscript Message-ID: <168088500247.23593.1532304861592369371@smelt2.suse.de> # Security update for ghostscript Announcement ID: SUSE-SU-2023:1799-1 Rating: important References: * #1210062 Cross-References: * CVE-2023-28879 CVSS scores: * CVE-2023-28879 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * Basesystem Module 15-SP4 * openSUSE Leap 15.4 * SUSE CaaS Platform 4.0 * SUSE Enterprise Storage 7 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 An update that solves one vulnerability can now be installed. ## Description: This update for ghostscript fixes the following issues: * CVE-2023-28879: Fixed buffer Overflow in s_xBCPE_process (bsc#1210062). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-1799=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-1799=1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-1799=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-1799=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-1799=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-1799=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-1799=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-1799=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-1799=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-1799=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-1799=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-1799=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-1799=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-1799=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-1799=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-1799=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-1799=1 * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-1799=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * ghostscript-x11-9.52-150000.164.1 * ghostscript-debugsource-9.52-150000.164.1 * ghostscript-9.52-150000.164.1 * ghostscript-debuginfo-9.52-150000.164.1 * ghostscript-x11-debuginfo-9.52-150000.164.1 * ghostscript-devel-9.52-150000.164.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * ghostscript-x11-9.52-150000.164.1 * ghostscript-debugsource-9.52-150000.164.1 * ghostscript-9.52-150000.164.1 * ghostscript-debuginfo-9.52-150000.164.1 * ghostscript-x11-debuginfo-9.52-150000.164.1 * ghostscript-devel-9.52-150000.164.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * ghostscript-x11-9.52-150000.164.1 * ghostscript-debugsource-9.52-150000.164.1 * ghostscript-9.52-150000.164.1 * ghostscript-debuginfo-9.52-150000.164.1 * ghostscript-x11-debuginfo-9.52-150000.164.1 * ghostscript-devel-9.52-150000.164.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * ghostscript-x11-9.52-150000.164.1 * ghostscript-debugsource-9.52-150000.164.1 * ghostscript-9.52-150000.164.1 * ghostscript-debuginfo-9.52-150000.164.1 * ghostscript-x11-debuginfo-9.52-150000.164.1 * ghostscript-devel-9.52-150000.164.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * ghostscript-x11-9.52-150000.164.1 * ghostscript-debugsource-9.52-150000.164.1 * ghostscript-9.52-150000.164.1 * ghostscript-debuginfo-9.52-150000.164.1 * ghostscript-x11-debuginfo-9.52-150000.164.1 * ghostscript-devel-9.52-150000.164.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * ghostscript-x11-9.52-150000.164.1 * ghostscript-debugsource-9.52-150000.164.1 * ghostscript-9.52-150000.164.1 * ghostscript-debuginfo-9.52-150000.164.1 * ghostscript-x11-debuginfo-9.52-150000.164.1 * ghostscript-devel-9.52-150000.164.1 * SUSE Linux Enterprise Real Time 15 SP3 (x86_64) * ghostscript-x11-9.52-150000.164.1 * ghostscript-debugsource-9.52-150000.164.1 * ghostscript-9.52-150000.164.1 * ghostscript-debuginfo-9.52-150000.164.1 * ghostscript-x11-debuginfo-9.52-150000.164.1 * ghostscript-devel-9.52-150000.164.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * ghostscript-x11-9.52-150000.164.1 * ghostscript-debugsource-9.52-150000.164.1 * ghostscript-9.52-150000.164.1 * ghostscript-debuginfo-9.52-150000.164.1 * ghostscript-x11-debuginfo-9.52-150000.164.1 * ghostscript-devel-9.52-150000.164.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * ghostscript-x11-9.52-150000.164.1 * ghostscript-debugsource-9.52-150000.164.1 * ghostscript-9.52-150000.164.1 * ghostscript-debuginfo-9.52-150000.164.1 * ghostscript-x11-debuginfo-9.52-150000.164.1 * ghostscript-devel-9.52-150000.164.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * ghostscript-x11-9.52-150000.164.1 * ghostscript-debugsource-9.52-150000.164.1 * ghostscript-9.52-150000.164.1 * ghostscript-debuginfo-9.52-150000.164.1 * ghostscript-x11-debuginfo-9.52-150000.164.1 * ghostscript-devel-9.52-150000.164.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * ghostscript-x11-9.52-150000.164.1 * ghostscript-debugsource-9.52-150000.164.1 * ghostscript-9.52-150000.164.1 * ghostscript-debuginfo-9.52-150000.164.1 * ghostscript-x11-debuginfo-9.52-150000.164.1 * ghostscript-devel-9.52-150000.164.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * ghostscript-x11-9.52-150000.164.1 * ghostscript-debugsource-9.52-150000.164.1 * ghostscript-9.52-150000.164.1 * ghostscript-debuginfo-9.52-150000.164.1 * ghostscript-x11-debuginfo-9.52-150000.164.1 * ghostscript-devel-9.52-150000.164.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * ghostscript-x11-9.52-150000.164.1 * ghostscript-debugsource-9.52-150000.164.1 * ghostscript-9.52-150000.164.1 * ghostscript-debuginfo-9.52-150000.164.1 * ghostscript-x11-debuginfo-9.52-150000.164.1 * ghostscript-devel-9.52-150000.164.1 * SUSE Manager Proxy 4.2 (x86_64) * ghostscript-x11-9.52-150000.164.1 * ghostscript-debugsource-9.52-150000.164.1 * ghostscript-9.52-150000.164.1 * ghostscript-debuginfo-9.52-150000.164.1 * ghostscript-x11-debuginfo-9.52-150000.164.1 * ghostscript-devel-9.52-150000.164.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * ghostscript-x11-9.52-150000.164.1 * ghostscript-debugsource-9.52-150000.164.1 * ghostscript-9.52-150000.164.1 * ghostscript-debuginfo-9.52-150000.164.1 * ghostscript-x11-debuginfo-9.52-150000.164.1 * ghostscript-devel-9.52-150000.164.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * ghostscript-x11-9.52-150000.164.1 * ghostscript-debugsource-9.52-150000.164.1 * ghostscript-9.52-150000.164.1 * ghostscript-debuginfo-9.52-150000.164.1 * ghostscript-x11-debuginfo-9.52-150000.164.1 * ghostscript-devel-9.52-150000.164.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * ghostscript-x11-9.52-150000.164.1 * ghostscript-debugsource-9.52-150000.164.1 * ghostscript-9.52-150000.164.1 * ghostscript-debuginfo-9.52-150000.164.1 * ghostscript-x11-debuginfo-9.52-150000.164.1 * ghostscript-devel-9.52-150000.164.1 * SUSE Enterprise Storage 7 (aarch64 x86_64) * ghostscript-x11-9.52-150000.164.1 * ghostscript-debugsource-9.52-150000.164.1 * ghostscript-9.52-150000.164.1 * ghostscript-debuginfo-9.52-150000.164.1 * ghostscript-x11-debuginfo-9.52-150000.164.1 * ghostscript-devel-9.52-150000.164.1 * SUSE CaaS Platform 4.0 (x86_64) * ghostscript-x11-9.52-150000.164.1 * ghostscript-debugsource-9.52-150000.164.1 * ghostscript-9.52-150000.164.1 * ghostscript-debuginfo-9.52-150000.164.1 * ghostscript-x11-debuginfo-9.52-150000.164.1 * ghostscript-devel-9.52-150000.164.1 ## References: * https://www.suse.com/security/cve/CVE-2023-28879.html * https://bugzilla.suse.com/show_bug.cgi?id=1210062 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Apr 7 16:30:04 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 07 Apr 2023 16:30:04 -0000 Subject: SUSE-SU-2023:1797-1: important: Security update for ghostscript Message-ID: <168088500441.23593.2925867589571045148@smelt2.suse.de> # Security update for ghostscript Announcement ID: SUSE-SU-2023:1797-1 Rating: important References: * #1210062 Cross-References: * CVE-2023-28879 CVSS scores: * CVE-2023-28879 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP2 * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP2 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 * SUSE OpenStack Cloud 9 * SUSE OpenStack Cloud Crowbar 9 An update that solves one vulnerability can now be installed. ## Description: This update for ghostscript fixes the following issues: * CVE-2023-28879: Fixed buffer Overflow in s_xBCPE_process (bsc#1210062). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE OpenStack Cloud 9 zypper in -t patch SUSE-OpenStack-Cloud-9-2023-1797=1 * SUSE OpenStack Cloud Crowbar 9 zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2023-1797=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 zypper in -t patch SUSE-SLE-SAP-12-SP4-2023-1797=1 * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-1797=1 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2023-1797=1 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 zypper in -t patch SUSE-SLE-SERVER-12-SP4-ESPOS-2023-1797=1 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2023-1797=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-1797=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-1797=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-1797=1 ## Package List: * SUSE OpenStack Cloud 9 (x86_64) * ghostscript-debugsource-9.52-23.51.1 * ghostscript-9.52-23.51.1 * ghostscript-devel-9.52-23.51.1 * ghostscript-debuginfo-9.52-23.51.1 * ghostscript-x11-debuginfo-9.52-23.51.1 * ghostscript-x11-9.52-23.51.1 * SUSE OpenStack Cloud Crowbar 9 (x86_64) * ghostscript-debugsource-9.52-23.51.1 * ghostscript-9.52-23.51.1 * ghostscript-devel-9.52-23.51.1 * ghostscript-debuginfo-9.52-23.51.1 * ghostscript-x11-debuginfo-9.52-23.51.1 * ghostscript-x11-9.52-23.51.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 (ppc64le x86_64) * ghostscript-debugsource-9.52-23.51.1 * ghostscript-9.52-23.51.1 * ghostscript-devel-9.52-23.51.1 * ghostscript-debuginfo-9.52-23.51.1 * ghostscript-x11-debuginfo-9.52-23.51.1 * ghostscript-x11-9.52-23.51.1 * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * ghostscript-debugsource-9.52-23.51.1 * ghostscript-devel-9.52-23.51.1 * ghostscript-debuginfo-9.52-23.51.1 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 (x86_64) * ghostscript-debugsource-9.52-23.51.1 * ghostscript-9.52-23.51.1 * ghostscript-devel-9.52-23.51.1 * ghostscript-debuginfo-9.52-23.51.1 * ghostscript-x11-debuginfo-9.52-23.51.1 * ghostscript-x11-9.52-23.51.1 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 (aarch64 x86_64) * ghostscript-debugsource-9.52-23.51.1 * ghostscript-9.52-23.51.1 * ghostscript-devel-9.52-23.51.1 * ghostscript-debuginfo-9.52-23.51.1 * ghostscript-x11-debuginfo-9.52-23.51.1 * ghostscript-x11-9.52-23.51.1 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 (aarch64 ppc64le s390x x86_64) * ghostscript-debugsource-9.52-23.51.1 * ghostscript-9.52-23.51.1 * ghostscript-devel-9.52-23.51.1 * ghostscript-debuginfo-9.52-23.51.1 * ghostscript-x11-debuginfo-9.52-23.51.1 * ghostscript-x11-9.52-23.51.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * ghostscript-debugsource-9.52-23.51.1 * ghostscript-9.52-23.51.1 * ghostscript-devel-9.52-23.51.1 * ghostscript-debuginfo-9.52-23.51.1 * ghostscript-x11-debuginfo-9.52-23.51.1 * ghostscript-x11-9.52-23.51.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * ghostscript-debugsource-9.52-23.51.1 * ghostscript-9.52-23.51.1 * ghostscript-devel-9.52-23.51.1 * ghostscript-debuginfo-9.52-23.51.1 * ghostscript-x11-debuginfo-9.52-23.51.1 * ghostscript-x11-9.52-23.51.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * ghostscript-debugsource-9.52-23.51.1 * ghostscript-9.52-23.51.1 * ghostscript-devel-9.52-23.51.1 * ghostscript-debuginfo-9.52-23.51.1 * ghostscript-x11-debuginfo-9.52-23.51.1 * ghostscript-x11-9.52-23.51.1 ## References: * https://www.suse.com/security/cve/CVE-2023-28879.html * https://bugzilla.suse.com/show_bug.cgi?id=1210062 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Sat Apr 8 07:03:33 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 8 Apr 2023 09:03:33 +0200 (CEST) Subject: SUSE-CU-2023:1018-1: Recommended update of bci/nodejs Message-ID: <20230408070333.66BB8F36E@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1018-1 Container Tags : bci/node:14 , bci/node:14-37.24 , bci/nodejs:14 , bci/nodejs:14-37.24 Container Release : 37.24 Severity : moderate Type : recommended References : 1208432 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1779-1 Released: Thu Apr 6 08:16:58 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1208432 This update for systemd fixes the following issues: - Fix return non-zero value when disabling SysVinit service (bsc#1208432) - Drop build requirement on libpci, it's not no longer needed - Move systemd-boot and all components managing (secure) UEFI boot into udev sub-package, so they aren't installed in systemd based containers The following package changes have been done: - libudev1-249.16-150400.8.25.7 updated - libsystemd0-249.16-150400.8.25.7 updated - container:sles15-image-15.0.0-27.14.48 updated From sle-updates at lists.suse.com Sat Apr 8 07:03:35 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 8 Apr 2023 09:03:35 +0200 (CEST) Subject: SUSE-CU-2023:1017-1: Recommended update of bci/php-apache Message-ID: <20230408070335.BB1A6F36E@maintenance.suse.de> SUSE Container Update Advisory: bci/php-apache ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1017-1 Container Tags : bci/php-apache:8 , bci/php-apache:8-2.21 Container Release : 2.21 Severity : moderate Type : recommended References : 1208432 ----------------------------------------------------------------- The container bci/php-apache was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1779-1 Released: Thu Apr 6 08:16:58 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1208432 This update for systemd fixes the following issues: - Fix return non-zero value when disabling SysVinit service (bsc#1208432) - Drop build requirement on libpci, it's not no longer needed - Move systemd-boot and all components managing (secure) UEFI boot into udev sub-package, so they aren't installed in systemd based containers The following package changes have been done: - libsystemd0-249.16-150400.8.25.7 updated - container:sles15-image-15.0.0-27.14.48 updated From sle-updates at lists.suse.com Sat Apr 8 07:03:38 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 8 Apr 2023 09:03:38 +0200 (CEST) Subject: SUSE-CU-2023:1019-1: Recommended update of bci/php-fpm Message-ID: <20230408070338.1103DF36E@maintenance.suse.de> SUSE Container Update Advisory: bci/php-fpm ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1019-1 Container Tags : bci/php-fpm:8 , bci/php-fpm:8-2.20 Container Release : 2.20 Severity : moderate Type : recommended References : 1208432 ----------------------------------------------------------------- The container bci/php-fpm was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1779-1 Released: Thu Apr 6 08:16:58 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1208432 This update for systemd fixes the following issues: - Fix return non-zero value when disabling SysVinit service (bsc#1208432) - Drop build requirement on libpci, it's not no longer needed - Move systemd-boot and all components managing (secure) UEFI boot into udev sub-package, so they aren't installed in systemd based containers The following package changes have been done: - libsystemd0-249.16-150400.8.25.7 updated - container:sles15-image-15.0.0-27.14.48 updated From sle-updates at lists.suse.com Sat Apr 8 07:03:40 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 8 Apr 2023 09:03:40 +0200 (CEST) Subject: SUSE-CU-2023:1020-1: Recommended update of bci/php Message-ID: <20230408070340.E397DF36E@maintenance.suse.de> SUSE Container Update Advisory: bci/php ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1020-1 Container Tags : bci/php:8 , bci/php:8-2.20 Container Release : 2.20 Severity : moderate Type : recommended References : 1208432 ----------------------------------------------------------------- The container bci/php was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1779-1 Released: Thu Apr 6 08:16:58 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1208432 This update for systemd fixes the following issues: - Fix return non-zero value when disabling SysVinit service (bsc#1208432) - Drop build requirement on libpci, it's not no longer needed - Move systemd-boot and all components managing (secure) UEFI boot into udev sub-package, so they aren't installed in systemd based containers The following package changes have been done: - libsystemd0-249.16-150400.8.25.7 updated - container:sles15-image-15.0.0-27.14.48 updated From sle-updates at lists.suse.com Sat Apr 8 07:04:14 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 8 Apr 2023 09:04:14 +0200 (CEST) Subject: SUSE-CU-2023:1021-1: Recommended update of bci/python Message-ID: <20230408070414.9ADAAF36E@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1021-1 Container Tags : bci/python:3 , bci/python:3-12.20 , bci/python:3.10 , bci/python:3.10-12.20 , bci/python:latest Container Release : 12.20 Severity : moderate Type : recommended References : 1208432 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1779-1 Released: Thu Apr 6 08:16:58 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1208432 This update for systemd fixes the following issues: - Fix return non-zero value when disabling SysVinit service (bsc#1208432) - Drop build requirement on libpci, it's not no longer needed - Move systemd-boot and all components managing (secure) UEFI boot into udev sub-package, so they aren't installed in systemd based containers The following package changes have been done: - libudev1-249.16-150400.8.25.7 updated - libsystemd0-249.16-150400.8.25.7 updated - container:sles15-image-15.0.0-27.14.48 updated From sle-updates at lists.suse.com Sat Apr 8 07:04:52 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 8 Apr 2023 09:04:52 +0200 (CEST) Subject: SUSE-CU-2023:1022-1: Recommended update of bci/python Message-ID: <20230408070452.8F414F36E@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1022-1 Container Tags : bci/python:3 , bci/python:3-35.21 , bci/python:3.6 , bci/python:3.6-35.21 Container Release : 35.21 Severity : moderate Type : recommended References : 1208432 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1779-1 Released: Thu Apr 6 08:16:58 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1208432 This update for systemd fixes the following issues: - Fix return non-zero value when disabling SysVinit service (bsc#1208432) - Drop build requirement on libpci, it's not no longer needed - Move systemd-boot and all components managing (secure) UEFI boot into udev sub-package, so they aren't installed in systemd based containers The following package changes have been done: - libudev1-249.16-150400.8.25.7 updated - libsystemd0-249.16-150400.8.25.7 updated - container:sles15-image-15.0.0-27.14.48 updated From sle-updates at lists.suse.com Sat Apr 8 07:05:28 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 8 Apr 2023 09:05:28 +0200 (CEST) Subject: SUSE-CU-2023:1023-1: Recommended update of bci/ruby Message-ID: <20230408070528.62BB4F36E@maintenance.suse.de> SUSE Container Update Advisory: bci/ruby ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1023-1 Container Tags : bci/ruby:2 , bci/ruby:2-34.20 , bci/ruby:2.5 , bci/ruby:2.5-34.20 , bci/ruby:latest Container Release : 34.20 Severity : moderate Type : recommended References : 1208432 ----------------------------------------------------------------- The container bci/ruby was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1779-1 Released: Thu Apr 6 08:16:58 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1208432 This update for systemd fixes the following issues: - Fix return non-zero value when disabling SysVinit service (bsc#1208432) - Drop build requirement on libpci, it's not no longer needed - Move systemd-boot and all components managing (secure) UEFI boot into udev sub-package, so they aren't installed in systemd based containers The following package changes have been done: - libudev1-249.16-150400.8.25.7 updated - libsystemd0-249.16-150400.8.25.7 updated - container:sles15-image-15.0.0-27.14.48 updated From sle-updates at lists.suse.com Sat Apr 8 07:05:39 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 8 Apr 2023 09:05:39 +0200 (CEST) Subject: SUSE-CU-2023:1024-1: Recommended update of bci/rust Message-ID: <20230408070539.4AC6BF36E@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1024-1 Container Tags : bci/rust:1.66 , bci/rust:1.66-4.20 Container Release : 4.20 Severity : moderate Type : recommended References : 1208432 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1779-1 Released: Thu Apr 6 08:16:58 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1208432 This update for systemd fixes the following issues: - Fix return non-zero value when disabling SysVinit service (bsc#1208432) - Drop build requirement on libpci, it's not no longer needed - Move systemd-boot and all components managing (secure) UEFI boot into udev sub-package, so they aren't installed in systemd based containers The following package changes have been done: - libsystemd0-249.16-150400.8.25.7 updated - container:sles15-image-15.0.0-27.14.48 updated From sle-updates at lists.suse.com Sat Apr 8 07:05:45 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 8 Apr 2023 09:05:45 +0200 (CEST) Subject: SUSE-CU-2023:1025-1: Recommended update of bci/rust Message-ID: <20230408070545.6D927F36E@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1025-1 Container Tags : bci/rust:1.67 , bci/rust:1.67-3.19 , bci/rust:latest Container Release : 3.19 Severity : moderate Type : recommended References : 1208432 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1779-1 Released: Thu Apr 6 08:16:58 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1208432 This update for systemd fixes the following issues: - Fix return non-zero value when disabling SysVinit service (bsc#1208432) - Drop build requirement on libpci, it's not no longer needed - Move systemd-boot and all components managing (secure) UEFI boot into udev sub-package, so they aren't installed in systemd based containers The following package changes have been done: - libsystemd0-249.16-150400.8.25.7 updated - container:sles15-image-15.0.0-27.14.48 updated From sle-updates at lists.suse.com Sat Apr 8 07:06:14 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 8 Apr 2023 09:06:14 +0200 (CEST) Subject: SUSE-CU-2023:1026-1: Recommended update of suse/sle15 Message-ID: <20230408070614.A12CDF36E@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1026-1 Container Tags : bci/bci-base:15.4 , bci/bci-base:15.4.27.14.49 , suse/sle15:15.4 , suse/sle15:15.4.27.14.49 Container Release : 27.14.49 Severity : moderate Type : recommended References : 1208432 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1779-1 Released: Thu Apr 6 08:16:58 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1208432 This update for systemd fixes the following issues: - Fix return non-zero value when disabling SysVinit service (bsc#1208432) - Drop build requirement on libpci, it's not no longer needed - Move systemd-boot and all components managing (secure) UEFI boot into udev sub-package, so they aren't installed in systemd based containers The following package changes have been done: - libsystemd0-249.16-150400.8.25.7 updated - libudev1-249.16-150400.8.25.7 updated From sle-updates at lists.suse.com Sat Apr 8 07:06:39 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 8 Apr 2023 09:06:39 +0200 (CEST) Subject: SUSE-CU-2023:1029-1: Recommended update of bci/bci-init Message-ID: <20230408070639.38170F36E@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1029-1 Container Tags : bci/bci-init:15.5 , bci/bci-init:15.5.4.59 Container Release : 4.59 Severity : moderate Type : recommended References : 1208432 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1779-1 Released: Thu Apr 6 08:16:58 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1208432 This update for systemd fixes the following issues: - Fix return non-zero value when disabling SysVinit service (bsc#1208432) - Drop build requirement on libpci, it's not no longer needed - Move systemd-boot and all components managing (secure) UEFI boot into udev sub-package, so they aren't installed in systemd based containers The following package changes have been done: - libgcrypt20-1.9.4-150500.10.16 updated - libgcrypt20-hmac-1.9.4-150500.10.16 updated - libudev1-249.16-150400.8.25.7 updated - libsystemd0-249.16-150400.8.25.7 updated - libopenssl1_1-1.1.1l-150500.15.1 updated - libopenssl1_1-hmac-1.1.1l-150500.15.1 updated - sles-release-15.5-150500.37.6 updated - systemd-249.16-150400.8.25.7 updated - container:sles15-image-15.0.0-35.2.22 updated From sle-updates at lists.suse.com Mon Apr 10 12:30:54 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 10 Apr 2023 12:30:54 -0000 Subject: SUSE-SU-2023:1803-1: important: Security update for the Linux Kernel Message-ID: <168112985482.11649.4539088934111822489@smelt2.suse.de> # Security update for the Linux Kernel Announcement ID: SUSE-SU-2023:1803-1 Rating: important References: * #1065729 * #1076830 * #1109158 * #1181001 * #1191924 * #1193231 * #1199837 * #1203092 * #1203693 * #1206010 * #1207001 * #1207036 * #1207125 * #1207795 * #1207890 * #1208048 * #1208179 * #1208599 * #1208777 * #1208850 * #1209008 * #1209052 * #1209118 * #1209126 * #1209256 * #1209289 * #1209291 * #1209292 * #1209532 * #1209547 * #1209549 * #1209556 * #1209572 * #1209634 * #1209684 * #1209778 * #1209798 Cross-References: * CVE-2017-5753 * CVE-2021-3923 * CVE-2022-20567 * CVE-2023-0590 * CVE-2023-1076 * CVE-2023-1095 * CVE-2023-1281 * CVE-2023-1390 * CVE-2023-1513 * CVE-2023-23454 * CVE-2023-23455 * CVE-2023-28328 * CVE-2023-28464 * CVE-2023-28772 CVSS scores: * CVE-2017-5753 ( SUSE ): 7.1 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N * CVE-2017-5753 ( NVD ): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N * CVE-2017-5753 ( NVD ): 5.6 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N * CVE-2021-3923 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2021-3923 ( NVD ): 2.3 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N * CVE-2022-20567 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2022-20567 ( NVD ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-0590 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-0590 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-1076 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2023-1076 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N * CVE-2023-1095 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-1095 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-1281 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1281 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1390 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-1390 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-1513 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2023-1513 ( NVD ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2023-23454 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-23454 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-23455 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-23455 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-28464 ( SUSE ): 4.8 CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-28464 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-28772 ( SUSE ): 3.0 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:L * CVE-2023-28772 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Availability Extension 12 SP5 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Live Patching 12-SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 * SUSE Linux Enterprise Workstation Extension 12 12-SP5 An update that solves 14 vulnerabilities, contains one feature and has 23 fixes can now be installed. ## Description: The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: * CVE-2017-5753: Fixed spectre V1 vulnerability on netlink (bsc#1209547). * CVE-2017-5753: Fixed spectre vulnerability in prlimit (bsc#1209256). * CVE-2021-3923: Fixed stack information leak vulnerability that could lead to kernel protection bypass in infiniband RDMA (bsc#1209778). * CVE-2022-20567: Fixed use after free that could lead to a local privilege escalation in pppol2tp_create of l2tp_ppp.c (bsc#1208850). * CVE-2023-0590: Fixed race condition in qdisc_graft() (bsc#1207795). * CVE-2023-1076: Fixed incorrect UID assigned to tun/tap sockets (bsc#1208599). * CVE-2023-1095: Fixed a NULL pointer dereference in nf_tables due to zeroed list head (bsc#1208777). * CVE-2023-1281: Fixed use after free that could lead to privilege escalation in tcindex (bsc#1209634). * CVE-2023-1390: Fixed remote DoS vulnerability in tipc_link_xmit() (bsc#1209289). * CVE-2023-1513: Fixed an uninitialized portions of the kvm_debugregs structure that could be copied to userspace, causing an information leak (bsc#1209532). * CVE-2023-23454: Fixed a type-confusion in the CBQ network scheduler (bsc#1207036). * CVE-2023-23455: Fixed a denial of service inside atm_tc_enqueue in net/sched/sch_atm.c because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results) (bsc#1207125). * CVE-2023-28328: Fixed a denial of service issue in az6027 driver in drivers/media/usb/dev-usb/az6027.c (bsc#1209291). * CVE-2023-28464: Fixed user-after-free that could lead to privilege escalation in hci_conn_cleanup in net/bluetooth/hci_conn.c (bsc#1209052). * CVE-2023-28772: Fixed buffer overflow in seq_buf_putmem_hex in lib/seq_buf.c (bsc#1209549). The following non-security bugs were fixed: * Bluetooth: btusb: Add VID:PID 13d3:3529 for Realtek RTL8821CE (git-fixes). * Bluetooth: btusb: do not call kfree_skb() under spin_lock_irqsave() (git- fixes). * Do not sign the vanilla kernel (bsc#1209008). * Input: atmel_mxt_ts - fix double free in mxt_read_info_block (git-fixes). * KVM: arm64: Hide system instruction access to Trace registers (git-fixes) * NFSv4: Fix hangs when recovering open state after a server reboot (git- fixes). [iivanov] Fix Patch-mainline to v6.3-rc5 * PCI/MSI: Enforce MSI entry updates to be visible (git-fixes). * PCI/MSI: Enforce that MSI-X table entry is masked for update (git-fixes). * PCI/MSI: Mask all unused MSI-X entries (git-fixes). * PCI/MSI: Skip masking MSI-X on Xen PV (git-fixes). * PCI/PM: Always return devices to D0 when thawing (git-fixes). * PCI/PM: Avoid using device_may_wakeup() for runtime PM (git-fixes). * PCI: Add ACS quirk for Intel Root Complex Integrated Endpoints (git-fixes). * PCI: Add ACS quirk for iProc PAXB (git-fixes). * PCI: Avoid FLR for AMD Matisse HD Audio & USB 3.0 (git-fixes). * PCI: Avoid FLR for AMD Starship USB 3.0 (git-fixes). * PCI: Make ACS quirk implementations more uniform (git-fixes). * PCI: PM: Avoid forcing PCI_D0 for wakeup reasons inconsistently (git-fixes). * PCI: PM: Avoid skipping bus-level PM on platforms without ACPI (git-fixes). * PCI: Unify ACS quirk desired vs provided checking (git-fixes). * PCI: Use pci_update_current_state() in pci_enable_device_flags() (git- fixes). * PCI: aardvark: Do not blindly enable ASPM L0s and do not write to read-only register (git-fixes). * PCI: aardvark: Do not rely on jiffies while holding spinlock (git-fixes). * PCI: aardvark: Do not touch PCIe registers if no card connected (git-fixes). * PCI: aardvark: Fix a leaked reference by adding missing of_node_put() (git- fixes). * PCI: aardvark: Fix checking for PIO Non-posted Request (git-fixes). * PCI: aardvark: Fix kernel panic during PIO transfer (git-fixes). * PCI: aardvark: Improve link training (git-fixes). * PCI: aardvark: Indicate error in 'val' when config read fails (git-fixes). * PCI: aardvark: Introduce an advk_pcie_valid_device() helper (git-fixes). * PCI: aardvark: Remove PCIe outbound window configuration (git-fixes). * PCI: aardvark: Train link immediately after enabling training (git-fixes). * PCI: aardvark: Wait for endpoint to be ready before training link (git- fixes). * PCI: endpoint: Cast the page number to phys_addr_t (git-fixes). * PCI: endpoint: Fix for concurrent memory allocation in OB address region (git-fixes). * PCI: hv: Add a per-bus mutex state_lock (bsc#1207001). * PCI: hv: Fix a race condition in hv_irq_unmask() that can cause panic (bsc#1207001). * PCI: hv: Remove the useless hv_pcichild_state from struct hv_pci_dev (bsc#1207001). * PCI: hv: fix a race condition bug in hv_pci_query_relations() (bsc#1207001). * PCI: qcom: Use PHY_REFCLK_USE_PAD only for ipq8064 (git-fixes). * PCI: tegra: Fix OF node reference leak (git-fixes). * PCI: xgene-msi: Fix race in installing chained irq handler (git-fixes). * PM: hibernate: flush swap writer after marking (git-fixes). * README.BRANCH: Adding myself to the maintainer list * README: remove copy of config and update the text (bsc#1191924) * Revert "PCI: hv: Fix a timing issue which causes kdump to fail occasionally" (bsc#1207001). * Revert "arm64: dts: juno: add dma-ranges property" (git-fixes) * Revert "mei: me: enable asynchronous probing" (bsc#1208048, bsc#1209126). * SUNRPC: Fix a server shutdown leak (git-fixes). * applicom: Fix PCI device refcount leak in applicom_init() (git-fixes). * arm64/alternatives: do not patch up internal branches (git-fixes) * arm64/alternatives: move length validation inside the subsection (git-fixes) * arm64/alternatives: use subsections for replacement sequences (git-fixes) * arm64/cpufeature: Fix field sign for DIT hwcap detection (git-fixes) * arm64/mm: fix variable 'pud' set but not used (git-fixes) * arm64/mm: return cpu_all_mask when node is NUMA_NO_NODE (git-fixes) * arm64/vdso: Discard .note.gnu.property sections in vDSO (git-fixes) * arm64: Discard .note.GNU-stack section (bsc#1203693 bsc#1209798). * arm64: Do not forget syscall when starting a new thread. (git-fixes) * arm64: Fix compiler warning from pte_unmap() with (git-fixes) * arm64: Mark __stack_chk_guard as __ro_after_init (git-fixes) * arm64: Use test_tsk_thread_flag() for checking TIF_SINGLESTEP (git-fixes) * arm64: cmpxchg_double*: hazard against entire exchange variable (git-fixes) * arm64: cpu_ops: fix a leaked reference by adding missing of_node_put (git- fixes) * arm64: fix oops in concurrently setting insn_emulation sysctls (git-fixes) * arm64: kprobe: make page to RO mode when allocate it (git-fixes) * arm64: kpti: ensure patched kernel text is fetched from PoU (git-fixes) * arm64: psci: Avoid printing in cpu_psci_cpu_die() (git-fixes) * arm64: psci: Reduce the waiting time for cpu_psci_cpu_kill() (git-fixes) * arm64: unwind: Prohibit probing on return_address() (git-fixes) * crypto: arm64 - Fix unused variable compilation warnings of (git-fixes) * dt-bindings: reset: meson8b: fix duplicate reset IDs (git-fixes). * ftrace: Fix invalid address access in lookup_rec() when index is 0 (git- fixes). * git_sort: tests: Adjust to new net repository location * git_sort: tests: Fix tests failing on SLE15 Use the correct base image, pygit2 is not found by pythong otherwise. * git_sort: tests: Kernel:tools does not have Leap repos, use SLE * git_sort: tests: Use 15.4, 15.3 is EOL * git_sort: tests: do not disable package repository GPG check This adds the Kernel repository key and enables GPG check for package installation inside containers. * git_sort: tests: exit on error * ima: Fix function name error in comment (git-fixes). * ipv4: route: fix inet_rtm_getroute induced crash (git-fixes). * kabi: PCI: endpoint: Fix for concurrent memory allocation in OB address region (git-fixes). * kernel-module-subpackage: Fix expansion with -b parameter (bsc#1208179). * kfifo: fix ternary sign extension bugs (git-fixes). * kgdb: Drop malformed kernel doc comment (git-fixes). * media: coda: Add check for dcoda_iram_alloc (git-fixes). * media: coda: Add check for kmalloc (git-fixes). * media: platform: ti: Add missing check for devm_regulator_get (git-fixes). * net: usb: lan78xx: Limit packet length to skb->len (git-fixes). * net: usb: qmi_wwan: Adding support for Cinterion MV31 (git-fixes). * net: usb: smsc75xx: Limit packet length to skb->len (git-fixes). * net: usb: smsc75xx: Move packet length check to prevent kernel panic in skb_pull (git-fixes). * net: usb: smsc95xx: Limit packet length to skb->len (git-fixes). * powerpc/btext: add missing of_node_put (bsc#1065729). * powerpc/powernv/ioda: Skip unallocated resources when mapping to PE (bsc#1065729). * powerpc/pseries/lpar: add missing RTAS retry status handling (bsc#1109158 ltc#169177 git-fixes). * powerpc/pseries/lparcfg: add missing RTAS retry status handling (bsc#1065729). * powerpc/rtas: ensure 4KB alignment for rtas_data_buf (bsc#1065729). * powerpc/xics: fix refcount leak in icp_opal_init() (bsc#1065729). * ppc64le: HWPOISON_INJECT=m (bsc#1209572). * ring-buffer: remove obsolete comment for free_buffer_page() (git-fixes). * s390/vfio-ap: fix memory leak in vfio_ap device driver (git-fixes). * sbitmap: Avoid lockups when waker gets preempted (bsc#1209118). * scripts/osc_wrapper: Assign spec with *.spec file when building. * scripts/sequence-patch.sh: remove obsolete egrep Avoids a warning and prepares for ultimate removal - boo#1203092 * scsi: lpfc: Return DID_TRANSPORT_DISRUPTED instead of DID_REQUEUE (bsc#1199837). * scsi: qla2xxx: Synchronize the IOCB count to be in order (bsc#1209292 bsc#1209684 bsc#1209556). * timers/sched_clock: Prevent generic sched_clock wrap caused by tick_freeze() (git-fixes). * timers: Clear timer_base::must_forward_clk with (bsc#1207890) * tracing/hwlat: Replace sched_setaffinity with set_cpus_allowed_ptr (git- fixes). * tracing: Add NULL checks for buffer in ring_buffer_free_read_page() (git- fixes). * usb: chipidea: fix deadlock in ci_otg_del_timer (git-fixes). * usb: dwc3: exynos: Fix remove() function (git-fixes). * usb: dwc3: gadget: Stop processing more requests on IMI (git-fixes). * usb: misc: iowarrior: fix up header size for USB_DEVICE_ID_CODEMERCS_IOW100 (git-fixes). * usb: typec: altmodes/displayport: Fix probe pin assign check (git-fixes). * x86/PCI: Fix PCI IRQ routing table memory leak (git-fixes). * x86/apic: Add name to irq chip (bsc#1206010). * x86/apic: Deinline x2apic functions (bsc#1181001 jsc#ECO-3191). * x86/atomic: Fix smp_mb__{before,after}_atomic() (git-fixes). * x86/build: Add 'set -e' to mkcapflags.sh to delete broken capflags.c (git- fixes). * x86/ia32: Fix ia32_restore_sigcontext() AC leak (git-fixes). * x86/ioapic: Force affinity setup before startup (bsc#1193231). * x86/irq/64: Limit IST stack overflow check to #DB stack (git-fixes). * x86/mm: Remove in_nmi() warning from 64-bit implementation of vmalloc_fault() (git-fixes). * x86/paravirt: Fix callee-saved function ELF sizes (git-fixes). * x86/power: Fix 'nosmt' vs hibernation triple fault during resume (git- fixes). * x86/stacktrace: Prevent infinite loop in arch_stack_walk_user() (git-fixes). * x86/uaccess, signal: Fix AC=1 bloat (git-fixes). * x86/x2apic: Mark set_x2apic_phys_mode() as __init (bsc#1181001 jsc#ECO-3191). * x86/xen: Fix memory leak in xen_init_lock_cpu() (git-fixes). * x86/xen: Fix memory leak in xen_smp_intr_init{_pv}() (git-fixes). * xen-netfront: Fix NULL sring after live migration (git-fixes). * xen-netfront: Fix mismatched rtnl_unlock (git-fixes). * xen-netfront: Fix race between device setup and open (git-fixes). * xen-netfront: Update features after registering netdev (git-fixes). * xen-netfront: enable device after manual module load (git-fixes). * xen-netfront: fix potential deadlock in xennet_remove() (git-fixes). * xen-netfront: wait xenbus state change when load module manually (git- fixes). * xen/netfront: fix waiting for xenbus state change (git-fixes). * xen/netfront: stop tx queues during live migration (git-fixes). * xen/platform-pci: add missing free_irq() in error path (git-fixes). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-HA-12-SP5-2023-1803=1 SUSE-SLE- SERVER-12-SP5-2023-1803=1 * SUSE Linux Enterprise High Availability Extension 12 SP5 zypper in -t patch SUSE-SLE-HA-12-SP5-2023-1803=1 * SUSE Linux Enterprise Live Patching 12-SP5 zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2023-1803=1 * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-1803=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-1803=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-1803=1 * SUSE Linux Enterprise Workstation Extension 12 12-SP5 zypper in -t patch SUSE-SLE-WE-12-SP5-2023-1803=1 ## Package List: * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * kernel-default-devel-4.12.14-122.156.1 * kernel-syms-4.12.14-122.156.1 * kernel-default-debuginfo-4.12.14-122.156.1 * ocfs2-kmp-default-4.12.14-122.156.1 * kernel-default-debugsource-4.12.14-122.156.1 * cluster-md-kmp-default-debuginfo-4.12.14-122.156.1 * dlm-kmp-default-debuginfo-4.12.14-122.156.1 * ocfs2-kmp-default-debuginfo-4.12.14-122.156.1 * kernel-default-base-debuginfo-4.12.14-122.156.1 * gfs2-kmp-default-4.12.14-122.156.1 * cluster-md-kmp-default-4.12.14-122.156.1 * dlm-kmp-default-4.12.14-122.156.1 * gfs2-kmp-default-debuginfo-4.12.14-122.156.1 * kernel-default-base-4.12.14-122.156.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (nosrc ppc64le x86_64) * kernel-default-4.12.14-122.156.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (noarch) * kernel-devel-4.12.14-122.156.1 * kernel-macros-4.12.14-122.156.1 * kernel-source-4.12.14-122.156.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (x86_64) * kernel-default-devel-debuginfo-4.12.14-122.156.1 * SUSE Linux Enterprise High Availability Extension 12 SP5 (ppc64le s390x x86_64) * kernel-default-debuginfo-4.12.14-122.156.1 * ocfs2-kmp-default-4.12.14-122.156.1 * kernel-default-debugsource-4.12.14-122.156.1 * cluster-md-kmp-default-debuginfo-4.12.14-122.156.1 * dlm-kmp-default-debuginfo-4.12.14-122.156.1 * ocfs2-kmp-default-debuginfo-4.12.14-122.156.1 * gfs2-kmp-default-4.12.14-122.156.1 * cluster-md-kmp-default-4.12.14-122.156.1 * dlm-kmp-default-4.12.14-122.156.1 * gfs2-kmp-default-debuginfo-4.12.14-122.156.1 * SUSE Linux Enterprise High Availability Extension 12 SP5 (nosrc) * kernel-default-4.12.14-122.156.1 * SUSE Linux Enterprise Live Patching 12-SP5 (nosrc) * kernel-default-4.12.14-122.156.1 * SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64) * kernel-default-kgraft-4.12.14-122.156.1 * kernel-default-debuginfo-4.12.14-122.156.1 * kernel-default-debugsource-4.12.14-122.156.1 * kernel-default-kgraft-devel-4.12.14-122.156.1 * kgraft-patch-4_12_14-122_156-default-1-8.3.1 * SUSE Linux Enterprise Software Development Kit 12 SP5 (noarch nosrc) * kernel-docs-4.12.14-122.156.1 * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * kernel-obs-build-4.12.14-122.156.1 * kernel-obs-build-debugsource-4.12.14-122.156.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 nosrc x86_64) * kernel-default-4.12.14-122.156.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * kernel-default-devel-4.12.14-122.156.1 * kernel-syms-4.12.14-122.156.1 * kernel-default-debuginfo-4.12.14-122.156.1 * kernel-default-debugsource-4.12.14-122.156.1 * kernel-default-base-debuginfo-4.12.14-122.156.1 * kernel-default-base-4.12.14-122.156.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (noarch) * kernel-devel-4.12.14-122.156.1 * kernel-macros-4.12.14-122.156.1 * kernel-source-4.12.14-122.156.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (x86_64) * kernel-default-devel-debuginfo-4.12.14-122.156.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64 nosrc) * kernel-default-4.12.14-122.156.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * kernel-default-devel-4.12.14-122.156.1 * kernel-syms-4.12.14-122.156.1 * kernel-default-debuginfo-4.12.14-122.156.1 * kernel-default-debugsource-4.12.14-122.156.1 * kernel-default-base-debuginfo-4.12.14-122.156.1 * kernel-default-base-4.12.14-122.156.1 * SUSE Linux Enterprise Server 12 SP5 (noarch) * kernel-devel-4.12.14-122.156.1 * kernel-macros-4.12.14-122.156.1 * kernel-source-4.12.14-122.156.1 * SUSE Linux Enterprise Server 12 SP5 (s390x) * kernel-default-man-4.12.14-122.156.1 * SUSE Linux Enterprise Server 12 SP5 (x86_64) * kernel-default-devel-debuginfo-4.12.14-122.156.1 * SUSE Linux Enterprise Workstation Extension 12 12-SP5 (nosrc) * kernel-default-4.12.14-122.156.1 * SUSE Linux Enterprise Workstation Extension 12 12-SP5 (x86_64) * kernel-default-debugsource-4.12.14-122.156.1 * kernel-default-extra-debuginfo-4.12.14-122.156.1 * kernel-default-debuginfo-4.12.14-122.156.1 * kernel-default-extra-4.12.14-122.156.1 ## References: * https://www.suse.com/security/cve/CVE-2017-5753.html * https://www.suse.com/security/cve/CVE-2021-3923.html * https://www.suse.com/security/cve/CVE-2022-20567.html * https://www.suse.com/security/cve/CVE-2023-0590.html * https://www.suse.com/security/cve/CVE-2023-1076.html * https://www.suse.com/security/cve/CVE-2023-1095.html * https://www.suse.com/security/cve/CVE-2023-1281.html * https://www.suse.com/security/cve/CVE-2023-1390.html * https://www.suse.com/security/cve/CVE-2023-1513.html * https://www.suse.com/security/cve/CVE-2023-23454.html * https://www.suse.com/security/cve/CVE-2023-23455.html * https://www.suse.com/security/cve/CVE-2023-28328.html * https://www.suse.com/security/cve/CVE-2023-28464.html * https://www.suse.com/security/cve/CVE-2023-28772.html * https://bugzilla.suse.com/show_bug.cgi?id=1065729 * https://bugzilla.suse.com/show_bug.cgi?id=1076830 * https://bugzilla.suse.com/show_bug.cgi?id=1109158 * https://bugzilla.suse.com/show_bug.cgi?id=1181001 * https://bugzilla.suse.com/show_bug.cgi?id=1191924 * https://bugzilla.suse.com/show_bug.cgi?id=1193231 * https://bugzilla.suse.com/show_bug.cgi?id=1199837 * https://bugzilla.suse.com/show_bug.cgi?id=1203092 * https://bugzilla.suse.com/show_bug.cgi?id=1203693 * https://bugzilla.suse.com/show_bug.cgi?id=1206010 * https://bugzilla.suse.com/show_bug.cgi?id=1207001 * https://bugzilla.suse.com/show_bug.cgi?id=1207036 * https://bugzilla.suse.com/show_bug.cgi?id=1207125 * https://bugzilla.suse.com/show_bug.cgi?id=1207795 * https://bugzilla.suse.com/show_bug.cgi?id=1207890 * https://bugzilla.suse.com/show_bug.cgi?id=1208048 * https://bugzilla.suse.com/show_bug.cgi?id=1208179 * https://bugzilla.suse.com/show_bug.cgi?id=1208599 * https://bugzilla.suse.com/show_bug.cgi?id=1208777 * https://bugzilla.suse.com/show_bug.cgi?id=1208850 * https://bugzilla.suse.com/show_bug.cgi?id=1209008 * https://bugzilla.suse.com/show_bug.cgi?id=1209052 * https://bugzilla.suse.com/show_bug.cgi?id=1209118 * https://bugzilla.suse.com/show_bug.cgi?id=1209126 * https://bugzilla.suse.com/show_bug.cgi?id=1209256 * https://bugzilla.suse.com/show_bug.cgi?id=1209289 * https://bugzilla.suse.com/show_bug.cgi?id=1209291 * https://bugzilla.suse.com/show_bug.cgi?id=1209292 * https://bugzilla.suse.com/show_bug.cgi?id=1209532 * https://bugzilla.suse.com/show_bug.cgi?id=1209547 * https://bugzilla.suse.com/show_bug.cgi?id=1209549 * https://bugzilla.suse.com/show_bug.cgi?id=1209556 * https://bugzilla.suse.com/show_bug.cgi?id=1209572 * https://bugzilla.suse.com/show_bug.cgi?id=1209634 * https://bugzilla.suse.com/show_bug.cgi?id=1209684 * https://bugzilla.suse.com/show_bug.cgi?id=1209778 * https://bugzilla.suse.com/show_bug.cgi?id=1209798 * https://jira.suse.com/browse/ECO-3191 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Apr 10 12:31:20 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 10 Apr 2023 12:31:20 -0000 Subject: SUSE-SU-2023:1800-1: important: Security update for the Linux Kernel Message-ID: <168112988005.11649.3669086637493685148@smelt2.suse.de> # Security update for the Linux Kernel Announcement ID: SUSE-SU-2023:1800-1 Rating: important References: * #1207168 * #1207185 * #1207560 * #1208179 * #1208598 * #1208599 * #1208601 * #1208777 * #1208787 * #1208843 * #1209008 * #1209052 * #1209256 * #1209288 * #1209289 * #1209290 * #1209291 * #1209366 * #1209532 * #1209547 * #1209549 * #1209634 * #1209635 * #1209636 * #1209672 * #1209683 * #1209778 Cross-References: * CVE-2017-5753 * CVE-2021-3923 * CVE-2022-4744 * CVE-2023-0461 * CVE-2023-1075 * CVE-2023-1076 * CVE-2023-1078 * CVE-2023-1095 * CVE-2023-1281 * CVE-2023-1382 * CVE-2023-1390 * CVE-2023-1513 * CVE-2023-1582 * CVE-2023-23004 * CVE-2023-25012 * CVE-2023-28327 * CVE-2023-28328 * CVE-2023-28464 * CVE-2023-28466 * CVE-2023-28772 CVSS scores: * CVE-2017-5753 ( SUSE ): 7.1 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N * CVE-2017-5753 ( NVD ): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N * CVE-2017-5753 ( NVD ): 5.6 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N * CVE-2021-3923 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2021-3923 ( NVD ): 2.3 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N * CVE-2022-4744 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-4744 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-0461 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-0461 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1075 ( SUSE ): 2.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2023-1075 ( NVD ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2023-1076 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2023-1076 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N * CVE-2023-1078 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1078 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1095 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-1095 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-1281 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1281 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1382 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-1390 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-1390 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-1513 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2023-1513 ( NVD ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2023-23004 ( SUSE ): 4.0 CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H * CVE-2023-23004 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-25012 ( SUSE ): 6.8 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-25012 ( NVD ): 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-28327 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-28464 ( SUSE ): 4.8 CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-28464 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-28466 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-28466 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-28772 ( SUSE ): 3.0 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:L * CVE-2023-28772 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Enterprise Storage 7 * SUSE Linux Enterprise High Availability Extension 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Live Patching 15-SP2 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 Business Critical Linux 15-SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Manager Proxy 4.1 * SUSE Manager Retail Branch Server 4.1 * SUSE Manager Server 4.1 An update that solves 20 vulnerabilities and has seven fixes can now be installed. ## Description: The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: * CVE-2017-5753: Fixed spectre V1 vulnerability on netlink (bsc#1209547). * CVE-2017-5753: Fixed spectre vulnerability in prlimit (bsc#1209256). * CVE-2021-3923: Fixed stack information leak vulnerability that could lead to kernel protection bypass in infiniband RDMA (bsc#1209778). * CVE-2022-4744: Fixed double-free that could lead to DoS or privilege escalation in TUN/TAP device driver functionality (bsc#1209635). * CVE-2023-0461: Fixed use-after-free in icsk_ulp_data (bsc#1208787). * CVE-2023-1075: Fixed a type confusion in tls_is_tx_ready (bsc#1208598). * CVE-2023-1076: Fixed incorrect UID assigned to tun/tap sockets (bsc#1208599). * CVE-2023-1078: Fixed a heap out-of-bounds write in rds_rm_zerocopy_callback (bsc#1208601). * CVE-2023-1095: Fixed a NULL pointer dereference in nf_tables due to zeroed list head (bsc#1208777). * CVE-2023-1281: Fixed use after free that could lead to privilege escalation in tcindex (bsc#1209634). * CVE-2023-1382: Fixed denial of service in tipc_conn_close (bsc#1209288). * CVE-2023-1390: Fixed remote DoS vulnerability in tipc_link_xmit() (bsc#1209289). * CVE-2023-1513: Fixed an uninitialized portions of the kvm_debugregs structure that could be copied to userspace, causing an information leak (bsc#1209532). * CVE-2023-1582: Fixed soft lockup in __page_mapcount (bsc#1209636). * CVE-2023-23004: Fixed misinterpretation of get_sg_table return value (bsc#1208843). * CVE-2023-25012: Fixed a use-after-free in bigben_set_led() (bsc#1207560). * CVE-2023-28327: Fixed DoS in in_skb in unix_diag_get_exact() (bsc#1209290). * CVE-2023-28328: Fixed a denial of service issue in az6027 driver in drivers/media/usb/dev-usb/az6027.c (bsc#1209291). * CVE-2023-28464: Fixed user-after-free that could lead to privilege escalation in hci_conn_cleanup in net/bluetooth/hci_conn.c (bsc#1209052). * CVE-2023-28466: Fixed race condition that could lead to use-after-free or NULL pointer dereference in do_tls_getsockopt in net/tls/tls_main.c (bsc#1209366). * CVE-2023-28772: Fixed buffer overflow in seq_buf_putmem_hex in lib/seq_buf.c (bsc#1209549). The following non-security bugs were fixed: * Do not sign the vanilla kernel (bsc#1209008). * PCI: hv: Add a per-bus mutex state_lock (bsc#1207185). * PCI: hv: Fix a race condition in hv_irq_unmask() that can cause panic (bsc#1207185). * PCI: hv: Remove the useless hv_pcichild_state from struct hv_pci_dev (bsc#1207185). * PCI: hv: fix a race condition bug in hv_pci_query_relations() (bsc#1207185). * Revert "PCI: hv: Fix a timing issue which causes kdump to fail occasionally" (bsc#1209785). * ipv6: raw: Deduct extension header length in rawv6_push_pending_frames (bsc#1207168). * kernel-module-subpackage: Fix expansion with -b parameter (bsc#1208179). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP2 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2023-1800=1 * SUSE Linux Enterprise High Availability Extension 15 SP2 zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2023-1800=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-1800=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-1800=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-1800=1 * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-1800=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP2 (nosrc) * kernel-default-5.3.18-150200.24.148.1 * SUSE Linux Enterprise Live Patching 15-SP2 (ppc64le s390x x86_64) * kernel-default-debuginfo-5.3.18-150200.24.148.1 * kernel-livepatch-SLE15-SP2_Update_35-debugsource-1-150200.5.3.1 * kernel-livepatch-5_3_18-150200_24_148-default-1-150200.5.3.1 * kernel-default-debugsource-5.3.18-150200.24.148.1 * kernel-default-livepatch-devel-5.3.18-150200.24.148.1 * kernel-default-livepatch-5.3.18-150200.24.148.1 * kernel-livepatch-5_3_18-150200_24_148-default-debuginfo-1-150200.5.3.1 * SUSE Linux Enterprise High Availability Extension 15 SP2 (aarch64 ppc64le s390x x86_64) * kernel-default-debuginfo-5.3.18-150200.24.148.1 * dlm-kmp-default-5.3.18-150200.24.148.1 * gfs2-kmp-default-5.3.18-150200.24.148.1 * cluster-md-kmp-default-5.3.18-150200.24.148.1 * gfs2-kmp-default-debuginfo-5.3.18-150200.24.148.1 * kernel-default-debugsource-5.3.18-150200.24.148.1 * ocfs2-kmp-default-debuginfo-5.3.18-150200.24.148.1 * cluster-md-kmp-default-debuginfo-5.3.18-150200.24.148.1 * dlm-kmp-default-debuginfo-5.3.18-150200.24.148.1 * ocfs2-kmp-default-5.3.18-150200.24.148.1 * SUSE Linux Enterprise High Availability Extension 15 SP2 (nosrc) * kernel-default-5.3.18-150200.24.148.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 nosrc x86_64) * kernel-default-5.3.18-150200.24.148.1 * kernel-preempt-5.3.18-150200.24.148.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * kernel-default-debuginfo-5.3.18-150200.24.148.1 * kernel-preempt-debuginfo-5.3.18-150200.24.148.1 * kernel-preempt-debugsource-5.3.18-150200.24.148.1 * kernel-preempt-devel-debuginfo-5.3.18-150200.24.148.1 * kernel-default-debugsource-5.3.18-150200.24.148.1 * kernel-obs-build-debugsource-5.3.18-150200.24.148.1 * kernel-default-devel-debuginfo-5.3.18-150200.24.148.1 * kernel-obs-build-5.3.18-150200.24.148.1 * kernel-syms-5.3.18-150200.24.148.1 * kernel-preempt-devel-5.3.18-150200.24.148.1 * kernel-default-devel-5.3.18-150200.24.148.1 * kernel-default-base-5.3.18-150200.24.148.1.150200.9.71.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * kernel-macros-5.3.18-150200.24.148.1 * kernel-source-5.3.18-150200.24.148.1 * kernel-devel-5.3.18-150200.24.148.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch nosrc) * kernel-docs-5.3.18-150200.24.148.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64 nosrc) * kernel-default-5.3.18-150200.24.148.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * kernel-default-debuginfo-5.3.18-150200.24.148.1 * reiserfs-kmp-default-debuginfo-5.3.18-150200.24.148.1 * reiserfs-kmp-default-5.3.18-150200.24.148.1 * kernel-default-debugsource-5.3.18-150200.24.148.1 * kernel-obs-build-debugsource-5.3.18-150200.24.148.1 * kernel-default-devel-debuginfo-5.3.18-150200.24.148.1 * kernel-obs-build-5.3.18-150200.24.148.1 * kernel-syms-5.3.18-150200.24.148.1 * kernel-default-devel-5.3.18-150200.24.148.1 * kernel-default-base-5.3.18-150200.24.148.1.150200.9.71.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch) * kernel-macros-5.3.18-150200.24.148.1 * kernel-source-5.3.18-150200.24.148.1 * kernel-devel-5.3.18-150200.24.148.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch nosrc) * kernel-docs-5.3.18-150200.24.148.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 nosrc x86_64) * kernel-preempt-5.3.18-150200.24.148.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * kernel-preempt-devel-5.3.18-150200.24.148.1 * kernel-preempt-debuginfo-5.3.18-150200.24.148.1 * kernel-preempt-debugsource-5.3.18-150200.24.148.1 * kernel-preempt-devel-debuginfo-5.3.18-150200.24.148.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (nosrc ppc64le x86_64) * kernel-default-5.3.18-150200.24.148.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * kernel-default-debuginfo-5.3.18-150200.24.148.1 * reiserfs-kmp-default-debuginfo-5.3.18-150200.24.148.1 * reiserfs-kmp-default-5.3.18-150200.24.148.1 * kernel-default-debugsource-5.3.18-150200.24.148.1 * kernel-obs-build-debugsource-5.3.18-150200.24.148.1 * kernel-default-devel-debuginfo-5.3.18-150200.24.148.1 * kernel-obs-build-5.3.18-150200.24.148.1 * kernel-syms-5.3.18-150200.24.148.1 * kernel-default-devel-5.3.18-150200.24.148.1 * kernel-default-base-5.3.18-150200.24.148.1.150200.9.71.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch) * kernel-macros-5.3.18-150200.24.148.1 * kernel-source-5.3.18-150200.24.148.1 * kernel-devel-5.3.18-150200.24.148.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch nosrc) * kernel-docs-5.3.18-150200.24.148.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (nosrc x86_64) * kernel-preempt-5.3.18-150200.24.148.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (x86_64) * kernel-preempt-devel-5.3.18-150200.24.148.1 * kernel-preempt-debuginfo-5.3.18-150200.24.148.1 * kernel-preempt-debugsource-5.3.18-150200.24.148.1 * kernel-preempt-devel-debuginfo-5.3.18-150200.24.148.1 * SUSE Enterprise Storage 7 (aarch64 nosrc x86_64) * kernel-default-5.3.18-150200.24.148.1 * kernel-preempt-5.3.18-150200.24.148.1 * SUSE Enterprise Storage 7 (aarch64 x86_64) * kernel-default-debuginfo-5.3.18-150200.24.148.1 * kernel-preempt-debuginfo-5.3.18-150200.24.148.1 * kernel-preempt-debugsource-5.3.18-150200.24.148.1 * reiserfs-kmp-default-debuginfo-5.3.18-150200.24.148.1 * reiserfs-kmp-default-5.3.18-150200.24.148.1 * kernel-preempt-devel-debuginfo-5.3.18-150200.24.148.1 * kernel-default-debugsource-5.3.18-150200.24.148.1 * kernel-obs-build-debugsource-5.3.18-150200.24.148.1 * kernel-default-devel-debuginfo-5.3.18-150200.24.148.1 * kernel-obs-build-5.3.18-150200.24.148.1 * kernel-syms-5.3.18-150200.24.148.1 * kernel-preempt-devel-5.3.18-150200.24.148.1 * kernel-default-devel-5.3.18-150200.24.148.1 * kernel-default-base-5.3.18-150200.24.148.1.150200.9.71.1 * SUSE Enterprise Storage 7 (noarch) * kernel-macros-5.3.18-150200.24.148.1 * kernel-source-5.3.18-150200.24.148.1 * kernel-devel-5.3.18-150200.24.148.1 * SUSE Enterprise Storage 7 (noarch nosrc) * kernel-docs-5.3.18-150200.24.148.1 ## References: * https://www.suse.com/security/cve/CVE-2017-5753.html * https://www.suse.com/security/cve/CVE-2021-3923.html * https://www.suse.com/security/cve/CVE-2022-4744.html * https://www.suse.com/security/cve/CVE-2023-0461.html * https://www.suse.com/security/cve/CVE-2023-1075.html * https://www.suse.com/security/cve/CVE-2023-1076.html * https://www.suse.com/security/cve/CVE-2023-1078.html * https://www.suse.com/security/cve/CVE-2023-1095.html * https://www.suse.com/security/cve/CVE-2023-1281.html * https://www.suse.com/security/cve/CVE-2023-1382.html * https://www.suse.com/security/cve/CVE-2023-1390.html * https://www.suse.com/security/cve/CVE-2023-1513.html * https://www.suse.com/security/cve/CVE-2023-1582.html * https://www.suse.com/security/cve/CVE-2023-23004.html * https://www.suse.com/security/cve/CVE-2023-25012.html * https://www.suse.com/security/cve/CVE-2023-28327.html * https://www.suse.com/security/cve/CVE-2023-28328.html * https://www.suse.com/security/cve/CVE-2023-28464.html * https://www.suse.com/security/cve/CVE-2023-28466.html * https://www.suse.com/security/cve/CVE-2023-28772.html * https://bugzilla.suse.com/show_bug.cgi?id=1207168 * https://bugzilla.suse.com/show_bug.cgi?id=1207185 * https://bugzilla.suse.com/show_bug.cgi?id=1207560 * https://bugzilla.suse.com/show_bug.cgi?id=1208179 * https://bugzilla.suse.com/show_bug.cgi?id=1208598 * https://bugzilla.suse.com/show_bug.cgi?id=1208599 * https://bugzilla.suse.com/show_bug.cgi?id=1208601 * https://bugzilla.suse.com/show_bug.cgi?id=1208777 * https://bugzilla.suse.com/show_bug.cgi?id=1208787 * https://bugzilla.suse.com/show_bug.cgi?id=1208843 * https://bugzilla.suse.com/show_bug.cgi?id=1209008 * https://bugzilla.suse.com/show_bug.cgi?id=1209052 * https://bugzilla.suse.com/show_bug.cgi?id=1209256 * https://bugzilla.suse.com/show_bug.cgi?id=1209288 * https://bugzilla.suse.com/show_bug.cgi?id=1209289 * https://bugzilla.suse.com/show_bug.cgi?id=1209290 * https://bugzilla.suse.com/show_bug.cgi?id=1209291 * https://bugzilla.suse.com/show_bug.cgi?id=1209366 * https://bugzilla.suse.com/show_bug.cgi?id=1209532 * https://bugzilla.suse.com/show_bug.cgi?id=1209547 * https://bugzilla.suse.com/show_bug.cgi?id=1209549 * https://bugzilla.suse.com/show_bug.cgi?id=1209634 * https://bugzilla.suse.com/show_bug.cgi?id=1209635 * https://bugzilla.suse.com/show_bug.cgi?id=1209636 * https://bugzilla.suse.com/show_bug.cgi?id=1209672 * https://bugzilla.suse.com/show_bug.cgi?id=1209683 * https://bugzilla.suse.com/show_bug.cgi?id=1209778 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Apr 10 12:31:54 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 10 Apr 2023 12:31:54 -0000 Subject: SUSE-SU-2023:1802-1: important: Security update for the Linux Kernel Message-ID: <168112991430.11649.14517543195515207527@smelt2.suse.de> # Security update for the Linux Kernel Announcement ID: SUSE-SU-2023:1802-1 Rating: important References: * #1065729 * #1109158 * #1189998 * #1193629 * #1194869 * #1198400 * #1203200 * #1206552 * #1207168 * #1207185 * #1207574 * #1208602 * #1208815 * #1208902 * #1209052 * #1209118 * #1209256 * #1209290 * #1209292 * #1209366 * #1209532 * #1209547 * #1209556 * #1209600 * #1209634 * #1209635 * #1209636 * #1209681 * #1209684 * #1209779 * #1209788 * #1209798 * #1209799 * #1209804 * #1209805 * #1210050 Cross-References: * CVE-2017-5753 * CVE-2022-4744 * CVE-2023-0394 * CVE-2023-1281 * CVE-2023-1513 * CVE-2023-1582 * CVE-2023-1637 * CVE-2023-1652 * CVE-2023-28327 * CVE-2023-28464 * CVE-2023-28466 CVSS scores: * CVE-2017-5753 ( SUSE ): 7.1 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N * CVE-2017-5753 ( NVD ): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N * CVE-2017-5753 ( NVD ): 5.6 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N * CVE-2022-4744 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-4744 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-0394 ( SUSE ): 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-0394 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-1281 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1281 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1513 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2023-1513 ( NVD ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2023-1637 ( SUSE ): 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L * CVE-2023-1637 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2023-1652 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1652 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2023-28327 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-28464 ( SUSE ): 4.8 CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-28464 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-28466 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-28466 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.4 * Public Cloud Module 15-SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves 11 vulnerabilities and has 25 fixes can now be installed. ## Description: The SUSE Linux Enterprise 15 SP4 Azure kernel was updated to receive various security and bugfixes. The following security bugs were fixed: * CVE-2017-5753: Fixed spectre V1 vulnerability on netlink (bsc#1209547). * CVE-2017-5753: Fixed spectre vulnerability in prlimit (bsc#1209256). * CVE-2022-4744: Fixed double-free that could lead to DoS or privilege escalation in TUN/TAP device driver functionality (bsc#1209635). * CVE-2023-0394: Fixed NULL pointer dereference that could lead to a system crash in rawv6_push_pending_frames in net/ipv6/raw.c (bsc#1207168). * CVE-2023-1281: Fixed use after free that could lead to privilege escalation in tcindex (bsc#1209634). * CVE-2023-1513: Fixed an uninitialized portions of the kvm_debugregs structure that could be copied to userspace, causing an information leak (bsc#1209532). * CVE-2023-1582: Fixed soft lockup in __page_mapcount (bsc#1209636). * CVE-2023-1637: Fixed vulnerability that could lead to unauthorized access to CPU memory after resuming CPU from suspend-to-RAM (bsc#1209779). * CVE-2023-1652: Fixed use-after-free that could lead to DoS and information leak in nfsd4_ssc_setup_dul in fs/nfsd/nfs4proc.c (bsc#1209788). * CVE-2023-28327: Fixed DoS in in_skb in unix_diag_get_exact() (bsc#1209290). * CVE-2023-28464: Fixed user-after-free that could lead to privilege escalation in hci_conn_cleanup in net/bluetooth/hci_conn.c (bsc#1209052). * CVE-2023-28466: Fixed race condition that could lead to use-after-free or NULL pointer dereference in do_tls_getsockopt in net/tls/tls_main.c (bsc#1209366). The following non-security bugs were fixed: * ACPI: x86: utils: Add Cezanne to the list for forcing StorageD3Enable (git- fixes). * ALSA: hda/conexant: Partial revert of a quirk for Lenovo (git-fixes). * ALSA: hda/realtek: Add quirk for Lenovo ZhaoYang CF4620Z (git-fixes). * ALSA: hda/realtek: Add quirks for some Clevo laptops (git-fixes). * ALSA: hda/realtek: Fix support for Dell Precision 3260 (git-fixes). * ALSA: hda/realtek: Fix the speaker output on Samsung Galaxy Book2 Pro (git- fixes). * ALSA: hda: intel-dsp-config: add MTL PCI id (git-fixes). * ALSA: usb-audio: Fix recursive locking at XRUN during syncing (git-fixes). * ALSA: usb-audio: Fix regression on detection of Roland VS-100 (git-fixes). * ALSA: ymfpci: Fix BUG_ON in probe function (git-fixes). * ARM: dts: imx6sl: tolino-shine2hd: fix usbotg1 pinctrl (git-fixes). * ARM: dts: imx6sll: e60k02: fix usbotg1 pinctrl (git-fixes). * Bluetooth: L2CAP: Fix responding with wrong PDU type (git-fixes). * Bluetooth: btqcomsmd: Fix command timeout after setting BD address (git- fixes). * Bluetooth: btsdio: fix use after free bug in btsdio_remove due to unfinished work (git-fixes). * Fix error path in pci-hyperv to unlock the mutex state_lock * HID: cp2112: Fix driver not registering GPIO IRQ chip as threaded (git- fixes). * HID: intel-ish-hid: ipc: Fix potential use-after-free in work function (git- fixes). * Input: alps - fix compatibility with -funsigned-char (bsc#1209805). * KVM: x86: fix sending PV IPI (git-fixes). * Makefile: link with -z noexecstack --no-warn-rwx-segments (bsc#1203200). * NFSv4: Fix hangs when recovering open state after a server reboot (git- fixes). * PCI/DPC: Await readiness of secondary bus after reset (git-fixes). * PCI: hv: Add a per-bus mutex state_lock (bsc#1207185). * PCI: hv: Fix a race condition in hv_irq_unmask() that can cause panic (bsc#1207185). * PCI: hv: Remove the useless hv_pcichild_state from struct hv_pci_dev (bsc#1207185). * PCI: hv: Use async probing to reduce boot time (bsc#1207185). * PCI: hv: fix a race condition bug in hv_pci_query_relations() (bsc#1207185). * Revert "Makefile: link with -z noexecstack --no-warn-rwx-segments" (bsc#1209798) * Revert "PCI: hv: Fix a timing issue which causes kdump to fail occasionally" (bsc#1207185). * Revert "Revert "Makefile: link with -z noexecstack --no-warn-rwx-segments" (bsc#1209798)" * Revert "Revert "x86: link vdso and boot with -z noexecstack" (bsc#1209798) * Revert "x86: link vdso and boot with -z noexecstack" (bsc#1209798) * USB: cdns3: Fix issue with using incorrect PCI device function (git-fixes). * USB: cdnsp: Fixes issue with redundant Status Stage (git-fixes). * USB: cdnsp: changes PCI Device ID to fix conflict with CNDS3 driver (git- fixes). * USB: chipdea: core: fix return -EINVAL if request role is the same with current role (git-fixes). * USB: chipidea: fix memory leak with using debugfs_lookup() (git-fixes). * USB: dwc2: fix a devres leak in hw_enable upon suspend resume (git-fixes). * USB: dwc3: Fix a typo in field name (git-fixes). * USB: dwc3: gadget: Add 1ms delay after end transfer command without IOC (git-fixes). * USB: fotg210: fix memory leak with using debugfs_lookup() (git-fixes). * USB: gadget: bcm63xx_udc: fix memory leak with using debugfs_lookup() (git- fixes). * USB: gadget: gr_udc: fix memory leak with using debugfs_lookup() (git- fixes). * USB: gadget: lpc32xx_udc: fix memory leak with using debugfs_lookup() (git- fixes). * USB: gadget: pxa25x_udc: fix memory leak with using debugfs_lookup() (git- fixes). * USB: gadget: u_audio: do not let userspace block driver unbind (git-fixes). * USB: isp116x: fix memory leak with using debugfs_lookup() (git-fixes). * USB: isp1362: fix memory leak with using debugfs_lookup() (git-fixes). * USB: sl811: fix memory leak with using debugfs_lookup() (git-fixes). * USB: typec: tcpm: fix warning when handle discover_identity message (git- fixes). * USB: ucsi: Fix NULL pointer deref in ucsi_connector_change() (git-fixes). * USB: uhci: fix memory leak with using debugfs_lookup() (git-fixes). * arch: fix broken BuildID for arm64 and riscv (bsc#1209798). * arm64/cpufeature: Fix field sign for DIT hwcap detection (git-fixes) * arm64: dts: freescale: Fix pca954x i2c-mux node names (git-fixes) * arm64: dts: imx8mm-nitrogen-r2: fix WM8960 clock name (git-fixes). * arm64: dts: imx8mn: specify #sound-dai-cells for SAI nodes (git-fixes). * arm64: dts: imx8mp-phycore-som: Remove invalid PMIC property (git-fixes) * arm64: dts: imx8mp: correct usb clocks (git-fixes) * arm64: dts: imx8mq: add mipi csi phy and csi bridge descriptions (git-fixes) * arm64: dts: imx8mq: fix mipi_csi bidirectional port numbers (git-fixes) * arm64: dts: qcom: sm8350: Mark UFS controller as cache coherent (git-fixes). * atm: idt77252: fix kmemleak when rmmod idt77252 (git-fixes). * ca8210: Fix unsigned mac_len comparison with zero in ca8210_skb_tx() (git- fixes). * ca8210: fix mac_len negative array access (git-fixes). * can: bcm: bcm_tx_setup(): fix KMSAN uninit-value in vfs_write (git-fixes). * cifs: Fix smb2_set_path_size() (git-fixes). * cifs: Move the in_send statistic to __smb_send_rqst() (git-fixes). * cifs: append path to open_enter trace event (bsc#1193629). * cifs: avoid race conditions with parallel reconnects (bsc#1193629). * cifs: avoid races in parallel reconnects in smb1 (bsc#1193629). * cifs: check only tcon status on tcon related functions (bsc#1193629). * cifs: do not poll server interfaces too regularly (bsc#1193629). * cifs: dump pending mids for all channels in DebugData (bsc#1193629). * cifs: empty interface list when server does not support query interfaces (bsc#1193629). * cifs: fix DFS traversal oops without CONFIG_CIFS_DFS_UPCALL (bsc#1193629). * cifs: fix dentry lookups in directory handle cache (bsc#1193629). * cifs: fix missing unload_nls() in smb2_reconnect() (bsc#1193629). * cifs: fix use-after-free bug in refresh_cache_worker() (bsc#1193629). * cifs: generate signkey for the channel that's reconnecting (bsc#1193629). * cifs: get rid of dead check in smb2_reconnect() (bsc#1193629). * cifs: lock chan_lock outside match_session (bsc#1193629). * cifs: prevent infinite recursion in CIFSGetDFSRefer() (bsc#1193629). * cifs: print session id while listing open files (bsc#1193629). * cifs: return DFS root session id in DebugData (bsc#1193629). * cifs: set DFS root session in cifs_get_smb_ses() (bsc#1193629). * cifs: use DFS root session instead of tcon ses (bsc#1193629). * drivers/base: Fix unsigned comparison to -1 in CPUMAP_FILE_MAX_BYTES (bsc#1208815). * drivers/base: fix userspace break from using bin_attributes for cpumap and cpulist (bsc#1208815). * drm/amd/display: fix shift-out-of-bounds in CalculateVMAndRowBytes (git- fixes). * drm/amdkfd: Fix an illegal memory access (git-fixes). * drm/bridge: lt8912b: return EPROBE_DEFER if bridge is not found (git-fixes). * drm/i915/active: Fix missing debug object activation (git-fixes). * drm/i915/active: Fix misuse of non-idle barriers as fence trackers (git- fixes). * drm/i915/display/psr: Handle plane and pipe restrictions at every page flip (git-fixes). * drm/i915/display/psr: Use drm damage helpers to calculate plane damaged area (git-fixes). * drm/i915/display: Workaround cursor left overs with PSR2 selective fetch enabled (git-fixes). * drm/i915/display: clean up comments (git-fixes). * drm/i915/gt: perform uc late init after probe error injection (git-fixes). * drm/i915/psr: Use calculated io and fast wake lines (git-fixes). * drm/i915/tc: Fix the ICL PHY ownership check in TC-cold state (git-fixes). * drm/i915: Do not use BAR mappings for ring buffers with LLC (git-fixes). * drm/i915: Do not use stolen memory for ring buffers with LLC (git-fixes). * drm/i915: Preserve crtc_state->inherited during state clearing (git-fixes). * drm/i915: Remove unused bits of i915_vma/active api (git-fixes). * efi: sysfb_efi: Fix DMI quirks not working for simpledrm (git-fixes). * fbdev: stifb: Provide valid pixelclock and add fb_check_var() checks (git- fixes). * firmware: arm_scmi: Fix device node validation for mailbox transport (git- fixes). * hwmon: fix potential sensor registration fail if of_node is missing (git- fixes). * i2c: hisi: Only use the completion interrupt to finish the transfer (git- fixes). * i2c: imx-lpi2c: check only for enabled interrupt flags (git-fixes). * i2c: xgene-slimpro: Fix out-of-bounds bug in xgene_slimpro_i2c_xfer() (git- fixes). * kABI: x86/msr: Remove .fixup usage (kabi). * kconfig: Update config changed flag before calling callback (git-fixes). * lan78xx: Add missing return code checks (git-fixes). * lan78xx: Fix exception on link speed change (git-fixes). * lan78xx: Fix memory allocation bug (git-fixes). * lan78xx: Fix partial packet errors on suspend/resume (git-fixes). * lan78xx: Fix race condition in disconnect handling (git-fixes). * lan78xx: Fix race conditions in suspend/resume handling (git-fixes). * lan78xx: Fix white space and style issues (git-fixes). * lan78xx: Remove unused pause frame queue (git-fixes). * lan78xx: Remove unused timer (git-fixes). * lan78xx: Set flow control threshold to prevent packet loss (git-fixes). * lockd: set file_lock start and end when decoding nlm4 testargs (git-fixes). * locking/rwbase: Mitigate indefinite writer starvation (bsc#1189998 (PREEMPT_RT prerequisite backports), bsc#1206552). * mm: memcg: fix swapcached stat accounting (bsc#1209804). * mmc: atmel-mci: fix race between stop command and start of next command (git-fixes). * mtd: rawnand: meson: invalidate cache on polling ECC bit (git-fixes). * net: asix: fix modprobe "sysfs: cannot create duplicate filename" (git- fixes). * net: mdio: thunder: Add missing fwnode_handle_put() (git-fixes). * net: phy: Ensure state transitions are processed from phy_stop() (git- fixes). * net: phy: dp83869: fix default value for tx-/rx-internal-delay (git-fixes). * net: phy: nxp-c45-tja11xx: fix MII_BASIC_CONFIG_REV bit (git-fixes). * net: phy: smsc: bail out in lan87xx_read_status if genphy_read_status fails (git-fixes). * net: qcom/emac: Fix use after free bug in emac_remove due to race condition (git-fixes). * net: usb: asix: remove redundant assignment to variable reg (git-fixes). * net: usb: cdc_mbim: avoid altsetting toggling for Telit FE990 (git-fixes). * net: usb: lan78xx: Limit packet length to skb->len (git-fixes). * net: usb: qmi_wwan: add Telit 0x1080 composition (git-fixes). * net: usb: smsc95xx: Limit packet length to skb->len (git-fixes). * net: usb: use eth_hw_addr_set() (git-fixes). * nilfs2: fix kernel-infoleak in nilfs_ioctl_wrap_copy() (git-fixes). * nvme-tcp: always fail a request when sending it failed (bsc#1208902). * pinctrl: amd: Disable and mask interrupts on resume (git-fixes). * pinctrl: at91-pio4: fix domain name assignment (git-fixes). * pinctrl: ocelot: Fix alt mode for ocelot (git-fixes). * platform/chrome: cros_ec_chardev: fix kernel data leak from ioctl (git- fixes). * platform/x86/intel/pmc: Alder Lake PCH slp_s0_residency fix (git-fixes). * platform/x86: think-lmi: Add possible_values for ThinkStation (git-fixes). * platform/x86: think-lmi: Certificate authentication support (bsc#1210050). * platform/x86: think-lmi: Move kobject_init() call into tlmi_create_auth() (bsc#1210050). * platform/x86: think-lmi: Opcode support (bsc#1210050). * platform/x86: think-lmi: Prevent underflow in index_store() (bsc#1210050). * platform/x86: think-lmi: Simplify tlmi_analyze() error handling a bit (bsc#1210050). * platform/x86: think-lmi: Use min_t() for comparison and assignment (bsc#1210050). * platform/x86: think-lmi: add debug_cmd (bsc#1210050). * platform/x86: think-lmi: add missing type attribute (git-fixes). * platform/x86: think-lmi: certificate support clean ups (bsc#1210050). * platform/x86: think-lmi: only display possible_values if available (git- fixes). * platform/x86: think-lmi: use correct possible_values delimiters (git-fixes). * platform/x86: thinkpad-acpi: Add support for automatic mode transitions (bsc#1210050). * platform/x86: thinkpad-acpi: Enable AMT by default on supported systems (bsc#1210050). * platform/x86: thinkpad-acpi: profile capabilities as integer (bsc#1210050). * platform/x86: thinkpad_acpi: Accept ibm_init_struct.init() returning -ENODEV (bsc#1210050). * platform/x86: thinkpad_acpi: Add LED_RETAIN_AT_SHUTDOWN to led_class_devs (bsc#1210050). * platform/x86: thinkpad_acpi: Add PSC mode support (bsc#1210050). * platform/x86: thinkpad_acpi: Add a s2idle resume quirk for a number of laptops (bsc#1210050). * platform/x86: thinkpad_acpi: Add dual fan probe (bsc#1210050). * platform/x86: thinkpad_acpi: Add dual-fan quirk for T15g (2nd gen) (bsc#1210050). * platform/x86: thinkpad_acpi: Add hotkey_notify_extended_hotkey() helper (bsc#1210050). * platform/x86: thinkpad_acpi: Add lid_logo_dot to the list of safe LEDs (bsc#1210050). * platform/x86: thinkpad_acpi: Add quirk for ThinkPads without a fan (bsc#1210050). * platform/x86: thinkpad_acpi: Cleanup dytc_profile_available (bsc#1210050). * platform/x86: thinkpad_acpi: Convert btusb DMI list to quirks (bsc#1210050). * platform/x86: thinkpad_acpi: Convert platform driver to use dev_groups (bsc#1210050). * platform/x86: thinkpad_acpi: Correct dual fan probe (bsc#1210050). * platform/x86: thinkpad_acpi: Do not use test_bit on an integer (bsc#1210050). * platform/x86: thinkpad_acpi: Enable s2idle quirk for 21A1 machine type (bsc#1210050). * platform/x86: thinkpad_acpi: Explicitly set to balanced mode on startup (bsc#1210050). * platform/x86: thinkpad_acpi: Fix a memory leak of EFCH MMIO resource (bsc#1210050). * platform/x86: thinkpad_acpi: Fix coccinelle warnings (bsc#1210050). * platform/x86: thinkpad_acpi: Fix compiler warning about uninitialized err variable (bsc#1210050). * platform/x86: thinkpad_acpi: Fix incorrect use of platform profile on AMD platforms (bsc#1210050). * platform/x86: thinkpad_acpi: Fix max_brightness of thinklight (bsc#1210050). * platform/x86: thinkpad_acpi: Fix profile mode display in AMT mode (bsc#1210050). * platform/x86: thinkpad_acpi: Fix profile modes on Intel platforms (bsc#1210050). * platform/x86: thinkpad_acpi: Fix reporting a non present second fan on some models (bsc#1210050). * platform/x86: thinkpad_acpi: Fix the hwmon sysfs-attr showing up in the wrong place (bsc#1210050). * platform/x86: thinkpad_acpi: Fix thermal_temp_input_attr sorting (bsc#1210050). * platform/x86: thinkpad_acpi: Fix thinklight LED brightness returning 255 (bsc#1210050). * platform/x86: thinkpad_acpi: Get privacy-screen / lcdshadow ACPI handles only once (bsc#1210050). * platform/x86: thinkpad_acpi: Make *_init() functions return -ENODEV instead of 1 (bsc#1210050). * platform/x86: thinkpad_acpi: Properly indent code in tpacpi_dytc_profile_init() (bsc#1210050). * platform/x86: thinkpad_acpi: Register tpacpi_pdriver after subdriver init (bsc#1210050). * platform/x86: thinkpad_acpi: Remove "goto err_exit" from hotkey_init() (bsc#1210050). * platform/x86: thinkpad_acpi: Remove unused sensors_pdev_attrs_registered flag (bsc#1210050). * platform/x86: thinkpad_acpi: Restore missing hotkey_tablet_mode and hotkey_radio_sw sysfs-attr (bsc#1210050). * platform/x86: thinkpad_acpi: Simplify dytc_version handling (bsc#1210050). * platform/x86: thinkpad_acpi: Switch to common use of attributes (bsc#1210050). * platform/x86: thinkpad_acpi: Use backlight helper (bsc#1210050). * platform/x86: thinkpad_acpi: clean up dytc profile convert (bsc#1210050). * platform/x86: thinkpad_acpi: consistently check fan_get_status return (bsc#1210050). * platform/x86: thinkpad_acpi: do not use PSC mode on Intel platforms (bsc#1210050). * platform/x86: thinkpad_acpi: tpacpi_attr_group contains driver attributes not device attrs (bsc#1210050). * platform/x86: thinkpad_acpi: use strstarts() (bsc#1210050). * power: supply: da9150: Fix use after free bug in da9150_charger_remove due to race condition (git-fixes). * powerpc/64s/interrupt: Fix interrupt exit race with security mitigation switch (bsc#1194869). * powerpc/btext: add missing of_node_put (bsc#1065729). * powerpc/ioda/iommu/debugfs: Generate unique debugfs entries (bsc#1194869). * powerpc/iommu: Add missing of_node_put in iommu_init_early_dart (bsc#1194869). * powerpc/iommu: fix memory leak with using debugfs_lookup() (bsc#1194869). * powerpc/kcsan: Exclude udelay to prevent recursive instrumentation (bsc#1194869). * powerpc/kexec_file: fix implicit decl error (bsc#1194869). * powerpc/powernv/ioda: Skip unallocated resources when mapping to PE (bsc#1065729). * powerpc/powernv: fix missing of_node_put in uv_init() (bsc#1194869). * powerpc/pseries/lpar: add missing RTAS retry status handling (bsc#1109158 ltc#169177 git-fixes). * powerpc/pseries/lparcfg: add missing RTAS retry status handling (bsc#1065729). * powerpc/rtas: ensure 4KB alignment for rtas_data_buf (bsc#1065729). * powerpc/vmlinux.lds: Define RUNTIME_DISCARD_EXIT (bsc#1194869). * powerpc/vmlinux.lds: Do not discard .comment (bsc#1194869). * powerpc/vmlinux.lds: Do not discard .rela* for relocatable builds (bsc#1194869). * powerpc/xmon: Fix -Wswitch-unreachable warning in bpt_cmds (bsc#1194869). * powerpc: Remove linker flag from KBUILD_AFLAGS (bsc#1194869). * r8169: fix RTL8168H and RTL8107E rx crc error (git-fixes). * regulator: Handle deferred clk (git-fixes). * remove "PCI: hv: Use async probing to reduce boot time" (bsc#1207185). * rpm/config.sh: Disable DT build. This setting has been ignored for non- default variants so far. * rpm/constraints.in: increase the disk size for armv6/7 to 24GB It grows and the build fails recently on SLE15-SP4/5. * s390/boot: simplify and fix kernel memory layout setup (bsc#1209600). * s390/dasd: fix no record found for raw_track_access (bsc#1207574). * s390/vfio-ap: fix memory leak in vfio_ap device driver (git-fixes). * sbitmap: Avoid lockups when waker gets preempted (bsc#1209118). * sched/psi: Fix use-after-free in ep_remove_wait_queue() (bsc#1209799). * scsi: qla2xxx: Synchronize the IOCB count to be in order (bsc#1209292 bsc#1209684 bsc#1209556). * sctp: sctp_sock_filter(): avoid list_entry() on possibly empty list (bsc#1208602, git-fixes). * serial: 8250: ASPEED_VUART: select REGMAP instead of depending on it (git- fixes). * serial: 8250: SERIAL_8250_ASPEED_VUART should depend on ARCH_ASPEED (git- fixes). * serial: fsl_lpuart: Fix comment typo (git-fixes). * smb3: fix unusable share after force unmount failure (bsc#1193629). * smb3: lower default deferred close timeout to address perf regression (bsc#1193629). * thunderbolt: Add missing UNSET_INBOUND_SBTX for retimer access (git-fixes). * thunderbolt: Call tb_check_quirks() after initializing adapters (git-fixes). * thunderbolt: Disable interrupt auto clear for rings (git-fixes). * thunderbolt: Rename shadowed variables bit to interrupt_bit and auto_clear_bit (git-fixes). * thunderbolt: Use const qualifier for `ring_interrupt_index` (git-fixes). * thunderbolt: Use scale field when allocating USB3 bandwidth (git-fixes). * tty: serial: fsl_lpuart: skip waiting for transmission complete when UARTCTRL_SBK is asserted (git-fixes). * uas: Add US_FL_NO_REPORT_OPCODES for JMicron JMS583Gen 2 (git-fixes). * vdpa_sim: set last_used_idx as last_avail_idx in vdpasim_queue_ready (git- fixes). * wifi: mac80211: fix qos on mesh interfaces (git-fixes). * x86/bug: Merge annotate_reachable() into _BUG_FLAGS() asm (git-fixes). * x86/fpu/xsave: Handle compacted offsets correctly with supervisor states (git-fixes). * x86/fpu/xstate: Fix the ARCH_REQ_XCOMP_PERM implementation (git-fixes). * x86/fpu/xstate: Fix the ARCH_REQ_XCOMP_PERM implementation (git-fixes). * x86/fpu: Cache xfeature flags from CPUID (git-fixes). * x86/fpu: Remove unused supervisor only offsets (git-fixes). * x86/kvm: Do not use pv tlb/ipi/sched_yield if on 1 vCPU (git-fixes). * x86/mce/inject: Avoid out-of-bounds write when setting flags (git-fixes). * x86/mce: Allow instrumentation during task work queueing (git-fixes). * x86/mce: Mark mce_end() noinstr (git-fixes). * x86/mce: Mark mce_panic() noinstr (git-fixes). * x86/mce: Mark mce_read_aux() noinstr (git-fixes). * x86/mm: Flush global TLB when switching to trampoline page-table (git- fixes). * x86/msr: Remove .fixup usage (git-fixes). * x86/sgx: Free backing memory after faulting the enclave page (git-fixes). * x86/sgx: Silence softlockup detection when releasing large enclaves (git- fixes). * x86/uaccess: Move variable into switch case statement (git-fixes). * x86: Annotate call_on_stack() (git-fixes). * x86: link vdso and boot with -z noexecstack --no-warn-rwx-segments (bsc#1203200). * xfs: convert ptag flags to unsigned (git-fixes). * xfs: do not assert fail on perag references on teardown (git-fixes). * xfs: do not leak btree cursor when insrec fails after a split (git-fixes). * xfs: pass the correct cursor to xfs_iomap_prealloc_size (git-fixes). * xfs: remove xfs_setattr_time() declaration (git-fixes). * xfs: zero inode fork buffer at allocation (git-fixes). * xirc2ps_cs: Fix use after free bug in xirc2ps_detach (git-fixes). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-1802=1 * Public Cloud Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2023-1802=1 ## Package List: * openSUSE Leap 15.4 (aarch64 x86_64) * ocfs2-kmp-azure-5.14.21-150400.14.43.1 * kselftests-kmp-azure-5.14.21-150400.14.43.1 * kernel-azure-optional-debuginfo-5.14.21-150400.14.43.1 * dlm-kmp-azure-5.14.21-150400.14.43.1 * kernel-azure-debugsource-5.14.21-150400.14.43.1 * kernel-azure-devel-5.14.21-150400.14.43.1 * kernel-azure-livepatch-devel-5.14.21-150400.14.43.1 * ocfs2-kmp-azure-debuginfo-5.14.21-150400.14.43.1 * reiserfs-kmp-azure-5.14.21-150400.14.43.1 * kernel-azure-devel-debuginfo-5.14.21-150400.14.43.1 * cluster-md-kmp-azure-debuginfo-5.14.21-150400.14.43.1 * kernel-azure-extra-debuginfo-5.14.21-150400.14.43.1 * kernel-azure-extra-5.14.21-150400.14.43.1 * kselftests-kmp-azure-debuginfo-5.14.21-150400.14.43.1 * kernel-azure-debuginfo-5.14.21-150400.14.43.1 * kernel-syms-azure-5.14.21-150400.14.43.1 * reiserfs-kmp-azure-debuginfo-5.14.21-150400.14.43.1 * gfs2-kmp-azure-debuginfo-5.14.21-150400.14.43.1 * gfs2-kmp-azure-5.14.21-150400.14.43.1 * dlm-kmp-azure-debuginfo-5.14.21-150400.14.43.1 * kernel-azure-optional-5.14.21-150400.14.43.1 * cluster-md-kmp-azure-5.14.21-150400.14.43.1 * openSUSE Leap 15.4 (aarch64 nosrc x86_64) * kernel-azure-5.14.21-150400.14.43.1 * openSUSE Leap 15.4 (noarch) * kernel-devel-azure-5.14.21-150400.14.43.1 * kernel-source-azure-5.14.21-150400.14.43.1 * Public Cloud Module 15-SP4 (aarch64 nosrc x86_64) * kernel-azure-5.14.21-150400.14.43.1 * Public Cloud Module 15-SP4 (aarch64 x86_64) * kernel-azure-debuginfo-5.14.21-150400.14.43.1 * kernel-syms-azure-5.14.21-150400.14.43.1 * kernel-azure-debugsource-5.14.21-150400.14.43.1 * kernel-azure-devel-5.14.21-150400.14.43.1 * kernel-azure-devel-debuginfo-5.14.21-150400.14.43.1 * Public Cloud Module 15-SP4 (noarch) * kernel-devel-azure-5.14.21-150400.14.43.1 * kernel-source-azure-5.14.21-150400.14.43.1 ## References: * https://www.suse.com/security/cve/CVE-2017-5753.html * https://www.suse.com/security/cve/CVE-2022-4744.html * https://www.suse.com/security/cve/CVE-2023-0394.html * https://www.suse.com/security/cve/CVE-2023-1281.html * https://www.suse.com/security/cve/CVE-2023-1513.html * https://www.suse.com/security/cve/CVE-2023-1582.html * https://www.suse.com/security/cve/CVE-2023-1637.html * https://www.suse.com/security/cve/CVE-2023-1652.html * https://www.suse.com/security/cve/CVE-2023-28327.html * https://www.suse.com/security/cve/CVE-2023-28464.html * https://www.suse.com/security/cve/CVE-2023-28466.html * https://bugzilla.suse.com/show_bug.cgi?id=1065729 * https://bugzilla.suse.com/show_bug.cgi?id=1109158 * https://bugzilla.suse.com/show_bug.cgi?id=1189998 * https://bugzilla.suse.com/show_bug.cgi?id=1193629 * https://bugzilla.suse.com/show_bug.cgi?id=1194869 * https://bugzilla.suse.com/show_bug.cgi?id=1198400 * https://bugzilla.suse.com/show_bug.cgi?id=1203200 * https://bugzilla.suse.com/show_bug.cgi?id=1206552 * https://bugzilla.suse.com/show_bug.cgi?id=1207168 * https://bugzilla.suse.com/show_bug.cgi?id=1207185 * https://bugzilla.suse.com/show_bug.cgi?id=1207574 * https://bugzilla.suse.com/show_bug.cgi?id=1208602 * https://bugzilla.suse.com/show_bug.cgi?id=1208815 * https://bugzilla.suse.com/show_bug.cgi?id=1208902 * https://bugzilla.suse.com/show_bug.cgi?id=1209052 * https://bugzilla.suse.com/show_bug.cgi?id=1209118 * https://bugzilla.suse.com/show_bug.cgi?id=1209256 * https://bugzilla.suse.com/show_bug.cgi?id=1209290 * https://bugzilla.suse.com/show_bug.cgi?id=1209292 * https://bugzilla.suse.com/show_bug.cgi?id=1209366 * https://bugzilla.suse.com/show_bug.cgi?id=1209532 * https://bugzilla.suse.com/show_bug.cgi?id=1209547 * https://bugzilla.suse.com/show_bug.cgi?id=1209556 * https://bugzilla.suse.com/show_bug.cgi?id=1209600 * https://bugzilla.suse.com/show_bug.cgi?id=1209634 * https://bugzilla.suse.com/show_bug.cgi?id=1209635 * https://bugzilla.suse.com/show_bug.cgi?id=1209636 * https://bugzilla.suse.com/show_bug.cgi?id=1209681 * https://bugzilla.suse.com/show_bug.cgi?id=1209684 * https://bugzilla.suse.com/show_bug.cgi?id=1209779 * https://bugzilla.suse.com/show_bug.cgi?id=1209788 * https://bugzilla.suse.com/show_bug.cgi?id=1209798 * https://bugzilla.suse.com/show_bug.cgi?id=1209799 * https://bugzilla.suse.com/show_bug.cgi?id=1209804 * https://bugzilla.suse.com/show_bug.cgi?id=1209805 * https://bugzilla.suse.com/show_bug.cgi?id=1210050 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Apr 10 12:32:37 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 10 Apr 2023 12:32:37 -0000 Subject: SUSE-SU-2023:1801-1: important: Security update for the Linux Kernel Message-ID: <168112995710.11649.7677267362576810016@smelt2.suse.de> # Security update for the Linux Kernel Announcement ID: SUSE-SU-2023:1801-1 Rating: important References: * #1065729 * #1076830 * #1109158 * #1181001 * #1193231 * #1199837 * #1203693 * #1206010 * #1207001 * #1207036 * #1207125 * #1207795 * #1207890 * #1208048 * #1208599 * #1208777 * #1208850 * #1209052 * #1209118 * #1209126 * #1209256 * #1209289 * #1209291 * #1209292 * #1209532 * #1209547 * #1209549 * #1209556 * #1209572 * #1209634 * #1209684 * #1209778 * #1209798 Cross-References: * CVE-2017-5753 * CVE-2021-3923 * CVE-2022-20567 * CVE-2023-0590 * CVE-2023-1076 * CVE-2023-1095 * CVE-2023-1281 * CVE-2023-1390 * CVE-2023-1513 * CVE-2023-23454 * CVE-2023-23455 * CVE-2023-28328 * CVE-2023-28464 * CVE-2023-28772 CVSS scores: * CVE-2017-5753 ( SUSE ): 7.1 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N * CVE-2017-5753 ( NVD ): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N * CVE-2017-5753 ( NVD ): 5.6 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N * CVE-2021-3923 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2021-3923 ( NVD ): 2.3 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N * CVE-2022-20567 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2022-20567 ( NVD ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-0590 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-0590 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-1076 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2023-1076 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N * CVE-2023-1095 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-1095 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-1281 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1281 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1390 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-1390 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-1513 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2023-1513 ( NVD ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2023-23454 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-23454 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-23455 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-23455 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-28464 ( SUSE ): 4.8 CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-28464 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-28772 ( SUSE ): 3.0 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:L * CVE-2023-28772 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves 14 vulnerabilities, contains one feature and has 19 fixes can now be installed. ## Description: The SUSE Linux Enterprise 12 SP5 Azure kernel was updated to receive various security and bugfixes. The following security bugs were fixed: * CVE-2017-5753: Fixed spectre V1 vulnerability on netlink (bsc#1209547). * CVE-2017-5753: Fixed spectre vulnerability in prlimit (bsc#1209256). * CVE-2021-3923: Fixed stack information leak vulnerability that could lead to kernel protection bypass in infiniband RDMA (bsc#1209778). * CVE-2022-20567: Fixed use after free that could lead to a local privilege escalation in pppol2tp_create of l2tp_ppp.c (bsc#1208850). * CVE-2023-0590: Fixed race condition in qdisc_graft() (bsc#1207795). * CVE-2023-1076: Fixed incorrect UID assigned to tun/tap sockets (bsc#1208599). * CVE-2023-1095: Fixed a NULL pointer dereference in nf_tables due to zeroed list head (bsc#1208777). * CVE-2023-1281: Fixed use after free that could lead to privilege escalation in tcindex (bsc#1209634). * CVE-2023-1390: Fixed remote DoS vulnerability in tipc_link_xmit() (bsc#1209289). * CVE-2023-1513: Fixed an uninitialized portions of the kvm_debugregs structure that could be copied to userspace, causing an information leak (bsc#1209532). * CVE-2023-23454: Fixed a type-confusion in the CBQ network scheduler (bsc#1207036). * CVE-2023-23455: Fixed a denial of service inside atm_tc_enqueue in net/sched/sch_atm.c because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results) (bsc#1207125). * CVE-2023-28328: Fixed a denial of service issue in az6027 driver in drivers/media/usb/dev-usb/az6027.c (bsc#1209291). * CVE-2023-28464: Fixed user-after-free that could lead to privilege escalation in hci_conn_cleanup in net/bluetooth/hci_conn.c (bsc#1209052). * CVE-2023-28772: Fixed buffer overflow in seq_buf_putmem_hex in lib/seq_buf.c (bsc#1209549). The following non-security bugs were fixed: * ARM: 8702/1: head-common.S: Clear lr before jumping to start_kernel() (git- fixes) * Bluetooth: btusb: Add VID:PID 13d3:3529 for Realtek RTL8821CE (git-fixes). * Bluetooth: btusb: do not call kfree_skb() under spin_lock_irqsave() (git- fixes). * Input: atmel_mxt_ts - fix double free in mxt_read_info_block (git-fixes). * KVM: arm64: Hide system instruction access to Trace registers (git-fixes) * NFSv4: Fix hangs when recovering open state after a server reboot (git- fixes). * PCI/MSI: Enforce MSI entry updates to be visible (git-fixes). * PCI/MSI: Enforce that MSI-X table entry is masked for update (git-fixes). * PCI/MSI: Mask all unused MSI-X entries (git-fixes). * PCI/MSI: Skip masking MSI-X on Xen PV (git-fixes). * PCI/PM: Always return devices to D0 when thawing (git-fixes). * PCI/PM: Avoid using device_may_wakeup() for runtime PM (git-fixes). * PCI: Add ACS quirk for Intel Root Complex Integrated Endpoints (git-fixes). * PCI: Add ACS quirk for iProc PAXB (git-fixes). * PCI: Avoid FLR for AMD Matisse HD Audio & USB 3.0 (git-fixes). * PCI: Avoid FLR for AMD Starship USB 3.0 (git-fixes). * PCI: Make ACS quirk implementations more uniform (git-fixes). * PCI: PM: Avoid forcing PCI_D0 for wakeup reasons inconsistently (git-fixes). * PCI: PM: Avoid skipping bus-level PM on platforms without ACPI (git-fixes). * PCI: Unify ACS quirk desired vs provided checking (git-fixes). * PCI: Use pci_update_current_state() in pci_enable_device_flags() (git- fixes). * PCI: aardvark: Do not blindly enable ASPM L0s and do not write to read-only register (git-fixes). * PCI: aardvark: Do not rely on jiffies while holding spinlock (git-fixes). * PCI: aardvark: Do not touch PCIe registers if no card connected (git-fixes). * PCI: aardvark: Fix a leaked reference by adding missing of_node_put() (git- fixes). * PCI: aardvark: Fix checking for PIO Non-posted Request (git-fixes). * PCI: aardvark: Fix kernel panic during PIO transfer (git-fixes). * PCI: aardvark: Improve link training (git-fixes). * PCI: aardvark: Indicate error in 'val' when config read fails (git-fixes). * PCI: aardvark: Introduce an advk_pcie_valid_device() helper (git-fixes). * PCI: aardvark: Remove PCIe outbound window configuration (git-fixes). * PCI: aardvark: Train link immediately after enabling training (git-fixes). * PCI: aardvark: Wait for endpoint to be ready before training link (git- fixes). * PCI: endpoint: Cast the page number to phys_addr_t (git-fixes). * PCI: endpoint: Fix for concurrent memory allocation in OB address region (git-fixes). * PCI: hv: Add a per-bus mutex state_lock (bsc#1207001). * PCI: hv: Fix a race condition in hv_irq_unmask() that can cause panic (bsc#1207001). * PCI: hv: Remove the useless hv_pcichild_state from struct hv_pci_dev (bsc#1207001). * PCI: hv: fix a race condition bug in hv_pci_query_relations() (bsc#1207001). * PCI: qcom: Use PHY_REFCLK_USE_PAD only for ipq8064 (git-fixes). * PCI: tegra: Fix OF node reference leak (git-fixes). * PCI: xgene-msi: Fix race in installing chained irq handler (git-fixes). * PM: hibernate: flush swap writer after marking (git-fixes). * README.BRANCH: Adding myself to the maintainer list * Revert "PCI: hv: Fix a timing issue which causes kdump to fail occasionally" (bsc#1207001). * Revert "arm64: dts: juno: add dma-ranges property" (git-fixes) * Revert "mei: me: enable asynchronous probing" (bsc#1208048, bsc#1209126). * SUNRPC: Fix a server shutdown leak (git-fixes). * applicom: Fix PCI device refcount leak in applicom_init() (git-fixes). * arm64/alternatives: do not patch up internal branches (git-fixes) * arm64/alternatives: move length validation inside the subsection (git-fixes) * arm64/alternatives: use subsections for replacement sequences (git-fixes) * arm64/cpufeature: Fix field sign for DIT hwcap detection (git-fixes) * arm64/mm: fix variable 'pud' set but not used (git-fixes) * arm64/mm: return cpu_all_mask when node is NUMA_NO_NODE (git-fixes) * arm64/vdso: Discard .note.gnu.property sections in vDSO (git-fixes) * arm64: Discard .note.GNU-stack section (bsc#1203693 bsc#1209798). * arm64: Do not forget syscall when starting a new thread. (git-fixes) * arm64: Fix compiler warning from pte_unmap() with (git-fixes) * arm64: Mark __stack_chk_guard as __ro_after_init (git-fixes) * arm64: Use test_tsk_thread_flag() for checking TIF_SINGLESTEP (git-fixes) * arm64: cmpxchg_double*: hazard against entire exchange variable (git-fixes) * arm64: cpu_ops: fix a leaked reference by adding missing of_node_put (git- fixes) * arm64: fix oops in concurrently setting insn_emulation sysctls (git-fixes) * arm64: kaslr: Reserve size of ARM64_MEMSTART_ALIGN in linear region (git- fixes) * arm64: kprobe: make page to RO mode when allocate it (git-fixes) * arm64: kpti: ensure patched kernel text is fetched from PoU (git-fixes) * arm64: psci: Avoid printing in cpu_psci_cpu_die() (git-fixes) * arm64: psci: Reduce the waiting time for cpu_psci_cpu_kill() (git-fixes) * arm64: unwind: Prohibit probing on return_address() (git-fixes) * crypto: arm64 - Fix unused variable compilation warnings of (git-fixes) * dt-bindings: reset: meson8b: fix duplicate reset IDs (git-fixes). * ftrace: Fix invalid address access in lookup_rec() when index is 0 (git- fixes). * ima: Fix function name error in comment (git-fixes). * ipv4: route: fix inet_rtm_getroute induced crash (git-fixes). * kabi: PCI: endpoint: Fix for concurrent memory allocation in OB address region (git-fixes). * kfifo: fix ternary sign extension bugs (git-fixes). * kgdb: Drop malformed kernel doc comment (git-fixes). * net: usb: lan78xx: Limit packet length to skb->len (git-fixes). * net: usb: qmi_wwan: Adding support for Cinterion MV31 (git-fixes). * net: usb: smsc75xx: Limit packet length to skb->len (git-fixes). * net: usb: smsc75xx: Move packet length check to prevent kernel panic in skb_pull (git-fixes). * net: usb: smsc95xx: Limit packet length to skb->len (git-fixes). * powerpc/btext: add missing of_node_put (bsc#1065729). * powerpc/powernv/ioda: Skip unallocated resources when mapping to PE (bsc#1065729). * powerpc/pseries/lpar: add missing RTAS retry status handling (bsc#1109158 ltc#169177 git-fixes). * powerpc/pseries/lparcfg: add missing RTAS retry status handling (bsc#1065729). * powerpc/rtas: ensure 4KB alignment for rtas_data_buf (bsc#1065729). * powerpc/xics: fix refcount leak in icp_opal_init() (bsc#1065729). * ppc64le: HWPOISON_INJECT=m (bsc#1209572). * ring-buffer: remove obsolete comment for free_buffer_page() (git-fixes). * s390/vfio-ap: fix memory leak in vfio_ap device driver (git-fixes). * sbitmap: Avoid lockups when waker gets preempted (bsc#1209118). * scsi: lpfc: Return DID_TRANSPORT_DISRUPTED instead of DID_REQUEUE (bsc#1199837). * scsi: qla2xxx: Synchronize the IOCB count to be in order (bsc#1209292 bsc#1209684 bsc#1209556). * timers/sched_clock: Prevent generic sched_clock wrap caused by tick_freeze() (git-fixes). * timers: Clear timer_base::must_forward_clk with (bsc#1207890) * tracing/hwlat: Replace sched_setaffinity with set_cpus_allowed_ptr (git- fixes). * tracing: Add NULL checks for buffer in ring_buffer_free_read_page() (git- fixes). * usb: chipidea: fix deadlock in ci_otg_del_timer (git-fixes). * usb: dwc3: exynos: Fix remove() function (git-fixes). * usb: dwc3: gadget: Stop processing more requests on IMI (git-fixes). * usb: misc: iowarrior: fix up header size for USB_DEVICE_ID_CODEMERCS_IOW100 (git-fixes). * usb: typec: altmodes/displayport: Fix probe pin assign check (git-fixes). * x86/PCI: Fix PCI IRQ routing table memory leak (git-fixes). * x86/apic: Add name to irq chip (bsc#1206010). * x86/apic: Deinline x2apic functions (bsc#1181001 jsc#ECO-3191). * x86/atomic: Fix smp_mb__{before,after}_atomic() (git-fixes). * x86/build: Add 'set -e' to mkcapflags.sh to delete broken capflags.c (git- fixes). * x86/ia32: Fix ia32_restore_sigcontext() AC leak (git-fixes). * x86/ioapic: Force affinity setup before startup (bsc#1193231). * x86/irq/64: Limit IST stack overflow check to #DB stack (git-fixes). * x86/mm: Remove in_nmi() warning from 64-bit implementation of vmalloc_fault() (git-fixes). * x86/paravirt: Fix callee-saved function ELF sizes (git-fixes). * x86/power: Fix 'nosmt' vs hibernation triple fault during resume (git- fixes). * x86/stacktrace: Prevent infinite loop in arch_stack_walk_user() (git-fixes). * x86/uaccess, signal: Fix AC=1 bloat (git-fixes). * x86/x2apic: Mark set_x2apic_phys_mode() as __init (bsc#1181001 jsc#ECO-3191). * x86/xen: Fix memory leak in xen_init_lock_cpu() (git-fixes). * x86/xen: Fix memory leak in xen_smp_intr_init{_pv}() (git-fixes). * xen-netfront: Fix NULL sring after live migration (git-fixes). * xen-netfront: Fix mismatched rtnl_unlock (git-fixes). * xen-netfront: Fix race between device setup and open (git-fixes). * xen-netfront: Update features after registering netdev (git-fixes). * xen-netfront: enable device after manual module load (git-fixes). * xen-netfront: fix potential deadlock in xennet_remove() (git-fixes). * xen-netfront: wait xenbus state change when load module manually (git- fixes). * xen/netfront: fix waiting for xenbus state change (git-fixes). * xen/netfront: stop tx queues during live migration (git-fixes). * xen/platform-pci: add missing free_irq() in error path (git-fixes). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-1801=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-1801=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-1801=1 ## Package List: * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (nosrc x86_64) * kernel-azure-4.12.14-16.130.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (x86_64) * kernel-azure-base-debuginfo-4.12.14-16.130.1 * kernel-azure-debugsource-4.12.14-16.130.1 * kernel-syms-azure-4.12.14-16.130.1 * kernel-azure-base-4.12.14-16.130.1 * kernel-azure-debuginfo-4.12.14-16.130.1 * kernel-azure-devel-4.12.14-16.130.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (noarch) * kernel-source-azure-4.12.14-16.130.1 * kernel-devel-azure-4.12.14-16.130.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (nosrc x86_64) * kernel-azure-4.12.14-16.130.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (x86_64) * kernel-azure-base-debuginfo-4.12.14-16.130.1 * kernel-azure-debugsource-4.12.14-16.130.1 * kernel-syms-azure-4.12.14-16.130.1 * kernel-azure-base-4.12.14-16.130.1 * kernel-azure-debuginfo-4.12.14-16.130.1 * kernel-azure-devel-4.12.14-16.130.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (noarch) * kernel-source-azure-4.12.14-16.130.1 * kernel-devel-azure-4.12.14-16.130.1 * SUSE Linux Enterprise Server 12 SP5 (nosrc x86_64) * kernel-azure-4.12.14-16.130.1 * SUSE Linux Enterprise Server 12 SP5 (x86_64) * kernel-azure-base-debuginfo-4.12.14-16.130.1 * kernel-azure-debugsource-4.12.14-16.130.1 * kernel-syms-azure-4.12.14-16.130.1 * kernel-azure-base-4.12.14-16.130.1 * kernel-azure-debuginfo-4.12.14-16.130.1 * kernel-azure-devel-4.12.14-16.130.1 * SUSE Linux Enterprise Server 12 SP5 (noarch) * kernel-source-azure-4.12.14-16.130.1 * kernel-devel-azure-4.12.14-16.130.1 ## References: * https://www.suse.com/security/cve/CVE-2017-5753.html * https://www.suse.com/security/cve/CVE-2021-3923.html * https://www.suse.com/security/cve/CVE-2022-20567.html * https://www.suse.com/security/cve/CVE-2023-0590.html * https://www.suse.com/security/cve/CVE-2023-1076.html * https://www.suse.com/security/cve/CVE-2023-1095.html * https://www.suse.com/security/cve/CVE-2023-1281.html * https://www.suse.com/security/cve/CVE-2023-1390.html * https://www.suse.com/security/cve/CVE-2023-1513.html * https://www.suse.com/security/cve/CVE-2023-23454.html * https://www.suse.com/security/cve/CVE-2023-23455.html * https://www.suse.com/security/cve/CVE-2023-28328.html * https://www.suse.com/security/cve/CVE-2023-28464.html * https://www.suse.com/security/cve/CVE-2023-28772.html * https://bugzilla.suse.com/show_bug.cgi?id=1065729 * https://bugzilla.suse.com/show_bug.cgi?id=1076830 * https://bugzilla.suse.com/show_bug.cgi?id=1109158 * https://bugzilla.suse.com/show_bug.cgi?id=1181001 * https://bugzilla.suse.com/show_bug.cgi?id=1193231 * https://bugzilla.suse.com/show_bug.cgi?id=1199837 * https://bugzilla.suse.com/show_bug.cgi?id=1203693 * https://bugzilla.suse.com/show_bug.cgi?id=1206010 * https://bugzilla.suse.com/show_bug.cgi?id=1207001 * https://bugzilla.suse.com/show_bug.cgi?id=1207036 * https://bugzilla.suse.com/show_bug.cgi?id=1207125 * https://bugzilla.suse.com/show_bug.cgi?id=1207795 * https://bugzilla.suse.com/show_bug.cgi?id=1207890 * https://bugzilla.suse.com/show_bug.cgi?id=1208048 * https://bugzilla.suse.com/show_bug.cgi?id=1208599 * https://bugzilla.suse.com/show_bug.cgi?id=1208777 * https://bugzilla.suse.com/show_bug.cgi?id=1208850 * https://bugzilla.suse.com/show_bug.cgi?id=1209052 * https://bugzilla.suse.com/show_bug.cgi?id=1209118 * https://bugzilla.suse.com/show_bug.cgi?id=1209126 * https://bugzilla.suse.com/show_bug.cgi?id=1209256 * https://bugzilla.suse.com/show_bug.cgi?id=1209289 * https://bugzilla.suse.com/show_bug.cgi?id=1209291 * https://bugzilla.suse.com/show_bug.cgi?id=1209292 * https://bugzilla.suse.com/show_bug.cgi?id=1209532 * https://bugzilla.suse.com/show_bug.cgi?id=1209547 * https://bugzilla.suse.com/show_bug.cgi?id=1209549 * https://bugzilla.suse.com/show_bug.cgi?id=1209556 * https://bugzilla.suse.com/show_bug.cgi?id=1209572 * https://bugzilla.suse.com/show_bug.cgi?id=1209634 * https://bugzilla.suse.com/show_bug.cgi?id=1209684 * https://bugzilla.suse.com/show_bug.cgi?id=1209778 * https://bugzilla.suse.com/show_bug.cgi?id=1209798 * https://jira.suse.com/browse/ECO-3191 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Apr 11 12:01:54 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 11 Apr 2023 14:01:54 +0200 (CEST) Subject: SUSE-IU-2023:219-1: Security update of suse-sles-15-sp4-chost-byos-v20230410-x86_64-gen2 Message-ID: <20230411120154.B3AC3F370@maintenance.suse.de> SUSE Image Update Advisory: suse-sles-15-sp4-chost-byos-v20230410-x86_64-gen2 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2023:219-1 Image Tags : suse-sles-15-sp4-chost-byos-v20230410-x86_64-gen2:20230410 Image Release : Severity : critical Type : security References : 1166486 1176785 1177529 1178233 1185232 1185261 1185441 1185621 1187071 1187260 1193282 1193629 1197534 1197617 1198438 1198458 1198458 1199282 1199756 1200710 1201066 1201490 1202120 1202353 1202633 1202890 1203200 1203201 1203248 1203249 1203331 1203332 1203355 1203410 1203715 1203746 1204363 1204548 1204956 1204993 1205200 1205375 1205544 1205554 1205570 1205588 1205636 1205846 1206065 1206103 1206224 1206232 1206235 1206459 1206483 1206492 1206493 1206640 1206772 1206781 1206824 1206876 1206877 1206878 1206880 1206881 1206882 1206883 1206884 1206885 1206886 1206889 1206894 1206935 1206949 1207022 1207051 1207270 1207294 1207328 1207416 1207529 1207560 1207571 1207588 1207589 1207590 1207591 1207592 1207593 1207594 1207603 1207605 1207606 1207607 1207608 1207609 1207610 1207613 1207615 1207617 1207618 1207619 1207620 1207621 1207623 1207624 1207625 1207626 1207628 1207630 1207631 1207632 1207634 1207635 1207636 1207638 1207639 1207641 1207642 1207643 1207644 1207645 1207646 1207647 1207648 1207651 1207653 1207723 1207770 1207773 1207780 1207843 1207845 1207853 1207875 1207957 1207975 1207996 1208036 1208149 1208153 1208179 1208183 1208212 1208290 1208358 1208420 1208428 1208429 1208432 1208449 1208471 1208534 1208541 1208570 1208595 1208598 1208599 1208601 1208603 1208605 1208607 1208628 1208700 1208741 1208759 1208776 1208777 1208784 1208787 1208816 1208828 1208837 1208843 1208848 1208924 1208925 1208926 1208957 1208959 1208998 1209001 1209008 1209017 1209018 1209019 1209159 1209188 1209188 1209188 1209209 1209210 1209211 1209212 1209214 1209256 1209258 1209262 1209291 1209361 1209362 1209436 1209457 1209481 1209483 1209485 1209504 1209533 1209624 CVE-2022-23471 CVE-2022-28737 CVE-2022-29217 CVE-2022-32746 CVE-2022-3523 CVE-2022-36109 CVE-2022-36280 CVE-2022-38096 CVE-2022-42331 CVE-2022-42332 CVE-2022-42333 CVE-2022-42334 CVE-2022-4899 CVE-2023-0045 CVE-2023-0225 CVE-2023-0461 CVE-2023-0464 CVE-2023-0512 CVE-2023-0597 CVE-2023-0614 CVE-2023-0687 CVE-2023-0922 CVE-2023-1075 CVE-2023-1076 CVE-2023-1078 CVE-2023-1095 CVE-2023-1118 CVE-2023-1127 CVE-2023-1170 CVE-2023-1175 CVE-2023-22995 CVE-2023-22998 CVE-2023-23000 CVE-2023-23004 CVE-2023-23559 CVE-2023-23931 CVE-2023-24329 CVE-2023-25012 CVE-2023-26545 CVE-2023-27320 CVE-2023-27533 CVE-2023-27534 CVE-2023-27535 CVE-2023-27536 CVE-2023-27538 CVE-2023-28328 CVE-2023-28486 CVE-2023-28487 ----------------------------------------------------------------- The container suse-sles-15-sp4-chost-byos-v20230410-x86_64-gen2 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2633-1 Released: Wed Aug 3 10:33:50 2022 Summary: Security update for mokutil Type: security Severity: moderate References: 1198458 This update for mokutil fixes the following issues: - Adds SBAT revocation support to mokutil. (bsc#1198458) New options added (see manpage): - mokutil --set-sbat-policy (latest | previous | delete) to set the SBAT acceptance policy. - mokutil --list-sbat-revocations To list the current SBAT revocations. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:713-1 Released: Mon Mar 13 10:25:04 2023 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: This update for suse-build-key fixes the following issues: This update provides multiple new 4096 RSA keys for SUSE Linux Enterprise 15, SUSE Manager 4.2/4.3, Storage 7.1, SUSE Registry) that we will switch to mid of 2023. (jsc#PED-2777) - gpg-pubkey-3fa1d6ce-63c9481c.asc: new 4096 RSA signing key for SUSE Linux Enterprise (RPM and repositories). - gpg-pubkey-d588dc46-63c939db.asc: new 4096 RSA reserve key for SUSE Linux Enterprise (RPM and repositories). - suse_ptf_key_4096.asc: new 4096 RSA signing key for PTF packages. - build-container-8fd6c337-63c94b45.asc/build-container-8fd6c337-63c94b45.pem: New RSA 4096 key for the SUSE registry registry.suse.com, installed as suse-container-key-2023.pem and suse-container-key-2023.asc - suse_ptf_containerkey_2023.asc suse_ptf_containerkey_2023.pem: New PTF container signing key for registry.suse.com/ptf/ space. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:714-1 Released: Mon Mar 13 10:53:25 2023 Summary: Recommended update for rpm Type: recommended Severity: important References: 1207294 This update for rpm fixes the following issues: - Fix missing python(abi) for 3.XX versions (bsc#1207294) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:722-1 Released: Tue Mar 14 14:57:15 2023 Summary: Security update for python-cryptography Type: security Severity: moderate References: 1208036,CVE-2023-23931 This update for python-cryptography fixes the following issues: - CVE-2023-23931: Fixed memory corruption due to invalidly changed immutable object (bsc#1208036). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:743-1 Released: Wed Mar 15 11:18:23 2023 Summary: Recommended update for gnutls Type: recommended Severity: moderate References: 1209001 This update for gnutls fixes the following issues: FIPS: Establish PBKDF2 additional requirements [bsc#1209001] * Set the minimum output key length to 112 bits (FIPS 140-3 IG D.N) * Set the minimum salt length to 128 bits (SP 800-132 sec. 5.1) * Set the minimum iterations count to 1000 (SP 800-132 sec 5.2) * Set the minimum passlen of 20 characters (SP SP800-132 sec 5) * Add regression tests for the new PBKDF2 requirements. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:776-1 Released: Thu Mar 16 17:29:23 2023 Summary: Recommended update for gcc12 Type: recommended Severity: moderate References: This update for gcc12 fixes the following issues: This update ships gcc12 also to the SUSE Linux Enterprise 15 SP1 LTSS and 15 SP2 LTSS products. SUSE Linux Enterprise 15 SP3 and SP4 get only refreshed builds without changes This update ship the GCC 12 compiler suite and its base libraries. The compiler baselibraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 11 ones. The new compilers for C, C++, and Fortran are provided in the SUSE Linux Enterprise Module for Development Tools. To use gcc12 compilers use: - install 'gcc12' or 'gcc12-c++' or one of the other 'gcc12-COMPILER' frontend packages. - override your makefile to use CC=gcc12, CXX=g++12 and similar overrides for the other languages. For a full changelog with all new GCC12 features, check out https://gcc.gnu.org/gcc-12/changes.html ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:781-1 Released: Thu Mar 16 19:07:00 2023 Summary: Security update for vim Type: security Severity: important References: 1207780,1208828,1208957,1208959,CVE-2023-0512,CVE-2023-1127,CVE-2023-1170,CVE-2023-1175 This update for vim fixes the following issues: - CVE-2023-0512: Fixed a divide By Zero (bsc#1207780). - CVE-2023-1175: vim: an incorrect calculation of buffer size (bsc#1208957). - CVE-2023-1170: Fixed a heap-based Buffer Overflow (bsc#1208959). - CVE-2023-1127: Fixed divide by zero in scrolldown() (bsc#1208828). Updated to version 9.0 with patch level 1386. - https://github.com/vim/vim/compare/v9.0.1234...v9.0.1386 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:782-1 Released: Thu Mar 16 19:08:34 2023 Summary: Recommended update for libgcrypt Type: recommended Severity: moderate References: 1208924,1208925,1208926 This update for libgcrypt fixes the following issues: - FIPS: ECC: Transition to error-state if PCT fail [bsc#1208925] - FIPS: ECDSA: Avoid no-keytest in ECDSA keygen [bsc#1208924] - FIPS: PBKDF2: Added additional checks for the minimum key length, salt length, iteration count and passphrase length to the kdf FIPS indicator in _gcry_fips_indicator_kdf() [bsc#1208926] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:783-1 Released: Thu Mar 16 19:09:03 2023 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1208998 This update for openssl-1_1 fixes the following issues: FIPS: Service-level indicator changes [bsc#1208998] * Add additional checks required by FIPS 140-3. Minimum values for PBKDF2 are: 112 bits for key, 128 bits for salt, 1000 for iteration count and 20 characters for password. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:785-1 Released: Thu Mar 16 19:34:43 2023 Summary: Recommended update for grub2 Type: recommended Severity: moderate References: 1205200,1205554 This update for grub2 fixes the following issues: - Remove zfs modules (bsc#1205554) - Make grub.cfg invariant to efi and legacy platforms (bsc#1205200) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:788-1 Released: Thu Mar 16 19:37:59 2023 Summary: Recommended update for libsolv, libzypp, zypper Type: recommended Severity: important References: 1178233,1203248,1203249,1203715,1204548,1204956,1205570,1205636,1206949 This update for libsolv, libzypp, zypper fixes the following issues: libsolv: - Do not autouninstall SUSE PTF packages - Ensure 'duplinvolvedmap_all' is reset when a solver is reused - Fix 'keep installed' jobs not disabling 'best update' rules - New '-P' and '-W' options for `testsolv` - New introspection interface for weak dependencies similar to ruleinfos - Ensure special case file dependencies are written correctly in the testcase writer - Support better info about alternatives - Support decision reason queries - Support merging of related decisions - Support stringification of multiple solvables - Support stringification of ruleinfo, decisioninfo and decision reasons libzypp: - Avoid calling getsockopt when we know the info already. This patch should fix logging on WSL, getsockopt seems to not be fully supported but the code required it when accepting new socket connections (bsc#1178233) - Avoid redirecting 'history.logfile=/dev/null' into the target - Create '.no_auto_prune' in the package cache dir to prevent auto cleanup of orphaned repositories (bsc#1204956) - Enhance yaml-cpp detection - Improve download of optional files - MultiCurl: Make sure to reset the progress function when falling back. - Properly reset range requests (bsc#1204548) - Removing a PTF without enabled repos should always fail (bsc#1203248) Without enabled repos, the dependent PTF-packages would be removed (not replaced!) as well. To remove a PTF `zypper install -- -PTF` or a dedicated `zypper removeptf PTF` should be used. This will update the installed PTF packages to theit latest version. - Skip media.1/media download for http repo status calc. This patch allows zypp to skip a extra media.1/media download to calculate if a repository needs to be refreshed. This optimisation only takes place if the repo does specify only downloading base urls. - Use a dynamic fallback for BLKSIZE in downloads. When not receiving a blocklist via metalink file from the server MediaMultiCurl used to fallback to a fixed, relatively small BLKSIZE. This patch changes the fallback into a dynamic value based on the filesize using a similar metric as the MirrorCache implementation on the server side. - ProgressData: enforce reporting the INIT||END state (bsc#1206949) - ps: fix service detection on newer Tumbleweed systems (bsc#1205636) zypper: - Allow to (re)add a service with the same URL (bsc#1203715) - Bump dependency requirement to libzypp-devel 17.31.7 or greater - Explain outdatedness of repositories - patterns: Avoid dispylaing superfluous @System entries (bsc#1205570) - Provide `removeptf` command (bsc#1203249) A remove command which prefers replacing dependant packages to removing them as well. A PTF is typically removed as soon as the fix it provides is applied to the latest official update of the dependant packages. However it is not desired for the dependant packages to be removed together with the PTF, which is what the remove command would do. The `removeptf` command however will aim to replace the dependant packages by their official update versions. - Update man page and explain '.no_auto_prune' (bsc#1204956) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:790-1 Released: Fri Mar 17 05:20:00 2023 Summary: Recommended update for kexec-tools Type: recommended Severity: important References: 1203410 This update for kexec-tools fixes the following issues: - Remove ram_top restriction (bsc#1203410) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:794-1 Released: Fri Mar 17 08:42:12 2023 Summary: Security update for python-PyJWT Type: security Severity: critical References: 1176785,1199282,1199756,CVE-2022-29217 This update for python-PyJWT fixes the following issues: - CVE-2022-29217: Fixed Key confusion through non-blocklisted public key formats (bsc#1199756). - Update in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629) - Update to 2.4.0 (bsc#1199756) - Explicit check the key for ECAlgorithm - Don't use implicit optionals - documentation fix: show correct scope - fix: Update copyright information - Don't mutate options dictionary in .decode_complete() - Add support for Python 3.10 - api_jwk: Add PyJWKSet.__getitem__ - Update usage.rst - Docs: mention performance reasons for reusing RSAPrivateKey when encoding - Fixed typo in usage.rst - Add detached payload support for JWS encoding and decoding - Replace various string interpolations with f-strings by ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:795-1 Released: Fri Mar 17 09:13:12 2023 Summary: Security update for docker Type: security Severity: moderate References: 1205375,1206065,CVE-2022-36109 This update for docker fixes the following issues: Docker was updated to 20.10.23-ce. See upstream changelog at https://docs.docker.com/engine/release-notes/#201023 Docker was updated to 20.10.21-ce (bsc#1206065) See upstream changelog at https://docs.docker.com/engine/release-notes/#201021 Security issues fixed: - CVE-2022-36109: Fixed supplementary group permissions bypass (bsc#1205375) - Fix wrong After: in docker.service, fixes bsc#1188447 - Add apparmor-parser as a Recommends to make sure that most users will end up with it installed even if they are primarily running SELinux. - Allow to install container-selinux instead of apparmor-parser. - Change to using systemd-sysusers ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:848-1 Released: Tue Mar 21 13:28:38 2023 Summary: Security update for xen Type: security Severity: important References: 1209017,1209018,1209019,1209188,CVE-2022-42331,CVE-2022-42332,CVE-2022-42333,CVE-2022-42334 This update for xen fixes the following issues: - CVE-2022-42332: Fixed use-after-free in x86 shadow plus log-dirty mode (bsc#1209017). - CVE-2022-42333,CVE-2022-42334: Fixed x86/HVM pinned cache attributes mis-handling (bsc#1209018). - CVE-2022-42331: Fixed speculative vulnerability in 32bit SYSCALL path on x86 (bsc#1209019). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:868-1 Released: Wed Mar 22 09:41:01 2023 Summary: Security update for python3 Type: security Severity: important References: 1203355,1208471,CVE-2023-24329 This update for python3 fixes the following issues: - CVE-2023-24329: Fixed a blocklist bypass via the urllib.parse component when supplying a URL that starts with blank characters (bsc#1208471). The following non-security bug was fixed: - Eliminate unnecessary and dangerous calls to PyThread_exit_thread() (bsc#1203355). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1582-1 Released: Mon Mar 27 10:31:52 2023 Summary: Security update for curl Type: security Severity: moderate References: 1209209,1209210,1209211,1209212,1209214,CVE-2023-27533,CVE-2023-27534,CVE-2023-27535,CVE-2023-27536,CVE-2023-27538 This update for curl fixes the following issues: - CVE-2023-27533: Fixed TELNET option IAC injection (bsc#1209209). - CVE-2023-27534: Fixed SFTP path ~ resolving discrepancy (bsc#1209210). - CVE-2023-27535: Fixed FTP too eager connection reuse (bsc#1209211). - CVE-2023-27536: Fixed GSS delegation too eager connection reuse (bsc#1209212). - CVE-2023-27538: Fixed SSH connection too eager reuse still (bsc#1209214). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1586-1 Released: Mon Mar 27 13:02:52 2023 Summary: Recommended update for nfs-utils Type: recommended Severity: moderate References: 1200710,1203746,1206781,1207022,1207843 This update for nfs-utils fixes the following issues: - Rename all drop-in options.conf files as 10-options.conf This makes it easier for other packages to over-ride with a drop-in with a later sequence number (bsc#1207843) - Avoid modprobe errors when sysctl is not installed (bsc#1200710 bsc#1207022 bsc#1206781) - Add '-S scope' option to rpc.nfsd to simplify fail-over cluster configuration (bsc#1203746) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1628-1 Released: Tue Mar 28 12:28:51 2023 Summary: Security update for containerd Type: security Severity: important References: 1206235,CVE-2022-23471 This update for containerd fixes the following issues: - CVE-2022-23471: Fixed host memory exhaustion through Terminal resize goroutine leak (bsc#1206235). - Re-build containerd to use updated golang-packaging (jsc#1342). - Update to containerd v1.6.16 for Docker v23.0.0-ce. * https://github.com/containerd/containerd/releases/tag/v1.6.16 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1636-1 Released: Tue Mar 28 13:26:02 2023 Summary: Recommended update for suse-module-tools Type: recommended Severity: moderate References: 1207853 This update for suse-module-tools fixes the following issues: - Update to version 15.4.16: * modprobe.conf: s390x: remove softdep on fbcon (bsc#1207853) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1665-1 Released: Wed Mar 29 12:55:13 2023 Summary: Security update for sudo Type: security Severity: moderate References: 1203201,1206483,1206772,1208595,1209361,1209362,CVE-2023-27320,CVE-2023-28486,CVE-2023-28487 This update for sudo fixes the following issue: Security issues: - CVE-2023-28486: Fixed sudo does not escape control characters in log messages. (bsc#1209362) - CVE-2023-28487: Fixed sudo does not escape control characters in sudoreplay output. (bsc#1209361) - CVE-2023-27320: Fixed a potential security issue with a double free with per-command chroot sudoers rules (bsc#1208595). Bug fixes: - Fix a situation where 'sudo -U otheruser -l' would dereference a NULL pointer (bsc#1206483) - If NOPASSWD is specified, don't ask for password if command is not found (bsc#1206772). - Do not re-enable the reader when flushing the buffers as part of pty_finish() (bsc#1203201). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1670-1 Released: Wed Mar 29 13:47:50 2023 Summary: Recommended update for cpupower Type: recommended Severity: moderate References: 1202890 This update for cpupower fixes the following issues: - Replace error with a warning if perf is unavailable (bsc#1202890) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1688-1 Released: Wed Mar 29 18:19:10 2023 Summary: Security update for zstd Type: security Severity: moderate References: 1209533,CVE-2022-4899 This update for zstd fixes the following issues: - CVE-2022-4899: Fixed buffer overrun in util.c (bsc#1209533). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1689-1 Released: Wed Mar 29 18:34:08 2023 Summary: Security update for ldb, samba Type: security Severity: important References: 1201490,1207416,1207723,1207996,1209481,1209483,1209485,CVE-2022-32746,CVE-2023-0225,CVE-2023-0614,CVE-2023-0922 This update for ldb, samba fixes the following issues: ldb: - CVE-2022-32746: Fixed an use-after-free issue in the database audit logging module (bsc#1201490). - CVE-2023-0614: Fixed discovering of access controlled AD LDAP attributes (bso#15270) (bsc#1209485). samba: - CVE-2023-0922: Fixed cleartext password sending by AD DC admin tool (bso#15315) (bsc#1209481). - CVE-2023-0225: Fixed deletion of AD DC 'dnsHostname' attribute by unprivileged authenticated users (bso#15276) (bsc#1209483). - CVE-2023-0614: Fixed discovering of access controlled AD LDAP attributes (bso#15270) (bsc#1209485). The following non-security bug were fixed: - Prevent use after free of messaging_ctdb_fde_ev structs (bso#15293) (bsc#1207416). - Ship missing samba-winbind-libs-32bit package (bsc#1207996) - Ship missing samba-libs to SLE Micro 5.3 (bsc#1207723) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1697-1 Released: Thu Mar 30 11:37:19 2023 Summary: Recommended update for bind Type: recommended Severity: moderate References: This update for bind fixes the following issues: - A constant stream of zone additions and deletions via rndc reconfig could cause increased memory consumption due to delayed cleaning of view memory. - The speed of the message digest algorithms (MD5, SHA-1, SHA-2) and of NSEC3 hashing has been improved. - Building BIND 9 failed when the --enable-dnsrps switch for ./configure was used. (jsc#SLE-24600) - Updated keyring and signature ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1702-1 Released: Thu Mar 30 15:23:23 2023 Summary: Security update for shim Type: security Severity: important References: 1185232,1185261,1185441,1185621,1187071,1187260,1193282,1198458,1201066,1202120,1205588,CVE-2022-28737 This update for shim fixes the following issues: - Updated shim signature after shim 15.7 be signed back: signature-sles.x86_64.asc, signature-sles.aarch64.asc (bsc#1198458) - Add POST_PROCESS_PE_FLAGS=-N to the build command in shim.spec to disable the NX compatibility flag when using post-process-pe because grub2 is not ready. (bsc#1205588) - Enable the NX compatibility flag by default. (jsc#PED-127) Update to 15.7 (bsc#1198458) (jsc#PED-127): - Make SBAT variable payload introspectable - Reference MokListRT instead of MokList - Add a link to the test plan in the readme. - [V3] Enable TDX measurement to RTMR register - Discard load-options that start with a NUL - Fixed load_cert_file bugs - Add -malign-double to IA32 compiler flags - pe: Fix image section entry-point validation - make-archive: Build reproducible tarball - mok: remove MokListTrusted from PCR 7 Other fixes: - Support enhance shim measurement to TD RTMR. (jsc#PED-1273) - shim-install: ensure grub.cfg created is not overwritten after installing grub related files - Add logic to shim.spec to only set sbat policy when efivarfs is writeable. (bsc#1201066) - Add logic to shim.spec for detecting --set-sbat-policy option before using mokutil to set sbat policy. (bsc#1202120) - Change the URL in SBAT section to mail:security at suse.de. (bsc#1193282) Update to 15.6 (bsc#1198458): - MokManager: removed Locate graphic output protocol fail error message - shim: implement SBAT verification for the shim_lock protocol - post-process-pe: Fix a missing return code check - Update github actions matrix to be more useful - post-process-pe: Fix format string warnings on 32-bit platforms - Allow MokListTrusted to be enabled by default - Re-add ARM AArch64 support - Use ASCII as fallback if Unicode Box Drawing characters fail - make: don't treat cert.S specially - shim: use SHIM_DEVEL_VERBOSE when built in devel mode - Break out of the inner sbat loop if we find the entry. - Support loading additional certificates - Add support for NX (W^X) mitigations. - Fix preserve_sbat_uefi_variable() logic - SBAT Policy latest should be a one-shot - pe: Fix a buffer overflow when SizeOfRawData > VirtualSize - pe: Perform image verification earlier when loading grub - Update advertised sbat generation number for shim - Update SBAT generation requirements for 05/24/22 - Also avoid CVE-2022-28737 in verify_image() by @vathpela Update to 15.5 (bsc#1198458): - Broken ia32 relocs and an unimportant submodule change. - mok: allocate MOK config table as BootServicesData - Don't call QueryVariableInfo() on EFI 1.10 machines (bsc#1187260) - Relax the check for import_mok_state() (bsc#1185261) - SBAT.md: trivial changes - shim: another attempt to fix load options handling - Add tests for our load options parsing. - arm/aa64: fix the size of .rela* sections - mok: fix potential buffer overrun in import_mok_state - mok: relax the maximum variable size check - Don't unhook ExitBootServices when EBS protection is disabled - fallback: find_boot_option() needs to return the index for the boot entry in optnum - httpboot: Ignore case when checking HTTP headers - Fallback allocation errors - shim: avoid BOOTx64.EFI in message on other architectures - str: remove duplicate parameter check - fallback: add compile option FALLBACK_NONINTERACTIVE - Test mok mirror - Modify sbat.md to help with readability. - csv: detect end of csv file correctly - Specify that the .sbat section is ASCII not UTF-8 - tests: add 'include-fixed' GCC directory to include directories - pe: simplify generate_hash() - Don't make shim abort when TPM log event fails (RHBZ #2002265) - Fallback to default loader if parsed one does not exist - fallback: Fix for BootOrder crash when index returned - Better console checks - docs: update SBAT UEFI variable name - Don't parse load options if invoked from removable media path - fallback: fix fallback not passing arguments of the first boot option - shim: Don't stop forever at 'Secure Boot not enabled' notification - Allocate mokvar table in runtime memory. - Remove post-process-pe on 'make clean' - pe: missing perror argument - CVE-2022-28737: Fixed a buffer overflow when SizeOfRawData > VirtualSize (bsc#1198458) - Add mokutil command to post script for setting sbat policy to latest mode when the SbatPolicy-605dab50-e046-4300-abb6-3dd810dd8b23 is not created. (bsc#1198458) - Updated vendor dbx binary and script (bsc#1198458) - Updated dbx-cert.tar.xz and vendor-dbx-sles.bin for adding SLES-UEFI-SIGN-Certificate-2021-05.crt to vendor dbx list. - Updated dbx-cert.tar.xz and vendor-dbx-opensuse.bin for adding openSUSE-UEFI-SIGN-Certificate-2021-05.crt to vendor dbx list. - Updated vendor-dbx.bin for adding SLES-UEFI-SIGN-Certificate-2021-05.crt and openSUSE-UEFI-SIGN-Certificate-2021-05.crt for testing environment. - Updated generate-vendor-dbx.sh script for generating a vendor-dbx.bin file which includes all .der for testing environment. - avoid buffer overflow when copying data to the MOK config table (bsc#1185232) - Disable exporting vendor-dbx to MokListXRT since writing a large RT variable could crash some machines (bsc#1185261) - ignore the odd LoadOptions length (bsc#1185232) - shim-install: reset def_shim_efi to 'shim.efi' if the given file doesn't exist - relax the maximum variable size check for u-boot (bsc#1185621) - handle ignore_db and user_insecure_mode correctly (bsc#1185441, bsc#1187071) - Split the keys in vendor-dbx.bin to vendor-dbx-sles and vendor-dbx-opensuse for shim-sles and shim-opensuse to reduce the size of MokListXRT (bsc#1185261) + Also update generate-vendor-dbx.sh in dbx-cert.tar.xz ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1710-1 Released: Fri Mar 31 13:21:39 2023 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1166486,1177529,1193629,1197534,1197617,1198438,1202353,1202633,1203200,1203331,1203332,1204363,1204993,1205544,1205846,1206103,1206224,1206232,1206459,1206492,1206493,1206640,1206824,1206876,1206877,1206878,1206880,1206881,1206882,1206883,1206884,1206885,1206886,1206889,1206894,1206935,1207051,1207270,1207328,1207529,1207560,1207588,1207589,1207590,1207591,1207592,1207593,1207594,1207603,1207605,1207606,1207607,1207608,1207609,1207610,1207613,1207615,1207617,1207618,1207619,1207620,1207621,1207623,1207624,1207625,1207626,1207628,1207630,1207631,1207632,1207634,1207635,1207636,1207638,1207639,1207641,1207642,1207643,1207644,1207645,1207646,1207647,1207648,1207651,1207653,1207770,1207773,1207845,1207875,1208149,1208153,1208179,1208183,1208212,1208290,1208420,1208428,1208429,1208449,1208534,1208541,1208570,1208598,1208599,1208601,1208603,1208605,1208607,1208628,1208700,1208741,1208759,1208776,1208777,1208784,1208787,1208816,1208837,1208843,1208848,1209008,1209159,1209188,1 209256,1209258,1209262,1209291,1209436,1209457,1209504,CVE-2022-3523,CVE-2022-36280,CVE-2022-38096,CVE-2023-0045,CVE-2023-0461,CVE-2023-0597,CVE-2023-1075,CVE-2023-1076,CVE-2023-1078,CVE-2023-1095,CVE-2023-1118,CVE-2023-22995,CVE-2023-22998,CVE-2023-23000,CVE-2023-23004,CVE-2023-23559,CVE-2023-25012,CVE-2023-26545,CVE-2023-28328 The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security and bugfixes. - CVE-2022-3523: Fixed a use after free related to device private page handling (bsc#1204363). - CVE-2022-36280: Fixed out-of-bounds memory access vulnerability found in vmwgfx driver (bsc#1203332). - CVE-2022-38096: Fixed NULL-ptr deref in vmw_cmd_dx_define_query() (bsc#1203331). - CVE-2023-0045: Fixed missing Flush IBP in ib_prctl_set (bsc#1207773). - CVE-2023-0461: Fixed use-after-free in icsk_ulp_data (bsc#1208787). - CVE-2023-0597: Fixed lack of randomization of per-cpu entry area in x86/mm (bsc#1207845). - CVE-2023-1075: Fixed a type confusion in tls_is_tx_ready (bsc#1208598). - CVE-2023-1076: Fixed incorrect UID assigned to tun/tap sockets (bsc#1208599). - CVE-2023-1078: Fixed a heap out-of-bounds write in rds_rm_zerocopy_callback (bsc#1208601). - CVE-2023-1095: Fixed a NULL pointer dereference in nf_tables due to zeroed list head (bsc#1208777). - CVE-2023-1118: Fixed a use-after-free bugs caused by ene_tx_irqsim() in media/rc (bsc#1208837). - CVE-2023-22995: Fixed lacks of certain platform_device_put and kfree in drivers/usb/dwc3/dwc3-qcom.c (bsc#1208741). - CVE-2023-22998: Fixed NULL vs IS_ERR checking in virtio_gpu_object_shmem_init (bsc#1208776). - CVE-2023-23000: Fixed return value of tegra_xusb_find_port_node function phy/tegra (bsc#1208816). - CVE-2023-23004: Fixed misinterpretation of get_sg_table return value (bsc#1208843). - CVE-2023-23559: Fixed integer overflow in rndis_wlan that leads to a buffer overflow (bsc#1207051). - CVE-2023-25012: Fixed a use-after-free in bigben_set_led() (bsc#1207560). - CVE-2023-26545: Fixed double free in net/mpls/af_mpls.c upon an allocation failure (bsc#1208700). - CVE-2023-28328: Fixed a denial of service issue in az6027 driver in drivers/media/usb/dev-usb/az6027.c (bsc#1209291). The following non-security bugs were fixed: - [infiniband] READ is 'data destination', not source... (git-fixes) - [xen] fix 'direction' argument of iov_iter_kvec() (git-fixes). - acpi/x86: Add support for LPS0 callback handler (git-fixes). - acpi: Do not build ACPICA with '-Os' (git-fixes). - acpi: NFIT: fix a potential deadlock during NFIT teardown (git-fixes). - acpi: PM: s2idle: Add support for upcoming AMD uPEP HID AMDI008 (bsc#1206224). - acpi: PM: s2idle: Use LPS0 idle if ACPI_FADT_LOW_POWER_S0 is unset (bsc#1206224). - acpi: battery: Fix missing NUL-termination with large strings (git-fixes). - acpi: resource: Add helper function acpi_dev_get_memory_resources() (git-fixes). - acpi: video: Fix Lenovo Ideapad Z570 DMI match (git-fixes). - acpi: x86: s2idle: Add a quirk for ASUS ROG Zephyrus G14 (bsc#1206224). - acpi: x86: s2idle: Add a quirk for ASUS TUF Gaming A17 FA707RE (bsc#1206224). - acpi: x86: s2idle: Add a quirk for ASUSTeK COMPUTER INC. ROG Flow X13 (bsc#1206224). - acpi: x86: s2idle: Add a quirk for Lenovo Slim 7 Pro 14ARH7 (bsc#1206224). - acpi: x86: s2idle: Add another ID to s2idle_dmi_table (bsc#1206224). - acpi: x86: s2idle: Add module parameter to prefer Microsoft GUID (bsc#1206224). - acpi: x86: s2idle: Fix a NULL pointer dereference (bsc#1206224). - acpi: x86: s2idle: Force AMD GUID/_REV 2 on HP Elitebook 865 (bsc#1206224). - acpi: x86: s2idle: If a new AMD _HID is missing assume Rembrandt (bsc#1206224). - acpi: x86: s2idle: Move _HID handling for AMD systems into structures (bsc#1206224). - acpi: x86: s2idle: Stop using AMD specific codepath for Rembrandt+ (bsc#1206224). - acpica: Drop port I/O validation for some regions (git-fixes). - acpica: nsrepair: handle cases without a return value correctly (git-fixes). - add cherry-picked id for nouveau patch - alsa: emux: Avoid potential array out-of-bound in snd_emux_xg_control() (git-fixes). - alsa: hda/ca0132: minor fix for allocation size (git-fixes). - alsa: hda/conexant: add a new hda codec SN6180 (git-fixes). - alsa: hda/realtek - fixed wrong gpio assigned (git-fixes). - alsa: hda/realtek: Add Positivo N14KP6-TG (git-fixes). - alsa: hda/realtek: Add quirk for ASUS UM3402 using CS35L41 (git-fixes). - alsa: hda/realtek: Add quirk for HP EliteDesk 800 G6 Tower PC (git-fixes). - alsa: hda/realtek: Enable mute/micmute LEDs on HP Elitebook, 645 G9 (git-fixes). - alsa: hda/realtek: Fix the speaker output on Samsung Galaxy Book2 Pro 360 (git-fixes). - alsa: hda/realtek: fix mute/micmute LEDs do not work for a HP platform (git-fixes). - alsa: hda: Do not unset preset when cleaning up codec (git-fixes). - alsa: hda: Match only Intel devices with CONTROLLER_IN_GPU() (git-fixes). - alsa: ice1712: Delete unreachable code in aureon_add_controls() (git-fixes). - alsa: ice1712: Do not left ice->gpio_mutex locked in aureon_add_controls() (git-fixes). - alsa: pci: lx6464es: fix a debug loop (git-fixes). - applicom: Fix PCI device refcount leak in applicom_init() (git-fixes). - arm64: Treat ESR_ELx as a 64-bit register (git-fixes) - arm64: atomics: remove LL/SC trampolines (git-fixes) - arm64: cacheinfo: Fix incorrect assignment of signed error value to (git-fixes) - arm64: cmpxchg_double*: hazard against entire exchange variable (git-fixes) - arm64: dts: amlogic: meson-axg: fix SCPI clock dvfs node name (git-fixes). - arm64: dts: amlogic: meson-gx-libretech-pc: fix update button name (git-fixes). - arm64: dts: amlogic: meson-gx: add missing SCPI sensors compatible (git-fixes). - arm64: dts: amlogic: meson-gx: add missing unit address to rng node name (git-fixes). - arm64: dts: amlogic: meson-gx: fix SCPI clock dvfs node name (git-fixes). - arm64: dts: amlogic: meson-gxbb-kii-pro: fix led node name (git-fixes). - arm64: dts: amlogic: meson-gxl-s905d-phicomm-n1: fix led node name (git-fixes). - arm64: dts: amlogic: meson-gxl-s905d-sml5442tw: drop invalid clock-names property (git-fixes). - arm64: dts: amlogic: meson-gxl: add missing unit address to eth-phy-mux node name (git-fixes). - arm64: dts: amlogic: meson-sm1-bananapi-m5: fix adc keys node names (git-fixes). - arm64: dts: amlogic: meson-sm1-odroid-hc4: fix active fan thermal trip (git-fixes). - arm64: dts: arm: drop unused interrupt-names in MHU (git-fixes) - arm64: dts: imx8m: Align SoC unique ID node unit address (git-fixes). - arm64: dts: juno: Add missing MHU secure-irq (git-fixes) - arm64: dts: mediatek: mt7622: Add missing pwm-cells to pwm node (git-fixes). - arm64: dts: mediatek: mt8183: Fix systimer 13 MHz clock description (git-fixes). - arm64: dts: meson-axg: Make mmc host controller interrupts level-sensitive (git-fixes). - arm64: dts: meson-g12-common: Make mmc host controller interrupts level-sensitive (git-fixes). - arm64: dts: meson-g12a: Fix internal Ethernet PHY unit name (git-fixes). - arm64: dts: meson-gx: Fix Ethernet MAC address unit name (git-fixes). - arm64: dts: meson-gx: Fix the SCPI DVFS node name and unit address (git-fixes). - arm64: dts: meson-gx: Make mmc host controller interrupts level-sensitive (git-fixes). - arm64: dts: meson: bananapi-m5: switch VDDIO_C pin to OPEN_DRAIN (git-fixes). - arm64: dts: meson: remove CPU opps below 1GHz for G12A boards (git-fixes). - arm64: dts: mt8192: Fix CPU map for single-cluster SoC (git-fixes). - arm64: dts: qcom: Fix IPQ8074 PCIe PHY nodes (git-fixes). - arm64: dts: qcom: ipq8074: correct Gen2 PCIe ranges (git-fixes). - arm64: dts: qcom: ipq8074: correct PCIe QMP PHY output clock names (git-fixes). - arm64: dts: qcom: ipq8074: correct USB3 QMP PHY-s clock output names (git-fixes). - arm64: dts: qcom: ipq8074: fix Gen2 PCIe QMP PHY (git-fixes). - arm64: dts: qcom: ipq8074: fix Gen3 PCIe QMP PHY (git-fixes). - arm64: dts: qcom: ipq8074: fix Gen3 PCIe node (git-fixes). - arm64: dts: qcom: ipq8074: fix PCIe PHY serdes size (git-fixes). - arm64: dts: qcom: pmk8350: Specify PBS register for PON (git-fixes). - arm64: dts: qcom: pmk8350: Use the correct PON compatible (git-fixes). - arm64: dts: qcom: qcs404: use symbol names for PCIe resets (git-fixes). - arm64: dts: qcom: sc7180: correct SPMI bus address cells (git-fixes). - arm64: dts: qcom: sc7280: correct SPMI bus address cells (git-fixes). - arm64: dts: qcom: sdm845-db845c: fix audio codec interrupt pin name (git-fixes). - arm64: dts: qcom: sm8150-kumano: Panel framebuffer is 2.5k instead of 4k (git-fixes). - arm64: dts: renesas: beacon-renesom: Fix gpio expander reference (git-fixes). - arm64: dts: rockchip: drop unused LED mode property from rk3328-roc-cc (git-fixes). - arm64: dts: ti: k3-j7200: Fix wakeup pinmux range (git-fixes). - arm64: efi: Make efi_rt_lock a raw_spinlock (git-fixes). - arm64: make is_ttbrX_addr() noinstr-safe (git-fixes) - arm64: mm: kfence: only handle translation faults (git-fixes) - arm: OMAP1: call platform_device_put() in error case in omap1_dm_timer_init() (git-fixes). - arm: OMAP2+: Fix memory leak in realtime_counter_init() (git-fixes). - arm: bcm2835_defconfig: Enable the framebuffer (git-fixes). - arm: dts: am5748: keep usb4_tm disabled (git-fixes) - arm: dts: exynos: Use Exynos5420 compatible for the MIPI video phy (git-fixes). - arm: dts: exynos: correct HDMI phy compatible in Exynos4 (git-fixes). - arm: dts: exynos: correct TMU phandle in Exynos4 (git-fixes). - arm: dts: exynos: correct TMU phandle in Exynos4210 (git-fixes). - arm: dts: exynos: correct TMU phandle in Exynos5250 (git-fixes). - arm: dts: exynos: correct TMU phandle in Odroid HC1 (git-fixes). - arm: dts: exynos: correct TMU phandle in Odroid XU (git-fixes). - arm: dts: exynos: correct TMU phandle in Odroid XU3 family (git-fixes). - arm: dts: exynos: correct wr-active property in Exynos3250 Rinato (git-fixes). - arm: dts: imx7-colibri-eval-v3: correct can controller comment (git-fixes) - arm: dts: imx7s: correct iomuxc gpr mux controller cells (git-fixes). - arm: dts: qcom: msm8974: add required ranges to OCMEM (git-fixes) - arm: dts: qcom: sdx55: Add Qcom SMMU-500 as the fallback for IOMMU node (git-fixes). - arm: dts: rockchip: add power-domains property to dp node on rk3288 (git-fixes). - arm: dts: spear320-hmi: correct STMPE GPIO compatible (git-fixes). - arm: dts: stm32: add missing usbh clock and fix clk order on (git-fixes) - arm: dts: stm32: use usbphyc ck_usbo_48m as USBH OHCI clock on (git-fixes) - arm: dts: sun8i: nanopi-duo2: Fix regulator GPIO reference (git-fixes). - arm: imx: Call ida_simple_remove() for ida_simple_get (git-fixes). - arm: imx: rename DEBUG_IMX21_IMX27_UART to DEBUG_IMX27_UART (git-fixes) - arm: omap: remove debug-leds driver (git-fixes) - arm: remove some dead code (git-fixes) - arm: renumber bits related to _TIF_WORK_MASK (git-fixes) - arm: s3c: fix s3c64xx_set_timer_source prototype (git-fixes). - arm: shmobile: rcar-gen2: Add missing of_node_put() (git-fixes) - arm: zynq: Fix refcount leak in zynq_early_slcr_init (git-fixes). - asoc: Intel: boards: fix spelling in comments (git-fixes). - asoc: Intel: bytcht_es8316: Drop reference count of ACPI device after use (git-fixes). - asoc: Intel: bytcht_es8316: move comment to the right place (git-fixes). - asoc: Intel: sof_cs42l42: always set dpcm_capture for amplifiers (git-fixes). - asoc: Intel: sof_rt5682: always set dpcm_capture for amplifiers (git-fixes). - asoc: adau7118: do not disable regulators on device unbind (git-fixes). - asoc: codecs: Change bulk clock voting to optional voting in digital codecs (git-fixes). - asoc: codecs: lpass: fix incorrect mclk rate (git-fixes). - asoc: codecs: rx-macro: move clk provider to managed variants (git-fixes). - asoc: codecs: rx-macro: move to individual clks from bulk (git-fixes). - asoc: codecs: tx-macro: move clk provider to managed variants (git-fixes). - asoc: codecs: tx-macro: move to individual clks from bulk (git-fixes). - asoc: cs42l56: fix DT probe (git-fixes). - asoc: dt-bindings: meson: fix gx-card codec node regex (git-fixes). - asoc: fsl_sai: Update to modern clocking terminology (git-fixes). - asoc: kirkwood: Iterate over array indexes instead of using pointer math (git-fixes). - asoc: mchp-spdifrx: Fix uninitialized use of mr in mchp_spdifrx_hw_params() (git-fixes). - asoc: mchp-spdifrx: disable all interrupts in mchp_spdifrx_dai_remove() (git-fixes). - asoc: mchp-spdifrx: fix controls which rely on rsr register (git-fixes). - asoc: rsnd: Remove unnecessary rsnd_dbg_dai_call() (git-fixes). - asoc: rsnd: fixup #endif position (git-fixes). - asoc: rt715-sdca: fix clock stop prepare timeout issue (git-fixes). - asoc: soc-compress.c: fixup private_data on snd_soc_new_compress() (git-fixes). - asoc: soc-compress: Reposition and add pcm_mutex (git-fixes). - asoc: soc-dapm.h: fixup warning struct snd_pcm_substream not declared (git-fixes). - asoc: tlv320adcx140: fix 'ti,gpio-config' DT property init (git-fixes). - asoc: topology: Return -ENOMEM on memory allocation failure (git-fixes). - asoc: zl38060 add gpiolib dependency (git-fixes). - asoc: zl38060: Remove spurious gpiolib select (git-fixes). - ath9k: hif_usb: simplify if-if to if-else (git-fixes). - ath9k: htc: clean up statistics macros (git-fixes). - auxdisplay: hd44780: Fix potential memory leak in hd44780_remove() (git-fixes). - avoid deadlock for recursive I/O on dm-thin when used as swap (bsc#1177529). - backlight: backlight: Fix doc for backlight_device_get_by_name (git-fixes). - blk-cgroup: fix missing pd_online_fn() while activating policy (git-fixes). - blk-mq: fix possible memleak when register 'hctx' failed (git-fixes). - block, bfq: fix uaf for bfqq in bic_set_bfqq() (git-fixes). - block/bfq-iosched.c: use 'false' rather than 'BLK_RW_ASYNC' (git-fixes). - block: bio-integrity: Copy flags when bio_integrity_payload is cloned (bsc#1208541). - block: clear ->slave_dir when dropping the main slave_dir reference (git-fixes). - block: do not allow splitting of a REQ_NOWAIT bio (git-fixes). - block: fix and cleanup bio_check_ro (git-fixes). - block: mq-deadline: Do not break sequential write streams to zoned HDDs (git-fixes). - block: mq-deadline: Rename deadline_is_seq_writes() (git-fixes). - bluetooth: L2CAP: Fix potential user-after-free (git-fixes). - bluetooth: btusb: Add VID:PID 13d3:3529 for Realtek RTL8821CE (git-fixes). - bluetooth: hci_qca: get wakeup status from serdev device handle (git-fixes). - bluetooth: hci_sock: purge socket queues in the destruct() callback (git-fixes). - bpf, perf: Use subprog name when reporting subprog ksymbol (git fixes). - bpf, x64: Factor out emission of REX byte in more cases (git-fixes). - bpf: Fix a possible task gone issue with bpf_send_signal[_thread]() helpers (git-fixes). - bpf: Fix extable address check (git-fixes). - bpf: Fix extable fixup offset (git-fixes). - bpf: Skip task with pid=1 in send_signal_common() (git-fixes). - can: j1939: do not wait 250 ms if the same addr was already claimed (git-fixes). - ceph: flush cap releases when the session is flushed (bsc#1208428). - ceph: update the time stamps and try to drop the suid/sgid (bsc#1209504). - cifs: Check the lease context if we actually got a lease (bsc#1193629). - cifs: Convert struct fealist away from 1-element array (bsc#1193629). - cifs: Fix lost destroy smbd connection when MR allocate failed (git-fixes). - cifs: Fix oops due to uncleared server->smbd_conn in reconnect (git-fixes). - cifs: Fix uninitialized memory read in smb3_qfs_tcon() (bsc#1193629). - cifs: Fix uninitialized memory reads for oparms.mode (bsc#1193629). - cifs: Fix use-after-free in rdata->read_into_pages() (git-fixes). - cifs: Fix warning and UAF when destroy the MR list (git-fixes). - cifs: Get rid of unneeded conditional in the smb2_get_aead_req() (bsc#1193629). - cifs: Replace remaining 1-element arrays (bsc#1193629). - cifs: Replace zero-length arrays with flexible-array members (bsc#1193629). - cifs: Use kstrtobool() instead of strtobool() (bsc#1193629). - cifs: do not try to use rdma offload on encrypted connections (bsc#1193629). - cifs: fix mount on old smb servers (boo#1206935). - cifs: get rid of dns resolve worker (bsc#1193629). - cifs: get rid of unneeded conditional in cifs_get_num_sgs() (bsc#1193629). - cifs: improve checking of DFS links over STATUS_OBJECT_NAME_INVALID (git-fixes). - cifs: introduce cifs_io_parms in smb2_async_writev() (bsc#1193629). - cifs: match even the scope id for ipv6 addresses (bsc#1193629). - cifs: prevent data race in cifs_reconnect_tcon() (bsc#1193629). - cifs: prevent data race in smb2_reconnect() (bsc#1193629). - cifs: print last update time for interface list (bsc#1193629). - cifs: remove unneeded 2bytes of padding from smb2 tree connect (bsc#1193629). - cifs: return a single-use cfid if we did not get a lease (bsc#1193629). - cifs: reuse cifs_match_ipaddr for comparison of dstaddr too (bsc#1193629). - cifs: split out smb3_use_rdma_offload() helper (bsc#1193629). - cifs: update ip_addr for ses only for primary chan setup (bsc#1193629). - cifs: use tcon allocation functions even for dummy tcon (git-fixes). - cifs: use the least loaded channel for sending requests (bsc#1193629). - clk: HI655X: select REGMAP instead of depending on it (git-fixes). - clk: Honor CLK_OPS_PARENT_ENABLE in clk_core_is_enabled() (git-fixes). - clk: imx: avoid memory leak (git-fixes). - clk: mxl: Add option to override gate clks (git-fixes). - clk: mxl: Fix a clk entry by adding relevant flags (git-fixes). - clk: mxl: Remove redundant spinlocks (git-fixes). - clk: mxl: Switch from direct readl/writel based IO to regmap based IO (git-fixes). - clk: mxl: syscon_node_to_regmap() returns error pointers (git-fixes). - clk: qcom: gcc-qcs404: disable gpll[04]_out_aux parents (git-fixes). - clk: qcom: gcc-qcs404: fix names of the DSI clocks used as parents (git-fixes). - clk: ralink: fix 'mt7621_gate_is_enabled()' function (git-fixes). - clk: renesas: cpg-mssr: Fix use after free if cpg_mssr_common_init() failed (git-fixes). - clk: renesas: cpg-mssr: Remove superfluous check in resume code (git-fixes). - clocksource: Suspend the watchdog temporarily when high read latency detected (git-fixes). - comedi: use menuconfig for main Comedi menu (git-fixes). - crypto: arm64 - Fix unused variable compilation warnings of (git-fixes) - crypto: ccp - Avoid page allocation failure warning for SEV_GET_ID2 (git-fixes). - crypto: ccp - Failure on re-initialization due to duplicate sysfs filename (git-fixes). - crypto: crypto4xx - Call dma_unmap_page when done (git-fixes). - crypto: essiv - Handle EBUSY correctly (git-fixes). - crypto: qat - fix out-of-bounds read (git-fixes). - crypto: rsa-pkcs1pad - Use akcipher_request_complete (git-fixes). - crypto: seqiv - Handle EBUSY correctly (git-fixes). - crypto: x86/ghash - fix unaligned access in ghash_setkey() (git-fixes). - crypto: xts - Handle EBUSY correctly (git-fixes). - delete patches.suse/drm-i915-Don-t-use-BAR-mappings-for-ring-buffers-wit.patch Resulted in an Oops / hang at boot (bsc#1209436) - dmaengine: dw-axi-dmac: Do not dereference NULL structure (git-fixes). - dmaengine: dw-edma: Do not permit non-inc interleaved xfers (git-fixes). - dmaengine: dw-edma: Drop chancnt initialization (git-fixes). - dmaengine: dw-edma: Fix invalid interleaved xfers semantics (git-fixes). - dmaengine: dw-edma: Fix missing src/dst address of interleaved xfers (git-fixes). - dmaengine: dw-edma: Fix readq_ch() return value truncation (git-fixes). - dmaengine: idxd: Set traffic class values in GRPCFG on DSA 2.0 (git-fixes). - dmaengine: ptdma: check for null desc before calling pt_cmd_callback (git-fixes). - dmaengine: sf-pdma: pdma_desc memory leak fix (git-fixes). - do not sign the vanilla kernel (bsc#1209008). - docs/scripts/gdb: add necessary make scripts_gdb step (git-fixes). - docs: Correct missing 'd_' prefix for dentry_operations member d_weak_revalidate (git-fixes). - docs: ftrace: fix a issue with duplicated subtitle number (git-fixes). - docs: gdbmacros: print newest record (git-fixes). - documentation/hw-vuln: Document the interaction between IBRS and STIBP (git-fixes). - documentation: simplify and clarify DCO contribution example language (git-fixes). - driver core: fix potential null-ptr-deref in device_add() (git-fixes). - driver core: fix resource leak in device_add() (git-fixes). - driver core: fw_devlink: Add DL_FLAG_CYCLE support to device links (git-fixes). - drivers/md/md-bitmap: check the return value of md_bitmap_get_counter() (git-fixes). - drivers: base: transport_class: fix possible memory leak (git-fixes). - drivers: base: transport_class: fix resource leak when transport_add_device() fails (git-fixes). - drm/amd/display: Fail atomic_check early on normalize_zpos error (git-fixes). - drm/amd/display: Fix potential null-deref in dm_resume (git-fixes). - drm/amd/display: Fix timing not changning when freesync video is enabled (git-fixes). - drm/amd/display: Properly handle additional cases where DCN is not supported (git-fixes). - drm/amd/display: reduce else-if to else in dcn10_blank_pixel_data() (git-fixes). - drm/amdgpu/fence: Fix oops due to non-matching drm_sched init/fini (git-fixes). - drm/amdgpu: fix enum odm_combine_mode mismatch (git-fixes). - drm/amdgpu: fix error checking in amdgpu_read_mm_registers for soc15 (git-fixes). - drm/bridge: Fix returned array size name for atomic_get_input_bus_fmts kdoc (git-fixes). - drm/bridge: lt8912b: Add hot plug detection (git-fixes). - drm/bridge: lt9611: fix HPD reenablement (git-fixes). - drm/bridge: lt9611: fix clock calculation (git-fixes). - drm/bridge: lt9611: fix polarity programming (git-fixes). - drm/bridge: lt9611: fix programming of video modes (git-fixes). - drm/bridge: lt9611: fix sleep mode setup (git-fixes). - drm/bridge: lt9611: pass a pointer to the of node (git-fixes). - drm/bridge: megachips: Fix error handling in i2c_register_driver() (git-fixes). - drm/connector: print max_requested_bpc in state debugfs (git-fixes). - drm/edid: fix AVI infoframe aspect ratio handling (git-fixes). - drm/fourcc: Add missing big-endian XRGB1555 and RGB565 formats (git-fixes). - drm/hyperv : Removing the restruction of VRAM allocation with PCI bar size (git-fixes). - drm/hyperv: Fix an error handling path in hyperv_vmbus_probe() (git-fixes). - drm/i915/gen11: Moving WAs to icl_gt_workarounds_init() (git-fixes). - drm/i915/gen11: Wa_1408615072/Wa_1407596294 should be on GT list (git-fixes). - drm/i915/quirks: Add inverted backlight quirk for HP 14-r206nv (git-fixes). - drm/i915: Do not use BAR mappings for ring buffers with LLC (git-fixes). - drm/i915: Fix VBT DSI DVO port handling (git-fixes). - drm/i915: Initialize the obj flags for shmem objects (git-fixes). - drm/mediatek: Clean dangling pointer on bind error path (git-fixes). - drm/mediatek: Drop unbalanced obj unref (git-fixes). - drm/mediatek: Use NULL instead of 0 for NULL pointer (git-fixes). - drm/mediatek: dsi: Reduce the time of dsi from LP11 to sending cmd (git-fixes). - drm/mediatek: mtk_drm_crtc: Add checks for devm_kcalloc (git-fixes). - drm/meson: fix 1px pink line on GXM when scaling video overlay (git-fixes). - drm/mipi-dsi: Fix byte order of 16-bit DCS set/get brightness (git-fixes). - drm/msm/a5xx: fix context faults during ring switch (git-fixes). - drm/msm/a5xx: fix highest bank bit for a530 (git-fixes). - drm/msm/a5xx: fix setting of the CP_PREEMPT_ENABLE_LOCAL register (git-fixes). - drm/msm/a5xx: fix the emptyness check in the preempt code (git-fixes). - drm/msm/adreno: Fix null ptr access in adreno_gpu_cleanup() (git-fixes). - drm/msm/disp/dpu: fix sc7280_pp base offset (git-fixes). - drm/msm/dpu: Add check for cstate (git-fixes). - drm/msm/dpu: Add check for pstates (git-fixes). - drm/msm/dpu: Disallow unallocated resources to be returned (git-fixes). - drm/msm/dpu: drop stale comment from struct dpu_mdp_cfg doc (git-fixes). - drm/msm/dpu: fix len of sc7180 ctl blocks (git-fixes). - drm/msm/dpu: set pdpu->is_rt_pipe early in dpu_plane_sspp_atomic_update() (git-fixes). - drm/msm/dsi: Add missing check for alloc_ordered_workqueue (git-fixes). - drm/msm/gem: Add check for kmalloc (git-fixes). - drm/msm/hdmi: Add missing check for alloc_ordered_workqueue (git-fixes). - drm/msm/mdp5: Add check for kzalloc (git-fixes). - drm/msm: Fix potential invalid ptr free (git-fixes). - drm/msm: clean event_thread->worker in case of an error (git-fixes). - drm/msm: use strscpy instead of strncpy (git-fixes). - drm/nouveau/devinit/tu102-: wait for GFW_BOOT_PROGRESS == COMPLETED (git-fixes). - drm/nouveau/kms/nv50-: remove unused functions (git-fixes). - drm/nouveau/kms/nv50: fix nv50_wndw_new_ prototype (git-fixes). - drm/omap: dsi: Fix excessive stack usage (git-fixes). - drm/omapdrm: Remove unused struct csc_coef_rgb2yuv (git-fixes). - drm/panfrost: Do not sync rpm suspension after mmu flushing (git-fixes). - drm/radeon: Fix eDP for single-display iMac11,2 (git-fixes). - drm/radeon: free iio for atombios when driver shutdown (git-fixes). - drm/shmem-helper: Remove another errant put in error path (git-fixes). - drm/sun4i: fix missing component unbind on bind errors (git-fixes). - drm/tiny: ili9486: Do not assume 8-bit only SPI controllers (git-fixes). - drm/vc4: dpi: Add option for inverting pixel clock and output enable (git-fixes). - drm/vc4: dpi: Fix format mapping for RGB565 (git-fixes). - drm/vc4: hdmi: Correct interlaced timings again (git-fixes). - drm/vc4: hvs: Fix colour order for xRGB1555 on HVS5 (git-fixes). - drm/vc4: hvs: Set AXI panic modes (git-fixes). - drm/vc4: vec: Use pm_runtime_resume_and_get() in vc4_vec_encoder_enable() (git-fixes). - drm/virtio: exbuf->fence_fd unmodified on interrupted wait (git-fixes). - drm/vkms: Fix memory leak in vkms_init() (git-fixes). - drm/vkms: Fix null-ptr-deref in vkms_release() (git-fixes). - drm: Fix potential null-ptr-deref due to drmm_mode_config_init() (git-fixes). - drm: amd: display: Fix memory leakage (git-fixes). - drm: mxsfb: DRM_MXSFB should depend on ARCH_MXS || ARCH_MXC (git-fixes). - drm: panel-orientation-quirks: Add quirk for Lenovo IdeaPad Duet 3 10IGL5 (git-fixes). - drm: tidss: Fix pixel format definition (git-fixes). - dt-bindings: arm: fsl: Fix bindings for APF28Dev board (git-fixes). - dt-bindings: hwlock: sun6i: Add missing #hwlock-cells (git-fixes). - dt-bindings: input: iqs626a: Redefine trackpad property types (git-fixes). - dt-bindings: msm: dsi-controller-main: Add vdd* descriptions back in (git-fixes). - dt-bindings: net: snps,dwmac: Fix snps,reset-delays-us dependency (git-fixes). - dt-bindings: power: supply: pm8941-coincell: Do not require charging properties (git-fixes). - dt-bindings: usb: amlogic,meson-g12a-usb-ctrl: make G12A usb3-phy0 optional (git-fixes). - eeprom: idt_89hpesx: Fix error handling in idt_init() (git-fixes). - efi: Accept version 2 of memory attributes table (git-fixes). - exit: Add and use make_task_dead (bsc#1207328). - exit: Allow oops_limit to be disabled (bsc#1207328). - exit: Guarantee make_task_dead leaks the tsk when calling do_task_exit (bsc#1207328). - exit: Move force_uaccess back into do_exit (bsc#1207328). - exit: Move oops specific logic from do_exit into make_task_dead (bsc#1207328). - exit: Put an upper limit on how often we can oops (bsc#1207328). - exit: Stop poorly open coding do_task_dead in make_task_dead (bsc#1207328). - exit: Use READ_ONCE() for all oops/warn limit reads (bsc#1207328). - ext4,f2fs: fix readahead of verity data (bsc#1207648). - ext4: add EXT4_IGET_BAD flag to prevent unexpected bad inode (bsc#1207619). - ext4: add EXT4_INODE_HAS_XATTR_SPACE macro in xattr.h (bsc#1206878). - ext4: add helper to check quota inums (bsc#1207618). - ext4: add inode table check in __ext4_get_inode_loc to aovid possible infinite loop (bsc#1207617). - ext4: add missing validation of fast-commit record lengths (bsc#1207626). - ext4: allocate extended attribute value in vmalloc area (bsc#1207635). - ext4: avoid crash when inline data creation follows DIO write (bsc#1206883). - ext4: avoid resizing to a partial cluster size (bsc#1206880). - ext4: avoid unaccounted block allocation when expanding inode (bsc#1207634). - ext4: continue to expand file system when the target size does not reach (bsc#1206882). - ext4: correct cluster len and clusters changed accounting in ext4_mb_mark_bb (bsc#1207592). - ext4: correct max_inline_xattr_value_size computing (bsc#1206878). - ext4: correct the misjudgment in ext4_iget_extra_inode (bsc#1206878). - ext4: disable fast-commit of encrypted dir operations (bsc#1207623). - ext4: do not allow journal inode to have encrypt flag (bsc#1207621). - ext4: do not increase iversion counter for ea_inodes (bsc#1207605). - ext4: do not run ext4lazyinit for read-only filesystems (bsc#1207603). - ext4: do not set up encryption key during jbd2 transaction (bsc#1207624). - ext4: drop ineligible txn start stop APIs (bsc#1207588). - ext4: ext4_read_bh_lock() should submit IO if the buffer isn't uptodate (bsc#1207606). - ext4: factor out ext4_fc_get_tl() (bsc#1207615). - ext4: fast commit may miss file actions (bsc#1207591). - ext4: fast commit may not fallback for ineligible commit (bsc#1207590). - ext4: fix BUG_ON() when directory entry has invalid rec_len (bsc#1206886). - ext4: fix bug in extents parsing when eh_entries == 0 and eh_depth > 0 (bsc#1206881). - ext4: fix bug_on in __es_tree_search caused by bad boot loader inode (bsc#1207620). - ext4: fix bug_on in start_this_handle during umount filesystem (bsc#1207594). - ext4: fix deadlock due to mbcache entry corruption (bsc#1207653). - ext4: fix delayed allocation bug in ext4_clu_mapped for bigalloc + inline (bsc#1207631). - ext4: fix dir corruption when ext4_dx_add_entry() fails (bsc#1207608). - ext4: fix error code return to user-space in ext4_get_branch() (bsc#1207630). - ext4: fix ext4_mb_mark_bb() with flex_bg with fast_commit (bsc#1207593). - ext4: fix extent status tree race in writeback error recovery path (bsc#1206877). - ext4: fix inode leak in ext4_xattr_inode_create() on an error path (bsc#1207636). - ext4: fix kernel BUG in 'ext4_write_inline_data_end()' (bsc#1206894). - ext4: fix leaking uninitialized memory in fast-commit journal (bsc#1207625). - ext4: fix miss release buffer head in ext4_fc_write_inode (bsc#1207609). - ext4: fix null-ptr-deref in ext4_write_info (bsc#1206884). - ext4: fix off-by-one errors in fast-commit block filling (bsc#1207628). - ext4: fix potential memory leak in ext4_fc_record_modified_inode() (bsc#1207611). - ext4: fix potential memory leak in ext4_fc_record_regions() (bsc#1207612). - ext4: fix potential out of bound read in ext4_fc_replay_scan() (bsc#1207616). - ext4: fix reserved cluster accounting in __es_remove_extent() (bsc#1207637). - ext4: fix unaligned memory access in ext4_fc_reserve_space() (bsc#1207627). - ext4: fix undefined behavior in bit shift for ext4_check_flag_values (bsc#1206890). - ext4: fix uninititialized value in 'ext4_evict_inode' (bsc#1206893). - ext4: fix use-after-free in ext4_ext_shift_extents (bsc#1206888). - ext4: fix use-after-free in ext4_orphan_cleanup (bsc#1207622). - ext4: fix use-after-free in ext4_xattr_set_entry (bsc#1206878). - ext4: fix warning in 'ext4_da_release_space' (bsc#1206887). - ext4: goto right label 'failed_mount3a' (bsc#1207610). - ext4: init quota for 'old.inode' in 'ext4_rename' (bsc#1207629). - ext4: initialize quota before expanding inode in setproject ioctl (bsc#1207633). - ext4: introduce EXT4_FC_TAG_BASE_LEN helper (bsc#1207614). - ext4: limit the number of retries after discarding preallocations blocks (bsc#1207602). - ext4: make ext4_lazyinit_thread freezable (bsc#1206885). - ext4: place buffer head allocation before handle start (bsc#1207607). - ext4: silence the warning when evicting inode with dioread_nolock (bsc#1206889). - ext4: simplify updating of fast commit stats (bsc#1207589). - ext4: update 'state->fc_regions_size' after successful memory allocation (bsc#1207613). - ext4: update s_overhead_clusters in the superblock during an on-line resize (bsc#1206876). - fbdev: omapfb: cleanup inconsistent indentation (git-fixes). - fbdev: smscufx: fix error handling code in ufx_usb_probe (git-fixes). - firmware/efi sysfb_efi: Add quirk for Lenovo IdeaPad Duet 3 (git-fixes). - firmware: coreboot: Remove GOOGLE_COREBOOT_TABLE_ACPI/OF Kconfig entries (git-fixes). - firmware: coreboot: framebuffer: Ignore reserved pixel color bits (git-fixes). - firmware: dmi-sysfs: Fix null-ptr-deref in dmi_sysfs_register_handle (git-fixes). - firmware: stratix10-svc: add missing gen_pool_destroy() in stratix10_svc_drv_probe() (git-fixes). - firmware: xilinx: do not make a sleepable memory allocation from an atomic context (git-fixes). - fix page corruption caused by racy check in __free_pages (bsc#1208149). - fork: allow CLONE_NEWTIME in clone3 flags (bsc#1209258). - fs: ext4: initialize fsdata in pagecache_write() (bsc#1207632). - fscache_cookie_enabled: check cookie is valid before accessing it (bsc#1208429). - fuse: add inode/permission checks to fileattr_get/fileattr_set (bsc#1208759). - genirq: Provide new interfaces for affinity hints (bsc#1208153). - gpio: tegra186: remove unneeded loop in tegra186_gpio_init_route_mapping() (git-fixes). - gpio: vf610: connect GPIO label to dev name (git-fixes). - gpu: host1x: Do not skip assigning syncpoints to channels (git-fixes). - gpu: ipu-v3: common: Add of_node_put() for reference returned by of_graph_get_port_by_id() (git-fixes). - hid: Add Mapping for System Microphone Mute (git-fixes). - hid: asus: use spinlock to protect concurrent accesses (git-fixes). - hid: asus: use spinlock to safely schedule workers (git-fixes). - hid: bigben: use spinlock to protect concurrent accesses (git-fixes). - hid: bigben: use spinlock to safely schedule workers (git-fixes). - hid: bigben_probe(): validate report count (git-fixes). - hid: bigben_worker() remove unneeded check on report_field (git-fixes). - hid: core: Fix deadloop in hid_apply_multiplier (git-fixes). - hid: elecom: add support for TrackBall 056E:011C (git-fixes). - hid: logitech-hidpp: Do not restart communication if not necessary (git-fixes). - hid: multitouch: Add quirks for flipped axes (git-fixes). - hid: retain initial quirks set up when creating HID devices (git-fixes). - hv: fix comment typo in vmbus_channel/low_latency (git-fixes). - hv_netvsc: Allocate memory in netvsc_dma_map() with GFP_ATOMIC (git-fixes). - hv_netvsc: Check status in SEND_RNDIS_PKT completion message (git-fixes). - hwmon: (adm1266) Set `can_sleep` flag for GPIO chip (git-fixes). - hwmon: (adt7475) Display smoothing attributes in correct order (git-fixes). - hwmon: (adt7475) Fix masking of hysteresis registers (git-fixes). - hwmon: (coretemp) Simplify platform device handling (git-fixes). - hwmon: (ftsteutates) Fix scaling of measurements (git-fixes). - hwmon: (ina3221) return prober error code (git-fixes). - hwmon: (k10temp): Add support for new family 17h and 19h models (bsc#1208848). - hwmon: (ltc2945) Handle error case in ltc2945_value_store (git-fixes). - hwmon: (ltc2992) Set `can_sleep` flag for GPIO chip (git-fixes). - hwmon: (mlxreg-fan) Return zero speed for broken fan (git-fixes). - hwmon: (ucd90320) Add minimum delay between bus accesses (git-fixes). - hwmon: (xgene) Fix use after free bug in xgene_hwmon_remove due to race condition (git-fixes). - hwmon: tmp512: drop of_match_ptr for ID table (git-fixes). - i2c: designware-pci: Add new PCI IDs for AMD NAVI GPU (git-fixes). - i2c: designware: fix i2c_dw_clk_rate() return size to be u32 (git-fixes). - i2c: mxs: suppress probe-deferral error message (git-fixes). - i2c: rk3x: fix a bunch of kernel-doc warnings (git-fixes). - ib/hfi1: Assign npages earlier (git-fixes) - ib/hfi1: Fix math bugs in hfi1_can_pin_pages() (git-fixes) - ib/hfi1: Fix sdma.h tx->num_descs off-by-one errors (git-fixes) - ib/hfi1: Restore allocated resources on failed copyout (git-fixes) - ib/hfi1: Update RMT size calculation (git-fixes) - ib/ipoib: Fix legacy IPoIB due to wrong number of queues (git-fixes) - iio: accel: mma9551_core: Prevent uninitialized variable in mma9551_read_config_word() (git-fixes). - iio: accel: mma9551_core: Prevent uninitialized variable in mma9551_read_status_word() (git-fixes). - iio: light: tsl2563: Do not hardcode interrupt trigger type (git-fixes). - input: ads7846 - always set last command to PWRDOWN (git-fixes). - input: ads7846 - do not check penirq immediately for 7845 (git-fixes). - input: ads7846 - do not report pressure for ads7845 (git-fixes). - input: iqs269a - configure device with a single block write (git-fixes). - input: iqs269a - drop unused device node references (git-fixes). - input: iqs269a - increase interrupt handler return delay (git-fixes). - input: iqs626a - drop unused device node references (git-fixes). - interconnect: exynos: fix node leak in probe PM QoS error path (git-fixes). - interconnect: fix mem leak when freeing nodes (git-fixes). - interconnect: qcom: osm-l3: fix icc_onecell_data allocation (git-fixes). - iommu/hyper-v: Allow hyperv irq remapping without x2apic (git-fixes). - ipmi:ssif: Add a timer between request retries (bsc#1206459). - ipmi:ssif: Remove rtc_us_timer (bsc#1206459). - ipmi:ssif: resend_msg() cannot fail (bsc#1206459). - ipmi_ssif: Rename idle state and check (bsc#1206459). - irqchip/gic-v3: Refactor ISB + EOIR at ack time (git-fixes) - iw_cxgb4: Fix potential NULL dereference in c4iw_fill_res_cm_id_entry() (git-fixes) - jbd2: Fix up kABI of ext4 fast commit interface (bsc#1207590). - jbd2: add miss release buffer head in fc_do_one_pass() (bsc#1207646). - jbd2: fix a potential race while discarding reserved buffers after an abort (bsc#1207641). - jbd2: fix potential buffer head reference count leak (bsc#1207644). - jbd2: fix potential use-after-free in jbd2_fc_wait_bufs (bsc#1207645). - jbd2: wake up journal waiters in FIFO order, not LIFO (bsc#1207643). - kABI workaround for hid quirks (git-fixes). - kABI: pci: Reduce warnings on possible RW1C corruption (kabi). - kABI: pci: dwc: Add dw_pcie_ops.host_deinit() callback (kabi). - kabi fix for nfsv4: Fix free of uninitialized nfs4_label on referral lookup (git-fixes). - kabi fix for: NFSv3: handle out-of-order write replies (bsc#1205544). - kabi fix for: nfs: Further optimisations for 'ls -l' (git-fixes). - kabi fix for: nfsd: Have legacy NFSD WRITE decoders use xdr_stream_subsegment() (git-fixes). - kabi fix for: nfsv4.1 query for fs_location attr on a new file system (Never, kabi). - kasan: no need to unset panic_on_warn in end_report() (bsc#1207328). - kernel-module-subpackage: Fix expansion with -b parameter (bsc#1208179). When -b is specified the script is prefixed with KMP_NEEDS_MKINITRD=1 which sets the variable for a simple command. However, the script is no longer a simple command. Export the variable instead. - keys: asymmetric: Fix ECDSA use via keyctl uapi (git-fixes). - leds: led-class: Add missing put_device() to led_put() (git-fixes). - leds: led-core: Fix refcount leak in of_led_get() (git-fixes). - lib/mpi: Fix buffer overrun when SG is too long (git-fixes). - lib/zlib: remove redundation assignement of avail_in dfltcc_gdht() (git-fixes). - locking/rwsem: Allow slowpath writer to ignore handoff bit if not set by first waiter (bsc#1207270). - locking/rwsem: Always try to wake waiters in out_nolock path (bsc#1207270). - locking/rwsem: Conditionally wake waiters in reader/writer slowpaths (bsc#1207270). - locking/rwsem: Disable preemption in all down_read*() and up_read() code paths (bsc#1207270). - locking/rwsem: Disable preemption in all down_write*() and up_write() code paths (bsc#1207270). - locking/rwsem: Disable preemption while trying for rwsem lock (bsc#1207270). - locking/rwsem: Make handoff bit handling more consistent (bsc#1207270). - locking/rwsem: No need to check for handoff bit if wait queue empty (bsc#1207270). - locking/rwsem: Prevent non-first waiter from spinning in down_write() slowpath (bsc#1207270). - locking: Add missing __sched attributes (bsc#1207270). - makefile: link with -z noexecstack --no-warn-rwx-segments (bsc#1203200). - mbcache: Avoid nesting of cache->c_list_lock under bit locks (bsc#1207647). - mbcache: Fixup kABI of mb_cache_entry (bsc#1207653). - md/bitmap: Fix bitmap chunk size overflow issues (git-fixes). - md/raid1: stop mdx_raid1 thread when raid1 array run failed (git-fixes). - md: fix a crash in mempool_free (git-fixes). - media: coda: Add check for dcoda_iram_alloc (git-fixes). - media: coda: Add check for kmalloc (git-fixes). - media: i2c: imx219: Fix binning for RAW8 capture (git-fixes). - media: i2c: imx219: Split common registers from mode tables (git-fixes). - media: i2c: ov7670: 0 instead of -EINVAL was returned (git-fixes). - media: i2c: ov772x: Fix memleak in ov772x_probe() (git-fixes). - media: imx: imx7-media-csi: fix missing clk_disable_unprepare() in imx7_csi_init() (git-fixes). - media: ipu3-cio2: Fix PM runtime usage_count in driver unbind (git-fixes). - media: m5mols: fix off-by-one loop termination error (git-fixes). - media: max9286: Fix memleak in max9286_v4l2_register() (git-fixes). - media: ov2740: Fix memleak in ov2740_init_controls() (git-fixes). - media: ov5640: Fix analogue gain control (git-fixes). - media: ov5675: Fix memleak in ov5675_init_controls() (git-fixes). - media: platform: ti: Add missing check for devm_regulator_get (git-fixes). - media: rc: Fix use-after-free bugs caused by ene_tx_irqsim() (git-fixes). - media: rc: gpio-ir-recv: add remove function (git-fixes). - media: saa7134: Use video_unregister_device for radio_dev (git-fixes). - media: ti: cal: fix possible memory leak in cal_ctx_create() (git-fixes). - media: usb: siano: Fix use after free bugs caused by do_submit_urb (git-fixes). - media: uvcvideo: Add support for V4L2_CTRL_TYPE_CTRL_CLASS (git-fixes). - media: uvcvideo: Check controls flags before accessing them (git-fixes). - media: uvcvideo: Check for INACTIVE in uvc_ctrl_is_accessible() (git-fixes). - media: uvcvideo: Do not check for V4L2_CTRL_WHICH_DEF_VAL (git-fixes). - media: uvcvideo: Fix memory leak of object map on error exit path (git-fixes). - media: uvcvideo: Fix race condition with usb_kill_urb (git-fixes). - media: uvcvideo: Handle cameras with invalid descriptors (git-fixes). - media: uvcvideo: Handle errors from calls to usb_string (git-fixes). - media: uvcvideo: Quirk for autosuspend in Logitech B910 and C910 (git-fixes). - media: uvcvideo: Remove s_ctrl and g_ctrl (git-fixes). - media: uvcvideo: Silence memcpy() run-time false positive warnings (git-fixes). - media: uvcvideo: Use control names from framework (git-fixes). - media: uvcvideo: refactor __uvc_ctrl_add_mapping (git-fixes). - media: v4l2-jpeg: correct the skip count in jpeg_parse_app14_data (git-fixes). - media: v4l2-jpeg: ignore the unknown APP14 marker (git-fixes). - mei: bus-fixup:upon error print return values of send and receive (git-fixes). - mfd: arizona: Use pm_runtime_resume_and_get() to prevent refcnt leak (git-fixes). - mfd: cs5535: Do not build on UML (git-fixes). - mfd: pcf50633-adc: Fix potential memleak in pcf50633_adc_async_read() (git-fixes). - misc/mei/hdcp: Use correct macros to initialize uuid_le (git-fixes). - misc: enclosure: Fix doc for enclosure_find() (git-fixes). - mm: memcg: fix NULL pointer in mem_cgroup_track_foreign_dirty_slowpath() (bsc#1209262). - mmc: jz4740: Work around bug on JZ4760(B) (git-fixes). - mmc: mmc_spi: fix error handling in mmc_spi_probe() (git-fixes). - mmc: sdhci_am654: lower power-on failed message severity (git-fixes). - mmc: sdio: fix possible resource leaks in some error paths (git-fixes). - move upstreamed i915 and media fixes into sorted section - mt76: mt7915: fix polling firmware-own status (git-fixes). - mtd: dataflash: remove duplicate SPI ID table (git-fixes). - mtd: rawnand: fsl_elbc: Propagate HW ECC settings to HW (git-fixes). - mtd: rawnand: sunxi: Clean up chips after failed init (git-fixes). - mtd: rawnand: sunxi: Fix the size of the last OOB region (git-fixes). - mtd: spi-nor: Fix shift-out-of-bounds in spi_nor_set_erase_type (git-fixes). - mtd: spi-nor: core: fix implicit declaration warning (git-fixes). - mtd: spi-nor: sfdp: Fix index value for SCCR dwords (git-fixes). - mtd: spi-nor: spansion: Consider reserved bits in CFR5 register (git-fixes). - net/rose: Fix to not accept on connected socket (git-fixes). - net/sunrpc: fix reference count leaks in rpc_sysfs_xprt_state_change (git-fixes). - net/usb: kalmia: Do not pass act_len in usb_bulk_msg error path (git-fixes). - net/x25: Fix to not accept on connected socket (git-fixes). - net: USB: Fix wrong-direction WARNING in plusb.c (git-fixes). - net: mana: Assign interrupts to CPUs based on NUMA nodes (bsc#1208153). - net: mana: Fix IRQ name - add PCI and queue number (bsc#1207875). - net: mana: Fix accessing freed irq affinity_hint (bsc#1208153). - net: openvswitch: fix possible memory leak in ovs_meter_cmd_set() (git-fixes). - net: phy: meson-gxl: use MMD access dummy stubs for GXL, internal PHY (git-fixes). - nfc: change order inside nfc_se_io error path (git-fixes). - nfc: fdp: add null check of devm_kmalloc_array in fdp_nci_i2c_read_device_properties (git-fixes). - nfc: fix memory leak of se_io context in nfc_genl_se_io (git-fixes). - nfc: pn533: initialize struct pn533_out_arg properly (git-fixes). - nfc: st-nci: Fix use after free bug in ndlc_remove due to race condition (git-fixes). - nfcv3: handle out-of-order write replies (bsc#1205544). - nfs4: Fix kmemleak when allocate slot failed (git-fixes). - nfs: Always initialise fattr->label in nfs_fattr_alloc() (git-fixes). - nfs: Avoid writeback threads getting stuck in mempool_alloc() (git-fixes). - nfs: Create a new nfs_alloc_fattr_with_label() function (git-fixes). - nfs: Do not allocate nfs_fattr on the stack in __nfs42_ssc_open() (git-fixes). - nfs: Further optimisations for 'ls -l' (git-fixes). - nfs: nfs4clinet: check the return value of kstrdup() (git-fixes). - nfs: nfsiod should not block forever in mempool_alloc() (git-fixes). - nfs: nfsiod should not block forever in mempool_alloc() (git-fixes). - nfsd: COMMIT operations must not return NFS?ERR_INVAL (git-fixes). - nfsd: De-duplicate net_generic(nf->nf_net, nfsd_net_id) (git-fixes). - nfsd: Finish converting the NFSv2 GETACL result encoder (git-fixes). - nfsd: Finish converting the NFSv3 GETACL result encoder (git-fixes). - nfsd: Fix a memory leak in an error handling path (git-fixes). - nfsd: Fix handling of oversized nfsv4 COMPOUND requests (git-fixes). - nfsd: Fix nfsd_breaker_owns_lease() return values (git-fixes). - nfsd: Have legacy NFSD WRITE decoders use xdr_stream_subsegment() (git-fixes). - nfsd: Return nfserr_serverfault if splice_ok but buf->pages have data (git-fixes). - nfsd: do not call nfsd_file_put from client states seqfile display (git-fixes). - nfsd: fix use-after-free on source server when doing inter-server copy (git-fixes). - nfsd: pass range end to vfs_fsync_range() instead of count (git-fixes). - nfsv4 expose nfs_parse_server_name function (git-fixes). - nfsv4 handle port presence in fs_location server string (git-fixes). - nfsv4 only print the label when its queried (git-fixes). - nfsv4 remove zero number of fs_locations entries error check (git-fixes). - nfsv4 store server support for fs_location attribute (git-fixes). - nfsv4.1 query for fs_location attr on a new file system (git-fixes). - nfsv4.1: Fix uninitialised variable in devicenotify (git-fixes). - nfsv4.1: Handle RECLAIM_COMPLETE trunking errors (git-fixes). - nfsv4.1: We must always send RECLAIM_COMPLETE after a reboot (git-fixes). - nfsv4.2: Clear FATTR4_WORD2_SECURITY_LABEL when done decoding (git-fixes). - nfsv4.2: Fix a memory stomp in decode_attr_security_label (git-fixes). - nfsv4.2: Fixup CLONE dest file size for zero-length count (git-fixes). - nfsv4.2: fix reference count leaks in _nfs42_proc_copy_notify() (git-fixes). - nfsv4/pnfs: Always return layout stats on layout return for flexfiles (git-fixes). - nfsv4/pnfs: Fix a use-after-free bug in open (git-fixes). - nfsv4: Add an fattr allocation to _nfs4_discover_trunking() (git-fixes). - nfsv4: Do not hold the layoutget locks across multiple RPC calls (git-fixes). - nfsv4: Fix a potential state reclaim deadlock (git-fixes). - nfsv4: Fix free of uninitialized nfs4_label on referral lookup (git-fixes). - nfsv4: Protect the state recovery thread against direct reclaim (git-fixes). - nfsv4: Retry LOCK on OLD_STATEID during delegation return (git-fixes). - nvdimm: disable namespace on error (bsc#1166486). - nvme-auth: check chap ctrl_key once constructed (bsc#1202633). - nvme-auth: clear sensitive info right after authentication completes (bsc#1202633). - nvme-auth: convert dhchap_auth_list to an array (bsc#1202633). - nvme-auth: do not ignore key generation failures when initializing ctrl keys (bsc#1202633). - nvme-auth: do not keep long lived 4k dhchap buffer (bsc#1202633). - nvme-auth: do not override ctrl keys before validation (bsc#1202633). - nvme-auth: do not re-authenticate if the controller is not LIVE (bsc#1202633). - nvme-auth: do not use NVMe status codes (bsc#1202633). - nvme-auth: fix an error code in nvme_auth_process_dhchap_challenge() (bsc#1202633). - nvme-auth: fix smatch warning complaints (bsc#1202633). - nvme-auth: guarantee dhchap buffers under memory pressure (bsc#1202633). - nvme-auth: have dhchap_auth_work wait for queues auth to complete (bsc#1202633). - nvme-auth: mark nvme_auth_wq static (bsc#1202633). - nvme-auth: no need to reset chap contexts on re-authentication (bsc#1202633). - nvme-auth: remove redundant auth_work flush (bsc#1202633). - nvme-auth: remove redundant buffer deallocations (bsc#1202633). - nvme-auth: remove redundant deallocations (bsc#1202633). - nvme-auth: remove redundant if statement (bsc#1202633). - nvme-auth: remove symbol export from nvme_auth_reset (bsc#1202633). - nvme-auth: rename __nvme_auth_[reset|free] to nvme_auth[reset|free]_dhchap (bsc#1202633). - nvme-auth: rename authentication work elements (bsc#1202633). - nvme-auth: use workqueue dedicated to authentication (bsc#1202633). - nvme-fabrics: show well known discovery name (bsc#1200054). - objtool: Add a missing comma to avoid string concatenation (bsc#1207328). - ocfs2: Fix data corruption after failed write (bsc#1208542). - ocfs2: clear dinode links count in case of error (bsc#1207650). - ocfs2: fix BUG when iput after ocfs2_mknod fails (bsc#1207649). - ocfs2: fix crash when mount with quota enabled (bsc#1207640). - ocfs2: fix memory leak in ocfs2_mount_volume() (bsc#1207652). - ocfs2: fix memory leak in ocfs2_stack_glue_init() (bsc#1207651). - ocfs2: ocfs2_mount_volume does cleanup job before return error (bsc#1207770). - ocfs2: quota_local: fix possible uninitialized-variable access in ocfs2_local_read_info() (bsc#1207768). - ocfs2: rewrite error handling of ocfs2_fill_super (bsc#1207771). - panic: Consolidate open-coded panic_on_warn checks (bsc#1207328). - panic: Introduce warn_limit (bsc#1207328). - panic: unset panic_on_warn inside panic() (bsc#1207328). - pci/iov: Enlarge virtfn sysfs name buffer (git-fixes). - pci/pm: Always disable PTM for all devices during suspend (git-fixes). - pci/pm: Avoid putting Elo i2 PCIe Ports in D3cold (git-fixes). - pci/pm: Fix bridge_d3_blacklist Elo i2 overwrite of Gigabyte X299 (git-fixes). - pci/pm: Observe reset delay irrespective of bridge_d3 (git-fixes). - pci/ptm: Add pci_suspend_ptm() and pci_resume_ptm() (git-fixes). - pci: Add ACS quirk for Wangxun NICs (git-fixes). - pci: Add SolidRun vendor ID (git-fixes). - pci: Align extra resources for hotplug bridges properly (git-fixes). - pci: Avoid FLR for AMD FCH AHCI adapters (git-fixes). - pci: Avoid pci_dev_lock() AB/BA deadlock with sriov_numvfs_store() (git-fixes). - pci: Fix dropping valid root bus resources with .end = zero (git-fixes). - pci: Reduce warnings on possible RW1C corruption (git-fixes). - pci: Take other bus devices into account when distributing resources (git-fixes). - pci: Unify delay handling for reset and resume (git-fixes). - pci: aardvark: Check return value of generic_handle_domain_irq() when processing INTx IRQ (git-fixes). - pci: aardvark: Fix link training (git-fixes). - pci: dwc: Add dw_pcie_ops.host_deinit() callback (git-fixes). - pci: hotplug: Allow marking devices as disconnected during bind/unbind (git-fixes). - pci: mediatek-gen3: Assert resets to ensure expected init state (git-fixes). - pci: mediatek-gen3: Fix refcount leak in mtk_pcie_init_irq_domains() (git-fixes). - pci: qcom: Fix host-init error handling (git-fixes). - pci: qcom: Fix pipe clock imbalance (git-fixes). - pci: switchtec: Return -EFAULT for copy_to_user() errors (git-fixes). - pci: xgene: Revert 'PCI: xgene: Use inbound resources for setup' (git-fixes). - perf/amd/ibs: Use interrupt regs ip for stack unwinding (git fixes). - perf/core: Call LSM hook after copying perf_event_attr (git fixes). - perf/core: Fix data race between perf_event_set_output() and perf_mmap_close() (git fixes). - perf/core: Inherit event_caps (git fixes). - perf/x86/amd: fix potential integer overflow on shift of a int (git fixes). - perf/x86/intel/ds: Fix precise store latency handling (git fixes). - perf/x86/intel/lbr: Use setup_clear_cpu_cap() instead of clear_cpu_cap() (git fixes). - perf/x86/intel/pt: Fix sampling using single range output (git fixes). - perf/x86/intel/pt: Relax address filter validation (git fixes). - perf/x86/intel/uncore: Add Emerald Rapids (git fixes). - perf/x86/intel/uncore: Clear attr_update properly (bsc#1206824, bsc#1206493, bsc#1206492). - perf/x86/intel/uncore: Disable I/O stacks to PMU mapping on ICX-D (bsc#1206824, bsc#1206493, bsc#1206492). - perf/x86/intel/uncore: Enable UPI topology discovery for Icelake Server (bsc#1206824, bsc#1206493, bsc#1206492). - perf/x86/intel/uncore: Enable UPI topology discovery for Sapphire Rapids (bsc#1206824, bsc#1206493, bsc#1206492). - perf/x86/intel/uncore: Enable UPI topology discovery for Skylake Server (bsc#1206824, bsc#1206493, bsc#1206492). - perf/x86/intel/uncore: Fix broken read_counter() for SNB IMC PMU (git fixes). - perf/x86/intel/uncore: Fix reference count leak in __uncore_imc_init_box() (git fixes). - perf/x86/intel/uncore: Fix reference count leak in hswep_has_limit_sbox() (git fixes). - perf/x86/intel/uncore: Fix reference count leak in sad_cfg_iio_topology() (git fixes). - perf/x86/intel/uncore: Fix reference count leak in snr_uncore_mmio_map() (git fixes). - perf/x86/intel/uncore: Generalize IIO topology support (bsc#1206824, bsc#1206493, bsc#1206492). - perf/x86/intel/uncore: Generalize get_topology() for SKX PMUs (bsc#1206824, bsc#1206493, bsc#1206492). - perf/x86/intel/uncore: Get UPI NodeID and GroupID (bsc#1206824, bsc#1206493, bsc#1206492). - perf/x86/intel/uncore: Introduce UPI topology type (bsc#1206824, bsc#1206493, bsc#1206492). - perf/x86/intel/uncore: Make set_mapping() procedure void (bsc#1206824, bsc#1206493, bsc#1206492). - perf/x86/intel/uncore: Update sysfs-devices-mapping file (bsc#1206824, bsc#1206493, bsc#1206492). - perf/x86/intel: Add Cooper Lake stepping to isolation_ucodes (git fixes). - perf/x86/intel: Add Emerald Rapids (git fixes). - perf/x86/intel: Do not extend the pseudo-encoding to GP counters (git fixes). - perf/x86/intel: Fix PEBS data source encoding for ADL (git fixes). - perf/x86/intel: Fix PEBS memory access info encoding for ADL (git fixes). - perf/x86/intel: Fix event constraints for ICL (git fixes). - perf/x86/intel: Fix pebs event constraints for ADL (git fixes). - perf/x86/intel: Fix pebs event constraints for ICL (git fixes). - perf/x86/intel: Fix pebs event constraints for SPR (git fixes). - perf/x86/lbr: Enable the branch type for the Arch LBR by default (git fixes). - perf/x86/msr: Add Emerald Rapids (git fixes). - perf/x86/rapl: Add support for Intel AlderLake-N (git fixes). - perf/x86/rapl: Treat Tigerlake like Icelake (git fixes). - perf/x86/rapl: Use standard Energy Unit for SPR Dram RAPL domain (git fixes). - perf/x86/rapl: fix AMD event handling (git fixes). - perf/x86/uncore: Add Raptor Lake uncore support (git fixes). - perf/x86/uncore: Add a quirk for UPI on SPR (bsc#1206824, bsc#1206493, bsc#1206492). - perf/x86/uncore: Add new Alder Lake and Raptor Lake support (git fixes). - perf/x86/uncore: Add new Raptor Lake S support (git fixes). - perf/x86/uncore: Clean up uncore_pci_ids (git fixes). - perf/x86/uncore: Do not WARN_ON_ONCE() for a broken discovery table (bsc#1206824, bsc#1206493, bsc#1206492). - perf/x86/uncore: Factor out uncore_device_to_die() (bsc#1206824, bsc#1206493, bsc#1206492). - perf/x86/uncore: Fix potential NULL pointer in uncore_get_alias_name (bsc#1206824, bsc#1206493, bsc#1206492). - perf/x86/uncore: Ignore broken units in discovery table (bsc#1206824, bsc#1206493, bsc#1206492). - perf: Always wake the parent event (git fixes). - perf: Fix possible memleak in pmu_dev_alloc() (git fixes). - phy: rockchip-typec: Fix unsigned comparison with less than zero (git-fixes). - phy: rockchip-typec: fix tcphy_get_mode error case (git-fixes). - pinctrl: aspeed: Fix confusing types in return value (git-fixes). - pinctrl: at91: use devm_kasprintf() to avoid potential leaks (git-fixes). - pinctrl: intel: Restore the pins that used to be in Direct IRQ mode (git-fixes). - pinctrl: mediatek: Fix the drive register definition of some Pins (git-fixes). - pinctrl: mediatek: Initialize variable *buf to zero (git-fixes). - pinctrl: mediatek: fix coding style (git-fixes). - pinctrl: qcom: pinctrl-msm8976: Correct function names for wcss pins (git-fixes). - pinctrl: rockchip: Fix refcount leak in rockchip_pinctrl_parse_groups (git-fixes). - pinctrl: single: fix potential NULL dereference (git-fixes). - pinctrl: stm32: Fix refcount leak in stm32_pctrl_get_irq_domain (git-fixes). - platform/x86: ISST: PUNIT device mapping with Sub-NUMA clustering (bsc#1208420). - platform/x86: amd-pmc: Correct usage of SMU version (git-fixes). - platform/x86: amd-pmc: Export Idlemask values based on the APU (git-fixes). - platform/x86: amd-pmc: Fix compilation when CONFIG_DEBUGFS is disabled (git-fixes). - platform/x86: dell-wmi: Add a keymap for KEY_MUTE in type 0x0010 table (git-fixes). - platform/x86: gigabyte-wmi: add support for B450M DS3H WIFI-CF (git-fixes). - platform/x86: touchscreen_dmi: Add Chuwi Vi8 (CWI501) DMI match (git-fixes). - platform: x86: MLX_PLATFORM: select REGMAP instead of depending on it (git-fixes). - powercap: fix possible name leak in powercap_register_zone() (git-fixes). - powerpc/eeh: Set channel state after notifying the drivers (bsc#1208784 ltc#201612). - printf: fix errname.c list (git-fixes). - prlimit: do_prlimit needs to have a speculation check (bsc#1209256). - pwm: stm32-lp: fix the check on arr and cmp registers update (git-fixes). - qede: avoid uninitialized entries in coal_entry array (bsc#1205846). - qede: fix interrupt coalescing configuration (bsc#1205846). - quota: Check next/prev free block number after reading from quota file (bsc#1206640). - quota: Prevent memory allocation recursion while holding dq_lock (bsc#1207639). - rcu: Tighten rcu_advance_cbs_nowake() checks (bsc#1209159). - rdma/cxgb4: Fix potential null-ptr-deref in pass_establish() (git-fixes) - rdma/cxgb4: add null-ptr-check after ip_dev_find() (git-fixes) - rdma/cxgb4: remove unnecessary NULL check in __c4iw_poll_cq_one() (git-fixes) - rdma/irdma: Cap MSIX used to online CPUs + 1 (git-fixes) - rdma/irdma: Fix potential NULL-ptr-dereference (git-fixes) - rdma/rxe: Fix missing memory barriers in rxe_queue.h (git-fixes) - rdma/siw: Fix user page pinning accounting (git-fixes) - rdma/usnic: use iommu_map_atomic() under spin_lock() (git-fixes) - refresh patches.suse/NFSv3-handle-out-of-order-write-replies (bsc#1209457). - regulator: Flag uncontrollable regulators as always_on (git-fixes). - regulator: core: Fix off-on-delay-us for always-on/boot-on regulators (git-fixes). - regulator: core: Use ktime_get_boottime() to determine how long a regulator was off (git-fixes). - regulator: max77802: Bounds check regulator id against opmode (git-fixes). - regulator: s5m8767: Bounds check id indexing into arrays (git-fixes). - remoteproc/mtk_scp: Move clk ops outside send_lock (git-fixes). - remoteproc: qcom_q6v5_mss: Use a carveout to authenticate modem headers (git-fixes). - replace mkinitrd dependency with dracut (bsc#1202353). Also update mkinitrd refrences in documentation and comments. - require suse-kernel-rpm-scriptlets at all times. The kernel packages call scriptlets for each stage, add the dependency to make it clear to libzypp that the scriptlets are required. There is no special dependency for posttrans, these scriptlets run when transactions are resolved. The plain dependency has to be used to support posttrans. - revert 'HID: logitech-hidpp: add a module parameter to keep firmware gestures' (git-fixes). - revert 'char: pcmcia: cm4000_cs: Replace mdelay with usleep_range in set_protocol' (git-fixes). - revert 'crypto: rsa-pkcs1pad - Replace GFP_ATOMIC with GFP_KERNEL in pkcs1pad_encrypt_sign_complete' (git-fixes). - revert 'usb: dwc3: qcom: Keep power domain on to retain controller status' (git-fixes). - rpm/group-source-files.pl: Deal with {pre,post}fixed / in location When the source file location provided with -L is either prefixed or postfixed with forward slash, the script get stuck in a infinite loop inside calc_dirs() where $path is an empty string. user at localhost:/tmp> perl '$HOME/group-source-files.pl' -D devel.files -N nondevel.files -L /usr/src/linux-5.14.21-150500.41/ ... path = /usr/src/linux-5.14.21-150500.41/Documentation/Kconfig path = /usr/src/linux-5.14.21-150500.41/Documentation path = /usr/src/linux-5.14.21-150500.41 path = /usr/src path = /usr path = path = path = ... # Stuck in an infinite loop This workarounds the issue by breaking out the loop once path is an empty string. For a proper fix we'd want something that filesystem-aware, but this workaround should be enough for the rare occation that this script is ran manually. Link: http://mailman.suse.de/mlarch/SuSE/kernel/2023/kernel.2023.03/msg00024.html - rpm/group-source-files.pl: Fix output difference when / is in location While previous attempt to fix group-source-files.pl in 6d651362c38 'rpm/group-source-files.pl: Deal with {pre,post}fixed / in location' breaks the infinite loop, it does not properly address the issue. Having prefixed and/or postfixed forward slash still result in different output. This commit changes the script to use the Perl core module File::Spec for proper path manipulation to give consistent output. - rpm/kernel-obs-build.spec.in: Remove SLE11 cruft - rtc: allow rtc_read_alarm without read_alarm callback (git-fixes). - rtc: pm8xxx: fix set-alarm race (git-fixes). - rtc: sun6i: Always export the internal oscillator (git-fixes). - runrpc allow for unspecified transport time in rpc_clnt_add_xprt (git-fixes). - s390/dasd: Fix potential memleak in dasd_eckd_init() (git-fixes). - s390/kexec: fix ipl report address for kdump (bsc#1207529). - scsi: lpfc: Exit PRLI completion handling early if ndlp not in PRLI_ISSUE state (bsc#1208607). - scsi: lpfc: Fix space indentation in lpfc_xcvr_data_show() (bsc#1208607). - scsi: lpfc: Fix use-after-free KFENCE violation during sysfs firmware write (bsc#1208607). - scsi: lpfc: Introduce new attention types for lpfc_sli4_async_fc_evt() handler (bsc#1208607). - scsi: lpfc: Reinitialize internal VMID data structures after FLOGI completion (bsc#1208607). - scsi: lpfc: Remove duplicate ndlp kref decrement in lpfc_cleanup_rpis() (bsc#1208607 bsc#1208534). - scsi: lpfc: Remove redundant clean up code in disable_vport() (bsc#1208607). - scsi: lpfc: Replace outdated strncpy() with strscpy() (bsc#1208607). - scsi: lpfc: Resolve miscellaneous variable set but not used compiler warnings (bsc#1208607). - scsi: lpfc: Set max DMA segment size to HBA supported SGE length (bsc#1208607). - scsi: lpfc: Update lpfc version to 14.2.0.10 (bsc#1208607). - scsi: qla2xxx: Add option to disable FC2 Target support (bsc#1198438 bsc#1206103). - scsi: qla2xxx: Check if port is online before sending ELS (bsc#1208570). - scsi: qla2xxx: Fix DMA-API call trace on NVMe LS requests (bsc#1208570). - scsi: qla2xxx: Fix IOCB resource check warning (bsc#1208570). - scsi: qla2xxx: Fix erroneous link down (bsc#1208570). - scsi: qla2xxx: Fix exchange oversubscription (bsc#1208570). - scsi: qla2xxx: Fix exchange oversubscription for management commands (bsc#1208570). - scsi: qla2xxx: Fix link failure in NPIV environment (bsc#1208570). - scsi: qla2xxx: Fix printk() format string (bsc#1208570). - scsi: qla2xxx: Fix stalled login (bsc#1208570). - scsi: qla2xxx: Make qla_trim_buf() and __qla_adjust_buf() static (bsc#1208570). - scsi: qla2xxx: Relocate/rename vp map (bsc#1208570). - scsi: qla2xxx: Remove dead code (GNN ID) (bsc#1208570). - scsi: qla2xxx: Remove dead code (GPNID) (bsc#1208570). - scsi: qla2xxx: Remove dead code (bsc#1208570). - scsi: qla2xxx: Remove increment of interface err cnt (bsc#1208570). - scsi: qla2xxx: Remove the unused variable wwn (bsc#1208570). - scsi: qla2xxx: Remove unintended flag clearing (bsc#1208570). - scsi: qla2xxx: Select qpair depending on which CPU post_cmd() gets called (bsc#1208570). - scsi: qla2xxx: Simplify if condition evaluation (bsc#1208570). - scsi: qla2xxx: Update version to 10.02.08.100-k (bsc#1208570). - scsi: qla2xxx: Update version to 10.02.08.200-k (bsc#1208570). - scsi: qla2xxx: Use a variable for repeated mem_size computation (bsc#1208570). - scsi: qla2xxx: edif: Fix clang warning (bsc#1208570). - scsi: qla2xxx: edif: Fix performance dip due to lock contention (bsc#1208570). - scsi: qla2xxx: edif: Fix stall session after app start (bsc#1208570). - scsi: qla2xxx: edif: Reduce memory usage during low I/O (bsc#1208570). - scsi: storvsc: Handle BlockSize change in Hyper-V VHD/VHDX file (git-fixes). - sefltests: netdevsim: wait for devlink instance after netns removal (git-fixes). - selftest/lkdtm: Skip stack-entropy test if lkdtm is not available (git-fixes). - selftests/ftrace: Add check for ping command for trigger tests (bsc#1204993 ltc#200103). - selftests/ftrace: Convert tracer tests to use 'requires' to specify program dependency (bsc#1204993 ltc#200103). - selftests/powerpc: Account for offline cpus in perf-hwbreak test (bsc#1206232). - selftests/powerpc: Bump up rlimit for perf-hwbreak test (bsc#1206232). - selftests/powerpc: Move perror closer to its use (bsc#1206232). - selftests: forwarding: lib: quote the sysctl values (git-fixes). - selftests: net: udpgso_bench: Fix racing bug between the rx/tx programs (git-fixes). - selftests: net: udpgso_bench_rx/tx: Stop when wrong CLI args are provided (git-fixes). - selftests: net: udpgso_bench_rx: Fix 'used uninitialized' compiler warning (git-fixes). - selftests: net: udpgso_bench_tx: Cater for pending datagrams zerocopy benchmarking (git-fixes). - serial: 8250_em: Fix UART port type (git-fixes). - serial: 8250_fsl: fix handle_irq locking (git-fixes). - serial: fsl_lpuart: fix RS485 RTS polariy inverse issue (git-fixes). - serial: qcom-geni: fix console shutdown hang (git-fixes). - serial: sc16is7xx: setup GPIO controller later in probe (git-fixes). - serial: tegra: Add missing clk_disable_unprepare() in tegra_uart_hw_init() (git-fixes). - signal/seccomp: Refactor seccomp signal and coredump generation (git-fixes). - signal/vm86_32: Properly send SIGSEGV when the vm86 state cannot be saved (git-fixes). - signal/x86: In emulate_vsyscall force a signal instead of calling do_exit (git-fixes). - signal: Implement force_fatal_sig (git-fixes). - smb3: Replace smb2pdu 1-element arrays with flex-arrays (bsc#1193629). - soundwire: cadence: Do not overflow the command FIFOs (git-fixes). - spi: bcm63xx-hsspi: Endianness fix for ARM based SoC (git-fixes). - spi: dw: Fix wrong FIFO level setting for long xfers (git-fixes). - spi: dw_bt1: fix MUX_MMIO dependencies (git-fixes). - spi: synquacer: Fix timeout handling in synquacer_spi_transfer_one() (git-fixes). - spi: tegra210-quad: Fix validate combined sequence (git-fixes). - staging: emxx_udc: Add checks for dma_alloc_coherent() (git-fixes). - staging: mt7621-dts: change palmbus address to lower case (git-fixes). - struct uvc_device move flush_status new member to end (git-fixes). - sunrpc: Do not leak netobj memory when gss_read_proxy_verf() fails (git-fixes). - sunrpc: Fix null-ptr-deref when xps sysfs alloc failed (git-fixes). - sunrpc: Fix potential race conditions in rpc_sysfs_xprt_state_change() (git-fixes). - sunrpc: Fix socket waits for write buffer space (git-fixes). - sunrpc: Return true/false (not 1/0) from bool functions (git-fixes). - supported.conf: Remove duplicate entry. - sysctl: add a new register_sysctl_init() interface (bsc#1207328). - thermal/drivers/hisi: Drop second sensor hi3660 (git-fixes). - thermal/drivers/tsens: Add compat string for the qcom,msm8960 (git-fixes). - thermal/drivers/tsens: Drop msm8976-specific defines (git-fixes). - thermal/drivers/tsens: Sort out msm8976 vs msm8956 data (git-fixes). - thermal/drivers/tsens: fix slope values for msm8939 (git-fixes). - thermal/drivers/tsens: limit num_sensors to 9 for msm8939 (git-fixes). - thermal: intel: BXT_PMIC: select REGMAP instead of depending on it (git-fixes). - thermal: intel: Fix unsigned comparison with less than zero (git-fixes). - thermal: intel: intel_pch: Add support for Wellsburg PCH (git-fixes). - thermal: intel: powerclamp: Fix cur_state for multi package system (git-fixes). - thermal: intel: quark_dts: fix error pointer dereference (git-fixes). - tools/iio/iio_utils:fix memory leak (git-fixes). - tpm/eventlog: Do not abort tpm_read_log on faulty ACPI address (git-fixes). - trace_events_hist: add check for return value of 'create_hist_field' (git-fixes). - tracing: Fix poll() and select() do not work on per_cpu trace_pipe and trace_pipe_raw (git-fixes). - tracing: Make sure trace_printk() can output as soon as it can be used (git-fixes). - tty: fix out-of-bounds access in tty_driver_lookup_tty() (git-fixes). - tty: serial: fsl_lpuart: Fix the wrong RXWATER setting for rx dma case (git-fixes). - tty: serial: fsl_lpuart: clear LPUART Status Register in lpuart32_shutdown() (git-fixes). - tty: serial: fsl_lpuart: disable Rx/Tx DMA in lpuart32_shutdown() (git-fixes). - tty: serial: fsl_lpuart: disable the CTS when send break signal (git-fixes). - tty: serial: imx: Handle RS485 DE signal active high (git-fixes). - tty: serial: imx: disable Ageing Timer interrupt request irq (git-fixes). - tty: serial: qcom-geni-serial: stop operations in progress at shutdown (git-fixes). - ubsan: no need to unset panic_on_warn in ubsan_epilogue() (bsc#1207328). - update internal module version number for cifs.ko (bsc#1193629). - update suse/hid-bigben_probe-validate-report-count (bsc#1208605). - usb: core: Do not hold device lock while reading the 'descriptors' sysfs file (git-fixes). - usb: core: add quirk for Alcor Link AK9563 smartcard reader (git-fixes). - usb: dwc3: core: Host wake up support from system suspend (git-fixes). - usb: dwc3: pci: add support for the Intel Meteor Lake-M (git-fixes). - usb: dwc3: qcom: Configure wakeup interrupts during suspend (git-fixes). - usb: dwc3: qcom: Fix memory leak in dwc3_qcom_interconnect_init (git-fixes). - usb: dwc3: qcom: Keep power domain on to retain controller status (git-fixes). - usb: dwc3: qcom: clean up icc init (git-fixes). - usb: dwc3: qcom: clean up suspend callbacks (git-fixes). - usb: dwc3: qcom: fix gadget-only builds (git-fixes). - usb: dwc3: qcom: fix peripheral and OTG suspend (git-fixes). - usb: dwc3: qcom: fix wakeup implementation (git-fixes). - usb: dwc3: qcom: only parse 'maximum-speed' once (git-fixes). - usb: dwc3: qcom: suppress unused-variable warning (git-fixes). - usb: early: xhci-dbc: Fix a potential out-of-bound memory access (git-fixes). - usb: ene_usb6250: Allocate enough memory for full object (git-fixes). - usb: gadget: configfs: Restrict symlink creation is UDC already binded (git-fixes). - usb: gadget: configfs: remove using list iterator after loop body as a ptr (git-fixes). - usb: gadget: configfs: use to_config_usb_cfg() in os_desc_link() (git-fixes). - usb: gadget: configfs: use to_usb_function_instance() in cfg (un)link func (git-fixes). - usb: gadget: fusb300_udc: free irq on the error path in fusb300_probe() (git-fixes). - usb: gadget: u_serial: Add null pointer check in gserial_resume (git-fixes). - usb: host: xhci: mvebu: Iterate over array indexes instead of using pointer math (git-fixes). - usb: max-3421: Fix setting of I/O pins (git-fixes). - usb: musb: Add and use inline function musb_otg_state_string (git-fixes). - usb: musb: Add and use inline functions musb_{get,set}_state (git-fixes). - usb: musb: mediatek: do not unregister something that wasn't registered (git-fixes). - usb: musb: remove schedule work called after flush (git-fixes). - usb: serial: option: add support for VW/Skoda 'Carstick LTE' (git-fixes). - usb: typec: altmodes/displayport: Fix probe pin assign check (git-fixes). - usb: typec: intel_pmc_mux: Do not leak the ACPI device reference count (git-fixes). - usb: typec: intel_pmc_mux: Use the helper acpi_dev_get_memory_resources() (git-fixes). - usb: uvc: Enumerate valid values for color matching (git-fixes). - vc_screen: do not clobber return value in vcs_read (git-fixes). - vc_screen: modify vcs_size() handling in vcs_read() (git-fixes). - vdpa_sim: not reset state in vdpasim_queue_ready (git-fixes). - vfio/type1: prevent underflow of locked_vm via exec() (git-fixes). - vfio/type1: restore locked_vm (git-fixes). - vfio/type1: track locked_vm per dma (git-fixes). - vfs: Check the truncate maximum size in inode_newsize_ok() (bsc#1207642). - vfs: filename_create(): fix incorrect intent (bsc#1197534). - virt/sev-guest: Add a MODULE_ALIAS (bsc#1208449). - virt/sev-guest: Prevent IV reuse in the SNP guest driver (bsc#1208449). - virt/sev-guest: Remove unnecessary free in init_crypto() (bsc#1208449). - virt: sev-guest: Pass the appropriate argument type to iounmap() (bsc#1208449). - virt: sevguest: Change driver name to reflect generic SEV support (bsc#1208449). - virt: sevguest: Rename the sevguest dir and files to sev-guest (bsc#1208449). - vmci: check context->notify_page after call to get_user_pages_fast() to avoid GPF (git-fixes). - vmxnet3: move rss code block under eop descriptor (bsc#1208212). - watch_queue: fix IOC_WATCH_QUEUE_SET_SIZE alloc error paths (bsc#1197617). - watchdog/hpwdt: Enable HP_WATCHDOG for ARM64 systems. (jsc#PED-3210) Also enable module in aarch64 default configuration. - watchdog: Fix kmemleak in watchdog_cdev_register (git-fixes). - watchdog: at91sam9_wdt: use devm_request_irq to avoid missing free_irq() in error path (git-fixes). - watchdog: pcwd_usb: Fix attempting to access uninitialized memory (git-fixes). - watchdog: sbsa_wdog: Make sure the timeout programming is within the limits (git-fixes). - wifi: ath11k: Fix memory leak in ath11k_peer_rx_frag_setup (git-fixes). - wifi: ath11k: allow system suspend to survive ath11k (git-fixes). - wifi: ath9k: Fix potential stack-out-of-bounds write in ath9k_wmi_rsp_callback() (git-fixes). - wifi: ath9k: Fix use-after-free in ath9k_hif_usb_disconnect() (git-fixes). - wifi: ath9k: hif_usb: clean up skbs if ath9k_hif_usb_rx_stream() fails (git-fixes). - wifi: ath9k: htc_hst: free skb in ath9k_htc_rx_msg() if there is no callback function (git-fixes). - wifi: ath9k: use proper statements in conditionals (git-fixes). - wifi: brcmfmac: Fix potential stack-out-of-bounds in brcmf_c_preinit_dcmds() (git-fixes). - wifi: brcmfmac: ensure CLM version is null-terminated to prevent stack-out-of-bounds (git-fixes). - wifi: brcmfmac: fix potential memory leak in brcmf_netdev_start_xmit() (git-fixes). - wifi: brcmfmac: unmap dma buffer in brcmf_msgbuf_alloc_pktid() (git-fixes). - wifi: cfg80211: Fix extended KCK key length check in nl80211_set_rekey_data() (git-fixes). - wifi: cfg80211: Fix use after free for wext (git-fixes). - wifi: cfg80211: Partial revert 'wifi: cfg80211: Fix use after free for wext' (git-fixes). - wifi: ipw2200: fix memory leak in ipw_wdev_init() (git-fixes). - wifi: ipw2x00: do not call dev_kfree_skb() under spin_lock_irqsave() (git-fixes). - wifi: iwl3945: Add missing check for create_singlethread_workqueue (git-fixes). - wifi: iwl4965: Add missing check for create_singlethread_workqueue() (git-fixes). - wifi: iwlegacy: common: do not call dev_kfree_skb() under spin_lock_irqsave() (git-fixes). - wifi: libertas: cmdresp: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). - wifi: libertas: fix memory leak in lbs_init_adapter() (git-fixes). - wifi: libertas: if_usb: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). - wifi: libertas: main: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). - wifi: libertas_tf: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). - wifi: mac80211: make rate u32 in sta_set_rate_info_rx() (git-fixes). - wifi: mt7601u: fix an integer underflow (git-fixes). - wifi: mt76: dma: free rx_head in mt76_dma_rx_cleanup (git-fixes). - wifi: mwifiex: Add missing compatible string for SD8787 (git-fixes). - wifi: mwifiex: fix loop iterator in mwifiex_update_ampdu_txwinsize() (git-fixes). - wifi: orinoco: check return value of hermes_write_wordrec() (git-fixes). - wifi: rsi: Fix memory leak in rsi_coex_attach() (git-fixes). - wifi: rtl8xxxu: Fix memory leaks with RTL8723BU, RTL8192EU (git-fixes). - wifi: rtl8xxxu: Use a longer retry limit of 48 (git-fixes). - wifi: rtl8xxxu: do not call dev_kfree_skb() under spin_lock_irqsave() (git-fixes). - wifi: rtl8xxxu: fixing transmisison failure for rtl8192eu (git-fixes). - wifi: rtlwifi: Fix global-out-of-bounds bug in _rtl8812ae_phy_set_txpower_limit() (git-fixes). - wifi: rtlwifi: rtl8188ee: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). - wifi: rtlwifi: rtl8723be: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). - wifi: rtlwifi: rtl8821ae: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). - wifi: rtw89: Add missing check for alloc_workqueue (git-fixes). - wifi: wilc1000: fix potential memory leak in wilc_mac_xmit() (git-fixes). - wifi: wl3501_cs: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). - writeback: avoid use-after-free after removing device (bsc#1207638). - x86/64/mm: Map all kernel memory into trampoline_pgd (git-fixes). - x86/MCE/AMD: Clear DFR errors found in THR handler (git-fixes). - x86/amd_nb: Add AMD PCI IDs for SMN communication (bsc#1208848). - x86/asm: Fix an assembler warning with current binutils (git-fixes). - x86/boot: Avoid using Intel mnemonics in AT&T syntax asm (git-fixes). - x86/cpu: Add CPU model numbers for Meteor Lake (git fixes). - x86/cpu: Add Raptor Lake to Intel family (git fixes). - x86/cpu: Add new Alderlake and Raptorlake CPU model numbers (git fixes). - x86/cpu: Add new Raptor Lake CPU model number (git fixes). - x86/cpu: Add several Intel server CPU model numbers (git fixes). - x86/cpu: Drop spurious underscore from RAPTOR_LAKE #define (git fixes). - x86/hyperv: Introduce HV_MAX_SPARSE_VCPU_BANKS/HV_VCPUS_PER_SPARSE_BANK constants (git-fixes). - x86/kprobes: Fix kprobes instruction boudary check with CONFIG_RETHUNK (git-fixes). - x86/kprobes: Fix optprobe optimization check with CONFIG_RETHUNK (git-fixes). - x86/kvm: Remove unused virt to phys translation in kvm_guest_cpu_init() (git-fixes). - x86/microcode/intel: Do not retry microcode reloading on the APs (git-fixes). - x86/perf/zhaoxin: Add stepping check for ZXC (git fixes). - x86/perf: Avoid warning for Arch LBR without XSAVE (git fixes). - x86/perf: Default set FREEZE_ON_SMI for all (git fixes). - x86/sgx: Fix free page accounting (git-fixes). - x86/xen: Fix memory leak in xen_init_lock_cpu() (git-fixes). - x86/xen: Fix memory leak in xen_smp_intr_init{_pv}() (git-fixes). - x86: acpi: cstate: Optimize C3 entry on AMD CPUs (git-fixes). - x86: link vdso and boot with -z noexecstack --no-warn-rwx-segments (bsc#1203200). - xen-netfront: Fix NULL sring after live migration (git-fixes). - xen-pciback: Allow setting PCI_MSIX_FLAGS_MASKALL too (git-fixes). - xen/arm: Fix race in RB-tree based P2M accounting (git-fixes) - xen/netback: do some code cleanup (git-fixes). - xen/netback: fix build warning (git-fixes). - xen/netfront: destroy queues before real_num_tx_queues is zeroed (git-fixes). - xen/platform-pci: add missing free_irq() in error path (git-fixes). - xen/privcmd: Fix a possible warning in privcmd_ioctl_mmap_resource() (git-fixes). - xfs: estimate post-merge refcounts correctly (bsc#1208183). - xfs: hoist refcount record merge predicates (bsc#1208183). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1717-1 Released: Fri Mar 31 15:18:35 2023 Summary: Security update for grub2 Type: security Severity: moderate References: 1209188 This update of grub2 fixes the following issues: - rebuild the package with the new secure boot key (bsc#1209188). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1718-1 Released: Fri Mar 31 15:47:34 2023 Summary: Security update for glibc Type: security Severity: moderate References: 1207571,1207957,1207975,1208358,CVE-2023-0687 This update for glibc fixes the following issues: Security issue fixed: - CVE-2023-0687: Fix allocated buffer overflow in gmon (bsc#1207975) Other issues fixed: - Fix avx2 strncmp offset compare condition check (bsc#1208358) - elf: Allow dlopen of filter object to work (bsc#1207571) - powerpc: Fix unrecognized instruction errors with recent GCC - x86: Cache computation for AMD architecture (bsc#1207957) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1745-1 Released: Tue Apr 4 09:05:23 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1209624,CVE-2023-0464 This update for openssl-1_1 fixes the following issues: - CVE-2023-0464: Fixed excessive Resource Usage Verifying X.509 Policy Constraints (bsc#1209624). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1753-1 Released: Tue Apr 4 11:55:00 2023 Summary: Recommended update for systemd-presets-common-SUSE Type: recommended Severity: moderate References: This update for systemd-presets-common-SUSE fixes the following issue: - Enable systemd-pstore.service by default (jsc#PED-2663) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1779-1 Released: Thu Apr 6 08:16:58 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1208432 This update for systemd fixes the following issues: - Fix return non-zero value when disabling SysVinit service (bsc#1208432) - Drop build requirement on libpci, it's not no longer needed - Move systemd-boot and all components managing (secure) UEFI boot into udev sub-package, so they aren't installed in systemd based containers The following package changes have been done: - bind-utils-9.16.38-150400.5.20.2 updated - containerd-ctr-1.6.16-150000.82.2 updated - containerd-1.6.16-150000.82.2 updated - cpupower-5.14-150400.3.3.1 updated - curl-7.79.1-150400.5.18.1 updated - docker-20.10.23_ce-150000.175.1 updated - glibc-locale-base-2.31-150300.46.1 updated - glibc-locale-2.31-150300.46.1 updated - glibc-2.31-150300.46.1 updated - grub2-i386-pc-2.06-150400.11.25.1 updated - grub2-x86_64-efi-2.06-150400.11.25.1 updated - grub2-2.06-150400.11.25.1 updated - kernel-default-5.14.21-150400.24.55.3 updated - kexec-tools-2.0.20-150400.16.3.1 updated - libcpupower0-5.14-150400.3.3.1 updated - libcurl4-7.79.1-150400.5.18.1 updated - libgcc_s1-12.2.1+git416-150000.1.7.1 updated - libgcrypt20-1.9.4-150400.6.8.1 updated - libgnutls30-3.7.3-150400.4.35.1 updated - libldb2-2.4.4-150400.4.11.1 updated - libopenssl1_1-1.1.1l-150400.7.31.2 updated - libpython3_6m1_0-3.6.15-150300.10.45.1 updated - libsolv-tools-0.7.23-150400.3.3.1 updated - libstdc++6-12.2.1+git416-150000.1.7.1 updated - libsystemd0-249.16-150400.8.25.7 updated - libudev1-249.16-150400.8.25.7 updated - libzstd1-1.5.0-150400.3.3.1 updated - libzypp-17.31.8-150400.3.14.1 updated - mokutil-0.5.0-150400.3.3.1 added - nfs-client-2.1.1-150100.10.32.1 updated - openssl-1_1-1.1.1l-150400.7.31.2 updated - python3-PyJWT-2.4.0-150200.3.6.2 updated - python3-base-3.6.15-150300.10.45.1 updated - python3-bind-9.16.38-150400.5.20.2 updated - python3-cryptography-3.3.2-150400.16.6.1 updated - python3-3.6.15-150300.10.45.1 updated - rpm-ndb-4.14.3-150300.55.1 updated - samba-client-libs-4.15.13+git.636.53d93c5b9d6-150400.3.23.1 updated - samba-libs-4.15.13+git.636.53d93c5b9d6-150400.3.23.1 updated - shim-15.7-150300.4.11.1 updated - sudo-1.9.9-150400.4.26.1 updated - suse-build-key-12.0-150000.8.31.1 updated - suse-module-tools-15.4.16-150400.3.8.1 updated - systemd-presets-common-SUSE-15-150100.8.20.1 updated - systemd-sysvinit-249.16-150400.8.25.7 updated - systemd-249.16-150400.8.25.7 updated - udev-249.16-150400.8.25.7 updated - vim-data-common-9.0.1386-150000.5.37.1 updated - vim-9.0.1386-150000.5.37.1 updated - xen-libs-4.16.3_06-150400.4.25.1 updated - zstd-1.5.0-150400.3.3.1 updated - zypper-1.14.59-150400.3.12.2 updated - dracut-mkinitrd-deprecated-055+suse.331.g05b9ccb7-150400.3.16.1 removed - python3-ecdsa-0.13.3-3.7.1 removed From sle-updates at lists.suse.com Tue Apr 11 12:02:05 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 11 Apr 2023 14:02:05 +0200 (CEST) Subject: SUSE-IU-2023:220-1: Security update of suse-sles-15-sp4-chost-byos-v20230410-hvm-ssd-x86_64 Message-ID: <20230411120205.0F755F370@maintenance.suse.de> SUSE Image Update Advisory: suse-sles-15-sp4-chost-byos-v20230410-hvm-ssd-x86_64 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2023:220-1 Image Tags : suse-sles-15-sp4-chost-byos-v20230410-hvm-ssd-x86_64:20230410 Image Release : Severity : critical Type : security References : 1166486 1176785 1177529 1178233 1185232 1185261 1185441 1185621 1187071 1187260 1193282 1193629 1197534 1197617 1198438 1198458 1198458 1199282 1199756 1200710 1201066 1201490 1202120 1202353 1202633 1202890 1203200 1203201 1203248 1203249 1203331 1203332 1203355 1203410 1203715 1203746 1204363 1204548 1204956 1204993 1205200 1205375 1205544 1205554 1205570 1205588 1205636 1205846 1206065 1206103 1206224 1206232 1206235 1206459 1206483 1206492 1206493 1206640 1206772 1206781 1206824 1206876 1206877 1206878 1206880 1206881 1206882 1206883 1206884 1206885 1206886 1206889 1206894 1206935 1206949 1207022 1207051 1207270 1207294 1207328 1207416 1207529 1207560 1207571 1207588 1207589 1207590 1207591 1207592 1207593 1207594 1207603 1207605 1207606 1207607 1207608 1207609 1207610 1207613 1207615 1207617 1207618 1207619 1207620 1207621 1207623 1207624 1207625 1207626 1207628 1207630 1207631 1207632 1207634 1207635 1207636 1207638 1207639 1207641 1207642 1207643 1207644 1207645 1207646 1207647 1207648 1207651 1207653 1207723 1207770 1207773 1207780 1207843 1207845 1207853 1207875 1207957 1207975 1207996 1208036 1208149 1208153 1208179 1208183 1208212 1208290 1208358 1208420 1208428 1208429 1208432 1208449 1208471 1208534 1208541 1208570 1208595 1208598 1208599 1208601 1208603 1208605 1208607 1208628 1208700 1208741 1208759 1208776 1208777 1208784 1208787 1208816 1208828 1208837 1208843 1208848 1208924 1208925 1208926 1208957 1208959 1208998 1209001 1209008 1209017 1209018 1209019 1209159 1209188 1209188 1209188 1209209 1209210 1209211 1209212 1209214 1209256 1209258 1209262 1209291 1209361 1209362 1209436 1209457 1209481 1209483 1209485 1209504 1209533 1209624 CVE-2022-23471 CVE-2022-28737 CVE-2022-29217 CVE-2022-32746 CVE-2022-3523 CVE-2022-36109 CVE-2022-36280 CVE-2022-38096 CVE-2022-42331 CVE-2022-42332 CVE-2022-42333 CVE-2022-42334 CVE-2022-4899 CVE-2023-0045 CVE-2023-0225 CVE-2023-0461 CVE-2023-0464 CVE-2023-0512 CVE-2023-0597 CVE-2023-0614 CVE-2023-0687 CVE-2023-0922 CVE-2023-1075 CVE-2023-1076 CVE-2023-1078 CVE-2023-1095 CVE-2023-1118 CVE-2023-1127 CVE-2023-1170 CVE-2023-1175 CVE-2023-22995 CVE-2023-22998 CVE-2023-23000 CVE-2023-23004 CVE-2023-23559 CVE-2023-23931 CVE-2023-24329 CVE-2023-25012 CVE-2023-26545 CVE-2023-27320 CVE-2023-27533 CVE-2023-27534 CVE-2023-27535 CVE-2023-27536 CVE-2023-27538 CVE-2023-28328 CVE-2023-28486 CVE-2023-28487 ----------------------------------------------------------------- The container suse-sles-15-sp4-chost-byos-v20230410-hvm-ssd-x86_64 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2633-1 Released: Wed Aug 3 10:33:50 2022 Summary: Security update for mokutil Type: security Severity: moderate References: 1198458 This update for mokutil fixes the following issues: - Adds SBAT revocation support to mokutil. (bsc#1198458) New options added (see manpage): - mokutil --set-sbat-policy (latest | previous | delete) to set the SBAT acceptance policy. - mokutil --list-sbat-revocations To list the current SBAT revocations. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:713-1 Released: Mon Mar 13 10:25:04 2023 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: This update for suse-build-key fixes the following issues: This update provides multiple new 4096 RSA keys for SUSE Linux Enterprise 15, SUSE Manager 4.2/4.3, Storage 7.1, SUSE Registry) that we will switch to mid of 2023. (jsc#PED-2777) - gpg-pubkey-3fa1d6ce-63c9481c.asc: new 4096 RSA signing key for SUSE Linux Enterprise (RPM and repositories). - gpg-pubkey-d588dc46-63c939db.asc: new 4096 RSA reserve key for SUSE Linux Enterprise (RPM and repositories). - suse_ptf_key_4096.asc: new 4096 RSA signing key for PTF packages. - build-container-8fd6c337-63c94b45.asc/build-container-8fd6c337-63c94b45.pem: New RSA 4096 key for the SUSE registry registry.suse.com, installed as suse-container-key-2023.pem and suse-container-key-2023.asc - suse_ptf_containerkey_2023.asc suse_ptf_containerkey_2023.pem: New PTF container signing key for registry.suse.com/ptf/ space. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:714-1 Released: Mon Mar 13 10:53:25 2023 Summary: Recommended update for rpm Type: recommended Severity: important References: 1207294 This update for rpm fixes the following issues: - Fix missing python(abi) for 3.XX versions (bsc#1207294) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:722-1 Released: Tue Mar 14 14:57:15 2023 Summary: Security update for python-cryptography Type: security Severity: moderate References: 1208036,CVE-2023-23931 This update for python-cryptography fixes the following issues: - CVE-2023-23931: Fixed memory corruption due to invalidly changed immutable object (bsc#1208036). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:743-1 Released: Wed Mar 15 11:18:23 2023 Summary: Recommended update for gnutls Type: recommended Severity: moderate References: 1209001 This update for gnutls fixes the following issues: FIPS: Establish PBKDF2 additional requirements [bsc#1209001] * Set the minimum output key length to 112 bits (FIPS 140-3 IG D.N) * Set the minimum salt length to 128 bits (SP 800-132 sec. 5.1) * Set the minimum iterations count to 1000 (SP 800-132 sec 5.2) * Set the minimum passlen of 20 characters (SP SP800-132 sec 5) * Add regression tests for the new PBKDF2 requirements. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:776-1 Released: Thu Mar 16 17:29:23 2023 Summary: Recommended update for gcc12 Type: recommended Severity: moderate References: This update for gcc12 fixes the following issues: This update ships gcc12 also to the SUSE Linux Enterprise 15 SP1 LTSS and 15 SP2 LTSS products. SUSE Linux Enterprise 15 SP3 and SP4 get only refreshed builds without changes This update ship the GCC 12 compiler suite and its base libraries. The compiler baselibraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 11 ones. The new compilers for C, C++, and Fortran are provided in the SUSE Linux Enterprise Module for Development Tools. To use gcc12 compilers use: - install 'gcc12' or 'gcc12-c++' or one of the other 'gcc12-COMPILER' frontend packages. - override your makefile to use CC=gcc12, CXX=g++12 and similar overrides for the other languages. For a full changelog with all new GCC12 features, check out https://gcc.gnu.org/gcc-12/changes.html ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:781-1 Released: Thu Mar 16 19:07:00 2023 Summary: Security update for vim Type: security Severity: important References: 1207780,1208828,1208957,1208959,CVE-2023-0512,CVE-2023-1127,CVE-2023-1170,CVE-2023-1175 This update for vim fixes the following issues: - CVE-2023-0512: Fixed a divide By Zero (bsc#1207780). - CVE-2023-1175: vim: an incorrect calculation of buffer size (bsc#1208957). - CVE-2023-1170: Fixed a heap-based Buffer Overflow (bsc#1208959). - CVE-2023-1127: Fixed divide by zero in scrolldown() (bsc#1208828). Updated to version 9.0 with patch level 1386. - https://github.com/vim/vim/compare/v9.0.1234...v9.0.1386 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:782-1 Released: Thu Mar 16 19:08:34 2023 Summary: Recommended update for libgcrypt Type: recommended Severity: moderate References: 1208924,1208925,1208926 This update for libgcrypt fixes the following issues: - FIPS: ECC: Transition to error-state if PCT fail [bsc#1208925] - FIPS: ECDSA: Avoid no-keytest in ECDSA keygen [bsc#1208924] - FIPS: PBKDF2: Added additional checks for the minimum key length, salt length, iteration count and passphrase length to the kdf FIPS indicator in _gcry_fips_indicator_kdf() [bsc#1208926] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:783-1 Released: Thu Mar 16 19:09:03 2023 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1208998 This update for openssl-1_1 fixes the following issues: FIPS: Service-level indicator changes [bsc#1208998] * Add additional checks required by FIPS 140-3. Minimum values for PBKDF2 are: 112 bits for key, 128 bits for salt, 1000 for iteration count and 20 characters for password. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:785-1 Released: Thu Mar 16 19:34:43 2023 Summary: Recommended update for grub2 Type: recommended Severity: moderate References: 1205200,1205554 This update for grub2 fixes the following issues: - Remove zfs modules (bsc#1205554) - Make grub.cfg invariant to efi and legacy platforms (bsc#1205200) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:788-1 Released: Thu Mar 16 19:37:59 2023 Summary: Recommended update for libsolv, libzypp, zypper Type: recommended Severity: important References: 1178233,1203248,1203249,1203715,1204548,1204956,1205570,1205636,1206949 This update for libsolv, libzypp, zypper fixes the following issues: libsolv: - Do not autouninstall SUSE PTF packages - Ensure 'duplinvolvedmap_all' is reset when a solver is reused - Fix 'keep installed' jobs not disabling 'best update' rules - New '-P' and '-W' options for `testsolv` - New introspection interface for weak dependencies similar to ruleinfos - Ensure special case file dependencies are written correctly in the testcase writer - Support better info about alternatives - Support decision reason queries - Support merging of related decisions - Support stringification of multiple solvables - Support stringification of ruleinfo, decisioninfo and decision reasons libzypp: - Avoid calling getsockopt when we know the info already. This patch should fix logging on WSL, getsockopt seems to not be fully supported but the code required it when accepting new socket connections (bsc#1178233) - Avoid redirecting 'history.logfile=/dev/null' into the target - Create '.no_auto_prune' in the package cache dir to prevent auto cleanup of orphaned repositories (bsc#1204956) - Enhance yaml-cpp detection - Improve download of optional files - MultiCurl: Make sure to reset the progress function when falling back. - Properly reset range requests (bsc#1204548) - Removing a PTF without enabled repos should always fail (bsc#1203248) Without enabled repos, the dependent PTF-packages would be removed (not replaced!) as well. To remove a PTF `zypper install -- -PTF` or a dedicated `zypper removeptf PTF` should be used. This will update the installed PTF packages to theit latest version. - Skip media.1/media download for http repo status calc. This patch allows zypp to skip a extra media.1/media download to calculate if a repository needs to be refreshed. This optimisation only takes place if the repo does specify only downloading base urls. - Use a dynamic fallback for BLKSIZE in downloads. When not receiving a blocklist via metalink file from the server MediaMultiCurl used to fallback to a fixed, relatively small BLKSIZE. This patch changes the fallback into a dynamic value based on the filesize using a similar metric as the MirrorCache implementation on the server side. - ProgressData: enforce reporting the INIT||END state (bsc#1206949) - ps: fix service detection on newer Tumbleweed systems (bsc#1205636) zypper: - Allow to (re)add a service with the same URL (bsc#1203715) - Bump dependency requirement to libzypp-devel 17.31.7 or greater - Explain outdatedness of repositories - patterns: Avoid dispylaing superfluous @System entries (bsc#1205570) - Provide `removeptf` command (bsc#1203249) A remove command which prefers replacing dependant packages to removing them as well. A PTF is typically removed as soon as the fix it provides is applied to the latest official update of the dependant packages. However it is not desired for the dependant packages to be removed together with the PTF, which is what the remove command would do. The `removeptf` command however will aim to replace the dependant packages by their official update versions. - Update man page and explain '.no_auto_prune' (bsc#1204956) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:790-1 Released: Fri Mar 17 05:20:00 2023 Summary: Recommended update for kexec-tools Type: recommended Severity: important References: 1203410 This update for kexec-tools fixes the following issues: - Remove ram_top restriction (bsc#1203410) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:794-1 Released: Fri Mar 17 08:42:12 2023 Summary: Security update for python-PyJWT Type: security Severity: critical References: 1176785,1199282,1199756,CVE-2022-29217 This update for python-PyJWT fixes the following issues: - CVE-2022-29217: Fixed Key confusion through non-blocklisted public key formats (bsc#1199756). - Update in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629) - Update to 2.4.0 (bsc#1199756) - Explicit check the key for ECAlgorithm - Don't use implicit optionals - documentation fix: show correct scope - fix: Update copyright information - Don't mutate options dictionary in .decode_complete() - Add support for Python 3.10 - api_jwk: Add PyJWKSet.__getitem__ - Update usage.rst - Docs: mention performance reasons for reusing RSAPrivateKey when encoding - Fixed typo in usage.rst - Add detached payload support for JWS encoding and decoding - Replace various string interpolations with f-strings by ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:795-1 Released: Fri Mar 17 09:13:12 2023 Summary: Security update for docker Type: security Severity: moderate References: 1205375,1206065,CVE-2022-36109 This update for docker fixes the following issues: Docker was updated to 20.10.23-ce. See upstream changelog at https://docs.docker.com/engine/release-notes/#201023 Docker was updated to 20.10.21-ce (bsc#1206065) See upstream changelog at https://docs.docker.com/engine/release-notes/#201021 Security issues fixed: - CVE-2022-36109: Fixed supplementary group permissions bypass (bsc#1205375) - Fix wrong After: in docker.service, fixes bsc#1188447 - Add apparmor-parser as a Recommends to make sure that most users will end up with it installed even if they are primarily running SELinux. - Allow to install container-selinux instead of apparmor-parser. - Change to using systemd-sysusers ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:848-1 Released: Tue Mar 21 13:28:38 2023 Summary: Security update for xen Type: security Severity: important References: 1209017,1209018,1209019,1209188,CVE-2022-42331,CVE-2022-42332,CVE-2022-42333,CVE-2022-42334 This update for xen fixes the following issues: - CVE-2022-42332: Fixed use-after-free in x86 shadow plus log-dirty mode (bsc#1209017). - CVE-2022-42333,CVE-2022-42334: Fixed x86/HVM pinned cache attributes mis-handling (bsc#1209018). - CVE-2022-42331: Fixed speculative vulnerability in 32bit SYSCALL path on x86 (bsc#1209019). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:868-1 Released: Wed Mar 22 09:41:01 2023 Summary: Security update for python3 Type: security Severity: important References: 1203355,1208471,CVE-2023-24329 This update for python3 fixes the following issues: - CVE-2023-24329: Fixed a blocklist bypass via the urllib.parse component when supplying a URL that starts with blank characters (bsc#1208471). The following non-security bug was fixed: - Eliminate unnecessary and dangerous calls to PyThread_exit_thread() (bsc#1203355). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1582-1 Released: Mon Mar 27 10:31:52 2023 Summary: Security update for curl Type: security Severity: moderate References: 1209209,1209210,1209211,1209212,1209214,CVE-2023-27533,CVE-2023-27534,CVE-2023-27535,CVE-2023-27536,CVE-2023-27538 This update for curl fixes the following issues: - CVE-2023-27533: Fixed TELNET option IAC injection (bsc#1209209). - CVE-2023-27534: Fixed SFTP path ~ resolving discrepancy (bsc#1209210). - CVE-2023-27535: Fixed FTP too eager connection reuse (bsc#1209211). - CVE-2023-27536: Fixed GSS delegation too eager connection reuse (bsc#1209212). - CVE-2023-27538: Fixed SSH connection too eager reuse still (bsc#1209214). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1586-1 Released: Mon Mar 27 13:02:52 2023 Summary: Recommended update for nfs-utils Type: recommended Severity: moderate References: 1200710,1203746,1206781,1207022,1207843 This update for nfs-utils fixes the following issues: - Rename all drop-in options.conf files as 10-options.conf This makes it easier for other packages to over-ride with a drop-in with a later sequence number (bsc#1207843) - Avoid modprobe errors when sysctl is not installed (bsc#1200710 bsc#1207022 bsc#1206781) - Add '-S scope' option to rpc.nfsd to simplify fail-over cluster configuration (bsc#1203746) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1628-1 Released: Tue Mar 28 12:28:51 2023 Summary: Security update for containerd Type: security Severity: important References: 1206235,CVE-2022-23471 This update for containerd fixes the following issues: - CVE-2022-23471: Fixed host memory exhaustion through Terminal resize goroutine leak (bsc#1206235). - Re-build containerd to use updated golang-packaging (jsc#1342). - Update to containerd v1.6.16 for Docker v23.0.0-ce. * https://github.com/containerd/containerd/releases/tag/v1.6.16 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1636-1 Released: Tue Mar 28 13:26:02 2023 Summary: Recommended update for suse-module-tools Type: recommended Severity: moderate References: 1207853 This update for suse-module-tools fixes the following issues: - Update to version 15.4.16: * modprobe.conf: s390x: remove softdep on fbcon (bsc#1207853) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1665-1 Released: Wed Mar 29 12:55:13 2023 Summary: Security update for sudo Type: security Severity: moderate References: 1203201,1206483,1206772,1208595,1209361,1209362,CVE-2023-27320,CVE-2023-28486,CVE-2023-28487 This update for sudo fixes the following issue: Security issues: - CVE-2023-28486: Fixed sudo does not escape control characters in log messages. (bsc#1209362) - CVE-2023-28487: Fixed sudo does not escape control characters in sudoreplay output. (bsc#1209361) - CVE-2023-27320: Fixed a potential security issue with a double free with per-command chroot sudoers rules (bsc#1208595). Bug fixes: - Fix a situation where 'sudo -U otheruser -l' would dereference a NULL pointer (bsc#1206483) - If NOPASSWD is specified, don't ask for password if command is not found (bsc#1206772). - Do not re-enable the reader when flushing the buffers as part of pty_finish() (bsc#1203201). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1670-1 Released: Wed Mar 29 13:47:50 2023 Summary: Recommended update for cpupower Type: recommended Severity: moderate References: 1202890 This update for cpupower fixes the following issues: - Replace error with a warning if perf is unavailable (bsc#1202890) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1688-1 Released: Wed Mar 29 18:19:10 2023 Summary: Security update for zstd Type: security Severity: moderate References: 1209533,CVE-2022-4899 This update for zstd fixes the following issues: - CVE-2022-4899: Fixed buffer overrun in util.c (bsc#1209533). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1689-1 Released: Wed Mar 29 18:34:08 2023 Summary: Security update for ldb, samba Type: security Severity: important References: 1201490,1207416,1207723,1207996,1209481,1209483,1209485,CVE-2022-32746,CVE-2023-0225,CVE-2023-0614,CVE-2023-0922 This update for ldb, samba fixes the following issues: ldb: - CVE-2022-32746: Fixed an use-after-free issue in the database audit logging module (bsc#1201490). - CVE-2023-0614: Fixed discovering of access controlled AD LDAP attributes (bso#15270) (bsc#1209485). samba: - CVE-2023-0922: Fixed cleartext password sending by AD DC admin tool (bso#15315) (bsc#1209481). - CVE-2023-0225: Fixed deletion of AD DC 'dnsHostname' attribute by unprivileged authenticated users (bso#15276) (bsc#1209483). - CVE-2023-0614: Fixed discovering of access controlled AD LDAP attributes (bso#15270) (bsc#1209485). The following non-security bug were fixed: - Prevent use after free of messaging_ctdb_fde_ev structs (bso#15293) (bsc#1207416). - Ship missing samba-winbind-libs-32bit package (bsc#1207996) - Ship missing samba-libs to SLE Micro 5.3 (bsc#1207723) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1697-1 Released: Thu Mar 30 11:37:19 2023 Summary: Recommended update for bind Type: recommended Severity: moderate References: This update for bind fixes the following issues: - A constant stream of zone additions and deletions via rndc reconfig could cause increased memory consumption due to delayed cleaning of view memory. - The speed of the message digest algorithms (MD5, SHA-1, SHA-2) and of NSEC3 hashing has been improved. - Building BIND 9 failed when the --enable-dnsrps switch for ./configure was used. (jsc#SLE-24600) - Updated keyring and signature ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1702-1 Released: Thu Mar 30 15:23:23 2023 Summary: Security update for shim Type: security Severity: important References: 1185232,1185261,1185441,1185621,1187071,1187260,1193282,1198458,1201066,1202120,1205588,CVE-2022-28737 This update for shim fixes the following issues: - Updated shim signature after shim 15.7 be signed back: signature-sles.x86_64.asc, signature-sles.aarch64.asc (bsc#1198458) - Add POST_PROCESS_PE_FLAGS=-N to the build command in shim.spec to disable the NX compatibility flag when using post-process-pe because grub2 is not ready. (bsc#1205588) - Enable the NX compatibility flag by default. (jsc#PED-127) Update to 15.7 (bsc#1198458) (jsc#PED-127): - Make SBAT variable payload introspectable - Reference MokListRT instead of MokList - Add a link to the test plan in the readme. - [V3] Enable TDX measurement to RTMR register - Discard load-options that start with a NUL - Fixed load_cert_file bugs - Add -malign-double to IA32 compiler flags - pe: Fix image section entry-point validation - make-archive: Build reproducible tarball - mok: remove MokListTrusted from PCR 7 Other fixes: - Support enhance shim measurement to TD RTMR. (jsc#PED-1273) - shim-install: ensure grub.cfg created is not overwritten after installing grub related files - Add logic to shim.spec to only set sbat policy when efivarfs is writeable. (bsc#1201066) - Add logic to shim.spec for detecting --set-sbat-policy option before using mokutil to set sbat policy. (bsc#1202120) - Change the URL in SBAT section to mail:security at suse.de. (bsc#1193282) Update to 15.6 (bsc#1198458): - MokManager: removed Locate graphic output protocol fail error message - shim: implement SBAT verification for the shim_lock protocol - post-process-pe: Fix a missing return code check - Update github actions matrix to be more useful - post-process-pe: Fix format string warnings on 32-bit platforms - Allow MokListTrusted to be enabled by default - Re-add ARM AArch64 support - Use ASCII as fallback if Unicode Box Drawing characters fail - make: don't treat cert.S specially - shim: use SHIM_DEVEL_VERBOSE when built in devel mode - Break out of the inner sbat loop if we find the entry. - Support loading additional certificates - Add support for NX (W^X) mitigations. - Fix preserve_sbat_uefi_variable() logic - SBAT Policy latest should be a one-shot - pe: Fix a buffer overflow when SizeOfRawData > VirtualSize - pe: Perform image verification earlier when loading grub - Update advertised sbat generation number for shim - Update SBAT generation requirements for 05/24/22 - Also avoid CVE-2022-28737 in verify_image() by @vathpela Update to 15.5 (bsc#1198458): - Broken ia32 relocs and an unimportant submodule change. - mok: allocate MOK config table as BootServicesData - Don't call QueryVariableInfo() on EFI 1.10 machines (bsc#1187260) - Relax the check for import_mok_state() (bsc#1185261) - SBAT.md: trivial changes - shim: another attempt to fix load options handling - Add tests for our load options parsing. - arm/aa64: fix the size of .rela* sections - mok: fix potential buffer overrun in import_mok_state - mok: relax the maximum variable size check - Don't unhook ExitBootServices when EBS protection is disabled - fallback: find_boot_option() needs to return the index for the boot entry in optnum - httpboot: Ignore case when checking HTTP headers - Fallback allocation errors - shim: avoid BOOTx64.EFI in message on other architectures - str: remove duplicate parameter check - fallback: add compile option FALLBACK_NONINTERACTIVE - Test mok mirror - Modify sbat.md to help with readability. - csv: detect end of csv file correctly - Specify that the .sbat section is ASCII not UTF-8 - tests: add 'include-fixed' GCC directory to include directories - pe: simplify generate_hash() - Don't make shim abort when TPM log event fails (RHBZ #2002265) - Fallback to default loader if parsed one does not exist - fallback: Fix for BootOrder crash when index returned - Better console checks - docs: update SBAT UEFI variable name - Don't parse load options if invoked from removable media path - fallback: fix fallback not passing arguments of the first boot option - shim: Don't stop forever at 'Secure Boot not enabled' notification - Allocate mokvar table in runtime memory. - Remove post-process-pe on 'make clean' - pe: missing perror argument - CVE-2022-28737: Fixed a buffer overflow when SizeOfRawData > VirtualSize (bsc#1198458) - Add mokutil command to post script for setting sbat policy to latest mode when the SbatPolicy-605dab50-e046-4300-abb6-3dd810dd8b23 is not created. (bsc#1198458) - Updated vendor dbx binary and script (bsc#1198458) - Updated dbx-cert.tar.xz and vendor-dbx-sles.bin for adding SLES-UEFI-SIGN-Certificate-2021-05.crt to vendor dbx list. - Updated dbx-cert.tar.xz and vendor-dbx-opensuse.bin for adding openSUSE-UEFI-SIGN-Certificate-2021-05.crt to vendor dbx list. - Updated vendor-dbx.bin for adding SLES-UEFI-SIGN-Certificate-2021-05.crt and openSUSE-UEFI-SIGN-Certificate-2021-05.crt for testing environment. - Updated generate-vendor-dbx.sh script for generating a vendor-dbx.bin file which includes all .der for testing environment. - avoid buffer overflow when copying data to the MOK config table (bsc#1185232) - Disable exporting vendor-dbx to MokListXRT since writing a large RT variable could crash some machines (bsc#1185261) - ignore the odd LoadOptions length (bsc#1185232) - shim-install: reset def_shim_efi to 'shim.efi' if the given file doesn't exist - relax the maximum variable size check for u-boot (bsc#1185621) - handle ignore_db and user_insecure_mode correctly (bsc#1185441, bsc#1187071) - Split the keys in vendor-dbx.bin to vendor-dbx-sles and vendor-dbx-opensuse for shim-sles and shim-opensuse to reduce the size of MokListXRT (bsc#1185261) + Also update generate-vendor-dbx.sh in dbx-cert.tar.xz ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1710-1 Released: Fri Mar 31 13:21:39 2023 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1166486,1177529,1193629,1197534,1197617,1198438,1202353,1202633,1203200,1203331,1203332,1204363,1204993,1205544,1205846,1206103,1206224,1206232,1206459,1206492,1206493,1206640,1206824,1206876,1206877,1206878,1206880,1206881,1206882,1206883,1206884,1206885,1206886,1206889,1206894,1206935,1207051,1207270,1207328,1207529,1207560,1207588,1207589,1207590,1207591,1207592,1207593,1207594,1207603,1207605,1207606,1207607,1207608,1207609,1207610,1207613,1207615,1207617,1207618,1207619,1207620,1207621,1207623,1207624,1207625,1207626,1207628,1207630,1207631,1207632,1207634,1207635,1207636,1207638,1207639,1207641,1207642,1207643,1207644,1207645,1207646,1207647,1207648,1207651,1207653,1207770,1207773,1207845,1207875,1208149,1208153,1208179,1208183,1208212,1208290,1208420,1208428,1208429,1208449,1208534,1208541,1208570,1208598,1208599,1208601,1208603,1208605,1208607,1208628,1208700,1208741,1208759,1208776,1208777,1208784,1208787,1208816,1208837,1208843,1208848,1209008,1209159,1209188,1 209256,1209258,1209262,1209291,1209436,1209457,1209504,CVE-2022-3523,CVE-2022-36280,CVE-2022-38096,CVE-2023-0045,CVE-2023-0461,CVE-2023-0597,CVE-2023-1075,CVE-2023-1076,CVE-2023-1078,CVE-2023-1095,CVE-2023-1118,CVE-2023-22995,CVE-2023-22998,CVE-2023-23000,CVE-2023-23004,CVE-2023-23559,CVE-2023-25012,CVE-2023-26545,CVE-2023-28328 The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security and bugfixes. - CVE-2022-3523: Fixed a use after free related to device private page handling (bsc#1204363). - CVE-2022-36280: Fixed out-of-bounds memory access vulnerability found in vmwgfx driver (bsc#1203332). - CVE-2022-38096: Fixed NULL-ptr deref in vmw_cmd_dx_define_query() (bsc#1203331). - CVE-2023-0045: Fixed missing Flush IBP in ib_prctl_set (bsc#1207773). - CVE-2023-0461: Fixed use-after-free in icsk_ulp_data (bsc#1208787). - CVE-2023-0597: Fixed lack of randomization of per-cpu entry area in x86/mm (bsc#1207845). - CVE-2023-1075: Fixed a type confusion in tls_is_tx_ready (bsc#1208598). - CVE-2023-1076: Fixed incorrect UID assigned to tun/tap sockets (bsc#1208599). - CVE-2023-1078: Fixed a heap out-of-bounds write in rds_rm_zerocopy_callback (bsc#1208601). - CVE-2023-1095: Fixed a NULL pointer dereference in nf_tables due to zeroed list head (bsc#1208777). - CVE-2023-1118: Fixed a use-after-free bugs caused by ene_tx_irqsim() in media/rc (bsc#1208837). - CVE-2023-22995: Fixed lacks of certain platform_device_put and kfree in drivers/usb/dwc3/dwc3-qcom.c (bsc#1208741). - CVE-2023-22998: Fixed NULL vs IS_ERR checking in virtio_gpu_object_shmem_init (bsc#1208776). - CVE-2023-23000: Fixed return value of tegra_xusb_find_port_node function phy/tegra (bsc#1208816). - CVE-2023-23004: Fixed misinterpretation of get_sg_table return value (bsc#1208843). - CVE-2023-23559: Fixed integer overflow in rndis_wlan that leads to a buffer overflow (bsc#1207051). - CVE-2023-25012: Fixed a use-after-free in bigben_set_led() (bsc#1207560). - CVE-2023-26545: Fixed double free in net/mpls/af_mpls.c upon an allocation failure (bsc#1208700). - CVE-2023-28328: Fixed a denial of service issue in az6027 driver in drivers/media/usb/dev-usb/az6027.c (bsc#1209291). The following non-security bugs were fixed: - [infiniband] READ is 'data destination', not source... (git-fixes) - [xen] fix 'direction' argument of iov_iter_kvec() (git-fixes). - acpi/x86: Add support for LPS0 callback handler (git-fixes). - acpi: Do not build ACPICA with '-Os' (git-fixes). - acpi: NFIT: fix a potential deadlock during NFIT teardown (git-fixes). - acpi: PM: s2idle: Add support for upcoming AMD uPEP HID AMDI008 (bsc#1206224). - acpi: PM: s2idle: Use LPS0 idle if ACPI_FADT_LOW_POWER_S0 is unset (bsc#1206224). - acpi: battery: Fix missing NUL-termination with large strings (git-fixes). - acpi: resource: Add helper function acpi_dev_get_memory_resources() (git-fixes). - acpi: video: Fix Lenovo Ideapad Z570 DMI match (git-fixes). - acpi: x86: s2idle: Add a quirk for ASUS ROG Zephyrus G14 (bsc#1206224). - acpi: x86: s2idle: Add a quirk for ASUS TUF Gaming A17 FA707RE (bsc#1206224). - acpi: x86: s2idle: Add a quirk for ASUSTeK COMPUTER INC. ROG Flow X13 (bsc#1206224). - acpi: x86: s2idle: Add a quirk for Lenovo Slim 7 Pro 14ARH7 (bsc#1206224). - acpi: x86: s2idle: Add another ID to s2idle_dmi_table (bsc#1206224). - acpi: x86: s2idle: Add module parameter to prefer Microsoft GUID (bsc#1206224). - acpi: x86: s2idle: Fix a NULL pointer dereference (bsc#1206224). - acpi: x86: s2idle: Force AMD GUID/_REV 2 on HP Elitebook 865 (bsc#1206224). - acpi: x86: s2idle: If a new AMD _HID is missing assume Rembrandt (bsc#1206224). - acpi: x86: s2idle: Move _HID handling for AMD systems into structures (bsc#1206224). - acpi: x86: s2idle: Stop using AMD specific codepath for Rembrandt+ (bsc#1206224). - acpica: Drop port I/O validation for some regions (git-fixes). - acpica: nsrepair: handle cases without a return value correctly (git-fixes). - add cherry-picked id for nouveau patch - alsa: emux: Avoid potential array out-of-bound in snd_emux_xg_control() (git-fixes). - alsa: hda/ca0132: minor fix for allocation size (git-fixes). - alsa: hda/conexant: add a new hda codec SN6180 (git-fixes). - alsa: hda/realtek - fixed wrong gpio assigned (git-fixes). - alsa: hda/realtek: Add Positivo N14KP6-TG (git-fixes). - alsa: hda/realtek: Add quirk for ASUS UM3402 using CS35L41 (git-fixes). - alsa: hda/realtek: Add quirk for HP EliteDesk 800 G6 Tower PC (git-fixes). - alsa: hda/realtek: Enable mute/micmute LEDs on HP Elitebook, 645 G9 (git-fixes). - alsa: hda/realtek: Fix the speaker output on Samsung Galaxy Book2 Pro 360 (git-fixes). - alsa: hda/realtek: fix mute/micmute LEDs do not work for a HP platform (git-fixes). - alsa: hda: Do not unset preset when cleaning up codec (git-fixes). - alsa: hda: Match only Intel devices with CONTROLLER_IN_GPU() (git-fixes). - alsa: ice1712: Delete unreachable code in aureon_add_controls() (git-fixes). - alsa: ice1712: Do not left ice->gpio_mutex locked in aureon_add_controls() (git-fixes). - alsa: pci: lx6464es: fix a debug loop (git-fixes). - applicom: Fix PCI device refcount leak in applicom_init() (git-fixes). - arm64: Treat ESR_ELx as a 64-bit register (git-fixes) - arm64: atomics: remove LL/SC trampolines (git-fixes) - arm64: cacheinfo: Fix incorrect assignment of signed error value to (git-fixes) - arm64: cmpxchg_double*: hazard against entire exchange variable (git-fixes) - arm64: dts: amlogic: meson-axg: fix SCPI clock dvfs node name (git-fixes). - arm64: dts: amlogic: meson-gx-libretech-pc: fix update button name (git-fixes). - arm64: dts: amlogic: meson-gx: add missing SCPI sensors compatible (git-fixes). - arm64: dts: amlogic: meson-gx: add missing unit address to rng node name (git-fixes). - arm64: dts: amlogic: meson-gx: fix SCPI clock dvfs node name (git-fixes). - arm64: dts: amlogic: meson-gxbb-kii-pro: fix led node name (git-fixes). - arm64: dts: amlogic: meson-gxl-s905d-phicomm-n1: fix led node name (git-fixes). - arm64: dts: amlogic: meson-gxl-s905d-sml5442tw: drop invalid clock-names property (git-fixes). - arm64: dts: amlogic: meson-gxl: add missing unit address to eth-phy-mux node name (git-fixes). - arm64: dts: amlogic: meson-sm1-bananapi-m5: fix adc keys node names (git-fixes). - arm64: dts: amlogic: meson-sm1-odroid-hc4: fix active fan thermal trip (git-fixes). - arm64: dts: arm: drop unused interrupt-names in MHU (git-fixes) - arm64: dts: imx8m: Align SoC unique ID node unit address (git-fixes). - arm64: dts: juno: Add missing MHU secure-irq (git-fixes) - arm64: dts: mediatek: mt7622: Add missing pwm-cells to pwm node (git-fixes). - arm64: dts: mediatek: mt8183: Fix systimer 13 MHz clock description (git-fixes). - arm64: dts: meson-axg: Make mmc host controller interrupts level-sensitive (git-fixes). - arm64: dts: meson-g12-common: Make mmc host controller interrupts level-sensitive (git-fixes). - arm64: dts: meson-g12a: Fix internal Ethernet PHY unit name (git-fixes). - arm64: dts: meson-gx: Fix Ethernet MAC address unit name (git-fixes). - arm64: dts: meson-gx: Fix the SCPI DVFS node name and unit address (git-fixes). - arm64: dts: meson-gx: Make mmc host controller interrupts level-sensitive (git-fixes). - arm64: dts: meson: bananapi-m5: switch VDDIO_C pin to OPEN_DRAIN (git-fixes). - arm64: dts: meson: remove CPU opps below 1GHz for G12A boards (git-fixes). - arm64: dts: mt8192: Fix CPU map for single-cluster SoC (git-fixes). - arm64: dts: qcom: Fix IPQ8074 PCIe PHY nodes (git-fixes). - arm64: dts: qcom: ipq8074: correct Gen2 PCIe ranges (git-fixes). - arm64: dts: qcom: ipq8074: correct PCIe QMP PHY output clock names (git-fixes). - arm64: dts: qcom: ipq8074: correct USB3 QMP PHY-s clock output names (git-fixes). - arm64: dts: qcom: ipq8074: fix Gen2 PCIe QMP PHY (git-fixes). - arm64: dts: qcom: ipq8074: fix Gen3 PCIe QMP PHY (git-fixes). - arm64: dts: qcom: ipq8074: fix Gen3 PCIe node (git-fixes). - arm64: dts: qcom: ipq8074: fix PCIe PHY serdes size (git-fixes). - arm64: dts: qcom: pmk8350: Specify PBS register for PON (git-fixes). - arm64: dts: qcom: pmk8350: Use the correct PON compatible (git-fixes). - arm64: dts: qcom: qcs404: use symbol names for PCIe resets (git-fixes). - arm64: dts: qcom: sc7180: correct SPMI bus address cells (git-fixes). - arm64: dts: qcom: sc7280: correct SPMI bus address cells (git-fixes). - arm64: dts: qcom: sdm845-db845c: fix audio codec interrupt pin name (git-fixes). - arm64: dts: qcom: sm8150-kumano: Panel framebuffer is 2.5k instead of 4k (git-fixes). - arm64: dts: renesas: beacon-renesom: Fix gpio expander reference (git-fixes). - arm64: dts: rockchip: drop unused LED mode property from rk3328-roc-cc (git-fixes). - arm64: dts: ti: k3-j7200: Fix wakeup pinmux range (git-fixes). - arm64: efi: Make efi_rt_lock a raw_spinlock (git-fixes). - arm64: make is_ttbrX_addr() noinstr-safe (git-fixes) - arm64: mm: kfence: only handle translation faults (git-fixes) - arm: OMAP1: call platform_device_put() in error case in omap1_dm_timer_init() (git-fixes). - arm: OMAP2+: Fix memory leak in realtime_counter_init() (git-fixes). - arm: bcm2835_defconfig: Enable the framebuffer (git-fixes). - arm: dts: am5748: keep usb4_tm disabled (git-fixes) - arm: dts: exynos: Use Exynos5420 compatible for the MIPI video phy (git-fixes). - arm: dts: exynos: correct HDMI phy compatible in Exynos4 (git-fixes). - arm: dts: exynos: correct TMU phandle in Exynos4 (git-fixes). - arm: dts: exynos: correct TMU phandle in Exynos4210 (git-fixes). - arm: dts: exynos: correct TMU phandle in Exynos5250 (git-fixes). - arm: dts: exynos: correct TMU phandle in Odroid HC1 (git-fixes). - arm: dts: exynos: correct TMU phandle in Odroid XU (git-fixes). - arm: dts: exynos: correct TMU phandle in Odroid XU3 family (git-fixes). - arm: dts: exynos: correct wr-active property in Exynos3250 Rinato (git-fixes). - arm: dts: imx7-colibri-eval-v3: correct can controller comment (git-fixes) - arm: dts: imx7s: correct iomuxc gpr mux controller cells (git-fixes). - arm: dts: qcom: msm8974: add required ranges to OCMEM (git-fixes) - arm: dts: qcom: sdx55: Add Qcom SMMU-500 as the fallback for IOMMU node (git-fixes). - arm: dts: rockchip: add power-domains property to dp node on rk3288 (git-fixes). - arm: dts: spear320-hmi: correct STMPE GPIO compatible (git-fixes). - arm: dts: stm32: add missing usbh clock and fix clk order on (git-fixes) - arm: dts: stm32: use usbphyc ck_usbo_48m as USBH OHCI clock on (git-fixes) - arm: dts: sun8i: nanopi-duo2: Fix regulator GPIO reference (git-fixes). - arm: imx: Call ida_simple_remove() for ida_simple_get (git-fixes). - arm: imx: rename DEBUG_IMX21_IMX27_UART to DEBUG_IMX27_UART (git-fixes) - arm: omap: remove debug-leds driver (git-fixes) - arm: remove some dead code (git-fixes) - arm: renumber bits related to _TIF_WORK_MASK (git-fixes) - arm: s3c: fix s3c64xx_set_timer_source prototype (git-fixes). - arm: shmobile: rcar-gen2: Add missing of_node_put() (git-fixes) - arm: zynq: Fix refcount leak in zynq_early_slcr_init (git-fixes). - asoc: Intel: boards: fix spelling in comments (git-fixes). - asoc: Intel: bytcht_es8316: Drop reference count of ACPI device after use (git-fixes). - asoc: Intel: bytcht_es8316: move comment to the right place (git-fixes). - asoc: Intel: sof_cs42l42: always set dpcm_capture for amplifiers (git-fixes). - asoc: Intel: sof_rt5682: always set dpcm_capture for amplifiers (git-fixes). - asoc: adau7118: do not disable regulators on device unbind (git-fixes). - asoc: codecs: Change bulk clock voting to optional voting in digital codecs (git-fixes). - asoc: codecs: lpass: fix incorrect mclk rate (git-fixes). - asoc: codecs: rx-macro: move clk provider to managed variants (git-fixes). - asoc: codecs: rx-macro: move to individual clks from bulk (git-fixes). - asoc: codecs: tx-macro: move clk provider to managed variants (git-fixes). - asoc: codecs: tx-macro: move to individual clks from bulk (git-fixes). - asoc: cs42l56: fix DT probe (git-fixes). - asoc: dt-bindings: meson: fix gx-card codec node regex (git-fixes). - asoc: fsl_sai: Update to modern clocking terminology (git-fixes). - asoc: kirkwood: Iterate over array indexes instead of using pointer math (git-fixes). - asoc: mchp-spdifrx: Fix uninitialized use of mr in mchp_spdifrx_hw_params() (git-fixes). - asoc: mchp-spdifrx: disable all interrupts in mchp_spdifrx_dai_remove() (git-fixes). - asoc: mchp-spdifrx: fix controls which rely on rsr register (git-fixes). - asoc: rsnd: Remove unnecessary rsnd_dbg_dai_call() (git-fixes). - asoc: rsnd: fixup #endif position (git-fixes). - asoc: rt715-sdca: fix clock stop prepare timeout issue (git-fixes). - asoc: soc-compress.c: fixup private_data on snd_soc_new_compress() (git-fixes). - asoc: soc-compress: Reposition and add pcm_mutex (git-fixes). - asoc: soc-dapm.h: fixup warning struct snd_pcm_substream not declared (git-fixes). - asoc: tlv320adcx140: fix 'ti,gpio-config' DT property init (git-fixes). - asoc: topology: Return -ENOMEM on memory allocation failure (git-fixes). - asoc: zl38060 add gpiolib dependency (git-fixes). - asoc: zl38060: Remove spurious gpiolib select (git-fixes). - ath9k: hif_usb: simplify if-if to if-else (git-fixes). - ath9k: htc: clean up statistics macros (git-fixes). - auxdisplay: hd44780: Fix potential memory leak in hd44780_remove() (git-fixes). - avoid deadlock for recursive I/O on dm-thin when used as swap (bsc#1177529). - backlight: backlight: Fix doc for backlight_device_get_by_name (git-fixes). - blk-cgroup: fix missing pd_online_fn() while activating policy (git-fixes). - blk-mq: fix possible memleak when register 'hctx' failed (git-fixes). - block, bfq: fix uaf for bfqq in bic_set_bfqq() (git-fixes). - block/bfq-iosched.c: use 'false' rather than 'BLK_RW_ASYNC' (git-fixes). - block: bio-integrity: Copy flags when bio_integrity_payload is cloned (bsc#1208541). - block: clear ->slave_dir when dropping the main slave_dir reference (git-fixes). - block: do not allow splitting of a REQ_NOWAIT bio (git-fixes). - block: fix and cleanup bio_check_ro (git-fixes). - block: mq-deadline: Do not break sequential write streams to zoned HDDs (git-fixes). - block: mq-deadline: Rename deadline_is_seq_writes() (git-fixes). - bluetooth: L2CAP: Fix potential user-after-free (git-fixes). - bluetooth: btusb: Add VID:PID 13d3:3529 for Realtek RTL8821CE (git-fixes). - bluetooth: hci_qca: get wakeup status from serdev device handle (git-fixes). - bluetooth: hci_sock: purge socket queues in the destruct() callback (git-fixes). - bpf, perf: Use subprog name when reporting subprog ksymbol (git fixes). - bpf, x64: Factor out emission of REX byte in more cases (git-fixes). - bpf: Fix a possible task gone issue with bpf_send_signal[_thread]() helpers (git-fixes). - bpf: Fix extable address check (git-fixes). - bpf: Fix extable fixup offset (git-fixes). - bpf: Skip task with pid=1 in send_signal_common() (git-fixes). - can: j1939: do not wait 250 ms if the same addr was already claimed (git-fixes). - ceph: flush cap releases when the session is flushed (bsc#1208428). - ceph: update the time stamps and try to drop the suid/sgid (bsc#1209504). - cifs: Check the lease context if we actually got a lease (bsc#1193629). - cifs: Convert struct fealist away from 1-element array (bsc#1193629). - cifs: Fix lost destroy smbd connection when MR allocate failed (git-fixes). - cifs: Fix oops due to uncleared server->smbd_conn in reconnect (git-fixes). - cifs: Fix uninitialized memory read in smb3_qfs_tcon() (bsc#1193629). - cifs: Fix uninitialized memory reads for oparms.mode (bsc#1193629). - cifs: Fix use-after-free in rdata->read_into_pages() (git-fixes). - cifs: Fix warning and UAF when destroy the MR list (git-fixes). - cifs: Get rid of unneeded conditional in the smb2_get_aead_req() (bsc#1193629). - cifs: Replace remaining 1-element arrays (bsc#1193629). - cifs: Replace zero-length arrays with flexible-array members (bsc#1193629). - cifs: Use kstrtobool() instead of strtobool() (bsc#1193629). - cifs: do not try to use rdma offload on encrypted connections (bsc#1193629). - cifs: fix mount on old smb servers (boo#1206935). - cifs: get rid of dns resolve worker (bsc#1193629). - cifs: get rid of unneeded conditional in cifs_get_num_sgs() (bsc#1193629). - cifs: improve checking of DFS links over STATUS_OBJECT_NAME_INVALID (git-fixes). - cifs: introduce cifs_io_parms in smb2_async_writev() (bsc#1193629). - cifs: match even the scope id for ipv6 addresses (bsc#1193629). - cifs: prevent data race in cifs_reconnect_tcon() (bsc#1193629). - cifs: prevent data race in smb2_reconnect() (bsc#1193629). - cifs: print last update time for interface list (bsc#1193629). - cifs: remove unneeded 2bytes of padding from smb2 tree connect (bsc#1193629). - cifs: return a single-use cfid if we did not get a lease (bsc#1193629). - cifs: reuse cifs_match_ipaddr for comparison of dstaddr too (bsc#1193629). - cifs: split out smb3_use_rdma_offload() helper (bsc#1193629). - cifs: update ip_addr for ses only for primary chan setup (bsc#1193629). - cifs: use tcon allocation functions even for dummy tcon (git-fixes). - cifs: use the least loaded channel for sending requests (bsc#1193629). - clk: HI655X: select REGMAP instead of depending on it (git-fixes). - clk: Honor CLK_OPS_PARENT_ENABLE in clk_core_is_enabled() (git-fixes). - clk: imx: avoid memory leak (git-fixes). - clk: mxl: Add option to override gate clks (git-fixes). - clk: mxl: Fix a clk entry by adding relevant flags (git-fixes). - clk: mxl: Remove redundant spinlocks (git-fixes). - clk: mxl: Switch from direct readl/writel based IO to regmap based IO (git-fixes). - clk: mxl: syscon_node_to_regmap() returns error pointers (git-fixes). - clk: qcom: gcc-qcs404: disable gpll[04]_out_aux parents (git-fixes). - clk: qcom: gcc-qcs404: fix names of the DSI clocks used as parents (git-fixes). - clk: ralink: fix 'mt7621_gate_is_enabled()' function (git-fixes). - clk: renesas: cpg-mssr: Fix use after free if cpg_mssr_common_init() failed (git-fixes). - clk: renesas: cpg-mssr: Remove superfluous check in resume code (git-fixes). - clocksource: Suspend the watchdog temporarily when high read latency detected (git-fixes). - comedi: use menuconfig for main Comedi menu (git-fixes). - crypto: arm64 - Fix unused variable compilation warnings of (git-fixes) - crypto: ccp - Avoid page allocation failure warning for SEV_GET_ID2 (git-fixes). - crypto: ccp - Failure on re-initialization due to duplicate sysfs filename (git-fixes). - crypto: crypto4xx - Call dma_unmap_page when done (git-fixes). - crypto: essiv - Handle EBUSY correctly (git-fixes). - crypto: qat - fix out-of-bounds read (git-fixes). - crypto: rsa-pkcs1pad - Use akcipher_request_complete (git-fixes). - crypto: seqiv - Handle EBUSY correctly (git-fixes). - crypto: x86/ghash - fix unaligned access in ghash_setkey() (git-fixes). - crypto: xts - Handle EBUSY correctly (git-fixes). - delete patches.suse/drm-i915-Don-t-use-BAR-mappings-for-ring-buffers-wit.patch Resulted in an Oops / hang at boot (bsc#1209436) - dmaengine: dw-axi-dmac: Do not dereference NULL structure (git-fixes). - dmaengine: dw-edma: Do not permit non-inc interleaved xfers (git-fixes). - dmaengine: dw-edma: Drop chancnt initialization (git-fixes). - dmaengine: dw-edma: Fix invalid interleaved xfers semantics (git-fixes). - dmaengine: dw-edma: Fix missing src/dst address of interleaved xfers (git-fixes). - dmaengine: dw-edma: Fix readq_ch() return value truncation (git-fixes). - dmaengine: idxd: Set traffic class values in GRPCFG on DSA 2.0 (git-fixes). - dmaengine: ptdma: check for null desc before calling pt_cmd_callback (git-fixes). - dmaengine: sf-pdma: pdma_desc memory leak fix (git-fixes). - do not sign the vanilla kernel (bsc#1209008). - docs/scripts/gdb: add necessary make scripts_gdb step (git-fixes). - docs: Correct missing 'd_' prefix for dentry_operations member d_weak_revalidate (git-fixes). - docs: ftrace: fix a issue with duplicated subtitle number (git-fixes). - docs: gdbmacros: print newest record (git-fixes). - documentation/hw-vuln: Document the interaction between IBRS and STIBP (git-fixes). - documentation: simplify and clarify DCO contribution example language (git-fixes). - driver core: fix potential null-ptr-deref in device_add() (git-fixes). - driver core: fix resource leak in device_add() (git-fixes). - driver core: fw_devlink: Add DL_FLAG_CYCLE support to device links (git-fixes). - drivers/md/md-bitmap: check the return value of md_bitmap_get_counter() (git-fixes). - drivers: base: transport_class: fix possible memory leak (git-fixes). - drivers: base: transport_class: fix resource leak when transport_add_device() fails (git-fixes). - drm/amd/display: Fail atomic_check early on normalize_zpos error (git-fixes). - drm/amd/display: Fix potential null-deref in dm_resume (git-fixes). - drm/amd/display: Fix timing not changning when freesync video is enabled (git-fixes). - drm/amd/display: Properly handle additional cases where DCN is not supported (git-fixes). - drm/amd/display: reduce else-if to else in dcn10_blank_pixel_data() (git-fixes). - drm/amdgpu/fence: Fix oops due to non-matching drm_sched init/fini (git-fixes). - drm/amdgpu: fix enum odm_combine_mode mismatch (git-fixes). - drm/amdgpu: fix error checking in amdgpu_read_mm_registers for soc15 (git-fixes). - drm/bridge: Fix returned array size name for atomic_get_input_bus_fmts kdoc (git-fixes). - drm/bridge: lt8912b: Add hot plug detection (git-fixes). - drm/bridge: lt9611: fix HPD reenablement (git-fixes). - drm/bridge: lt9611: fix clock calculation (git-fixes). - drm/bridge: lt9611: fix polarity programming (git-fixes). - drm/bridge: lt9611: fix programming of video modes (git-fixes). - drm/bridge: lt9611: fix sleep mode setup (git-fixes). - drm/bridge: lt9611: pass a pointer to the of node (git-fixes). - drm/bridge: megachips: Fix error handling in i2c_register_driver() (git-fixes). - drm/connector: print max_requested_bpc in state debugfs (git-fixes). - drm/edid: fix AVI infoframe aspect ratio handling (git-fixes). - drm/fourcc: Add missing big-endian XRGB1555 and RGB565 formats (git-fixes). - drm/hyperv : Removing the restruction of VRAM allocation with PCI bar size (git-fixes). - drm/hyperv: Fix an error handling path in hyperv_vmbus_probe() (git-fixes). - drm/i915/gen11: Moving WAs to icl_gt_workarounds_init() (git-fixes). - drm/i915/gen11: Wa_1408615072/Wa_1407596294 should be on GT list (git-fixes). - drm/i915/quirks: Add inverted backlight quirk for HP 14-r206nv (git-fixes). - drm/i915: Do not use BAR mappings for ring buffers with LLC (git-fixes). - drm/i915: Fix VBT DSI DVO port handling (git-fixes). - drm/i915: Initialize the obj flags for shmem objects (git-fixes). - drm/mediatek: Clean dangling pointer on bind error path (git-fixes). - drm/mediatek: Drop unbalanced obj unref (git-fixes). - drm/mediatek: Use NULL instead of 0 for NULL pointer (git-fixes). - drm/mediatek: dsi: Reduce the time of dsi from LP11 to sending cmd (git-fixes). - drm/mediatek: mtk_drm_crtc: Add checks for devm_kcalloc (git-fixes). - drm/meson: fix 1px pink line on GXM when scaling video overlay (git-fixes). - drm/mipi-dsi: Fix byte order of 16-bit DCS set/get brightness (git-fixes). - drm/msm/a5xx: fix context faults during ring switch (git-fixes). - drm/msm/a5xx: fix highest bank bit for a530 (git-fixes). - drm/msm/a5xx: fix setting of the CP_PREEMPT_ENABLE_LOCAL register (git-fixes). - drm/msm/a5xx: fix the emptyness check in the preempt code (git-fixes). - drm/msm/adreno: Fix null ptr access in adreno_gpu_cleanup() (git-fixes). - drm/msm/disp/dpu: fix sc7280_pp base offset (git-fixes). - drm/msm/dpu: Add check for cstate (git-fixes). - drm/msm/dpu: Add check for pstates (git-fixes). - drm/msm/dpu: Disallow unallocated resources to be returned (git-fixes). - drm/msm/dpu: drop stale comment from struct dpu_mdp_cfg doc (git-fixes). - drm/msm/dpu: fix len of sc7180 ctl blocks (git-fixes). - drm/msm/dpu: set pdpu->is_rt_pipe early in dpu_plane_sspp_atomic_update() (git-fixes). - drm/msm/dsi: Add missing check for alloc_ordered_workqueue (git-fixes). - drm/msm/gem: Add check for kmalloc (git-fixes). - drm/msm/hdmi: Add missing check for alloc_ordered_workqueue (git-fixes). - drm/msm/mdp5: Add check for kzalloc (git-fixes). - drm/msm: Fix potential invalid ptr free (git-fixes). - drm/msm: clean event_thread->worker in case of an error (git-fixes). - drm/msm: use strscpy instead of strncpy (git-fixes). - drm/nouveau/devinit/tu102-: wait for GFW_BOOT_PROGRESS == COMPLETED (git-fixes). - drm/nouveau/kms/nv50-: remove unused functions (git-fixes). - drm/nouveau/kms/nv50: fix nv50_wndw_new_ prototype (git-fixes). - drm/omap: dsi: Fix excessive stack usage (git-fixes). - drm/omapdrm: Remove unused struct csc_coef_rgb2yuv (git-fixes). - drm/panfrost: Do not sync rpm suspension after mmu flushing (git-fixes). - drm/radeon: Fix eDP for single-display iMac11,2 (git-fixes). - drm/radeon: free iio for atombios when driver shutdown (git-fixes). - drm/shmem-helper: Remove another errant put in error path (git-fixes). - drm/sun4i: fix missing component unbind on bind errors (git-fixes). - drm/tiny: ili9486: Do not assume 8-bit only SPI controllers (git-fixes). - drm/vc4: dpi: Add option for inverting pixel clock and output enable (git-fixes). - drm/vc4: dpi: Fix format mapping for RGB565 (git-fixes). - drm/vc4: hdmi: Correct interlaced timings again (git-fixes). - drm/vc4: hvs: Fix colour order for xRGB1555 on HVS5 (git-fixes). - drm/vc4: hvs: Set AXI panic modes (git-fixes). - drm/vc4: vec: Use pm_runtime_resume_and_get() in vc4_vec_encoder_enable() (git-fixes). - drm/virtio: exbuf->fence_fd unmodified on interrupted wait (git-fixes). - drm/vkms: Fix memory leak in vkms_init() (git-fixes). - drm/vkms: Fix null-ptr-deref in vkms_release() (git-fixes). - drm: Fix potential null-ptr-deref due to drmm_mode_config_init() (git-fixes). - drm: amd: display: Fix memory leakage (git-fixes). - drm: mxsfb: DRM_MXSFB should depend on ARCH_MXS || ARCH_MXC (git-fixes). - drm: panel-orientation-quirks: Add quirk for Lenovo IdeaPad Duet 3 10IGL5 (git-fixes). - drm: tidss: Fix pixel format definition (git-fixes). - dt-bindings: arm: fsl: Fix bindings for APF28Dev board (git-fixes). - dt-bindings: hwlock: sun6i: Add missing #hwlock-cells (git-fixes). - dt-bindings: input: iqs626a: Redefine trackpad property types (git-fixes). - dt-bindings: msm: dsi-controller-main: Add vdd* descriptions back in (git-fixes). - dt-bindings: net: snps,dwmac: Fix snps,reset-delays-us dependency (git-fixes). - dt-bindings: power: supply: pm8941-coincell: Do not require charging properties (git-fixes). - dt-bindings: usb: amlogic,meson-g12a-usb-ctrl: make G12A usb3-phy0 optional (git-fixes). - eeprom: idt_89hpesx: Fix error handling in idt_init() (git-fixes). - efi: Accept version 2 of memory attributes table (git-fixes). - exit: Add and use make_task_dead (bsc#1207328). - exit: Allow oops_limit to be disabled (bsc#1207328). - exit: Guarantee make_task_dead leaks the tsk when calling do_task_exit (bsc#1207328). - exit: Move force_uaccess back into do_exit (bsc#1207328). - exit: Move oops specific logic from do_exit into make_task_dead (bsc#1207328). - exit: Put an upper limit on how often we can oops (bsc#1207328). - exit: Stop poorly open coding do_task_dead in make_task_dead (bsc#1207328). - exit: Use READ_ONCE() for all oops/warn limit reads (bsc#1207328). - ext4,f2fs: fix readahead of verity data (bsc#1207648). - ext4: add EXT4_IGET_BAD flag to prevent unexpected bad inode (bsc#1207619). - ext4: add EXT4_INODE_HAS_XATTR_SPACE macro in xattr.h (bsc#1206878). - ext4: add helper to check quota inums (bsc#1207618). - ext4: add inode table check in __ext4_get_inode_loc to aovid possible infinite loop (bsc#1207617). - ext4: add missing validation of fast-commit record lengths (bsc#1207626). - ext4: allocate extended attribute value in vmalloc area (bsc#1207635). - ext4: avoid crash when inline data creation follows DIO write (bsc#1206883). - ext4: avoid resizing to a partial cluster size (bsc#1206880). - ext4: avoid unaccounted block allocation when expanding inode (bsc#1207634). - ext4: continue to expand file system when the target size does not reach (bsc#1206882). - ext4: correct cluster len and clusters changed accounting in ext4_mb_mark_bb (bsc#1207592). - ext4: correct max_inline_xattr_value_size computing (bsc#1206878). - ext4: correct the misjudgment in ext4_iget_extra_inode (bsc#1206878). - ext4: disable fast-commit of encrypted dir operations (bsc#1207623). - ext4: do not allow journal inode to have encrypt flag (bsc#1207621). - ext4: do not increase iversion counter for ea_inodes (bsc#1207605). - ext4: do not run ext4lazyinit for read-only filesystems (bsc#1207603). - ext4: do not set up encryption key during jbd2 transaction (bsc#1207624). - ext4: drop ineligible txn start stop APIs (bsc#1207588). - ext4: ext4_read_bh_lock() should submit IO if the buffer isn't uptodate (bsc#1207606). - ext4: factor out ext4_fc_get_tl() (bsc#1207615). - ext4: fast commit may miss file actions (bsc#1207591). - ext4: fast commit may not fallback for ineligible commit (bsc#1207590). - ext4: fix BUG_ON() when directory entry has invalid rec_len (bsc#1206886). - ext4: fix bug in extents parsing when eh_entries == 0 and eh_depth > 0 (bsc#1206881). - ext4: fix bug_on in __es_tree_search caused by bad boot loader inode (bsc#1207620). - ext4: fix bug_on in start_this_handle during umount filesystem (bsc#1207594). - ext4: fix deadlock due to mbcache entry corruption (bsc#1207653). - ext4: fix delayed allocation bug in ext4_clu_mapped for bigalloc + inline (bsc#1207631). - ext4: fix dir corruption when ext4_dx_add_entry() fails (bsc#1207608). - ext4: fix error code return to user-space in ext4_get_branch() (bsc#1207630). - ext4: fix ext4_mb_mark_bb() with flex_bg with fast_commit (bsc#1207593). - ext4: fix extent status tree race in writeback error recovery path (bsc#1206877). - ext4: fix inode leak in ext4_xattr_inode_create() on an error path (bsc#1207636). - ext4: fix kernel BUG in 'ext4_write_inline_data_end()' (bsc#1206894). - ext4: fix leaking uninitialized memory in fast-commit journal (bsc#1207625). - ext4: fix miss release buffer head in ext4_fc_write_inode (bsc#1207609). - ext4: fix null-ptr-deref in ext4_write_info (bsc#1206884). - ext4: fix off-by-one errors in fast-commit block filling (bsc#1207628). - ext4: fix potential memory leak in ext4_fc_record_modified_inode() (bsc#1207611). - ext4: fix potential memory leak in ext4_fc_record_regions() (bsc#1207612). - ext4: fix potential out of bound read in ext4_fc_replay_scan() (bsc#1207616). - ext4: fix reserved cluster accounting in __es_remove_extent() (bsc#1207637). - ext4: fix unaligned memory access in ext4_fc_reserve_space() (bsc#1207627). - ext4: fix undefined behavior in bit shift for ext4_check_flag_values (bsc#1206890). - ext4: fix uninititialized value in 'ext4_evict_inode' (bsc#1206893). - ext4: fix use-after-free in ext4_ext_shift_extents (bsc#1206888). - ext4: fix use-after-free in ext4_orphan_cleanup (bsc#1207622). - ext4: fix use-after-free in ext4_xattr_set_entry (bsc#1206878). - ext4: fix warning in 'ext4_da_release_space' (bsc#1206887). - ext4: goto right label 'failed_mount3a' (bsc#1207610). - ext4: init quota for 'old.inode' in 'ext4_rename' (bsc#1207629). - ext4: initialize quota before expanding inode in setproject ioctl (bsc#1207633). - ext4: introduce EXT4_FC_TAG_BASE_LEN helper (bsc#1207614). - ext4: limit the number of retries after discarding preallocations blocks (bsc#1207602). - ext4: make ext4_lazyinit_thread freezable (bsc#1206885). - ext4: place buffer head allocation before handle start (bsc#1207607). - ext4: silence the warning when evicting inode with dioread_nolock (bsc#1206889). - ext4: simplify updating of fast commit stats (bsc#1207589). - ext4: update 'state->fc_regions_size' after successful memory allocation (bsc#1207613). - ext4: update s_overhead_clusters in the superblock during an on-line resize (bsc#1206876). - fbdev: omapfb: cleanup inconsistent indentation (git-fixes). - fbdev: smscufx: fix error handling code in ufx_usb_probe (git-fixes). - firmware/efi sysfb_efi: Add quirk for Lenovo IdeaPad Duet 3 (git-fixes). - firmware: coreboot: Remove GOOGLE_COREBOOT_TABLE_ACPI/OF Kconfig entries (git-fixes). - firmware: coreboot: framebuffer: Ignore reserved pixel color bits (git-fixes). - firmware: dmi-sysfs: Fix null-ptr-deref in dmi_sysfs_register_handle (git-fixes). - firmware: stratix10-svc: add missing gen_pool_destroy() in stratix10_svc_drv_probe() (git-fixes). - firmware: xilinx: do not make a sleepable memory allocation from an atomic context (git-fixes). - fix page corruption caused by racy check in __free_pages (bsc#1208149). - fork: allow CLONE_NEWTIME in clone3 flags (bsc#1209258). - fs: ext4: initialize fsdata in pagecache_write() (bsc#1207632). - fscache_cookie_enabled: check cookie is valid before accessing it (bsc#1208429). - fuse: add inode/permission checks to fileattr_get/fileattr_set (bsc#1208759). - genirq: Provide new interfaces for affinity hints (bsc#1208153). - gpio: tegra186: remove unneeded loop in tegra186_gpio_init_route_mapping() (git-fixes). - gpio: vf610: connect GPIO label to dev name (git-fixes). - gpu: host1x: Do not skip assigning syncpoints to channels (git-fixes). - gpu: ipu-v3: common: Add of_node_put() for reference returned by of_graph_get_port_by_id() (git-fixes). - hid: Add Mapping for System Microphone Mute (git-fixes). - hid: asus: use spinlock to protect concurrent accesses (git-fixes). - hid: asus: use spinlock to safely schedule workers (git-fixes). - hid: bigben: use spinlock to protect concurrent accesses (git-fixes). - hid: bigben: use spinlock to safely schedule workers (git-fixes). - hid: bigben_probe(): validate report count (git-fixes). - hid: bigben_worker() remove unneeded check on report_field (git-fixes). - hid: core: Fix deadloop in hid_apply_multiplier (git-fixes). - hid: elecom: add support for TrackBall 056E:011C (git-fixes). - hid: logitech-hidpp: Do not restart communication if not necessary (git-fixes). - hid: multitouch: Add quirks for flipped axes (git-fixes). - hid: retain initial quirks set up when creating HID devices (git-fixes). - hv: fix comment typo in vmbus_channel/low_latency (git-fixes). - hv_netvsc: Allocate memory in netvsc_dma_map() with GFP_ATOMIC (git-fixes). - hv_netvsc: Check status in SEND_RNDIS_PKT completion message (git-fixes). - hwmon: (adm1266) Set `can_sleep` flag for GPIO chip (git-fixes). - hwmon: (adt7475) Display smoothing attributes in correct order (git-fixes). - hwmon: (adt7475) Fix masking of hysteresis registers (git-fixes). - hwmon: (coretemp) Simplify platform device handling (git-fixes). - hwmon: (ftsteutates) Fix scaling of measurements (git-fixes). - hwmon: (ina3221) return prober error code (git-fixes). - hwmon: (k10temp): Add support for new family 17h and 19h models (bsc#1208848). - hwmon: (ltc2945) Handle error case in ltc2945_value_store (git-fixes). - hwmon: (ltc2992) Set `can_sleep` flag for GPIO chip (git-fixes). - hwmon: (mlxreg-fan) Return zero speed for broken fan (git-fixes). - hwmon: (ucd90320) Add minimum delay between bus accesses (git-fixes). - hwmon: (xgene) Fix use after free bug in xgene_hwmon_remove due to race condition (git-fixes). - hwmon: tmp512: drop of_match_ptr for ID table (git-fixes). - i2c: designware-pci: Add new PCI IDs for AMD NAVI GPU (git-fixes). - i2c: designware: fix i2c_dw_clk_rate() return size to be u32 (git-fixes). - i2c: mxs: suppress probe-deferral error message (git-fixes). - i2c: rk3x: fix a bunch of kernel-doc warnings (git-fixes). - ib/hfi1: Assign npages earlier (git-fixes) - ib/hfi1: Fix math bugs in hfi1_can_pin_pages() (git-fixes) - ib/hfi1: Fix sdma.h tx->num_descs off-by-one errors (git-fixes) - ib/hfi1: Restore allocated resources on failed copyout (git-fixes) - ib/hfi1: Update RMT size calculation (git-fixes) - ib/ipoib: Fix legacy IPoIB due to wrong number of queues (git-fixes) - iio: accel: mma9551_core: Prevent uninitialized variable in mma9551_read_config_word() (git-fixes). - iio: accel: mma9551_core: Prevent uninitialized variable in mma9551_read_status_word() (git-fixes). - iio: light: tsl2563: Do not hardcode interrupt trigger type (git-fixes). - input: ads7846 - always set last command to PWRDOWN (git-fixes). - input: ads7846 - do not check penirq immediately for 7845 (git-fixes). - input: ads7846 - do not report pressure for ads7845 (git-fixes). - input: iqs269a - configure device with a single block write (git-fixes). - input: iqs269a - drop unused device node references (git-fixes). - input: iqs269a - increase interrupt handler return delay (git-fixes). - input: iqs626a - drop unused device node references (git-fixes). - interconnect: exynos: fix node leak in probe PM QoS error path (git-fixes). - interconnect: fix mem leak when freeing nodes (git-fixes). - interconnect: qcom: osm-l3: fix icc_onecell_data allocation (git-fixes). - iommu/hyper-v: Allow hyperv irq remapping without x2apic (git-fixes). - ipmi:ssif: Add a timer between request retries (bsc#1206459). - ipmi:ssif: Remove rtc_us_timer (bsc#1206459). - ipmi:ssif: resend_msg() cannot fail (bsc#1206459). - ipmi_ssif: Rename idle state and check (bsc#1206459). - irqchip/gic-v3: Refactor ISB + EOIR at ack time (git-fixes) - iw_cxgb4: Fix potential NULL dereference in c4iw_fill_res_cm_id_entry() (git-fixes) - jbd2: Fix up kABI of ext4 fast commit interface (bsc#1207590). - jbd2: add miss release buffer head in fc_do_one_pass() (bsc#1207646). - jbd2: fix a potential race while discarding reserved buffers after an abort (bsc#1207641). - jbd2: fix potential buffer head reference count leak (bsc#1207644). - jbd2: fix potential use-after-free in jbd2_fc_wait_bufs (bsc#1207645). - jbd2: wake up journal waiters in FIFO order, not LIFO (bsc#1207643). - kABI workaround for hid quirks (git-fixes). - kABI: pci: Reduce warnings on possible RW1C corruption (kabi). - kABI: pci: dwc: Add dw_pcie_ops.host_deinit() callback (kabi). - kabi fix for nfsv4: Fix free of uninitialized nfs4_label on referral lookup (git-fixes). - kabi fix for: NFSv3: handle out-of-order write replies (bsc#1205544). - kabi fix for: nfs: Further optimisations for 'ls -l' (git-fixes). - kabi fix for: nfsd: Have legacy NFSD WRITE decoders use xdr_stream_subsegment() (git-fixes). - kabi fix for: nfsv4.1 query for fs_location attr on a new file system (Never, kabi). - kasan: no need to unset panic_on_warn in end_report() (bsc#1207328). - kernel-module-subpackage: Fix expansion with -b parameter (bsc#1208179). When -b is specified the script is prefixed with KMP_NEEDS_MKINITRD=1 which sets the variable for a simple command. However, the script is no longer a simple command. Export the variable instead. - keys: asymmetric: Fix ECDSA use via keyctl uapi (git-fixes). - leds: led-class: Add missing put_device() to led_put() (git-fixes). - leds: led-core: Fix refcount leak in of_led_get() (git-fixes). - lib/mpi: Fix buffer overrun when SG is too long (git-fixes). - lib/zlib: remove redundation assignement of avail_in dfltcc_gdht() (git-fixes). - locking/rwsem: Allow slowpath writer to ignore handoff bit if not set by first waiter (bsc#1207270). - locking/rwsem: Always try to wake waiters in out_nolock path (bsc#1207270). - locking/rwsem: Conditionally wake waiters in reader/writer slowpaths (bsc#1207270). - locking/rwsem: Disable preemption in all down_read*() and up_read() code paths (bsc#1207270). - locking/rwsem: Disable preemption in all down_write*() and up_write() code paths (bsc#1207270). - locking/rwsem: Disable preemption while trying for rwsem lock (bsc#1207270). - locking/rwsem: Make handoff bit handling more consistent (bsc#1207270). - locking/rwsem: No need to check for handoff bit if wait queue empty (bsc#1207270). - locking/rwsem: Prevent non-first waiter from spinning in down_write() slowpath (bsc#1207270). - locking: Add missing __sched attributes (bsc#1207270). - makefile: link with -z noexecstack --no-warn-rwx-segments (bsc#1203200). - mbcache: Avoid nesting of cache->c_list_lock under bit locks (bsc#1207647). - mbcache: Fixup kABI of mb_cache_entry (bsc#1207653). - md/bitmap: Fix bitmap chunk size overflow issues (git-fixes). - md/raid1: stop mdx_raid1 thread when raid1 array run failed (git-fixes). - md: fix a crash in mempool_free (git-fixes). - media: coda: Add check for dcoda_iram_alloc (git-fixes). - media: coda: Add check for kmalloc (git-fixes). - media: i2c: imx219: Fix binning for RAW8 capture (git-fixes). - media: i2c: imx219: Split common registers from mode tables (git-fixes). - media: i2c: ov7670: 0 instead of -EINVAL was returned (git-fixes). - media: i2c: ov772x: Fix memleak in ov772x_probe() (git-fixes). - media: imx: imx7-media-csi: fix missing clk_disable_unprepare() in imx7_csi_init() (git-fixes). - media: ipu3-cio2: Fix PM runtime usage_count in driver unbind (git-fixes). - media: m5mols: fix off-by-one loop termination error (git-fixes). - media: max9286: Fix memleak in max9286_v4l2_register() (git-fixes). - media: ov2740: Fix memleak in ov2740_init_controls() (git-fixes). - media: ov5640: Fix analogue gain control (git-fixes). - media: ov5675: Fix memleak in ov5675_init_controls() (git-fixes). - media: platform: ti: Add missing check for devm_regulator_get (git-fixes). - media: rc: Fix use-after-free bugs caused by ene_tx_irqsim() (git-fixes). - media: rc: gpio-ir-recv: add remove function (git-fixes). - media: saa7134: Use video_unregister_device for radio_dev (git-fixes). - media: ti: cal: fix possible memory leak in cal_ctx_create() (git-fixes). - media: usb: siano: Fix use after free bugs caused by do_submit_urb (git-fixes). - media: uvcvideo: Add support for V4L2_CTRL_TYPE_CTRL_CLASS (git-fixes). - media: uvcvideo: Check controls flags before accessing them (git-fixes). - media: uvcvideo: Check for INACTIVE in uvc_ctrl_is_accessible() (git-fixes). - media: uvcvideo: Do not check for V4L2_CTRL_WHICH_DEF_VAL (git-fixes). - media: uvcvideo: Fix memory leak of object map on error exit path (git-fixes). - media: uvcvideo: Fix race condition with usb_kill_urb (git-fixes). - media: uvcvideo: Handle cameras with invalid descriptors (git-fixes). - media: uvcvideo: Handle errors from calls to usb_string (git-fixes). - media: uvcvideo: Quirk for autosuspend in Logitech B910 and C910 (git-fixes). - media: uvcvideo: Remove s_ctrl and g_ctrl (git-fixes). - media: uvcvideo: Silence memcpy() run-time false positive warnings (git-fixes). - media: uvcvideo: Use control names from framework (git-fixes). - media: uvcvideo: refactor __uvc_ctrl_add_mapping (git-fixes). - media: v4l2-jpeg: correct the skip count in jpeg_parse_app14_data (git-fixes). - media: v4l2-jpeg: ignore the unknown APP14 marker (git-fixes). - mei: bus-fixup:upon error print return values of send and receive (git-fixes). - mfd: arizona: Use pm_runtime_resume_and_get() to prevent refcnt leak (git-fixes). - mfd: cs5535: Do not build on UML (git-fixes). - mfd: pcf50633-adc: Fix potential memleak in pcf50633_adc_async_read() (git-fixes). - misc/mei/hdcp: Use correct macros to initialize uuid_le (git-fixes). - misc: enclosure: Fix doc for enclosure_find() (git-fixes). - mm: memcg: fix NULL pointer in mem_cgroup_track_foreign_dirty_slowpath() (bsc#1209262). - mmc: jz4740: Work around bug on JZ4760(B) (git-fixes). - mmc: mmc_spi: fix error handling in mmc_spi_probe() (git-fixes). - mmc: sdhci_am654: lower power-on failed message severity (git-fixes). - mmc: sdio: fix possible resource leaks in some error paths (git-fixes). - move upstreamed i915 and media fixes into sorted section - mt76: mt7915: fix polling firmware-own status (git-fixes). - mtd: dataflash: remove duplicate SPI ID table (git-fixes). - mtd: rawnand: fsl_elbc: Propagate HW ECC settings to HW (git-fixes). - mtd: rawnand: sunxi: Clean up chips after failed init (git-fixes). - mtd: rawnand: sunxi: Fix the size of the last OOB region (git-fixes). - mtd: spi-nor: Fix shift-out-of-bounds in spi_nor_set_erase_type (git-fixes). - mtd: spi-nor: core: fix implicit declaration warning (git-fixes). - mtd: spi-nor: sfdp: Fix index value for SCCR dwords (git-fixes). - mtd: spi-nor: spansion: Consider reserved bits in CFR5 register (git-fixes). - net/rose: Fix to not accept on connected socket (git-fixes). - net/sunrpc: fix reference count leaks in rpc_sysfs_xprt_state_change (git-fixes). - net/usb: kalmia: Do not pass act_len in usb_bulk_msg error path (git-fixes). - net/x25: Fix to not accept on connected socket (git-fixes). - net: USB: Fix wrong-direction WARNING in plusb.c (git-fixes). - net: mana: Assign interrupts to CPUs based on NUMA nodes (bsc#1208153). - net: mana: Fix IRQ name - add PCI and queue number (bsc#1207875). - net: mana: Fix accessing freed irq affinity_hint (bsc#1208153). - net: openvswitch: fix possible memory leak in ovs_meter_cmd_set() (git-fixes). - net: phy: meson-gxl: use MMD access dummy stubs for GXL, internal PHY (git-fixes). - nfc: change order inside nfc_se_io error path (git-fixes). - nfc: fdp: add null check of devm_kmalloc_array in fdp_nci_i2c_read_device_properties (git-fixes). - nfc: fix memory leak of se_io context in nfc_genl_se_io (git-fixes). - nfc: pn533: initialize struct pn533_out_arg properly (git-fixes). - nfc: st-nci: Fix use after free bug in ndlc_remove due to race condition (git-fixes). - nfcv3: handle out-of-order write replies (bsc#1205544). - nfs4: Fix kmemleak when allocate slot failed (git-fixes). - nfs: Always initialise fattr->label in nfs_fattr_alloc() (git-fixes). - nfs: Avoid writeback threads getting stuck in mempool_alloc() (git-fixes). - nfs: Create a new nfs_alloc_fattr_with_label() function (git-fixes). - nfs: Do not allocate nfs_fattr on the stack in __nfs42_ssc_open() (git-fixes). - nfs: Further optimisations for 'ls -l' (git-fixes). - nfs: nfs4clinet: check the return value of kstrdup() (git-fixes). - nfs: nfsiod should not block forever in mempool_alloc() (git-fixes). - nfs: nfsiod should not block forever in mempool_alloc() (git-fixes). - nfsd: COMMIT operations must not return NFS?ERR_INVAL (git-fixes). - nfsd: De-duplicate net_generic(nf->nf_net, nfsd_net_id) (git-fixes). - nfsd: Finish converting the NFSv2 GETACL result encoder (git-fixes). - nfsd: Finish converting the NFSv3 GETACL result encoder (git-fixes). - nfsd: Fix a memory leak in an error handling path (git-fixes). - nfsd: Fix handling of oversized nfsv4 COMPOUND requests (git-fixes). - nfsd: Fix nfsd_breaker_owns_lease() return values (git-fixes). - nfsd: Have legacy NFSD WRITE decoders use xdr_stream_subsegment() (git-fixes). - nfsd: Return nfserr_serverfault if splice_ok but buf->pages have data (git-fixes). - nfsd: do not call nfsd_file_put from client states seqfile display (git-fixes). - nfsd: fix use-after-free on source server when doing inter-server copy (git-fixes). - nfsd: pass range end to vfs_fsync_range() instead of count (git-fixes). - nfsv4 expose nfs_parse_server_name function (git-fixes). - nfsv4 handle port presence in fs_location server string (git-fixes). - nfsv4 only print the label when its queried (git-fixes). - nfsv4 remove zero number of fs_locations entries error check (git-fixes). - nfsv4 store server support for fs_location attribute (git-fixes). - nfsv4.1 query for fs_location attr on a new file system (git-fixes). - nfsv4.1: Fix uninitialised variable in devicenotify (git-fixes). - nfsv4.1: Handle RECLAIM_COMPLETE trunking errors (git-fixes). - nfsv4.1: We must always send RECLAIM_COMPLETE after a reboot (git-fixes). - nfsv4.2: Clear FATTR4_WORD2_SECURITY_LABEL when done decoding (git-fixes). - nfsv4.2: Fix a memory stomp in decode_attr_security_label (git-fixes). - nfsv4.2: Fixup CLONE dest file size for zero-length count (git-fixes). - nfsv4.2: fix reference count leaks in _nfs42_proc_copy_notify() (git-fixes). - nfsv4/pnfs: Always return layout stats on layout return for flexfiles (git-fixes). - nfsv4/pnfs: Fix a use-after-free bug in open (git-fixes). - nfsv4: Add an fattr allocation to _nfs4_discover_trunking() (git-fixes). - nfsv4: Do not hold the layoutget locks across multiple RPC calls (git-fixes). - nfsv4: Fix a potential state reclaim deadlock (git-fixes). - nfsv4: Fix free of uninitialized nfs4_label on referral lookup (git-fixes). - nfsv4: Protect the state recovery thread against direct reclaim (git-fixes). - nfsv4: Retry LOCK on OLD_STATEID during delegation return (git-fixes). - nvdimm: disable namespace on error (bsc#1166486). - nvme-auth: check chap ctrl_key once constructed (bsc#1202633). - nvme-auth: clear sensitive info right after authentication completes (bsc#1202633). - nvme-auth: convert dhchap_auth_list to an array (bsc#1202633). - nvme-auth: do not ignore key generation failures when initializing ctrl keys (bsc#1202633). - nvme-auth: do not keep long lived 4k dhchap buffer (bsc#1202633). - nvme-auth: do not override ctrl keys before validation (bsc#1202633). - nvme-auth: do not re-authenticate if the controller is not LIVE (bsc#1202633). - nvme-auth: do not use NVMe status codes (bsc#1202633). - nvme-auth: fix an error code in nvme_auth_process_dhchap_challenge() (bsc#1202633). - nvme-auth: fix smatch warning complaints (bsc#1202633). - nvme-auth: guarantee dhchap buffers under memory pressure (bsc#1202633). - nvme-auth: have dhchap_auth_work wait for queues auth to complete (bsc#1202633). - nvme-auth: mark nvme_auth_wq static (bsc#1202633). - nvme-auth: no need to reset chap contexts on re-authentication (bsc#1202633). - nvme-auth: remove redundant auth_work flush (bsc#1202633). - nvme-auth: remove redundant buffer deallocations (bsc#1202633). - nvme-auth: remove redundant deallocations (bsc#1202633). - nvme-auth: remove redundant if statement (bsc#1202633). - nvme-auth: remove symbol export from nvme_auth_reset (bsc#1202633). - nvme-auth: rename __nvme_auth_[reset|free] to nvme_auth[reset|free]_dhchap (bsc#1202633). - nvme-auth: rename authentication work elements (bsc#1202633). - nvme-auth: use workqueue dedicated to authentication (bsc#1202633). - nvme-fabrics: show well known discovery name (bsc#1200054). - objtool: Add a missing comma to avoid string concatenation (bsc#1207328). - ocfs2: Fix data corruption after failed write (bsc#1208542). - ocfs2: clear dinode links count in case of error (bsc#1207650). - ocfs2: fix BUG when iput after ocfs2_mknod fails (bsc#1207649). - ocfs2: fix crash when mount with quota enabled (bsc#1207640). - ocfs2: fix memory leak in ocfs2_mount_volume() (bsc#1207652). - ocfs2: fix memory leak in ocfs2_stack_glue_init() (bsc#1207651). - ocfs2: ocfs2_mount_volume does cleanup job before return error (bsc#1207770). - ocfs2: quota_local: fix possible uninitialized-variable access in ocfs2_local_read_info() (bsc#1207768). - ocfs2: rewrite error handling of ocfs2_fill_super (bsc#1207771). - panic: Consolidate open-coded panic_on_warn checks (bsc#1207328). - panic: Introduce warn_limit (bsc#1207328). - panic: unset panic_on_warn inside panic() (bsc#1207328). - pci/iov: Enlarge virtfn sysfs name buffer (git-fixes). - pci/pm: Always disable PTM for all devices during suspend (git-fixes). - pci/pm: Avoid putting Elo i2 PCIe Ports in D3cold (git-fixes). - pci/pm: Fix bridge_d3_blacklist Elo i2 overwrite of Gigabyte X299 (git-fixes). - pci/pm: Observe reset delay irrespective of bridge_d3 (git-fixes). - pci/ptm: Add pci_suspend_ptm() and pci_resume_ptm() (git-fixes). - pci: Add ACS quirk for Wangxun NICs (git-fixes). - pci: Add SolidRun vendor ID (git-fixes). - pci: Align extra resources for hotplug bridges properly (git-fixes). - pci: Avoid FLR for AMD FCH AHCI adapters (git-fixes). - pci: Avoid pci_dev_lock() AB/BA deadlock with sriov_numvfs_store() (git-fixes). - pci: Fix dropping valid root bus resources with .end = zero (git-fixes). - pci: Reduce warnings on possible RW1C corruption (git-fixes). - pci: Take other bus devices into account when distributing resources (git-fixes). - pci: Unify delay handling for reset and resume (git-fixes). - pci: aardvark: Check return value of generic_handle_domain_irq() when processing INTx IRQ (git-fixes). - pci: aardvark: Fix link training (git-fixes). - pci: dwc: Add dw_pcie_ops.host_deinit() callback (git-fixes). - pci: hotplug: Allow marking devices as disconnected during bind/unbind (git-fixes). - pci: mediatek-gen3: Assert resets to ensure expected init state (git-fixes). - pci: mediatek-gen3: Fix refcount leak in mtk_pcie_init_irq_domains() (git-fixes). - pci: qcom: Fix host-init error handling (git-fixes). - pci: qcom: Fix pipe clock imbalance (git-fixes). - pci: switchtec: Return -EFAULT for copy_to_user() errors (git-fixes). - pci: xgene: Revert 'PCI: xgene: Use inbound resources for setup' (git-fixes). - perf/amd/ibs: Use interrupt regs ip for stack unwinding (git fixes). - perf/core: Call LSM hook after copying perf_event_attr (git fixes). - perf/core: Fix data race between perf_event_set_output() and perf_mmap_close() (git fixes). - perf/core: Inherit event_caps (git fixes). - perf/x86/amd: fix potential integer overflow on shift of a int (git fixes). - perf/x86/intel/ds: Fix precise store latency handling (git fixes). - perf/x86/intel/lbr: Use setup_clear_cpu_cap() instead of clear_cpu_cap() (git fixes). - perf/x86/intel/pt: Fix sampling using single range output (git fixes). - perf/x86/intel/pt: Relax address filter validation (git fixes). - perf/x86/intel/uncore: Add Emerald Rapids (git fixes). - perf/x86/intel/uncore: Clear attr_update properly (bsc#1206824, bsc#1206493, bsc#1206492). - perf/x86/intel/uncore: Disable I/O stacks to PMU mapping on ICX-D (bsc#1206824, bsc#1206493, bsc#1206492). - perf/x86/intel/uncore: Enable UPI topology discovery for Icelake Server (bsc#1206824, bsc#1206493, bsc#1206492). - perf/x86/intel/uncore: Enable UPI topology discovery for Sapphire Rapids (bsc#1206824, bsc#1206493, bsc#1206492). - perf/x86/intel/uncore: Enable UPI topology discovery for Skylake Server (bsc#1206824, bsc#1206493, bsc#1206492). - perf/x86/intel/uncore: Fix broken read_counter() for SNB IMC PMU (git fixes). - perf/x86/intel/uncore: Fix reference count leak in __uncore_imc_init_box() (git fixes). - perf/x86/intel/uncore: Fix reference count leak in hswep_has_limit_sbox() (git fixes). - perf/x86/intel/uncore: Fix reference count leak in sad_cfg_iio_topology() (git fixes). - perf/x86/intel/uncore: Fix reference count leak in snr_uncore_mmio_map() (git fixes). - perf/x86/intel/uncore: Generalize IIO topology support (bsc#1206824, bsc#1206493, bsc#1206492). - perf/x86/intel/uncore: Generalize get_topology() for SKX PMUs (bsc#1206824, bsc#1206493, bsc#1206492). - perf/x86/intel/uncore: Get UPI NodeID and GroupID (bsc#1206824, bsc#1206493, bsc#1206492). - perf/x86/intel/uncore: Introduce UPI topology type (bsc#1206824, bsc#1206493, bsc#1206492). - perf/x86/intel/uncore: Make set_mapping() procedure void (bsc#1206824, bsc#1206493, bsc#1206492). - perf/x86/intel/uncore: Update sysfs-devices-mapping file (bsc#1206824, bsc#1206493, bsc#1206492). - perf/x86/intel: Add Cooper Lake stepping to isolation_ucodes (git fixes). - perf/x86/intel: Add Emerald Rapids (git fixes). - perf/x86/intel: Do not extend the pseudo-encoding to GP counters (git fixes). - perf/x86/intel: Fix PEBS data source encoding for ADL (git fixes). - perf/x86/intel: Fix PEBS memory access info encoding for ADL (git fixes). - perf/x86/intel: Fix event constraints for ICL (git fixes). - perf/x86/intel: Fix pebs event constraints for ADL (git fixes). - perf/x86/intel: Fix pebs event constraints for ICL (git fixes). - perf/x86/intel: Fix pebs event constraints for SPR (git fixes). - perf/x86/lbr: Enable the branch type for the Arch LBR by default (git fixes). - perf/x86/msr: Add Emerald Rapids (git fixes). - perf/x86/rapl: Add support for Intel AlderLake-N (git fixes). - perf/x86/rapl: Treat Tigerlake like Icelake (git fixes). - perf/x86/rapl: Use standard Energy Unit for SPR Dram RAPL domain (git fixes). - perf/x86/rapl: fix AMD event handling (git fixes). - perf/x86/uncore: Add Raptor Lake uncore support (git fixes). - perf/x86/uncore: Add a quirk for UPI on SPR (bsc#1206824, bsc#1206493, bsc#1206492). - perf/x86/uncore: Add new Alder Lake and Raptor Lake support (git fixes). - perf/x86/uncore: Add new Raptor Lake S support (git fixes). - perf/x86/uncore: Clean up uncore_pci_ids (git fixes). - perf/x86/uncore: Do not WARN_ON_ONCE() for a broken discovery table (bsc#1206824, bsc#1206493, bsc#1206492). - perf/x86/uncore: Factor out uncore_device_to_die() (bsc#1206824, bsc#1206493, bsc#1206492). - perf/x86/uncore: Fix potential NULL pointer in uncore_get_alias_name (bsc#1206824, bsc#1206493, bsc#1206492). - perf/x86/uncore: Ignore broken units in discovery table (bsc#1206824, bsc#1206493, bsc#1206492). - perf: Always wake the parent event (git fixes). - perf: Fix possible memleak in pmu_dev_alloc() (git fixes). - phy: rockchip-typec: Fix unsigned comparison with less than zero (git-fixes). - phy: rockchip-typec: fix tcphy_get_mode error case (git-fixes). - pinctrl: aspeed: Fix confusing types in return value (git-fixes). - pinctrl: at91: use devm_kasprintf() to avoid potential leaks (git-fixes). - pinctrl: intel: Restore the pins that used to be in Direct IRQ mode (git-fixes). - pinctrl: mediatek: Fix the drive register definition of some Pins (git-fixes). - pinctrl: mediatek: Initialize variable *buf to zero (git-fixes). - pinctrl: mediatek: fix coding style (git-fixes). - pinctrl: qcom: pinctrl-msm8976: Correct function names for wcss pins (git-fixes). - pinctrl: rockchip: Fix refcount leak in rockchip_pinctrl_parse_groups (git-fixes). - pinctrl: single: fix potential NULL dereference (git-fixes). - pinctrl: stm32: Fix refcount leak in stm32_pctrl_get_irq_domain (git-fixes). - platform/x86: ISST: PUNIT device mapping with Sub-NUMA clustering (bsc#1208420). - platform/x86: amd-pmc: Correct usage of SMU version (git-fixes). - platform/x86: amd-pmc: Export Idlemask values based on the APU (git-fixes). - platform/x86: amd-pmc: Fix compilation when CONFIG_DEBUGFS is disabled (git-fixes). - platform/x86: dell-wmi: Add a keymap for KEY_MUTE in type 0x0010 table (git-fixes). - platform/x86: gigabyte-wmi: add support for B450M DS3H WIFI-CF (git-fixes). - platform/x86: touchscreen_dmi: Add Chuwi Vi8 (CWI501) DMI match (git-fixes). - platform: x86: MLX_PLATFORM: select REGMAP instead of depending on it (git-fixes). - powercap: fix possible name leak in powercap_register_zone() (git-fixes). - powerpc/eeh: Set channel state after notifying the drivers (bsc#1208784 ltc#201612). - printf: fix errname.c list (git-fixes). - prlimit: do_prlimit needs to have a speculation check (bsc#1209256). - pwm: stm32-lp: fix the check on arr and cmp registers update (git-fixes). - qede: avoid uninitialized entries in coal_entry array (bsc#1205846). - qede: fix interrupt coalescing configuration (bsc#1205846). - quota: Check next/prev free block number after reading from quota file (bsc#1206640). - quota: Prevent memory allocation recursion while holding dq_lock (bsc#1207639). - rcu: Tighten rcu_advance_cbs_nowake() checks (bsc#1209159). - rdma/cxgb4: Fix potential null-ptr-deref in pass_establish() (git-fixes) - rdma/cxgb4: add null-ptr-check after ip_dev_find() (git-fixes) - rdma/cxgb4: remove unnecessary NULL check in __c4iw_poll_cq_one() (git-fixes) - rdma/irdma: Cap MSIX used to online CPUs + 1 (git-fixes) - rdma/irdma: Fix potential NULL-ptr-dereference (git-fixes) - rdma/rxe: Fix missing memory barriers in rxe_queue.h (git-fixes) - rdma/siw: Fix user page pinning accounting (git-fixes) - rdma/usnic: use iommu_map_atomic() under spin_lock() (git-fixes) - refresh patches.suse/NFSv3-handle-out-of-order-write-replies (bsc#1209457). - regulator: Flag uncontrollable regulators as always_on (git-fixes). - regulator: core: Fix off-on-delay-us for always-on/boot-on regulators (git-fixes). - regulator: core: Use ktime_get_boottime() to determine how long a regulator was off (git-fixes). - regulator: max77802: Bounds check regulator id against opmode (git-fixes). - regulator: s5m8767: Bounds check id indexing into arrays (git-fixes). - remoteproc/mtk_scp: Move clk ops outside send_lock (git-fixes). - remoteproc: qcom_q6v5_mss: Use a carveout to authenticate modem headers (git-fixes). - replace mkinitrd dependency with dracut (bsc#1202353). Also update mkinitrd refrences in documentation and comments. - require suse-kernel-rpm-scriptlets at all times. The kernel packages call scriptlets for each stage, add the dependency to make it clear to libzypp that the scriptlets are required. There is no special dependency for posttrans, these scriptlets run when transactions are resolved. The plain dependency has to be used to support posttrans. - revert 'HID: logitech-hidpp: add a module parameter to keep firmware gestures' (git-fixes). - revert 'char: pcmcia: cm4000_cs: Replace mdelay with usleep_range in set_protocol' (git-fixes). - revert 'crypto: rsa-pkcs1pad - Replace GFP_ATOMIC with GFP_KERNEL in pkcs1pad_encrypt_sign_complete' (git-fixes). - revert 'usb: dwc3: qcom: Keep power domain on to retain controller status' (git-fixes). - rpm/group-source-files.pl: Deal with {pre,post}fixed / in location When the source file location provided with -L is either prefixed or postfixed with forward slash, the script get stuck in a infinite loop inside calc_dirs() where $path is an empty string. user at localhost:/tmp> perl '$HOME/group-source-files.pl' -D devel.files -N nondevel.files -L /usr/src/linux-5.14.21-150500.41/ ... path = /usr/src/linux-5.14.21-150500.41/Documentation/Kconfig path = /usr/src/linux-5.14.21-150500.41/Documentation path = /usr/src/linux-5.14.21-150500.41 path = /usr/src path = /usr path = path = path = ... # Stuck in an infinite loop This workarounds the issue by breaking out the loop once path is an empty string. For a proper fix we'd want something that filesystem-aware, but this workaround should be enough for the rare occation that this script is ran manually. Link: http://mailman.suse.de/mlarch/SuSE/kernel/2023/kernel.2023.03/msg00024.html - rpm/group-source-files.pl: Fix output difference when / is in location While previous attempt to fix group-source-files.pl in 6d651362c38 'rpm/group-source-files.pl: Deal with {pre,post}fixed / in location' breaks the infinite loop, it does not properly address the issue. Having prefixed and/or postfixed forward slash still result in different output. This commit changes the script to use the Perl core module File::Spec for proper path manipulation to give consistent output. - rpm/kernel-obs-build.spec.in: Remove SLE11 cruft - rtc: allow rtc_read_alarm without read_alarm callback (git-fixes). - rtc: pm8xxx: fix set-alarm race (git-fixes). - rtc: sun6i: Always export the internal oscillator (git-fixes). - runrpc allow for unspecified transport time in rpc_clnt_add_xprt (git-fixes). - s390/dasd: Fix potential memleak in dasd_eckd_init() (git-fixes). - s390/kexec: fix ipl report address for kdump (bsc#1207529). - scsi: lpfc: Exit PRLI completion handling early if ndlp not in PRLI_ISSUE state (bsc#1208607). - scsi: lpfc: Fix space indentation in lpfc_xcvr_data_show() (bsc#1208607). - scsi: lpfc: Fix use-after-free KFENCE violation during sysfs firmware write (bsc#1208607). - scsi: lpfc: Introduce new attention types for lpfc_sli4_async_fc_evt() handler (bsc#1208607). - scsi: lpfc: Reinitialize internal VMID data structures after FLOGI completion (bsc#1208607). - scsi: lpfc: Remove duplicate ndlp kref decrement in lpfc_cleanup_rpis() (bsc#1208607 bsc#1208534). - scsi: lpfc: Remove redundant clean up code in disable_vport() (bsc#1208607). - scsi: lpfc: Replace outdated strncpy() with strscpy() (bsc#1208607). - scsi: lpfc: Resolve miscellaneous variable set but not used compiler warnings (bsc#1208607). - scsi: lpfc: Set max DMA segment size to HBA supported SGE length (bsc#1208607). - scsi: lpfc: Update lpfc version to 14.2.0.10 (bsc#1208607). - scsi: qla2xxx: Add option to disable FC2 Target support (bsc#1198438 bsc#1206103). - scsi: qla2xxx: Check if port is online before sending ELS (bsc#1208570). - scsi: qla2xxx: Fix DMA-API call trace on NVMe LS requests (bsc#1208570). - scsi: qla2xxx: Fix IOCB resource check warning (bsc#1208570). - scsi: qla2xxx: Fix erroneous link down (bsc#1208570). - scsi: qla2xxx: Fix exchange oversubscription (bsc#1208570). - scsi: qla2xxx: Fix exchange oversubscription for management commands (bsc#1208570). - scsi: qla2xxx: Fix link failure in NPIV environment (bsc#1208570). - scsi: qla2xxx: Fix printk() format string (bsc#1208570). - scsi: qla2xxx: Fix stalled login (bsc#1208570). - scsi: qla2xxx: Make qla_trim_buf() and __qla_adjust_buf() static (bsc#1208570). - scsi: qla2xxx: Relocate/rename vp map (bsc#1208570). - scsi: qla2xxx: Remove dead code (GNN ID) (bsc#1208570). - scsi: qla2xxx: Remove dead code (GPNID) (bsc#1208570). - scsi: qla2xxx: Remove dead code (bsc#1208570). - scsi: qla2xxx: Remove increment of interface err cnt (bsc#1208570). - scsi: qla2xxx: Remove the unused variable wwn (bsc#1208570). - scsi: qla2xxx: Remove unintended flag clearing (bsc#1208570). - scsi: qla2xxx: Select qpair depending on which CPU post_cmd() gets called (bsc#1208570). - scsi: qla2xxx: Simplify if condition evaluation (bsc#1208570). - scsi: qla2xxx: Update version to 10.02.08.100-k (bsc#1208570). - scsi: qla2xxx: Update version to 10.02.08.200-k (bsc#1208570). - scsi: qla2xxx: Use a variable for repeated mem_size computation (bsc#1208570). - scsi: qla2xxx: edif: Fix clang warning (bsc#1208570). - scsi: qla2xxx: edif: Fix performance dip due to lock contention (bsc#1208570). - scsi: qla2xxx: edif: Fix stall session after app start (bsc#1208570). - scsi: qla2xxx: edif: Reduce memory usage during low I/O (bsc#1208570). - scsi: storvsc: Handle BlockSize change in Hyper-V VHD/VHDX file (git-fixes). - sefltests: netdevsim: wait for devlink instance after netns removal (git-fixes). - selftest/lkdtm: Skip stack-entropy test if lkdtm is not available (git-fixes). - selftests/ftrace: Add check for ping command for trigger tests (bsc#1204993 ltc#200103). - selftests/ftrace: Convert tracer tests to use 'requires' to specify program dependency (bsc#1204993 ltc#200103). - selftests/powerpc: Account for offline cpus in perf-hwbreak test (bsc#1206232). - selftests/powerpc: Bump up rlimit for perf-hwbreak test (bsc#1206232). - selftests/powerpc: Move perror closer to its use (bsc#1206232). - selftests: forwarding: lib: quote the sysctl values (git-fixes). - selftests: net: udpgso_bench: Fix racing bug between the rx/tx programs (git-fixes). - selftests: net: udpgso_bench_rx/tx: Stop when wrong CLI args are provided (git-fixes). - selftests: net: udpgso_bench_rx: Fix 'used uninitialized' compiler warning (git-fixes). - selftests: net: udpgso_bench_tx: Cater for pending datagrams zerocopy benchmarking (git-fixes). - serial: 8250_em: Fix UART port type (git-fixes). - serial: 8250_fsl: fix handle_irq locking (git-fixes). - serial: fsl_lpuart: fix RS485 RTS polariy inverse issue (git-fixes). - serial: qcom-geni: fix console shutdown hang (git-fixes). - serial: sc16is7xx: setup GPIO controller later in probe (git-fixes). - serial: tegra: Add missing clk_disable_unprepare() in tegra_uart_hw_init() (git-fixes). - signal/seccomp: Refactor seccomp signal and coredump generation (git-fixes). - signal/vm86_32: Properly send SIGSEGV when the vm86 state cannot be saved (git-fixes). - signal/x86: In emulate_vsyscall force a signal instead of calling do_exit (git-fixes). - signal: Implement force_fatal_sig (git-fixes). - smb3: Replace smb2pdu 1-element arrays with flex-arrays (bsc#1193629). - soundwire: cadence: Do not overflow the command FIFOs (git-fixes). - spi: bcm63xx-hsspi: Endianness fix for ARM based SoC (git-fixes). - spi: dw: Fix wrong FIFO level setting for long xfers (git-fixes). - spi: dw_bt1: fix MUX_MMIO dependencies (git-fixes). - spi: synquacer: Fix timeout handling in synquacer_spi_transfer_one() (git-fixes). - spi: tegra210-quad: Fix validate combined sequence (git-fixes). - staging: emxx_udc: Add checks for dma_alloc_coherent() (git-fixes). - staging: mt7621-dts: change palmbus address to lower case (git-fixes). - struct uvc_device move flush_status new member to end (git-fixes). - sunrpc: Do not leak netobj memory when gss_read_proxy_verf() fails (git-fixes). - sunrpc: Fix null-ptr-deref when xps sysfs alloc failed (git-fixes). - sunrpc: Fix potential race conditions in rpc_sysfs_xprt_state_change() (git-fixes). - sunrpc: Fix socket waits for write buffer space (git-fixes). - sunrpc: Return true/false (not 1/0) from bool functions (git-fixes). - supported.conf: Remove duplicate entry. - sysctl: add a new register_sysctl_init() interface (bsc#1207328). - thermal/drivers/hisi: Drop second sensor hi3660 (git-fixes). - thermal/drivers/tsens: Add compat string for the qcom,msm8960 (git-fixes). - thermal/drivers/tsens: Drop msm8976-specific defines (git-fixes). - thermal/drivers/tsens: Sort out msm8976 vs msm8956 data (git-fixes). - thermal/drivers/tsens: fix slope values for msm8939 (git-fixes). - thermal/drivers/tsens: limit num_sensors to 9 for msm8939 (git-fixes). - thermal: intel: BXT_PMIC: select REGMAP instead of depending on it (git-fixes). - thermal: intel: Fix unsigned comparison with less than zero (git-fixes). - thermal: intel: intel_pch: Add support for Wellsburg PCH (git-fixes). - thermal: intel: powerclamp: Fix cur_state for multi package system (git-fixes). - thermal: intel: quark_dts: fix error pointer dereference (git-fixes). - tools/iio/iio_utils:fix memory leak (git-fixes). - tpm/eventlog: Do not abort tpm_read_log on faulty ACPI address (git-fixes). - trace_events_hist: add check for return value of 'create_hist_field' (git-fixes). - tracing: Fix poll() and select() do not work on per_cpu trace_pipe and trace_pipe_raw (git-fixes). - tracing: Make sure trace_printk() can output as soon as it can be used (git-fixes). - tty: fix out-of-bounds access in tty_driver_lookup_tty() (git-fixes). - tty: serial: fsl_lpuart: Fix the wrong RXWATER setting for rx dma case (git-fixes). - tty: serial: fsl_lpuart: clear LPUART Status Register in lpuart32_shutdown() (git-fixes). - tty: serial: fsl_lpuart: disable Rx/Tx DMA in lpuart32_shutdown() (git-fixes). - tty: serial: fsl_lpuart: disable the CTS when send break signal (git-fixes). - tty: serial: imx: Handle RS485 DE signal active high (git-fixes). - tty: serial: imx: disable Ageing Timer interrupt request irq (git-fixes). - tty: serial: qcom-geni-serial: stop operations in progress at shutdown (git-fixes). - ubsan: no need to unset panic_on_warn in ubsan_epilogue() (bsc#1207328). - update internal module version number for cifs.ko (bsc#1193629). - update suse/hid-bigben_probe-validate-report-count (bsc#1208605). - usb: core: Do not hold device lock while reading the 'descriptors' sysfs file (git-fixes). - usb: core: add quirk for Alcor Link AK9563 smartcard reader (git-fixes). - usb: dwc3: core: Host wake up support from system suspend (git-fixes). - usb: dwc3: pci: add support for the Intel Meteor Lake-M (git-fixes). - usb: dwc3: qcom: Configure wakeup interrupts during suspend (git-fixes). - usb: dwc3: qcom: Fix memory leak in dwc3_qcom_interconnect_init (git-fixes). - usb: dwc3: qcom: Keep power domain on to retain controller status (git-fixes). - usb: dwc3: qcom: clean up icc init (git-fixes). - usb: dwc3: qcom: clean up suspend callbacks (git-fixes). - usb: dwc3: qcom: fix gadget-only builds (git-fixes). - usb: dwc3: qcom: fix peripheral and OTG suspend (git-fixes). - usb: dwc3: qcom: fix wakeup implementation (git-fixes). - usb: dwc3: qcom: only parse 'maximum-speed' once (git-fixes). - usb: dwc3: qcom: suppress unused-variable warning (git-fixes). - usb: early: xhci-dbc: Fix a potential out-of-bound memory access (git-fixes). - usb: ene_usb6250: Allocate enough memory for full object (git-fixes). - usb: gadget: configfs: Restrict symlink creation is UDC already binded (git-fixes). - usb: gadget: configfs: remove using list iterator after loop body as a ptr (git-fixes). - usb: gadget: configfs: use to_config_usb_cfg() in os_desc_link() (git-fixes). - usb: gadget: configfs: use to_usb_function_instance() in cfg (un)link func (git-fixes). - usb: gadget: fusb300_udc: free irq on the error path in fusb300_probe() (git-fixes). - usb: gadget: u_serial: Add null pointer check in gserial_resume (git-fixes). - usb: host: xhci: mvebu: Iterate over array indexes instead of using pointer math (git-fixes). - usb: max-3421: Fix setting of I/O pins (git-fixes). - usb: musb: Add and use inline function musb_otg_state_string (git-fixes). - usb: musb: Add and use inline functions musb_{get,set}_state (git-fixes). - usb: musb: mediatek: do not unregister something that wasn't registered (git-fixes). - usb: musb: remove schedule work called after flush (git-fixes). - usb: serial: option: add support for VW/Skoda 'Carstick LTE' (git-fixes). - usb: typec: altmodes/displayport: Fix probe pin assign check (git-fixes). - usb: typec: intel_pmc_mux: Do not leak the ACPI device reference count (git-fixes). - usb: typec: intel_pmc_mux: Use the helper acpi_dev_get_memory_resources() (git-fixes). - usb: uvc: Enumerate valid values for color matching (git-fixes). - vc_screen: do not clobber return value in vcs_read (git-fixes). - vc_screen: modify vcs_size() handling in vcs_read() (git-fixes). - vdpa_sim: not reset state in vdpasim_queue_ready (git-fixes). - vfio/type1: prevent underflow of locked_vm via exec() (git-fixes). - vfio/type1: restore locked_vm (git-fixes). - vfio/type1: track locked_vm per dma (git-fixes). - vfs: Check the truncate maximum size in inode_newsize_ok() (bsc#1207642). - vfs: filename_create(): fix incorrect intent (bsc#1197534). - virt/sev-guest: Add a MODULE_ALIAS (bsc#1208449). - virt/sev-guest: Prevent IV reuse in the SNP guest driver (bsc#1208449). - virt/sev-guest: Remove unnecessary free in init_crypto() (bsc#1208449). - virt: sev-guest: Pass the appropriate argument type to iounmap() (bsc#1208449). - virt: sevguest: Change driver name to reflect generic SEV support (bsc#1208449). - virt: sevguest: Rename the sevguest dir and files to sev-guest (bsc#1208449). - vmci: check context->notify_page after call to get_user_pages_fast() to avoid GPF (git-fixes). - vmxnet3: move rss code block under eop descriptor (bsc#1208212). - watch_queue: fix IOC_WATCH_QUEUE_SET_SIZE alloc error paths (bsc#1197617). - watchdog/hpwdt: Enable HP_WATCHDOG for ARM64 systems. (jsc#PED-3210) Also enable module in aarch64 default configuration. - watchdog: Fix kmemleak in watchdog_cdev_register (git-fixes). - watchdog: at91sam9_wdt: use devm_request_irq to avoid missing free_irq() in error path (git-fixes). - watchdog: pcwd_usb: Fix attempting to access uninitialized memory (git-fixes). - watchdog: sbsa_wdog: Make sure the timeout programming is within the limits (git-fixes). - wifi: ath11k: Fix memory leak in ath11k_peer_rx_frag_setup (git-fixes). - wifi: ath11k: allow system suspend to survive ath11k (git-fixes). - wifi: ath9k: Fix potential stack-out-of-bounds write in ath9k_wmi_rsp_callback() (git-fixes). - wifi: ath9k: Fix use-after-free in ath9k_hif_usb_disconnect() (git-fixes). - wifi: ath9k: hif_usb: clean up skbs if ath9k_hif_usb_rx_stream() fails (git-fixes). - wifi: ath9k: htc_hst: free skb in ath9k_htc_rx_msg() if there is no callback function (git-fixes). - wifi: ath9k: use proper statements in conditionals (git-fixes). - wifi: brcmfmac: Fix potential stack-out-of-bounds in brcmf_c_preinit_dcmds() (git-fixes). - wifi: brcmfmac: ensure CLM version is null-terminated to prevent stack-out-of-bounds (git-fixes). - wifi: brcmfmac: fix potential memory leak in brcmf_netdev_start_xmit() (git-fixes). - wifi: brcmfmac: unmap dma buffer in brcmf_msgbuf_alloc_pktid() (git-fixes). - wifi: cfg80211: Fix extended KCK key length check in nl80211_set_rekey_data() (git-fixes). - wifi: cfg80211: Fix use after free for wext (git-fixes). - wifi: cfg80211: Partial revert 'wifi: cfg80211: Fix use after free for wext' (git-fixes). - wifi: ipw2200: fix memory leak in ipw_wdev_init() (git-fixes). - wifi: ipw2x00: do not call dev_kfree_skb() under spin_lock_irqsave() (git-fixes). - wifi: iwl3945: Add missing check for create_singlethread_workqueue (git-fixes). - wifi: iwl4965: Add missing check for create_singlethread_workqueue() (git-fixes). - wifi: iwlegacy: common: do not call dev_kfree_skb() under spin_lock_irqsave() (git-fixes). - wifi: libertas: cmdresp: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). - wifi: libertas: fix memory leak in lbs_init_adapter() (git-fixes). - wifi: libertas: if_usb: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). - wifi: libertas: main: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). - wifi: libertas_tf: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). - wifi: mac80211: make rate u32 in sta_set_rate_info_rx() (git-fixes). - wifi: mt7601u: fix an integer underflow (git-fixes). - wifi: mt76: dma: free rx_head in mt76_dma_rx_cleanup (git-fixes). - wifi: mwifiex: Add missing compatible string for SD8787 (git-fixes). - wifi: mwifiex: fix loop iterator in mwifiex_update_ampdu_txwinsize() (git-fixes). - wifi: orinoco: check return value of hermes_write_wordrec() (git-fixes). - wifi: rsi: Fix memory leak in rsi_coex_attach() (git-fixes). - wifi: rtl8xxxu: Fix memory leaks with RTL8723BU, RTL8192EU (git-fixes). - wifi: rtl8xxxu: Use a longer retry limit of 48 (git-fixes). - wifi: rtl8xxxu: do not call dev_kfree_skb() under spin_lock_irqsave() (git-fixes). - wifi: rtl8xxxu: fixing transmisison failure for rtl8192eu (git-fixes). - wifi: rtlwifi: Fix global-out-of-bounds bug in _rtl8812ae_phy_set_txpower_limit() (git-fixes). - wifi: rtlwifi: rtl8188ee: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). - wifi: rtlwifi: rtl8723be: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). - wifi: rtlwifi: rtl8821ae: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). - wifi: rtw89: Add missing check for alloc_workqueue (git-fixes). - wifi: wilc1000: fix potential memory leak in wilc_mac_xmit() (git-fixes). - wifi: wl3501_cs: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). - writeback: avoid use-after-free after removing device (bsc#1207638). - x86/64/mm: Map all kernel memory into trampoline_pgd (git-fixes). - x86/MCE/AMD: Clear DFR errors found in THR handler (git-fixes). - x86/amd_nb: Add AMD PCI IDs for SMN communication (bsc#1208848). - x86/asm: Fix an assembler warning with current binutils (git-fixes). - x86/boot: Avoid using Intel mnemonics in AT&T syntax asm (git-fixes). - x86/cpu: Add CPU model numbers for Meteor Lake (git fixes). - x86/cpu: Add Raptor Lake to Intel family (git fixes). - x86/cpu: Add new Alderlake and Raptorlake CPU model numbers (git fixes). - x86/cpu: Add new Raptor Lake CPU model number (git fixes). - x86/cpu: Add several Intel server CPU model numbers (git fixes). - x86/cpu: Drop spurious underscore from RAPTOR_LAKE #define (git fixes). - x86/hyperv: Introduce HV_MAX_SPARSE_VCPU_BANKS/HV_VCPUS_PER_SPARSE_BANK constants (git-fixes). - x86/kprobes: Fix kprobes instruction boudary check with CONFIG_RETHUNK (git-fixes). - x86/kprobes: Fix optprobe optimization check with CONFIG_RETHUNK (git-fixes). - x86/kvm: Remove unused virt to phys translation in kvm_guest_cpu_init() (git-fixes). - x86/microcode/intel: Do not retry microcode reloading on the APs (git-fixes). - x86/perf/zhaoxin: Add stepping check for ZXC (git fixes). - x86/perf: Avoid warning for Arch LBR without XSAVE (git fixes). - x86/perf: Default set FREEZE_ON_SMI for all (git fixes). - x86/sgx: Fix free page accounting (git-fixes). - x86/xen: Fix memory leak in xen_init_lock_cpu() (git-fixes). - x86/xen: Fix memory leak in xen_smp_intr_init{_pv}() (git-fixes). - x86: acpi: cstate: Optimize C3 entry on AMD CPUs (git-fixes). - x86: link vdso and boot with -z noexecstack --no-warn-rwx-segments (bsc#1203200). - xen-netfront: Fix NULL sring after live migration (git-fixes). - xen-pciback: Allow setting PCI_MSIX_FLAGS_MASKALL too (git-fixes). - xen/arm: Fix race in RB-tree based P2M accounting (git-fixes) - xen/netback: do some code cleanup (git-fixes). - xen/netback: fix build warning (git-fixes). - xen/netfront: destroy queues before real_num_tx_queues is zeroed (git-fixes). - xen/platform-pci: add missing free_irq() in error path (git-fixes). - xen/privcmd: Fix a possible warning in privcmd_ioctl_mmap_resource() (git-fixes). - xfs: estimate post-merge refcounts correctly (bsc#1208183). - xfs: hoist refcount record merge predicates (bsc#1208183). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1717-1 Released: Fri Mar 31 15:18:35 2023 Summary: Security update for grub2 Type: security Severity: moderate References: 1209188 This update of grub2 fixes the following issues: - rebuild the package with the new secure boot key (bsc#1209188). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1718-1 Released: Fri Mar 31 15:47:34 2023 Summary: Security update for glibc Type: security Severity: moderate References: 1207571,1207957,1207975,1208358,CVE-2023-0687 This update for glibc fixes the following issues: Security issue fixed: - CVE-2023-0687: Fix allocated buffer overflow in gmon (bsc#1207975) Other issues fixed: - Fix avx2 strncmp offset compare condition check (bsc#1208358) - elf: Allow dlopen of filter object to work (bsc#1207571) - powerpc: Fix unrecognized instruction errors with recent GCC - x86: Cache computation for AMD architecture (bsc#1207957) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1745-1 Released: Tue Apr 4 09:05:23 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1209624,CVE-2023-0464 This update for openssl-1_1 fixes the following issues: - CVE-2023-0464: Fixed excessive Resource Usage Verifying X.509 Policy Constraints (bsc#1209624). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1753-1 Released: Tue Apr 4 11:55:00 2023 Summary: Recommended update for systemd-presets-common-SUSE Type: recommended Severity: moderate References: This update for systemd-presets-common-SUSE fixes the following issue: - Enable systemd-pstore.service by default (jsc#PED-2663) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1779-1 Released: Thu Apr 6 08:16:58 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1208432 This update for systemd fixes the following issues: - Fix return non-zero value when disabling SysVinit service (bsc#1208432) - Drop build requirement on libpci, it's not no longer needed - Move systemd-boot and all components managing (secure) UEFI boot into udev sub-package, so they aren't installed in systemd based containers The following package changes have been done: - bind-utils-9.16.38-150400.5.20.2 updated - containerd-ctr-1.6.16-150000.82.2 updated - containerd-1.6.16-150000.82.2 updated - cpupower-5.14-150400.3.3.1 updated - curl-7.79.1-150400.5.18.1 updated - docker-20.10.23_ce-150000.175.1 updated - glibc-locale-base-2.31-150300.46.1 updated - glibc-locale-2.31-150300.46.1 updated - glibc-2.31-150300.46.1 updated - grub2-i386-pc-2.06-150400.11.25.1 updated - grub2-x86_64-efi-2.06-150400.11.25.1 updated - grub2-x86_64-xen-2.06-150400.11.25.1 updated - grub2-2.06-150400.11.25.1 updated - kernel-default-5.14.21-150400.24.55.3 updated - kexec-tools-2.0.20-150400.16.3.1 updated - libcpupower0-5.14-150400.3.3.1 updated - libcurl4-7.79.1-150400.5.18.1 updated - libgcc_s1-12.2.1+git416-150000.1.7.1 updated - libgcrypt20-1.9.4-150400.6.8.1 updated - libgnutls30-3.7.3-150400.4.35.1 updated - libldb2-2.4.4-150400.4.11.1 updated - libopenssl1_1-1.1.1l-150400.7.31.2 updated - libpython3_6m1_0-3.6.15-150300.10.45.1 updated - libsolv-tools-0.7.23-150400.3.3.1 updated - libstdc++6-12.2.1+git416-150000.1.7.1 updated - libsystemd0-249.16-150400.8.25.7 updated - libudev1-249.16-150400.8.25.7 updated - libzstd1-1.5.0-150400.3.3.1 updated - libzypp-17.31.8-150400.3.14.1 updated - mokutil-0.5.0-150400.3.3.1 added - nfs-client-2.1.1-150100.10.32.1 updated - openssl-1_1-1.1.1l-150400.7.31.2 updated - openssl-1.1.1l-150400.1.5 added - python3-PyJWT-2.4.0-150200.3.6.2 updated - python3-base-3.6.15-150300.10.45.1 updated - python3-bind-9.16.38-150400.5.20.2 updated - python3-cryptography-3.3.2-150400.16.6.1 updated - python3-3.6.15-150300.10.45.1 updated - rpm-ndb-4.14.3-150300.55.1 updated - samba-client-libs-4.15.13+git.636.53d93c5b9d6-150400.3.23.1 updated - samba-libs-4.15.13+git.636.53d93c5b9d6-150400.3.23.1 updated - shim-15.7-150300.4.11.1 updated - sudo-1.9.9-150400.4.26.1 updated - suse-build-key-12.0-150000.8.31.1 updated - suse-module-tools-15.4.16-150400.3.8.1 updated - systemd-presets-common-SUSE-15-150100.8.20.1 updated - systemd-sysvinit-249.16-150400.8.25.7 updated - systemd-249.16-150400.8.25.7 updated - udev-249.16-150400.8.25.7 updated - vim-data-common-9.0.1386-150000.5.37.1 updated - vim-9.0.1386-150000.5.37.1 updated - xen-libs-4.16.3_06-150400.4.25.1 updated - xen-tools-domU-4.16.3_06-150400.4.25.1 updated - zstd-1.5.0-150400.3.3.1 updated - zypper-1.14.59-150400.3.12.2 updated - dracut-mkinitrd-deprecated-055+suse.331.g05b9ccb7-150400.3.16.1 removed - python3-ecdsa-0.13.3-3.7.1 removed From sle-updates at lists.suse.com Tue Apr 11 12:02:17 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 11 Apr 2023 14:02:17 +0200 (CEST) Subject: SUSE-IU-2023:221-1: Security update of sles-15-sp4-chost-byos-v20230410-arm64 Message-ID: <20230411120217.CAD2BF370@maintenance.suse.de> SUSE Image Update Advisory: sles-15-sp4-chost-byos-v20230410-arm64 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2023:221-1 Image Tags : sles-15-sp4-chost-byos-v20230410-arm64:20230410 Image Release : Severity : important Type : security References : 1166486 1177529 1178233 1185232 1185261 1185441 1185621 1186689 1187071 1187260 1193282 1193629 1197534 1197617 1198438 1198458 1198458 1200710 1201066 1201490 1202120 1202353 1202633 1202890 1203200 1203201 1203248 1203249 1203331 1203332 1203355 1203410 1203715 1203746 1204363 1204548 1204956 1204993 1205200 1205375 1205544 1205554 1205570 1205588 1205636 1205846 1206065 1206103 1206224 1206232 1206235 1206459 1206483 1206492 1206493 1206640 1206772 1206781 1206824 1206876 1206877 1206878 1206880 1206881 1206882 1206883 1206884 1206885 1206886 1206889 1206894 1206935 1206949 1207022 1207051 1207270 1207294 1207328 1207416 1207435 1207529 1207560 1207571 1207588 1207589 1207590 1207591 1207592 1207593 1207594 1207603 1207605 1207606 1207607 1207608 1207609 1207610 1207613 1207615 1207617 1207618 1207619 1207620 1207621 1207623 1207624 1207625 1207626 1207628 1207630 1207631 1207632 1207634 1207635 1207636 1207638 1207639 1207641 1207642 1207643 1207644 1207645 1207646 1207647 1207648 1207651 1207653 1207723 1207770 1207773 1207780 1207843 1207845 1207853 1207875 1207957 1207975 1207996 1208001 1208075 1208149 1208153 1208179 1208183 1208212 1208290 1208358 1208420 1208428 1208429 1208432 1208449 1208471 1208534 1208541 1208570 1208595 1208598 1208599 1208601 1208603 1208605 1208607 1208628 1208700 1208741 1208759 1208776 1208777 1208784 1208787 1208816 1208828 1208837 1208843 1208848 1208924 1208925 1208926 1208957 1208959 1208998 1209001 1209008 1209017 1209018 1209019 1209159 1209188 1209188 1209188 1209209 1209210 1209211 1209212 1209214 1209256 1209258 1209262 1209291 1209361 1209362 1209436 1209457 1209481 1209483 1209485 1209504 1209533 1209550 1209564 1209624 CVE-2022-23471 CVE-2022-28737 CVE-2022-32746 CVE-2022-3523 CVE-2022-36109 CVE-2022-36280 CVE-2022-38096 CVE-2022-42331 CVE-2022-42332 CVE-2022-42333 CVE-2022-42334 CVE-2022-4899 CVE-2023-0045 CVE-2023-0225 CVE-2023-0461 CVE-2023-0464 CVE-2023-0512 CVE-2023-0597 CVE-2023-0614 CVE-2023-0687 CVE-2023-0922 CVE-2023-1075 CVE-2023-1076 CVE-2023-1078 CVE-2023-1095 CVE-2023-1118 CVE-2023-1127 CVE-2023-1170 CVE-2023-1175 CVE-2023-22995 CVE-2023-22998 CVE-2023-23000 CVE-2023-23004 CVE-2023-23559 CVE-2023-24329 CVE-2023-25012 CVE-2023-26545 CVE-2023-27320 CVE-2023-27533 CVE-2023-27534 CVE-2023-27535 CVE-2023-27536 CVE-2023-27538 CVE-2023-28328 CVE-2023-28486 CVE-2023-28487 ----------------------------------------------------------------- The container sles-15-sp4-chost-byos-v20230410-arm64 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2633-1 Released: Wed Aug 3 10:33:50 2022 Summary: Security update for mokutil Type: security Severity: moderate References: 1198458 This update for mokutil fixes the following issues: - Adds SBAT revocation support to mokutil. (bsc#1198458) New options added (see manpage): - mokutil --set-sbat-policy (latest | previous | delete) to set the SBAT acceptance policy. - mokutil --list-sbat-revocations To list the current SBAT revocations. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:713-1 Released: Mon Mar 13 10:25:04 2023 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: This update for suse-build-key fixes the following issues: This update provides multiple new 4096 RSA keys for SUSE Linux Enterprise 15, SUSE Manager 4.2/4.3, Storage 7.1, SUSE Registry) that we will switch to mid of 2023. (jsc#PED-2777) - gpg-pubkey-3fa1d6ce-63c9481c.asc: new 4096 RSA signing key for SUSE Linux Enterprise (RPM and repositories). - gpg-pubkey-d588dc46-63c939db.asc: new 4096 RSA reserve key for SUSE Linux Enterprise (RPM and repositories). - suse_ptf_key_4096.asc: new 4096 RSA signing key for PTF packages. - build-container-8fd6c337-63c94b45.asc/build-container-8fd6c337-63c94b45.pem: New RSA 4096 key for the SUSE registry registry.suse.com, installed as suse-container-key-2023.pem and suse-container-key-2023.asc - suse_ptf_containerkey_2023.asc suse_ptf_containerkey_2023.pem: New PTF container signing key for registry.suse.com/ptf/ space. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:714-1 Released: Mon Mar 13 10:53:25 2023 Summary: Recommended update for rpm Type: recommended Severity: important References: 1207294 This update for rpm fixes the following issues: - Fix missing python(abi) for 3.XX versions (bsc#1207294) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:743-1 Released: Wed Mar 15 11:18:23 2023 Summary: Recommended update for gnutls Type: recommended Severity: moderate References: 1209001 This update for gnutls fixes the following issues: FIPS: Establish PBKDF2 additional requirements [bsc#1209001] * Set the minimum output key length to 112 bits (FIPS 140-3 IG D.N) * Set the minimum salt length to 128 bits (SP 800-132 sec. 5.1) * Set the minimum iterations count to 1000 (SP 800-132 sec 5.2) * Set the minimum passlen of 20 characters (SP SP800-132 sec 5) * Add regression tests for the new PBKDF2 requirements. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:776-1 Released: Thu Mar 16 17:29:23 2023 Summary: Recommended update for gcc12 Type: recommended Severity: moderate References: This update for gcc12 fixes the following issues: This update ships gcc12 also to the SUSE Linux Enterprise 15 SP1 LTSS and 15 SP2 LTSS products. SUSE Linux Enterprise 15 SP3 and SP4 get only refreshed builds without changes This update ship the GCC 12 compiler suite and its base libraries. The compiler baselibraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 11 ones. The new compilers for C, C++, and Fortran are provided in the SUSE Linux Enterprise Module for Development Tools. To use gcc12 compilers use: - install 'gcc12' or 'gcc12-c++' or one of the other 'gcc12-COMPILER' frontend packages. - override your makefile to use CC=gcc12, CXX=g++12 and similar overrides for the other languages. For a full changelog with all new GCC12 features, check out https://gcc.gnu.org/gcc-12/changes.html ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:781-1 Released: Thu Mar 16 19:07:00 2023 Summary: Security update for vim Type: security Severity: important References: 1207780,1208828,1208957,1208959,CVE-2023-0512,CVE-2023-1127,CVE-2023-1170,CVE-2023-1175 This update for vim fixes the following issues: - CVE-2023-0512: Fixed a divide By Zero (bsc#1207780). - CVE-2023-1175: vim: an incorrect calculation of buffer size (bsc#1208957). - CVE-2023-1170: Fixed a heap-based Buffer Overflow (bsc#1208959). - CVE-2023-1127: Fixed divide by zero in scrolldown() (bsc#1208828). Updated to version 9.0 with patch level 1386. - https://github.com/vim/vim/compare/v9.0.1234...v9.0.1386 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:782-1 Released: Thu Mar 16 19:08:34 2023 Summary: Recommended update for libgcrypt Type: recommended Severity: moderate References: 1208924,1208925,1208926 This update for libgcrypt fixes the following issues: - FIPS: ECC: Transition to error-state if PCT fail [bsc#1208925] - FIPS: ECDSA: Avoid no-keytest in ECDSA keygen [bsc#1208924] - FIPS: PBKDF2: Added additional checks for the minimum key length, salt length, iteration count and passphrase length to the kdf FIPS indicator in _gcry_fips_indicator_kdf() [bsc#1208926] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:783-1 Released: Thu Mar 16 19:09:03 2023 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1208998 This update for openssl-1_1 fixes the following issues: FIPS: Service-level indicator changes [bsc#1208998] * Add additional checks required by FIPS 140-3. Minimum values for PBKDF2 are: 112 bits for key, 128 bits for salt, 1000 for iteration count and 20 characters for password. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:785-1 Released: Thu Mar 16 19:34:43 2023 Summary: Recommended update for grub2 Type: recommended Severity: moderate References: 1205200,1205554 This update for grub2 fixes the following issues: - Remove zfs modules (bsc#1205554) - Make grub.cfg invariant to efi and legacy platforms (bsc#1205200) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:788-1 Released: Thu Mar 16 19:37:59 2023 Summary: Recommended update for libsolv, libzypp, zypper Type: recommended Severity: important References: 1178233,1203248,1203249,1203715,1204548,1204956,1205570,1205636,1206949 This update for libsolv, libzypp, zypper fixes the following issues: libsolv: - Do not autouninstall SUSE PTF packages - Ensure 'duplinvolvedmap_all' is reset when a solver is reused - Fix 'keep installed' jobs not disabling 'best update' rules - New '-P' and '-W' options for `testsolv` - New introspection interface for weak dependencies similar to ruleinfos - Ensure special case file dependencies are written correctly in the testcase writer - Support better info about alternatives - Support decision reason queries - Support merging of related decisions - Support stringification of multiple solvables - Support stringification of ruleinfo, decisioninfo and decision reasons libzypp: - Avoid calling getsockopt when we know the info already. This patch should fix logging on WSL, getsockopt seems to not be fully supported but the code required it when accepting new socket connections (bsc#1178233) - Avoid redirecting 'history.logfile=/dev/null' into the target - Create '.no_auto_prune' in the package cache dir to prevent auto cleanup of orphaned repositories (bsc#1204956) - Enhance yaml-cpp detection - Improve download of optional files - MultiCurl: Make sure to reset the progress function when falling back. - Properly reset range requests (bsc#1204548) - Removing a PTF without enabled repos should always fail (bsc#1203248) Without enabled repos, the dependent PTF-packages would be removed (not replaced!) as well. To remove a PTF `zypper install -- -PTF` or a dedicated `zypper removeptf PTF` should be used. This will update the installed PTF packages to theit latest version. - Skip media.1/media download for http repo status calc. This patch allows zypp to skip a extra media.1/media download to calculate if a repository needs to be refreshed. This optimisation only takes place if the repo does specify only downloading base urls. - Use a dynamic fallback for BLKSIZE in downloads. When not receiving a blocklist via metalink file from the server MediaMultiCurl used to fallback to a fixed, relatively small BLKSIZE. This patch changes the fallback into a dynamic value based on the filesize using a similar metric as the MirrorCache implementation on the server side. - ProgressData: enforce reporting the INIT||END state (bsc#1206949) - ps: fix service detection on newer Tumbleweed systems (bsc#1205636) zypper: - Allow to (re)add a service with the same URL (bsc#1203715) - Bump dependency requirement to libzypp-devel 17.31.7 or greater - Explain outdatedness of repositories - patterns: Avoid dispylaing superfluous @System entries (bsc#1205570) - Provide `removeptf` command (bsc#1203249) A remove command which prefers replacing dependant packages to removing them as well. A PTF is typically removed as soon as the fix it provides is applied to the latest official update of the dependant packages. However it is not desired for the dependant packages to be removed together with the PTF, which is what the remove command would do. The `removeptf` command however will aim to replace the dependant packages by their official update versions. - Update man page and explain '.no_auto_prune' (bsc#1204956) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:790-1 Released: Fri Mar 17 05:20:00 2023 Summary: Recommended update for kexec-tools Type: recommended Severity: important References: 1203410 This update for kexec-tools fixes the following issues: - Remove ram_top restriction (bsc#1203410) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:795-1 Released: Fri Mar 17 09:13:12 2023 Summary: Security update for docker Type: security Severity: moderate References: 1205375,1206065,CVE-2022-36109 This update for docker fixes the following issues: Docker was updated to 20.10.23-ce. See upstream changelog at https://docs.docker.com/engine/release-notes/#201023 Docker was updated to 20.10.21-ce (bsc#1206065) See upstream changelog at https://docs.docker.com/engine/release-notes/#201021 Security issues fixed: - CVE-2022-36109: Fixed supplementary group permissions bypass (bsc#1205375) - Fix wrong After: in docker.service, fixes bsc#1188447 - Add apparmor-parser as a Recommends to make sure that most users will end up with it installed even if they are primarily running SELinux. - Allow to install container-selinux instead of apparmor-parser. - Change to using systemd-sysusers ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:848-1 Released: Tue Mar 21 13:28:38 2023 Summary: Security update for xen Type: security Severity: important References: 1209017,1209018,1209019,1209188,CVE-2022-42331,CVE-2022-42332,CVE-2022-42333,CVE-2022-42334 This update for xen fixes the following issues: - CVE-2022-42332: Fixed use-after-free in x86 shadow plus log-dirty mode (bsc#1209017). - CVE-2022-42333,CVE-2022-42334: Fixed x86/HVM pinned cache attributes mis-handling (bsc#1209018). - CVE-2022-42331: Fixed speculative vulnerability in 32bit SYSCALL path on x86 (bsc#1209019). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:868-1 Released: Wed Mar 22 09:41:01 2023 Summary: Security update for python3 Type: security Severity: important References: 1203355,1208471,CVE-2023-24329 This update for python3 fixes the following issues: - CVE-2023-24329: Fixed a blocklist bypass via the urllib.parse component when supplying a URL that starts with blank characters (bsc#1208471). The following non-security bug was fixed: - Eliminate unnecessary and dangerous calls to PyThread_exit_thread() (bsc#1203355). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1582-1 Released: Mon Mar 27 10:31:52 2023 Summary: Security update for curl Type: security Severity: moderate References: 1209209,1209210,1209211,1209212,1209214,CVE-2023-27533,CVE-2023-27534,CVE-2023-27535,CVE-2023-27536,CVE-2023-27538 This update for curl fixes the following issues: - CVE-2023-27533: Fixed TELNET option IAC injection (bsc#1209209). - CVE-2023-27534: Fixed SFTP path ~ resolving discrepancy (bsc#1209210). - CVE-2023-27535: Fixed FTP too eager connection reuse (bsc#1209211). - CVE-2023-27536: Fixed GSS delegation too eager connection reuse (bsc#1209212). - CVE-2023-27538: Fixed SSH connection too eager reuse still (bsc#1209214). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1586-1 Released: Mon Mar 27 13:02:52 2023 Summary: Recommended update for nfs-utils Type: recommended Severity: moderate References: 1200710,1203746,1206781,1207022,1207843 This update for nfs-utils fixes the following issues: - Rename all drop-in options.conf files as 10-options.conf This makes it easier for other packages to over-ride with a drop-in with a later sequence number (bsc#1207843) - Avoid modprobe errors when sysctl is not installed (bsc#1200710 bsc#1207022 bsc#1206781) - Add '-S scope' option to rpc.nfsd to simplify fail-over cluster configuration (bsc#1203746) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1628-1 Released: Tue Mar 28 12:28:51 2023 Summary: Security update for containerd Type: security Severity: important References: 1206235,CVE-2022-23471 This update for containerd fixes the following issues: - CVE-2022-23471: Fixed host memory exhaustion through Terminal resize goroutine leak (bsc#1206235). - Re-build containerd to use updated golang-packaging (jsc#1342). - Update to containerd v1.6.16 for Docker v23.0.0-ce. * https://github.com/containerd/containerd/releases/tag/v1.6.16 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1636-1 Released: Tue Mar 28 13:26:02 2023 Summary: Recommended update for suse-module-tools Type: recommended Severity: moderate References: 1207853 This update for suse-module-tools fixes the following issues: - Update to version 15.4.16: * modprobe.conf: s390x: remove softdep on fbcon (bsc#1207853) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1665-1 Released: Wed Mar 29 12:55:13 2023 Summary: Security update for sudo Type: security Severity: moderate References: 1203201,1206483,1206772,1208595,1209361,1209362,CVE-2023-27320,CVE-2023-28486,CVE-2023-28487 This update for sudo fixes the following issue: Security issues: - CVE-2023-28486: Fixed sudo does not escape control characters in log messages. (bsc#1209362) - CVE-2023-28487: Fixed sudo does not escape control characters in sudoreplay output. (bsc#1209361) - CVE-2023-27320: Fixed a potential security issue with a double free with per-command chroot sudoers rules (bsc#1208595). Bug fixes: - Fix a situation where 'sudo -U otheruser -l' would dereference a NULL pointer (bsc#1206483) - If NOPASSWD is specified, don't ask for password if command is not found (bsc#1206772). - Do not re-enable the reader when flushing the buffers as part of pty_finish() (bsc#1203201). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1670-1 Released: Wed Mar 29 13:47:50 2023 Summary: Recommended update for cpupower Type: recommended Severity: moderate References: 1202890 This update for cpupower fixes the following issues: - Replace error with a warning if perf is unavailable (bsc#1202890) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1688-1 Released: Wed Mar 29 18:19:10 2023 Summary: Security update for zstd Type: security Severity: moderate References: 1209533,CVE-2022-4899 This update for zstd fixes the following issues: - CVE-2022-4899: Fixed buffer overrun in util.c (bsc#1209533). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1689-1 Released: Wed Mar 29 18:34:08 2023 Summary: Security update for ldb, samba Type: security Severity: important References: 1201490,1207416,1207723,1207996,1209481,1209483,1209485,CVE-2022-32746,CVE-2023-0225,CVE-2023-0614,CVE-2023-0922 This update for ldb, samba fixes the following issues: ldb: - CVE-2022-32746: Fixed an use-after-free issue in the database audit logging module (bsc#1201490). - CVE-2023-0614: Fixed discovering of access controlled AD LDAP attributes (bso#15270) (bsc#1209485). samba: - CVE-2023-0922: Fixed cleartext password sending by AD DC admin tool (bso#15315) (bsc#1209481). - CVE-2023-0225: Fixed deletion of AD DC 'dnsHostname' attribute by unprivileged authenticated users (bso#15276) (bsc#1209483). - CVE-2023-0614: Fixed discovering of access controlled AD LDAP attributes (bso#15270) (bsc#1209485). The following non-security bug were fixed: - Prevent use after free of messaging_ctdb_fde_ev structs (bso#15293) (bsc#1207416). - Ship missing samba-winbind-libs-32bit package (bsc#1207996) - Ship missing samba-libs to SLE Micro 5.3 (bsc#1207723) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1697-1 Released: Thu Mar 30 11:37:19 2023 Summary: Recommended update for bind Type: recommended Severity: moderate References: This update for bind fixes the following issues: - A constant stream of zone additions and deletions via rndc reconfig could cause increased memory consumption due to delayed cleaning of view memory. - The speed of the message digest algorithms (MD5, SHA-1, SHA-2) and of NSEC3 hashing has been improved. - Building BIND 9 failed when the --enable-dnsrps switch for ./configure was used. (jsc#SLE-24600) - Updated keyring and signature ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1702-1 Released: Thu Mar 30 15:23:23 2023 Summary: Security update for shim Type: security Severity: important References: 1185232,1185261,1185441,1185621,1187071,1187260,1193282,1198458,1201066,1202120,1205588,CVE-2022-28737 This update for shim fixes the following issues: - Updated shim signature after shim 15.7 be signed back: signature-sles.x86_64.asc, signature-sles.aarch64.asc (bsc#1198458) - Add POST_PROCESS_PE_FLAGS=-N to the build command in shim.spec to disable the NX compatibility flag when using post-process-pe because grub2 is not ready. (bsc#1205588) - Enable the NX compatibility flag by default. (jsc#PED-127) Update to 15.7 (bsc#1198458) (jsc#PED-127): - Make SBAT variable payload introspectable - Reference MokListRT instead of MokList - Add a link to the test plan in the readme. - [V3] Enable TDX measurement to RTMR register - Discard load-options that start with a NUL - Fixed load_cert_file bugs - Add -malign-double to IA32 compiler flags - pe: Fix image section entry-point validation - make-archive: Build reproducible tarball - mok: remove MokListTrusted from PCR 7 Other fixes: - Support enhance shim measurement to TD RTMR. (jsc#PED-1273) - shim-install: ensure grub.cfg created is not overwritten after installing grub related files - Add logic to shim.spec to only set sbat policy when efivarfs is writeable. (bsc#1201066) - Add logic to shim.spec for detecting --set-sbat-policy option before using mokutil to set sbat policy. (bsc#1202120) - Change the URL in SBAT section to mail:security at suse.de. (bsc#1193282) Update to 15.6 (bsc#1198458): - MokManager: removed Locate graphic output protocol fail error message - shim: implement SBAT verification for the shim_lock protocol - post-process-pe: Fix a missing return code check - Update github actions matrix to be more useful - post-process-pe: Fix format string warnings on 32-bit platforms - Allow MokListTrusted to be enabled by default - Re-add ARM AArch64 support - Use ASCII as fallback if Unicode Box Drawing characters fail - make: don't treat cert.S specially - shim: use SHIM_DEVEL_VERBOSE when built in devel mode - Break out of the inner sbat loop if we find the entry. - Support loading additional certificates - Add support for NX (W^X) mitigations. - Fix preserve_sbat_uefi_variable() logic - SBAT Policy latest should be a one-shot - pe: Fix a buffer overflow when SizeOfRawData > VirtualSize - pe: Perform image verification earlier when loading grub - Update advertised sbat generation number for shim - Update SBAT generation requirements for 05/24/22 - Also avoid CVE-2022-28737 in verify_image() by @vathpela Update to 15.5 (bsc#1198458): - Broken ia32 relocs and an unimportant submodule change. - mok: allocate MOK config table as BootServicesData - Don't call QueryVariableInfo() on EFI 1.10 machines (bsc#1187260) - Relax the check for import_mok_state() (bsc#1185261) - SBAT.md: trivial changes - shim: another attempt to fix load options handling - Add tests for our load options parsing. - arm/aa64: fix the size of .rela* sections - mok: fix potential buffer overrun in import_mok_state - mok: relax the maximum variable size check - Don't unhook ExitBootServices when EBS protection is disabled - fallback: find_boot_option() needs to return the index for the boot entry in optnum - httpboot: Ignore case when checking HTTP headers - Fallback allocation errors - shim: avoid BOOTx64.EFI in message on other architectures - str: remove duplicate parameter check - fallback: add compile option FALLBACK_NONINTERACTIVE - Test mok mirror - Modify sbat.md to help with readability. - csv: detect end of csv file correctly - Specify that the .sbat section is ASCII not UTF-8 - tests: add 'include-fixed' GCC directory to include directories - pe: simplify generate_hash() - Don't make shim abort when TPM log event fails (RHBZ #2002265) - Fallback to default loader if parsed one does not exist - fallback: Fix for BootOrder crash when index returned - Better console checks - docs: update SBAT UEFI variable name - Don't parse load options if invoked from removable media path - fallback: fix fallback not passing arguments of the first boot option - shim: Don't stop forever at 'Secure Boot not enabled' notification - Allocate mokvar table in runtime memory. - Remove post-process-pe on 'make clean' - pe: missing perror argument - CVE-2022-28737: Fixed a buffer overflow when SizeOfRawData > VirtualSize (bsc#1198458) - Add mokutil command to post script for setting sbat policy to latest mode when the SbatPolicy-605dab50-e046-4300-abb6-3dd810dd8b23 is not created. (bsc#1198458) - Updated vendor dbx binary and script (bsc#1198458) - Updated dbx-cert.tar.xz and vendor-dbx-sles.bin for adding SLES-UEFI-SIGN-Certificate-2021-05.crt to vendor dbx list. - Updated dbx-cert.tar.xz and vendor-dbx-opensuse.bin for adding openSUSE-UEFI-SIGN-Certificate-2021-05.crt to vendor dbx list. - Updated vendor-dbx.bin for adding SLES-UEFI-SIGN-Certificate-2021-05.crt and openSUSE-UEFI-SIGN-Certificate-2021-05.crt for testing environment. - Updated generate-vendor-dbx.sh script for generating a vendor-dbx.bin file which includes all .der for testing environment. - avoid buffer overflow when copying data to the MOK config table (bsc#1185232) - Disable exporting vendor-dbx to MokListXRT since writing a large RT variable could crash some machines (bsc#1185261) - ignore the odd LoadOptions length (bsc#1185232) - shim-install: reset def_shim_efi to 'shim.efi' if the given file doesn't exist - relax the maximum variable size check for u-boot (bsc#1185621) - handle ignore_db and user_insecure_mode correctly (bsc#1185441, bsc#1187071) - Split the keys in vendor-dbx.bin to vendor-dbx-sles and vendor-dbx-opensuse for shim-sles and shim-opensuse to reduce the size of MokListXRT (bsc#1185261) + Also update generate-vendor-dbx.sh in dbx-cert.tar.xz ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1710-1 Released: Fri Mar 31 13:21:39 2023 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1166486,1177529,1193629,1197534,1197617,1198438,1202353,1202633,1203200,1203331,1203332,1204363,1204993,1205544,1205846,1206103,1206224,1206232,1206459,1206492,1206493,1206640,1206824,1206876,1206877,1206878,1206880,1206881,1206882,1206883,1206884,1206885,1206886,1206889,1206894,1206935,1207051,1207270,1207328,1207529,1207560,1207588,1207589,1207590,1207591,1207592,1207593,1207594,1207603,1207605,1207606,1207607,1207608,1207609,1207610,1207613,1207615,1207617,1207618,1207619,1207620,1207621,1207623,1207624,1207625,1207626,1207628,1207630,1207631,1207632,1207634,1207635,1207636,1207638,1207639,1207641,1207642,1207643,1207644,1207645,1207646,1207647,1207648,1207651,1207653,1207770,1207773,1207845,1207875,1208149,1208153,1208179,1208183,1208212,1208290,1208420,1208428,1208429,1208449,1208534,1208541,1208570,1208598,1208599,1208601,1208603,1208605,1208607,1208628,1208700,1208741,1208759,1208776,1208777,1208784,1208787,1208816,1208837,1208843,1208848,1209008,1209159,1209188,1 209256,1209258,1209262,1209291,1209436,1209457,1209504,CVE-2022-3523,CVE-2022-36280,CVE-2022-38096,CVE-2023-0045,CVE-2023-0461,CVE-2023-0597,CVE-2023-1075,CVE-2023-1076,CVE-2023-1078,CVE-2023-1095,CVE-2023-1118,CVE-2023-22995,CVE-2023-22998,CVE-2023-23000,CVE-2023-23004,CVE-2023-23559,CVE-2023-25012,CVE-2023-26545,CVE-2023-28328 The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security and bugfixes. - CVE-2022-3523: Fixed a use after free related to device private page handling (bsc#1204363). - CVE-2022-36280: Fixed out-of-bounds memory access vulnerability found in vmwgfx driver (bsc#1203332). - CVE-2022-38096: Fixed NULL-ptr deref in vmw_cmd_dx_define_query() (bsc#1203331). - CVE-2023-0045: Fixed missing Flush IBP in ib_prctl_set (bsc#1207773). - CVE-2023-0461: Fixed use-after-free in icsk_ulp_data (bsc#1208787). - CVE-2023-0597: Fixed lack of randomization of per-cpu entry area in x86/mm (bsc#1207845). - CVE-2023-1075: Fixed a type confusion in tls_is_tx_ready (bsc#1208598). - CVE-2023-1076: Fixed incorrect UID assigned to tun/tap sockets (bsc#1208599). - CVE-2023-1078: Fixed a heap out-of-bounds write in rds_rm_zerocopy_callback (bsc#1208601). - CVE-2023-1095: Fixed a NULL pointer dereference in nf_tables due to zeroed list head (bsc#1208777). - CVE-2023-1118: Fixed a use-after-free bugs caused by ene_tx_irqsim() in media/rc (bsc#1208837). - CVE-2023-22995: Fixed lacks of certain platform_device_put and kfree in drivers/usb/dwc3/dwc3-qcom.c (bsc#1208741). - CVE-2023-22998: Fixed NULL vs IS_ERR checking in virtio_gpu_object_shmem_init (bsc#1208776). - CVE-2023-23000: Fixed return value of tegra_xusb_find_port_node function phy/tegra (bsc#1208816). - CVE-2023-23004: Fixed misinterpretation of get_sg_table return value (bsc#1208843). - CVE-2023-23559: Fixed integer overflow in rndis_wlan that leads to a buffer overflow (bsc#1207051). - CVE-2023-25012: Fixed a use-after-free in bigben_set_led() (bsc#1207560). - CVE-2023-26545: Fixed double free in net/mpls/af_mpls.c upon an allocation failure (bsc#1208700). - CVE-2023-28328: Fixed a denial of service issue in az6027 driver in drivers/media/usb/dev-usb/az6027.c (bsc#1209291). The following non-security bugs were fixed: - [infiniband] READ is 'data destination', not source... (git-fixes) - [xen] fix 'direction' argument of iov_iter_kvec() (git-fixes). - acpi/x86: Add support for LPS0 callback handler (git-fixes). - acpi: Do not build ACPICA with '-Os' (git-fixes). - acpi: NFIT: fix a potential deadlock during NFIT teardown (git-fixes). - acpi: PM: s2idle: Add support for upcoming AMD uPEP HID AMDI008 (bsc#1206224). - acpi: PM: s2idle: Use LPS0 idle if ACPI_FADT_LOW_POWER_S0 is unset (bsc#1206224). - acpi: battery: Fix missing NUL-termination with large strings (git-fixes). - acpi: resource: Add helper function acpi_dev_get_memory_resources() (git-fixes). - acpi: video: Fix Lenovo Ideapad Z570 DMI match (git-fixes). - acpi: x86: s2idle: Add a quirk for ASUS ROG Zephyrus G14 (bsc#1206224). - acpi: x86: s2idle: Add a quirk for ASUS TUF Gaming A17 FA707RE (bsc#1206224). - acpi: x86: s2idle: Add a quirk for ASUSTeK COMPUTER INC. ROG Flow X13 (bsc#1206224). - acpi: x86: s2idle: Add a quirk for Lenovo Slim 7 Pro 14ARH7 (bsc#1206224). - acpi: x86: s2idle: Add another ID to s2idle_dmi_table (bsc#1206224). - acpi: x86: s2idle: Add module parameter to prefer Microsoft GUID (bsc#1206224). - acpi: x86: s2idle: Fix a NULL pointer dereference (bsc#1206224). - acpi: x86: s2idle: Force AMD GUID/_REV 2 on HP Elitebook 865 (bsc#1206224). - acpi: x86: s2idle: If a new AMD _HID is missing assume Rembrandt (bsc#1206224). - acpi: x86: s2idle: Move _HID handling for AMD systems into structures (bsc#1206224). - acpi: x86: s2idle: Stop using AMD specific codepath for Rembrandt+ (bsc#1206224). - acpica: Drop port I/O validation for some regions (git-fixes). - acpica: nsrepair: handle cases without a return value correctly (git-fixes). - add cherry-picked id for nouveau patch - alsa: emux: Avoid potential array out-of-bound in snd_emux_xg_control() (git-fixes). - alsa: hda/ca0132: minor fix for allocation size (git-fixes). - alsa: hda/conexant: add a new hda codec SN6180 (git-fixes). - alsa: hda/realtek - fixed wrong gpio assigned (git-fixes). - alsa: hda/realtek: Add Positivo N14KP6-TG (git-fixes). - alsa: hda/realtek: Add quirk for ASUS UM3402 using CS35L41 (git-fixes). - alsa: hda/realtek: Add quirk for HP EliteDesk 800 G6 Tower PC (git-fixes). - alsa: hda/realtek: Enable mute/micmute LEDs on HP Elitebook, 645 G9 (git-fixes). - alsa: hda/realtek: Fix the speaker output on Samsung Galaxy Book2 Pro 360 (git-fixes). - alsa: hda/realtek: fix mute/micmute LEDs do not work for a HP platform (git-fixes). - alsa: hda: Do not unset preset when cleaning up codec (git-fixes). - alsa: hda: Match only Intel devices with CONTROLLER_IN_GPU() (git-fixes). - alsa: ice1712: Delete unreachable code in aureon_add_controls() (git-fixes). - alsa: ice1712: Do not left ice->gpio_mutex locked in aureon_add_controls() (git-fixes). - alsa: pci: lx6464es: fix a debug loop (git-fixes). - applicom: Fix PCI device refcount leak in applicom_init() (git-fixes). - arm64: Treat ESR_ELx as a 64-bit register (git-fixes) - arm64: atomics: remove LL/SC trampolines (git-fixes) - arm64: cacheinfo: Fix incorrect assignment of signed error value to (git-fixes) - arm64: cmpxchg_double*: hazard against entire exchange variable (git-fixes) - arm64: dts: amlogic: meson-axg: fix SCPI clock dvfs node name (git-fixes). - arm64: dts: amlogic: meson-gx-libretech-pc: fix update button name (git-fixes). - arm64: dts: amlogic: meson-gx: add missing SCPI sensors compatible (git-fixes). - arm64: dts: amlogic: meson-gx: add missing unit address to rng node name (git-fixes). - arm64: dts: amlogic: meson-gx: fix SCPI clock dvfs node name (git-fixes). - arm64: dts: amlogic: meson-gxbb-kii-pro: fix led node name (git-fixes). - arm64: dts: amlogic: meson-gxl-s905d-phicomm-n1: fix led node name (git-fixes). - arm64: dts: amlogic: meson-gxl-s905d-sml5442tw: drop invalid clock-names property (git-fixes). - arm64: dts: amlogic: meson-gxl: add missing unit address to eth-phy-mux node name (git-fixes). - arm64: dts: amlogic: meson-sm1-bananapi-m5: fix adc keys node names (git-fixes). - arm64: dts: amlogic: meson-sm1-odroid-hc4: fix active fan thermal trip (git-fixes). - arm64: dts: arm: drop unused interrupt-names in MHU (git-fixes) - arm64: dts: imx8m: Align SoC unique ID node unit address (git-fixes). - arm64: dts: juno: Add missing MHU secure-irq (git-fixes) - arm64: dts: mediatek: mt7622: Add missing pwm-cells to pwm node (git-fixes). - arm64: dts: mediatek: mt8183: Fix systimer 13 MHz clock description (git-fixes). - arm64: dts: meson-axg: Make mmc host controller interrupts level-sensitive (git-fixes). - arm64: dts: meson-g12-common: Make mmc host controller interrupts level-sensitive (git-fixes). - arm64: dts: meson-g12a: Fix internal Ethernet PHY unit name (git-fixes). - arm64: dts: meson-gx: Fix Ethernet MAC address unit name (git-fixes). - arm64: dts: meson-gx: Fix the SCPI DVFS node name and unit address (git-fixes). - arm64: dts: meson-gx: Make mmc host controller interrupts level-sensitive (git-fixes). - arm64: dts: meson: bananapi-m5: switch VDDIO_C pin to OPEN_DRAIN (git-fixes). - arm64: dts: meson: remove CPU opps below 1GHz for G12A boards (git-fixes). - arm64: dts: mt8192: Fix CPU map for single-cluster SoC (git-fixes). - arm64: dts: qcom: Fix IPQ8074 PCIe PHY nodes (git-fixes). - arm64: dts: qcom: ipq8074: correct Gen2 PCIe ranges (git-fixes). - arm64: dts: qcom: ipq8074: correct PCIe QMP PHY output clock names (git-fixes). - arm64: dts: qcom: ipq8074: correct USB3 QMP PHY-s clock output names (git-fixes). - arm64: dts: qcom: ipq8074: fix Gen2 PCIe QMP PHY (git-fixes). - arm64: dts: qcom: ipq8074: fix Gen3 PCIe QMP PHY (git-fixes). - arm64: dts: qcom: ipq8074: fix Gen3 PCIe node (git-fixes). - arm64: dts: qcom: ipq8074: fix PCIe PHY serdes size (git-fixes). - arm64: dts: qcom: pmk8350: Specify PBS register for PON (git-fixes). - arm64: dts: qcom: pmk8350: Use the correct PON compatible (git-fixes). - arm64: dts: qcom: qcs404: use symbol names for PCIe resets (git-fixes). - arm64: dts: qcom: sc7180: correct SPMI bus address cells (git-fixes). - arm64: dts: qcom: sc7280: correct SPMI bus address cells (git-fixes). - arm64: dts: qcom: sdm845-db845c: fix audio codec interrupt pin name (git-fixes). - arm64: dts: qcom: sm8150-kumano: Panel framebuffer is 2.5k instead of 4k (git-fixes). - arm64: dts: renesas: beacon-renesom: Fix gpio expander reference (git-fixes). - arm64: dts: rockchip: drop unused LED mode property from rk3328-roc-cc (git-fixes). - arm64: dts: ti: k3-j7200: Fix wakeup pinmux range (git-fixes). - arm64: efi: Make efi_rt_lock a raw_spinlock (git-fixes). - arm64: make is_ttbrX_addr() noinstr-safe (git-fixes) - arm64: mm: kfence: only handle translation faults (git-fixes) - arm: OMAP1: call platform_device_put() in error case in omap1_dm_timer_init() (git-fixes). - arm: OMAP2+: Fix memory leak in realtime_counter_init() (git-fixes). - arm: bcm2835_defconfig: Enable the framebuffer (git-fixes). - arm: dts: am5748: keep usb4_tm disabled (git-fixes) - arm: dts: exynos: Use Exynos5420 compatible for the MIPI video phy (git-fixes). - arm: dts: exynos: correct HDMI phy compatible in Exynos4 (git-fixes). - arm: dts: exynos: correct TMU phandle in Exynos4 (git-fixes). - arm: dts: exynos: correct TMU phandle in Exynos4210 (git-fixes). - arm: dts: exynos: correct TMU phandle in Exynos5250 (git-fixes). - arm: dts: exynos: correct TMU phandle in Odroid HC1 (git-fixes). - arm: dts: exynos: correct TMU phandle in Odroid XU (git-fixes). - arm: dts: exynos: correct TMU phandle in Odroid XU3 family (git-fixes). - arm: dts: exynos: correct wr-active property in Exynos3250 Rinato (git-fixes). - arm: dts: imx7-colibri-eval-v3: correct can controller comment (git-fixes) - arm: dts: imx7s: correct iomuxc gpr mux controller cells (git-fixes). - arm: dts: qcom: msm8974: add required ranges to OCMEM (git-fixes) - arm: dts: qcom: sdx55: Add Qcom SMMU-500 as the fallback for IOMMU node (git-fixes). - arm: dts: rockchip: add power-domains property to dp node on rk3288 (git-fixes). - arm: dts: spear320-hmi: correct STMPE GPIO compatible (git-fixes). - arm: dts: stm32: add missing usbh clock and fix clk order on (git-fixes) - arm: dts: stm32: use usbphyc ck_usbo_48m as USBH OHCI clock on (git-fixes) - arm: dts: sun8i: nanopi-duo2: Fix regulator GPIO reference (git-fixes). - arm: imx: Call ida_simple_remove() for ida_simple_get (git-fixes). - arm: imx: rename DEBUG_IMX21_IMX27_UART to DEBUG_IMX27_UART (git-fixes) - arm: omap: remove debug-leds driver (git-fixes) - arm: remove some dead code (git-fixes) - arm: renumber bits related to _TIF_WORK_MASK (git-fixes) - arm: s3c: fix s3c64xx_set_timer_source prototype (git-fixes). - arm: shmobile: rcar-gen2: Add missing of_node_put() (git-fixes) - arm: zynq: Fix refcount leak in zynq_early_slcr_init (git-fixes). - asoc: Intel: boards: fix spelling in comments (git-fixes). - asoc: Intel: bytcht_es8316: Drop reference count of ACPI device after use (git-fixes). - asoc: Intel: bytcht_es8316: move comment to the right place (git-fixes). - asoc: Intel: sof_cs42l42: always set dpcm_capture for amplifiers (git-fixes). - asoc: Intel: sof_rt5682: always set dpcm_capture for amplifiers (git-fixes). - asoc: adau7118: do not disable regulators on device unbind (git-fixes). - asoc: codecs: Change bulk clock voting to optional voting in digital codecs (git-fixes). - asoc: codecs: lpass: fix incorrect mclk rate (git-fixes). - asoc: codecs: rx-macro: move clk provider to managed variants (git-fixes). - asoc: codecs: rx-macro: move to individual clks from bulk (git-fixes). - asoc: codecs: tx-macro: move clk provider to managed variants (git-fixes). - asoc: codecs: tx-macro: move to individual clks from bulk (git-fixes). - asoc: cs42l56: fix DT probe (git-fixes). - asoc: dt-bindings: meson: fix gx-card codec node regex (git-fixes). - asoc: fsl_sai: Update to modern clocking terminology (git-fixes). - asoc: kirkwood: Iterate over array indexes instead of using pointer math (git-fixes). - asoc: mchp-spdifrx: Fix uninitialized use of mr in mchp_spdifrx_hw_params() (git-fixes). - asoc: mchp-spdifrx: disable all interrupts in mchp_spdifrx_dai_remove() (git-fixes). - asoc: mchp-spdifrx: fix controls which rely on rsr register (git-fixes). - asoc: rsnd: Remove unnecessary rsnd_dbg_dai_call() (git-fixes). - asoc: rsnd: fixup #endif position (git-fixes). - asoc: rt715-sdca: fix clock stop prepare timeout issue (git-fixes). - asoc: soc-compress.c: fixup private_data on snd_soc_new_compress() (git-fixes). - asoc: soc-compress: Reposition and add pcm_mutex (git-fixes). - asoc: soc-dapm.h: fixup warning struct snd_pcm_substream not declared (git-fixes). - asoc: tlv320adcx140: fix 'ti,gpio-config' DT property init (git-fixes). - asoc: topology: Return -ENOMEM on memory allocation failure (git-fixes). - asoc: zl38060 add gpiolib dependency (git-fixes). - asoc: zl38060: Remove spurious gpiolib select (git-fixes). - ath9k: hif_usb: simplify if-if to if-else (git-fixes). - ath9k: htc: clean up statistics macros (git-fixes). - auxdisplay: hd44780: Fix potential memory leak in hd44780_remove() (git-fixes). - avoid deadlock for recursive I/O on dm-thin when used as swap (bsc#1177529). - backlight: backlight: Fix doc for backlight_device_get_by_name (git-fixes). - blk-cgroup: fix missing pd_online_fn() while activating policy (git-fixes). - blk-mq: fix possible memleak when register 'hctx' failed (git-fixes). - block, bfq: fix uaf for bfqq in bic_set_bfqq() (git-fixes). - block/bfq-iosched.c: use 'false' rather than 'BLK_RW_ASYNC' (git-fixes). - block: bio-integrity: Copy flags when bio_integrity_payload is cloned (bsc#1208541). - block: clear ->slave_dir when dropping the main slave_dir reference (git-fixes). - block: do not allow splitting of a REQ_NOWAIT bio (git-fixes). - block: fix and cleanup bio_check_ro (git-fixes). - block: mq-deadline: Do not break sequential write streams to zoned HDDs (git-fixes). - block: mq-deadline: Rename deadline_is_seq_writes() (git-fixes). - bluetooth: L2CAP: Fix potential user-after-free (git-fixes). - bluetooth: btusb: Add VID:PID 13d3:3529 for Realtek RTL8821CE (git-fixes). - bluetooth: hci_qca: get wakeup status from serdev device handle (git-fixes). - bluetooth: hci_sock: purge socket queues in the destruct() callback (git-fixes). - bpf, perf: Use subprog name when reporting subprog ksymbol (git fixes). - bpf, x64: Factor out emission of REX byte in more cases (git-fixes). - bpf: Fix a possible task gone issue with bpf_send_signal[_thread]() helpers (git-fixes). - bpf: Fix extable address check (git-fixes). - bpf: Fix extable fixup offset (git-fixes). - bpf: Skip task with pid=1 in send_signal_common() (git-fixes). - can: j1939: do not wait 250 ms if the same addr was already claimed (git-fixes). - ceph: flush cap releases when the session is flushed (bsc#1208428). - ceph: update the time stamps and try to drop the suid/sgid (bsc#1209504). - cifs: Check the lease context if we actually got a lease (bsc#1193629). - cifs: Convert struct fealist away from 1-element array (bsc#1193629). - cifs: Fix lost destroy smbd connection when MR allocate failed (git-fixes). - cifs: Fix oops due to uncleared server->smbd_conn in reconnect (git-fixes). - cifs: Fix uninitialized memory read in smb3_qfs_tcon() (bsc#1193629). - cifs: Fix uninitialized memory reads for oparms.mode (bsc#1193629). - cifs: Fix use-after-free in rdata->read_into_pages() (git-fixes). - cifs: Fix warning and UAF when destroy the MR list (git-fixes). - cifs: Get rid of unneeded conditional in the smb2_get_aead_req() (bsc#1193629). - cifs: Replace remaining 1-element arrays (bsc#1193629). - cifs: Replace zero-length arrays with flexible-array members (bsc#1193629). - cifs: Use kstrtobool() instead of strtobool() (bsc#1193629). - cifs: do not try to use rdma offload on encrypted connections (bsc#1193629). - cifs: fix mount on old smb servers (boo#1206935). - cifs: get rid of dns resolve worker (bsc#1193629). - cifs: get rid of unneeded conditional in cifs_get_num_sgs() (bsc#1193629). - cifs: improve checking of DFS links over STATUS_OBJECT_NAME_INVALID (git-fixes). - cifs: introduce cifs_io_parms in smb2_async_writev() (bsc#1193629). - cifs: match even the scope id for ipv6 addresses (bsc#1193629). - cifs: prevent data race in cifs_reconnect_tcon() (bsc#1193629). - cifs: prevent data race in smb2_reconnect() (bsc#1193629). - cifs: print last update time for interface list (bsc#1193629). - cifs: remove unneeded 2bytes of padding from smb2 tree connect (bsc#1193629). - cifs: return a single-use cfid if we did not get a lease (bsc#1193629). - cifs: reuse cifs_match_ipaddr for comparison of dstaddr too (bsc#1193629). - cifs: split out smb3_use_rdma_offload() helper (bsc#1193629). - cifs: update ip_addr for ses only for primary chan setup (bsc#1193629). - cifs: use tcon allocation functions even for dummy tcon (git-fixes). - cifs: use the least loaded channel for sending requests (bsc#1193629). - clk: HI655X: select REGMAP instead of depending on it (git-fixes). - clk: Honor CLK_OPS_PARENT_ENABLE in clk_core_is_enabled() (git-fixes). - clk: imx: avoid memory leak (git-fixes). - clk: mxl: Add option to override gate clks (git-fixes). - clk: mxl: Fix a clk entry by adding relevant flags (git-fixes). - clk: mxl: Remove redundant spinlocks (git-fixes). - clk: mxl: Switch from direct readl/writel based IO to regmap based IO (git-fixes). - clk: mxl: syscon_node_to_regmap() returns error pointers (git-fixes). - clk: qcom: gcc-qcs404: disable gpll[04]_out_aux parents (git-fixes). - clk: qcom: gcc-qcs404: fix names of the DSI clocks used as parents (git-fixes). - clk: ralink: fix 'mt7621_gate_is_enabled()' function (git-fixes). - clk: renesas: cpg-mssr: Fix use after free if cpg_mssr_common_init() failed (git-fixes). - clk: renesas: cpg-mssr: Remove superfluous check in resume code (git-fixes). - clocksource: Suspend the watchdog temporarily when high read latency detected (git-fixes). - comedi: use menuconfig for main Comedi menu (git-fixes). - crypto: arm64 - Fix unused variable compilation warnings of (git-fixes) - crypto: ccp - Avoid page allocation failure warning for SEV_GET_ID2 (git-fixes). - crypto: ccp - Failure on re-initialization due to duplicate sysfs filename (git-fixes). - crypto: crypto4xx - Call dma_unmap_page when done (git-fixes). - crypto: essiv - Handle EBUSY correctly (git-fixes). - crypto: qat - fix out-of-bounds read (git-fixes). - crypto: rsa-pkcs1pad - Use akcipher_request_complete (git-fixes). - crypto: seqiv - Handle EBUSY correctly (git-fixes). - crypto: x86/ghash - fix unaligned access in ghash_setkey() (git-fixes). - crypto: xts - Handle EBUSY correctly (git-fixes). - delete patches.suse/drm-i915-Don-t-use-BAR-mappings-for-ring-buffers-wit.patch Resulted in an Oops / hang at boot (bsc#1209436) - dmaengine: dw-axi-dmac: Do not dereference NULL structure (git-fixes). - dmaengine: dw-edma: Do not permit non-inc interleaved xfers (git-fixes). - dmaengine: dw-edma: Drop chancnt initialization (git-fixes). - dmaengine: dw-edma: Fix invalid interleaved xfers semantics (git-fixes). - dmaengine: dw-edma: Fix missing src/dst address of interleaved xfers (git-fixes). - dmaengine: dw-edma: Fix readq_ch() return value truncation (git-fixes). - dmaengine: idxd: Set traffic class values in GRPCFG on DSA 2.0 (git-fixes). - dmaengine: ptdma: check for null desc before calling pt_cmd_callback (git-fixes). - dmaengine: sf-pdma: pdma_desc memory leak fix (git-fixes). - do not sign the vanilla kernel (bsc#1209008). - docs/scripts/gdb: add necessary make scripts_gdb step (git-fixes). - docs: Correct missing 'd_' prefix for dentry_operations member d_weak_revalidate (git-fixes). - docs: ftrace: fix a issue with duplicated subtitle number (git-fixes). - docs: gdbmacros: print newest record (git-fixes). - documentation/hw-vuln: Document the interaction between IBRS and STIBP (git-fixes). - documentation: simplify and clarify DCO contribution example language (git-fixes). - driver core: fix potential null-ptr-deref in device_add() (git-fixes). - driver core: fix resource leak in device_add() (git-fixes). - driver core: fw_devlink: Add DL_FLAG_CYCLE support to device links (git-fixes). - drivers/md/md-bitmap: check the return value of md_bitmap_get_counter() (git-fixes). - drivers: base: transport_class: fix possible memory leak (git-fixes). - drivers: base: transport_class: fix resource leak when transport_add_device() fails (git-fixes). - drm/amd/display: Fail atomic_check early on normalize_zpos error (git-fixes). - drm/amd/display: Fix potential null-deref in dm_resume (git-fixes). - drm/amd/display: Fix timing not changning when freesync video is enabled (git-fixes). - drm/amd/display: Properly handle additional cases where DCN is not supported (git-fixes). - drm/amd/display: reduce else-if to else in dcn10_blank_pixel_data() (git-fixes). - drm/amdgpu/fence: Fix oops due to non-matching drm_sched init/fini (git-fixes). - drm/amdgpu: fix enum odm_combine_mode mismatch (git-fixes). - drm/amdgpu: fix error checking in amdgpu_read_mm_registers for soc15 (git-fixes). - drm/bridge: Fix returned array size name for atomic_get_input_bus_fmts kdoc (git-fixes). - drm/bridge: lt8912b: Add hot plug detection (git-fixes). - drm/bridge: lt9611: fix HPD reenablement (git-fixes). - drm/bridge: lt9611: fix clock calculation (git-fixes). - drm/bridge: lt9611: fix polarity programming (git-fixes). - drm/bridge: lt9611: fix programming of video modes (git-fixes). - drm/bridge: lt9611: fix sleep mode setup (git-fixes). - drm/bridge: lt9611: pass a pointer to the of node (git-fixes). - drm/bridge: megachips: Fix error handling in i2c_register_driver() (git-fixes). - drm/connector: print max_requested_bpc in state debugfs (git-fixes). - drm/edid: fix AVI infoframe aspect ratio handling (git-fixes). - drm/fourcc: Add missing big-endian XRGB1555 and RGB565 formats (git-fixes). - drm/hyperv : Removing the restruction of VRAM allocation with PCI bar size (git-fixes). - drm/hyperv: Fix an error handling path in hyperv_vmbus_probe() (git-fixes). - drm/i915/gen11: Moving WAs to icl_gt_workarounds_init() (git-fixes). - drm/i915/gen11: Wa_1408615072/Wa_1407596294 should be on GT list (git-fixes). - drm/i915/quirks: Add inverted backlight quirk for HP 14-r206nv (git-fixes). - drm/i915: Do not use BAR mappings for ring buffers with LLC (git-fixes). - drm/i915: Fix VBT DSI DVO port handling (git-fixes). - drm/i915: Initialize the obj flags for shmem objects (git-fixes). - drm/mediatek: Clean dangling pointer on bind error path (git-fixes). - drm/mediatek: Drop unbalanced obj unref (git-fixes). - drm/mediatek: Use NULL instead of 0 for NULL pointer (git-fixes). - drm/mediatek: dsi: Reduce the time of dsi from LP11 to sending cmd (git-fixes). - drm/mediatek: mtk_drm_crtc: Add checks for devm_kcalloc (git-fixes). - drm/meson: fix 1px pink line on GXM when scaling video overlay (git-fixes). - drm/mipi-dsi: Fix byte order of 16-bit DCS set/get brightness (git-fixes). - drm/msm/a5xx: fix context faults during ring switch (git-fixes). - drm/msm/a5xx: fix highest bank bit for a530 (git-fixes). - drm/msm/a5xx: fix setting of the CP_PREEMPT_ENABLE_LOCAL register (git-fixes). - drm/msm/a5xx: fix the emptyness check in the preempt code (git-fixes). - drm/msm/adreno: Fix null ptr access in adreno_gpu_cleanup() (git-fixes). - drm/msm/disp/dpu: fix sc7280_pp base offset (git-fixes). - drm/msm/dpu: Add check for cstate (git-fixes). - drm/msm/dpu: Add check for pstates (git-fixes). - drm/msm/dpu: Disallow unallocated resources to be returned (git-fixes). - drm/msm/dpu: drop stale comment from struct dpu_mdp_cfg doc (git-fixes). - drm/msm/dpu: fix len of sc7180 ctl blocks (git-fixes). - drm/msm/dpu: set pdpu->is_rt_pipe early in dpu_plane_sspp_atomic_update() (git-fixes). - drm/msm/dsi: Add missing check for alloc_ordered_workqueue (git-fixes). - drm/msm/gem: Add check for kmalloc (git-fixes). - drm/msm/hdmi: Add missing check for alloc_ordered_workqueue (git-fixes). - drm/msm/mdp5: Add check for kzalloc (git-fixes). - drm/msm: Fix potential invalid ptr free (git-fixes). - drm/msm: clean event_thread->worker in case of an error (git-fixes). - drm/msm: use strscpy instead of strncpy (git-fixes). - drm/nouveau/devinit/tu102-: wait for GFW_BOOT_PROGRESS == COMPLETED (git-fixes). - drm/nouveau/kms/nv50-: remove unused functions (git-fixes). - drm/nouveau/kms/nv50: fix nv50_wndw_new_ prototype (git-fixes). - drm/omap: dsi: Fix excessive stack usage (git-fixes). - drm/omapdrm: Remove unused struct csc_coef_rgb2yuv (git-fixes). - drm/panfrost: Do not sync rpm suspension after mmu flushing (git-fixes). - drm/radeon: Fix eDP for single-display iMac11,2 (git-fixes). - drm/radeon: free iio for atombios when driver shutdown (git-fixes). - drm/shmem-helper: Remove another errant put in error path (git-fixes). - drm/sun4i: fix missing component unbind on bind errors (git-fixes). - drm/tiny: ili9486: Do not assume 8-bit only SPI controllers (git-fixes). - drm/vc4: dpi: Add option for inverting pixel clock and output enable (git-fixes). - drm/vc4: dpi: Fix format mapping for RGB565 (git-fixes). - drm/vc4: hdmi: Correct interlaced timings again (git-fixes). - drm/vc4: hvs: Fix colour order for xRGB1555 on HVS5 (git-fixes). - drm/vc4: hvs: Set AXI panic modes (git-fixes). - drm/vc4: vec: Use pm_runtime_resume_and_get() in vc4_vec_encoder_enable() (git-fixes). - drm/virtio: exbuf->fence_fd unmodified on interrupted wait (git-fixes). - drm/vkms: Fix memory leak in vkms_init() (git-fixes). - drm/vkms: Fix null-ptr-deref in vkms_release() (git-fixes). - drm: Fix potential null-ptr-deref due to drmm_mode_config_init() (git-fixes). - drm: amd: display: Fix memory leakage (git-fixes). - drm: mxsfb: DRM_MXSFB should depend on ARCH_MXS || ARCH_MXC (git-fixes). - drm: panel-orientation-quirks: Add quirk for Lenovo IdeaPad Duet 3 10IGL5 (git-fixes). - drm: tidss: Fix pixel format definition (git-fixes). - dt-bindings: arm: fsl: Fix bindings for APF28Dev board (git-fixes). - dt-bindings: hwlock: sun6i: Add missing #hwlock-cells (git-fixes). - dt-bindings: input: iqs626a: Redefine trackpad property types (git-fixes). - dt-bindings: msm: dsi-controller-main: Add vdd* descriptions back in (git-fixes). - dt-bindings: net: snps,dwmac: Fix snps,reset-delays-us dependency (git-fixes). - dt-bindings: power: supply: pm8941-coincell: Do not require charging properties (git-fixes). - dt-bindings: usb: amlogic,meson-g12a-usb-ctrl: make G12A usb3-phy0 optional (git-fixes). - eeprom: idt_89hpesx: Fix error handling in idt_init() (git-fixes). - efi: Accept version 2 of memory attributes table (git-fixes). - exit: Add and use make_task_dead (bsc#1207328). - exit: Allow oops_limit to be disabled (bsc#1207328). - exit: Guarantee make_task_dead leaks the tsk when calling do_task_exit (bsc#1207328). - exit: Move force_uaccess back into do_exit (bsc#1207328). - exit: Move oops specific logic from do_exit into make_task_dead (bsc#1207328). - exit: Put an upper limit on how often we can oops (bsc#1207328). - exit: Stop poorly open coding do_task_dead in make_task_dead (bsc#1207328). - exit: Use READ_ONCE() for all oops/warn limit reads (bsc#1207328). - ext4,f2fs: fix readahead of verity data (bsc#1207648). - ext4: add EXT4_IGET_BAD flag to prevent unexpected bad inode (bsc#1207619). - ext4: add EXT4_INODE_HAS_XATTR_SPACE macro in xattr.h (bsc#1206878). - ext4: add helper to check quota inums (bsc#1207618). - ext4: add inode table check in __ext4_get_inode_loc to aovid possible infinite loop (bsc#1207617). - ext4: add missing validation of fast-commit record lengths (bsc#1207626). - ext4: allocate extended attribute value in vmalloc area (bsc#1207635). - ext4: avoid crash when inline data creation follows DIO write (bsc#1206883). - ext4: avoid resizing to a partial cluster size (bsc#1206880). - ext4: avoid unaccounted block allocation when expanding inode (bsc#1207634). - ext4: continue to expand file system when the target size does not reach (bsc#1206882). - ext4: correct cluster len and clusters changed accounting in ext4_mb_mark_bb (bsc#1207592). - ext4: correct max_inline_xattr_value_size computing (bsc#1206878). - ext4: correct the misjudgment in ext4_iget_extra_inode (bsc#1206878). - ext4: disable fast-commit of encrypted dir operations (bsc#1207623). - ext4: do not allow journal inode to have encrypt flag (bsc#1207621). - ext4: do not increase iversion counter for ea_inodes (bsc#1207605). - ext4: do not run ext4lazyinit for read-only filesystems (bsc#1207603). - ext4: do not set up encryption key during jbd2 transaction (bsc#1207624). - ext4: drop ineligible txn start stop APIs (bsc#1207588). - ext4: ext4_read_bh_lock() should submit IO if the buffer isn't uptodate (bsc#1207606). - ext4: factor out ext4_fc_get_tl() (bsc#1207615). - ext4: fast commit may miss file actions (bsc#1207591). - ext4: fast commit may not fallback for ineligible commit (bsc#1207590). - ext4: fix BUG_ON() when directory entry has invalid rec_len (bsc#1206886). - ext4: fix bug in extents parsing when eh_entries == 0 and eh_depth > 0 (bsc#1206881). - ext4: fix bug_on in __es_tree_search caused by bad boot loader inode (bsc#1207620). - ext4: fix bug_on in start_this_handle during umount filesystem (bsc#1207594). - ext4: fix deadlock due to mbcache entry corruption (bsc#1207653). - ext4: fix delayed allocation bug in ext4_clu_mapped for bigalloc + inline (bsc#1207631). - ext4: fix dir corruption when ext4_dx_add_entry() fails (bsc#1207608). - ext4: fix error code return to user-space in ext4_get_branch() (bsc#1207630). - ext4: fix ext4_mb_mark_bb() with flex_bg with fast_commit (bsc#1207593). - ext4: fix extent status tree race in writeback error recovery path (bsc#1206877). - ext4: fix inode leak in ext4_xattr_inode_create() on an error path (bsc#1207636). - ext4: fix kernel BUG in 'ext4_write_inline_data_end()' (bsc#1206894). - ext4: fix leaking uninitialized memory in fast-commit journal (bsc#1207625). - ext4: fix miss release buffer head in ext4_fc_write_inode (bsc#1207609). - ext4: fix null-ptr-deref in ext4_write_info (bsc#1206884). - ext4: fix off-by-one errors in fast-commit block filling (bsc#1207628). - ext4: fix potential memory leak in ext4_fc_record_modified_inode() (bsc#1207611). - ext4: fix potential memory leak in ext4_fc_record_regions() (bsc#1207612). - ext4: fix potential out of bound read in ext4_fc_replay_scan() (bsc#1207616). - ext4: fix reserved cluster accounting in __es_remove_extent() (bsc#1207637). - ext4: fix unaligned memory access in ext4_fc_reserve_space() (bsc#1207627). - ext4: fix undefined behavior in bit shift for ext4_check_flag_values (bsc#1206890). - ext4: fix uninititialized value in 'ext4_evict_inode' (bsc#1206893). - ext4: fix use-after-free in ext4_ext_shift_extents (bsc#1206888). - ext4: fix use-after-free in ext4_orphan_cleanup (bsc#1207622). - ext4: fix use-after-free in ext4_xattr_set_entry (bsc#1206878). - ext4: fix warning in 'ext4_da_release_space' (bsc#1206887). - ext4: goto right label 'failed_mount3a' (bsc#1207610). - ext4: init quota for 'old.inode' in 'ext4_rename' (bsc#1207629). - ext4: initialize quota before expanding inode in setproject ioctl (bsc#1207633). - ext4: introduce EXT4_FC_TAG_BASE_LEN helper (bsc#1207614). - ext4: limit the number of retries after discarding preallocations blocks (bsc#1207602). - ext4: make ext4_lazyinit_thread freezable (bsc#1206885). - ext4: place buffer head allocation before handle start (bsc#1207607). - ext4: silence the warning when evicting inode with dioread_nolock (bsc#1206889). - ext4: simplify updating of fast commit stats (bsc#1207589). - ext4: update 'state->fc_regions_size' after successful memory allocation (bsc#1207613). - ext4: update s_overhead_clusters in the superblock during an on-line resize (bsc#1206876). - fbdev: omapfb: cleanup inconsistent indentation (git-fixes). - fbdev: smscufx: fix error handling code in ufx_usb_probe (git-fixes). - firmware/efi sysfb_efi: Add quirk for Lenovo IdeaPad Duet 3 (git-fixes). - firmware: coreboot: Remove GOOGLE_COREBOOT_TABLE_ACPI/OF Kconfig entries (git-fixes). - firmware: coreboot: framebuffer: Ignore reserved pixel color bits (git-fixes). - firmware: dmi-sysfs: Fix null-ptr-deref in dmi_sysfs_register_handle (git-fixes). - firmware: stratix10-svc: add missing gen_pool_destroy() in stratix10_svc_drv_probe() (git-fixes). - firmware: xilinx: do not make a sleepable memory allocation from an atomic context (git-fixes). - fix page corruption caused by racy check in __free_pages (bsc#1208149). - fork: allow CLONE_NEWTIME in clone3 flags (bsc#1209258). - fs: ext4: initialize fsdata in pagecache_write() (bsc#1207632). - fscache_cookie_enabled: check cookie is valid before accessing it (bsc#1208429). - fuse: add inode/permission checks to fileattr_get/fileattr_set (bsc#1208759). - genirq: Provide new interfaces for affinity hints (bsc#1208153). - gpio: tegra186: remove unneeded loop in tegra186_gpio_init_route_mapping() (git-fixes). - gpio: vf610: connect GPIO label to dev name (git-fixes). - gpu: host1x: Do not skip assigning syncpoints to channels (git-fixes). - gpu: ipu-v3: common: Add of_node_put() for reference returned by of_graph_get_port_by_id() (git-fixes). - hid: Add Mapping for System Microphone Mute (git-fixes). - hid: asus: use spinlock to protect concurrent accesses (git-fixes). - hid: asus: use spinlock to safely schedule workers (git-fixes). - hid: bigben: use spinlock to protect concurrent accesses (git-fixes). - hid: bigben: use spinlock to safely schedule workers (git-fixes). - hid: bigben_probe(): validate report count (git-fixes). - hid: bigben_worker() remove unneeded check on report_field (git-fixes). - hid: core: Fix deadloop in hid_apply_multiplier (git-fixes). - hid: elecom: add support for TrackBall 056E:011C (git-fixes). - hid: logitech-hidpp: Do not restart communication if not necessary (git-fixes). - hid: multitouch: Add quirks for flipped axes (git-fixes). - hid: retain initial quirks set up when creating HID devices (git-fixes). - hv: fix comment typo in vmbus_channel/low_latency (git-fixes). - hv_netvsc: Allocate memory in netvsc_dma_map() with GFP_ATOMIC (git-fixes). - hv_netvsc: Check status in SEND_RNDIS_PKT completion message (git-fixes). - hwmon: (adm1266) Set `can_sleep` flag for GPIO chip (git-fixes). - hwmon: (adt7475) Display smoothing attributes in correct order (git-fixes). - hwmon: (adt7475) Fix masking of hysteresis registers (git-fixes). - hwmon: (coretemp) Simplify platform device handling (git-fixes). - hwmon: (ftsteutates) Fix scaling of measurements (git-fixes). - hwmon: (ina3221) return prober error code (git-fixes). - hwmon: (k10temp): Add support for new family 17h and 19h models (bsc#1208848). - hwmon: (ltc2945) Handle error case in ltc2945_value_store (git-fixes). - hwmon: (ltc2992) Set `can_sleep` flag for GPIO chip (git-fixes). - hwmon: (mlxreg-fan) Return zero speed for broken fan (git-fixes). - hwmon: (ucd90320) Add minimum delay between bus accesses (git-fixes). - hwmon: (xgene) Fix use after free bug in xgene_hwmon_remove due to race condition (git-fixes). - hwmon: tmp512: drop of_match_ptr for ID table (git-fixes). - i2c: designware-pci: Add new PCI IDs for AMD NAVI GPU (git-fixes). - i2c: designware: fix i2c_dw_clk_rate() return size to be u32 (git-fixes). - i2c: mxs: suppress probe-deferral error message (git-fixes). - i2c: rk3x: fix a bunch of kernel-doc warnings (git-fixes). - ib/hfi1: Assign npages earlier (git-fixes) - ib/hfi1: Fix math bugs in hfi1_can_pin_pages() (git-fixes) - ib/hfi1: Fix sdma.h tx->num_descs off-by-one errors (git-fixes) - ib/hfi1: Restore allocated resources on failed copyout (git-fixes) - ib/hfi1: Update RMT size calculation (git-fixes) - ib/ipoib: Fix legacy IPoIB due to wrong number of queues (git-fixes) - iio: accel: mma9551_core: Prevent uninitialized variable in mma9551_read_config_word() (git-fixes). - iio: accel: mma9551_core: Prevent uninitialized variable in mma9551_read_status_word() (git-fixes). - iio: light: tsl2563: Do not hardcode interrupt trigger type (git-fixes). - input: ads7846 - always set last command to PWRDOWN (git-fixes). - input: ads7846 - do not check penirq immediately for 7845 (git-fixes). - input: ads7846 - do not report pressure for ads7845 (git-fixes). - input: iqs269a - configure device with a single block write (git-fixes). - input: iqs269a - drop unused device node references (git-fixes). - input: iqs269a - increase interrupt handler return delay (git-fixes). - input: iqs626a - drop unused device node references (git-fixes). - interconnect: exynos: fix node leak in probe PM QoS error path (git-fixes). - interconnect: fix mem leak when freeing nodes (git-fixes). - interconnect: qcom: osm-l3: fix icc_onecell_data allocation (git-fixes). - iommu/hyper-v: Allow hyperv irq remapping without x2apic (git-fixes). - ipmi:ssif: Add a timer between request retries (bsc#1206459). - ipmi:ssif: Remove rtc_us_timer (bsc#1206459). - ipmi:ssif: resend_msg() cannot fail (bsc#1206459). - ipmi_ssif: Rename idle state and check (bsc#1206459). - irqchip/gic-v3: Refactor ISB + EOIR at ack time (git-fixes) - iw_cxgb4: Fix potential NULL dereference in c4iw_fill_res_cm_id_entry() (git-fixes) - jbd2: Fix up kABI of ext4 fast commit interface (bsc#1207590). - jbd2: add miss release buffer head in fc_do_one_pass() (bsc#1207646). - jbd2: fix a potential race while discarding reserved buffers after an abort (bsc#1207641). - jbd2: fix potential buffer head reference count leak (bsc#1207644). - jbd2: fix potential use-after-free in jbd2_fc_wait_bufs (bsc#1207645). - jbd2: wake up journal waiters in FIFO order, not LIFO (bsc#1207643). - kABI workaround for hid quirks (git-fixes). - kABI: pci: Reduce warnings on possible RW1C corruption (kabi). - kABI: pci: dwc: Add dw_pcie_ops.host_deinit() callback (kabi). - kabi fix for nfsv4: Fix free of uninitialized nfs4_label on referral lookup (git-fixes). - kabi fix for: NFSv3: handle out-of-order write replies (bsc#1205544). - kabi fix for: nfs: Further optimisations for 'ls -l' (git-fixes). - kabi fix for: nfsd: Have legacy NFSD WRITE decoders use xdr_stream_subsegment() (git-fixes). - kabi fix for: nfsv4.1 query for fs_location attr on a new file system (Never, kabi). - kasan: no need to unset panic_on_warn in end_report() (bsc#1207328). - kernel-module-subpackage: Fix expansion with -b parameter (bsc#1208179). When -b is specified the script is prefixed with KMP_NEEDS_MKINITRD=1 which sets the variable for a simple command. However, the script is no longer a simple command. Export the variable instead. - keys: asymmetric: Fix ECDSA use via keyctl uapi (git-fixes). - leds: led-class: Add missing put_device() to led_put() (git-fixes). - leds: led-core: Fix refcount leak in of_led_get() (git-fixes). - lib/mpi: Fix buffer overrun when SG is too long (git-fixes). - lib/zlib: remove redundation assignement of avail_in dfltcc_gdht() (git-fixes). - locking/rwsem: Allow slowpath writer to ignore handoff bit if not set by first waiter (bsc#1207270). - locking/rwsem: Always try to wake waiters in out_nolock path (bsc#1207270). - locking/rwsem: Conditionally wake waiters in reader/writer slowpaths (bsc#1207270). - locking/rwsem: Disable preemption in all down_read*() and up_read() code paths (bsc#1207270). - locking/rwsem: Disable preemption in all down_write*() and up_write() code paths (bsc#1207270). - locking/rwsem: Disable preemption while trying for rwsem lock (bsc#1207270). - locking/rwsem: Make handoff bit handling more consistent (bsc#1207270). - locking/rwsem: No need to check for handoff bit if wait queue empty (bsc#1207270). - locking/rwsem: Prevent non-first waiter from spinning in down_write() slowpath (bsc#1207270). - locking: Add missing __sched attributes (bsc#1207270). - makefile: link with -z noexecstack --no-warn-rwx-segments (bsc#1203200). - mbcache: Avoid nesting of cache->c_list_lock under bit locks (bsc#1207647). - mbcache: Fixup kABI of mb_cache_entry (bsc#1207653). - md/bitmap: Fix bitmap chunk size overflow issues (git-fixes). - md/raid1: stop mdx_raid1 thread when raid1 array run failed (git-fixes). - md: fix a crash in mempool_free (git-fixes). - media: coda: Add check for dcoda_iram_alloc (git-fixes). - media: coda: Add check for kmalloc (git-fixes). - media: i2c: imx219: Fix binning for RAW8 capture (git-fixes). - media: i2c: imx219: Split common registers from mode tables (git-fixes). - media: i2c: ov7670: 0 instead of -EINVAL was returned (git-fixes). - media: i2c: ov772x: Fix memleak in ov772x_probe() (git-fixes). - media: imx: imx7-media-csi: fix missing clk_disable_unprepare() in imx7_csi_init() (git-fixes). - media: ipu3-cio2: Fix PM runtime usage_count in driver unbind (git-fixes). - media: m5mols: fix off-by-one loop termination error (git-fixes). - media: max9286: Fix memleak in max9286_v4l2_register() (git-fixes). - media: ov2740: Fix memleak in ov2740_init_controls() (git-fixes). - media: ov5640: Fix analogue gain control (git-fixes). - media: ov5675: Fix memleak in ov5675_init_controls() (git-fixes). - media: platform: ti: Add missing check for devm_regulator_get (git-fixes). - media: rc: Fix use-after-free bugs caused by ene_tx_irqsim() (git-fixes). - media: rc: gpio-ir-recv: add remove function (git-fixes). - media: saa7134: Use video_unregister_device for radio_dev (git-fixes). - media: ti: cal: fix possible memory leak in cal_ctx_create() (git-fixes). - media: usb: siano: Fix use after free bugs caused by do_submit_urb (git-fixes). - media: uvcvideo: Add support for V4L2_CTRL_TYPE_CTRL_CLASS (git-fixes). - media: uvcvideo: Check controls flags before accessing them (git-fixes). - media: uvcvideo: Check for INACTIVE in uvc_ctrl_is_accessible() (git-fixes). - media: uvcvideo: Do not check for V4L2_CTRL_WHICH_DEF_VAL (git-fixes). - media: uvcvideo: Fix memory leak of object map on error exit path (git-fixes). - media: uvcvideo: Fix race condition with usb_kill_urb (git-fixes). - media: uvcvideo: Handle cameras with invalid descriptors (git-fixes). - media: uvcvideo: Handle errors from calls to usb_string (git-fixes). - media: uvcvideo: Quirk for autosuspend in Logitech B910 and C910 (git-fixes). - media: uvcvideo: Remove s_ctrl and g_ctrl (git-fixes). - media: uvcvideo: Silence memcpy() run-time false positive warnings (git-fixes). - media: uvcvideo: Use control names from framework (git-fixes). - media: uvcvideo: refactor __uvc_ctrl_add_mapping (git-fixes). - media: v4l2-jpeg: correct the skip count in jpeg_parse_app14_data (git-fixes). - media: v4l2-jpeg: ignore the unknown APP14 marker (git-fixes). - mei: bus-fixup:upon error print return values of send and receive (git-fixes). - mfd: arizona: Use pm_runtime_resume_and_get() to prevent refcnt leak (git-fixes). - mfd: cs5535: Do not build on UML (git-fixes). - mfd: pcf50633-adc: Fix potential memleak in pcf50633_adc_async_read() (git-fixes). - misc/mei/hdcp: Use correct macros to initialize uuid_le (git-fixes). - misc: enclosure: Fix doc for enclosure_find() (git-fixes). - mm: memcg: fix NULL pointer in mem_cgroup_track_foreign_dirty_slowpath() (bsc#1209262). - mmc: jz4740: Work around bug on JZ4760(B) (git-fixes). - mmc: mmc_spi: fix error handling in mmc_spi_probe() (git-fixes). - mmc: sdhci_am654: lower power-on failed message severity (git-fixes). - mmc: sdio: fix possible resource leaks in some error paths (git-fixes). - move upstreamed i915 and media fixes into sorted section - mt76: mt7915: fix polling firmware-own status (git-fixes). - mtd: dataflash: remove duplicate SPI ID table (git-fixes). - mtd: rawnand: fsl_elbc: Propagate HW ECC settings to HW (git-fixes). - mtd: rawnand: sunxi: Clean up chips after failed init (git-fixes). - mtd: rawnand: sunxi: Fix the size of the last OOB region (git-fixes). - mtd: spi-nor: Fix shift-out-of-bounds in spi_nor_set_erase_type (git-fixes). - mtd: spi-nor: core: fix implicit declaration warning (git-fixes). - mtd: spi-nor: sfdp: Fix index value for SCCR dwords (git-fixes). - mtd: spi-nor: spansion: Consider reserved bits in CFR5 register (git-fixes). - net/rose: Fix to not accept on connected socket (git-fixes). - net/sunrpc: fix reference count leaks in rpc_sysfs_xprt_state_change (git-fixes). - net/usb: kalmia: Do not pass act_len in usb_bulk_msg error path (git-fixes). - net/x25: Fix to not accept on connected socket (git-fixes). - net: USB: Fix wrong-direction WARNING in plusb.c (git-fixes). - net: mana: Assign interrupts to CPUs based on NUMA nodes (bsc#1208153). - net: mana: Fix IRQ name - add PCI and queue number (bsc#1207875). - net: mana: Fix accessing freed irq affinity_hint (bsc#1208153). - net: openvswitch: fix possible memory leak in ovs_meter_cmd_set() (git-fixes). - net: phy: meson-gxl: use MMD access dummy stubs for GXL, internal PHY (git-fixes). - nfc: change order inside nfc_se_io error path (git-fixes). - nfc: fdp: add null check of devm_kmalloc_array in fdp_nci_i2c_read_device_properties (git-fixes). - nfc: fix memory leak of se_io context in nfc_genl_se_io (git-fixes). - nfc: pn533: initialize struct pn533_out_arg properly (git-fixes). - nfc: st-nci: Fix use after free bug in ndlc_remove due to race condition (git-fixes). - nfcv3: handle out-of-order write replies (bsc#1205544). - nfs4: Fix kmemleak when allocate slot failed (git-fixes). - nfs: Always initialise fattr->label in nfs_fattr_alloc() (git-fixes). - nfs: Avoid writeback threads getting stuck in mempool_alloc() (git-fixes). - nfs: Create a new nfs_alloc_fattr_with_label() function (git-fixes). - nfs: Do not allocate nfs_fattr on the stack in __nfs42_ssc_open() (git-fixes). - nfs: Further optimisations for 'ls -l' (git-fixes). - nfs: nfs4clinet: check the return value of kstrdup() (git-fixes). - nfs: nfsiod should not block forever in mempool_alloc() (git-fixes). - nfs: nfsiod should not block forever in mempool_alloc() (git-fixes). - nfsd: COMMIT operations must not return NFS?ERR_INVAL (git-fixes). - nfsd: De-duplicate net_generic(nf->nf_net, nfsd_net_id) (git-fixes). - nfsd: Finish converting the NFSv2 GETACL result encoder (git-fixes). - nfsd: Finish converting the NFSv3 GETACL result encoder (git-fixes). - nfsd: Fix a memory leak in an error handling path (git-fixes). - nfsd: Fix handling of oversized nfsv4 COMPOUND requests (git-fixes). - nfsd: Fix nfsd_breaker_owns_lease() return values (git-fixes). - nfsd: Have legacy NFSD WRITE decoders use xdr_stream_subsegment() (git-fixes). - nfsd: Return nfserr_serverfault if splice_ok but buf->pages have data (git-fixes). - nfsd: do not call nfsd_file_put from client states seqfile display (git-fixes). - nfsd: fix use-after-free on source server when doing inter-server copy (git-fixes). - nfsd: pass range end to vfs_fsync_range() instead of count (git-fixes). - nfsv4 expose nfs_parse_server_name function (git-fixes). - nfsv4 handle port presence in fs_location server string (git-fixes). - nfsv4 only print the label when its queried (git-fixes). - nfsv4 remove zero number of fs_locations entries error check (git-fixes). - nfsv4 store server support for fs_location attribute (git-fixes). - nfsv4.1 query for fs_location attr on a new file system (git-fixes). - nfsv4.1: Fix uninitialised variable in devicenotify (git-fixes). - nfsv4.1: Handle RECLAIM_COMPLETE trunking errors (git-fixes). - nfsv4.1: We must always send RECLAIM_COMPLETE after a reboot (git-fixes). - nfsv4.2: Clear FATTR4_WORD2_SECURITY_LABEL when done decoding (git-fixes). - nfsv4.2: Fix a memory stomp in decode_attr_security_label (git-fixes). - nfsv4.2: Fixup CLONE dest file size for zero-length count (git-fixes). - nfsv4.2: fix reference count leaks in _nfs42_proc_copy_notify() (git-fixes). - nfsv4/pnfs: Always return layout stats on layout return for flexfiles (git-fixes). - nfsv4/pnfs: Fix a use-after-free bug in open (git-fixes). - nfsv4: Add an fattr allocation to _nfs4_discover_trunking() (git-fixes). - nfsv4: Do not hold the layoutget locks across multiple RPC calls (git-fixes). - nfsv4: Fix a potential state reclaim deadlock (git-fixes). - nfsv4: Fix free of uninitialized nfs4_label on referral lookup (git-fixes). - nfsv4: Protect the state recovery thread against direct reclaim (git-fixes). - nfsv4: Retry LOCK on OLD_STATEID during delegation return (git-fixes). - nvdimm: disable namespace on error (bsc#1166486). - nvme-auth: check chap ctrl_key once constructed (bsc#1202633). - nvme-auth: clear sensitive info right after authentication completes (bsc#1202633). - nvme-auth: convert dhchap_auth_list to an array (bsc#1202633). - nvme-auth: do not ignore key generation failures when initializing ctrl keys (bsc#1202633). - nvme-auth: do not keep long lived 4k dhchap buffer (bsc#1202633). - nvme-auth: do not override ctrl keys before validation (bsc#1202633). - nvme-auth: do not re-authenticate if the controller is not LIVE (bsc#1202633). - nvme-auth: do not use NVMe status codes (bsc#1202633). - nvme-auth: fix an error code in nvme_auth_process_dhchap_challenge() (bsc#1202633). - nvme-auth: fix smatch warning complaints (bsc#1202633). - nvme-auth: guarantee dhchap buffers under memory pressure (bsc#1202633). - nvme-auth: have dhchap_auth_work wait for queues auth to complete (bsc#1202633). - nvme-auth: mark nvme_auth_wq static (bsc#1202633). - nvme-auth: no need to reset chap contexts on re-authentication (bsc#1202633). - nvme-auth: remove redundant auth_work flush (bsc#1202633). - nvme-auth: remove redundant buffer deallocations (bsc#1202633). - nvme-auth: remove redundant deallocations (bsc#1202633). - nvme-auth: remove redundant if statement (bsc#1202633). - nvme-auth: remove symbol export from nvme_auth_reset (bsc#1202633). - nvme-auth: rename __nvme_auth_[reset|free] to nvme_auth[reset|free]_dhchap (bsc#1202633). - nvme-auth: rename authentication work elements (bsc#1202633). - nvme-auth: use workqueue dedicated to authentication (bsc#1202633). - nvme-fabrics: show well known discovery name (bsc#1200054). - objtool: Add a missing comma to avoid string concatenation (bsc#1207328). - ocfs2: Fix data corruption after failed write (bsc#1208542). - ocfs2: clear dinode links count in case of error (bsc#1207650). - ocfs2: fix BUG when iput after ocfs2_mknod fails (bsc#1207649). - ocfs2: fix crash when mount with quota enabled (bsc#1207640). - ocfs2: fix memory leak in ocfs2_mount_volume() (bsc#1207652). - ocfs2: fix memory leak in ocfs2_stack_glue_init() (bsc#1207651). - ocfs2: ocfs2_mount_volume does cleanup job before return error (bsc#1207770). - ocfs2: quota_local: fix possible uninitialized-variable access in ocfs2_local_read_info() (bsc#1207768). - ocfs2: rewrite error handling of ocfs2_fill_super (bsc#1207771). - panic: Consolidate open-coded panic_on_warn checks (bsc#1207328). - panic: Introduce warn_limit (bsc#1207328). - panic: unset panic_on_warn inside panic() (bsc#1207328). - pci/iov: Enlarge virtfn sysfs name buffer (git-fixes). - pci/pm: Always disable PTM for all devices during suspend (git-fixes). - pci/pm: Avoid putting Elo i2 PCIe Ports in D3cold (git-fixes). - pci/pm: Fix bridge_d3_blacklist Elo i2 overwrite of Gigabyte X299 (git-fixes). - pci/pm: Observe reset delay irrespective of bridge_d3 (git-fixes). - pci/ptm: Add pci_suspend_ptm() and pci_resume_ptm() (git-fixes). - pci: Add ACS quirk for Wangxun NICs (git-fixes). - pci: Add SolidRun vendor ID (git-fixes). - pci: Align extra resources for hotplug bridges properly (git-fixes). - pci: Avoid FLR for AMD FCH AHCI adapters (git-fixes). - pci: Avoid pci_dev_lock() AB/BA deadlock with sriov_numvfs_store() (git-fixes). - pci: Fix dropping valid root bus resources with .end = zero (git-fixes). - pci: Reduce warnings on possible RW1C corruption (git-fixes). - pci: Take other bus devices into account when distributing resources (git-fixes). - pci: Unify delay handling for reset and resume (git-fixes). - pci: aardvark: Check return value of generic_handle_domain_irq() when processing INTx IRQ (git-fixes). - pci: aardvark: Fix link training (git-fixes). - pci: dwc: Add dw_pcie_ops.host_deinit() callback (git-fixes). - pci: hotplug: Allow marking devices as disconnected during bind/unbind (git-fixes). - pci: mediatek-gen3: Assert resets to ensure expected init state (git-fixes). - pci: mediatek-gen3: Fix refcount leak in mtk_pcie_init_irq_domains() (git-fixes). - pci: qcom: Fix host-init error handling (git-fixes). - pci: qcom: Fix pipe clock imbalance (git-fixes). - pci: switchtec: Return -EFAULT for copy_to_user() errors (git-fixes). - pci: xgene: Revert 'PCI: xgene: Use inbound resources for setup' (git-fixes). - perf/amd/ibs: Use interrupt regs ip for stack unwinding (git fixes). - perf/core: Call LSM hook after copying perf_event_attr (git fixes). - perf/core: Fix data race between perf_event_set_output() and perf_mmap_close() (git fixes). - perf/core: Inherit event_caps (git fixes). - perf/x86/amd: fix potential integer overflow on shift of a int (git fixes). - perf/x86/intel/ds: Fix precise store latency handling (git fixes). - perf/x86/intel/lbr: Use setup_clear_cpu_cap() instead of clear_cpu_cap() (git fixes). - perf/x86/intel/pt: Fix sampling using single range output (git fixes). - perf/x86/intel/pt: Relax address filter validation (git fixes). - perf/x86/intel/uncore: Add Emerald Rapids (git fixes). - perf/x86/intel/uncore: Clear attr_update properly (bsc#1206824, bsc#1206493, bsc#1206492). - perf/x86/intel/uncore: Disable I/O stacks to PMU mapping on ICX-D (bsc#1206824, bsc#1206493, bsc#1206492). - perf/x86/intel/uncore: Enable UPI topology discovery for Icelake Server (bsc#1206824, bsc#1206493, bsc#1206492). - perf/x86/intel/uncore: Enable UPI topology discovery for Sapphire Rapids (bsc#1206824, bsc#1206493, bsc#1206492). - perf/x86/intel/uncore: Enable UPI topology discovery for Skylake Server (bsc#1206824, bsc#1206493, bsc#1206492). - perf/x86/intel/uncore: Fix broken read_counter() for SNB IMC PMU (git fixes). - perf/x86/intel/uncore: Fix reference count leak in __uncore_imc_init_box() (git fixes). - perf/x86/intel/uncore: Fix reference count leak in hswep_has_limit_sbox() (git fixes). - perf/x86/intel/uncore: Fix reference count leak in sad_cfg_iio_topology() (git fixes). - perf/x86/intel/uncore: Fix reference count leak in snr_uncore_mmio_map() (git fixes). - perf/x86/intel/uncore: Generalize IIO topology support (bsc#1206824, bsc#1206493, bsc#1206492). - perf/x86/intel/uncore: Generalize get_topology() for SKX PMUs (bsc#1206824, bsc#1206493, bsc#1206492). - perf/x86/intel/uncore: Get UPI NodeID and GroupID (bsc#1206824, bsc#1206493, bsc#1206492). - perf/x86/intel/uncore: Introduce UPI topology type (bsc#1206824, bsc#1206493, bsc#1206492). - perf/x86/intel/uncore: Make set_mapping() procedure void (bsc#1206824, bsc#1206493, bsc#1206492). - perf/x86/intel/uncore: Update sysfs-devices-mapping file (bsc#1206824, bsc#1206493, bsc#1206492). - perf/x86/intel: Add Cooper Lake stepping to isolation_ucodes (git fixes). - perf/x86/intel: Add Emerald Rapids (git fixes). - perf/x86/intel: Do not extend the pseudo-encoding to GP counters (git fixes). - perf/x86/intel: Fix PEBS data source encoding for ADL (git fixes). - perf/x86/intel: Fix PEBS memory access info encoding for ADL (git fixes). - perf/x86/intel: Fix event constraints for ICL (git fixes). - perf/x86/intel: Fix pebs event constraints for ADL (git fixes). - perf/x86/intel: Fix pebs event constraints for ICL (git fixes). - perf/x86/intel: Fix pebs event constraints for SPR (git fixes). - perf/x86/lbr: Enable the branch type for the Arch LBR by default (git fixes). - perf/x86/msr: Add Emerald Rapids (git fixes). - perf/x86/rapl: Add support for Intel AlderLake-N (git fixes). - perf/x86/rapl: Treat Tigerlake like Icelake (git fixes). - perf/x86/rapl: Use standard Energy Unit for SPR Dram RAPL domain (git fixes). - perf/x86/rapl: fix AMD event handling (git fixes). - perf/x86/uncore: Add Raptor Lake uncore support (git fixes). - perf/x86/uncore: Add a quirk for UPI on SPR (bsc#1206824, bsc#1206493, bsc#1206492). - perf/x86/uncore: Add new Alder Lake and Raptor Lake support (git fixes). - perf/x86/uncore: Add new Raptor Lake S support (git fixes). - perf/x86/uncore: Clean up uncore_pci_ids (git fixes). - perf/x86/uncore: Do not WARN_ON_ONCE() for a broken discovery table (bsc#1206824, bsc#1206493, bsc#1206492). - perf/x86/uncore: Factor out uncore_device_to_die() (bsc#1206824, bsc#1206493, bsc#1206492). - perf/x86/uncore: Fix potential NULL pointer in uncore_get_alias_name (bsc#1206824, bsc#1206493, bsc#1206492). - perf/x86/uncore: Ignore broken units in discovery table (bsc#1206824, bsc#1206493, bsc#1206492). - perf: Always wake the parent event (git fixes). - perf: Fix possible memleak in pmu_dev_alloc() (git fixes). - phy: rockchip-typec: Fix unsigned comparison with less than zero (git-fixes). - phy: rockchip-typec: fix tcphy_get_mode error case (git-fixes). - pinctrl: aspeed: Fix confusing types in return value (git-fixes). - pinctrl: at91: use devm_kasprintf() to avoid potential leaks (git-fixes). - pinctrl: intel: Restore the pins that used to be in Direct IRQ mode (git-fixes). - pinctrl: mediatek: Fix the drive register definition of some Pins (git-fixes). - pinctrl: mediatek: Initialize variable *buf to zero (git-fixes). - pinctrl: mediatek: fix coding style (git-fixes). - pinctrl: qcom: pinctrl-msm8976: Correct function names for wcss pins (git-fixes). - pinctrl: rockchip: Fix refcount leak in rockchip_pinctrl_parse_groups (git-fixes). - pinctrl: single: fix potential NULL dereference (git-fixes). - pinctrl: stm32: Fix refcount leak in stm32_pctrl_get_irq_domain (git-fixes). - platform/x86: ISST: PUNIT device mapping with Sub-NUMA clustering (bsc#1208420). - platform/x86: amd-pmc: Correct usage of SMU version (git-fixes). - platform/x86: amd-pmc: Export Idlemask values based on the APU (git-fixes). - platform/x86: amd-pmc: Fix compilation when CONFIG_DEBUGFS is disabled (git-fixes). - platform/x86: dell-wmi: Add a keymap for KEY_MUTE in type 0x0010 table (git-fixes). - platform/x86: gigabyte-wmi: add support for B450M DS3H WIFI-CF (git-fixes). - platform/x86: touchscreen_dmi: Add Chuwi Vi8 (CWI501) DMI match (git-fixes). - platform: x86: MLX_PLATFORM: select REGMAP instead of depending on it (git-fixes). - powercap: fix possible name leak in powercap_register_zone() (git-fixes). - powerpc/eeh: Set channel state after notifying the drivers (bsc#1208784 ltc#201612). - printf: fix errname.c list (git-fixes). - prlimit: do_prlimit needs to have a speculation check (bsc#1209256). - pwm: stm32-lp: fix the check on arr and cmp registers update (git-fixes). - qede: avoid uninitialized entries in coal_entry array (bsc#1205846). - qede: fix interrupt coalescing configuration (bsc#1205846). - quota: Check next/prev free block number after reading from quota file (bsc#1206640). - quota: Prevent memory allocation recursion while holding dq_lock (bsc#1207639). - rcu: Tighten rcu_advance_cbs_nowake() checks (bsc#1209159). - rdma/cxgb4: Fix potential null-ptr-deref in pass_establish() (git-fixes) - rdma/cxgb4: add null-ptr-check after ip_dev_find() (git-fixes) - rdma/cxgb4: remove unnecessary NULL check in __c4iw_poll_cq_one() (git-fixes) - rdma/irdma: Cap MSIX used to online CPUs + 1 (git-fixes) - rdma/irdma: Fix potential NULL-ptr-dereference (git-fixes) - rdma/rxe: Fix missing memory barriers in rxe_queue.h (git-fixes) - rdma/siw: Fix user page pinning accounting (git-fixes) - rdma/usnic: use iommu_map_atomic() under spin_lock() (git-fixes) - refresh patches.suse/NFSv3-handle-out-of-order-write-replies (bsc#1209457). - regulator: Flag uncontrollable regulators as always_on (git-fixes). - regulator: core: Fix off-on-delay-us for always-on/boot-on regulators (git-fixes). - regulator: core: Use ktime_get_boottime() to determine how long a regulator was off (git-fixes). - regulator: max77802: Bounds check regulator id against opmode (git-fixes). - regulator: s5m8767: Bounds check id indexing into arrays (git-fixes). - remoteproc/mtk_scp: Move clk ops outside send_lock (git-fixes). - remoteproc: qcom_q6v5_mss: Use a carveout to authenticate modem headers (git-fixes). - replace mkinitrd dependency with dracut (bsc#1202353). Also update mkinitrd refrences in documentation and comments. - require suse-kernel-rpm-scriptlets at all times. The kernel packages call scriptlets for each stage, add the dependency to make it clear to libzypp that the scriptlets are required. There is no special dependency for posttrans, these scriptlets run when transactions are resolved. The plain dependency has to be used to support posttrans. - revert 'HID: logitech-hidpp: add a module parameter to keep firmware gestures' (git-fixes). - revert 'char: pcmcia: cm4000_cs: Replace mdelay with usleep_range in set_protocol' (git-fixes). - revert 'crypto: rsa-pkcs1pad - Replace GFP_ATOMIC with GFP_KERNEL in pkcs1pad_encrypt_sign_complete' (git-fixes). - revert 'usb: dwc3: qcom: Keep power domain on to retain controller status' (git-fixes). - rpm/group-source-files.pl: Deal with {pre,post}fixed / in location When the source file location provided with -L is either prefixed or postfixed with forward slash, the script get stuck in a infinite loop inside calc_dirs() where $path is an empty string. user at localhost:/tmp> perl '$HOME/group-source-files.pl' -D devel.files -N nondevel.files -L /usr/src/linux-5.14.21-150500.41/ ... path = /usr/src/linux-5.14.21-150500.41/Documentation/Kconfig path = /usr/src/linux-5.14.21-150500.41/Documentation path = /usr/src/linux-5.14.21-150500.41 path = /usr/src path = /usr path = path = path = ... # Stuck in an infinite loop This workarounds the issue by breaking out the loop once path is an empty string. For a proper fix we'd want something that filesystem-aware, but this workaround should be enough for the rare occation that this script is ran manually. Link: http://mailman.suse.de/mlarch/SuSE/kernel/2023/kernel.2023.03/msg00024.html - rpm/group-source-files.pl: Fix output difference when / is in location While previous attempt to fix group-source-files.pl in 6d651362c38 'rpm/group-source-files.pl: Deal with {pre,post}fixed / in location' breaks the infinite loop, it does not properly address the issue. Having prefixed and/or postfixed forward slash still result in different output. This commit changes the script to use the Perl core module File::Spec for proper path manipulation to give consistent output. - rpm/kernel-obs-build.spec.in: Remove SLE11 cruft - rtc: allow rtc_read_alarm without read_alarm callback (git-fixes). - rtc: pm8xxx: fix set-alarm race (git-fixes). - rtc: sun6i: Always export the internal oscillator (git-fixes). - runrpc allow for unspecified transport time in rpc_clnt_add_xprt (git-fixes). - s390/dasd: Fix potential memleak in dasd_eckd_init() (git-fixes). - s390/kexec: fix ipl report address for kdump (bsc#1207529). - scsi: lpfc: Exit PRLI completion handling early if ndlp not in PRLI_ISSUE state (bsc#1208607). - scsi: lpfc: Fix space indentation in lpfc_xcvr_data_show() (bsc#1208607). - scsi: lpfc: Fix use-after-free KFENCE violation during sysfs firmware write (bsc#1208607). - scsi: lpfc: Introduce new attention types for lpfc_sli4_async_fc_evt() handler (bsc#1208607). - scsi: lpfc: Reinitialize internal VMID data structures after FLOGI completion (bsc#1208607). - scsi: lpfc: Remove duplicate ndlp kref decrement in lpfc_cleanup_rpis() (bsc#1208607 bsc#1208534). - scsi: lpfc: Remove redundant clean up code in disable_vport() (bsc#1208607). - scsi: lpfc: Replace outdated strncpy() with strscpy() (bsc#1208607). - scsi: lpfc: Resolve miscellaneous variable set but not used compiler warnings (bsc#1208607). - scsi: lpfc: Set max DMA segment size to HBA supported SGE length (bsc#1208607). - scsi: lpfc: Update lpfc version to 14.2.0.10 (bsc#1208607). - scsi: qla2xxx: Add option to disable FC2 Target support (bsc#1198438 bsc#1206103). - scsi: qla2xxx: Check if port is online before sending ELS (bsc#1208570). - scsi: qla2xxx: Fix DMA-API call trace on NVMe LS requests (bsc#1208570). - scsi: qla2xxx: Fix IOCB resource check warning (bsc#1208570). - scsi: qla2xxx: Fix erroneous link down (bsc#1208570). - scsi: qla2xxx: Fix exchange oversubscription (bsc#1208570). - scsi: qla2xxx: Fix exchange oversubscription for management commands (bsc#1208570). - scsi: qla2xxx: Fix link failure in NPIV environment (bsc#1208570). - scsi: qla2xxx: Fix printk() format string (bsc#1208570). - scsi: qla2xxx: Fix stalled login (bsc#1208570). - scsi: qla2xxx: Make qla_trim_buf() and __qla_adjust_buf() static (bsc#1208570). - scsi: qla2xxx: Relocate/rename vp map (bsc#1208570). - scsi: qla2xxx: Remove dead code (GNN ID) (bsc#1208570). - scsi: qla2xxx: Remove dead code (GPNID) (bsc#1208570). - scsi: qla2xxx: Remove dead code (bsc#1208570). - scsi: qla2xxx: Remove increment of interface err cnt (bsc#1208570). - scsi: qla2xxx: Remove the unused variable wwn (bsc#1208570). - scsi: qla2xxx: Remove unintended flag clearing (bsc#1208570). - scsi: qla2xxx: Select qpair depending on which CPU post_cmd() gets called (bsc#1208570). - scsi: qla2xxx: Simplify if condition evaluation (bsc#1208570). - scsi: qla2xxx: Update version to 10.02.08.100-k (bsc#1208570). - scsi: qla2xxx: Update version to 10.02.08.200-k (bsc#1208570). - scsi: qla2xxx: Use a variable for repeated mem_size computation (bsc#1208570). - scsi: qla2xxx: edif: Fix clang warning (bsc#1208570). - scsi: qla2xxx: edif: Fix performance dip due to lock contention (bsc#1208570). - scsi: qla2xxx: edif: Fix stall session after app start (bsc#1208570). - scsi: qla2xxx: edif: Reduce memory usage during low I/O (bsc#1208570). - scsi: storvsc: Handle BlockSize change in Hyper-V VHD/VHDX file (git-fixes). - sefltests: netdevsim: wait for devlink instance after netns removal (git-fixes). - selftest/lkdtm: Skip stack-entropy test if lkdtm is not available (git-fixes). - selftests/ftrace: Add check for ping command for trigger tests (bsc#1204993 ltc#200103). - selftests/ftrace: Convert tracer tests to use 'requires' to specify program dependency (bsc#1204993 ltc#200103). - selftests/powerpc: Account for offline cpus in perf-hwbreak test (bsc#1206232). - selftests/powerpc: Bump up rlimit for perf-hwbreak test (bsc#1206232). - selftests/powerpc: Move perror closer to its use (bsc#1206232). - selftests: forwarding: lib: quote the sysctl values (git-fixes). - selftests: net: udpgso_bench: Fix racing bug between the rx/tx programs (git-fixes). - selftests: net: udpgso_bench_rx/tx: Stop when wrong CLI args are provided (git-fixes). - selftests: net: udpgso_bench_rx: Fix 'used uninitialized' compiler warning (git-fixes). - selftests: net: udpgso_bench_tx: Cater for pending datagrams zerocopy benchmarking (git-fixes). - serial: 8250_em: Fix UART port type (git-fixes). - serial: 8250_fsl: fix handle_irq locking (git-fixes). - serial: fsl_lpuart: fix RS485 RTS polariy inverse issue (git-fixes). - serial: qcom-geni: fix console shutdown hang (git-fixes). - serial: sc16is7xx: setup GPIO controller later in probe (git-fixes). - serial: tegra: Add missing clk_disable_unprepare() in tegra_uart_hw_init() (git-fixes). - signal/seccomp: Refactor seccomp signal and coredump generation (git-fixes). - signal/vm86_32: Properly send SIGSEGV when the vm86 state cannot be saved (git-fixes). - signal/x86: In emulate_vsyscall force a signal instead of calling do_exit (git-fixes). - signal: Implement force_fatal_sig (git-fixes). - smb3: Replace smb2pdu 1-element arrays with flex-arrays (bsc#1193629). - soundwire: cadence: Do not overflow the command FIFOs (git-fixes). - spi: bcm63xx-hsspi: Endianness fix for ARM based SoC (git-fixes). - spi: dw: Fix wrong FIFO level setting for long xfers (git-fixes). - spi: dw_bt1: fix MUX_MMIO dependencies (git-fixes). - spi: synquacer: Fix timeout handling in synquacer_spi_transfer_one() (git-fixes). - spi: tegra210-quad: Fix validate combined sequence (git-fixes). - staging: emxx_udc: Add checks for dma_alloc_coherent() (git-fixes). - staging: mt7621-dts: change palmbus address to lower case (git-fixes). - struct uvc_device move flush_status new member to end (git-fixes). - sunrpc: Do not leak netobj memory when gss_read_proxy_verf() fails (git-fixes). - sunrpc: Fix null-ptr-deref when xps sysfs alloc failed (git-fixes). - sunrpc: Fix potential race conditions in rpc_sysfs_xprt_state_change() (git-fixes). - sunrpc: Fix socket waits for write buffer space (git-fixes). - sunrpc: Return true/false (not 1/0) from bool functions (git-fixes). - supported.conf: Remove duplicate entry. - sysctl: add a new register_sysctl_init() interface (bsc#1207328). - thermal/drivers/hisi: Drop second sensor hi3660 (git-fixes). - thermal/drivers/tsens: Add compat string for the qcom,msm8960 (git-fixes). - thermal/drivers/tsens: Drop msm8976-specific defines (git-fixes). - thermal/drivers/tsens: Sort out msm8976 vs msm8956 data (git-fixes). - thermal/drivers/tsens: fix slope values for msm8939 (git-fixes). - thermal/drivers/tsens: limit num_sensors to 9 for msm8939 (git-fixes). - thermal: intel: BXT_PMIC: select REGMAP instead of depending on it (git-fixes). - thermal: intel: Fix unsigned comparison with less than zero (git-fixes). - thermal: intel: intel_pch: Add support for Wellsburg PCH (git-fixes). - thermal: intel: powerclamp: Fix cur_state for multi package system (git-fixes). - thermal: intel: quark_dts: fix error pointer dereference (git-fixes). - tools/iio/iio_utils:fix memory leak (git-fixes). - tpm/eventlog: Do not abort tpm_read_log on faulty ACPI address (git-fixes). - trace_events_hist: add check for return value of 'create_hist_field' (git-fixes). - tracing: Fix poll() and select() do not work on per_cpu trace_pipe and trace_pipe_raw (git-fixes). - tracing: Make sure trace_printk() can output as soon as it can be used (git-fixes). - tty: fix out-of-bounds access in tty_driver_lookup_tty() (git-fixes). - tty: serial: fsl_lpuart: Fix the wrong RXWATER setting for rx dma case (git-fixes). - tty: serial: fsl_lpuart: clear LPUART Status Register in lpuart32_shutdown() (git-fixes). - tty: serial: fsl_lpuart: disable Rx/Tx DMA in lpuart32_shutdown() (git-fixes). - tty: serial: fsl_lpuart: disable the CTS when send break signal (git-fixes). - tty: serial: imx: Handle RS485 DE signal active high (git-fixes). - tty: serial: imx: disable Ageing Timer interrupt request irq (git-fixes). - tty: serial: qcom-geni-serial: stop operations in progress at shutdown (git-fixes). - ubsan: no need to unset panic_on_warn in ubsan_epilogue() (bsc#1207328). - update internal module version number for cifs.ko (bsc#1193629). - update suse/hid-bigben_probe-validate-report-count (bsc#1208605). - usb: core: Do not hold device lock while reading the 'descriptors' sysfs file (git-fixes). - usb: core: add quirk for Alcor Link AK9563 smartcard reader (git-fixes). - usb: dwc3: core: Host wake up support from system suspend (git-fixes). - usb: dwc3: pci: add support for the Intel Meteor Lake-M (git-fixes). - usb: dwc3: qcom: Configure wakeup interrupts during suspend (git-fixes). - usb: dwc3: qcom: Fix memory leak in dwc3_qcom_interconnect_init (git-fixes). - usb: dwc3: qcom: Keep power domain on to retain controller status (git-fixes). - usb: dwc3: qcom: clean up icc init (git-fixes). - usb: dwc3: qcom: clean up suspend callbacks (git-fixes). - usb: dwc3: qcom: fix gadget-only builds (git-fixes). - usb: dwc3: qcom: fix peripheral and OTG suspend (git-fixes). - usb: dwc3: qcom: fix wakeup implementation (git-fixes). - usb: dwc3: qcom: only parse 'maximum-speed' once (git-fixes). - usb: dwc3: qcom: suppress unused-variable warning (git-fixes). - usb: early: xhci-dbc: Fix a potential out-of-bound memory access (git-fixes). - usb: ene_usb6250: Allocate enough memory for full object (git-fixes). - usb: gadget: configfs: Restrict symlink creation is UDC already binded (git-fixes). - usb: gadget: configfs: remove using list iterator after loop body as a ptr (git-fixes). - usb: gadget: configfs: use to_config_usb_cfg() in os_desc_link() (git-fixes). - usb: gadget: configfs: use to_usb_function_instance() in cfg (un)link func (git-fixes). - usb: gadget: fusb300_udc: free irq on the error path in fusb300_probe() (git-fixes). - usb: gadget: u_serial: Add null pointer check in gserial_resume (git-fixes). - usb: host: xhci: mvebu: Iterate over array indexes instead of using pointer math (git-fixes). - usb: max-3421: Fix setting of I/O pins (git-fixes). - usb: musb: Add and use inline function musb_otg_state_string (git-fixes). - usb: musb: Add and use inline functions musb_{get,set}_state (git-fixes). - usb: musb: mediatek: do not unregister something that wasn't registered (git-fixes). - usb: musb: remove schedule work called after flush (git-fixes). - usb: serial: option: add support for VW/Skoda 'Carstick LTE' (git-fixes). - usb: typec: altmodes/displayport: Fix probe pin assign check (git-fixes). - usb: typec: intel_pmc_mux: Do not leak the ACPI device reference count (git-fixes). - usb: typec: intel_pmc_mux: Use the helper acpi_dev_get_memory_resources() (git-fixes). - usb: uvc: Enumerate valid values for color matching (git-fixes). - vc_screen: do not clobber return value in vcs_read (git-fixes). - vc_screen: modify vcs_size() handling in vcs_read() (git-fixes). - vdpa_sim: not reset state in vdpasim_queue_ready (git-fixes). - vfio/type1: prevent underflow of locked_vm via exec() (git-fixes). - vfio/type1: restore locked_vm (git-fixes). - vfio/type1: track locked_vm per dma (git-fixes). - vfs: Check the truncate maximum size in inode_newsize_ok() (bsc#1207642). - vfs: filename_create(): fix incorrect intent (bsc#1197534). - virt/sev-guest: Add a MODULE_ALIAS (bsc#1208449). - virt/sev-guest: Prevent IV reuse in the SNP guest driver (bsc#1208449). - virt/sev-guest: Remove unnecessary free in init_crypto() (bsc#1208449). - virt: sev-guest: Pass the appropriate argument type to iounmap() (bsc#1208449). - virt: sevguest: Change driver name to reflect generic SEV support (bsc#1208449). - virt: sevguest: Rename the sevguest dir and files to sev-guest (bsc#1208449). - vmci: check context->notify_page after call to get_user_pages_fast() to avoid GPF (git-fixes). - vmxnet3: move rss code block under eop descriptor (bsc#1208212). - watch_queue: fix IOC_WATCH_QUEUE_SET_SIZE alloc error paths (bsc#1197617). - watchdog/hpwdt: Enable HP_WATCHDOG for ARM64 systems. (jsc#PED-3210) Also enable module in aarch64 default configuration. - watchdog: Fix kmemleak in watchdog_cdev_register (git-fixes). - watchdog: at91sam9_wdt: use devm_request_irq to avoid missing free_irq() in error path (git-fixes). - watchdog: pcwd_usb: Fix attempting to access uninitialized memory (git-fixes). - watchdog: sbsa_wdog: Make sure the timeout programming is within the limits (git-fixes). - wifi: ath11k: Fix memory leak in ath11k_peer_rx_frag_setup (git-fixes). - wifi: ath11k: allow system suspend to survive ath11k (git-fixes). - wifi: ath9k: Fix potential stack-out-of-bounds write in ath9k_wmi_rsp_callback() (git-fixes). - wifi: ath9k: Fix use-after-free in ath9k_hif_usb_disconnect() (git-fixes). - wifi: ath9k: hif_usb: clean up skbs if ath9k_hif_usb_rx_stream() fails (git-fixes). - wifi: ath9k: htc_hst: free skb in ath9k_htc_rx_msg() if there is no callback function (git-fixes). - wifi: ath9k: use proper statements in conditionals (git-fixes). - wifi: brcmfmac: Fix potential stack-out-of-bounds in brcmf_c_preinit_dcmds() (git-fixes). - wifi: brcmfmac: ensure CLM version is null-terminated to prevent stack-out-of-bounds (git-fixes). - wifi: brcmfmac: fix potential memory leak in brcmf_netdev_start_xmit() (git-fixes). - wifi: brcmfmac: unmap dma buffer in brcmf_msgbuf_alloc_pktid() (git-fixes). - wifi: cfg80211: Fix extended KCK key length check in nl80211_set_rekey_data() (git-fixes). - wifi: cfg80211: Fix use after free for wext (git-fixes). - wifi: cfg80211: Partial revert 'wifi: cfg80211: Fix use after free for wext' (git-fixes). - wifi: ipw2200: fix memory leak in ipw_wdev_init() (git-fixes). - wifi: ipw2x00: do not call dev_kfree_skb() under spin_lock_irqsave() (git-fixes). - wifi: iwl3945: Add missing check for create_singlethread_workqueue (git-fixes). - wifi: iwl4965: Add missing check for create_singlethread_workqueue() (git-fixes). - wifi: iwlegacy: common: do not call dev_kfree_skb() under spin_lock_irqsave() (git-fixes). - wifi: libertas: cmdresp: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). - wifi: libertas: fix memory leak in lbs_init_adapter() (git-fixes). - wifi: libertas: if_usb: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). - wifi: libertas: main: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). - wifi: libertas_tf: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). - wifi: mac80211: make rate u32 in sta_set_rate_info_rx() (git-fixes). - wifi: mt7601u: fix an integer underflow (git-fixes). - wifi: mt76: dma: free rx_head in mt76_dma_rx_cleanup (git-fixes). - wifi: mwifiex: Add missing compatible string for SD8787 (git-fixes). - wifi: mwifiex: fix loop iterator in mwifiex_update_ampdu_txwinsize() (git-fixes). - wifi: orinoco: check return value of hermes_write_wordrec() (git-fixes). - wifi: rsi: Fix memory leak in rsi_coex_attach() (git-fixes). - wifi: rtl8xxxu: Fix memory leaks with RTL8723BU, RTL8192EU (git-fixes). - wifi: rtl8xxxu: Use a longer retry limit of 48 (git-fixes). - wifi: rtl8xxxu: do not call dev_kfree_skb() under spin_lock_irqsave() (git-fixes). - wifi: rtl8xxxu: fixing transmisison failure for rtl8192eu (git-fixes). - wifi: rtlwifi: Fix global-out-of-bounds bug in _rtl8812ae_phy_set_txpower_limit() (git-fixes). - wifi: rtlwifi: rtl8188ee: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). - wifi: rtlwifi: rtl8723be: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). - wifi: rtlwifi: rtl8821ae: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). - wifi: rtw89: Add missing check for alloc_workqueue (git-fixes). - wifi: wilc1000: fix potential memory leak in wilc_mac_xmit() (git-fixes). - wifi: wl3501_cs: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). - writeback: avoid use-after-free after removing device (bsc#1207638). - x86/64/mm: Map all kernel memory into trampoline_pgd (git-fixes). - x86/MCE/AMD: Clear DFR errors found in THR handler (git-fixes). - x86/amd_nb: Add AMD PCI IDs for SMN communication (bsc#1208848). - x86/asm: Fix an assembler warning with current binutils (git-fixes). - x86/boot: Avoid using Intel mnemonics in AT&T syntax asm (git-fixes). - x86/cpu: Add CPU model numbers for Meteor Lake (git fixes). - x86/cpu: Add Raptor Lake to Intel family (git fixes). - x86/cpu: Add new Alderlake and Raptorlake CPU model numbers (git fixes). - x86/cpu: Add new Raptor Lake CPU model number (git fixes). - x86/cpu: Add several Intel server CPU model numbers (git fixes). - x86/cpu: Drop spurious underscore from RAPTOR_LAKE #define (git fixes). - x86/hyperv: Introduce HV_MAX_SPARSE_VCPU_BANKS/HV_VCPUS_PER_SPARSE_BANK constants (git-fixes). - x86/kprobes: Fix kprobes instruction boudary check with CONFIG_RETHUNK (git-fixes). - x86/kprobes: Fix optprobe optimization check with CONFIG_RETHUNK (git-fixes). - x86/kvm: Remove unused virt to phys translation in kvm_guest_cpu_init() (git-fixes). - x86/microcode/intel: Do not retry microcode reloading on the APs (git-fixes). - x86/perf/zhaoxin: Add stepping check for ZXC (git fixes). - x86/perf: Avoid warning for Arch LBR without XSAVE (git fixes). - x86/perf: Default set FREEZE_ON_SMI for all (git fixes). - x86/sgx: Fix free page accounting (git-fixes). - x86/xen: Fix memory leak in xen_init_lock_cpu() (git-fixes). - x86/xen: Fix memory leak in xen_smp_intr_init{_pv}() (git-fixes). - x86: acpi: cstate: Optimize C3 entry on AMD CPUs (git-fixes). - x86: link vdso and boot with -z noexecstack --no-warn-rwx-segments (bsc#1203200). - xen-netfront: Fix NULL sring after live migration (git-fixes). - xen-pciback: Allow setting PCI_MSIX_FLAGS_MASKALL too (git-fixes). - xen/arm: Fix race in RB-tree based P2M accounting (git-fixes) - xen/netback: do some code cleanup (git-fixes). - xen/netback: fix build warning (git-fixes). - xen/netfront: destroy queues before real_num_tx_queues is zeroed (git-fixes). - xen/platform-pci: add missing free_irq() in error path (git-fixes). - xen/privcmd: Fix a possible warning in privcmd_ioctl_mmap_resource() (git-fixes). - xfs: estimate post-merge refcounts correctly (bsc#1208183). - xfs: hoist refcount record merge predicates (bsc#1208183). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1717-1 Released: Fri Mar 31 15:18:35 2023 Summary: Security update for grub2 Type: security Severity: moderate References: 1209188 This update of grub2 fixes the following issues: - rebuild the package with the new secure boot key (bsc#1209188). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1718-1 Released: Fri Mar 31 15:47:34 2023 Summary: Security update for glibc Type: security Severity: moderate References: 1207571,1207957,1207975,1208358,CVE-2023-0687 This update for glibc fixes the following issues: Security issue fixed: - CVE-2023-0687: Fix allocated buffer overflow in gmon (bsc#1207975) Other issues fixed: - Fix avx2 strncmp offset compare condition check (bsc#1208358) - elf: Allow dlopen of filter object to work (bsc#1207571) - powerpc: Fix unrecognized instruction errors with recent GCC - x86: Cache computation for AMD architecture (bsc#1207957) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1735-1 Released: Mon Apr 3 12:34:01 2023 Summary: Recommended update for nvme-cli Type: recommended Severity: important References: 1186689,1207435,1208001,1208075,1209550,1209564 This update for nvme-cli fixes the following issues: - Switch from quilt based to git based maintenance - Sanitize traddr and trsvcid avoid buffer overrun (bsc#1207435) - Extend udev rule to pass --host-interface argument to nvme-cli (bsc#1208001) - Build documentation to be up to date - Fix build warning (git-fixes) - Improvements for supported-log-pages (bsc#1209550) - Fix read command (bsc#1209564) - Fix mounting filesystems via fstab (bsc#1208075) - Allow tracking unique discover controllers (bsc#1186689) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1745-1 Released: Tue Apr 4 09:05:23 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1209624,CVE-2023-0464 This update for openssl-1_1 fixes the following issues: - CVE-2023-0464: Fixed excessive Resource Usage Verifying X.509 Policy Constraints (bsc#1209624). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1753-1 Released: Tue Apr 4 11:55:00 2023 Summary: Recommended update for systemd-presets-common-SUSE Type: recommended Severity: moderate References: This update for systemd-presets-common-SUSE fixes the following issue: - Enable systemd-pstore.service by default (jsc#PED-2663) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1779-1 Released: Thu Apr 6 08:16:58 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1208432 This update for systemd fixes the following issues: - Fix return non-zero value when disabling SysVinit service (bsc#1208432) - Drop build requirement on libpci, it's not no longer needed - Move systemd-boot and all components managing (secure) UEFI boot into udev sub-package, so they aren't installed in systemd based containers The following package changes have been done: - bind-utils-9.16.38-150400.5.20.2 updated - containerd-ctr-1.6.16-150000.82.2 updated - containerd-1.6.16-150000.82.2 updated - cpupower-5.14-150400.3.3.1 updated - curl-7.79.1-150400.5.18.1 updated - docker-20.10.23_ce-150000.175.1 updated - glibc-locale-base-2.31-150300.46.1 updated - glibc-locale-2.31-150300.46.1 updated - glibc-2.31-150300.46.1 updated - grub2-i386-pc-2.06-150400.11.25.1 updated - grub2-x86_64-efi-2.06-150400.11.25.1 updated - grub2-2.06-150400.11.25.1 updated - kernel-default-5.14.21-150400.24.55.3 updated - kexec-tools-2.0.20-150400.16.3.1 updated - libcpupower0-5.14-150400.3.3.1 updated - libcurl4-7.79.1-150400.5.18.1 updated - libgcc_s1-12.2.1+git416-150000.1.7.1 updated - libgcrypt20-1.9.4-150400.6.8.1 updated - libgnutls30-3.7.3-150400.4.35.1 updated - libldb2-2.4.4-150400.4.11.1 updated - libnvme1-1.0+28.g0e21f3af122a-150400.3.18.1 updated - libopenssl1_1-1.1.1l-150400.7.31.2 updated - libpython3_6m1_0-3.6.15-150300.10.45.1 updated - libsolv-tools-0.7.23-150400.3.3.1 updated - libstdc++6-12.2.1+git416-150000.1.7.1 updated - libsystemd0-249.16-150400.8.25.7 updated - libudev1-249.16-150400.8.25.7 updated - libzstd1-1.5.0-150400.3.3.1 updated - libzypp-17.31.8-150400.3.14.1 updated - mokutil-0.5.0-150400.3.3.1 added - nfs-client-2.1.1-150100.10.32.1 updated - nvme-cli-2.0+30.g86f82c58cb97-150400.3.15.1 updated - openssl-1_1-1.1.1l-150400.7.31.2 updated - openssl-1.1.1l-150400.1.5 added - python3-base-3.6.15-150300.10.45.1 updated - python3-bind-9.16.38-150400.5.20.2 updated - python3-3.6.15-150300.10.45.1 updated - rpm-ndb-4.14.3-150300.55.1 updated - samba-client-libs-4.15.13+git.636.53d93c5b9d6-150400.3.23.1 updated - samba-libs-4.15.13+git.636.53d93c5b9d6-150400.3.23.1 updated - shim-15.7-150300.4.11.1 updated - sudo-1.9.9-150400.4.26.1 updated - suse-build-key-12.0-150000.8.31.1 updated - suse-module-tools-15.4.16-150400.3.8.1 updated - systemd-presets-common-SUSE-15-150100.8.20.1 updated - systemd-sysvinit-249.16-150400.8.25.7 updated - systemd-249.16-150400.8.25.7 updated - udev-249.16-150400.8.25.7 updated - vim-data-common-9.0.1386-150000.5.37.1 updated - vim-9.0.1386-150000.5.37.1 updated - xen-libs-4.16.3_06-150400.4.25.1 updated - zstd-1.5.0-150400.3.3.1 updated - zypper-1.14.59-150400.3.12.2 updated - dracut-mkinitrd-deprecated-055+suse.331.g05b9ccb7-150400.3.16.1 removed From sle-updates at lists.suse.com Tue Apr 11 12:30:04 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 11 Apr 2023 12:30:04 -0000 Subject: SUSE-RU-2023:1813-1: low: Recommended update for open-vm-tools Message-ID: <168121620457.2326.1897762544630539662@smelt2.suse.de> # Recommended update for open-vm-tools Announcement ID: SUSE-RU-2023:1813-1 Rating: low References: * #1208880 Affected Products: * Basesystem Module 15-SP4 * Desktop Applications Module 15-SP4 * openSUSE Leap 15.4 * openSUSE Leap Micro 5.3 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 An update that contains one feature and has one recommended fix can now be installed. ## Description: This update for open-vm-tools fixes the following issue: * Ship missing open-vm-tools-salt-minion package. (bsc#1208880) ## Patch Instructions: To install this SUSE Low update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-1813=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-1813=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-1813=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-1813=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-1813=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-1813=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-1813=1 * Desktop Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2023-1813=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-1813=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-1813=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-1813=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-1813=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-1813=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-1813=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-1813=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-1813=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-1813=1 * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-1813=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-1813=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-1813=1 ## Package List: * openSUSE Leap Micro 5.3 (x86_64) * open-vm-tools-debuginfo-12.1.0-150300.23.5 * libvmtools0-debuginfo-12.1.0-150300.23.5 * open-vm-tools-debugsource-12.1.0-150300.23.5 * libvmtools0-12.1.0-150300.23.5 * open-vm-tools-12.1.0-150300.23.5 * openSUSE Leap 15.4 (aarch64 x86_64) * open-vm-tools-debuginfo-12.1.0-150300.23.5 * open-vm-tools-desktop-debuginfo-12.1.0-150300.23.5 * open-vm-tools-sdmp-12.1.0-150300.23.5 * libvmtools0-debuginfo-12.1.0-150300.23.5 * open-vm-tools-sdmp-debuginfo-12.1.0-150300.23.5 * open-vm-tools-debugsource-12.1.0-150300.23.5 * libvmtools-devel-12.1.0-150300.23.5 * open-vm-tools-desktop-12.1.0-150300.23.5 * libvmtools0-12.1.0-150300.23.5 * open-vm-tools-12.1.0-150300.23.5 * openSUSE Leap 15.4 (x86_64) * open-vm-tools-salt-minion-12.1.0-150300.23.5 * SUSE Linux Enterprise Micro for Rancher 5.3 (x86_64) * open-vm-tools-debuginfo-12.1.0-150300.23.5 * libvmtools0-debuginfo-12.1.0-150300.23.5 * open-vm-tools-debugsource-12.1.0-150300.23.5 * libvmtools0-12.1.0-150300.23.5 * open-vm-tools-12.1.0-150300.23.5 * SUSE Linux Enterprise Micro 5.3 (x86_64) * open-vm-tools-debuginfo-12.1.0-150300.23.5 * libvmtools0-debuginfo-12.1.0-150300.23.5 * open-vm-tools-debugsource-12.1.0-150300.23.5 * libvmtools0-12.1.0-150300.23.5 * open-vm-tools-12.1.0-150300.23.5 * SUSE Linux Enterprise Micro for Rancher 5.4 (x86_64) * open-vm-tools-debuginfo-12.1.0-150300.23.5 * libvmtools0-debuginfo-12.1.0-150300.23.5 * open-vm-tools-debugsource-12.1.0-150300.23.5 * libvmtools0-12.1.0-150300.23.5 * open-vm-tools-12.1.0-150300.23.5 * SUSE Linux Enterprise Micro 5.4 (x86_64) * open-vm-tools-debuginfo-12.1.0-150300.23.5 * libvmtools0-debuginfo-12.1.0-150300.23.5 * open-vm-tools-debugsource-12.1.0-150300.23.5 * libvmtools0-12.1.0-150300.23.5 * open-vm-tools-12.1.0-150300.23.5 * Basesystem Module 15-SP4 (aarch64 x86_64) * open-vm-tools-debuginfo-12.1.0-150300.23.5 * open-vm-tools-sdmp-12.1.0-150300.23.5 * libvmtools0-debuginfo-12.1.0-150300.23.5 * open-vm-tools-sdmp-debuginfo-12.1.0-150300.23.5 * open-vm-tools-debugsource-12.1.0-150300.23.5 * libvmtools-devel-12.1.0-150300.23.5 * libvmtools0-12.1.0-150300.23.5 * open-vm-tools-12.1.0-150300.23.5 * Basesystem Module 15-SP4 (x86_64) * open-vm-tools-salt-minion-12.1.0-150300.23.5 * Desktop Applications Module 15-SP4 (aarch64 x86_64) * open-vm-tools-desktop-debuginfo-12.1.0-150300.23.5 * open-vm-tools-debuginfo-12.1.0-150300.23.5 * open-vm-tools-desktop-12.1.0-150300.23.5 * open-vm-tools-debugsource-12.1.0-150300.23.5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (x86_64) * open-vm-tools-debuginfo-12.1.0-150300.23.5 * open-vm-tools-desktop-debuginfo-12.1.0-150300.23.5 * open-vm-tools-salt-minion-12.1.0-150300.23.5 * open-vm-tools-sdmp-12.1.0-150300.23.5 * libvmtools0-debuginfo-12.1.0-150300.23.5 * open-vm-tools-sdmp-debuginfo-12.1.0-150300.23.5 * open-vm-tools-debugsource-12.1.0-150300.23.5 * libvmtools-devel-12.1.0-150300.23.5 * open-vm-tools-desktop-12.1.0-150300.23.5 * libvmtools0-12.1.0-150300.23.5 * open-vm-tools-12.1.0-150300.23.5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (x86_64) * open-vm-tools-debuginfo-12.1.0-150300.23.5 * open-vm-tools-desktop-debuginfo-12.1.0-150300.23.5 * open-vm-tools-sdmp-12.1.0-150300.23.5 * libvmtools0-debuginfo-12.1.0-150300.23.5 * open-vm-tools-sdmp-debuginfo-12.1.0-150300.23.5 * open-vm-tools-debugsource-12.1.0-150300.23.5 * libvmtools-devel-12.1.0-150300.23.5 * open-vm-tools-desktop-12.1.0-150300.23.5 * libvmtools0-12.1.0-150300.23.5 * open-vm-tools-12.1.0-150300.23.5 * SUSE Linux Enterprise Real Time 15 SP3 (x86_64) * open-vm-tools-debuginfo-12.1.0-150300.23.5 * open-vm-tools-desktop-debuginfo-12.1.0-150300.23.5 * open-vm-tools-sdmp-12.1.0-150300.23.5 * libvmtools0-debuginfo-12.1.0-150300.23.5 * open-vm-tools-sdmp-debuginfo-12.1.0-150300.23.5 * open-vm-tools-debugsource-12.1.0-150300.23.5 * libvmtools-devel-12.1.0-150300.23.5 * open-vm-tools-desktop-12.1.0-150300.23.5 * libvmtools0-12.1.0-150300.23.5 * open-vm-tools-12.1.0-150300.23.5 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (x86_64) * open-vm-tools-debuginfo-12.1.0-150300.23.5 * open-vm-tools-desktop-debuginfo-12.1.0-150300.23.5 * open-vm-tools-salt-minion-12.1.0-150300.23.5 * open-vm-tools-sdmp-12.1.0-150300.23.5 * libvmtools0-debuginfo-12.1.0-150300.23.5 * open-vm-tools-sdmp-debuginfo-12.1.0-150300.23.5 * open-vm-tools-debugsource-12.1.0-150300.23.5 * libvmtools-devel-12.1.0-150300.23.5 * open-vm-tools-desktop-12.1.0-150300.23.5 * libvmtools0-12.1.0-150300.23.5 * open-vm-tools-12.1.0-150300.23.5 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (x86_64) * open-vm-tools-debuginfo-12.1.0-150300.23.5 * open-vm-tools-desktop-debuginfo-12.1.0-150300.23.5 * open-vm-tools-sdmp-12.1.0-150300.23.5 * libvmtools0-debuginfo-12.1.0-150300.23.5 * open-vm-tools-sdmp-debuginfo-12.1.0-150300.23.5 * open-vm-tools-debugsource-12.1.0-150300.23.5 * libvmtools-devel-12.1.0-150300.23.5 * open-vm-tools-desktop-12.1.0-150300.23.5 * libvmtools0-12.1.0-150300.23.5 * open-vm-tools-12.1.0-150300.23.5 * SUSE Manager Proxy 4.2 (x86_64) * open-vm-tools-debuginfo-12.1.0-150300.23.5 * open-vm-tools-sdmp-12.1.0-150300.23.5 * libvmtools0-debuginfo-12.1.0-150300.23.5 * open-vm-tools-sdmp-debuginfo-12.1.0-150300.23.5 * open-vm-tools-debugsource-12.1.0-150300.23.5 * libvmtools-devel-12.1.0-150300.23.5 * libvmtools0-12.1.0-150300.23.5 * open-vm-tools-12.1.0-150300.23.5 * SUSE Manager Retail Branch Server 4.2 (x86_64) * open-vm-tools-debuginfo-12.1.0-150300.23.5 * open-vm-tools-sdmp-12.1.0-150300.23.5 * libvmtools0-debuginfo-12.1.0-150300.23.5 * open-vm-tools-sdmp-debuginfo-12.1.0-150300.23.5 * open-vm-tools-debugsource-12.1.0-150300.23.5 * libvmtools-devel-12.1.0-150300.23.5 * libvmtools0-12.1.0-150300.23.5 * open-vm-tools-12.1.0-150300.23.5 * SUSE Manager Server 4.2 (x86_64) * open-vm-tools-debuginfo-12.1.0-150300.23.5 * open-vm-tools-sdmp-12.1.0-150300.23.5 * libvmtools0-debuginfo-12.1.0-150300.23.5 * open-vm-tools-sdmp-debuginfo-12.1.0-150300.23.5 * open-vm-tools-debugsource-12.1.0-150300.23.5 * libvmtools-devel-12.1.0-150300.23.5 * libvmtools0-12.1.0-150300.23.5 * open-vm-tools-12.1.0-150300.23.5 * SUSE Enterprise Storage 7.1 (x86_64) * open-vm-tools-debuginfo-12.1.0-150300.23.5 * open-vm-tools-desktop-debuginfo-12.1.0-150300.23.5 * open-vm-tools-salt-minion-12.1.0-150300.23.5 * open-vm-tools-sdmp-12.1.0-150300.23.5 * libvmtools0-debuginfo-12.1.0-150300.23.5 * open-vm-tools-sdmp-debuginfo-12.1.0-150300.23.5 * open-vm-tools-debugsource-12.1.0-150300.23.5 * libvmtools-devel-12.1.0-150300.23.5 * open-vm-tools-desktop-12.1.0-150300.23.5 * libvmtools0-12.1.0-150300.23.5 * open-vm-tools-12.1.0-150300.23.5 * SUSE Linux Enterprise Micro 5.1 (x86_64) * open-vm-tools-debuginfo-12.1.0-150300.23.5 * libvmtools0-debuginfo-12.1.0-150300.23.5 * open-vm-tools-debugsource-12.1.0-150300.23.5 * libvmtools0-12.1.0-150300.23.5 * open-vm-tools-12.1.0-150300.23.5 * SUSE Linux Enterprise Micro 5.2 (x86_64) * open-vm-tools-debuginfo-12.1.0-150300.23.5 * libvmtools0-debuginfo-12.1.0-150300.23.5 * open-vm-tools-debugsource-12.1.0-150300.23.5 * libvmtools0-12.1.0-150300.23.5 * open-vm-tools-12.1.0-150300.23.5 * SUSE Linux Enterprise Micro for Rancher 5.2 (x86_64) * open-vm-tools-debuginfo-12.1.0-150300.23.5 * libvmtools0-debuginfo-12.1.0-150300.23.5 * open-vm-tools-debugsource-12.1.0-150300.23.5 * libvmtools0-12.1.0-150300.23.5 * open-vm-tools-12.1.0-150300.23.5 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1208880 * https://jira.suse.com/browse/MSC-590 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Apr 11 12:30:10 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 11 Apr 2023 12:30:10 -0000 Subject: SUSE-SU-2023:1812-1: important: Security update for podman Message-ID: <168121621015.2326.16573276137541687603@smelt2.suse.de> # Security update for podman Announcement ID: SUSE-SU-2023:1812-1 Rating: important References: * #1197093 * #1208364 * #1208510 * #1209495 Cross-References: * CVE-2023-0778 CVSS scores: * CVE-2023-0778 ( SUSE ): 6.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N * CVE-2023-0778 ( NVD ): 6.8 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N Affected Products: * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 An update that solves one vulnerability and has three fixes can now be installed. ## Description: This update for podman fixes the following issues: Update to version 4.4.4: * libpod: always use direct mapping * macos pkginstaller: do not fail when podman-mac-helper fails * podman-mac-helper: install: do not error if already installed * podman.spec: Bump required version for libcontainers-common (bsc#1209495) Update to version 4.4.3: * compat: /auth: parse server address correctly * vendor github.com/containers/common at v0.51.1 * pkginstaller: bump Qemu to version 7.2.0 * podman machine: Adjust Chrony makestep config * [v4.4] fix --health-on-failure=restart in transient unit * podman logs passthrough driver support --cgroups=split * journald logs: simplify entry parsing * podman logs: read journald with passthrough * journald: remove initializeJournal() * netavark: only use aardvark ip as nameserver * compat API: network create return 409 for duplicate * fix "podman logs --since --follow" flake * system service --log-level=trace: support hijack * podman-mac-helper: exit 1 on error * bump golang.org/x/net to v0.8.0 * Fix package restore * Quadlet - use the default runtime Update podman to version 4.4.2: * kube play: only enforce passthrough in Quadlet * Emergency fix for man pages: check for broken includes * quadlet system tests: add useful defaults, logging * volume,container: chroot to source before exporting content * install sigproxy before start/attach * Update to c/image 5.24.1 * events + container inspect test: RHEL fixes * Add `crun` requirement for quadlet * Set PREFIX at build stage (bsc#1208510) * CVE-2023-0778: fixed symlink exchange attack in podman export volume (bsc#1208364) Update to version 4.4.1: * kube play: do not teardown unconditionally on error * Resolve symlink path for qemu directory if possible * events: document journald identifiers * Quadlet: exit 0 when there are no files to process * Cleanup podman-systemd.unit file * Install podman-systemd.unit man page, make quadlet discoverable * Add missing return after errors * oci: bind mount /sys with --userns=(auto|pod:) * docs: specify order preference for FROM * Cirrus: Fix & remove GraphQL API tests * test: adapt test to work on cgroupv1 * make hack/markdown-preprocess parallel-safe * Fix default handling of pids-limit * system tests: fix volume exec/noexec test Update to version 4.4.0: * Do not mount /dev/tty into rootless containers * Fixes port collision issue on use of --publish-all * Fix usage of absolute windows paths with --image-path * fix #17244: use /etc/timezone where `timedatectl` is missing on Linux * podman-events: document verbose create events * Making gvproxy.exe optional for building Windows installer * Add gvproxy to Windows packages * Match VT device paths to be blocked from mounting exactly * Clean up more language for inclusiveness * Set runAsNonRoot=true in gen kube * quadlet: Add device support for .volume files * fix: running check error when podman is default in wsl * fix: don't output "ago" when container is currently up and running * journald: podman logs only show logs for current user * journald: podman events only show events for current user * Add (podman {image,manifest} push --sign-by-sigstore=param-file.yaml) * DB: make loading container states optional * ps: do not sync container * Allow --device-cgroup-rule to be passed in by docker API * Cirrus: Update operating branch * fix APIv2 python attach test flake * ps: query health check in batch mode * make example volume import, not import volume * Correct output when inspecting containers created with --ipc * Vendor containers/(storage, image, common, buildah) * Get correct username in pod when using --userns=keep-id * ps: get network data in batch mode * build(deps): bump github.com/onsi/gomega from 1.25.0 to 1.26.0 * add hack/perf for comparing two container engines * systems: retrofit dns options test to honor other search domains * ps: do not create copy of container config * libpod: set search domain independently of nameservers * libpod,netavark: correctly populate /etc/resolv.conf with custom dns server * podman: relay custom DNS servers to network stack * (fix) mount_program is in storage.options.overlay * Change example target to default in doc * network create: do not allow `default` as name * kube-play: add support for HostPID in podSpec * build(deps): bump github.com/docker/docker * Let's see if #14653 is fixed or not * Add support for podman build --group-add * vendor in latests containers/(storage, common, build, image) * unskip network update test * do not install swagger by default * pasta: skip "Local forwarder, IPv4" test * add testbindings Makefile target * update CI images to include pasta * [CI:DOCS] Add CNI deprecation notices to documentation * Cirrus: preserve podman-server logs * waitPidStop: reduce sleep time to 10ms * StopContainer: return if cleanup process changed state * StopSignal: add a comment * StopContainer: small refactor * waitPidStop: simplify code * e2e tests: reenable long-skipped build test * Add openssh-clients to podmanimage * Reworks Windows smoke test to tunnel through interactive session. * fix bud-multiple-platform-with-base-as-default-arg flake * Remove ReservedAnnotations from kube generate specification * e2e: update test/README.md * e2e: use isRootless() instead of rootless.IsRootless() * Cleanup documentation on --userns=auto * Vendor in latest c/common * sig-proxy system test: bump timeout * build(deps): bump github.com/containernetworking/plugins * rootless: rename auth-scripts to preexec-hooks * Docs: version-check updates * commit: use libimage code to parse changes * [CI:DOCS] Remove experimental mac tutorial * man: Document the interaction between --systemd and --privileged * Make rootless privileged containers share the same tty devices as rootfull ones * container kill: handle stopped/exited container * Vendor in latest containers/(image,ocicrypt) * add a comment to container removal * Vendor in latest containers/storage * Cirrus: Run machine tests on PR merge * fix flake in kube system test * kube play: complete container spec * E2E Tests: Use inspect instead of actual data to avoid UDP flake * Use containers/storage/pkg/regexp in place of regexp * Vendor in latest containers/storage * Cirrus: Support using updated/latest NV/AV in PRs * Limit replica count to 1 when deploying from kubernetes YAML * Set StoppedByUser earlier in the process of stopping * podman-play system test: refactor * network: add support for podman network update and --network-dns-server * service container: less verbose error logs * Quadlet Kube - add support for PublishPort key * e2e: fix systemd_activate_test * Compile regex on demand not in init * [docker compat] Don't overwrite the NetworkMode if containers.conf overrides netns. * E2E Test: Play Kube set deadline to connection to avoid hangs * Only prevent VTs to be mounted inside privileged systemd containers * e2e: fix play_kube_test * Updated error message for supported VolumeSource types * Introduce pkg retry logic in win installer task * logformatter: include base SHA, with history link * Network tests: ping redhat.com, not podman.io * cobra: move engine shutdown to Execute * Updated options for QEMU on Windows hosts * Update Mac installer to use gvproxy v0.5.0 * podman: podman rm -f doesn't leave processes * oci: check for valid PID before kill(pid, 0) * linux: add /sys/fs/cgroup if /sys is a bind mount * Quadlet: Add support for ConfigMap key in Kube section * remove service container _after_ pods * Kube Play - allow setting and overriding published host ports * oci: terminate all container processes on cleanup * Update win-sshproxy to 0.5.0 gvisor tag * Vendor in latest containers/common * Fix a potential defer logic error around locking * logformatter: nicer formatting for bats failures * logformatter: refactor verbose line-print * e2e tests: stop using UBI images * k8s-file: podman logs --until --follow exit after time * journald: podman logs --until --follow exit after time * journald: seek to time when --since is used * podman logs: journald fix --since and --follow * Preprocess files in UTF-8 mode * Vendor in latest containers/(common, image, storage) * Switch to C based msi hooks for win installer * hack/bats: improve usage message * hack/bats: add --remote option * hack/bats: fix root/rootless logic * Describe copy volume options * Support sig-proxy for podman-remote attach and start * libpod: fix race condition rm'ing stopping containers * e2e: fix run_volume_test * Add support for Windows ARM64 * Add shared --compress to man pages * Add container error message to ContainerState * Man page checker: require canonical name in SEE ALSO * system df: improve json output code * kube play: fix the error logic with --quiet * System tests: quadlet network test * Fix: List container with volume filter * adding -dryrun flag * Quadlet Container: Add support for EnvironmentFile and EnvironmentHost * Kube Play: use passthrough as the default log-driver if service-container is set * System tests: add missing cleanup * System tests: fix unquoted question marks * Build and use a newer systemd image * Quadlet Network - Fix the name of the required network service * System Test Quadlet - Volume dependency test did not test the dependency * fix `podman system connection - tcp` flake * vendor: bump c/storage to a747b27 * Fix instructions about setting storage driver on command-line * Test README - point users to hack/bats * System test: quadlet kube basic test * Fixed `podman update --pids-limit` * podman-remote,bindings: trim context path correctly when its emptydir * Quadlet Doc: Add section for .kube files * e2e: fix containers_conf_test * Allow '/' to prefix container names to match Docker * Remove references to qcow2 * Fix typos in man page regarding transient storage mode. * make: Use PYTHON var for .install.pre-commit * Add containers.conf read-only flag support * Explain that relabeling/chowning of volumes can take along time * events: support "die" filter * infra/abi: refactor ContainerRm * When in transient store mode, use rundir for bundlepath * quadlet: Support Type=oneshot container files * hacks/bats: keep QUADLET env var in test env * New system tests for conflicting options * Vendor in latest containers/(buildah, image, common) * Output Size and Reclaimable in human form for json output * podman service: close duplicated /dev/null fd * ginkgo tests: apply ginkgolinter fixes * Add support for hostPath and configMap subpath usage * export: use io.Writer instead of file * rootless: always create userns with euid != 0 * rootless: inhibit copy mapping for euid != 0 * pkg/domain/infra/abi: introduce `type containerWrapper` * vendor: bump to buildah ca578b290144 and use new cache API * quadlet: Handle booleans that have defaults better * quadlet: Rename parser.LookupBoolean to LookupBooleanWithDefault * Add podman-clean-transient.service service * Stop recording annotations set to false * Unify --noheading and -n to be consistent on all commands * pkg/domain/infra/abi: add `getContainers` * Update vendor of containters/(common, image) * specfile: Drop user-add depedency from quadlet subpackage. * quadlet: Default BINDIR to /usr/bin if tag not specified * Quadlet: add network support * Add comment for jsonMarshal command * Always allow pushing from containers-storage * libpod: move NetNS into state db instead of extra bucket * Add initial system tests for quadlets * quadlet: Add --user option * libpod: remove CNI word were no longer applicable * libpod: fix header length in http attach with logs * podman-kube@ template: use `podman kube` * build(deps): bump github.com/docker/docker * wait: add --ignore option * qudlet: Respect $PODMAN env var for podman binary * e2e: Add assert-key-is-regex check to quadlet e2e testsuite * e2e: Add some assert to quadlet test to make sure testcases are sane * remove unmapped ports from inspect port bindings * update podman-network-create for clarity * Vendor in latest containers/common with default capabilities * pkg/rootless: Change error text ... * rootless: add cli validator * rootless: define LIBEXECPODMAN * doc: fix documentation for idmapped mounts * bump golangci-lint to v1.50.1 * build(deps): bump github.com/onsi/gomega from 1.24.1 to 1.24.2 * [CI:DOCS] podman-mount: s/umount/unmount/ * create/pull --help: list pull policies * Network Create: Add --ignore flag to support idempotent script * Make qemu security model none * libpod: use OCI idmappings for mounts * stop reporting errors removing containers that don't exist * test: added test from wait endpoint with to long label * quadlet: Default VolatileTmp to off * build(deps): bump github.com/ulikunitz/xz from 0.5.10 to 0.5.11 * docs/options/ipc: fix list syntax * Docs: Add dedicated DOWNLOAD doc w/ links to bins * Make a consistently-named windows installer * checkpoint restore: fix --ignore-static-ip/mac * add support for subpath in play kube for named volumes * build(deps): bump golang.org/x/net from 0.2.0 to 0.4.0 * golangci-lint: remove three deprecated linters * parse-localbenchmarks: separate standard deviation * build(deps): bump golang.org/x/term from 0.2.0 to 0.3.0 * podman play kube support container startup probe * Add podman buildx version support * Cirrus: Collect benchmarks on machine instances * Cirrus: Remove escape codes from log files * [CI:DOCS] Clarify secret target behavior * Fix typo on network docs * podman-remote build add --volume support * remote: allow --http-proxy for remote clients * Cleanup kube play workloads if error happens * health check: ignore dependencies of transient systemd units/timers * fix: event read from syslog * Fixes secret (un)marshaling for kube play. * Remove 'you' from man pages * build(deps): bump golang.org/x/tools from 0.3.0 to 0.4.0 in /test/tools * [CI:DOCS] test/README.md: run tests with podman-remote * e2e: keeps the http_proxy value * Makefile: Add podman-mac-helper to darwin client zip * test/e2e: enable "podman run with ipam none driver" for nv * [skip-ci] GHA/Cirrus-cron: Fix execution order * kube sdnotify: run proxies for the lifespan of the service * Update containers common package * podman manpage: Use man-page links instead of file names * e2e: fix e2e tests in proxy environment * Fix test * disable healthchecks automatically on non systemd systems * Quadlet Kube: Add support for userns flag * [CI:DOCS] Add warning about --opts,o with mount's -o * Add podman system prune --external * Add some tests for transient store * runtime: In transient_store mode, move bolt_state.db to rundir * runtime: Handle the transient store options * libpod: Move the creation of TmpDir to an earlier time * network create: support "-o parent=XXX" for ipvlan * compat API: allow MacAddress on container config * Quadlet Kube: Add support for relative path for YAML file * notify k8s system test: move sending message into exec * runtime: do not chown idmapped volumes * quadlet: Drop ExecStartPre=rm %t/%N.cid * Quadlet Kube: Set SyslogIdentifier if was not set * Add a FreeBSD cross build to the cirrus alt build task * Add completion for --init-ctr * Fix handling of readonly containers when defined in kube.yaml * Build cross-compilation fixes * libpod: Track healthcheck API changes in healthcheck_unsupported.go * quadlet: Use same default capability set as podman run * quadlet: Drop --pull=never * quadlet: Change default of ReadOnly to no * quadlet: Change RunInit default to no * quadlet: Change NoNewPrivileges default to false * test: podman run with checkpoint image * Enable 'podman run' for checkpoint images * test: Add tests for checkpoint images * CI setup: simplify environment passthrough code * Init containers should not be restarted * Update c/storage after https://github.com/containers/storage/pull/1436 * Set the latest release explicitly * add friendly comment * fix an overriding logic and load config problem * Update the issue templates * Update vendor of containers/(image, buildah) * [CI:DOCS] Skip windows-smoke when not useful * [CI:DOCS] Remove broken gate-container docs * OWNERS: add Jason T. Greene * hack/podmansnoop: print arguments * Improve atomicity of VM state persistence on Windows * [CI:BUILD] copr: enable podman-restart.service on rpm installation * macos: pkg: Use -arm64 suffix instead of -aarch64 * linux: Add -linux suffix to podman-remote-static binaries * linux: Build amd64 and arm64 podman-remote-static binaries * container create: add inspect data to event * Allow manual override of install location * Run codespell on code * Add missing parameters for checkpoint/restore endpoint * Add support for startup healthchecks * Add information on metrics to the `network create` docs * Introduce podman machine os commands * Document that ignoreRootFS depends on export/import * Document ignoreVolumes in checkpoint/restore endpoint * Remove leaveRunning from swagger restore endpoint * libpod: Add checks to avoid nil pointer dereference if network setup fails * Address golangci-lint issues * Documenting Hyper-V QEMU acceleration settings * Kube Play: fix the handling of the optional field of SecretVolumeSource * Update Vendor of containers/(common, image, buildah) * Fix swapped NetInput/-Output stats * libpod: Use O_CLOEXEC for descriptors returned by (*Container).openDirectory * chore: Fix MD for Troubleshooting Guide link in GitHub Issue Template * test/tools: rebuild when files are changed * ginkgo tests: apply ginkgolinter fixes * ginkgo: restructure install work flow * Fix manpage emphasis * specgen: support CDI devices from containers.conf * vendor: update containers/common * pkg/trust: Take the default policy path from c/common/pkg/config * Add validate-in-container target * Adding encryption decryption feature * container restart: clean up healthcheck state * Add support for podman-remote manifest annotate * Quadlet: Add support for .kube files * Update vendor of containers/(buildah, common, storage, image) * specgen: honor user namespace value * [CI:DOCS] Migrate OSX Cross to M1 * quadlet: Rework uid/gid remapping * GHA: Fix cirrus re-run workflow for other repos. * ssh system test: skip until it becomes a test * shell completion: fix hard coded network drivers * libpod: Report network setup errors properly on FreeBSD * E2E Tests: change the registry for the search test to avoid authentication * pkginstaller: install podman-mac-helper by default * Fix language. Mostly spelling a -> an * podman machine: Propagate SSL_CERT_FILE and SSL_CERT_DIR to systemd environment. * [CI:DOCS] Fix spelling and typos * Modify man page of "\--pids-limit" option to correct a default value. * Update docs/source/markdown/podman-remote.1.md * Update pkg/bindings/connection.go * Add more documentation on UID/GID Mappings with --userns=keep-id * support podman-remote to connect tcpURL with proxy * Removing the RawInput from the API output * fix port issues for CONTAINER_HOST * CI: Package versions: run in the 'main' step * build(deps): bump github.com/rootless-containers/rootlesskit * pkg/domain: Make checkExecPreserveFDs platform-specific * e2e tests: fix restart race * Fix podman --noout to suppress all output * remove pod if creation has failed * pkg/rootless: Implement rootless.IsFdInherited on FreeBSD * Fix more podman-logs flakes * healthcheck system tests: try to fix flake * libpod: treat ESRCH from /proc/PID/cgroup as ENOENT * GHA: Configure workflows for reuse * compat,build: handle docker's preconfigured cacheTo,cacheFrom * docs: deprecate pasta network name * utils: Enable cgroup utils for FreeBSD * pkg/specgen: Disable kube play tests on FreeBSD * libpod/lock: Fix build and tests for SHM locks on FreeBSD * podman cp: fix copying with "." suffix * pkginstaller: bump Qemu to version 7.1.0 * specgen,wasm: switch to crun-wasm wherever applicable * vendor: bump c/common to v0.50.2-0.20221111184705-791b83e1cdf1 * libpod: Make unit test for statToPercent Linux only * Update vendor of containers/storage * fix connection usage with containers.conf * Add --quiet and --no-info flags to podman machine start * Add hidden podman manifest inspect -v option * Add podman volume create -d short option for driver * Vendor in latest containers/(common,image,storage) * Add podman system events alias to podman events * Fix search_test to return correct version of alpine * GHA: Fix undefined secret env. var. * GHA: Fix make_email-body script reference * Add release keys to README * GHA: Fix typo setting output parameter * GHA: Fix typo. * New tool, docs/version-check * Formalize our compare-against-docker mechanism * Add restart-sec for container service files * test/tools: bump module to go 1.17 * contrib/cirrus/check_go_changes.sh: ignore test/tools/vendor * build(deps): bump golang.org/x/tools from 0.1.12 to 0.2.0 in /test/tools * libpod: Add FreeBSD support in packageVersion * Allow podman manigest push --purge|-p as alias for --rm * [CI:DOCS] Add performance tutorial * [CI:DOCS] Fix build targets in build_osx.md. * fix --format {{json .}} output to match docker * remote: fix manifest add --annotation * Skip test if `--events-backend` is necessary with podman-remote * kube play: update the handling of PersistentVolumeClaim * system tests: fix a system test in proxy environment * Use single unqualified search registry on Windows * test/system: Add, use tcp_port_probe() to check for listeners rather than binds * test/system: Add tests for pasta(1) connectivity * test/system: Move network-related helpers to helpers.network.bash * test/system: Use procfs to find bound ports, with optional address and protocol * test/system: Use port_is_free() from wait_for_port() * libpod: Add pasta networking mode * More log-flake work * Fix test flakes caused by improper podman-logs * fix incorrect systemd booted check * Cirrus: Add tests for GHA scripts * GHA: Update scripts to pass shellcheck * Cirrus: Shellcheck github-action scripts * Cirrus: shellcheck support for github-action scripts * GHA: Fix cirrus-cron scripts * Makefile: don't install to tmpfiles.d on FreeBSD * Make sure we can build and read each line of docker py's api client * Docker compat build api - make sure only one line appears per flush * Run codespell on code * Update vendor of containers/(image, storage, common) * Allow namespace path network option for pods. * Cirrus: Never skip running Windows Cross task * GHA: Auto. re-run failed cirrus-cron builds once * GHA: Migrate inline script to file * GHA: Simplify script reference * test/e2e: do not use apk in builds * remove container/pod id file along with container/pod * Cirrus: Synchronize windows image * Add --insecure,--tls-verify,--verbose flags to podman manifest inspect * runtime: add check for valid pod systemd cgroup * CI: set and verify DESIRED_NETWORK (netavark, cni) * [CI:DOCS] troubleshooting: document keep-id options * Man pages: refactor common options: --security-opt * Cirrus: Guarantee CNI testing w/o nv/av present * Cirrus: temp. disable all Ubuntu testing * Cirrus: Update to F37beta * buildah bud tests: better handling of remote * quadlet: Warn in generator if using short names * Add Windows Smoke Testing * Add podman kube apply command * docs: offer advice on installing test dependencies * Fix documentation on read-only-tmpfs * version bump to 4.4.0-dev * deps: bump go-criu to v6 * Makefile: Add cross build targets for freebsd * pkg/machine: Make this build on FreeBSD/arm64 * pkg/rctl: Remove unused cgo dependency * man pages: assorted underscore fixes * Upgrade GitHub actions packages from v2 to v3 * vendor github.com/godbus/dbus/v5 at 4b691ce * [CI:DOCS] fix --tmpdir typos * Do not report that /usr/share/containers/storage.conf has been edited. * Eval symlinks on XDG_RUNTIME_DIR * hack/podmansnoop * rootless: support keep-id with one mapping * rootless: add argument to GetConfiguredMappings * Update vendor containers/(common,storage,buildah,image) * Fix deadlock between 'podman ps' and 'container inspect' commands * Add information about where the libpod/boltdb database lives * Consolidate the dependencies for the IsTerminal() API * Ensure that StartAndAttach locks while sending signals * ginkgo testing: fix podman usernamespace join * Test runners: nuke podman from $PATH before tests * volumes: Fix idmap not working for volumes * FIXME: Temporary workaround for ubi8 CI breakage * System tests: teardown: clean up volumes * update api versions on docs.podman.io * system tests: runlabel: use podman-under-test * system tests: podman network create: use random port * sig-proxy test: bump timeout * play kube: Allow the user to import the contents of a tar file into a volume * Clarify the docs on DropCapability * quadlet tests: Disable kmsg logging while testing * quadlet: Support multiple Network= * quadlet: Add support for Network=... * Fix manpage for podman run --network option * quadlet: Add support for AddDevice= * quadlet: Add support for setting seccomp profile * quadlet: Allow multiple elements on each Add/DropCaps line * quadlet: Embed the correct binary name in the generated comment * quadlet: Drop the SocketActivated key * quadlet: Switch log-driver to passthrough * quadlet: Change ReadOnly to default to enabled * quadlet tests: Run the tests even for (exected) failed tests * quadlet tests: Fix handling of stderr checks * Remove unused script file * notifyproxy: fix container watcher * container/pod id file: truncate instead of throwing an error * quadlet: Use the new podman create volume --ignore * Add podman volume create --ignore * logcollector: include aardvark-dns * build(deps): bump github.com/stretchr/testify from 1.8.0 to 1.8.1 * build(deps): bump github.com/BurntSushi/toml from 1.2.0 to 1.2.1 * docs: generate systemd: point to kube template * docs: kube play: mention restart policy * Fixes: 15858 (podman system reset --force destroy machine) * fix search flake * use cached containers.conf * adding regex support to the ancestor ps filter function * Fix `system df` issues with `-f` and `-v` * markdown-preprocess: cross-reference where opts are used * Default qemu flags for Windows amd64 * build(deps): bump golang.org/x/text from 0.3.8 to 0.4.0 * Update main to reflect v4.3.0 release * build(deps): bump github.com/docker/docker * move quadlet packages into pkg/systemd * system df: fix image-size calculations * Add man page for quadlet * testimage: add iproute2 & socat, for pasta networking * Set up minikube for k8s testing * [CI:BUILD] copr: podman rpm should depend on containers-common-extra * Podman image: Set default_sysctls to empty for rootless containers * libpod: Add support for 'podman top' on FreeBSD * libpod: Factor out jail name construction from stats_freebsd.go * pkg/util: Add pid information descriptors for FreeBSD * Initial quadlet version integrated in golang * bump golangci-lint to v1.49.0 * Update vendor containers/(common,image,storage) * Allow volume mount dups, iff source and dest dirs * rootless: fix return value handling * Change to correct break statements * vendor containers/psgo at v1.8.0 * Clarify that MacOSX docs are client specific * libpod: Factor out the call to PidFdOpen from (*Container).WaitForExit * Add swagger install + allow version updates in CI * Cirrus: Fix windows clone race * kill: wait for the container * generate systemd: set --stop-timeout for stopping containers * hack/tree_status.sh: print diff at the end * Fix markdown header typo * markdown-preprocess: add generic include mechanism * markdown-preprocess: almost complete OO rewrite * Update tests for changed error messages * Update c/image after https://github.com/containers/image/pull/1299 * Man pages: refactor common options (misc) * Man pages: Refactor common options: --detach-keys * vendor containers/storage at main * Man pages: refactor common options: --attach * build(deps): bump github.com/fsnotify/fsnotify from 1.5.4 to 1.6.0 * KillContainer: improve error message * docs: add missing options * Man pages: refactor common options: --annotation (manifest) * build(deps): bump github.com/spf13/cobra from 1.5.0 to 1.6.0 * system tests: health-on-failure: fix broken logic * build(deps): bump golang.org/x/text from 0.3.7 to 0.3.8 * build(deps): bump github.com/onsi/gomega from 1.20.2 to 1.22.1 * ContainerEngine.SetupRootless(): Avoid calling container.Config() * Container filters: Avoid use of ctr.Config() * Avoid unnecessary calls to Container.Spec() * Add and use Container.LinuxResource() helper * play kube: notifyproxy: listen before starting the pod * play kube: add support for configmap binaryData * Add and use libpod/Container.Terminal() helper * Revert "Add checkpoint image tests" * Revert "cmd/podman: add support for checkpoint images" * healthcheck: fix --on-failure=stop * Man pages: Add mention of behavior due to XDG_CONFIG_HOME * build(deps): bump github.com/containers/ocicrypt from 1.1.5 to 1.1.6 * Avoid unnecessary timeout of 250msec when waiting on container shutdown * health checks: make on-failure action retry aware * libpod: Remove 100msec delay during shutdown * libpod: Add support for 'podman pod' on FreeBSD * libpod: Factor out cgroup validation from (*Runtime).NewPod * libpod: Move runtime_pod_linux.go to runtime_pod_common.go * specgen/generate: Avoid a nil dereference in MakePod * libpod: Factor out cgroups handling from (*Pod).refresh * Adds a link to OSX docs in CONTRIBUTING.md * Man pages: refactor common options: --os-version * Create full path to a directory when DirectoryOrCreate is used with play kube * Return error in podman system service if URI scheme is not unix/tcp * Man pages: refactor common options: --time * man pages: document some --format options: images * Clean up when stopping pods ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-1812=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-1812=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-1812=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-1812=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-1812=1 * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-1812=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-1812=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-1812=1 ## Package List: * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * podman-4.4.4-150300.9.20.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * podman-cni-config-4.4.4-150300.9.20.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * podman-4.4.4-150300.9.20.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * podman-cni-config-4.4.4-150300.9.20.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * podman-4.4.4-150300.9.20.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * podman-cni-config-4.4.4-150300.9.20.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * podman-4.4.4-150300.9.20.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * podman-cni-config-4.4.4-150300.9.20.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * podman-debuginfo-4.4.4-150300.9.20.1 * podman-4.4.4-150300.9.20.1 * SUSE Enterprise Storage 7.1 (noarch) * podman-cni-config-4.4.4-150300.9.20.1 * SUSE Linux Enterprise Micro 5.1 (noarch) * podman-cni-config-4.4.4-150300.9.20.1 * SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64) * podman-4.4.4-150300.9.20.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * podman-debuginfo-4.4.4-150300.9.20.1 * podman-4.4.4-150300.9.20.1 * SUSE Linux Enterprise Micro 5.2 (noarch) * podman-cni-config-4.4.4-150300.9.20.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * podman-debuginfo-4.4.4-150300.9.20.1 * podman-4.4.4-150300.9.20.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (noarch) * podman-cni-config-4.4.4-150300.9.20.1 ## References: * https://www.suse.com/security/cve/CVE-2023-0778.html * https://bugzilla.suse.com/show_bug.cgi?id=1197093 * https://bugzilla.suse.com/show_bug.cgi?id=1208364 * https://bugzilla.suse.com/show_bug.cgi?id=1208510 * https://bugzilla.suse.com/show_bug.cgi?id=1209495 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Apr 11 12:30:38 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 11 Apr 2023 12:30:38 -0000 Subject: SUSE-SU-2023:1811-1: important: Security update for the Linux Kernel Message-ID: <168121623827.2326.2337739573694633892@smelt2.suse.de> # Security update for the Linux Kernel Announcement ID: SUSE-SU-2023:1811-1 Rating: important References: * #1207168 * #1207560 * #1208137 * #1208179 * #1208598 * #1208599 * #1208601 * #1208777 * #1208787 * #1208843 * #1209008 * #1209052 * #1209256 * #1209288 * #1209289 * #1209290 * #1209291 * #1209366 * #1209532 * #1209547 * #1209549 * #1209634 * #1209635 * #1209636 * #1209672 * #1209683 * #1209778 * #1209785 Cross-References: * CVE-2017-5753 * CVE-2021-3923 * CVE-2022-4744 * CVE-2023-0461 * CVE-2023-1075 * CVE-2023-1076 * CVE-2023-1078 * CVE-2023-1095 * CVE-2023-1281 * CVE-2023-1382 * CVE-2023-1390 * CVE-2023-1513 * CVE-2023-1582 * CVE-2023-23004 * CVE-2023-25012 * CVE-2023-28327 * CVE-2023-28328 * CVE-2023-28464 * CVE-2023-28466 * CVE-2023-28772 CVSS scores: * CVE-2017-5753 ( SUSE ): 7.1 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N * CVE-2017-5753 ( NVD ): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N * CVE-2017-5753 ( NVD ): 5.6 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N * CVE-2021-3923 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2021-3923 ( NVD ): 2.3 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N * CVE-2022-4744 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-4744 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-0461 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-0461 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1075 ( SUSE ): 2.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2023-1075 ( NVD ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2023-1076 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2023-1076 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N * CVE-2023-1078 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1078 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1095 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-1095 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-1281 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1281 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1382 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-1390 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-1390 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-1513 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2023-1513 ( NVD ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2023-23004 ( SUSE ): 4.0 CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H * CVE-2023-23004 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-25012 ( SUSE ): 6.8 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-25012 ( NVD ): 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-28327 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-28464 ( SUSE ): 4.8 CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-28464 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-28466 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-28466 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-28772 ( SUSE ): 3.0 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:L * CVE-2023-28772 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.4 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Availability Extension 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Live Patching 15-SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 Business Critical Linux 15-SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Manager Proxy 4.2 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Server 4.2 An update that solves 20 vulnerabilities and has eight fixes can now be installed. ## Description: The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: * CVE-2017-5753: Fixed spectre V1 vulnerability on netlink (bsc#1209547). * CVE-2017-5753: Fixed spectre vulnerability in prlimit (bsc#1209256). * CVE-2021-3923: Fixed stack information leak vulnerability that could lead to kernel protection bypass in infiniband RDMA (bsc#1209778). * CVE-2022-4744: Fixed double-free that could lead to DoS or privilege escalation in TUN/TAP device driver functionality (bsc#1209635). * CVE-2023-0461: Fixed use-after-free in icsk_ulp_data (bsc#1208787). * CVE-2023-1075: Fixed a type confusion in tls_is_tx_ready (bsc#1208598). * CVE-2023-1076: Fixed incorrect UID assigned to tun/tap sockets (bsc#1208599). * CVE-2023-1078: Fixed a heap out-of-bounds write in rds_rm_zerocopy_callback (bsc#1208601). * CVE-2023-1095: Fixed a NULL pointer dereference in nf_tables due to zeroed list head (bsc#1208777). * CVE-2023-1281: Fixed use after free that could lead to privilege escalation in tcindex (bsc#1209634). * CVE-2023-1382: Fixed denial of service in tipc_conn_close (bsc#1209288). * CVE-2023-1390: Fixed remote DoS vulnerability in tipc_link_xmit() (bsc#1209289). * CVE-2023-1513: Fixed an uninitialized portions of the kvm_debugregs structure that could be copied to userspace, causing an information leak (bsc#1209532). * CVE-2023-1582: Fixed soft lockup in __page_mapcount (bsc#1209636). * CVE-2023-23004: Fixed misinterpretation of get_sg_table return value (bsc#1208843). * CVE-2023-25012: Fixed a use-after-free in bigben_set_led() (bsc#1207560). * CVE-2023-28327: Fixed DoS in in_skb in unix_diag_get_exact() (bsc#1209290). * CVE-2023-28328: Fixed a denial of service issue in az6027 driver in drivers/media/usb/dev-usb/az6027.c (bsc#1209291). * CVE-2023-28464: Fixed user-after-free that could lead to privilege escalation in hci_conn_cleanup in net/bluetooth/hci_conn.c (bsc#1209052). * CVE-2023-28466: Fixed race condition that could lead to use-after-free or NULL pointer dereference in do_tls_getsockopt in net/tls/tls_main.c (bsc#1209366). * CVE-2023-28772: Fixed buffer overflow in seq_buf_putmem_hex in lib/seq_buf.c (bsc#1209549). The following non-security bugs were fixed: * Do not sign the vanilla kernel (bsc#1209008). * PCI: hv: Add a per-bus mutex state_lock (bsc#1209785). * PCI: hv: Fix a race condition in hv_irq_unmask() that can cause panic (bsc#1209785). * PCI: hv: Remove the useless hv_pcichild_state from struct hv_pci_dev (bsc#1209785). * PCI: hv: fix a race condition bug in hv_pci_query_relations() (bsc#1209785). * Revert "PCI: hv: Fix a timing issue which causes kdump to fail occasionally" (bsc#1209785). * ipv6: raw: Deduct extension header length in rawv6_push_pending_frames (bsc#1207168). * kernel-module-subpackage: Fix expansion with -b parameter (bsc#1208179). * net: ena: optimize data access in fast-path code (bsc#1208137). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-1811=1 * SUSE Linux Enterprise Live Patching 15-SP3 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2023-1811=1 Please note that this is the initial kernel livepatch without fixes itself, this package is later updated by separate standalone kernel livepatch updates. * SUSE Linux Enterprise High Availability Extension 15 SP3 zypper in -t patch SUSE-SLE-Product-HA-15-SP3-2023-1811=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-1811=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-1811=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-1811=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-1811=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-1811=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-1811=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-1811=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-1811=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-1811=1 * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-1811=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-1811=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-1811=1 ## Package List: * openSUSE Leap 15.4 (nosrc) * dtb-aarch64-5.3.18-150300.59.118.1 * openSUSE Leap 15.4 (aarch64) * dtb-zte-5.3.18-150300.59.118.1 * dtb-al-5.3.18-150300.59.118.1 * SUSE Linux Enterprise Live Patching 15-SP3 (nosrc) * kernel-default-5.3.18-150300.59.118.1 * SUSE Linux Enterprise Live Patching 15-SP3 (ppc64le s390x x86_64) * kernel-default-debugsource-5.3.18-150300.59.118.1 * kernel-default-livepatch-5.3.18-150300.59.118.1 * kernel-default-livepatch-devel-5.3.18-150300.59.118.1 * kernel-default-debuginfo-5.3.18-150300.59.118.1 * kernel-livepatch-5_3_18-150300_59_118-default-1-150300.7.3.1 * SUSE Linux Enterprise High Availability Extension 15 SP3 (aarch64 ppc64le s390x x86_64) * kernel-default-debugsource-5.3.18-150300.59.118.1 * gfs2-kmp-default-debuginfo-5.3.18-150300.59.118.1 * dlm-kmp-default-debuginfo-5.3.18-150300.59.118.1 * cluster-md-kmp-default-5.3.18-150300.59.118.1 * gfs2-kmp-default-5.3.18-150300.59.118.1 * dlm-kmp-default-5.3.18-150300.59.118.1 * kernel-default-debuginfo-5.3.18-150300.59.118.1 * cluster-md-kmp-default-debuginfo-5.3.18-150300.59.118.1 * ocfs2-kmp-default-debuginfo-5.3.18-150300.59.118.1 * ocfs2-kmp-default-5.3.18-150300.59.118.1 * SUSE Linux Enterprise High Availability Extension 15 SP3 (nosrc) * kernel-default-5.3.18-150300.59.118.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 nosrc) * kernel-64kb-5.3.18-150300.59.118.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64) * kernel-64kb-devel-debuginfo-5.3.18-150300.59.118.1 * kernel-64kb-devel-5.3.18-150300.59.118.1 * kernel-64kb-debuginfo-5.3.18-150300.59.118.1 * kernel-64kb-debugsource-5.3.18-150300.59.118.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 nosrc x86_64) * kernel-default-5.3.18-150300.59.118.1 * kernel-preempt-5.3.18-150300.59.118.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * kernel-default-debugsource-5.3.18-150300.59.118.1 * reiserfs-kmp-default-5.3.18-150300.59.118.1 * kernel-preempt-debugsource-5.3.18-150300.59.118.1 * kernel-obs-build-debugsource-5.3.18-150300.59.118.1 * kernel-syms-5.3.18-150300.59.118.1 * reiserfs-kmp-default-debuginfo-5.3.18-150300.59.118.1 * kernel-preempt-devel-5.3.18-150300.59.118.1 * kernel-default-devel-5.3.18-150300.59.118.1 * kernel-default-devel-debuginfo-5.3.18-150300.59.118.1 * kernel-default-debuginfo-5.3.18-150300.59.118.1 * kernel-obs-build-5.3.18-150300.59.118.1 * kernel-default-base-5.3.18-150300.59.118.1.150300.18.68.1 * kernel-preempt-debuginfo-5.3.18-150300.59.118.1 * kernel-preempt-devel-debuginfo-5.3.18-150300.59.118.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * kernel-devel-5.3.18-150300.59.118.1 * kernel-macros-5.3.18-150300.59.118.1 * kernel-source-5.3.18-150300.59.118.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch nosrc) * kernel-docs-5.3.18-150300.59.118.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 nosrc) * kernel-64kb-5.3.18-150300.59.118.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64) * kernel-64kb-devel-debuginfo-5.3.18-150300.59.118.1 * kernel-64kb-devel-5.3.18-150300.59.118.1 * kernel-64kb-debuginfo-5.3.18-150300.59.118.1 * kernel-64kb-debugsource-5.3.18-150300.59.118.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 nosrc x86_64) * kernel-default-5.3.18-150300.59.118.1 * kernel-preempt-5.3.18-150300.59.118.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * kernel-default-debugsource-5.3.18-150300.59.118.1 * reiserfs-kmp-default-5.3.18-150300.59.118.1 * kernel-preempt-debugsource-5.3.18-150300.59.118.1 * kernel-obs-build-debugsource-5.3.18-150300.59.118.1 * kernel-syms-5.3.18-150300.59.118.1 * reiserfs-kmp-default-debuginfo-5.3.18-150300.59.118.1 * kernel-preempt-devel-5.3.18-150300.59.118.1 * kernel-default-devel-5.3.18-150300.59.118.1 * kernel-default-devel-debuginfo-5.3.18-150300.59.118.1 * kernel-default-debuginfo-5.3.18-150300.59.118.1 * kernel-obs-build-5.3.18-150300.59.118.1 * kernel-default-base-5.3.18-150300.59.118.1.150300.18.68.1 * kernel-preempt-debuginfo-5.3.18-150300.59.118.1 * kernel-preempt-devel-debuginfo-5.3.18-150300.59.118.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * kernel-devel-5.3.18-150300.59.118.1 * kernel-macros-5.3.18-150300.59.118.1 * kernel-source-5.3.18-150300.59.118.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch nosrc) * kernel-docs-5.3.18-150300.59.118.1 * SUSE Linux Enterprise Real Time 15 SP3 (nosrc x86_64) * kernel-default-5.3.18-150300.59.118.1 * kernel-preempt-5.3.18-150300.59.118.1 * SUSE Linux Enterprise Real Time 15 SP3 (x86_64) * kernel-default-debugsource-5.3.18-150300.59.118.1 * kernel-preempt-debugsource-5.3.18-150300.59.118.1 * kernel-obs-build-debugsource-5.3.18-150300.59.118.1 * kernel-syms-5.3.18-150300.59.118.1 * kernel-preempt-devel-5.3.18-150300.59.118.1 * kernel-default-devel-5.3.18-150300.59.118.1 * kernel-default-devel-debuginfo-5.3.18-150300.59.118.1 * kernel-default-debuginfo-5.3.18-150300.59.118.1 * kernel-obs-build-5.3.18-150300.59.118.1 * kernel-default-base-5.3.18-150300.59.118.1.150300.18.68.1 * kernel-preempt-debuginfo-5.3.18-150300.59.118.1 * kernel-preempt-devel-debuginfo-5.3.18-150300.59.118.1 * SUSE Linux Enterprise Real Time 15 SP3 (noarch) * kernel-devel-5.3.18-150300.59.118.1 * kernel-macros-5.3.18-150300.59.118.1 * kernel-source-5.3.18-150300.59.118.1 * SUSE Linux Enterprise Real Time 15 SP3 (noarch nosrc) * kernel-docs-5.3.18-150300.59.118.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 nosrc) * kernel-64kb-5.3.18-150300.59.118.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64) * kernel-64kb-devel-debuginfo-5.3.18-150300.59.118.1 * kernel-64kb-devel-5.3.18-150300.59.118.1 * kernel-64kb-debuginfo-5.3.18-150300.59.118.1 * kernel-64kb-debugsource-5.3.18-150300.59.118.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64 nosrc) * kernel-default-5.3.18-150300.59.118.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * kernel-default-debugsource-5.3.18-150300.59.118.1 * reiserfs-kmp-default-5.3.18-150300.59.118.1 * kernel-obs-build-debugsource-5.3.18-150300.59.118.1 * kernel-syms-5.3.18-150300.59.118.1 * kernel-default-devel-5.3.18-150300.59.118.1 * kernel-default-devel-debuginfo-5.3.18-150300.59.118.1 * kernel-default-debuginfo-5.3.18-150300.59.118.1 * kernel-obs-build-5.3.18-150300.59.118.1 * kernel-default-base-5.3.18-150300.59.118.1.150300.18.68.1 * reiserfs-kmp-default-debuginfo-5.3.18-150300.59.118.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * kernel-devel-5.3.18-150300.59.118.1 * kernel-macros-5.3.18-150300.59.118.1 * kernel-source-5.3.18-150300.59.118.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch nosrc) * kernel-docs-5.3.18-150300.59.118.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 nosrc x86_64) * kernel-preempt-5.3.18-150300.59.118.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 x86_64) * kernel-preempt-debuginfo-5.3.18-150300.59.118.1 * kernel-preempt-debugsource-5.3.18-150300.59.118.1 * kernel-preempt-devel-debuginfo-5.3.18-150300.59.118.1 * kernel-preempt-devel-5.3.18-150300.59.118.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (nosrc s390x) * kernel-zfcpdump-5.3.18-150300.59.118.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (s390x) * kernel-zfcpdump-debuginfo-5.3.18-150300.59.118.1 * kernel-zfcpdump-debugsource-5.3.18-150300.59.118.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (nosrc ppc64le x86_64) * kernel-default-5.3.18-150300.59.118.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * kernel-default-debugsource-5.3.18-150300.59.118.1 * reiserfs-kmp-default-5.3.18-150300.59.118.1 * kernel-obs-build-debugsource-5.3.18-150300.59.118.1 * kernel-syms-5.3.18-150300.59.118.1 * kernel-default-devel-5.3.18-150300.59.118.1 * kernel-default-devel-debuginfo-5.3.18-150300.59.118.1 * kernel-default-debuginfo-5.3.18-150300.59.118.1 * kernel-obs-build-5.3.18-150300.59.118.1 * kernel-default-base-5.3.18-150300.59.118.1.150300.18.68.1 * reiserfs-kmp-default-debuginfo-5.3.18-150300.59.118.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * kernel-devel-5.3.18-150300.59.118.1 * kernel-macros-5.3.18-150300.59.118.1 * kernel-source-5.3.18-150300.59.118.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch nosrc) * kernel-docs-5.3.18-150300.59.118.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (nosrc x86_64) * kernel-preempt-5.3.18-150300.59.118.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (x86_64) * kernel-preempt-debuginfo-5.3.18-150300.59.118.1 * kernel-preempt-debugsource-5.3.18-150300.59.118.1 * kernel-preempt-devel-debuginfo-5.3.18-150300.59.118.1 * kernel-preempt-devel-5.3.18-150300.59.118.1 * SUSE Manager Proxy 4.2 (nosrc x86_64) * kernel-default-5.3.18-150300.59.118.1 * kernel-preempt-5.3.18-150300.59.118.1 * SUSE Manager Proxy 4.2 (x86_64) * kernel-default-debugsource-5.3.18-150300.59.118.1 * kernel-preempt-debugsource-5.3.18-150300.59.118.1 * kernel-default-devel-5.3.18-150300.59.118.1 * kernel-default-devel-debuginfo-5.3.18-150300.59.118.1 * kernel-default-debuginfo-5.3.18-150300.59.118.1 * kernel-default-base-5.3.18-150300.59.118.1.150300.18.68.1 * kernel-preempt-debuginfo-5.3.18-150300.59.118.1 * SUSE Manager Proxy 4.2 (noarch) * kernel-devel-5.3.18-150300.59.118.1 * kernel-macros-5.3.18-150300.59.118.1 * SUSE Manager Retail Branch Server 4.2 (nosrc x86_64) * kernel-default-5.3.18-150300.59.118.1 * kernel-preempt-5.3.18-150300.59.118.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * kernel-default-debugsource-5.3.18-150300.59.118.1 * kernel-preempt-debugsource-5.3.18-150300.59.118.1 * kernel-default-devel-5.3.18-150300.59.118.1 * kernel-default-devel-debuginfo-5.3.18-150300.59.118.1 * kernel-default-debuginfo-5.3.18-150300.59.118.1 * kernel-default-base-5.3.18-150300.59.118.1.150300.18.68.1 * kernel-preempt-debuginfo-5.3.18-150300.59.118.1 * SUSE Manager Retail Branch Server 4.2 (noarch) * kernel-devel-5.3.18-150300.59.118.1 * kernel-macros-5.3.18-150300.59.118.1 * SUSE Manager Server 4.2 (nosrc ppc64le s390x x86_64) * kernel-default-5.3.18-150300.59.118.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * kernel-default-debugsource-5.3.18-150300.59.118.1 * kernel-default-devel-5.3.18-150300.59.118.1 * kernel-default-devel-debuginfo-5.3.18-150300.59.118.1 * kernel-default-debuginfo-5.3.18-150300.59.118.1 * kernel-default-base-5.3.18-150300.59.118.1.150300.18.68.1 * SUSE Manager Server 4.2 (noarch) * kernel-devel-5.3.18-150300.59.118.1 * kernel-macros-5.3.18-150300.59.118.1 * SUSE Manager Server 4.2 (nosrc s390x) * kernel-zfcpdump-5.3.18-150300.59.118.1 * SUSE Manager Server 4.2 (s390x) * kernel-zfcpdump-debuginfo-5.3.18-150300.59.118.1 * kernel-zfcpdump-debugsource-5.3.18-150300.59.118.1 * SUSE Manager Server 4.2 (nosrc x86_64) * kernel-preempt-5.3.18-150300.59.118.1 * SUSE Manager Server 4.2 (x86_64) * kernel-preempt-debuginfo-5.3.18-150300.59.118.1 * kernel-preempt-debugsource-5.3.18-150300.59.118.1 * SUSE Enterprise Storage 7.1 (aarch64 nosrc) * kernel-64kb-5.3.18-150300.59.118.1 * SUSE Enterprise Storage 7.1 (aarch64) * kernel-64kb-devel-debuginfo-5.3.18-150300.59.118.1 * kernel-64kb-devel-5.3.18-150300.59.118.1 * kernel-64kb-debuginfo-5.3.18-150300.59.118.1 * kernel-64kb-debugsource-5.3.18-150300.59.118.1 * SUSE Enterprise Storage 7.1 (aarch64 nosrc x86_64) * kernel-default-5.3.18-150300.59.118.1 * kernel-preempt-5.3.18-150300.59.118.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * kernel-default-debugsource-5.3.18-150300.59.118.1 * reiserfs-kmp-default-5.3.18-150300.59.118.1 * kernel-preempt-debugsource-5.3.18-150300.59.118.1 * kernel-obs-build-debugsource-5.3.18-150300.59.118.1 * kernel-syms-5.3.18-150300.59.118.1 * reiserfs-kmp-default-debuginfo-5.3.18-150300.59.118.1 * kernel-preempt-devel-5.3.18-150300.59.118.1 * kernel-default-devel-5.3.18-150300.59.118.1 * kernel-default-devel-debuginfo-5.3.18-150300.59.118.1 * kernel-default-debuginfo-5.3.18-150300.59.118.1 * kernel-obs-build-5.3.18-150300.59.118.1 * kernel-default-base-5.3.18-150300.59.118.1.150300.18.68.1 * kernel-preempt-debuginfo-5.3.18-150300.59.118.1 * kernel-preempt-devel-debuginfo-5.3.18-150300.59.118.1 * SUSE Enterprise Storage 7.1 (noarch) * kernel-devel-5.3.18-150300.59.118.1 * kernel-macros-5.3.18-150300.59.118.1 * kernel-source-5.3.18-150300.59.118.1 * SUSE Enterprise Storage 7.1 (noarch nosrc) * kernel-docs-5.3.18-150300.59.118.1 * SUSE Linux Enterprise Micro 5.1 (aarch64 nosrc s390x x86_64) * kernel-default-5.3.18-150300.59.118.1 * SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64) * kernel-default-base-5.3.18-150300.59.118.1.150300.18.68.1 * kernel-default-debugsource-5.3.18-150300.59.118.1 * kernel-default-debuginfo-5.3.18-150300.59.118.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 nosrc s390x x86_64) * kernel-default-5.3.18-150300.59.118.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * kernel-default-base-5.3.18-150300.59.118.1.150300.18.68.1 * kernel-default-debugsource-5.3.18-150300.59.118.1 * kernel-default-debuginfo-5.3.18-150300.59.118.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 nosrc s390x x86_64) * kernel-default-5.3.18-150300.59.118.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * kernel-default-base-5.3.18-150300.59.118.1.150300.18.68.1 * kernel-default-debugsource-5.3.18-150300.59.118.1 * kernel-default-debuginfo-5.3.18-150300.59.118.1 ## References: * https://www.suse.com/security/cve/CVE-2017-5753.html * https://www.suse.com/security/cve/CVE-2021-3923.html * https://www.suse.com/security/cve/CVE-2022-4744.html * https://www.suse.com/security/cve/CVE-2023-0461.html * https://www.suse.com/security/cve/CVE-2023-1075.html * https://www.suse.com/security/cve/CVE-2023-1076.html * https://www.suse.com/security/cve/CVE-2023-1078.html * https://www.suse.com/security/cve/CVE-2023-1095.html * https://www.suse.com/security/cve/CVE-2023-1281.html * https://www.suse.com/security/cve/CVE-2023-1382.html * https://www.suse.com/security/cve/CVE-2023-1390.html * https://www.suse.com/security/cve/CVE-2023-1513.html * https://www.suse.com/security/cve/CVE-2023-1582.html * https://www.suse.com/security/cve/CVE-2023-23004.html * https://www.suse.com/security/cve/CVE-2023-25012.html * https://www.suse.com/security/cve/CVE-2023-28327.html * https://www.suse.com/security/cve/CVE-2023-28328.html * https://www.suse.com/security/cve/CVE-2023-28464.html * https://www.suse.com/security/cve/CVE-2023-28466.html * https://www.suse.com/security/cve/CVE-2023-28772.html * https://bugzilla.suse.com/show_bug.cgi?id=1207168 * https://bugzilla.suse.com/show_bug.cgi?id=1207560 * https://bugzilla.suse.com/show_bug.cgi?id=1208137 * https://bugzilla.suse.com/show_bug.cgi?id=1208179 * https://bugzilla.suse.com/show_bug.cgi?id=1208598 * https://bugzilla.suse.com/show_bug.cgi?id=1208599 * https://bugzilla.suse.com/show_bug.cgi?id=1208601 * https://bugzilla.suse.com/show_bug.cgi?id=1208777 * https://bugzilla.suse.com/show_bug.cgi?id=1208787 * https://bugzilla.suse.com/show_bug.cgi?id=1208843 * https://bugzilla.suse.com/show_bug.cgi?id=1209008 * https://bugzilla.suse.com/show_bug.cgi?id=1209052 * https://bugzilla.suse.com/show_bug.cgi?id=1209256 * https://bugzilla.suse.com/show_bug.cgi?id=1209288 * https://bugzilla.suse.com/show_bug.cgi?id=1209289 * https://bugzilla.suse.com/show_bug.cgi?id=1209290 * https://bugzilla.suse.com/show_bug.cgi?id=1209291 * https://bugzilla.suse.com/show_bug.cgi?id=1209366 * https://bugzilla.suse.com/show_bug.cgi?id=1209532 * https://bugzilla.suse.com/show_bug.cgi?id=1209547 * https://bugzilla.suse.com/show_bug.cgi?id=1209549 * https://bugzilla.suse.com/show_bug.cgi?id=1209634 * https://bugzilla.suse.com/show_bug.cgi?id=1209635 * https://bugzilla.suse.com/show_bug.cgi?id=1209636 * https://bugzilla.suse.com/show_bug.cgi?id=1209672 * https://bugzilla.suse.com/show_bug.cgi?id=1209683 * https://bugzilla.suse.com/show_bug.cgi?id=1209778 * https://bugzilla.suse.com/show_bug.cgi?id=1209785 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Apr 11 12:30:44 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 11 Apr 2023 12:30:44 -0000 Subject: SUSE-RU-2023:1810-1: moderate: Recommended update for cups Message-ID: <168121624453.2326.9575471300516328960@smelt2.suse.de> # Recommended update for cups Announcement ID: SUSE-RU-2023:1810-1 Rating: moderate References: * #1191467 * #1191525 * #1198932 * #1200321 * #1201234 * #1203446 Affected Products: * Basesystem Module 15-SP4 * Development Tools Module 15-SP4 * openSUSE Leap 15.4 * openSUSE Leap Micro 5.3 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has six recommended fixes can now be installed. ## Description: This update for cups fixes the following issues: * Fix print jobs on cups.sock return with EAGAIN (Resource temporarily unavailable) (bsc#1191525) * Fix "/usr/bin/lpr: Error - The printer or class does not exist (bsc#1203446) * Improves logging on 'IPP_STATUS_ERROR_NOT_FOUND' error (bsc#1191467, bsc#1198932) * Add "After=network.target sssd.service" to the systemd unit (bsc#1201234, bsc#1200321) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-1810=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-1810=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-1810=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-1810=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-1810=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-1810=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-1810=1 * Development Tools Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-1810=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-1810=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-1810=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-1810=1 ## Package List: * openSUSE Leap Micro 5.3 (aarch64 x86_64) * cups-debugsource-2.2.7-150000.3.40.1 * libcups2-debuginfo-2.2.7-150000.3.40.1 * cups-debuginfo-2.2.7-150000.3.40.1 * cups-config-2.2.7-150000.3.40.1 * libcups2-2.2.7-150000.3.40.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * libcupsimage2-2.2.7-150000.3.40.1 * libcupsimage2-debuginfo-2.2.7-150000.3.40.1 * libcupsppdc1-2.2.7-150000.3.40.1 * cups-client-2.2.7-150000.3.40.1 * cups-ddk-2.2.7-150000.3.40.1 * libcupscgi1-2.2.7-150000.3.40.1 * cups-2.2.7-150000.3.40.1 * cups-debugsource-2.2.7-150000.3.40.1 * libcupsmime1-debuginfo-2.2.7-150000.3.40.1 * cups-devel-2.2.7-150000.3.40.1 * cups-client-debuginfo-2.2.7-150000.3.40.1 * libcups2-debuginfo-2.2.7-150000.3.40.1 * libcupsmime1-2.2.7-150000.3.40.1 * cups-debuginfo-2.2.7-150000.3.40.1 * cups-ddk-debuginfo-2.2.7-150000.3.40.1 * libcupscgi1-debuginfo-2.2.7-150000.3.40.1 * cups-config-2.2.7-150000.3.40.1 * libcups2-2.2.7-150000.3.40.1 * libcupsppdc1-debuginfo-2.2.7-150000.3.40.1 * openSUSE Leap 15.4 (x86_64) * libcupsppdc1-32bit-debuginfo-2.2.7-150000.3.40.1 * libcupscgi1-32bit-2.2.7-150000.3.40.1 * libcupsimage2-32bit-2.2.7-150000.3.40.1 * libcups2-32bit-2.2.7-150000.3.40.1 * libcupsmime1-32bit-2.2.7-150000.3.40.1 * libcupsppdc1-32bit-2.2.7-150000.3.40.1 * libcupsimage2-32bit-debuginfo-2.2.7-150000.3.40.1 * libcupsmime1-32bit-debuginfo-2.2.7-150000.3.40.1 * cups-devel-32bit-2.2.7-150000.3.40.1 * libcupscgi1-32bit-debuginfo-2.2.7-150000.3.40.1 * libcups2-32bit-debuginfo-2.2.7-150000.3.40.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * cups-debugsource-2.2.7-150000.3.40.1 * libcups2-debuginfo-2.2.7-150000.3.40.1 * cups-debuginfo-2.2.7-150000.3.40.1 * cups-config-2.2.7-150000.3.40.1 * libcups2-2.2.7-150000.3.40.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * cups-debugsource-2.2.7-150000.3.40.1 * libcups2-debuginfo-2.2.7-150000.3.40.1 * cups-debuginfo-2.2.7-150000.3.40.1 * cups-config-2.2.7-150000.3.40.1 * libcups2-2.2.7-150000.3.40.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * cups-debugsource-2.2.7-150000.3.40.1 * libcups2-debuginfo-2.2.7-150000.3.40.1 * cups-debuginfo-2.2.7-150000.3.40.1 * cups-config-2.2.7-150000.3.40.1 * libcups2-2.2.7-150000.3.40.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * cups-debugsource-2.2.7-150000.3.40.1 * libcups2-debuginfo-2.2.7-150000.3.40.1 * cups-debuginfo-2.2.7-150000.3.40.1 * cups-config-2.2.7-150000.3.40.1 * libcups2-2.2.7-150000.3.40.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * libcupsimage2-2.2.7-150000.3.40.1 * libcupsimage2-debuginfo-2.2.7-150000.3.40.1 * libcupsppdc1-2.2.7-150000.3.40.1 * cups-client-2.2.7-150000.3.40.1 * libcupscgi1-2.2.7-150000.3.40.1 * libcupsmime1-debuginfo-2.2.7-150000.3.40.1 * cups-2.2.7-150000.3.40.1 * cups-debugsource-2.2.7-150000.3.40.1 * cups-devel-2.2.7-150000.3.40.1 * cups-client-debuginfo-2.2.7-150000.3.40.1 * libcups2-debuginfo-2.2.7-150000.3.40.1 * libcupsmime1-2.2.7-150000.3.40.1 * cups-debuginfo-2.2.7-150000.3.40.1 * libcupscgi1-debuginfo-2.2.7-150000.3.40.1 * cups-config-2.2.7-150000.3.40.1 * libcups2-2.2.7-150000.3.40.1 * libcupsppdc1-debuginfo-2.2.7-150000.3.40.1 * Basesystem Module 15-SP4 (x86_64) * libcups2-32bit-2.2.7-150000.3.40.1 * libcups2-32bit-debuginfo-2.2.7-150000.3.40.1 * Development Tools Module 15-SP4 (aarch64 ppc64le s390x x86_64) * cups-debugsource-2.2.7-150000.3.40.1 * cups-debuginfo-2.2.7-150000.3.40.1 * cups-ddk-debuginfo-2.2.7-150000.3.40.1 * cups-ddk-2.2.7-150000.3.40.1 * SUSE Linux Enterprise Real Time 15 SP3 (x86_64) * cups-devel-2.2.7-150000.3.40.1 * libcups2-debuginfo-2.2.7-150000.3.40.1 * libcups2-2.2.7-150000.3.40.1 * libcups2-32bit-debuginfo-2.2.7-150000.3.40.1 * libcupsimage2-debuginfo-2.2.7-150000.3.40.1 * libcupscgi1-2.2.7-150000.3.40.1 * libcupsmime1-debuginfo-2.2.7-150000.3.40.1 * cups-client-debuginfo-2.2.7-150000.3.40.1 * cups-config-2.2.7-150000.3.40.1 * libcupsppdc1-debuginfo-2.2.7-150000.3.40.1 * libcupsimage2-2.2.7-150000.3.40.1 * libcupsppdc1-2.2.7-150000.3.40.1 * cups-client-2.2.7-150000.3.40.1 * cups-2.2.7-150000.3.40.1 * libcups2-32bit-2.2.7-150000.3.40.1 * libcupscgi1-debuginfo-2.2.7-150000.3.40.1 * cups-ddk-2.2.7-150000.3.40.1 * cups-debugsource-2.2.7-150000.3.40.1 * libcupsmime1-2.2.7-150000.3.40.1 * cups-debuginfo-2.2.7-150000.3.40.1 * cups-ddk-debuginfo-2.2.7-150000.3.40.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * cups-debugsource-2.2.7-150000.3.40.1 * libcups2-debuginfo-2.2.7-150000.3.40.1 * cups-debuginfo-2.2.7-150000.3.40.1 * cups-config-2.2.7-150000.3.40.1 * libcups2-2.2.7-150000.3.40.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * cups-debugsource-2.2.7-150000.3.40.1 * libcups2-debuginfo-2.2.7-150000.3.40.1 * cups-debuginfo-2.2.7-150000.3.40.1 * cups-config-2.2.7-150000.3.40.1 * libcups2-2.2.7-150000.3.40.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1191467 * https://bugzilla.suse.com/show_bug.cgi?id=1191525 * https://bugzilla.suse.com/show_bug.cgi?id=1198932 * https://bugzilla.suse.com/show_bug.cgi?id=1200321 * https://bugzilla.suse.com/show_bug.cgi?id=1201234 * https://bugzilla.suse.com/show_bug.cgi?id=1203446 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Apr 11 12:30:47 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 11 Apr 2023 12:30:47 -0000 Subject: SUSE-RU-2023:1809-1: moderate: Recommended update for haveged Message-ID: <168121624727.2326.8682442051445559254@smelt2.suse.de> # Recommended update for haveged Announcement ID: SUSE-RU-2023:1809-1 Rating: moderate References: * #1203079 Affected Products: * Basesystem Module 15-SP4 * openSUSE Leap 15.4 * openSUSE Leap Micro 5.3 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has one recommended fix can now be installed. ## Description: This update for haveged fixes the following issues: * Synchronize haveged instances during switching root (bsc#1203079) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-1809=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-1809=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-1809=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-1809=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-1809=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-1809=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-1809=1 ## Package List: * openSUSE Leap Micro 5.3 (aarch64 x86_64) * haveged-1.9.14-150400.3.3.1 * libhavege2-debuginfo-1.9.14-150400.3.3.1 * libhavege2-1.9.14-150400.3.3.1 * haveged-debuginfo-1.9.14-150400.3.3.1 * haveged-debugsource-1.9.14-150400.3.3.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * haveged-1.9.14-150400.3.3.1 * libhavege2-debuginfo-1.9.14-150400.3.3.1 * libhavege2-1.9.14-150400.3.3.1 * haveged-devel-1.9.14-150400.3.3.1 * haveged-debuginfo-1.9.14-150400.3.3.1 * haveged-debugsource-1.9.14-150400.3.3.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * haveged-1.9.14-150400.3.3.1 * libhavege2-debuginfo-1.9.14-150400.3.3.1 * libhavege2-1.9.14-150400.3.3.1 * haveged-debuginfo-1.9.14-150400.3.3.1 * haveged-debugsource-1.9.14-150400.3.3.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * haveged-1.9.14-150400.3.3.1 * libhavege2-debuginfo-1.9.14-150400.3.3.1 * libhavege2-1.9.14-150400.3.3.1 * haveged-debuginfo-1.9.14-150400.3.3.1 * haveged-debugsource-1.9.14-150400.3.3.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * haveged-1.9.14-150400.3.3.1 * libhavege2-debuginfo-1.9.14-150400.3.3.1 * libhavege2-1.9.14-150400.3.3.1 * haveged-debuginfo-1.9.14-150400.3.3.1 * haveged-debugsource-1.9.14-150400.3.3.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * haveged-1.9.14-150400.3.3.1 * libhavege2-debuginfo-1.9.14-150400.3.3.1 * libhavege2-1.9.14-150400.3.3.1 * haveged-debuginfo-1.9.14-150400.3.3.1 * haveged-debugsource-1.9.14-150400.3.3.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * haveged-1.9.14-150400.3.3.1 * libhavege2-debuginfo-1.9.14-150400.3.3.1 * libhavege2-1.9.14-150400.3.3.1 * haveged-devel-1.9.14-150400.3.3.1 * haveged-debuginfo-1.9.14-150400.3.3.1 * haveged-debugsource-1.9.14-150400.3.3.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1203079 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Apr 11 16:30:02 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 11 Apr 2023 16:30:02 -0000 Subject: SUSE-SU-2023:1819-1: important: Security update for MozillaFirefox Message-ID: <168123060234.25793.8867430033052967372@smelt2.suse.de> # Security update for MozillaFirefox Announcement ID: SUSE-SU-2023:1819-1 Rating: important References: * #1210212 Cross-References: * CVE-2023-1945 * CVE-2023-29531 * CVE-2023-29532 * CVE-2023-29533 * CVE-2023-29535 * CVE-2023-29536 * CVE-2023-29539 * CVE-2023-29541 * CVE-2023-29542 * CVE-2023-29545 * CVE-2023-29548 * CVE-2023-29550 CVSS scores: Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP2 * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP2 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 * SUSE OpenStack Cloud 9 * SUSE OpenStack Cloud Crowbar 9 An update that solves 12 vulnerabilities can now be installed. ## Description: This update for MozillaFirefox fixes the following issues: * Firefox Extended Support Release 102.10.0 ESR (bsc#1210212) * CVE-2023-29531: Out-of-bound memory access in WebGL on macOS * CVE-2023-29532: Mozilla Maintenance Service Write-lock bypass * CVE-2023-29533: Fullscreen notification obscured * MFSA-TMP-2023-0001: Double-free in libwebp * CVE-2023-29535: Potential Memory Corruption following Garbage Collector compaction * CVE-2023-29536: Invalid free from JavaScript code * CVE-2023-29539: Content-Disposition filename truncation leads to Reflected File Download * CVE-2023-29541: Files with malicious extensions could have been downloaded unsafely on Linux * CVE-2023-29542: Bypass of file download extension restrictions * CVE-2023-29545: Windows Save As dialog resolved environment variables * CVE-2023-1945: Memory Corruption in Safe Browsing Code * CVE-2023-29548: Incorrect optimization result on ARM64 * CVE-2023-29550: Memory safety bugs fixed in Firefox 112 and Firefox ESR 102.10 ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE OpenStack Cloud 9 zypper in -t patch SUSE-OpenStack-Cloud-9-2023-1819=1 * SUSE OpenStack Cloud Crowbar 9 zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2023-1819=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 zypper in -t patch SUSE-SLE-SAP-12-SP4-2023-1819=1 * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-1819=1 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2023-1819=1 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 zypper in -t patch SUSE-SLE-SERVER-12-SP4-ESPOS-2023-1819=1 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2023-1819=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-1819=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-1819=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-1819=1 ## Package List: * SUSE OpenStack Cloud 9 (x86_64) * MozillaFirefox-debuginfo-102.10.0-112.156.1 * MozillaFirefox-debugsource-102.10.0-112.156.1 * MozillaFirefox-translations-common-102.10.0-112.156.1 * MozillaFirefox-devel-102.10.0-112.156.1 * MozillaFirefox-102.10.0-112.156.1 * SUSE OpenStack Cloud Crowbar 9 (x86_64) * MozillaFirefox-debuginfo-102.10.0-112.156.1 * MozillaFirefox-debugsource-102.10.0-112.156.1 * MozillaFirefox-translations-common-102.10.0-112.156.1 * MozillaFirefox-devel-102.10.0-112.156.1 * MozillaFirefox-102.10.0-112.156.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 (ppc64le x86_64) * MozillaFirefox-debuginfo-102.10.0-112.156.1 * MozillaFirefox-debugsource-102.10.0-112.156.1 * MozillaFirefox-translations-common-102.10.0-112.156.1 * MozillaFirefox-devel-102.10.0-112.156.1 * MozillaFirefox-102.10.0-112.156.1 * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * MozillaFirefox-debugsource-102.10.0-112.156.1 * MozillaFirefox-debuginfo-102.10.0-112.156.1 * MozillaFirefox-devel-102.10.0-112.156.1 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 (x86_64) * MozillaFirefox-debuginfo-102.10.0-112.156.1 * MozillaFirefox-debugsource-102.10.0-112.156.1 * MozillaFirefox-translations-common-102.10.0-112.156.1 * MozillaFirefox-devel-102.10.0-112.156.1 * MozillaFirefox-102.10.0-112.156.1 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 (aarch64 x86_64) * MozillaFirefox-debuginfo-102.10.0-112.156.1 * MozillaFirefox-debugsource-102.10.0-112.156.1 * MozillaFirefox-translations-common-102.10.0-112.156.1 * MozillaFirefox-devel-102.10.0-112.156.1 * MozillaFirefox-102.10.0-112.156.1 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 (aarch64 ppc64le s390x x86_64) * MozillaFirefox-debuginfo-102.10.0-112.156.1 * MozillaFirefox-debugsource-102.10.0-112.156.1 * MozillaFirefox-translations-common-102.10.0-112.156.1 * MozillaFirefox-devel-102.10.0-112.156.1 * MozillaFirefox-102.10.0-112.156.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * MozillaFirefox-debuginfo-102.10.0-112.156.1 * MozillaFirefox-debugsource-102.10.0-112.156.1 * MozillaFirefox-translations-common-102.10.0-112.156.1 * MozillaFirefox-devel-102.10.0-112.156.1 * MozillaFirefox-102.10.0-112.156.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * MozillaFirefox-debuginfo-102.10.0-112.156.1 * MozillaFirefox-debugsource-102.10.0-112.156.1 * MozillaFirefox-translations-common-102.10.0-112.156.1 * MozillaFirefox-devel-102.10.0-112.156.1 * MozillaFirefox-102.10.0-112.156.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * MozillaFirefox-debuginfo-102.10.0-112.156.1 * MozillaFirefox-debugsource-102.10.0-112.156.1 * MozillaFirefox-translations-common-102.10.0-112.156.1 * MozillaFirefox-devel-102.10.0-112.156.1 * MozillaFirefox-102.10.0-112.156.1 ## References: * https://www.suse.com/security/cve/CVE-2023-1945.html * https://www.suse.com/security/cve/CVE-2023-29531.html * https://www.suse.com/security/cve/CVE-2023-29532.html * https://www.suse.com/security/cve/CVE-2023-29533.html * https://www.suse.com/security/cve/CVE-2023-29535.html * https://www.suse.com/security/cve/CVE-2023-29536.html * https://www.suse.com/security/cve/CVE-2023-29539.html * https://www.suse.com/security/cve/CVE-2023-29541.html * https://www.suse.com/security/cve/CVE-2023-29542.html * https://www.suse.com/security/cve/CVE-2023-29545.html * https://www.suse.com/security/cve/CVE-2023-29548.html * https://www.suse.com/security/cve/CVE-2023-29550.html * https://bugzilla.suse.com/show_bug.cgi?id=1210212 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Apr 11 16:30:04 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 11 Apr 2023 16:30:04 -0000 Subject: SUSE-SU-2023:1817-1: important: Security update for MozillaFirefox Message-ID: <168123060480.25793.6373233954415662066@smelt2.suse.de> # Security update for MozillaFirefox Announcement ID: SUSE-SU-2023:1817-1 Rating: important References: * #1210212 Cross-References: * CVE-2023-1945 * CVE-2023-29531 * CVE-2023-29532 * CVE-2023-29533 * CVE-2023-29535 * CVE-2023-29536 * CVE-2023-29539 * CVE-2023-29541 * CVE-2023-29542 * CVE-2023-29545 * CVE-2023-29548 * CVE-2023-29550 CVSS scores: Affected Products: * SUSE CaaS Platform 4.0 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 An update that solves 12 vulnerabilities can now be installed. ## Description: This update for MozillaFirefox fixes the following issues: * Firefox Extended Support Release 102.10.0 ESR (bsc#1210212) * CVE-2023-29531: Out-of-bound memory access in WebGL on macOS * CVE-2023-29532: Mozilla Maintenance Service Write-lock bypass * CVE-2023-29533: Fullscreen notification obscured * MFSA-TMP-2023-0001: Double-free in libwebp * CVE-2023-29535: Potential Memory Corruption following Garbage Collector compaction * CVE-2023-29536: Invalid free from JavaScript code * CVE-2023-29539: Content-Disposition filename truncation leads to Reflected File Download * CVE-2023-29541: Files with malicious extensions could have been downloaded unsafely on Linux * CVE-2023-29542: Bypass of file download extension restrictions * CVE-2023-29545: Windows Save As dialog resolved environment variables * CVE-2023-1945: Memory Corruption in Safe Browsing Code * CVE-2023-29548: Incorrect optimization result on ARM64 * CVE-2023-29550: Memory safety bugs fixed in Firefox 112 and Firefox ESR 102.10 ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-1817=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-1817=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-1817=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. ## Package List: * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * MozillaFirefox-translations-common-102.10.0-150000.150.82.1 * MozillaFirefox-translations-other-102.10.0-150000.150.82.1 * MozillaFirefox-debuginfo-102.10.0-150000.150.82.1 * MozillaFirefox-devel-102.10.0-150000.150.82.1 * MozillaFirefox-debugsource-102.10.0-150000.150.82.1 * MozillaFirefox-102.10.0-150000.150.82.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * MozillaFirefox-translations-common-102.10.0-150000.150.82.1 * MozillaFirefox-translations-other-102.10.0-150000.150.82.1 * MozillaFirefox-debuginfo-102.10.0-150000.150.82.1 * MozillaFirefox-devel-102.10.0-150000.150.82.1 * MozillaFirefox-debugsource-102.10.0-150000.150.82.1 * MozillaFirefox-102.10.0-150000.150.82.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * MozillaFirefox-translations-common-102.10.0-150000.150.82.1 * MozillaFirefox-translations-other-102.10.0-150000.150.82.1 * MozillaFirefox-debuginfo-102.10.0-150000.150.82.1 * MozillaFirefox-devel-102.10.0-150000.150.82.1 * MozillaFirefox-debugsource-102.10.0-150000.150.82.1 * MozillaFirefox-102.10.0-150000.150.82.1 * SUSE CaaS Platform 4.0 (x86_64) * MozillaFirefox-translations-common-102.10.0-150000.150.82.1 * MozillaFirefox-translations-other-102.10.0-150000.150.82.1 * MozillaFirefox-debuginfo-102.10.0-150000.150.82.1 * MozillaFirefox-devel-102.10.0-150000.150.82.1 * MozillaFirefox-debugsource-102.10.0-150000.150.82.1 * MozillaFirefox-102.10.0-150000.150.82.1 ## References: * https://www.suse.com/security/cve/CVE-2023-1945.html * https://www.suse.com/security/cve/CVE-2023-29531.html * https://www.suse.com/security/cve/CVE-2023-29532.html * https://www.suse.com/security/cve/CVE-2023-29533.html * https://www.suse.com/security/cve/CVE-2023-29535.html * https://www.suse.com/security/cve/CVE-2023-29536.html * https://www.suse.com/security/cve/CVE-2023-29539.html * https://www.suse.com/security/cve/CVE-2023-29541.html * https://www.suse.com/security/cve/CVE-2023-29542.html * https://www.suse.com/security/cve/CVE-2023-29545.html * https://www.suse.com/security/cve/CVE-2023-29548.html * https://www.suse.com/security/cve/CVE-2023-29550.html * https://bugzilla.suse.com/show_bug.cgi?id=1210212 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Apr 12 07:03:59 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 12 Apr 2023 09:03:59 +0200 (CEST) Subject: SUSE-CU-2023:1063-1: Recommended update of suse/sle-micro/5.3/toolbox Message-ID: <20230412070359.215DAF36E@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.3/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1063-1 Container Tags : suse/sle-micro/5.3/toolbox:12.1 , suse/sle-micro/5.3/toolbox:12.1-5.2.108 , suse/sle-micro/5.3/toolbox:latest Container Release : 5.2.108 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container suse/sle-micro/5.3/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1808-1 Released: Tue Apr 11 11:33:51 2023 Summary: Recommended update for gdb Type: recommended Severity: moderate References: gdb was updated to version 12.1: * DBX mode is deprecated, and will be removed in GDB 13. * GDB 12 is the last release of GDB that will support building against Python 2. From GDB 13, it will only be possible to build GDB itself with Python 3 support. * Improved C++ template support: GDB now treats functions/types involving C++ templates like it does function overloads. Users may omit parameter lists to set breakpoints on families of template functions, including types/functions composed of multiple template types: (gdb) break template_func(template_1, int) The above will set breakpoints at every function `template_func' where the first function parameter is any template type named `template_1' and the second function parameter is `int'. TAB completion also gains similar improvements. * New commands: - maint set backtrace-on-fatal-signal on|off - maint show backtrace-on-fatal-signal This setting is 'on' by default. When 'on' GDB will print a limited backtrace to stderr in the situation where GDB terminates with a fatal signal. This only supported on some platforms where the backtrace and backtrace_symbols_fd functions are available. - set source open on|off - show source open This setting, which is on by default, controls whether GDB will try to open source code files. Switching this off will stop GDB trying to open and read source code files, which can be useful if the files are located over a slow network connection. - set varsize-limit - show varsize-limit These are now deprecated aliases for 'set max-value-size' and 'show max-value-size'. - task apply [all | TASK-IDS...] [FLAG]... COMMAND Like 'thread apply', but applies COMMAND to Ada tasks. - watch [...] task ID Watchpoints can now be restricted to a specific Ada task. - maint set internal-error backtrace on|off - maint show internal-error backtrace - maint set internal-warning backtrace on|off - maint show internal-warning backtrace GDB can now print a backtrace of itself when it encounters either an internal-error, or an internal-warning. This is on by default for internal-error and off by default for internal-warning. - set logging on|off Deprecated and replaced by 'set logging enabled on|off'. - set logging enabled on|off - show logging enabled These commands set or show whether logging is enabled or disabled. - exit You can now exit GDB by using the new command 'exit', in addition to the existing 'quit' command. - set debug threads on|off - show debug threads Print additional debug messages about thread creation and deletion. - set debug linux-nat on|off - show debug linux-nat These new commands replaced the old 'set debug lin-lwp' and 'show debug lin-lwp' respectively. Turning this setting on prints debug messages relating to GDB's handling of native Linux inferiors. - maint flush source-cache Flush the contents of the source code cache. - maint set gnu-source-highlight enabled on|off - maint show gnu-source-highlight enabled Whether GDB should use the GNU Source Highlight library for adding styling to source code. When off, the library will not be used, even when available. When GNU Source Highlight isn't used, or can't add styling to a particular source file, then the Python Pygments library will be used instead. - set suppress-cli-notifications (on|off) - show suppress-cli-notifications This controls whether printing the notifications is suppressed for CLI. CLI notifications occur when you change the selected context (i.e., the current inferior, thread and/or the frame), or when the program being debugged stops (e.g., because of hitting a breakpoint, completing source-stepping, an interrupt, etc.). - set style disassembler enabled on|off - show style disassembler enabled If GDB is compiled with Python support, and the Python Pygments package is available, then, when this setting is on, disassembler output will have styling applied. - set ada source-charset - show ada source-charset Set the character set encoding that is assumed for Ada symbols. Valid values for this follow the values that can be passed to the GNAT compiler via the '-gnati' option. The default is ISO-8859-1. * Changed commands: - print Printing of floating-point values with base-modifying formats like /x has been changed to display the underlying bytes of the value in the desired base. This was GDB's documented behavior, but was never implemented correctly. - maint packet This command can now print a reply, if the reply includes non-printable characters. Any non-printable characters are printed as escaped hex, e.g. \x?? where '??' is replaces with the value of the non-printable character. - clone-inferior The clone-inferior command now ensures that the TTY, CMD and ARGS settings are copied from the original inferior to the new one. All modifications to the environment variables done using the 'set environment' or 'unset environment' commands are also copied to the new inferior. - set debug lin-lwp on|off - show debug lin-lwp These commands have been removed from GDB. The new command 'set debug linux-nat' and 'show debug linux-nat' should be used instead. - info win This command now includes information about the width of the tui windows in its output. * GDB's Ada parser now supports an extension for specifying the exact byte contents of a floating-point literal. This can be useful for setting floating-point registers to a precise value without loss of precision. The syntax is an extension of the based literal syntax. Use, e.g., '16lf#0123abcd#' -- the number of 'l's controls the width of the floating-point type, and the 'f' is the marker for floating point. * MI changes: ** The '-add-inferior' with no option flags now inherits the connection of the current inferior, this restores the behaviour of GDB as it was prior to GDB 10. ** The '-add-inferior' command now accepts a '--no-connection' option, which causes the new inferior to start without a connection. * Python API: ** New function gdb.add_history(), which takes a gdb.Value object and adds the value it represents to GDB's history list. An integer, the index of the new item in the history list, is returned. ** New function gdb.history_count(), which returns the number of values in GDB's value history. ** New gdb.events.gdb_exiting event. This event is called with a gdb.GdbExitingEvent object which has the read-only attribute 'exit_code', which contains the value of the GDB exit code. This event is triggered once GDB decides it is going to exit, but before GDB starts to clean up its internal state. ** New function gdb.architecture_names(), which returns a list containing all of the possible Architecture.name() values. Each entry is a string. ** New function gdb.Architecture.integer_type(), which returns an integer type given a size and a signed-ness. ** New gdb.TargetConnection object type that represents a connection (as displayed by the 'info connections' command). A sub-class, gdb.RemoteTargetConnection, is used to represent 'remote' and 'extended-remote' connections. ** The gdb.Inferior type now has a 'connection' property which is an instance of gdb.TargetConnection, the connection used by this inferior. This can be None if the inferior has no connection. ** New 'gdb.events.connection_removed' event registry, which emits a 'gdb.ConnectionEvent' when a connection is removed from GDB. This event has a 'connection' property, a gdb.TargetConnection object for the connection being removed. ** New gdb.connections() function that returns a list of all currently active connections. ** New gdb.RemoteTargetConnection.send_packet(PACKET) method. This is equivalent to the existing 'maint packet' CLI command; it allows a user specified packet to be sent to the remote target. ** New function gdb.host_charset(), returns a string, which is the name of the current host charset. ** New gdb.set_parameter(NAME, VALUE). This sets the gdb parameter NAME to VALUE. ** New gdb.with_parameter(NAME, VALUE). This returns a context manager that temporarily sets the gdb parameter NAME to VALUE, then resets it when the context is exited. ** The gdb.Value.format_string method now takes a 'styling' argument, which is a boolean. When true, the returned string can include escape sequences to apply styling. The styling will only be present if styling is otherwise turned on in GDB (see 'help set styling'). When false, which is the default if the argument is not given, then no styling is applied to the returned string. ** New read-only attribute gdb.InferiorThread.details, which is either a string, containing additional, target specific thread state information, or None, if there is no such additional information. ** New read-only attribute gdb.Type.is_scalar, which is True for scalar types, and False for all other types. ** New read-only attribute gdb.Type.is_signed. This attribute should only be read when Type.is_scalar is True, and will be True for signed types, and False for all other types. Attempting to read this attribute for non-scalar types will raise a ValueError. ** It is now possible to add GDB/MI commands implemented in Python. Update libipt to v2.0.5. The following package changes have been done: - libsource-highlight4-3.1.8-150000.3.4.1 updated From sle-updates at lists.suse.com Wed Apr 12 07:04:20 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 12 Apr 2023 09:04:20 +0200 (CEST) Subject: SUSE-CU-2023:1065-1: Recommended update of suse/sle-micro/5.4/toolbox Message-ID: <20230412070420.54165F36E@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.4/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1065-1 Container Tags : suse/sle-micro/5.4/toolbox:12.1 , suse/sle-micro/5.4/toolbox:12.1-4.2.5 , suse/sle-micro/5.4/toolbox:latest Container Release : 4.2.5 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container suse/sle-micro/5.4/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1808-1 Released: Tue Apr 11 11:33:51 2023 Summary: Recommended update for gdb Type: recommended Severity: moderate References: gdb was updated to version 12.1: * DBX mode is deprecated, and will be removed in GDB 13. * GDB 12 is the last release of GDB that will support building against Python 2. From GDB 13, it will only be possible to build GDB itself with Python 3 support. * Improved C++ template support: GDB now treats functions/types involving C++ templates like it does function overloads. Users may omit parameter lists to set breakpoints on families of template functions, including types/functions composed of multiple template types: (gdb) break template_func(template_1, int) The above will set breakpoints at every function `template_func' where the first function parameter is any template type named `template_1' and the second function parameter is `int'. TAB completion also gains similar improvements. * New commands: - maint set backtrace-on-fatal-signal on|off - maint show backtrace-on-fatal-signal This setting is 'on' by default. When 'on' GDB will print a limited backtrace to stderr in the situation where GDB terminates with a fatal signal. This only supported on some platforms where the backtrace and backtrace_symbols_fd functions are available. - set source open on|off - show source open This setting, which is on by default, controls whether GDB will try to open source code files. Switching this off will stop GDB trying to open and read source code files, which can be useful if the files are located over a slow network connection. - set varsize-limit - show varsize-limit These are now deprecated aliases for 'set max-value-size' and 'show max-value-size'. - task apply [all | TASK-IDS...] [FLAG]... COMMAND Like 'thread apply', but applies COMMAND to Ada tasks. - watch [...] task ID Watchpoints can now be restricted to a specific Ada task. - maint set internal-error backtrace on|off - maint show internal-error backtrace - maint set internal-warning backtrace on|off - maint show internal-warning backtrace GDB can now print a backtrace of itself when it encounters either an internal-error, or an internal-warning. This is on by default for internal-error and off by default for internal-warning. - set logging on|off Deprecated and replaced by 'set logging enabled on|off'. - set logging enabled on|off - show logging enabled These commands set or show whether logging is enabled or disabled. - exit You can now exit GDB by using the new command 'exit', in addition to the existing 'quit' command. - set debug threads on|off - show debug threads Print additional debug messages about thread creation and deletion. - set debug linux-nat on|off - show debug linux-nat These new commands replaced the old 'set debug lin-lwp' and 'show debug lin-lwp' respectively. Turning this setting on prints debug messages relating to GDB's handling of native Linux inferiors. - maint flush source-cache Flush the contents of the source code cache. - maint set gnu-source-highlight enabled on|off - maint show gnu-source-highlight enabled Whether GDB should use the GNU Source Highlight library for adding styling to source code. When off, the library will not be used, even when available. When GNU Source Highlight isn't used, or can't add styling to a particular source file, then the Python Pygments library will be used instead. - set suppress-cli-notifications (on|off) - show suppress-cli-notifications This controls whether printing the notifications is suppressed for CLI. CLI notifications occur when you change the selected context (i.e., the current inferior, thread and/or the frame), or when the program being debugged stops (e.g., because of hitting a breakpoint, completing source-stepping, an interrupt, etc.). - set style disassembler enabled on|off - show style disassembler enabled If GDB is compiled with Python support, and the Python Pygments package is available, then, when this setting is on, disassembler output will have styling applied. - set ada source-charset - show ada source-charset Set the character set encoding that is assumed for Ada symbols. Valid values for this follow the values that can be passed to the GNAT compiler via the '-gnati' option. The default is ISO-8859-1. * Changed commands: - print Printing of floating-point values with base-modifying formats like /x has been changed to display the underlying bytes of the value in the desired base. This was GDB's documented behavior, but was never implemented correctly. - maint packet This command can now print a reply, if the reply includes non-printable characters. Any non-printable characters are printed as escaped hex, e.g. \x?? where '??' is replaces with the value of the non-printable character. - clone-inferior The clone-inferior command now ensures that the TTY, CMD and ARGS settings are copied from the original inferior to the new one. All modifications to the environment variables done using the 'set environment' or 'unset environment' commands are also copied to the new inferior. - set debug lin-lwp on|off - show debug lin-lwp These commands have been removed from GDB. The new command 'set debug linux-nat' and 'show debug linux-nat' should be used instead. - info win This command now includes information about the width of the tui windows in its output. * GDB's Ada parser now supports an extension for specifying the exact byte contents of a floating-point literal. This can be useful for setting floating-point registers to a precise value without loss of precision. The syntax is an extension of the based literal syntax. Use, e.g., '16lf#0123abcd#' -- the number of 'l's controls the width of the floating-point type, and the 'f' is the marker for floating point. * MI changes: ** The '-add-inferior' with no option flags now inherits the connection of the current inferior, this restores the behaviour of GDB as it was prior to GDB 10. ** The '-add-inferior' command now accepts a '--no-connection' option, which causes the new inferior to start without a connection. * Python API: ** New function gdb.add_history(), which takes a gdb.Value object and adds the value it represents to GDB's history list. An integer, the index of the new item in the history list, is returned. ** New function gdb.history_count(), which returns the number of values in GDB's value history. ** New gdb.events.gdb_exiting event. This event is called with a gdb.GdbExitingEvent object which has the read-only attribute 'exit_code', which contains the value of the GDB exit code. This event is triggered once GDB decides it is going to exit, but before GDB starts to clean up its internal state. ** New function gdb.architecture_names(), which returns a list containing all of the possible Architecture.name() values. Each entry is a string. ** New function gdb.Architecture.integer_type(), which returns an integer type given a size and a signed-ness. ** New gdb.TargetConnection object type that represents a connection (as displayed by the 'info connections' command). A sub-class, gdb.RemoteTargetConnection, is used to represent 'remote' and 'extended-remote' connections. ** The gdb.Inferior type now has a 'connection' property which is an instance of gdb.TargetConnection, the connection used by this inferior. This can be None if the inferior has no connection. ** New 'gdb.events.connection_removed' event registry, which emits a 'gdb.ConnectionEvent' when a connection is removed from GDB. This event has a 'connection' property, a gdb.TargetConnection object for the connection being removed. ** New gdb.connections() function that returns a list of all currently active connections. ** New gdb.RemoteTargetConnection.send_packet(PACKET) method. This is equivalent to the existing 'maint packet' CLI command; it allows a user specified packet to be sent to the remote target. ** New function gdb.host_charset(), returns a string, which is the name of the current host charset. ** New gdb.set_parameter(NAME, VALUE). This sets the gdb parameter NAME to VALUE. ** New gdb.with_parameter(NAME, VALUE). This returns a context manager that temporarily sets the gdb parameter NAME to VALUE, then resets it when the context is exited. ** The gdb.Value.format_string method now takes a 'styling' argument, which is a boolean. When true, the returned string can include escape sequences to apply styling. The styling will only be present if styling is otherwise turned on in GDB (see 'help set styling'). When false, which is the default if the argument is not given, then no styling is applied to the returned string. ** New read-only attribute gdb.InferiorThread.details, which is either a string, containing additional, target specific thread state information, or None, if there is no such additional information. ** New read-only attribute gdb.Type.is_scalar, which is True for scalar types, and False for all other types. ** New read-only attribute gdb.Type.is_signed. This attribute should only be read when Type.is_scalar is True, and will be True for signed types, and False for all other types. Attempting to read this attribute for non-scalar types will raise a ValueError. ** It is now possible to add GDB/MI commands implemented in Python. Update libipt to v2.0.5. The following package changes have been done: - libsource-highlight4-3.1.8-150000.3.4.1 updated From sle-updates at lists.suse.com Wed Apr 12 07:06:32 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 12 Apr 2023 09:06:32 +0200 (CEST) Subject: SUSE-CU-2023:1066-1: Recommended update of suse/sle15 Message-ID: <20230412070632.5EF80F36E@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1066-1 Container Tags : bci/bci-base:15.3 , bci/bci-base:15.3.17.20.122 , suse/sle15:15.3 , suse/sle15:15.3.17.20.122 Container Release : 17.20.122 Severity : important Type : recommended References : ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1805-1 Released: Tue Apr 11 10:12:41 2023 Summary: Recommended update for timezone Type: recommended Severity: important References: This update for timezone fixes the following issues: - Version update from 2022g to 2023c: * Egypt now uses DST again, from April through October. * This year Morocco springs forward April 23, not April 30. * Palestine delays the start of DST this year. * Much of Greenland still uses DST from 2024 on. * America/Yellowknife now links to America/Edmonton. * tzselect can now use current time to help infer timezone. * The code now defaults to C99 or later. The following package changes have been done: - timezone-2023c-150000.75.23.1 updated From sle-updates at lists.suse.com Wed Apr 12 07:07:16 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 12 Apr 2023 09:07:16 +0200 (CEST) Subject: SUSE-CU-2023:1067-1: Recommended update of suse/389-ds Message-ID: <20230412070716.71F81F36E@maintenance.suse.de> SUSE Container Update Advisory: suse/389-ds ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1067-1 Container Tags : suse/389-ds:2.0 , suse/389-ds:2.0-20.30 , suse/389-ds:latest Container Release : 20.30 Severity : important Type : recommended References : ----------------------------------------------------------------- The container suse/389-ds was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1805-1 Released: Tue Apr 11 10:12:41 2023 Summary: Recommended update for timezone Type: recommended Severity: important References: This update for timezone fixes the following issues: - Version update from 2022g to 2023c: * Egypt now uses DST again, from April through October. * This year Morocco springs forward April 23, not April 30. * Palestine delays the start of DST this year. * Much of Greenland still uses DST from 2024 on. * America/Yellowknife now links to America/Edmonton. * tzselect can now use current time to help infer timezone. * The code now defaults to C99 or later. The following package changes have been done: - timezone-2023c-150000.75.23.1 updated - container:sles15-image-15.0.0-27.14.50 updated From sle-updates at lists.suse.com Wed Apr 12 07:08:04 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 12 Apr 2023 09:08:04 +0200 (CEST) Subject: SUSE-CU-2023:1068-1: Recommended update of bci/dotnet-aspnet Message-ID: <20230412070804.8969BF36E@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1068-1 Container Tags : bci/dotnet-aspnet:6.0 , bci/dotnet-aspnet:6.0-30.18 , bci/dotnet-aspnet:6.0.15 , bci/dotnet-aspnet:6.0.15-30.18 Container Release : 30.18 Severity : important Type : recommended References : ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1805-1 Released: Tue Apr 11 10:12:41 2023 Summary: Recommended update for timezone Type: recommended Severity: important References: This update for timezone fixes the following issues: - Version update from 2022g to 2023c: * Egypt now uses DST again, from April through October. * This year Morocco springs forward April 23, not April 30. * Palestine delays the start of DST this year. * Much of Greenland still uses DST from 2024 on. * America/Yellowknife now links to America/Edmonton. * tzselect can now use current time to help infer timezone. * The code now defaults to C99 or later. The following package changes have been done: - timezone-2023c-150000.75.23.1 updated - container:sles15-image-15.0.0-27.14.50 updated From sle-updates at lists.suse.com Wed Apr 12 07:08:12 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 12 Apr 2023 09:08:12 +0200 (CEST) Subject: SUSE-CU-2023:1069-1: Recommended update of bci/dotnet-aspnet Message-ID: <20230412070812.A3056F36E@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1069-1 Container Tags : bci/dotnet-aspnet:7.0 , bci/dotnet-aspnet:7.0-10.18 , bci/dotnet-aspnet:7.0.4 , bci/dotnet-aspnet:7.0.4-10.18 , bci/dotnet-aspnet:latest Container Release : 10.18 Severity : important Type : recommended References : ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1805-1 Released: Tue Apr 11 10:12:41 2023 Summary: Recommended update for timezone Type: recommended Severity: important References: This update for timezone fixes the following issues: - Version update from 2022g to 2023c: * Egypt now uses DST again, from April through October. * This year Morocco springs forward April 23, not April 30. * Palestine delays the start of DST this year. * Much of Greenland still uses DST from 2024 on. * America/Yellowknife now links to America/Edmonton. * tzselect can now use current time to help infer timezone. * The code now defaults to C99 or later. The following package changes have been done: - timezone-2023c-150000.75.23.1 updated - container:sles15-image-15.0.0-27.14.50 updated From sle-updates at lists.suse.com Wed Apr 12 07:09:08 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 12 Apr 2023 09:09:08 +0200 (CEST) Subject: SUSE-CU-2023:1070-1: Recommended update of bci/dotnet-sdk Message-ID: <20230412070908.4593DF36E@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1070-1 Container Tags : bci/dotnet-sdk:6.0 , bci/dotnet-sdk:6.0-32.20 , bci/dotnet-sdk:6.0.15 , bci/dotnet-sdk:6.0.15-32.20 Container Release : 32.20 Severity : important Type : recommended References : ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1805-1 Released: Tue Apr 11 10:12:41 2023 Summary: Recommended update for timezone Type: recommended Severity: important References: This update for timezone fixes the following issues: - Version update from 2022g to 2023c: * Egypt now uses DST again, from April through October. * This year Morocco springs forward April 23, not April 30. * Palestine delays the start of DST this year. * Much of Greenland still uses DST from 2024 on. * America/Yellowknife now links to America/Edmonton. * tzselect can now use current time to help infer timezone. * The code now defaults to C99 or later. The following package changes have been done: - timezone-2023c-150000.75.23.1 updated From sle-updates at lists.suse.com Wed Apr 12 07:09:18 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 12 Apr 2023 09:09:18 +0200 (CEST) Subject: SUSE-CU-2023:1071-1: Recommended update of bci/dotnet-sdk Message-ID: <20230412070918.305A3F36E@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1071-1 Container Tags : bci/dotnet-sdk:7.0 , bci/dotnet-sdk:7.0-10.20 , bci/dotnet-sdk:7.0.4 , bci/dotnet-sdk:7.0.4-10.20 , bci/dotnet-sdk:latest Container Release : 10.20 Severity : important Type : recommended References : ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1805-1 Released: Tue Apr 11 10:12:41 2023 Summary: Recommended update for timezone Type: recommended Severity: important References: This update for timezone fixes the following issues: - Version update from 2022g to 2023c: * Egypt now uses DST again, from April through October. * This year Morocco springs forward April 23, not April 30. * Palestine delays the start of DST this year. * Much of Greenland still uses DST from 2024 on. * America/Yellowknife now links to America/Edmonton. * tzselect can now use current time to help infer timezone. * The code now defaults to C99 or later. The following package changes have been done: - timezone-2023c-150000.75.23.1 updated From sle-updates at lists.suse.com Wed Apr 12 07:10:05 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 12 Apr 2023 09:10:05 +0200 (CEST) Subject: SUSE-CU-2023:1072-1: Recommended update of bci/dotnet-runtime Message-ID: <20230412071005.6B992F36E@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1072-1 Container Tags : bci/dotnet-runtime:6.0 , bci/dotnet-runtime:6.0-29.19 , bci/dotnet-runtime:6.0.15 , bci/dotnet-runtime:6.0.15-29.19 Container Release : 29.19 Severity : important Type : recommended References : ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1805-1 Released: Tue Apr 11 10:12:41 2023 Summary: Recommended update for timezone Type: recommended Severity: important References: This update for timezone fixes the following issues: - Version update from 2022g to 2023c: * Egypt now uses DST again, from April through October. * This year Morocco springs forward April 23, not April 30. * Palestine delays the start of DST this year. * Much of Greenland still uses DST from 2024 on. * America/Yellowknife now links to America/Edmonton. * tzselect can now use current time to help infer timezone. * The code now defaults to C99 or later. The following package changes have been done: - timezone-2023c-150000.75.23.1 updated From sle-updates at lists.suse.com Wed Apr 12 07:10:13 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 12 Apr 2023 09:10:13 +0200 (CEST) Subject: SUSE-CU-2023:1073-1: Recommended update of bci/dotnet-runtime Message-ID: <20230412071013.03046F36E@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1073-1 Container Tags : bci/dotnet-runtime:7.0 , bci/dotnet-runtime:7.0-10.19 , bci/dotnet-runtime:7.0.4 , bci/dotnet-runtime:7.0.4-10.19 , bci/dotnet-runtime:latest Container Release : 10.19 Severity : important Type : recommended References : ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1805-1 Released: Tue Apr 11 10:12:41 2023 Summary: Recommended update for timezone Type: recommended Severity: important References: This update for timezone fixes the following issues: - Version update from 2022g to 2023c: * Egypt now uses DST again, from April through October. * This year Morocco springs forward April 23, not April 30. * Palestine delays the start of DST this year. * Much of Greenland still uses DST from 2024 on. * America/Yellowknife now links to America/Edmonton. * tzselect can now use current time to help infer timezone. * The code now defaults to C99 or later. The following package changes have been done: - timezone-2023c-150000.75.23.1 updated From sle-updates at lists.suse.com Wed Apr 12 07:10:44 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 12 Apr 2023 09:10:44 +0200 (CEST) Subject: SUSE-CU-2023:1074-1: Recommended update of bci/golang Message-ID: <20230412071044.7C59DF36E@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1074-1 Container Tags : bci/golang:1.19 , bci/golang:1.19-22.24 Container Release : 22.24 Severity : important Type : recommended References : ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1805-1 Released: Tue Apr 11 10:12:41 2023 Summary: Recommended update for timezone Type: recommended Severity: important References: This update for timezone fixes the following issues: - Version update from 2022g to 2023c: * Egypt now uses DST again, from April through October. * This year Morocco springs forward April 23, not April 30. * Palestine delays the start of DST this year. * Much of Greenland still uses DST from 2024 on. * America/Yellowknife now links to America/Edmonton. * tzselect can now use current time to help infer timezone. * The code now defaults to C99 or later. The following package changes have been done: - timezone-2023c-150000.75.23.1 updated - container:sles15-image-15.0.0-27.14.50 updated From sle-updates at lists.suse.com Wed Apr 12 07:10:49 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 12 Apr 2023 09:10:49 +0200 (CEST) Subject: SUSE-CU-2023:1075-1: Recommended update of bci/golang Message-ID: <20230412071049.ACBE1F36E@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1075-1 Container Tags : bci/golang:1.20 , bci/golang:1.20-2.23 , bci/golang:latest Container Release : 2.23 Severity : important Type : recommended References : ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1805-1 Released: Tue Apr 11 10:12:41 2023 Summary: Recommended update for timezone Type: recommended Severity: important References: This update for timezone fixes the following issues: - Version update from 2022g to 2023c: * Egypt now uses DST again, from April through October. * This year Morocco springs forward April 23, not April 30. * Palestine delays the start of DST this year. * Much of Greenland still uses DST from 2024 on. * America/Yellowknife now links to America/Edmonton. * tzselect can now use current time to help infer timezone. * The code now defaults to C99 or later. The following package changes have been done: - timezone-2023c-150000.75.23.1 updated From sle-updates at lists.suse.com Wed Apr 12 07:11:33 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 12 Apr 2023 09:11:33 +0200 (CEST) Subject: SUSE-CU-2023:1076-1: Recommended update of bci/bci-init Message-ID: <20230412071133.853F3F36E@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1076-1 Container Tags : bci/bci-init:15.4 , bci/bci-init:15.4.26.28 , bci/bci-init:latest Container Release : 26.28 Severity : important Type : recommended References : ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1805-1 Released: Tue Apr 11 10:12:41 2023 Summary: Recommended update for timezone Type: recommended Severity: important References: This update for timezone fixes the following issues: - Version update from 2022g to 2023c: * Egypt now uses DST again, from April through October. * This year Morocco springs forward April 23, not April 30. * Palestine delays the start of DST this year. * Much of Greenland still uses DST from 2024 on. * America/Yellowknife now links to America/Edmonton. * tzselect can now use current time to help infer timezone. * The code now defaults to C99 or later. The following package changes have been done: - timezone-2023c-150000.75.23.1 updated - container:sles15-image-15.0.0-27.14.50 updated From sle-updates at lists.suse.com Wed Apr 12 07:12:18 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 12 Apr 2023 09:12:18 +0200 (CEST) Subject: SUSE-CU-2023:1077-1: Recommended update of bci/nodejs Message-ID: <20230412071218.5C9E8F36E@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1077-1 Container Tags : bci/node:14 , bci/node:14-37.26 , bci/nodejs:14 , bci/nodejs:14-37.26 Container Release : 37.26 Severity : important Type : recommended References : ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1805-1 Released: Tue Apr 11 10:12:41 2023 Summary: Recommended update for timezone Type: recommended Severity: important References: This update for timezone fixes the following issues: - Version update from 2022g to 2023c: * Egypt now uses DST again, from April through October. * This year Morocco springs forward April 23, not April 30. * Palestine delays the start of DST this year. * Much of Greenland still uses DST from 2024 on. * America/Yellowknife now links to America/Edmonton. * tzselect can now use current time to help infer timezone. * The code now defaults to C99 or later. The following package changes have been done: - timezone-2023c-150000.75.23.1 updated From sle-updates at lists.suse.com Wed Apr 12 07:12:55 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 12 Apr 2023 09:12:55 +0200 (CEST) Subject: SUSE-CU-2023:1078-1: Recommended update of bci/nodejs Message-ID: <20230412071255.3BD24F36E@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1078-1 Container Tags : bci/node:16 , bci/node:16-15.25 , bci/nodejs:16 , bci/nodejs:16-15.25 Container Release : 15.25 Severity : important Type : recommended References : ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1805-1 Released: Tue Apr 11 10:12:41 2023 Summary: Recommended update for timezone Type: recommended Severity: important References: This update for timezone fixes the following issues: - Version update from 2022g to 2023c: * Egypt now uses DST again, from April through October. * This year Morocco springs forward April 23, not April 30. * Palestine delays the start of DST this year. * Much of Greenland still uses DST from 2024 on. * America/Yellowknife now links to America/Edmonton. * tzselect can now use current time to help infer timezone. * The code now defaults to C99 or later. The following package changes have been done: - timezone-2023c-150000.75.23.1 updated From sle-updates at lists.suse.com Wed Apr 12 07:13:05 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 12 Apr 2023 09:13:05 +0200 (CEST) Subject: SUSE-CU-2023:1079-1: Recommended update of bci/nodejs Message-ID: <20230412071305.C26B6F36E@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1079-1 Container Tags : bci/node:18 , bci/node:18-3.24 , bci/node:latest , bci/nodejs:18 , bci/nodejs:18-3.24 , bci/nodejs:latest Container Release : 3.24 Severity : important Type : recommended References : ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1805-1 Released: Tue Apr 11 10:12:41 2023 Summary: Recommended update for timezone Type: recommended Severity: important References: This update for timezone fixes the following issues: - Version update from 2022g to 2023c: * Egypt now uses DST again, from April through October. * This year Morocco springs forward April 23, not April 30. * Palestine delays the start of DST this year. * Much of Greenland still uses DST from 2024 on. * America/Yellowknife now links to America/Edmonton. * tzselect can now use current time to help infer timezone. * The code now defaults to C99 or later. The following package changes have been done: - timezone-2023c-150000.75.23.1 updated From sle-updates at lists.suse.com Wed Apr 12 07:14:01 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 12 Apr 2023 09:14:01 +0200 (CEST) Subject: SUSE-CU-2023:1080-1: Recommended update of bci/openjdk-devel Message-ID: <20230412071401.5AB5FF36E@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1080-1 Container Tags : bci/openjdk-devel:11 , bci/openjdk-devel:11-39.48 Container Release : 39.48 Severity : important Type : recommended References : ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1805-1 Released: Tue Apr 11 10:12:41 2023 Summary: Recommended update for timezone Type: recommended Severity: important References: This update for timezone fixes the following issues: - Version update from 2022g to 2023c: * Egypt now uses DST again, from April through October. * This year Morocco springs forward April 23, not April 30. * Palestine delays the start of DST this year. * Much of Greenland still uses DST from 2024 on. * America/Yellowknife now links to America/Edmonton. * tzselect can now use current time to help infer timezone. * The code now defaults to C99 or later. The following package changes have been done: - timezone-2023c-150000.75.23.1 updated - container:bci-openjdk-11-15.4.11-35.24 updated From sle-updates at lists.suse.com Wed Apr 12 07:14:48 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 12 Apr 2023 09:14:48 +0200 (CEST) Subject: SUSE-CU-2023:1081-1: Recommended update of bci/openjdk Message-ID: <20230412071448.DD50FF36E@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1081-1 Container Tags : bci/openjdk:11 , bci/openjdk:11-35.24 Container Release : 35.24 Severity : important Type : recommended References : ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1805-1 Released: Tue Apr 11 10:12:41 2023 Summary: Recommended update for timezone Type: recommended Severity: important References: This update for timezone fixes the following issues: - Version update from 2022g to 2023c: * Egypt now uses DST again, from April through October. * This year Morocco springs forward April 23, not April 30. * Palestine delays the start of DST this year. * Much of Greenland still uses DST from 2024 on. * America/Yellowknife now links to America/Edmonton. * tzselect can now use current time to help infer timezone. * The code now defaults to C99 or later. The following package changes have been done: - timezone-2023c-150000.75.23.1 updated From sle-updates at lists.suse.com Wed Apr 12 07:15:17 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 12 Apr 2023 09:15:17 +0200 (CEST) Subject: SUSE-CU-2023:1082-1: Recommended update of bci/openjdk-devel Message-ID: <20230412071517.1C563F36E@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1082-1 Container Tags : bci/openjdk-devel:17 , bci/openjdk-devel:17-14.49 , bci/openjdk-devel:latest Container Release : 14.49 Severity : important Type : recommended References : ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1805-1 Released: Tue Apr 11 10:12:41 2023 Summary: Recommended update for timezone Type: recommended Severity: important References: This update for timezone fixes the following issues: - Version update from 2022g to 2023c: * Egypt now uses DST again, from April through October. * This year Morocco springs forward April 23, not April 30. * Palestine delays the start of DST this year. * Much of Greenland still uses DST from 2024 on. * America/Yellowknife now links to America/Edmonton. * tzselect can now use current time to help infer timezone. * The code now defaults to C99 or later. The following package changes have been done: - timezone-2023c-150000.75.23.1 updated - container:bci-openjdk-17-15.4.17-13.25 updated From sle-updates at lists.suse.com Wed Apr 12 07:15:37 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 12 Apr 2023 09:15:37 +0200 (CEST) Subject: SUSE-CU-2023:1083-1: Recommended update of bci/openjdk Message-ID: <20230412071537.33891F36E@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1083-1 Container Tags : bci/openjdk:17 , bci/openjdk:17-13.25 , bci/openjdk:latest Container Release : 13.25 Severity : important Type : recommended References : ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1805-1 Released: Tue Apr 11 10:12:41 2023 Summary: Recommended update for timezone Type: recommended Severity: important References: This update for timezone fixes the following issues: - Version update from 2022g to 2023c: * Egypt now uses DST again, from April through October. * This year Morocco springs forward April 23, not April 30. * Palestine delays the start of DST this year. * Much of Greenland still uses DST from 2024 on. * America/Yellowknife now links to America/Edmonton. * tzselect can now use current time to help infer timezone. * The code now defaults to C99 or later. The following package changes have been done: - timezone-2023c-150000.75.23.1 updated From sle-updates at lists.suse.com Wed Apr 12 07:15:42 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 12 Apr 2023 09:15:42 +0200 (CEST) Subject: SUSE-CU-2023:1084-1: Recommended update of bci/php-apache Message-ID: <20230412071542.2EDBBF36E@maintenance.suse.de> SUSE Container Update Advisory: bci/php-apache ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1084-1 Container Tags : bci/php-apache:8 , bci/php-apache:8-2.23 Container Release : 2.23 Severity : important Type : recommended References : ----------------------------------------------------------------- The container bci/php-apache was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1805-1 Released: Tue Apr 11 10:12:41 2023 Summary: Recommended update for timezone Type: recommended Severity: important References: This update for timezone fixes the following issues: - Version update from 2022g to 2023c: * Egypt now uses DST again, from April through October. * This year Morocco springs forward April 23, not April 30. * Palestine delays the start of DST this year. * Much of Greenland still uses DST from 2024 on. * America/Yellowknife now links to America/Edmonton. * tzselect can now use current time to help infer timezone. * The code now defaults to C99 or later. The following package changes have been done: - timezone-2023c-150000.75.23.1 updated From sle-updates at lists.suse.com Wed Apr 12 07:26:51 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 12 Apr 2023 09:26:51 +0200 (CEST) Subject: SUSE-CU-2023:1084-1: Recommended update of bci/php-apache Message-ID: <20230412072651.97EB8F36E@maintenance.suse.de> SUSE Container Update Advisory: bci/php-apache ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1084-1 Container Tags : bci/php-apache:8 , bci/php-apache:8-2.23 Container Release : 2.23 Severity : important Type : recommended References : ----------------------------------------------------------------- The container bci/php-apache was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1805-1 Released: Tue Apr 11 10:12:41 2023 Summary: Recommended update for timezone Type: recommended Severity: important References: This update for timezone fixes the following issues: - Version update from 2022g to 2023c: * Egypt now uses DST again, from April through October. * This year Morocco springs forward April 23, not April 30. * Palestine delays the start of DST this year. * Much of Greenland still uses DST from 2024 on. * America/Yellowknife now links to America/Edmonton. * tzselect can now use current time to help infer timezone. * The code now defaults to C99 or later. The following package changes have been done: - timezone-2023c-150000.75.23.1 updated From sle-updates at lists.suse.com Wed Apr 12 07:26:55 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 12 Apr 2023 09:26:55 +0200 (CEST) Subject: SUSE-CU-2023:1085-1: Recommended update of bci/php-fpm Message-ID: <20230412072655.3B804F36E@maintenance.suse.de> SUSE Container Update Advisory: bci/php-fpm ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1085-1 Container Tags : bci/php-fpm:8 , bci/php-fpm:8-2.22 Container Release : 2.22 Severity : important Type : recommended References : ----------------------------------------------------------------- The container bci/php-fpm was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1805-1 Released: Tue Apr 11 10:12:41 2023 Summary: Recommended update for timezone Type: recommended Severity: important References: This update for timezone fixes the following issues: - Version update from 2022g to 2023c: * Egypt now uses DST again, from April through October. * This year Morocco springs forward April 23, not April 30. * Palestine delays the start of DST this year. * Much of Greenland still uses DST from 2024 on. * America/Yellowknife now links to America/Edmonton. * tzselect can now use current time to help infer timezone. * The code now defaults to C99 or later. The following package changes have been done: - timezone-2023c-150000.75.23.1 updated From sle-updates at lists.suse.com Wed Apr 12 07:26:59 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 12 Apr 2023 09:26:59 +0200 (CEST) Subject: SUSE-CU-2023:1086-1: Recommended update of bci/php Message-ID: <20230412072659.5800AF36E@maintenance.suse.de> SUSE Container Update Advisory: bci/php ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1086-1 Container Tags : bci/php:8 , bci/php:8-2.22 Container Release : 2.22 Severity : important Type : recommended References : ----------------------------------------------------------------- The container bci/php was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1805-1 Released: Tue Apr 11 10:12:41 2023 Summary: Recommended update for timezone Type: recommended Severity: important References: This update for timezone fixes the following issues: - Version update from 2022g to 2023c: * Egypt now uses DST again, from April through October. * This year Morocco springs forward April 23, not April 30. * Palestine delays the start of DST this year. * Much of Greenland still uses DST from 2024 on. * America/Yellowknife now links to America/Edmonton. * tzselect can now use current time to help infer timezone. * The code now defaults to C99 or later. The following package changes have been done: - timezone-2023c-150000.75.23.1 updated From sle-updates at lists.suse.com Wed Apr 12 07:27:37 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 12 Apr 2023 09:27:37 +0200 (CEST) Subject: SUSE-CU-2023:1087-1: Recommended update of bci/python Message-ID: <20230412072737.C875DF36E@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1087-1 Container Tags : bci/python:3 , bci/python:3-12.22 , bci/python:3.10 , bci/python:3.10-12.22 , bci/python:latest Container Release : 12.22 Severity : important Type : recommended References : ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1805-1 Released: Tue Apr 11 10:12:41 2023 Summary: Recommended update for timezone Type: recommended Severity: important References: This update for timezone fixes the following issues: - Version update from 2022g to 2023c: * Egypt now uses DST again, from April through October. * This year Morocco springs forward April 23, not April 30. * Palestine delays the start of DST this year. * Much of Greenland still uses DST from 2024 on. * America/Yellowknife now links to America/Edmonton. * tzselect can now use current time to help infer timezone. * The code now defaults to C99 or later. The following package changes have been done: - timezone-2023c-150000.75.23.1 updated From sle-updates at lists.suse.com Wed Apr 12 07:28:19 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 12 Apr 2023 09:28:19 +0200 (CEST) Subject: SUSE-CU-2023:1088-1: Recommended update of bci/python Message-ID: <20230412072819.97B76F36E@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1088-1 Container Tags : bci/python:3 , bci/python:3-35.23 , bci/python:3.6 , bci/python:3.6-35.23 Container Release : 35.23 Severity : important Type : recommended References : ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1805-1 Released: Tue Apr 11 10:12:41 2023 Summary: Recommended update for timezone Type: recommended Severity: important References: This update for timezone fixes the following issues: - Version update from 2022g to 2023c: * Egypt now uses DST again, from April through October. * This year Morocco springs forward April 23, not April 30. * Palestine delays the start of DST this year. * Much of Greenland still uses DST from 2024 on. * America/Yellowknife now links to America/Edmonton. * tzselect can now use current time to help infer timezone. * The code now defaults to C99 or later. The following package changes have been done: - timezone-2023c-150000.75.23.1 updated From sle-updates at lists.suse.com Wed Apr 12 07:28:59 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 12 Apr 2023 09:28:59 +0200 (CEST) Subject: SUSE-CU-2023:1089-1: Recommended update of bci/ruby Message-ID: <20230412072859.C3142F36E@maintenance.suse.de> SUSE Container Update Advisory: bci/ruby ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1089-1 Container Tags : bci/ruby:2 , bci/ruby:2-34.22 , bci/ruby:2.5 , bci/ruby:2.5-34.22 , bci/ruby:latest Container Release : 34.22 Severity : important Type : recommended References : ----------------------------------------------------------------- The container bci/ruby was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1805-1 Released: Tue Apr 11 10:12:41 2023 Summary: Recommended update for timezone Type: recommended Severity: important References: This update for timezone fixes the following issues: - Version update from 2022g to 2023c: * Egypt now uses DST again, from April through October. * This year Morocco springs forward April 23, not April 30. * Palestine delays the start of DST this year. * Much of Greenland still uses DST from 2024 on. * America/Yellowknife now links to America/Edmonton. * tzselect can now use current time to help infer timezone. * The code now defaults to C99 or later. The following package changes have been done: - timezone-2023c-150000.75.23.1 updated From sle-updates at lists.suse.com Wed Apr 12 07:29:13 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 12 Apr 2023 09:29:13 +0200 (CEST) Subject: SUSE-CU-2023:1090-1: Recommended update of bci/rust Message-ID: <20230412072913.387A3F36E@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1090-1 Container Tags : bci/rust:1.66 , bci/rust:1.66-4.22 Container Release : 4.22 Severity : important Type : recommended References : ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1805-1 Released: Tue Apr 11 10:12:41 2023 Summary: Recommended update for timezone Type: recommended Severity: important References: This update for timezone fixes the following issues: - Version update from 2022g to 2023c: * Egypt now uses DST again, from April through October. * This year Morocco springs forward April 23, not April 30. * Palestine delays the start of DST this year. * Much of Greenland still uses DST from 2024 on. * America/Yellowknife now links to America/Edmonton. * tzselect can now use current time to help infer timezone. * The code now defaults to C99 or later. The following package changes have been done: - timezone-2023c-150000.75.23.1 updated From sle-updates at lists.suse.com Wed Apr 12 07:29:20 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 12 Apr 2023 09:29:20 +0200 (CEST) Subject: SUSE-CU-2023:1091-1: Recommended update of bci/rust Message-ID: <20230412072920.C1861F36E@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1091-1 Container Tags : bci/rust:1.67 , bci/rust:1.67-3.21 , bci/rust:latest Container Release : 3.21 Severity : important Type : recommended References : ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1805-1 Released: Tue Apr 11 10:12:41 2023 Summary: Recommended update for timezone Type: recommended Severity: important References: This update for timezone fixes the following issues: - Version update from 2022g to 2023c: * Egypt now uses DST again, from April through October. * This year Morocco springs forward April 23, not April 30. * Palestine delays the start of DST this year. * Much of Greenland still uses DST from 2024 on. * America/Yellowknife now links to America/Edmonton. * tzselect can now use current time to help infer timezone. * The code now defaults to C99 or later. The following package changes have been done: - timezone-2023c-150000.75.23.1 updated From sle-updates at lists.suse.com Wed Apr 12 07:29:54 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 12 Apr 2023 09:29:54 +0200 (CEST) Subject: SUSE-CU-2023:1092-1: Recommended update of suse/sle15 Message-ID: <20230412072954.B6FC2F36E@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1092-1 Container Tags : bci/bci-base:15.4 , bci/bci-base:15.4.27.14.50 , suse/sle15:15.4 , suse/sle15:15.4.27.14.50 Container Release : 27.14.50 Severity : important Type : recommended References : ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1805-1 Released: Tue Apr 11 10:12:41 2023 Summary: Recommended update for timezone Type: recommended Severity: important References: This update for timezone fixes the following issues: - Version update from 2022g to 2023c: * Egypt now uses DST again, from April through October. * This year Morocco springs forward April 23, not April 30. * Palestine delays the start of DST this year. * Much of Greenland still uses DST from 2024 on. * America/Yellowknife now links to America/Edmonton. * tzselect can now use current time to help infer timezone. * The code now defaults to C99 or later. The following package changes have been done: - timezone-2023c-150000.75.23.1 updated From sle-updates at lists.suse.com Wed Apr 12 07:30:13 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 12 Apr 2023 09:30:13 +0200 (CEST) Subject: SUSE-CU-2023:1093-1: Recommended update of bci/bci-init Message-ID: <20230412073013.8D40EF36E@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1093-1 Container Tags : bci/bci-init:15.5 , bci/bci-init:15.5.4.65 Container Release : 4.65 Severity : important Type : recommended References : ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1805-1 Released: Tue Apr 11 10:12:41 2023 Summary: Recommended update for timezone Type: recommended Severity: important References: This update for timezone fixes the following issues: - Version update from 2022g to 2023c: * Egypt now uses DST again, from April through October. * This year Morocco springs forward April 23, not April 30. * Palestine delays the start of DST this year. * Much of Greenland still uses DST from 2024 on. * America/Yellowknife now links to America/Edmonton. * tzselect can now use current time to help infer timezone. * The code now defaults to C99 or later. The following package changes have been done: - timezone-2023c-150000.75.23.1 updated From sle-updates at lists.suse.com Wed Apr 12 07:30:43 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 12 Apr 2023 09:30:43 +0200 (CEST) Subject: SUSE-CU-2023:1095-1: Security update of suse/sle-micro/5.1/toolbox Message-ID: <20230412073043.69F7EF36E@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.1/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1095-1 Container Tags : suse/sle-micro/5.1/toolbox:12.1 , suse/sle-micro/5.1/toolbox:12.1-2.2.372 , suse/sle-micro/5.1/toolbox:latest Container Release : 2.2.372 Severity : important Type : security References : 1041090 1049382 1116658 1136234 1155141 1173404 1173409 1173410 1173471 1174465 1176547 1177955 1178807 1178943 1178944 1179025 1179203 1181122 1181644 1181872 1182790 1193951 1199140 1206543 CVE-2020-21913 CVE-2022-4515 ----------------------------------------------------------------- The container suse/sle-micro/5.1/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:927-1 Released: Tue Mar 23 14:07:06 2021 Summary: Recommended update for libreoffice Type: recommended Severity: moderate References: 1041090,1049382,1116658,1136234,1155141,1173404,1173409,1173410,1173471,1174465,1176547,1177955,1178807,1178943,1178944,1179025,1179203,1181122,1181644,1181872,1182790 This update for libreoffice provides the upgrade from version 6.4.5.2 to 7.1.1.2 (jsc#ECO-3150, bsc#1182790) libreoffice: - Image shown with different aspect ratio (bsc#1176547) - Text changes are reproducibly lost on PPTX with SmartArt (bsc#1181644) - Adjust to new Box2D and enable KDE on SUSE Linux Enterprise 15-SP3 or newer (jsc#ECO-3375) - Wrong bullet points in Impress (bsc#1174465) - SmartArt: text wrongly aligned, background boxes not quite right (bsc#1177955) - Update the SUSE color palette to reflect the new SUSE branding. (bsc#1181122, bsc#1173471) - SUSE Mint - SUSE Midnight Blue - SUSE Waterhole Blue - SUSE Persimmon - Fix a crash opening a PPTX. (bsc#1179025) - Fix text box from PowerPoint renders vertically instead of horizontally (bsc#1178807) - Shadow effects for table completely missing (bsc#1178944, bsc#1178943) - Disable firebird integration for the time being (bsc#1179203) - Fixes hang on Writer on scrolling/saving of a document (bsc#1136234) - Wrong rendering of bulleted lists in PPTX document (bsc#1155141) - Sidebar: paragraph widget: numeric fields become inactive/unaccessible after saving (bsc#1173404) - Crash of Writer opening any document having 'invalid' python file in home directory (bsc#1116658) libixion: Update to 0.16.1: - fixed a build issue on 32-bit linux platforms, caused by slicing of integer string ID values. - worked around floating point rounding errors which prevented two theoretically-equal numeric values from being evaluated as equal in test code. - added new function to allow printing of single formula tokens. - added method for setting cached results on formula cells in model_context. - changed the model_context design to ensure that all sheets are of the same size. - added an accessor method to formula_model_access interface (and implicitly in model_context) that directly returns a string value from cell. - added cell_access class for querying of cell states without knowing its type ahead of time. - added document class which provides a layer on top of model_context, to abstract away the handling of formula calculations. - deprecated model_context::erase_cell() in favor of empty_cell(). - added support for 3D references - references that contain multiple sheets. - added support for the exponent (^) and concatenation (&) operators. - fixed incorrect handling of range references containing whole columns such as A:A. - added support for unordered range references - range references whose start row or column is greater than their end position counterparts, such as A3:A1. - fixed a bug that prevented nested formula functions from working properly. - implemented Calc A1 style reference resolver. - formula results now directly store the string values when the results are of string type. They previously stored string ID values after interning the original strings. - Removed build-time dependency on spdlog. libmwaw: Update to 0.3.17: - add a parser for Jazz(Lotus) writer and spreasheet files. The writer parser can only be called if the file still contains its resource fork - add a parser for Canvas 3 and 3.5 files - AppleWorks parser: try to retrieve more Windows presentation - add a parser for Drawing Table files - add a parser for Canvas 2 files - API: add new reserved enums in MWAWDocument.hxx `MWAW_T_RESERVED10..MWAW_T_RESERVED29` and add a new define in libmwaw.hxx `MWAW_INTERFACE_VERSION` to check if these enums are defined - remove the QuarkXPress parser (must be in libqxp) - retrieve the annotation in MsWord 5 document - try to better understand RagTime 5-6 document libnumbertext: Update to 1.0.6 liborcus: Update to 0.16.1 - Add upstream changes to fix build with GCC 11 (bsc#1181872) libstaroffice: Update to 0.0.7: - fix `text:sender-lastname` when creating meta-data libwps: Update to 0.4.11: - XYWrite: add a parser to .fil v2 and v4 files - wks,wk1: correct some problems when retrieving cell's reference. glfw: New package provided on version 3.3.2: - See also: https://www.glfw.org/changelog.html - Sort list of input files to geany for reproducible builds (bsc#1049382, bsc#1041090) * Require pkgconfig(gl) for the devel package to supply needed include GL/gl.h * glfwFocusWindow could terminate on older WMs or without a WM * Creating an undecorated window could fail with BadMatch * Querying a disconnected monitor could segfault * Video modes with a duplicate screen area were discarded * The CMake files did not check for the XInput headers * Key names were not updated when the keyboard layout changed * Decorations could not be enabled after window creation * Content scale fallback value could be inconsistent * Disabled cursor mode was interrupted by indicator windows * Monitor physical dimensions could be reported as zero mm * Window position events were not emitted during resizing * Added on-demand loading of Vulkan and context creation API libraries * [X11] Bugfix: Window size limits were ignored if the minimum or maximum size was set to `GLFW_DONT_CARE` * [X11] Bugfix: Input focus was set before window was visible, causing BadMatch on some non-reparenting WMs * [X11] Bugfix: glfwGetWindowPos and glfwSetWindowPos operated on the window frame instead of the client area * [WGL] Added reporting of errors from `WGL_ARB_create_context` extension * [EGL] Added lib prefix matching between EGL and OpenGL ES library binaries * [EGL] Bugfix: Dynamically loaded entry points were not verified - Made build of geany-tags optional. Box2D: New package provided on version 2.4.1: * Extended distance joint to have a minimum and maximum limit. * `B2_USER_SETTINGS` and `b2_user_settings.h` can control user data, length units, and maximum polygon vertices. * Default user data is now uintptr_t instead of void* * b2FixtureDef::restitutionThreshold lets you set the restitution velocity threshold per fixture. * Collision * Chain and edge shape must now be one-sided to eliminate ghost collisions * Broad-phase optimizations * Added b2ShapeCast for linear shape casting * Dynamics * Joint limits are now predictive and not stateful * Experimental 2D cloth (rope) * b2Body::SetActive -> b2Body::SetEnabled * Better support for running multiple worlds * Handle zero density better * The body behaves like a static body * The body is drawn with a red color * Added translation limit to wheel joint * World dump now writes to box2d_dump.inl * Static bodies are never awake * All joints with spring-dampers now use stiffness and damping * Added utility functions to convert frequency and damping ratio to stiffness and damping * Polygon creation now computes the convex hull. * The convex hull code will merge vertices closer than dm_linearSlop. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3142-1 Released: Wed Sep 7 09:54:18 2022 Summary: Security update for icu Type: security Severity: moderate References: 1193951,CVE-2020-21913 This update for icu fixes the following issues: - CVE-2020-21913: Fixed a memory safetey issue that could lead to use after free (bsc#1193951). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3262-1 Released: Tue Sep 13 15:34:29 2022 Summary: Recommended update for gcc11 Type: recommended Severity: moderate References: 1199140 This update for gcc11 ships some missing 32bit libraries for s390x. (bsc#1199140) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4256-1 Released: Mon Nov 28 12:36:32 2022 Summary: Recommended update for gcc12 Type: recommended Severity: moderate References: This update for gcc12 fixes the following issues: This update ship the GCC 12 compiler suite and its base libraries. The compiler baselibraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 11 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP3 and SP4, and provided in the 'Development Tools' module. The Go, D and Ada language compiler parts are available unsupported via the PackageHub repositories. To use gcc12 compilers use: - install 'gcc12' or 'gcc12-c++' or one of the other 'gcc12-COMPILER' frontend packages. - override your Makefile to use CC=gcc12, CXX=g++12 and similar overrides for the other languages. For a full changelog with all new GCC12 features, check out https://gcc.gnu.org/gcc-12/changes.html ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4336-1 Released: Tue Dec 6 16:27:50 2022 Summary: Recommended update for gdb Type: recommended Severity: moderate References: gdb was updated to version 12.1: * DBX mode is deprecated, and will be removed in GDB 13. * GDB 12 is the last release of GDB that will support building against Python 2. From GDB 13, it will only be possible to build GDB itself with Python 3 support. * Improved C++ template support: GDB now treats functions/types involving C++ templates like it does function overloads. Users may omit parameter lists to set breakpoints on families of template functions, including types/functions composed of multiple template types: (gdb) break template_func(template_1, int) The above will set breakpoints at every function `template_func' where the first function parameter is any template type named `template_1' and the second function parameter is `int'. TAB completion also gains similar improvements. * New commands: - maint set backtrace-on-fatal-signal on|off - maint show backtrace-on-fatal-signal This setting is 'on' by default. When 'on' GDB will print a limited backtrace to stderr in the situation where GDB terminates with a fatal signal. This only supported on some platforms where the backtrace and backtrace_symbols_fd functions are available. - set source open on|off - show source open This setting, which is on by default, controls whether GDB will try to open source code files. Switching this off will stop GDB trying to open and read source code files, which can be useful if the files are located over a slow network connection. - set varsize-limit - show varsize-limit These are now deprecated aliases for 'set max-value-size' and 'show max-value-size'. - task apply [all | TASK-IDS...] [FLAG]... COMMAND Like 'thread apply', but applies COMMAND to Ada tasks. - watch [...] task ID Watchpoints can now be restricted to a specific Ada task. - maint set internal-error backtrace on|off - maint show internal-error backtrace - maint set internal-warning backtrace on|off - maint show internal-warning backtrace GDB can now print a backtrace of itself when it encounters either an internal-error, or an internal-warning. This is on by default for internal-error and off by default for internal-warning. - set logging on|off Deprecated and replaced by 'set logging enabled on|off'. - set logging enabled on|off - show logging enabled These commands set or show whether logging is enabled or disabled. - exit You can now exit GDB by using the new command 'exit', in addition to the existing 'quit' command. - set debug threads on|off - show debug threads Print additional debug messages about thread creation and deletion. - set debug linux-nat on|off - show debug linux-nat These new commands replaced the old 'set debug lin-lwp' and 'show debug lin-lwp' respectively. Turning this setting on prints debug messages relating to GDB's handling of native Linux inferiors. - maint flush source-cache Flush the contents of the source code cache. - maint set gnu-source-highlight enabled on|off - maint show gnu-source-highlight enabled Whether GDB should use the GNU Source Highlight library for adding styling to source code. When off, the library will not be used, even when available. When GNU Source Highlight isn't used, or can't add styling to a particular source file, then the Python Pygments library will be used instead. - set suppress-cli-notifications (on|off) - show suppress-cli-notifications This controls whether printing the notifications is suppressed for CLI. CLI notifications occur when you change the selected context (i.e., the current inferior, thread and/or the frame), or when the program being debugged stops (e.g., because of hitting a breakpoint, completing source-stepping, an interrupt, etc.). - set style disassembler enabled on|off - show style disassembler enabled If GDB is compiled with Python support, and the Python Pygments package is available, then, when this setting is on, disassembler output will have styling applied. - set ada source-charset - show ada source-charset Set the character set encoding that is assumed for Ada symbols. Valid values for this follow the values that can be passed to the GNAT compiler via the '-gnati' option. The default is ISO-8859-1. * Changed commands: - print Printing of floating-point values with base-modifying formats like /x has been changed to display the underlying bytes of the value in the desired base. This was GDB's documented behavior, but was never implemented correctly. - maint packet This command can now print a reply, if the reply includes non-printable characters. Any non-printable characters are printed as escaped hex, e.g. \x?? where '??' is replaces with the value of the non-printable character. - clone-inferior The clone-inferior command now ensures that the TTY, CMD and ARGS settings are copied from the original inferior to the new one. All modifications to the environment variables done using the 'set environment' or 'unset environment' commands are also copied to the new inferior. - set debug lin-lwp on|off - show debug lin-lwp These commands have been removed from GDB. The new command 'set debug linux-nat' and 'show debug linux-nat' should be used instead. - info win This command now includes information about the width of the tui windows in its output. * GDB's Ada parser now supports an extension for specifying the exact byte contents of a floating-point literal. This can be useful for setting floating-point registers to a precise value without loss of precision. The syntax is an extension of the based literal syntax. Use, e.g., '16lf#0123abcd#' -- the number of 'l's controls the width of the floating-point type, and the 'f' is the marker for floating point. * MI changes: ** The '-add-inferior' with no option flags now inherits the connection of the current inferior, this restores the behaviour of GDB as it was prior to GDB 10. ** The '-add-inferior' command now accepts a '--no-connection' option, which causes the new inferior to start without a connection. * Python API: ** New function gdb.add_history(), which takes a gdb.Value object and adds the value it represents to GDB's history list. An integer, the index of the new item in the history list, is returned. ** New function gdb.history_count(), which returns the number of values in GDB's value history. ** New gdb.events.gdb_exiting event. This event is called with a gdb.GdbExitingEvent object which has the read-only attribute 'exit_code', which contains the value of the GDB exit code. This event is triggered once GDB decides it is going to exit, but before GDB starts to clean up its internal state. ** New function gdb.architecture_names(), which returns a list containing all of the possible Architecture.name() values. Each entry is a string. ** New function gdb.Architecture.integer_type(), which returns an integer type given a size and a signed-ness. ** New gdb.TargetConnection object type that represents a connection (as displayed by the 'info connections' command). A sub-class, gdb.RemoteTargetConnection, is used to represent 'remote' and 'extended-remote' connections. ** The gdb.Inferior type now has a 'connection' property which is an instance of gdb.TargetConnection, the connection used by this inferior. This can be None if the inferior has no connection. ** New 'gdb.events.connection_removed' event registry, which emits a 'gdb.ConnectionEvent' when a connection is removed from GDB. This event has a 'connection' property, a gdb.TargetConnection object for the connection being removed. ** New gdb.connections() function that returns a list of all currently active connections. ** New gdb.RemoteTargetConnection.send_packet(PACKET) method. This is equivalent to the existing 'maint packet' CLI command; it allows a user specified packet to be sent to the remote target. ** New function gdb.host_charset(), returns a string, which is the name of the current host charset. ** New gdb.set_parameter(NAME, VALUE). This sets the gdb parameter NAME to VALUE. ** New gdb.with_parameter(NAME, VALUE). This returns a context manager that temporarily sets the gdb parameter NAME to VALUE, then resets it when the context is exited. ** The gdb.Value.format_string method now takes a 'styling' argument, which is a boolean. When true, the returned string can include escape sequences to apply styling. The styling will only be present if styling is otherwise turned on in GDB (see 'help set styling'). When false, which is the default if the argument is not given, then no styling is applied to the returned string. ** New read-only attribute gdb.InferiorThread.details, which is either a string, containing additional, target specific thread state information, or None, if there is no such additional information. ** New read-only attribute gdb.Type.is_scalar, which is True for scalar types, and False for all other types. ** New read-only attribute gdb.Type.is_signed. This attribute should only be read when Type.is_scalar is True, and will be True for signed types, and False for all other types. Attempting to read this attribute for non-scalar types will raise a ValueError. ** It is now possible to add GDB/MI commands implemented in Python. Update libipt to v2.0.5. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:225-1 Released: Wed Feb 1 09:37:51 2023 Summary: Security update for ctags Type: security Severity: important References: 1206543,CVE-2022-4515 This update for ctags fixes the following issues: - CVE-2022-4515: Fixed a command injection issue via a tag file wih a crafted filename (bsc#1206543). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:776-1 Released: Thu Mar 16 17:29:23 2023 Summary: Recommended update for gcc12 Type: recommended Severity: moderate References: This update for gcc12 fixes the following issues: This update ships gcc12 also to the SUSE Linux Enterprise 15 SP1 LTSS and 15 SP2 LTSS products. SUSE Linux Enterprise 15 SP3 and SP4 get only refreshed builds without changes This update ship the GCC 12 compiler suite and its base libraries. The compiler baselibraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 11 ones. The new compilers for C, C++, and Fortran are provided in the SUSE Linux Enterprise Module for Development Tools. To use gcc12 compilers use: - install 'gcc12' or 'gcc12-c++' or one of the other 'gcc12-COMPILER' frontend packages. - override your makefile to use CC=gcc12, CXX=g++12 and similar overrides for the other languages. For a full changelog with all new GCC12 features, check out https://gcc.gnu.org/gcc-12/changes.html ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1808-1 Released: Tue Apr 11 11:33:51 2023 Summary: Recommended update for gdb Type: recommended Severity: moderate References: gdb was updated to version 12.1: * DBX mode is deprecated, and will be removed in GDB 13. * GDB 12 is the last release of GDB that will support building against Python 2. From GDB 13, it will only be possible to build GDB itself with Python 3 support. * Improved C++ template support: GDB now treats functions/types involving C++ templates like it does function overloads. Users may omit parameter lists to set breakpoints on families of template functions, including types/functions composed of multiple template types: (gdb) break template_func(template_1, int) The above will set breakpoints at every function `template_func' where the first function parameter is any template type named `template_1' and the second function parameter is `int'. TAB completion also gains similar improvements. * New commands: - maint set backtrace-on-fatal-signal on|off - maint show backtrace-on-fatal-signal This setting is 'on' by default. When 'on' GDB will print a limited backtrace to stderr in the situation where GDB terminates with a fatal signal. This only supported on some platforms where the backtrace and backtrace_symbols_fd functions are available. - set source open on|off - show source open This setting, which is on by default, controls whether GDB will try to open source code files. Switching this off will stop GDB trying to open and read source code files, which can be useful if the files are located over a slow network connection. - set varsize-limit - show varsize-limit These are now deprecated aliases for 'set max-value-size' and 'show max-value-size'. - task apply [all | TASK-IDS...] [FLAG]... COMMAND Like 'thread apply', but applies COMMAND to Ada tasks. - watch [...] task ID Watchpoints can now be restricted to a specific Ada task. - maint set internal-error backtrace on|off - maint show internal-error backtrace - maint set internal-warning backtrace on|off - maint show internal-warning backtrace GDB can now print a backtrace of itself when it encounters either an internal-error, or an internal-warning. This is on by default for internal-error and off by default for internal-warning. - set logging on|off Deprecated and replaced by 'set logging enabled on|off'. - set logging enabled on|off - show logging enabled These commands set or show whether logging is enabled or disabled. - exit You can now exit GDB by using the new command 'exit', in addition to the existing 'quit' command. - set debug threads on|off - show debug threads Print additional debug messages about thread creation and deletion. - set debug linux-nat on|off - show debug linux-nat These new commands replaced the old 'set debug lin-lwp' and 'show debug lin-lwp' respectively. Turning this setting on prints debug messages relating to GDB's handling of native Linux inferiors. - maint flush source-cache Flush the contents of the source code cache. - maint set gnu-source-highlight enabled on|off - maint show gnu-source-highlight enabled Whether GDB should use the GNU Source Highlight library for adding styling to source code. When off, the library will not be used, even when available. When GNU Source Highlight isn't used, or can't add styling to a particular source file, then the Python Pygments library will be used instead. - set suppress-cli-notifications (on|off) - show suppress-cli-notifications This controls whether printing the notifications is suppressed for CLI. CLI notifications occur when you change the selected context (i.e., the current inferior, thread and/or the frame), or when the program being debugged stops (e.g., because of hitting a breakpoint, completing source-stepping, an interrupt, etc.). - set style disassembler enabled on|off - show style disassembler enabled If GDB is compiled with Python support, and the Python Pygments package is available, then, when this setting is on, disassembler output will have styling applied. - set ada source-charset - show ada source-charset Set the character set encoding that is assumed for Ada symbols. Valid values for this follow the values that can be passed to the GNAT compiler via the '-gnati' option. The default is ISO-8859-1. * Changed commands: - print Printing of floating-point values with base-modifying formats like /x has been changed to display the underlying bytes of the value in the desired base. This was GDB's documented behavior, but was never implemented correctly. - maint packet This command can now print a reply, if the reply includes non-printable characters. Any non-printable characters are printed as escaped hex, e.g. \x?? where '??' is replaces with the value of the non-printable character. - clone-inferior The clone-inferior command now ensures that the TTY, CMD and ARGS settings are copied from the original inferior to the new one. All modifications to the environment variables done using the 'set environment' or 'unset environment' commands are also copied to the new inferior. - set debug lin-lwp on|off - show debug lin-lwp These commands have been removed from GDB. The new command 'set debug linux-nat' and 'show debug linux-nat' should be used instead. - info win This command now includes information about the width of the tui windows in its output. * GDB's Ada parser now supports an extension for specifying the exact byte contents of a floating-point literal. This can be useful for setting floating-point registers to a precise value without loss of precision. The syntax is an extension of the based literal syntax. Use, e.g., '16lf#0123abcd#' -- the number of 'l's controls the width of the floating-point type, and the 'f' is the marker for floating point. * MI changes: ** The '-add-inferior' with no option flags now inherits the connection of the current inferior, this restores the behaviour of GDB as it was prior to GDB 10. ** The '-add-inferior' command now accepts a '--no-connection' option, which causes the new inferior to start without a connection. * Python API: ** New function gdb.add_history(), which takes a gdb.Value object and adds the value it represents to GDB's history list. An integer, the index of the new item in the history list, is returned. ** New function gdb.history_count(), which returns the number of values in GDB's value history. ** New gdb.events.gdb_exiting event. This event is called with a gdb.GdbExitingEvent object which has the read-only attribute 'exit_code', which contains the value of the GDB exit code. This event is triggered once GDB decides it is going to exit, but before GDB starts to clean up its internal state. ** New function gdb.architecture_names(), which returns a list containing all of the possible Architecture.name() values. Each entry is a string. ** New function gdb.Architecture.integer_type(), which returns an integer type given a size and a signed-ness. ** New gdb.TargetConnection object type that represents a connection (as displayed by the 'info connections' command). A sub-class, gdb.RemoteTargetConnection, is used to represent 'remote' and 'extended-remote' connections. ** The gdb.Inferior type now has a 'connection' property which is an instance of gdb.TargetConnection, the connection used by this inferior. This can be None if the inferior has no connection. ** New 'gdb.events.connection_removed' event registry, which emits a 'gdb.ConnectionEvent' when a connection is removed from GDB. This event has a 'connection' property, a gdb.TargetConnection object for the connection being removed. ** New gdb.connections() function that returns a list of all currently active connections. ** New gdb.RemoteTargetConnection.send_packet(PACKET) method. This is equivalent to the existing 'maint packet' CLI command; it allows a user specified packet to be sent to the remote target. ** New function gdb.host_charset(), returns a string, which is the name of the current host charset. ** New gdb.set_parameter(NAME, VALUE). This sets the gdb parameter NAME to VALUE. ** New gdb.with_parameter(NAME, VALUE). This returns a context manager that temporarily sets the gdb parameter NAME to VALUE, then resets it when the context is exited. ** The gdb.Value.format_string method now takes a 'styling' argument, which is a boolean. When true, the returned string can include escape sequences to apply styling. The styling will only be present if styling is otherwise turned on in GDB (see 'help set styling'). When false, which is the default if the argument is not given, then no styling is applied to the returned string. ** New read-only attribute gdb.InferiorThread.details, which is either a string, containing additional, target specific thread state information, or None, if there is no such additional information. ** New read-only attribute gdb.Type.is_scalar, which is True for scalar types, and False for all other types. ** New read-only attribute gdb.Type.is_signed. This attribute should only be read when Type.is_scalar is True, and will be True for signed types, and False for all other types. Attempting to read this attribute for non-scalar types will raise a ValueError. ** It is now possible to add GDB/MI commands implemented in Python. Update libipt to v2.0.5. The following package changes have been done: - ctags-5.8-150000.3.3.1 added - gdb-12.1-150100.8.33.2 updated - libboost_regex1_66_0-1.66.0-12.3.1 added - libicu-suse65_1-65.1-150200.4.5.1 added - libicu65_1-ledata-65.1-150200.4.5.1 added - libsource-highlight4-3.1.8-150000.3.4.1 added - libstdc++6-12.2.1+git416-150000.1.7.1 updated From sle-updates at lists.suse.com Wed Apr 12 07:32:11 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 12 Apr 2023 09:32:11 +0200 (CEST) Subject: SUSE-CU-2023:1097-1: Security update of suse/sle-micro/5.2/toolbox Message-ID: <20230412073211.5319FF36E@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.2/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1097-1 Container Tags : suse/sle-micro/5.2/toolbox:12.1 , suse/sle-micro/5.2/toolbox:12.1-6.2.194 , suse/sle-micro/5.2/toolbox:latest Container Release : 6.2.194 Severity : important Type : security References : 1041090 1049382 1116658 1136234 1155141 1173404 1173409 1173410 1173471 1174465 1176547 1177955 1178807 1178943 1178944 1179025 1179203 1181122 1181644 1181872 1182790 1193951 1199140 1206543 CVE-2020-21913 CVE-2022-4515 ----------------------------------------------------------------- The container suse/sle-micro/5.2/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:927-1 Released: Tue Mar 23 14:07:06 2021 Summary: Recommended update for libreoffice Type: recommended Severity: moderate References: 1041090,1049382,1116658,1136234,1155141,1173404,1173409,1173410,1173471,1174465,1176547,1177955,1178807,1178943,1178944,1179025,1179203,1181122,1181644,1181872,1182790 This update for libreoffice provides the upgrade from version 6.4.5.2 to 7.1.1.2 (jsc#ECO-3150, bsc#1182790) libreoffice: - Image shown with different aspect ratio (bsc#1176547) - Text changes are reproducibly lost on PPTX with SmartArt (bsc#1181644) - Adjust to new Box2D and enable KDE on SUSE Linux Enterprise 15-SP3 or newer (jsc#ECO-3375) - Wrong bullet points in Impress (bsc#1174465) - SmartArt: text wrongly aligned, background boxes not quite right (bsc#1177955) - Update the SUSE color palette to reflect the new SUSE branding. (bsc#1181122, bsc#1173471) - SUSE Mint - SUSE Midnight Blue - SUSE Waterhole Blue - SUSE Persimmon - Fix a crash opening a PPTX. (bsc#1179025) - Fix text box from PowerPoint renders vertically instead of horizontally (bsc#1178807) - Shadow effects for table completely missing (bsc#1178944, bsc#1178943) - Disable firebird integration for the time being (bsc#1179203) - Fixes hang on Writer on scrolling/saving of a document (bsc#1136234) - Wrong rendering of bulleted lists in PPTX document (bsc#1155141) - Sidebar: paragraph widget: numeric fields become inactive/unaccessible after saving (bsc#1173404) - Crash of Writer opening any document having 'invalid' python file in home directory (bsc#1116658) libixion: Update to 0.16.1: - fixed a build issue on 32-bit linux platforms, caused by slicing of integer string ID values. - worked around floating point rounding errors which prevented two theoretically-equal numeric values from being evaluated as equal in test code. - added new function to allow printing of single formula tokens. - added method for setting cached results on formula cells in model_context. - changed the model_context design to ensure that all sheets are of the same size. - added an accessor method to formula_model_access interface (and implicitly in model_context) that directly returns a string value from cell. - added cell_access class for querying of cell states without knowing its type ahead of time. - added document class which provides a layer on top of model_context, to abstract away the handling of formula calculations. - deprecated model_context::erase_cell() in favor of empty_cell(). - added support for 3D references - references that contain multiple sheets. - added support for the exponent (^) and concatenation (&) operators. - fixed incorrect handling of range references containing whole columns such as A:A. - added support for unordered range references - range references whose start row or column is greater than their end position counterparts, such as A3:A1. - fixed a bug that prevented nested formula functions from working properly. - implemented Calc A1 style reference resolver. - formula results now directly store the string values when the results are of string type. They previously stored string ID values after interning the original strings. - Removed build-time dependency on spdlog. libmwaw: Update to 0.3.17: - add a parser for Jazz(Lotus) writer and spreasheet files. The writer parser can only be called if the file still contains its resource fork - add a parser for Canvas 3 and 3.5 files - AppleWorks parser: try to retrieve more Windows presentation - add a parser for Drawing Table files - add a parser for Canvas 2 files - API: add new reserved enums in MWAWDocument.hxx `MWAW_T_RESERVED10..MWAW_T_RESERVED29` and add a new define in libmwaw.hxx `MWAW_INTERFACE_VERSION` to check if these enums are defined - remove the QuarkXPress parser (must be in libqxp) - retrieve the annotation in MsWord 5 document - try to better understand RagTime 5-6 document libnumbertext: Update to 1.0.6 liborcus: Update to 0.16.1 - Add upstream changes to fix build with GCC 11 (bsc#1181872) libstaroffice: Update to 0.0.7: - fix `text:sender-lastname` when creating meta-data libwps: Update to 0.4.11: - XYWrite: add a parser to .fil v2 and v4 files - wks,wk1: correct some problems when retrieving cell's reference. glfw: New package provided on version 3.3.2: - See also: https://www.glfw.org/changelog.html - Sort list of input files to geany for reproducible builds (bsc#1049382, bsc#1041090) * Require pkgconfig(gl) for the devel package to supply needed include GL/gl.h * glfwFocusWindow could terminate on older WMs or without a WM * Creating an undecorated window could fail with BadMatch * Querying a disconnected monitor could segfault * Video modes with a duplicate screen area were discarded * The CMake files did not check for the XInput headers * Key names were not updated when the keyboard layout changed * Decorations could not be enabled after window creation * Content scale fallback value could be inconsistent * Disabled cursor mode was interrupted by indicator windows * Monitor physical dimensions could be reported as zero mm * Window position events were not emitted during resizing * Added on-demand loading of Vulkan and context creation API libraries * [X11] Bugfix: Window size limits were ignored if the minimum or maximum size was set to `GLFW_DONT_CARE` * [X11] Bugfix: Input focus was set before window was visible, causing BadMatch on some non-reparenting WMs * [X11] Bugfix: glfwGetWindowPos and glfwSetWindowPos operated on the window frame instead of the client area * [WGL] Added reporting of errors from `WGL_ARB_create_context` extension * [EGL] Added lib prefix matching between EGL and OpenGL ES library binaries * [EGL] Bugfix: Dynamically loaded entry points were not verified - Made build of geany-tags optional. Box2D: New package provided on version 2.4.1: * Extended distance joint to have a minimum and maximum limit. * `B2_USER_SETTINGS` and `b2_user_settings.h` can control user data, length units, and maximum polygon vertices. * Default user data is now uintptr_t instead of void* * b2FixtureDef::restitutionThreshold lets you set the restitution velocity threshold per fixture. * Collision * Chain and edge shape must now be one-sided to eliminate ghost collisions * Broad-phase optimizations * Added b2ShapeCast for linear shape casting * Dynamics * Joint limits are now predictive and not stateful * Experimental 2D cloth (rope) * b2Body::SetActive -> b2Body::SetEnabled * Better support for running multiple worlds * Handle zero density better * The body behaves like a static body * The body is drawn with a red color * Added translation limit to wheel joint * World dump now writes to box2d_dump.inl * Static bodies are never awake * All joints with spring-dampers now use stiffness and damping * Added utility functions to convert frequency and damping ratio to stiffness and damping * Polygon creation now computes the convex hull. * The convex hull code will merge vertices closer than dm_linearSlop. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3142-1 Released: Wed Sep 7 09:54:18 2022 Summary: Security update for icu Type: security Severity: moderate References: 1193951,CVE-2020-21913 This update for icu fixes the following issues: - CVE-2020-21913: Fixed a memory safetey issue that could lead to use after free (bsc#1193951). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3262-1 Released: Tue Sep 13 15:34:29 2022 Summary: Recommended update for gcc11 Type: recommended Severity: moderate References: 1199140 This update for gcc11 ships some missing 32bit libraries for s390x. (bsc#1199140) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4256-1 Released: Mon Nov 28 12:36:32 2022 Summary: Recommended update for gcc12 Type: recommended Severity: moderate References: This update for gcc12 fixes the following issues: This update ship the GCC 12 compiler suite and its base libraries. The compiler baselibraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 11 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP3 and SP4, and provided in the 'Development Tools' module. The Go, D and Ada language compiler parts are available unsupported via the PackageHub repositories. To use gcc12 compilers use: - install 'gcc12' or 'gcc12-c++' or one of the other 'gcc12-COMPILER' frontend packages. - override your Makefile to use CC=gcc12, CXX=g++12 and similar overrides for the other languages. For a full changelog with all new GCC12 features, check out https://gcc.gnu.org/gcc-12/changes.html ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4336-1 Released: Tue Dec 6 16:27:50 2022 Summary: Recommended update for gdb Type: recommended Severity: moderate References: gdb was updated to version 12.1: * DBX mode is deprecated, and will be removed in GDB 13. * GDB 12 is the last release of GDB that will support building against Python 2. From GDB 13, it will only be possible to build GDB itself with Python 3 support. * Improved C++ template support: GDB now treats functions/types involving C++ templates like it does function overloads. Users may omit parameter lists to set breakpoints on families of template functions, including types/functions composed of multiple template types: (gdb) break template_func(template_1, int) The above will set breakpoints at every function `template_func' where the first function parameter is any template type named `template_1' and the second function parameter is `int'. TAB completion also gains similar improvements. * New commands: - maint set backtrace-on-fatal-signal on|off - maint show backtrace-on-fatal-signal This setting is 'on' by default. When 'on' GDB will print a limited backtrace to stderr in the situation where GDB terminates with a fatal signal. This only supported on some platforms where the backtrace and backtrace_symbols_fd functions are available. - set source open on|off - show source open This setting, which is on by default, controls whether GDB will try to open source code files. Switching this off will stop GDB trying to open and read source code files, which can be useful if the files are located over a slow network connection. - set varsize-limit - show varsize-limit These are now deprecated aliases for 'set max-value-size' and 'show max-value-size'. - task apply [all | TASK-IDS...] [FLAG]... COMMAND Like 'thread apply', but applies COMMAND to Ada tasks. - watch [...] task ID Watchpoints can now be restricted to a specific Ada task. - maint set internal-error backtrace on|off - maint show internal-error backtrace - maint set internal-warning backtrace on|off - maint show internal-warning backtrace GDB can now print a backtrace of itself when it encounters either an internal-error, or an internal-warning. This is on by default for internal-error and off by default for internal-warning. - set logging on|off Deprecated and replaced by 'set logging enabled on|off'. - set logging enabled on|off - show logging enabled These commands set or show whether logging is enabled or disabled. - exit You can now exit GDB by using the new command 'exit', in addition to the existing 'quit' command. - set debug threads on|off - show debug threads Print additional debug messages about thread creation and deletion. - set debug linux-nat on|off - show debug linux-nat These new commands replaced the old 'set debug lin-lwp' and 'show debug lin-lwp' respectively. Turning this setting on prints debug messages relating to GDB's handling of native Linux inferiors. - maint flush source-cache Flush the contents of the source code cache. - maint set gnu-source-highlight enabled on|off - maint show gnu-source-highlight enabled Whether GDB should use the GNU Source Highlight library for adding styling to source code. When off, the library will not be used, even when available. When GNU Source Highlight isn't used, or can't add styling to a particular source file, then the Python Pygments library will be used instead. - set suppress-cli-notifications (on|off) - show suppress-cli-notifications This controls whether printing the notifications is suppressed for CLI. CLI notifications occur when you change the selected context (i.e., the current inferior, thread and/or the frame), or when the program being debugged stops (e.g., because of hitting a breakpoint, completing source-stepping, an interrupt, etc.). - set style disassembler enabled on|off - show style disassembler enabled If GDB is compiled with Python support, and the Python Pygments package is available, then, when this setting is on, disassembler output will have styling applied. - set ada source-charset - show ada source-charset Set the character set encoding that is assumed for Ada symbols. Valid values for this follow the values that can be passed to the GNAT compiler via the '-gnati' option. The default is ISO-8859-1. * Changed commands: - print Printing of floating-point values with base-modifying formats like /x has been changed to display the underlying bytes of the value in the desired base. This was GDB's documented behavior, but was never implemented correctly. - maint packet This command can now print a reply, if the reply includes non-printable characters. Any non-printable characters are printed as escaped hex, e.g. \x?? where '??' is replaces with the value of the non-printable character. - clone-inferior The clone-inferior command now ensures that the TTY, CMD and ARGS settings are copied from the original inferior to the new one. All modifications to the environment variables done using the 'set environment' or 'unset environment' commands are also copied to the new inferior. - set debug lin-lwp on|off - show debug lin-lwp These commands have been removed from GDB. The new command 'set debug linux-nat' and 'show debug linux-nat' should be used instead. - info win This command now includes information about the width of the tui windows in its output. * GDB's Ada parser now supports an extension for specifying the exact byte contents of a floating-point literal. This can be useful for setting floating-point registers to a precise value without loss of precision. The syntax is an extension of the based literal syntax. Use, e.g., '16lf#0123abcd#' -- the number of 'l's controls the width of the floating-point type, and the 'f' is the marker for floating point. * MI changes: ** The '-add-inferior' with no option flags now inherits the connection of the current inferior, this restores the behaviour of GDB as it was prior to GDB 10. ** The '-add-inferior' command now accepts a '--no-connection' option, which causes the new inferior to start without a connection. * Python API: ** New function gdb.add_history(), which takes a gdb.Value object and adds the value it represents to GDB's history list. An integer, the index of the new item in the history list, is returned. ** New function gdb.history_count(), which returns the number of values in GDB's value history. ** New gdb.events.gdb_exiting event. This event is called with a gdb.GdbExitingEvent object which has the read-only attribute 'exit_code', which contains the value of the GDB exit code. This event is triggered once GDB decides it is going to exit, but before GDB starts to clean up its internal state. ** New function gdb.architecture_names(), which returns a list containing all of the possible Architecture.name() values. Each entry is a string. ** New function gdb.Architecture.integer_type(), which returns an integer type given a size and a signed-ness. ** New gdb.TargetConnection object type that represents a connection (as displayed by the 'info connections' command). A sub-class, gdb.RemoteTargetConnection, is used to represent 'remote' and 'extended-remote' connections. ** The gdb.Inferior type now has a 'connection' property which is an instance of gdb.TargetConnection, the connection used by this inferior. This can be None if the inferior has no connection. ** New 'gdb.events.connection_removed' event registry, which emits a 'gdb.ConnectionEvent' when a connection is removed from GDB. This event has a 'connection' property, a gdb.TargetConnection object for the connection being removed. ** New gdb.connections() function that returns a list of all currently active connections. ** New gdb.RemoteTargetConnection.send_packet(PACKET) method. This is equivalent to the existing 'maint packet' CLI command; it allows a user specified packet to be sent to the remote target. ** New function gdb.host_charset(), returns a string, which is the name of the current host charset. ** New gdb.set_parameter(NAME, VALUE). This sets the gdb parameter NAME to VALUE. ** New gdb.with_parameter(NAME, VALUE). This returns a context manager that temporarily sets the gdb parameter NAME to VALUE, then resets it when the context is exited. ** The gdb.Value.format_string method now takes a 'styling' argument, which is a boolean. When true, the returned string can include escape sequences to apply styling. The styling will only be present if styling is otherwise turned on in GDB (see 'help set styling'). When false, which is the default if the argument is not given, then no styling is applied to the returned string. ** New read-only attribute gdb.InferiorThread.details, which is either a string, containing additional, target specific thread state information, or None, if there is no such additional information. ** New read-only attribute gdb.Type.is_scalar, which is True for scalar types, and False for all other types. ** New read-only attribute gdb.Type.is_signed. This attribute should only be read when Type.is_scalar is True, and will be True for signed types, and False for all other types. Attempting to read this attribute for non-scalar types will raise a ValueError. ** It is now possible to add GDB/MI commands implemented in Python. Update libipt to v2.0.5. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:225-1 Released: Wed Feb 1 09:37:51 2023 Summary: Security update for ctags Type: security Severity: important References: 1206543,CVE-2022-4515 This update for ctags fixes the following issues: - CVE-2022-4515: Fixed a command injection issue via a tag file wih a crafted filename (bsc#1206543). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:776-1 Released: Thu Mar 16 17:29:23 2023 Summary: Recommended update for gcc12 Type: recommended Severity: moderate References: This update for gcc12 fixes the following issues: This update ships gcc12 also to the SUSE Linux Enterprise 15 SP1 LTSS and 15 SP2 LTSS products. SUSE Linux Enterprise 15 SP3 and SP4 get only refreshed builds without changes This update ship the GCC 12 compiler suite and its base libraries. The compiler baselibraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 11 ones. The new compilers for C, C++, and Fortran are provided in the SUSE Linux Enterprise Module for Development Tools. To use gcc12 compilers use: - install 'gcc12' or 'gcc12-c++' or one of the other 'gcc12-COMPILER' frontend packages. - override your makefile to use CC=gcc12, CXX=g++12 and similar overrides for the other languages. For a full changelog with all new GCC12 features, check out https://gcc.gnu.org/gcc-12/changes.html ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1808-1 Released: Tue Apr 11 11:33:51 2023 Summary: Recommended update for gdb Type: recommended Severity: moderate References: gdb was updated to version 12.1: * DBX mode is deprecated, and will be removed in GDB 13. * GDB 12 is the last release of GDB that will support building against Python 2. From GDB 13, it will only be possible to build GDB itself with Python 3 support. * Improved C++ template support: GDB now treats functions/types involving C++ templates like it does function overloads. Users may omit parameter lists to set breakpoints on families of template functions, including types/functions composed of multiple template types: (gdb) break template_func(template_1, int) The above will set breakpoints at every function `template_func' where the first function parameter is any template type named `template_1' and the second function parameter is `int'. TAB completion also gains similar improvements. * New commands: - maint set backtrace-on-fatal-signal on|off - maint show backtrace-on-fatal-signal This setting is 'on' by default. When 'on' GDB will print a limited backtrace to stderr in the situation where GDB terminates with a fatal signal. This only supported on some platforms where the backtrace and backtrace_symbols_fd functions are available. - set source open on|off - show source open This setting, which is on by default, controls whether GDB will try to open source code files. Switching this off will stop GDB trying to open and read source code files, which can be useful if the files are located over a slow network connection. - set varsize-limit - show varsize-limit These are now deprecated aliases for 'set max-value-size' and 'show max-value-size'. - task apply [all | TASK-IDS...] [FLAG]... COMMAND Like 'thread apply', but applies COMMAND to Ada tasks. - watch [...] task ID Watchpoints can now be restricted to a specific Ada task. - maint set internal-error backtrace on|off - maint show internal-error backtrace - maint set internal-warning backtrace on|off - maint show internal-warning backtrace GDB can now print a backtrace of itself when it encounters either an internal-error, or an internal-warning. This is on by default for internal-error and off by default for internal-warning. - set logging on|off Deprecated and replaced by 'set logging enabled on|off'. - set logging enabled on|off - show logging enabled These commands set or show whether logging is enabled or disabled. - exit You can now exit GDB by using the new command 'exit', in addition to the existing 'quit' command. - set debug threads on|off - show debug threads Print additional debug messages about thread creation and deletion. - set debug linux-nat on|off - show debug linux-nat These new commands replaced the old 'set debug lin-lwp' and 'show debug lin-lwp' respectively. Turning this setting on prints debug messages relating to GDB's handling of native Linux inferiors. - maint flush source-cache Flush the contents of the source code cache. - maint set gnu-source-highlight enabled on|off - maint show gnu-source-highlight enabled Whether GDB should use the GNU Source Highlight library for adding styling to source code. When off, the library will not be used, even when available. When GNU Source Highlight isn't used, or can't add styling to a particular source file, then the Python Pygments library will be used instead. - set suppress-cli-notifications (on|off) - show suppress-cli-notifications This controls whether printing the notifications is suppressed for CLI. CLI notifications occur when you change the selected context (i.e., the current inferior, thread and/or the frame), or when the program being debugged stops (e.g., because of hitting a breakpoint, completing source-stepping, an interrupt, etc.). - set style disassembler enabled on|off - show style disassembler enabled If GDB is compiled with Python support, and the Python Pygments package is available, then, when this setting is on, disassembler output will have styling applied. - set ada source-charset - show ada source-charset Set the character set encoding that is assumed for Ada symbols. Valid values for this follow the values that can be passed to the GNAT compiler via the '-gnati' option. The default is ISO-8859-1. * Changed commands: - print Printing of floating-point values with base-modifying formats like /x has been changed to display the underlying bytes of the value in the desired base. This was GDB's documented behavior, but was never implemented correctly. - maint packet This command can now print a reply, if the reply includes non-printable characters. Any non-printable characters are printed as escaped hex, e.g. \x?? where '??' is replaces with the value of the non-printable character. - clone-inferior The clone-inferior command now ensures that the TTY, CMD and ARGS settings are copied from the original inferior to the new one. All modifications to the environment variables done using the 'set environment' or 'unset environment' commands are also copied to the new inferior. - set debug lin-lwp on|off - show debug lin-lwp These commands have been removed from GDB. The new command 'set debug linux-nat' and 'show debug linux-nat' should be used instead. - info win This command now includes information about the width of the tui windows in its output. * GDB's Ada parser now supports an extension for specifying the exact byte contents of a floating-point literal. This can be useful for setting floating-point registers to a precise value without loss of precision. The syntax is an extension of the based literal syntax. Use, e.g., '16lf#0123abcd#' -- the number of 'l's controls the width of the floating-point type, and the 'f' is the marker for floating point. * MI changes: ** The '-add-inferior' with no option flags now inherits the connection of the current inferior, this restores the behaviour of GDB as it was prior to GDB 10. ** The '-add-inferior' command now accepts a '--no-connection' option, which causes the new inferior to start without a connection. * Python API: ** New function gdb.add_history(), which takes a gdb.Value object and adds the value it represents to GDB's history list. An integer, the index of the new item in the history list, is returned. ** New function gdb.history_count(), which returns the number of values in GDB's value history. ** New gdb.events.gdb_exiting event. This event is called with a gdb.GdbExitingEvent object which has the read-only attribute 'exit_code', which contains the value of the GDB exit code. This event is triggered once GDB decides it is going to exit, but before GDB starts to clean up its internal state. ** New function gdb.architecture_names(), which returns a list containing all of the possible Architecture.name() values. Each entry is a string. ** New function gdb.Architecture.integer_type(), which returns an integer type given a size and a signed-ness. ** New gdb.TargetConnection object type that represents a connection (as displayed by the 'info connections' command). A sub-class, gdb.RemoteTargetConnection, is used to represent 'remote' and 'extended-remote' connections. ** The gdb.Inferior type now has a 'connection' property which is an instance of gdb.TargetConnection, the connection used by this inferior. This can be None if the inferior has no connection. ** New 'gdb.events.connection_removed' event registry, which emits a 'gdb.ConnectionEvent' when a connection is removed from GDB. This event has a 'connection' property, a gdb.TargetConnection object for the connection being removed. ** New gdb.connections() function that returns a list of all currently active connections. ** New gdb.RemoteTargetConnection.send_packet(PACKET) method. This is equivalent to the existing 'maint packet' CLI command; it allows a user specified packet to be sent to the remote target. ** New function gdb.host_charset(), returns a string, which is the name of the current host charset. ** New gdb.set_parameter(NAME, VALUE). This sets the gdb parameter NAME to VALUE. ** New gdb.with_parameter(NAME, VALUE). This returns a context manager that temporarily sets the gdb parameter NAME to VALUE, then resets it when the context is exited. ** The gdb.Value.format_string method now takes a 'styling' argument, which is a boolean. When true, the returned string can include escape sequences to apply styling. The styling will only be present if styling is otherwise turned on in GDB (see 'help set styling'). When false, which is the default if the argument is not given, then no styling is applied to the returned string. ** New read-only attribute gdb.InferiorThread.details, which is either a string, containing additional, target specific thread state information, or None, if there is no such additional information. ** New read-only attribute gdb.Type.is_scalar, which is True for scalar types, and False for all other types. ** New read-only attribute gdb.Type.is_signed. This attribute should only be read when Type.is_scalar is True, and will be True for signed types, and False for all other types. Attempting to read this attribute for non-scalar types will raise a ValueError. ** It is now possible to add GDB/MI commands implemented in Python. Update libipt to v2.0.5. The following package changes have been done: - ctags-5.8-150000.3.3.1 added - gdb-12.1-150100.8.33.2 updated - libboost_regex1_66_0-1.66.0-12.3.1 added - libicu-suse65_1-65.1-150200.4.5.1 added - libicu65_1-ledata-65.1-150200.4.5.1 added - libsource-highlight4-3.1.8-150000.3.4.1 added - libstdc++6-12.2.1+git416-150000.1.7.1 updated From sle-updates at lists.suse.com Fri Apr 14 07:05:20 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 14 Apr 2023 09:05:20 +0200 (CEST) Subject: SUSE-CU-2023:1100-1: Security update of bci/openjdk-devel Message-ID: <20230414070520.C748BF36E@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1100-1 Container Tags : bci/openjdk-devel:11 , bci/openjdk-devel:11-39.49 Container Release : 39.49 Severity : important Type : security References : 1179926 1197027 1206562 1206973 1207063 1207308 1207352 1207490 1207799 1207829 1207830 1207838 1207883 1208288 1208321 1208325 1208586 1208687 1208719 1208772 1208908 1209369 1209386 1209434 1209703 CVE-2020-8908 CVE-2022-0860 CVE-2023-22644 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1831-1 Released: Thu Apr 13 11:05:58 2023 Summary: Maintenance update for SUSE Manager 4.2: Server, Proxy and Retail Branch Server Type: security Severity: important References: 1179926,1197027,1206562,1206973,1207063,1207308,1207352,1207490,1207799,1207829,1207830,1207838,1207883,1208288,1208321,1208325,1208586,1208687,1208719,1208772,1208908,1209369,1209386,1209434,1209703,CVE-2020-8908,CVE-2022-0860,CVE-2023-22644 Maintenance update for SUSE Manager 4.2: Server, Proxy and Retail Branch Server This is a codestream only update The following package changes have been done: - jsr-305-3.0.2-150200.3.7.5 updated From sle-updates at lists.suse.com Fri Apr 14 07:05:53 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 14 Apr 2023 09:05:53 +0200 (CEST) Subject: SUSE-CU-2023:1101-1: Security update of bci/openjdk-devel Message-ID: <20230414070553.B25B5F36E@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1101-1 Container Tags : bci/openjdk-devel:17 , bci/openjdk-devel:17-14.50 , bci/openjdk-devel:latest Container Release : 14.50 Severity : important Type : security References : 1179926 1197027 1206562 1206973 1207063 1207308 1207352 1207490 1207799 1207829 1207830 1207838 1207883 1208288 1208321 1208325 1208586 1208687 1208719 1208772 1208908 1209369 1209386 1209434 1209703 CVE-2020-8908 CVE-2022-0860 CVE-2023-22644 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1831-1 Released: Thu Apr 13 11:05:58 2023 Summary: Maintenance update for SUSE Manager 4.2: Server, Proxy and Retail Branch Server Type: security Severity: important References: 1179926,1197027,1206562,1206973,1207063,1207308,1207352,1207490,1207799,1207829,1207830,1207838,1207883,1208288,1208321,1208325,1208586,1208687,1208719,1208772,1208908,1209369,1209386,1209434,1209703,CVE-2020-8908,CVE-2022-0860,CVE-2023-22644 Maintenance update for SUSE Manager 4.2: Server, Proxy and Retail Branch Server This is a codestream only update The following package changes have been done: - jsr-305-3.0.2-150200.3.7.5 updated From sle-updates at lists.suse.com Fri Apr 14 07:07:01 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 14 Apr 2023 09:07:01 +0200 (CEST) Subject: SUSE-CU-2023:1102-1: Security update of suse/pcp Message-ID: <20230414070701.F217CF36E@maintenance.suse.de> SUSE Container Update Advisory: suse/pcp ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1102-1 Container Tags : suse/pcp:5 , suse/pcp:5-13.48 , suse/pcp:5.2 , suse/pcp:5.2-13.48 , suse/pcp:5.2.5 , suse/pcp:5.2.5-13.48 , suse/pcp:latest Container Release : 13.48 Severity : important Type : security References : 1203537 1207571 1207957 1207975 1208358 1208432 1209533 1209624 CVE-2022-4899 CVE-2023-0464 CVE-2023-0687 ----------------------------------------------------------------- The container suse/pcp was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1662-1 Released: Wed Mar 29 10:36:23 2023 Summary: Recommended update for patterns-base Type: recommended Severity: moderate References: 1203537 This update for patterns-base fixes the following issues: - change label of FIPS 140-2 to 140-3 to reflect our current certifications (bsc#1203537) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1688-1 Released: Wed Mar 29 18:19:10 2023 Summary: Security update for zstd Type: security Severity: moderate References: 1209533,CVE-2022-4899 This update for zstd fixes the following issues: - CVE-2022-4899: Fixed buffer overrun in util.c (bsc#1209533). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1718-1 Released: Fri Mar 31 15:47:34 2023 Summary: Security update for glibc Type: security Severity: moderate References: 1207571,1207957,1207975,1208358,CVE-2023-0687 This update for glibc fixes the following issues: Security issue fixed: - CVE-2023-0687: Fix allocated buffer overflow in gmon (bsc#1207975) Other issues fixed: - Fix avx2 strncmp offset compare condition check (bsc#1208358) - elf: Allow dlopen of filter object to work (bsc#1207571) - powerpc: Fix unrecognized instruction errors with recent GCC - x86: Cache computation for AMD architecture (bsc#1207957) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1745-1 Released: Tue Apr 4 09:05:23 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1209624,CVE-2023-0464 This update for openssl-1_1 fixes the following issues: - CVE-2023-0464: Fixed excessive Resource Usage Verifying X.509 Policy Constraints (bsc#1209624). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1753-1 Released: Tue Apr 4 11:55:00 2023 Summary: Recommended update for systemd-presets-common-SUSE Type: recommended Severity: moderate References: This update for systemd-presets-common-SUSE fixes the following issue: - Enable systemd-pstore.service by default (jsc#PED-2663) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1779-1 Released: Thu Apr 6 08:16:58 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1208432 This update for systemd fixes the following issues: - Fix return non-zero value when disabling SysVinit service (bsc#1208432) - Drop build requirement on libpci, it's not no longer needed - Move systemd-boot and all components managing (secure) UEFI boot into udev sub-package, so they aren't installed in systemd based containers ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1805-1 Released: Tue Apr 11 10:12:41 2023 Summary: Recommended update for timezone Type: recommended Severity: important References: This update for timezone fixes the following issues: - Version update from 2022g to 2023c: * Egypt now uses DST again, from April through October. * This year Morocco springs forward April 23, not April 30. * Palestine delays the start of DST this year. * Much of Greenland still uses DST from 2024 on. * America/Yellowknife now links to America/Edmonton. * tzselect can now use current time to help infer timezone. * The code now defaults to C99 or later. The following package changes have been done: - glibc-2.31-150300.46.1 updated - libzstd1-1.5.0-150400.3.3.1 updated - libudev1-249.16-150400.8.25.7 updated - libsystemd0-249.16-150400.8.25.7 updated - libopenssl1_1-1.1.1l-150400.7.31.2 updated - libopenssl1_1-hmac-1.1.1l-150400.7.31.2 updated - patterns-base-fips-20200124-150400.20.4.1 updated - timezone-2023c-150000.75.23.1 updated - systemd-presets-common-SUSE-15-150100.8.20.1 updated - systemd-249.16-150400.8.25.7 updated - container:bci-bci-init-15.4-15.4-26.28 updated From sle-updates at lists.suse.com Fri Apr 14 07:07:04 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 14 Apr 2023 09:07:04 +0200 (CEST) Subject: SUSE-CU-2023:1103-1: Security update of suse/postgres Message-ID: <20230414070704.F0E27F36E@maintenance.suse.de> SUSE Container Update Advisory: suse/postgres ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1103-1 Container Tags : suse/postgres:12 , suse/postgres:12-21.1 , suse/postgres:12.14 , suse/postgres:12.14-21.1 Container Release : 21.1 Severity : critical Type : security References : 1040589 1047178 1087072 1121365 1137373 1177460 1177460 1177460 1179416 1180125 1180995 1181658 1181805 1182983 1183543 1183545 1183659 1185299 1185637 1187670 1188548 1190651 1190651 1190651 1190653 1190700 1190740 1190740 1190824 1190888 1191020 1191157 1192951 1193282 1193489 1193659 1193711 1193859 1193951 1194038 1194047 1194708 1194968 1195059 1195157 1195251 1195283 1195628 1195680 1195680 1195680 1196025 1196026 1196093 1196107 1196168 1196169 1196171 1196275 1196406 1196490 1196647 1196784 1196861 1197004 1197024 1197065 1197178 1197459 1197570 1197718 1197771 1197794 1198062 1198165 1198166 1198166 1198176 1198341 1198446 1198471 1198472 1198523 1198627 1198720 1198731 1198732 1198751 1198752 1199074 1199132 1199140 1199140 1199166 1199232 1199240 1199467 1199475 1199475 1199492 1199524 1199944 1200170 1200334 1200437 1200485 1200550 1200723 1200734 1200735 1200736 1200737 1200747 1200800 1200855 1200855 1201099 1201276 1201293 1201385 1201560 1201640 1201680 1201795 1201942 1201959 1202011 1202117 1202148 1202148 1202175 1202310 1202324 1202344 1202368 1202368 1202593 1202750 1202853 1202870 1203018 1203046 1203069 1203216 1203438 1203482 1203537 1203652 1203652 1203911 1204111 1204112 1204113 1204179 1204211 1204366 1204367 1204383 1204386 1204585 1204649 1204708 1204944 1204968 1205000 1205000 1205126 1205156 1205300 1205300 1205502 1205646 1206308 1206309 1207182 1207264 1207294 1207533 1207534 1207536 1207538 1207571 1207789 1207957 1207975 1207990 1207991 1207992 1207994 1208102 1208102 1208358 1208432 1208924 1208925 1208926 1208998 1209209 1209210 1209211 1209212 1209214 1209533 1209624 CVE-2017-6512 CVE-2018-25032 CVE-2020-21913 CVE-2021-20266 CVE-2021-20271 CVE-2021-3421 CVE-2021-46828 CVE-2022-1271 CVE-2022-1292 CVE-2022-1304 CVE-2022-1552 CVE-2022-1552 CVE-2022-1586 CVE-2022-1664 CVE-2022-1706 CVE-2022-2068 CVE-2022-2097 CVE-2022-23308 CVE-2022-25235 CVE-2022-25236 CVE-2022-25313 CVE-2022-25314 CVE-2022-25315 CVE-2022-2625 CVE-2022-2625 CVE-2022-29155 CVE-2022-29458 CVE-2022-29824 CVE-2022-31252 CVE-2022-32205 CVE-2022-32206 CVE-2022-32207 CVE-2022-32208 CVE-2022-32221 CVE-2022-35252 CVE-2022-37434 CVE-2022-3821 CVE-2022-40303 CVE-2022-40304 CVE-2022-40674 CVE-2022-41862 CVE-2022-41862 CVE-2022-42010 CVE-2022-42011 CVE-2022-42012 CVE-2022-42898 CVE-2022-42916 CVE-2022-4304 CVE-2022-43551 CVE-2022-43552 CVE-2022-43680 CVE-2022-4415 CVE-2022-4415 CVE-2022-4450 CVE-2022-4899 CVE-2023-0215 CVE-2023-0286 CVE-2023-0464 CVE-2023-0687 CVE-2023-23914 CVE-2023-23915 CVE-2023-23916 CVE-2023-27533 CVE-2023-27534 CVE-2023-27535 CVE-2023-27536 CVE-2023-27538 ----------------------------------------------------------------- The container suse/postgres was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2682-1 Released: Thu Aug 12 20:06:19 2021 Summary: Security update for rpm Type: security Severity: important References: 1179416,1181805,1183543,1183545,CVE-2021-20266,CVE-2021-20271,CVE-2021-3421 This update for rpm fixes the following issues: - Changed default package verification level to 'none' to be compatible to rpm-4.14.1 - Made illegal obsoletes a warning - Fixed a potential access of freed mem in ndb's glue code (bsc#1179416) - Added support for enforcing signature policy and payload verification step to transactions (jsc#SLE-17817) - Added :humansi and :hmaniec query formatters for human readable output - Added query selectors for whatobsoletes and whatconflicts - Added support for sorting caret higher than base version - rpm does no longer require the signature header to be in a contiguous region when signing (bsc#1181805) Security fixes: - CVE-2021-3421: A flaw was found in the RPM package in the read functionality. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package or compromise an RPM repository, to cause RPM database corruption. The highest threat from this vulnerability is to data integrity (bsc#1183543) - CVE-2021-20271: A flaw was found in RPM's signature check functionality when reading a package file. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package, whose signature header was modified, to cause RPM database corruption and execute code. The highest threat from this vulnerability is to data integrity, confidentiality, and system availability (bsc#1183545) - CVE-2021-20266: A flaw was found in RPM's hdrblobInit() in lib/header.c. This flaw allows an attacker who can modify the rpmdb to cause an out-of-bounds read. The highest threat from this vulnerability is to system availability. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3445-1 Released: Fri Oct 15 09:03:39 2021 Summary: Security update for rpm Type: security Severity: important References: 1183659,1185299,1187670,1188548 This update for rpm fixes the following issues: Security issues fixed: - PGP hardening changes (bsc#1185299) Maintaince issues fixed: - Fixed zstd detection (bsc#1187670) - Added ndb rofs support (bsc#1188548) - Fixed deadlock when multiple rpm processes try tp acquire the database lock (bsc#1183659) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:96-1 Released: Tue Jan 18 05:14:44 2022 Summary: Recommended update for rpm Type: recommended Severity: important References: 1180125,1190824,1193711 This update for rpm fixes the following issues: - Fix header check so that old rpms no longer get rejected (bsc#1190824) - Add explicit requirement on python-rpm-macros (bsc#1180125, bsc#1193711) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:520-1 Released: Fri Feb 18 12:45:19 2022 Summary: Recommended update for rpm Type: recommended Severity: moderate References: 1194968 This update for rpm fixes the following issues: - Revert unwanted /usr/bin/python to /usr/bin/python2 change we got with the update to 4.14.3 (bsc#1194968) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:936-1 Released: Tue Mar 22 18:10:17 2022 Summary: Recommended update for filesystem and systemd-rpm-macros Type: recommended Severity: moderate References: 1196275,1196406 This update for filesystem and systemd-rpm-macros fixes the following issues: filesystem: - Add path /lib/modprobe.d (bsc#1196275, jsc#SLE-20639) systemd-rpm-macros: - Make %_modprobedir point to /lib/modprobe.d (bsc#1196275, bsc#1196406) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1047-1 Released: Wed Mar 30 16:20:56 2022 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1196093,1197024 This update for pam fixes the following issues: - Define _pam_vendordir as the variable is needed by systemd and others. (bsc#1196093) - Between allocating the variable 'ai' and free'ing them, there are two 'return NO' were we don't free this variable. This patch inserts freaddrinfo() calls before the 'return NO;'s. (bsc#1197024) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1061-1 Released: Wed Mar 30 18:27:06 2022 Summary: Security update for zlib Type: security Severity: important References: 1197459,CVE-2018-25032 This update for zlib fixes the following issues: - CVE-2018-25032: Fixed memory corruption on deflate (bsc#1197459). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1118-1 Released: Tue Apr 5 18:34:06 2022 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: - timezone update 2022a (bsc#1177460): * Palestine will spring forward on 2022-03-27, not on 03-26 * `zdump -v` now outputs better failure indications * Bug fixes for code that reads corrupted TZif data ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1158-1 Released: Tue Apr 12 14:44:43 2022 Summary: Security update for xz Type: security Severity: important References: 1198062,CVE-2022-1271 This update for xz fixes the following issues: - CVE-2022-1271: Fixed an incorrect escaping of malicious filenames (ZDI-CAN-16587). (bsc#1198062) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1281-1 Released: Wed Apr 20 12:26:38 2022 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1196647 This update for libtirpc fixes the following issues: - Add option to enforce connection via protocol version 2 first (bsc#1196647) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1374-1 Released: Mon Apr 25 15:02:13 2022 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1191157,1197004 This update for openldap2 fixes the following issues: - allow specification of max/min TLS version with TLS1.3 (bsc#1191157) - libldap was able to be out of step with openldap in some cases which could cause incorrect installations and symbol resolution failures. openldap2 and libldap now are locked to their related release versions. (bsc#1197004) - restore CLDAP functionality in CLI tools (jsc#PM-3288) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1409-1 Released: Tue Apr 26 12:54:57 2022 Summary: Recommended update for gcc11 Type: recommended Severity: moderate References: 1195628,1196107 This update for gcc11 fixes the following issues: - Add a list of Obsoletes to libstdc++6-pp-gcc11 so updates from packages provided by older GCC work. Add a requires from that package to the corresponding libstc++6 package to keep those at the same version. [bsc#1196107] - Fixed memory corruption when creating dependences with the D language frontend. - Add gcc11-PIE, similar to gcc-PIE but affecting gcc11 [bsc#1195628] - Put libstdc++6-pp Requires on the shared library and drop to Recommends. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1438-1 Released: Wed Apr 27 15:27:19 2022 Summary: Recommended update for systemd-presets-common-SUSE Type: recommended Severity: low References: 1195251 This update for systemd-presets-common-SUSE fixes the following issue: - enable vgauthd service for VMWare by default (bsc#1195251) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1451-1 Released: Thu Apr 28 10:47:22 2022 Summary: Recommended update for perl Type: recommended Severity: moderate References: 1193489 This update for perl fixes the following issues: - Fix Socket::VERSION evaluation and stabilize Socket:VERSION comparisons (bsc#1193489) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1457-1 Released: Thu Apr 28 13:23:18 2022 Summary: Recommended update for postgresql12 Type: recommended Severity: moderate References: 1190740,1195680 This update for postgresql12 fixes the following issues: - Upgrade to 12.10: (bsc#1195680) * https://www.postgresql.org/docs/12/release-12-10.html * Reindexing might be needed after applying this upgrade, so please read the release notes carefully. - Add constraints file with 12GB of memory for s390x as a workaround. (bsc#1190740) - Add a llvmjit-devel subpackage to pull in the right versions of clang and llvm for building extensions. - Fix some mistakes in the interdependencies between the implementation packages and their noarch counterpart. - Update the BuildIgnore section. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1463-1 Released: Fri Apr 29 09:39:45 2022 Summary: Recommended update for postgresql13 Type: recommended Severity: moderate References: 1190740,1195680 This update for postgresql13 fixes the following issues: - Upgrade to 14.2: (bsc#1195680) * https://www.postgresql.org/docs/14/release-14-2.html * Reindexing might be needed after applying this upgrade, so please read the release notes carefully. - Add constraints file with 12GB of memory for s390x as a workaround. (bsc#1190740) - Add a llvmjit-devel subpackage to pull in the right versions of clang and llvm for building extensions. - Fix some mistakes in the interdependencies between the implementation packages and their noarch counterpart. - Update the BuildIgnore section. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1655-1 Released: Fri May 13 15:36:10 2022 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1197794 This update for pam fixes the following issue: - Do not include obsolete header files (bsc#1197794) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1658-1 Released: Fri May 13 15:40:20 2022 Summary: Recommended update for libpsl Type: recommended Severity: important References: 1197771 This update for libpsl fixes the following issues: - Fix libpsl compilation issues (bsc#1197771) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1670-1 Released: Mon May 16 10:06:30 2022 Summary: Security update for openldap2 Type: security Severity: important References: 1199240,CVE-2022-29155 This update for openldap2 fixes the following issues: - CVE-2022-29155: Fixed SQL injection in back-sql (bsc#1199240). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1718-1 Released: Tue May 17 17:44:43 2022 Summary: Security update for e2fsprogs Type: security Severity: important References: 1198446,CVE-2022-1304 This update for e2fsprogs fixes the following issues: - CVE-2022-1304: Fixed out-of-bounds read/write leading to segmentation fault and possibly arbitrary code execution. (bsc#1198446) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1887-1 Released: Tue May 31 09:24:18 2022 Summary: Recommended update for grep Type: recommended Severity: moderate References: 1040589 This update for grep fixes the following issues: - Make profiling deterministic. (bsc#1040589, SLE-24115) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1894-1 Released: Tue May 31 14:49:16 2022 Summary: Security update for postgresql12 Type: security Severity: important References: 1199475,CVE-2022-1552 This update for postgresql12 fixes the following issues: - CVE-2022-1552: Confine additional operations within 'security restricted operation' sandboxes (bsc#1199475). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1899-1 Released: Wed Jun 1 10:43:22 2022 Summary: Recommended update for libtirpc Type: recommended Severity: important References: 1198176 This update for libtirpc fixes the following issues: - Add a check for nullpointer in check_address to prevent client from crashing (bsc#1198176) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1908-1 Released: Wed Jun 1 15:31:33 2022 Summary: Security update for postgresql14 Type: security Severity: important References: 1199475,CVE-2022-1552 This update for postgresql14 fixes the following issues: - CVE-2022-1552: Confine additional operations within 'security restricted operation' sandboxes (bsc#1199475). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1909-1 Released: Wed Jun 1 16:25:35 2022 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1198751 This update for glibc fixes the following issues: - Add the correct name for the IBM Z16 (bsc#1198751). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2019-1 Released: Wed Jun 8 16:50:07 2022 Summary: Recommended update for gcc11 Type: recommended Severity: moderate References: 1192951,1193659,1195283,1196861,1197065 This update for gcc11 fixes the following issues: Update to the GCC 11.3.0 release. * includes SLS hardening backport on x86_64. [bsc#1195283] * includes change to adjust gnats idea of the target, fixing the build of gprbuild. [bsc#1196861] * fixed miscompile of embedded premake in 0ad on i586. [bsc#1197065] * use --with-cpu rather than specifying --with-arch/--with-tune * Fix D memory corruption in -M output. * Fix ICE in is_this_parameter with coroutines. [bsc#1193659] * fixes issue with debug dumping together with -o /dev/null * fixes libgccjit issue showing up in emacs build [bsc#1192951] * Package mwaitintrin.h ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2294-1 Released: Wed Jul 6 13:34:15 2022 Summary: Security update for expat Type: security Severity: important References: 1196025,1196026,1196168,1196169,1196171,1196784,CVE-2022-25235,CVE-2022-25236,CVE-2022-25313,CVE-2022-25314,CVE-2022-25315 This update for expat fixes the following issues: - CVE-2022-25236: Fixed possible namespace-separator characters insertion into namespace URIs (bsc#1196025). - Fixed a regression caused by the patch for CVE-2022-25236 (bsc#1196784). - CVE-2022-25235: Fixed UTF-8 character validation in a certain context (bsc#1196026). - CVE-2022-25313: Fixed stack exhaustion in build_model() via uncontrolled recursion (bsc#1196168). - CVE-2022-25314: Fixed integer overflow in copyString (bsc#1196169). - CVE-2022-25315: Fixed integer overflow in storeRawNames (bsc#1196171). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2305-1 Released: Wed Jul 6 13:38:42 2022 Summary: Security update for curl Type: security Severity: important References: 1200734,1200735,1200736,1200737,CVE-2022-32205,CVE-2022-32206,CVE-2022-32207,CVE-2022-32208 This update for curl fixes the following issues: - CVE-2022-32205: Set-Cookie denial of service (bsc#1200734) - CVE-2022-32206: HTTP compression denial of service (bsc#1200735) - CVE-2022-32207: Unpreserved file permissions (bsc#1200736) - CVE-2022-32208: FTP-KRB bad message verification (bsc#1200737) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2308-1 Released: Wed Jul 6 14:15:13 2022 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1185637,1199166,1200550,1201099,CVE-2022-1292,CVE-2022-2068,CVE-2022-2097 This update for openssl-1_1 fixes the following issues: - CVE-2022-1292: Fixed command injection in c_rehash (bsc#1199166). - CVE-2022-2068: Fixed more shell code injection issues in c_rehash. (bsc#1200550) - CVE-2022-2097: Fixed partial missing encryption in AES OCB mode (bsc#1201099). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2323-1 Released: Thu Jul 7 12:16:58 2022 Summary: Recommended update for systemd-presets-branding-SLE Type: recommended Severity: low References: This update for systemd-presets-branding-SLE fixes the following issues: - Enable suseconnect-keepalive.timer for SUSEConnect (jsc#SLE-23312) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2361-1 Released: Tue Jul 12 12:05:01 2022 Summary: Security update for pcre Type: security Severity: important References: 1199232,CVE-2022-1586 This update for pcre fixes the following issues: - CVE-2022-1586: Fixed unicode property matching issue. (bsc#1199232) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2406-1 Released: Fri Jul 15 11:49:01 2022 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1197718,1199140,1200334,1200855 This update for glibc fixes the following issues: - powerpc: Fix VSX register number on __strncpy_power9 (bsc#1200334) - Disable warnings due to deprecated libselinux symbols used by nss and nscd (bsc#1197718) - i386: Remove broken CAN_USE_REGISTER_ASM_EBP (bsc#1197718) - rtld: Avoid using up static TLS surplus for optimizations (bsc#1200855, BZ #25051) This readds the s390 32bit glibc and libcrypt1 libraries (glibc-32bit, glibc-locale-base-32bit, libcrypt1-32bit). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2469-1 Released: Thu Jul 21 04:38:31 2022 Summary: Recommended update for systemd Type: recommended Severity: important References: 1137373,1181658,1194708,1195157,1197570,1198732,1200170,1201276 This update for systemd fixes the following issues: - Make {/etc,/usr/lib}/systemd/network owned by both udev and systemd-network. The configuration files put in these directories are read by both udevd and systemd-networkd (bsc#1201276) - Allow control characters in environment variable values (bsc#1200170) - Fix issues with multipath setup (bsc#1137373, bsc#1181658, bsc#1194708, bsc#1195157, bsc#1197570) - Fix parsing error in s390 udev rules conversion script (bsc#1198732) - core/device: device_coldplug(): don't set DEVICE_DEAD - core/device: do not downgrade device state if it is already enumerated - core/device: drop unnecessary condition ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2493-1 Released: Thu Jul 21 14:35:08 2022 Summary: Recommended update for rpm-config-SUSE Type: recommended Severity: moderate References: 1193282 This update for rpm-config-SUSE fixes the following issues: - Add SBAT values macros for other packages (bsc#1193282) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2494-1 Released: Thu Jul 21 15:16:42 2022 Summary: Recommended update for glibc Type: recommended Severity: important References: 1200855,1201560,1201640 This update for glibc fixes the following issues: - Remove tunables from static tls surplus patch which caused crashes (bsc#1200855) - i386: Disable check_consistency for GCC 5 and above (bsc#1201640, BZ #25788) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2552-1 Released: Tue Jul 26 14:55:40 2022 Summary: Security update for libxml2 Type: security Severity: important References: 1196490,1199132,CVE-2022-23308,CVE-2022-29824 This update for libxml2 fixes the following issues: Update to 2.9.14: - CVE-2022-29824: Fixed integer overflow that could have led to an out-of-bounds write in buf.c (xmlBuf*) and tree.c (xmlBuffer*) (bsc#1199132). Update to version 2.9.13: - CVE-2022-23308: Fixed a use-after-free of ID and IDREF attributes. (bsc#1196490) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2632-1 Released: Wed Aug 3 09:51:00 2022 Summary: Security update for permissions Type: security Severity: important References: 1198720,1200747,1201385 This update for permissions fixes the following issues: * apptainer: fix starter-suid location (bsc#1198720) * static permissions: remove deprecated bind / named chroot entries (bsc#1200747) * postfix: add postlog setgid for maildrop binary (bsc#1201385) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2706-1 Released: Tue Aug 9 09:17:54 2022 Summary: Recommended update for postgresql Type: recommended Severity: moderate References: 1195680 This update for postgresql fixes the following issues: - Fix the pg_server_requires macro on older rpm versions (SLE-12) - Avoid a dependency on awk in postgresql-script. - Move the dependency of llvmjit-devel on clang and llvm to the implementation packages where we can depend on the correct versions. - Fix postgresql_has_llvm usage - First round of changes to make it easier to build extensions for - add postgresql-llvmjit-devel subpackage: This package will pull in clang and llvm if the distro has a recent enough version, otherwise it will just pull postgresql-server-devel. - add postgresql macros to the postgresql-server-devel package those cover all the variables from pg_config and some macros to remove repitition from the spec files - Bump version to 14. (bsc#1195680) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2717-1 Released: Tue Aug 9 12:54:16 2022 Summary: Security update for ncurses Type: security Severity: moderate References: 1198627,CVE-2022-29458 This update for ncurses fixes the following issues: - CVE-2022-29458: Fixed segfaulting out-of-bounds read in convert_strings in tinfo/read_entry.c (bsc#1198627). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2796-1 Released: Fri Aug 12 14:34:31 2022 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: This update for jitterentropy fixes the following issues: jitterentropy is included in version 3.4.0 (jsc#SLE-24941): This is a FIPS 140-3 / NIST 800-90b compliant userspace jitter entropy generator library, used by other FIPS libraries. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2866-1 Released: Mon Aug 22 15:36:30 2022 Summary: Security update for systemd-presets-common-SUSE Type: security Severity: moderate References: 1199524,1200485,CVE-2022-1706 This update for systemd-presets-common-SUSE fixes the following issues: - CVE-2022-1706: Fixed accessible configs from unprivileged containers in VMs running on VMware products (bsc#1199524). The following non-security bugs were fixed: - Modify branding-preset-states to fix systemd-presets-common-SUSE not enabling new user systemd service preset configuration just as it handles system service presets. By passing an (optional) second parameter 'user', the save/apply-changes commands now work with user services instead of system ones (bsc#1200485) - Add the wireplumber user service preset to enable it by default in SLE15-SP4 where it replaced pipewire-media-session, but keep pipewire-media-session preset so we don't have to branch the systemd-presets-common-SUSE package for SP4 (bsc#1200485) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2901-1 Released: Fri Aug 26 03:34:23 2022 Summary: Recommended update for elfutils Type: recommended Severity: moderate References: This update for elfutils fixes the following issues: - Fix runtime dependency for devel package ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2904-1 Released: Fri Aug 26 05:28:34 2022 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1198341 This update for openldap2 fixes the following issues: - Prevent memory reuse which may lead to instability (bsc#1198341) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2920-1 Released: Fri Aug 26 15:17:02 2022 Summary: Recommended update for systemd Type: recommended Severity: important References: 1195059,1201795 This update for systemd fixes the following issues: - Don't replace /etc/systemd/system/tmp.mount symlink with a dangling one pointing to /usr/lib/systemd/ (bsc#1201795) - Drop or soften some of the deprecation warnings (jsc#PED-944) - Ensure root user can login even if systemd-user-sessions.service is not activated yet (bsc#1195059) - Avoid applying presets to any services shipped by the experimental sub-package, as they aren't enabled by default - analyze: Fix offline check for syscal filter - calendarspec: Fix timer skipping the next elapse - core: Allow command argument to be longer - hwdb: Add AV production controllers to hwdb and add uaccess - hwdb: Allow console users access to rfkill - hwdb: Allow end-users root-less access to TL866 EPROM readers - hwdb: Permit unsetting power/persist for USB devices - hwdb: Tag IR cameras as such - hwdb: Fix parsing issue - hwdb: Make usb match patterns uppercase - hwdb: Update the hardware database - journal-file: Stop using the event loop if it's already shutting down - journal-remote: Disable `--trust` option when gnutls is disabled and check_permission() should not be called - journald: Ensure resources are properly allocated for SIGTERM handling - kernel-install: Ensure modules.builtin.alias.bin is removed when no longer needed - macro: Account for negative values in DECIMAL_STR_WIDTH() - manager: Disallow clone3() function call in seccomp filters - missing-syscall: Define MOVE_MOUNT_T_EMPTY_PATH if missing - pid1,cgroup-show: Prevent failure if cgroup.procs in some subcgroups is not readable - resolve: Fix typo in dns_class_is_pseudo() - sd-event: Improve handling of process events and termination of processes - sd-ipv4acd: Fix ARP packet conflicts occurring when sender hardware is one of the host's interfaces - stdio-bridge: Improve the meaning of the error message - tmpfiles: Check for the correct directory ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2929-1 Released: Mon Aug 29 11:21:47 2022 Summary: Recommended update for timezone Type: recommended Severity: important References: 1202310 This update for timezone fixes the following issue: - Reflect new Chile DST change (bsc#1202310) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2947-1 Released: Wed Aug 31 09:16:21 2022 Summary: Security update for zlib Type: security Severity: important References: 1202175,CVE-2022-37434 This update for zlib fixes the following issues: - CVE-2022-37434: Fixed heap-based buffer over-read or buffer overflow via large gzip header extra field (bsc#1202175). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2977-1 Released: Thu Sep 1 12:30:19 2022 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1197178,1198731 This update for util-linux fixes the following issues: - agetty: Resolve tty name even if stdin is specified (bsc#1197178) - libmount: When moving a mount point, update all sub mount entries in utab (bsc#1198731) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2988-1 Released: Thu Sep 1 14:22:13 2022 Summary: Security update for postgresql12 Type: security Severity: important References: 1198166,1202368,CVE-2022-2625 This update for postgresql12 fixes the following issues: - Update to 12.12: - CVE-2022-2625: Fixed an issue where extension scripts would replace objects not belonging to that extension (bsc#1202368). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2989-1 Released: Thu Sep 1 14:24:28 2022 Summary: Security update for postgresql14 Type: security Severity: important References: 1198166,1200437,1202368,CVE-2022-2625 This update for postgresql14 fixes the following issues: - Upgrade to version 14.5: - CVE-2022-2625: Fixed an issue where extension scripts would replace objects not belonging to that extension (bsc#1202368). - Upgrade to version 14.4 (bsc#1200437) - Release notes: https://www.postgresql.org/docs/release/14.4/ - Release announcement: https://www.postgresql.org/about/news/p-2470/ - Prevent possible corruption of indexes created or rebuilt with the CONCURRENTLY option (bsc#1200437) - Pin to llvm13 until the next patchlevel update (bsc#1198166) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3003-1 Released: Fri Sep 2 15:01:44 2022 Summary: Security update for curl Type: security Severity: low References: 1202593,CVE-2022-35252 This update for curl fixes the following issues: - CVE-2022-35252: Fixed a potential injection of control characters into cookies, which could be exploited by sister sites to cause a denial of service (bsc#1202593). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3118-1 Released: Tue Sep 6 15:43:53 2022 Summary: Recommended update for lvm2 Type: recommended Severity: moderate References: 1202011 This update for lvm2 fixes the following issues: - Do not use udev for device listing or device information (bsc#1202011) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3127-1 Released: Wed Sep 7 04:36:10 2022 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1198752,1200800 This update for libtirpc fixes the following issues: - Exclude ipv6 addresses in client protocol version 2 code (bsc#1200800) - Fix memory leak in params.r_addr assignement (bsc#1198752) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3142-1 Released: Wed Sep 7 09:54:18 2022 Summary: Security update for icu Type: security Severity: moderate References: 1193951,CVE-2020-21913 This update for icu fixes the following issues: - CVE-2020-21913: Fixed a memory safetey issue that could lead to use after free (bsc#1193951). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3215-1 Released: Thu Sep 8 15:58:27 2022 Summary: Recommended update for rpm Type: recommended Severity: moderate References: This update for rpm fixes the following issues: - Support Ed25519 RPM signatures [jsc#SLE-24714] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3262-1 Released: Tue Sep 13 15:34:29 2022 Summary: Recommended update for gcc11 Type: recommended Severity: moderate References: 1199140 This update for gcc11 ships some missing 32bit libraries for s390x. (bsc#1199140) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3271-1 Released: Wed Sep 14 06:45:39 2022 Summary: Security update for perl Type: security Severity: moderate References: 1047178,CVE-2017-6512 This update for perl fixes the following issues: - CVE-2017-6512: Fixed File::Path rmtree/remove_tree race condition (bsc#1047178). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3305-1 Released: Mon Sep 19 11:45:57 2022 Summary: Security update for libtirpc Type: security Severity: important References: 1201680,CVE-2021-46828 This update for libtirpc fixes the following issues: - CVE-2021-46828: Fixed denial of service vulnerability with lots of connections (bsc#1201680). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3328-1 Released: Wed Sep 21 12:48:56 2022 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: 1202870 This update for jitterentropy fixes the following issues: - Hide the non-GNUC constructs that are library internal from the exported header, to make it usable in builds with strict C99 compliance. (bsc#1202870) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3353-1 Released: Fri Sep 23 15:23:40 2022 Summary: Security update for permissions Type: security Severity: moderate References: 1203018,CVE-2022-31252 This update for permissions fixes the following issues: - CVE-2022-31252: Fixed chkstat group controlled paths (bsc#1203018). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3452-1 Released: Wed Sep 28 12:13:43 2022 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1201942 This update for glibc fixes the following issues: - Reversing calculation of __x86_shared_non_temporal_threshold (bsc#1201942) - powerpc: Optimized memcmp for power10 (jsc#PED-987) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3489-1 Released: Sat Oct 1 13:35:24 2022 Summary: Security update for expat Type: security Severity: important References: 1203438,CVE-2022-40674 This update for expat fixes the following issues: - CVE-2022-40674: Fixed use-after-free in the doContent function in xmlparse.c (bsc#1203438). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3521-1 Released: Tue Oct 4 14:18:56 2022 Summary: Recommended update for lvm2 Type: recommended Severity: critical References: 1198523 This update for lvm2 fixes the following issues: - Add additional check in the package to prevent removal of device-mapper library files during install (bsc#1198523) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3551-1 Released: Fri Oct 7 17:03:55 2022 Summary: Recommended update for libgcrypt Type: recommended Severity: moderate References: 1182983,1190700,1191020,1202117 This update for libgcrypt fixes the following issues: - FIPS: Fixed gpg/gpg2 gets out of core handler in FIPS mode while typing Tab key to Auto-Completion. [bsc#1182983] - FIPS: Ported libgcrypt to use jitterentropy [bsc#1202117, jsc#SLE-24941] * Enable the jitter based entropy generator by default in random.conf * Update the internal jitterentropy to version 3.4.0 - FIPS: Get most of the entropy from rndjent_poll [bsc#1202117] - FIPS: Check keylength in gcry_fips_indicator_kdf() [bsc#1190700] * Consider approved keylength greater or equal to 112 bits. - FIPS: Zeroize buffer and digest in check_binary_integrity() [bsc#1191020] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3555-1 Released: Mon Oct 10 14:05:12 2022 Summary: Recommended update for aaa_base Type: recommended Severity: important References: 1199492 This update for aaa_base fixes the following issues: - The wrapper rootsh is not a restricted shell. (bsc#1199492) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3663-1 Released: Wed Oct 19 19:05:21 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1121365,1180995,1190651,1190653,1190888,1193859,1198471,1198472,1201293,1202148,1203046,1203069 This update for openssl-1_1 fixes the following issues: - FIPS: Default to RFC-7919 groups for genparam and dhparam - FIPS: list only FIPS approved digest and public key algorithms [bsc#1121365, bsc#1190888, bsc#1193859, bsc#1198471, bsc#1198472] - FIPS: Add KAT for the RAND_DRBG implementation [bsc#1203069] - FIPS: openssl: RAND api should call into FIPS DRBG [bsc#1201293] * The FIPS_drbg implementation is not FIPS validated anymore. To provide backwards compatibility for applications that need FIPS compliant RNG number generation and use FIPS_drbg_generate, this function was re-wired to call the FIPS validated DRBG instance instead through the RAND_bytes() call. - FIPS: Fix minor memory leaks by FIPS patch [bsc#1203046] - FIPS: OpenSSL: Port openssl to use jitterentropy [bsc#1202148, jsc#SLE-24941] libcrypto.so now requires libjitterentropy3 library. - FIPS: OpenSSL Provide a service-level indicator [bsc#1190651] - FIPS: Add zeroization of temporary variables to the hmac integrity function FIPSCHECK_verify(). [bsc#1190653] ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3692-1 Released: Fri Oct 21 16:15:07 2022 Summary: Security update for libxml2 Type: security Severity: important References: 1204366,1204367,CVE-2022-40303,CVE-2022-40304 This update for libxml2 fixes the following issues: - CVE-2022-40303: Fixed integer overflows with XML_PARSE_HUGE (bsc#1204366). - CVE-2022-40304: Fixed dict corruption caused by entity reference cycles (bsc#1204367). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3785-1 Released: Wed Oct 26 20:20:19 2022 Summary: Security update for curl Type: security Severity: important References: 1204383,1204386,CVE-2022-32221,CVE-2022-42916 This update for curl fixes the following issues: - CVE-2022-32221: Fixed POST following PUT confusion (bsc#1204383). - CVE-2022-42916: Fixed HSTS bypass via IDN (bsc#1204386). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3787-1 Released: Thu Oct 27 04:41:09 2022 Summary: Recommended update for permissions Type: recommended Severity: important References: 1194047,1203911 This update for permissions fixes the following issues: - Fix regression introduced by backport of security fix (bsc#1203911) - Add permissions for enlightenment helper on 32bit arches (bsc#1194047) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3806-1 Released: Thu Oct 27 17:21:11 2022 Summary: Security update for dbus-1 Type: security Severity: important References: 1087072,1204111,1204112,1204113,CVE-2022-42010,CVE-2022-42011,CVE-2022-42012 This update for dbus-1 fixes the following issues: - CVE-2022-42010: Fixed potential crash that could be triggered by an invalid signature (bsc#1204111). - CVE-2022-42011: Fixed an out of bounds read caused by a fixed length array (bsc#1204112). - CVE-2022-42012: Fixed a use-after-free that could be trigged by a message in non-native endianness with out-of-band Unix file descriptor (bsc#1204113). Bugfixes: - Disable asserts (bsc#1087072). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3870-1 Released: Fri Nov 4 11:12:08 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1190651,1202148 This update for openssl-1_1 fixes the following issues: - FIPS: Add a missing dependency on jitterentropy-devel for libopenssl-1_1-devel (bsc#1202148) - FIPS: OpenSSL service-level indicator: Allow AES XTS 256 (bsc#1190651) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3884-1 Released: Mon Nov 7 10:59:26 2022 Summary: Security update for expat Type: security Severity: important References: 1204708,CVE-2022-43680 This update for expat fixes the following issues: - CVE-2022-43680: Fixed use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate (bsc#1204708). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3910-1 Released: Tue Nov 8 13:05:04 2022 Summary: Recommended update for pam Type: recommended Severity: moderate References: This update for pam fixes the following issue: - Update pam_motd to the most current version. (PED-1712) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3961-1 Released: Mon Nov 14 07:33:50 2022 Summary: Recommended update for zlib Type: recommended Severity: important References: 1203652 This update for zlib fixes the following issues: - Fix updating strm.adler with inflate() if DFLTCC is used (bsc#1203652) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3974-1 Released: Mon Nov 14 15:39:20 2022 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1201959,1204211 This update for util-linux fixes the following issues: - Fix file conflict during upgrade (bsc#1204211) - libuuid improvements (bsc#1201959, PED-1150): libuuid: Fix range when parsing UUIDs. Improve cache handling for short running applications-increment the cache size over runtime. Implement continuous clock handling for time based UUIDs. Check clock value from clock file to provide seamless libuuid. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3999-1 Released: Tue Nov 15 17:08:04 2022 Summary: Security update for systemd Type: security Severity: moderate References: 1204179,1204968,CVE-2022-3821 This update for systemd fixes the following issues: - CVE-2022-3821: Fixed buffer overrun in format_timespan() function (bsc#1204968). - Import commit 0cd50eedcc0692c1f907b24424215f8db7d3b428 * 0469b9f2bc pstore: do not try to load all known pstore modules * ad05f54439 pstore: Run after modules are loaded * ccad817445 core: Add trigger limit for path units * 281d818fe3 core/mount: also add default before dependency for automount mount units * ffe5b4afa8 logind: fix crash in logind on user-specified message string - Document udev naming scheme (bsc#1204179) - Make 'sle15-sp3' net naming scheme still available for backward compatibility reason ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4019-1 Released: Wed Nov 16 15:44:20 2022 Summary: Recommended update for apparmor Type: recommended Severity: low References: 1202344 This update for apparmor fixes the following issues: - profiles: permit php-fpm pid files directly under run/ (bsc#1202344) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4066-1 Released: Fri Nov 18 10:43:00 2022 Summary: Recommended update for timezone Type: recommended Severity: important References: 1177460,1202324,1204649,1205156 This update for timezone fixes the following issues: Update timezone version from 2022a to 2022f (bsc#1177460, bsc#1204649, bsc#1205156): - Mexico will no longer observe DST except near the US border - Chihuahua moves to year-round -06 on 2022-10-30 - Fiji no longer observes DST - In vanguard form, GMT is now a Zone and Etc/GMT a link - zic now supports links to links, and vanguard form uses this - Simplify four Ontario zones - Fix a Y2438 bug when reading TZif data - Enable 64-bit time_t on 32-bit glibc platforms - Omit large-file support when no longer needed - Jordan and Syria switch from +02/+03 with DST to year-round +03 - Palestine transitions are now Saturdays at 02:00 - Simplify three Ukraine zones into one - Improve tzselect on intercontinental Zones - Chile's DST is delayed by a week in September 2022 (bsc#1202324) - Iran no longer observes DST after 2022 - Rename Europe/Kiev to Europe/Kyiv - New `zic -R` command option - Vanguard form now uses %z ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4081-1 Released: Fri Nov 18 15:40:46 2022 Summary: Security update for dpkg Type: security Severity: low References: 1199944,CVE-2022-1664 This update for dpkg fixes the following issues: - CVE-2022-1664: Fixed a directory traversal vulnerability in Dpkg::Source::Archive (bsc#1199944). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4135-1 Released: Mon Nov 21 00:13:40 2022 Summary: Recommended update for libeconf Type: recommended Severity: moderate References: 1198165 This update for libeconf fixes the following issues: - Update to version 0.4.6+git - econftool: Parsing error: Reporting file and line nr. --delimeters=spaces accepting all kind of spaces for delimiter. - libeconf: Parse files correctly on space characters (1198165) - Update to version 0.4.5+git - econftool: New call 'syntax' for checking the configuration files only. Returns an error string with line number if error. New options '--comment' and '--delimeters' ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4153-1 Released: Mon Nov 21 14:34:09 2022 Summary: Security update for krb5 Type: security Severity: important References: 1205126,CVE-2022-42898 This update for krb5 fixes the following issues: - CVE-2022-42898: Fixed integer overflow in PAC parsing (bsc#1205126). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4198-1 Released: Wed Nov 23 13:15:04 2022 Summary: Recommended update for rpm Type: recommended Severity: moderate References: 1202750 This update for rpm fixes the following issues: - Strip critical bit in signature subpackage parsing - No longer deadlock DNF after pubkey import (bsc#1202750) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4212-1 Released: Thu Nov 24 15:53:48 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1190651 This update for openssl-1_1 fixes the following issues: - FIPS: Mark PBKDF2 with key shorter than 112 bits as non-approved (bsc#1190651) - FIPS: Consider RSA siggen/sigver with PKCS1 padding also approved (bsc#1190651) - FIPS: Return the correct indicator for a given EC group order bits (bsc#1190651) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4256-1 Released: Mon Nov 28 12:36:32 2022 Summary: Recommended update for gcc12 Type: recommended Severity: moderate References: This update for gcc12 fixes the following issues: This update ship the GCC 12 compiler suite and its base libraries. The compiler baselibraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 11 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP3 and SP4, and provided in the 'Development Tools' module. The Go, D and Ada language compiler parts are available unsupported via the PackageHub repositories. To use gcc12 compilers use: - install 'gcc12' or 'gcc12-c++' or one of the other 'gcc12-COMPILER' frontend packages. - override your Makefile to use CC=gcc12, CXX=g++12 and similar overrides for the other languages. For a full changelog with all new GCC12 features, check out https://gcc.gnu.org/gcc-12/changes.html ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4262-1 Released: Tue Nov 29 05:45:23 2022 Summary: Recommended update for lvm2 Type: recommended Severity: important References: 1199074,1203216,1203482 This update for lvm2 fixes the following issues: - Fix terminated lvmlockd not clearing/adopting locks, leading to inability to start volume group (bsc#1203216) - Fix device-mapper rpm package versioning to prevent migration issues (bsc#1199074) - Fix lvmlockd to support sanlock (bsc#1203482) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4446-1 Released: Tue Dec 13 10:13:00 2022 Summary: Recommended update for postgresql12 Type: recommended Severity: moderate References: 1205300 This update for postgresql12 fixes the following issues: postgresql12 was updated to 12.13 (bsc#1205300) * https://www.postgresql.org/about/news/2543/ * https://www.postgresql.org/docs/12/release-12-13.html ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4597-1 Released: Wed Dec 21 10:13:11 2022 Summary: Security update for curl Type: security Severity: important References: 1206308,1206309,CVE-2022-43551,CVE-2022-43552 This update for curl fixes the following issues: - CVE-2022-43552: HTTP Proxy deny use-after-free (bsc#1206309). - CVE-2022-43551: Fixed HSTS bypass via IDN (bsc#1206308). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4629-1 Released: Wed Dec 28 09:24:07 2022 Summary: Security update for systemd Type: security Severity: important References: 1200723,1205000,CVE-2022-4415 This update for systemd fixes the following issues: - CVE-2022-4415: Fixed systemd-coredump that did not respect the fs.suid_dumpable kernel setting (bsc#1205000). Bug fixes: - Support by-path devlink for multipath nvme block devices (bsc#1200723). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4645-1 Released: Sat Dec 31 16:04:44 2022 Summary: Security update for postgresql14, postgresql15 Type: recommended Severity: moderate References: 1205300 This update for postgresql14, postgresql15 fixes the following issues: postgresql15 is shipped in version 15.1. * https://www.postgresql.org/about/news/2543/ * https://www.postgresql.org/docs/15/release-15-1.html Update to 15.0: * https://www.postgresql.org/about/news/p-2526/ * https://www.postgresql.org/docs/15/release-15.html postgresql14 was updated to 14.6. (bsc#1205300) * https://www.postgresql.org/about/news/2543/ * https://www.postgresql.org/docs/14/release-14-6.html The libpq5 and libecpg6 libraries are now provided by postgresql15. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:25-1 Released: Thu Jan 5 09:51:41 2023 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: Version update from 2022f to 2022g (bsc#1177460): - In the Mexican state of Chihuahua: * The border strip near the US will change to agree with nearby US locations on 2022-11-30. * The strip's western part, represented by Ciudad Juarez, switches from -06 all year to -07/-06 with US DST rules, like El Paso, TX. * The eastern part, represented by Ojinaga, will observe US DST next year, like Presidio, TX. * A new Zone America/Ciudad_Juarez splits from America/Ojinaga. - Much of Greenland, represented by America/Nuuk, stops observing winter time after March 2023, so its daylight saving time becomes standard time. - Changes for pre-1996 northern Canada - Update to past DST transition in Colombia (1993), Singapore (1981) - 'timegm' is now supported by default ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:45-1 Released: Mon Jan 9 10:32:26 2023 Summary: Recommended update for libxml2 Type: recommended Severity: moderate References: 1204585 This update for libxml2 fixes the following issues: - Add W3C conformance tests to the testsuite (bsc#1204585): * Added file xmlts20080827.tar.gz ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:48-1 Released: Mon Jan 9 10:37:54 2023 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1199467 This update for libtirpc fixes the following issues: - Consider /proc/sys/net/ipv4/ip_local_reserved_ports, before binding to a random port (bsc#1199467) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:50-1 Released: Mon Jan 9 10:42:21 2023 Summary: Recommended update for shadow Type: recommended Severity: moderate References: 1205502 This update for shadow fixes the following issues: - Fix issue with user id field that cannot be interpreted (bsc#1205502) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:177-1 Released: Thu Jan 26 20:57:35 2023 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1194038,1205646 This update for util-linux fixes the following issues: - Fix tests not passing when '@' character is in build path: Fixes rpmbuild %checks fail when @ in the directory path (bsc#1194038). - libuuid continuous clock handling for time based UUIDs: Prevent use of the new libuuid ABI by uuidd %post before update of libuuid1 (bsc#1205646). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:178-1 Released: Thu Jan 26 20:58:21 2023 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1207182 This update for openssl-1_1 fixes the following issues: - FIPS: Add Pair-wise Consistency Test when generating DH key [bsc#1207182] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:188-1 Released: Fri Jan 27 12:07:19 2023 Summary: Recommended update for zlib Type: recommended Severity: important References: 1203652 This update for zlib fixes the following issues: - Follow up fix for bug bsc#1203652 due to libxml2 issues ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:201-1 Released: Fri Jan 27 15:24:15 2023 Summary: Security update for systemd Type: security Severity: moderate References: 1204944,1205000,1207264,CVE-2022-4415 This update for systemd fixes the following issues: - CVE-2022-4415: Fixed an issue where users could access coredumps with changed uid, gid or capabilities (bsc#1205000). Non-security fixes: - Enabled the pstore service (jsc#PED-2663). - Fixed an issue accessing TPM when secure boot is enabled (bsc#1204944). - Fixed an issue where a pamd file could get accidentally overwritten after an update (bsc#1207264). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:311-1 Released: Tue Feb 7 17:36:32 2023 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1207533,1207534,1207536,1207538,CVE-2022-4304,CVE-2022-4450,CVE-2023-0215,CVE-2023-0286 This update for openssl-1_1 fixes the following issues: - CVE-2023-0286: Fixed X.400 address type confusion in X.509 GENERAL_NAME_cmp for x400Address (bsc#1207533). - CVE-2023-0215: Fixed use-after-free following BIO_new_NDEF() (bsc#1207536). - CVE-2022-4450: Fixed double free after calling PEM_read_bio_ex() (bsc#1207538). - CVE-2022-4304: Fixed timing Oracle in RSA Decryption (bsc#1207534). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:429-1 Released: Wed Feb 15 17:41:22 2023 Summary: Security update for curl Type: security Severity: important References: 1207990,1207991,1207992,CVE-2023-23914,CVE-2023-23915,CVE-2023-23916 This update for curl fixes the following issues: - CVE-2023-23914: Fixed HSTS ignored on multiple requests (bsc#1207990). - CVE-2023-23915: Fixed HSTS amnesia with --parallel (bsc#1207991). - CVE-2023-23916: Fixed HTTP multi-header compression denial of service (bsc#1207992). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:450-1 Released: Mon Feb 20 09:16:53 2023 Summary: Security update for postgresql12 Type: security Severity: important References: 1208102,CVE-2022-41862 This update for postgresql12 fixes the following issues: Update to 12.14: - CVE-2022-41862: Fixed memory leak in libpq (bsc#1208102). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:464-1 Released: Mon Feb 20 18:11:37 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: This update for systemd fixes the following issues: - Merge of v249.15 - Drop workaround related to systemd-timesyncd that addressed a Factory issue. - Conditionalize the use of /lib/modprobe.d only on systems with split usr support enabled (i.e. SLE). - Make use of the %systemd_* rpm macros consistently. Using the upstream variants will ease the backports of Factory changes to SLE since Factory systemd uses the upstream variants exclusively. - machines.target belongs to systemd-container, do its init/cleanup steps from the scriptlets of this sub-package. - Make sure we apply the presets on units shipped by systemd package. - systemd-testsuite: move the integration tests in a dedicated sub directory. - Move systemd-cryptenroll into udev package. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:563-1 Released: Tue Feb 28 10:51:46 2023 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1207994 This update for openssl-1_1 fixes the following issues: - FIPS: Serialize jitterentropy calls to avoid thread safety issues [bsc#1207994] ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:569-1 Released: Tue Feb 28 11:08:10 2023 Summary: Security update for postgresql15 Type: security Severity: important References: 1208102,CVE-2022-41862 This update for postgresql15 fixes the following issues: Update to 15.2: - CVE-2022-41862: Fixed memory leak in libpq (bsc#1208102). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:617-1 Released: Fri Mar 3 16:49:06 2023 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: 1207789 This update for jitterentropy fixes the following issues: - build jitterentropy library with debuginfo (bsc#1207789) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:709-1 Released: Fri Mar 10 16:04:41 2023 Summary: Recommended update for console-setup Type: recommended Severity: moderate References: 1202853 This update for console-setup and kbd fixes the following issue: - Fix Caps_Lock mapping for us.map and others (bsc#1202853) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:714-1 Released: Mon Mar 13 10:53:25 2023 Summary: Recommended update for rpm Type: recommended Severity: important References: 1207294 This update for rpm fixes the following issues: - Fix missing python(abi) for 3.XX versions (bsc#1207294) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:776-1 Released: Thu Mar 16 17:29:23 2023 Summary: Recommended update for gcc12 Type: recommended Severity: moderate References: This update for gcc12 fixes the following issues: This update ships gcc12 also to the SUSE Linux Enterprise 15 SP1 LTSS and 15 SP2 LTSS products. SUSE Linux Enterprise 15 SP3 and SP4 get only refreshed builds without changes This update ship the GCC 12 compiler suite and its base libraries. The compiler baselibraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 11 ones. The new compilers for C, C++, and Fortran are provided in the SUSE Linux Enterprise Module for Development Tools. To use gcc12 compilers use: - install 'gcc12' or 'gcc12-c++' or one of the other 'gcc12-COMPILER' frontend packages. - override your makefile to use CC=gcc12, CXX=g++12 and similar overrides for the other languages. For a full changelog with all new GCC12 features, check out https://gcc.gnu.org/gcc-12/changes.html ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:782-1 Released: Thu Mar 16 19:08:34 2023 Summary: Recommended update for libgcrypt Type: recommended Severity: moderate References: 1208924,1208925,1208926 This update for libgcrypt fixes the following issues: - FIPS: ECC: Transition to error-state if PCT fail [bsc#1208925] - FIPS: ECDSA: Avoid no-keytest in ECDSA keygen [bsc#1208924] - FIPS: PBKDF2: Added additional checks for the minimum key length, salt length, iteration count and passphrase length to the kdf FIPS indicator in _gcry_fips_indicator_kdf() [bsc#1208926] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:783-1 Released: Thu Mar 16 19:09:03 2023 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1208998 This update for openssl-1_1 fixes the following issues: FIPS: Service-level indicator changes [bsc#1208998] * Add additional checks required by FIPS 140-3. Minimum values for PBKDF2 are: 112 bits for key, 128 bits for salt, 1000 for iteration count and 20 characters for password. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1582-1 Released: Mon Mar 27 10:31:52 2023 Summary: Security update for curl Type: security Severity: moderate References: 1209209,1209210,1209211,1209212,1209214,CVE-2023-27533,CVE-2023-27534,CVE-2023-27535,CVE-2023-27536,CVE-2023-27538 This update for curl fixes the following issues: - CVE-2023-27533: Fixed TELNET option IAC injection (bsc#1209209). - CVE-2023-27534: Fixed SFTP path ~ resolving discrepancy (bsc#1209210). - CVE-2023-27535: Fixed FTP too eager connection reuse (bsc#1209211). - CVE-2023-27536: Fixed GSS delegation too eager connection reuse (bsc#1209212). - CVE-2023-27538: Fixed SSH connection too eager reuse still (bsc#1209214). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1662-1 Released: Wed Mar 29 10:36:23 2023 Summary: Recommended update for patterns-base Type: recommended Severity: moderate References: 1203537 This update for patterns-base fixes the following issues: - change label of FIPS 140-2 to 140-3 to reflect our current certifications (bsc#1203537) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1688-1 Released: Wed Mar 29 18:19:10 2023 Summary: Security update for zstd Type: security Severity: moderate References: 1209533,CVE-2022-4899 This update for zstd fixes the following issues: - CVE-2022-4899: Fixed buffer overrun in util.c (bsc#1209533). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1718-1 Released: Fri Mar 31 15:47:34 2023 Summary: Security update for glibc Type: security Severity: moderate References: 1207571,1207957,1207975,1208358,CVE-2023-0687 This update for glibc fixes the following issues: Security issue fixed: - CVE-2023-0687: Fix allocated buffer overflow in gmon (bsc#1207975) Other issues fixed: - Fix avx2 strncmp offset compare condition check (bsc#1208358) - elf: Allow dlopen of filter object to work (bsc#1207571) - powerpc: Fix unrecognized instruction errors with recent GCC - x86: Cache computation for AMD architecture (bsc#1207957) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1745-1 Released: Tue Apr 4 09:05:23 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1209624,CVE-2023-0464 This update for openssl-1_1 fixes the following issues: - CVE-2023-0464: Fixed excessive Resource Usage Verifying X.509 Policy Constraints (bsc#1209624). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1753-1 Released: Tue Apr 4 11:55:00 2023 Summary: Recommended update for systemd-presets-common-SUSE Type: recommended Severity: moderate References: This update for systemd-presets-common-SUSE fixes the following issue: - Enable systemd-pstore.service by default (jsc#PED-2663) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1779-1 Released: Thu Apr 6 08:16:58 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1208432 This update for systemd fixes the following issues: - Fix return non-zero value when disabling SysVinit service (bsc#1208432) - Drop build requirement on libpci, it's not no longer needed - Move systemd-boot and all components managing (secure) UEFI boot into udev sub-package, so they aren't installed in systemd based containers ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1805-1 Released: Tue Apr 11 10:12:41 2023 Summary: Recommended update for timezone Type: recommended Severity: important References: This update for timezone fixes the following issues: - Version update from 2022g to 2023c: * Egypt now uses DST again, from April through October. * This year Morocco springs forward April 23, not April 30. * Palestine delays the start of DST this year. * Much of Greenland still uses DST from 2024 on. * America/Yellowknife now links to America/Edmonton. * tzselect can now use current time to help infer timezone. * The code now defaults to C99 or later. The following package changes have been done: - filesystem-15.0-11.8.1 updated - libldap-data-2.4.46-150200.14.11.2 updated - libtirpc-netconfig-1.2.6-150300.3.17.1 updated - glibc-2.31-150300.46.1 updated - libcrypt1-4.4.15-150300.4.4.3 updated - perl-base-5.26.1-150300.17.11.1 updated - libssh-config-0.9.6-150400.1.5 updated - libsepol1-3.1-150400.1.70 updated - liblz4-1-1.9.3-150400.1.7 updated - libgpg-error0-1.42-150400.1.101 updated - libcap2-2.63-150400.1.7 updated - libbz2-1-1.0.8-150400.1.122 updated - libaudit1-3.0.6-150400.2.13 updated - libzstd1-1.5.0-150400.3.3.1 updated - libuuid1-2.37.2-150400.8.14.1 updated - libudev1-249.16-150400.8.25.7 updated - libsmartcols1-2.37.2-150400.8.14.1 updated - libeconf0-0.4.6+git20220427.3016f4e-150400.3.3.1 updated - libcom_err2-1.46.4-150400.3.3.1 updated - libblkid1-2.37.2-150400.8.14.1 updated - libgcrypt20-1.9.4-150400.6.8.1 updated - libgcrypt20-hmac-1.9.4-150400.6.8.1 updated - libfdisk1-2.37.2-150400.8.14.1 updated - libz1-1.2.11-150000.3.39.1 updated - libpcre1-8.45-150000.20.13.1 updated - liblzma5-5.2.3-150000.4.7.1 updated - libjitterentropy3-3.4.0-150000.1.9.1 added - libgcc_s1-12.2.1+git416-150000.1.7.1 updated - libstdc++6-12.2.1+git416-150000.1.7.1 updated - libpsl5-0.20.1-150000.3.3.1 updated - libncurses6-6.1-150000.5.12.1 updated - terminfo-base-6.1-150000.5.12.1 updated - ncurses-utils-6.1-150000.5.12.1 updated - libelf1-0.185-150400.5.3.1 updated - libxml2-2-2.9.14-150400.5.13.1 updated - libsystemd0-249.16-150400.8.25.7 updated - libopenssl1_1-1.1.1l-150400.7.31.2 updated - libopenssl1_1-hmac-1.1.1l-150400.7.31.2 updated - libdw1-0.185-150400.5.3.1 updated - patterns-base-fips-20200124-150400.20.4.1 updated - libselinux1-3.1-150400.1.69 updated - libreadline7-7.0-150400.25.22 updated - libsemanage1-3.1-150400.1.65 updated - bash-4.4-150400.25.22 updated - bash-sh-4.4-150400.25.22 updated - cpio-2.13-150400.1.98 updated - libldap-2_4-2-2.4.46-150200.14.11.2 updated - libmount1-2.37.2-150400.8.14.1 updated - krb5-1.19.2-150400.3.3.1 updated - login_defs-4.8.1-150400.10.3.1 updated - coreutils-8.32-150400.7.5 updated - libssh4-0.9.6-150400.1.5 updated - sles-release-15.4-150400.55.1 updated - libtirpc3-1.2.6-150300.3.17.1 updated - grep-3.1-150000.4.6.1 updated - libcurl4-7.79.1-150400.5.18.1 updated - rpm-config-SUSE-1-150400.14.3.1 updated - permissions-20201225-150400.5.16.1 updated - rpm-ndb-4.14.3-150300.55.1 updated - pam-1.3.0-150000.6.61.1 updated - shadow-4.8.1-150400.10.3.1 updated - sysuser-shadow-3.1-150400.1.35 updated - system-group-hardware-20170617-150400.22.33 updated - util-linux-2.37.2-150400.8.14.1 updated - aaa_base-84.87+git20180409.04c9dae-150300.10.3.1 updated - timezone-2023c-150000.75.23.1 updated - libp11-kit0-0.23.22-150400.1.10 updated - glibc-locale-base-2.31-150300.46.1 updated - kbd-legacy-2.4.0-150400.5.3.1 updated - libapparmor1-3.0.4-150400.5.3.1 updated - libdbus-1-3-1.12.2-150400.18.5.1 updated - libdevmapper1_03-2.03.05_1.02.163-150400.185.1 updated - libexpat1-2.4.4-150400.3.12.1 updated - libicu65_1-ledata-65.1-150200.4.5.1 updated - libpq5-15.2-150200.5.6.1 updated - libseccomp2-2.5.3-150400.2.4 updated - systemd-presets-common-SUSE-15-150100.8.20.1 updated - update-alternatives-1.19.0.4-150000.4.4.1 updated - glibc-locale-2.31-150300.46.1 updated - kbd-2.4.0-150400.5.3.1 updated - libicu-suse65_1-65.1-150200.4.5.1 updated - libcryptsetup12-2.4.3-150400.1.110 updated - libcryptsetup12-hmac-2.4.3-150400.1.110 updated - systemd-presets-branding-SLE-15.1-150100.20.11.1 updated - postgresql-15-150400.4.6.2 updated - postgresql12-12.14-150200.8.41.1 updated - dbus-1-1.12.2-150400.18.5.1 updated - systemd-249.16-150400.8.25.7 updated - postgresql-server-15-150400.4.6.2 updated - postgresql12-server-12.14-150200.8.41.1 updated - container:sles15-image-15.0.0-27.14.50 updated From sle-updates at lists.suse.com Fri Apr 14 07:07:07 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 14 Apr 2023 09:07:07 +0200 (CEST) Subject: SUSE-CU-2023:1104-1: Security update of suse/postgres Message-ID: <20230414070707.BF153F36E@maintenance.suse.de> SUSE Container Update Advisory: suse/postgres ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1104-1 Container Tags : suse/postgres:13 , suse/postgres:13-22.1 , suse/postgres:13.10 , suse/postgres:13.10-22.1 Container Release : 22.1 Severity : critical Type : security References : 1040589 1047178 1087072 1121365 1137373 1177460 1177460 1177460 1179416 1180125 1180995 1181658 1181805 1182983 1183543 1183545 1183659 1185299 1185637 1187670 1188548 1190651 1190651 1190651 1190653 1190700 1190740 1190824 1190888 1191020 1191157 1192951 1193282 1193489 1193659 1193711 1193859 1193951 1194038 1194047 1194708 1194968 1195059 1195157 1195251 1195283 1195628 1195680 1195680 1196025 1196026 1196093 1196107 1196168 1196169 1196171 1196275 1196406 1196490 1196647 1196784 1196861 1197004 1197024 1197065 1197178 1197459 1197570 1197718 1197771 1197794 1198062 1198165 1198166 1198166 1198176 1198341 1198446 1198471 1198472 1198523 1198627 1198720 1198731 1198732 1198751 1198752 1199074 1199132 1199140 1199140 1199166 1199232 1199240 1199467 1199475 1199475 1199492 1199524 1199944 1200170 1200334 1200437 1200485 1200550 1200723 1200734 1200735 1200736 1200737 1200747 1200800 1200855 1200855 1201099 1201276 1201293 1201385 1201560 1201640 1201680 1201795 1201942 1201959 1202011 1202117 1202148 1202148 1202175 1202310 1202324 1202344 1202368 1202368 1202593 1202750 1202853 1202870 1203018 1203046 1203069 1203216 1203438 1203482 1203537 1203652 1203652 1203911 1204111 1204112 1204113 1204179 1204211 1204366 1204367 1204383 1204386 1204585 1204649 1204708 1204944 1204968 1205000 1205000 1205126 1205156 1205300 1205300 1205502 1205646 1206308 1206309 1207182 1207264 1207294 1207533 1207534 1207536 1207538 1207571 1207789 1207957 1207975 1207990 1207991 1207992 1207994 1208102 1208102 1208358 1208432 1208924 1208925 1208926 1208998 1209209 1209210 1209211 1209212 1209214 1209533 1209624 CVE-2017-6512 CVE-2018-25032 CVE-2020-21913 CVE-2021-20266 CVE-2021-20271 CVE-2021-3421 CVE-2021-46828 CVE-2022-1271 CVE-2022-1292 CVE-2022-1304 CVE-2022-1552 CVE-2022-1552 CVE-2022-1586 CVE-2022-1664 CVE-2022-1706 CVE-2022-2068 CVE-2022-2097 CVE-2022-23308 CVE-2022-25235 CVE-2022-25236 CVE-2022-25313 CVE-2022-25314 CVE-2022-25315 CVE-2022-2625 CVE-2022-2625 CVE-2022-29155 CVE-2022-29458 CVE-2022-29824 CVE-2022-31252 CVE-2022-32205 CVE-2022-32206 CVE-2022-32207 CVE-2022-32208 CVE-2022-32221 CVE-2022-35252 CVE-2022-37434 CVE-2022-3821 CVE-2022-40303 CVE-2022-40304 CVE-2022-40674 CVE-2022-41862 CVE-2022-41862 CVE-2022-42010 CVE-2022-42011 CVE-2022-42012 CVE-2022-42898 CVE-2022-42916 CVE-2022-4304 CVE-2022-43551 CVE-2022-43552 CVE-2022-43680 CVE-2022-4415 CVE-2022-4415 CVE-2022-4450 CVE-2022-4899 CVE-2023-0215 CVE-2023-0286 CVE-2023-0464 CVE-2023-0687 CVE-2023-23914 CVE-2023-23915 CVE-2023-23916 CVE-2023-27533 CVE-2023-27534 CVE-2023-27535 CVE-2023-27536 CVE-2023-27538 ----------------------------------------------------------------- The container suse/postgres was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2682-1 Released: Thu Aug 12 20:06:19 2021 Summary: Security update for rpm Type: security Severity: important References: 1179416,1181805,1183543,1183545,CVE-2021-20266,CVE-2021-20271,CVE-2021-3421 This update for rpm fixes the following issues: - Changed default package verification level to 'none' to be compatible to rpm-4.14.1 - Made illegal obsoletes a warning - Fixed a potential access of freed mem in ndb's glue code (bsc#1179416) - Added support for enforcing signature policy and payload verification step to transactions (jsc#SLE-17817) - Added :humansi and :hmaniec query formatters for human readable output - Added query selectors for whatobsoletes and whatconflicts - Added support for sorting caret higher than base version - rpm does no longer require the signature header to be in a contiguous region when signing (bsc#1181805) Security fixes: - CVE-2021-3421: A flaw was found in the RPM package in the read functionality. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package or compromise an RPM repository, to cause RPM database corruption. The highest threat from this vulnerability is to data integrity (bsc#1183543) - CVE-2021-20271: A flaw was found in RPM's signature check functionality when reading a package file. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package, whose signature header was modified, to cause RPM database corruption and execute code. The highest threat from this vulnerability is to data integrity, confidentiality, and system availability (bsc#1183545) - CVE-2021-20266: A flaw was found in RPM's hdrblobInit() in lib/header.c. This flaw allows an attacker who can modify the rpmdb to cause an out-of-bounds read. The highest threat from this vulnerability is to system availability. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3445-1 Released: Fri Oct 15 09:03:39 2021 Summary: Security update for rpm Type: security Severity: important References: 1183659,1185299,1187670,1188548 This update for rpm fixes the following issues: Security issues fixed: - PGP hardening changes (bsc#1185299) Maintaince issues fixed: - Fixed zstd detection (bsc#1187670) - Added ndb rofs support (bsc#1188548) - Fixed deadlock when multiple rpm processes try tp acquire the database lock (bsc#1183659) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:96-1 Released: Tue Jan 18 05:14:44 2022 Summary: Recommended update for rpm Type: recommended Severity: important References: 1180125,1190824,1193711 This update for rpm fixes the following issues: - Fix header check so that old rpms no longer get rejected (bsc#1190824) - Add explicit requirement on python-rpm-macros (bsc#1180125, bsc#1193711) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:520-1 Released: Fri Feb 18 12:45:19 2022 Summary: Recommended update for rpm Type: recommended Severity: moderate References: 1194968 This update for rpm fixes the following issues: - Revert unwanted /usr/bin/python to /usr/bin/python2 change we got with the update to 4.14.3 (bsc#1194968) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:936-1 Released: Tue Mar 22 18:10:17 2022 Summary: Recommended update for filesystem and systemd-rpm-macros Type: recommended Severity: moderate References: 1196275,1196406 This update for filesystem and systemd-rpm-macros fixes the following issues: filesystem: - Add path /lib/modprobe.d (bsc#1196275, jsc#SLE-20639) systemd-rpm-macros: - Make %_modprobedir point to /lib/modprobe.d (bsc#1196275, bsc#1196406) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1047-1 Released: Wed Mar 30 16:20:56 2022 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1196093,1197024 This update for pam fixes the following issues: - Define _pam_vendordir as the variable is needed by systemd and others. (bsc#1196093) - Between allocating the variable 'ai' and free'ing them, there are two 'return NO' were we don't free this variable. This patch inserts freaddrinfo() calls before the 'return NO;'s. (bsc#1197024) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1061-1 Released: Wed Mar 30 18:27:06 2022 Summary: Security update for zlib Type: security Severity: important References: 1197459,CVE-2018-25032 This update for zlib fixes the following issues: - CVE-2018-25032: Fixed memory corruption on deflate (bsc#1197459). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1118-1 Released: Tue Apr 5 18:34:06 2022 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: - timezone update 2022a (bsc#1177460): * Palestine will spring forward on 2022-03-27, not on 03-26 * `zdump -v` now outputs better failure indications * Bug fixes for code that reads corrupted TZif data ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1158-1 Released: Tue Apr 12 14:44:43 2022 Summary: Security update for xz Type: security Severity: important References: 1198062,CVE-2022-1271 This update for xz fixes the following issues: - CVE-2022-1271: Fixed an incorrect escaping of malicious filenames (ZDI-CAN-16587). (bsc#1198062) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1281-1 Released: Wed Apr 20 12:26:38 2022 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1196647 This update for libtirpc fixes the following issues: - Add option to enforce connection via protocol version 2 first (bsc#1196647) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1374-1 Released: Mon Apr 25 15:02:13 2022 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1191157,1197004 This update for openldap2 fixes the following issues: - allow specification of max/min TLS version with TLS1.3 (bsc#1191157) - libldap was able to be out of step with openldap in some cases which could cause incorrect installations and symbol resolution failures. openldap2 and libldap now are locked to their related release versions. (bsc#1197004) - restore CLDAP functionality in CLI tools (jsc#PM-3288) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1409-1 Released: Tue Apr 26 12:54:57 2022 Summary: Recommended update for gcc11 Type: recommended Severity: moderate References: 1195628,1196107 This update for gcc11 fixes the following issues: - Add a list of Obsoletes to libstdc++6-pp-gcc11 so updates from packages provided by older GCC work. Add a requires from that package to the corresponding libstc++6 package to keep those at the same version. [bsc#1196107] - Fixed memory corruption when creating dependences with the D language frontend. - Add gcc11-PIE, similar to gcc-PIE but affecting gcc11 [bsc#1195628] - Put libstdc++6-pp Requires on the shared library and drop to Recommends. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1438-1 Released: Wed Apr 27 15:27:19 2022 Summary: Recommended update for systemd-presets-common-SUSE Type: recommended Severity: low References: 1195251 This update for systemd-presets-common-SUSE fixes the following issue: - enable vgauthd service for VMWare by default (bsc#1195251) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1451-1 Released: Thu Apr 28 10:47:22 2022 Summary: Recommended update for perl Type: recommended Severity: moderate References: 1193489 This update for perl fixes the following issues: - Fix Socket::VERSION evaluation and stabilize Socket:VERSION comparisons (bsc#1193489) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1463-1 Released: Fri Apr 29 09:39:45 2022 Summary: Recommended update for postgresql13 Type: recommended Severity: moderate References: 1190740,1195680 This update for postgresql13 fixes the following issues: - Upgrade to 14.2: (bsc#1195680) * https://www.postgresql.org/docs/14/release-14-2.html * Reindexing might be needed after applying this upgrade, so please read the release notes carefully. - Add constraints file with 12GB of memory for s390x as a workaround. (bsc#1190740) - Add a llvmjit-devel subpackage to pull in the right versions of clang and llvm for building extensions. - Fix some mistakes in the interdependencies between the implementation packages and their noarch counterpart. - Update the BuildIgnore section. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1655-1 Released: Fri May 13 15:36:10 2022 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1197794 This update for pam fixes the following issue: - Do not include obsolete header files (bsc#1197794) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1658-1 Released: Fri May 13 15:40:20 2022 Summary: Recommended update for libpsl Type: recommended Severity: important References: 1197771 This update for libpsl fixes the following issues: - Fix libpsl compilation issues (bsc#1197771) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1670-1 Released: Mon May 16 10:06:30 2022 Summary: Security update for openldap2 Type: security Severity: important References: 1199240,CVE-2022-29155 This update for openldap2 fixes the following issues: - CVE-2022-29155: Fixed SQL injection in back-sql (bsc#1199240). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1718-1 Released: Tue May 17 17:44:43 2022 Summary: Security update for e2fsprogs Type: security Severity: important References: 1198446,CVE-2022-1304 This update for e2fsprogs fixes the following issues: - CVE-2022-1304: Fixed out-of-bounds read/write leading to segmentation fault and possibly arbitrary code execution. (bsc#1198446) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1887-1 Released: Tue May 31 09:24:18 2022 Summary: Recommended update for grep Type: recommended Severity: moderate References: 1040589 This update for grep fixes the following issues: - Make profiling deterministic. (bsc#1040589, SLE-24115) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1895-1 Released: Tue May 31 14:51:12 2022 Summary: Security update for postgresql13 Type: security Severity: important References: 1199475,CVE-2022-1552 This update for postgresql13 fixes the following issues: - CVE-2022-1552: Confine additional operations within 'security restricted operation' sandboxes (bsc#1199475). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1899-1 Released: Wed Jun 1 10:43:22 2022 Summary: Recommended update for libtirpc Type: recommended Severity: important References: 1198176 This update for libtirpc fixes the following issues: - Add a check for nullpointer in check_address to prevent client from crashing (bsc#1198176) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1908-1 Released: Wed Jun 1 15:31:33 2022 Summary: Security update for postgresql14 Type: security Severity: important References: 1199475,CVE-2022-1552 This update for postgresql14 fixes the following issues: - CVE-2022-1552: Confine additional operations within 'security restricted operation' sandboxes (bsc#1199475). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1909-1 Released: Wed Jun 1 16:25:35 2022 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1198751 This update for glibc fixes the following issues: - Add the correct name for the IBM Z16 (bsc#1198751). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2019-1 Released: Wed Jun 8 16:50:07 2022 Summary: Recommended update for gcc11 Type: recommended Severity: moderate References: 1192951,1193659,1195283,1196861,1197065 This update for gcc11 fixes the following issues: Update to the GCC 11.3.0 release. * includes SLS hardening backport on x86_64. [bsc#1195283] * includes change to adjust gnats idea of the target, fixing the build of gprbuild. [bsc#1196861] * fixed miscompile of embedded premake in 0ad on i586. [bsc#1197065] * use --with-cpu rather than specifying --with-arch/--with-tune * Fix D memory corruption in -M output. * Fix ICE in is_this_parameter with coroutines. [bsc#1193659] * fixes issue with debug dumping together with -o /dev/null * fixes libgccjit issue showing up in emacs build [bsc#1192951] * Package mwaitintrin.h ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2294-1 Released: Wed Jul 6 13:34:15 2022 Summary: Security update for expat Type: security Severity: important References: 1196025,1196026,1196168,1196169,1196171,1196784,CVE-2022-25235,CVE-2022-25236,CVE-2022-25313,CVE-2022-25314,CVE-2022-25315 This update for expat fixes the following issues: - CVE-2022-25236: Fixed possible namespace-separator characters insertion into namespace URIs (bsc#1196025). - Fixed a regression caused by the patch for CVE-2022-25236 (bsc#1196784). - CVE-2022-25235: Fixed UTF-8 character validation in a certain context (bsc#1196026). - CVE-2022-25313: Fixed stack exhaustion in build_model() via uncontrolled recursion (bsc#1196168). - CVE-2022-25314: Fixed integer overflow in copyString (bsc#1196169). - CVE-2022-25315: Fixed integer overflow in storeRawNames (bsc#1196171). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2305-1 Released: Wed Jul 6 13:38:42 2022 Summary: Security update for curl Type: security Severity: important References: 1200734,1200735,1200736,1200737,CVE-2022-32205,CVE-2022-32206,CVE-2022-32207,CVE-2022-32208 This update for curl fixes the following issues: - CVE-2022-32205: Set-Cookie denial of service (bsc#1200734) - CVE-2022-32206: HTTP compression denial of service (bsc#1200735) - CVE-2022-32207: Unpreserved file permissions (bsc#1200736) - CVE-2022-32208: FTP-KRB bad message verification (bsc#1200737) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2308-1 Released: Wed Jul 6 14:15:13 2022 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1185637,1199166,1200550,1201099,CVE-2022-1292,CVE-2022-2068,CVE-2022-2097 This update for openssl-1_1 fixes the following issues: - CVE-2022-1292: Fixed command injection in c_rehash (bsc#1199166). - CVE-2022-2068: Fixed more shell code injection issues in c_rehash. (bsc#1200550) - CVE-2022-2097: Fixed partial missing encryption in AES OCB mode (bsc#1201099). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2323-1 Released: Thu Jul 7 12:16:58 2022 Summary: Recommended update for systemd-presets-branding-SLE Type: recommended Severity: low References: This update for systemd-presets-branding-SLE fixes the following issues: - Enable suseconnect-keepalive.timer for SUSEConnect (jsc#SLE-23312) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2361-1 Released: Tue Jul 12 12:05:01 2022 Summary: Security update for pcre Type: security Severity: important References: 1199232,CVE-2022-1586 This update for pcre fixes the following issues: - CVE-2022-1586: Fixed unicode property matching issue. (bsc#1199232) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2406-1 Released: Fri Jul 15 11:49:01 2022 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1197718,1199140,1200334,1200855 This update for glibc fixes the following issues: - powerpc: Fix VSX register number on __strncpy_power9 (bsc#1200334) - Disable warnings due to deprecated libselinux symbols used by nss and nscd (bsc#1197718) - i386: Remove broken CAN_USE_REGISTER_ASM_EBP (bsc#1197718) - rtld: Avoid using up static TLS surplus for optimizations (bsc#1200855, BZ #25051) This readds the s390 32bit glibc and libcrypt1 libraries (glibc-32bit, glibc-locale-base-32bit, libcrypt1-32bit). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2469-1 Released: Thu Jul 21 04:38:31 2022 Summary: Recommended update for systemd Type: recommended Severity: important References: 1137373,1181658,1194708,1195157,1197570,1198732,1200170,1201276 This update for systemd fixes the following issues: - Make {/etc,/usr/lib}/systemd/network owned by both udev and systemd-network. The configuration files put in these directories are read by both udevd and systemd-networkd (bsc#1201276) - Allow control characters in environment variable values (bsc#1200170) - Fix issues with multipath setup (bsc#1137373, bsc#1181658, bsc#1194708, bsc#1195157, bsc#1197570) - Fix parsing error in s390 udev rules conversion script (bsc#1198732) - core/device: device_coldplug(): don't set DEVICE_DEAD - core/device: do not downgrade device state if it is already enumerated - core/device: drop unnecessary condition ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2493-1 Released: Thu Jul 21 14:35:08 2022 Summary: Recommended update for rpm-config-SUSE Type: recommended Severity: moderate References: 1193282 This update for rpm-config-SUSE fixes the following issues: - Add SBAT values macros for other packages (bsc#1193282) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2494-1 Released: Thu Jul 21 15:16:42 2022 Summary: Recommended update for glibc Type: recommended Severity: important References: 1200855,1201560,1201640 This update for glibc fixes the following issues: - Remove tunables from static tls surplus patch which caused crashes (bsc#1200855) - i386: Disable check_consistency for GCC 5 and above (bsc#1201640, BZ #25788) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2552-1 Released: Tue Jul 26 14:55:40 2022 Summary: Security update for libxml2 Type: security Severity: important References: 1196490,1199132,CVE-2022-23308,CVE-2022-29824 This update for libxml2 fixes the following issues: Update to 2.9.14: - CVE-2022-29824: Fixed integer overflow that could have led to an out-of-bounds write in buf.c (xmlBuf*) and tree.c (xmlBuffer*) (bsc#1199132). Update to version 2.9.13: - CVE-2022-23308: Fixed a use-after-free of ID and IDREF attributes. (bsc#1196490) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2632-1 Released: Wed Aug 3 09:51:00 2022 Summary: Security update for permissions Type: security Severity: important References: 1198720,1200747,1201385 This update for permissions fixes the following issues: * apptainer: fix starter-suid location (bsc#1198720) * static permissions: remove deprecated bind / named chroot entries (bsc#1200747) * postfix: add postlog setgid for maildrop binary (bsc#1201385) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2706-1 Released: Tue Aug 9 09:17:54 2022 Summary: Recommended update for postgresql Type: recommended Severity: moderate References: 1195680 This update for postgresql fixes the following issues: - Fix the pg_server_requires macro on older rpm versions (SLE-12) - Avoid a dependency on awk in postgresql-script. - Move the dependency of llvmjit-devel on clang and llvm to the implementation packages where we can depend on the correct versions. - Fix postgresql_has_llvm usage - First round of changes to make it easier to build extensions for - add postgresql-llvmjit-devel subpackage: This package will pull in clang and llvm if the distro has a recent enough version, otherwise it will just pull postgresql-server-devel. - add postgresql macros to the postgresql-server-devel package those cover all the variables from pg_config and some macros to remove repitition from the spec files - Bump version to 14. (bsc#1195680) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2717-1 Released: Tue Aug 9 12:54:16 2022 Summary: Security update for ncurses Type: security Severity: moderate References: 1198627,CVE-2022-29458 This update for ncurses fixes the following issues: - CVE-2022-29458: Fixed segfaulting out-of-bounds read in convert_strings in tinfo/read_entry.c (bsc#1198627). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2796-1 Released: Fri Aug 12 14:34:31 2022 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: This update for jitterentropy fixes the following issues: jitterentropy is included in version 3.4.0 (jsc#SLE-24941): This is a FIPS 140-3 / NIST 800-90b compliant userspace jitter entropy generator library, used by other FIPS libraries. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2866-1 Released: Mon Aug 22 15:36:30 2022 Summary: Security update for systemd-presets-common-SUSE Type: security Severity: moderate References: 1199524,1200485,CVE-2022-1706 This update for systemd-presets-common-SUSE fixes the following issues: - CVE-2022-1706: Fixed accessible configs from unprivileged containers in VMs running on VMware products (bsc#1199524). The following non-security bugs were fixed: - Modify branding-preset-states to fix systemd-presets-common-SUSE not enabling new user systemd service preset configuration just as it handles system service presets. By passing an (optional) second parameter 'user', the save/apply-changes commands now work with user services instead of system ones (bsc#1200485) - Add the wireplumber user service preset to enable it by default in SLE15-SP4 where it replaced pipewire-media-session, but keep pipewire-media-session preset so we don't have to branch the systemd-presets-common-SUSE package for SP4 (bsc#1200485) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2901-1 Released: Fri Aug 26 03:34:23 2022 Summary: Recommended update for elfutils Type: recommended Severity: moderate References: This update for elfutils fixes the following issues: - Fix runtime dependency for devel package ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2904-1 Released: Fri Aug 26 05:28:34 2022 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1198341 This update for openldap2 fixes the following issues: - Prevent memory reuse which may lead to instability (bsc#1198341) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2920-1 Released: Fri Aug 26 15:17:02 2022 Summary: Recommended update for systemd Type: recommended Severity: important References: 1195059,1201795 This update for systemd fixes the following issues: - Don't replace /etc/systemd/system/tmp.mount symlink with a dangling one pointing to /usr/lib/systemd/ (bsc#1201795) - Drop or soften some of the deprecation warnings (jsc#PED-944) - Ensure root user can login even if systemd-user-sessions.service is not activated yet (bsc#1195059) - Avoid applying presets to any services shipped by the experimental sub-package, as they aren't enabled by default - analyze: Fix offline check for syscal filter - calendarspec: Fix timer skipping the next elapse - core: Allow command argument to be longer - hwdb: Add AV production controllers to hwdb and add uaccess - hwdb: Allow console users access to rfkill - hwdb: Allow end-users root-less access to TL866 EPROM readers - hwdb: Permit unsetting power/persist for USB devices - hwdb: Tag IR cameras as such - hwdb: Fix parsing issue - hwdb: Make usb match patterns uppercase - hwdb: Update the hardware database - journal-file: Stop using the event loop if it's already shutting down - journal-remote: Disable `--trust` option when gnutls is disabled and check_permission() should not be called - journald: Ensure resources are properly allocated for SIGTERM handling - kernel-install: Ensure modules.builtin.alias.bin is removed when no longer needed - macro: Account for negative values in DECIMAL_STR_WIDTH() - manager: Disallow clone3() function call in seccomp filters - missing-syscall: Define MOVE_MOUNT_T_EMPTY_PATH if missing - pid1,cgroup-show: Prevent failure if cgroup.procs in some subcgroups is not readable - resolve: Fix typo in dns_class_is_pseudo() - sd-event: Improve handling of process events and termination of processes - sd-ipv4acd: Fix ARP packet conflicts occurring when sender hardware is one of the host's interfaces - stdio-bridge: Improve the meaning of the error message - tmpfiles: Check for the correct directory ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2929-1 Released: Mon Aug 29 11:21:47 2022 Summary: Recommended update for timezone Type: recommended Severity: important References: 1202310 This update for timezone fixes the following issue: - Reflect new Chile DST change (bsc#1202310) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2947-1 Released: Wed Aug 31 09:16:21 2022 Summary: Security update for zlib Type: security Severity: important References: 1202175,CVE-2022-37434 This update for zlib fixes the following issues: - CVE-2022-37434: Fixed heap-based buffer over-read or buffer overflow via large gzip header extra field (bsc#1202175). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2977-1 Released: Thu Sep 1 12:30:19 2022 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1197178,1198731 This update for util-linux fixes the following issues: - agetty: Resolve tty name even if stdin is specified (bsc#1197178) - libmount: When moving a mount point, update all sub mount entries in utab (bsc#1198731) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2987-1 Released: Thu Sep 1 14:20:06 2022 Summary: Security update for postgresql13 Type: security Severity: important References: 1198166,1202368,CVE-2022-2625 This update for postgresql13 fixes the following issues: - Update to 13.8: - CVE-2022-2625: Fixed an issue where extension scripts would replace objects not belonging to that extension (bsc#1202368). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2989-1 Released: Thu Sep 1 14:24:28 2022 Summary: Security update for postgresql14 Type: security Severity: important References: 1198166,1200437,1202368,CVE-2022-2625 This update for postgresql14 fixes the following issues: - Upgrade to version 14.5: - CVE-2022-2625: Fixed an issue where extension scripts would replace objects not belonging to that extension (bsc#1202368). - Upgrade to version 14.4 (bsc#1200437) - Release notes: https://www.postgresql.org/docs/release/14.4/ - Release announcement: https://www.postgresql.org/about/news/p-2470/ - Prevent possible corruption of indexes created or rebuilt with the CONCURRENTLY option (bsc#1200437) - Pin to llvm13 until the next patchlevel update (bsc#1198166) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3003-1 Released: Fri Sep 2 15:01:44 2022 Summary: Security update for curl Type: security Severity: low References: 1202593,CVE-2022-35252 This update for curl fixes the following issues: - CVE-2022-35252: Fixed a potential injection of control characters into cookies, which could be exploited by sister sites to cause a denial of service (bsc#1202593). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3118-1 Released: Tue Sep 6 15:43:53 2022 Summary: Recommended update for lvm2 Type: recommended Severity: moderate References: 1202011 This update for lvm2 fixes the following issues: - Do not use udev for device listing or device information (bsc#1202011) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3127-1 Released: Wed Sep 7 04:36:10 2022 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1198752,1200800 This update for libtirpc fixes the following issues: - Exclude ipv6 addresses in client protocol version 2 code (bsc#1200800) - Fix memory leak in params.r_addr assignement (bsc#1198752) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3142-1 Released: Wed Sep 7 09:54:18 2022 Summary: Security update for icu Type: security Severity: moderate References: 1193951,CVE-2020-21913 This update for icu fixes the following issues: - CVE-2020-21913: Fixed a memory safetey issue that could lead to use after free (bsc#1193951). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3215-1 Released: Thu Sep 8 15:58:27 2022 Summary: Recommended update for rpm Type: recommended Severity: moderate References: This update for rpm fixes the following issues: - Support Ed25519 RPM signatures [jsc#SLE-24714] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3262-1 Released: Tue Sep 13 15:34:29 2022 Summary: Recommended update for gcc11 Type: recommended Severity: moderate References: 1199140 This update for gcc11 ships some missing 32bit libraries for s390x. (bsc#1199140) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3271-1 Released: Wed Sep 14 06:45:39 2022 Summary: Security update for perl Type: security Severity: moderate References: 1047178,CVE-2017-6512 This update for perl fixes the following issues: - CVE-2017-6512: Fixed File::Path rmtree/remove_tree race condition (bsc#1047178). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3305-1 Released: Mon Sep 19 11:45:57 2022 Summary: Security update for libtirpc Type: security Severity: important References: 1201680,CVE-2021-46828 This update for libtirpc fixes the following issues: - CVE-2021-46828: Fixed denial of service vulnerability with lots of connections (bsc#1201680). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3328-1 Released: Wed Sep 21 12:48:56 2022 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: 1202870 This update for jitterentropy fixes the following issues: - Hide the non-GNUC constructs that are library internal from the exported header, to make it usable in builds with strict C99 compliance. (bsc#1202870) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3353-1 Released: Fri Sep 23 15:23:40 2022 Summary: Security update for permissions Type: security Severity: moderate References: 1203018,CVE-2022-31252 This update for permissions fixes the following issues: - CVE-2022-31252: Fixed chkstat group controlled paths (bsc#1203018). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3452-1 Released: Wed Sep 28 12:13:43 2022 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1201942 This update for glibc fixes the following issues: - Reversing calculation of __x86_shared_non_temporal_threshold (bsc#1201942) - powerpc: Optimized memcmp for power10 (jsc#PED-987) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3489-1 Released: Sat Oct 1 13:35:24 2022 Summary: Security update for expat Type: security Severity: important References: 1203438,CVE-2022-40674 This update for expat fixes the following issues: - CVE-2022-40674: Fixed use-after-free in the doContent function in xmlparse.c (bsc#1203438). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3521-1 Released: Tue Oct 4 14:18:56 2022 Summary: Recommended update for lvm2 Type: recommended Severity: critical References: 1198523 This update for lvm2 fixes the following issues: - Add additional check in the package to prevent removal of device-mapper library files during install (bsc#1198523) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3551-1 Released: Fri Oct 7 17:03:55 2022 Summary: Recommended update for libgcrypt Type: recommended Severity: moderate References: 1182983,1190700,1191020,1202117 This update for libgcrypt fixes the following issues: - FIPS: Fixed gpg/gpg2 gets out of core handler in FIPS mode while typing Tab key to Auto-Completion. [bsc#1182983] - FIPS: Ported libgcrypt to use jitterentropy [bsc#1202117, jsc#SLE-24941] * Enable the jitter based entropy generator by default in random.conf * Update the internal jitterentropy to version 3.4.0 - FIPS: Get most of the entropy from rndjent_poll [bsc#1202117] - FIPS: Check keylength in gcry_fips_indicator_kdf() [bsc#1190700] * Consider approved keylength greater or equal to 112 bits. - FIPS: Zeroize buffer and digest in check_binary_integrity() [bsc#1191020] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3555-1 Released: Mon Oct 10 14:05:12 2022 Summary: Recommended update for aaa_base Type: recommended Severity: important References: 1199492 This update for aaa_base fixes the following issues: - The wrapper rootsh is not a restricted shell. (bsc#1199492) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3663-1 Released: Wed Oct 19 19:05:21 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1121365,1180995,1190651,1190653,1190888,1193859,1198471,1198472,1201293,1202148,1203046,1203069 This update for openssl-1_1 fixes the following issues: - FIPS: Default to RFC-7919 groups for genparam and dhparam - FIPS: list only FIPS approved digest and public key algorithms [bsc#1121365, bsc#1190888, bsc#1193859, bsc#1198471, bsc#1198472] - FIPS: Add KAT for the RAND_DRBG implementation [bsc#1203069] - FIPS: openssl: RAND api should call into FIPS DRBG [bsc#1201293] * The FIPS_drbg implementation is not FIPS validated anymore. To provide backwards compatibility for applications that need FIPS compliant RNG number generation and use FIPS_drbg_generate, this function was re-wired to call the FIPS validated DRBG instance instead through the RAND_bytes() call. - FIPS: Fix minor memory leaks by FIPS patch [bsc#1203046] - FIPS: OpenSSL: Port openssl to use jitterentropy [bsc#1202148, jsc#SLE-24941] libcrypto.so now requires libjitterentropy3 library. - FIPS: OpenSSL Provide a service-level indicator [bsc#1190651] - FIPS: Add zeroization of temporary variables to the hmac integrity function FIPSCHECK_verify(). [bsc#1190653] ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3692-1 Released: Fri Oct 21 16:15:07 2022 Summary: Security update for libxml2 Type: security Severity: important References: 1204366,1204367,CVE-2022-40303,CVE-2022-40304 This update for libxml2 fixes the following issues: - CVE-2022-40303: Fixed integer overflows with XML_PARSE_HUGE (bsc#1204366). - CVE-2022-40304: Fixed dict corruption caused by entity reference cycles (bsc#1204367). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3785-1 Released: Wed Oct 26 20:20:19 2022 Summary: Security update for curl Type: security Severity: important References: 1204383,1204386,CVE-2022-32221,CVE-2022-42916 This update for curl fixes the following issues: - CVE-2022-32221: Fixed POST following PUT confusion (bsc#1204383). - CVE-2022-42916: Fixed HSTS bypass via IDN (bsc#1204386). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3787-1 Released: Thu Oct 27 04:41:09 2022 Summary: Recommended update for permissions Type: recommended Severity: important References: 1194047,1203911 This update for permissions fixes the following issues: - Fix regression introduced by backport of security fix (bsc#1203911) - Add permissions for enlightenment helper on 32bit arches (bsc#1194047) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3806-1 Released: Thu Oct 27 17:21:11 2022 Summary: Security update for dbus-1 Type: security Severity: important References: 1087072,1204111,1204112,1204113,CVE-2022-42010,CVE-2022-42011,CVE-2022-42012 This update for dbus-1 fixes the following issues: - CVE-2022-42010: Fixed potential crash that could be triggered by an invalid signature (bsc#1204111). - CVE-2022-42011: Fixed an out of bounds read caused by a fixed length array (bsc#1204112). - CVE-2022-42012: Fixed a use-after-free that could be trigged by a message in non-native endianness with out-of-band Unix file descriptor (bsc#1204113). Bugfixes: - Disable asserts (bsc#1087072). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3870-1 Released: Fri Nov 4 11:12:08 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1190651,1202148 This update for openssl-1_1 fixes the following issues: - FIPS: Add a missing dependency on jitterentropy-devel for libopenssl-1_1-devel (bsc#1202148) - FIPS: OpenSSL service-level indicator: Allow AES XTS 256 (bsc#1190651) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3884-1 Released: Mon Nov 7 10:59:26 2022 Summary: Security update for expat Type: security Severity: important References: 1204708,CVE-2022-43680 This update for expat fixes the following issues: - CVE-2022-43680: Fixed use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate (bsc#1204708). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3910-1 Released: Tue Nov 8 13:05:04 2022 Summary: Recommended update for pam Type: recommended Severity: moderate References: This update for pam fixes the following issue: - Update pam_motd to the most current version. (PED-1712) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3961-1 Released: Mon Nov 14 07:33:50 2022 Summary: Recommended update for zlib Type: recommended Severity: important References: 1203652 This update for zlib fixes the following issues: - Fix updating strm.adler with inflate() if DFLTCC is used (bsc#1203652) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3974-1 Released: Mon Nov 14 15:39:20 2022 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1201959,1204211 This update for util-linux fixes the following issues: - Fix file conflict during upgrade (bsc#1204211) - libuuid improvements (bsc#1201959, PED-1150): libuuid: Fix range when parsing UUIDs. Improve cache handling for short running applications-increment the cache size over runtime. Implement continuous clock handling for time based UUIDs. Check clock value from clock file to provide seamless libuuid. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3999-1 Released: Tue Nov 15 17:08:04 2022 Summary: Security update for systemd Type: security Severity: moderate References: 1204179,1204968,CVE-2022-3821 This update for systemd fixes the following issues: - CVE-2022-3821: Fixed buffer overrun in format_timespan() function (bsc#1204968). - Import commit 0cd50eedcc0692c1f907b24424215f8db7d3b428 * 0469b9f2bc pstore: do not try to load all known pstore modules * ad05f54439 pstore: Run after modules are loaded * ccad817445 core: Add trigger limit for path units * 281d818fe3 core/mount: also add default before dependency for automount mount units * ffe5b4afa8 logind: fix crash in logind on user-specified message string - Document udev naming scheme (bsc#1204179) - Make 'sle15-sp3' net naming scheme still available for backward compatibility reason ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4019-1 Released: Wed Nov 16 15:44:20 2022 Summary: Recommended update for apparmor Type: recommended Severity: low References: 1202344 This update for apparmor fixes the following issues: - profiles: permit php-fpm pid files directly under run/ (bsc#1202344) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4066-1 Released: Fri Nov 18 10:43:00 2022 Summary: Recommended update for timezone Type: recommended Severity: important References: 1177460,1202324,1204649,1205156 This update for timezone fixes the following issues: Update timezone version from 2022a to 2022f (bsc#1177460, bsc#1204649, bsc#1205156): - Mexico will no longer observe DST except near the US border - Chihuahua moves to year-round -06 on 2022-10-30 - Fiji no longer observes DST - In vanguard form, GMT is now a Zone and Etc/GMT a link - zic now supports links to links, and vanguard form uses this - Simplify four Ontario zones - Fix a Y2438 bug when reading TZif data - Enable 64-bit time_t on 32-bit glibc platforms - Omit large-file support when no longer needed - Jordan and Syria switch from +02/+03 with DST to year-round +03 - Palestine transitions are now Saturdays at 02:00 - Simplify three Ukraine zones into one - Improve tzselect on intercontinental Zones - Chile's DST is delayed by a week in September 2022 (bsc#1202324) - Iran no longer observes DST after 2022 - Rename Europe/Kiev to Europe/Kyiv - New `zic -R` command option - Vanguard form now uses %z ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4081-1 Released: Fri Nov 18 15:40:46 2022 Summary: Security update for dpkg Type: security Severity: low References: 1199944,CVE-2022-1664 This update for dpkg fixes the following issues: - CVE-2022-1664: Fixed a directory traversal vulnerability in Dpkg::Source::Archive (bsc#1199944). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4135-1 Released: Mon Nov 21 00:13:40 2022 Summary: Recommended update for libeconf Type: recommended Severity: moderate References: 1198165 This update for libeconf fixes the following issues: - Update to version 0.4.6+git - econftool: Parsing error: Reporting file and line nr. --delimeters=spaces accepting all kind of spaces for delimiter. - libeconf: Parse files correctly on space characters (1198165) - Update to version 0.4.5+git - econftool: New call 'syntax' for checking the configuration files only. Returns an error string with line number if error. New options '--comment' and '--delimeters' ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4153-1 Released: Mon Nov 21 14:34:09 2022 Summary: Security update for krb5 Type: security Severity: important References: 1205126,CVE-2022-42898 This update for krb5 fixes the following issues: - CVE-2022-42898: Fixed integer overflow in PAC parsing (bsc#1205126). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4198-1 Released: Wed Nov 23 13:15:04 2022 Summary: Recommended update for rpm Type: recommended Severity: moderate References: 1202750 This update for rpm fixes the following issues: - Strip critical bit in signature subpackage parsing - No longer deadlock DNF after pubkey import (bsc#1202750) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4212-1 Released: Thu Nov 24 15:53:48 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1190651 This update for openssl-1_1 fixes the following issues: - FIPS: Mark PBKDF2 with key shorter than 112 bits as non-approved (bsc#1190651) - FIPS: Consider RSA siggen/sigver with PKCS1 padding also approved (bsc#1190651) - FIPS: Return the correct indicator for a given EC group order bits (bsc#1190651) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4256-1 Released: Mon Nov 28 12:36:32 2022 Summary: Recommended update for gcc12 Type: recommended Severity: moderate References: This update for gcc12 fixes the following issues: This update ship the GCC 12 compiler suite and its base libraries. The compiler baselibraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 11 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP3 and SP4, and provided in the 'Development Tools' module. The Go, D and Ada language compiler parts are available unsupported via the PackageHub repositories. To use gcc12 compilers use: - install 'gcc12' or 'gcc12-c++' or one of the other 'gcc12-COMPILER' frontend packages. - override your Makefile to use CC=gcc12, CXX=g++12 and similar overrides for the other languages. For a full changelog with all new GCC12 features, check out https://gcc.gnu.org/gcc-12/changes.html ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4262-1 Released: Tue Nov 29 05:45:23 2022 Summary: Recommended update for lvm2 Type: recommended Severity: important References: 1199074,1203216,1203482 This update for lvm2 fixes the following issues: - Fix terminated lvmlockd not clearing/adopting locks, leading to inability to start volume group (bsc#1203216) - Fix device-mapper rpm package versioning to prevent migration issues (bsc#1199074) - Fix lvmlockd to support sanlock (bsc#1203482) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4447-1 Released: Tue Dec 13 10:13:56 2022 Summary: Recommended update for postgresql13 Type: recommended Severity: moderate References: 1205300 This update for postgresql13 fixes the following issues: postgresql13 was updated to 13.9: (bsc#1205300) * https://www.postgresql.org/about/news/2543/ * https://www.postgresql.org/docs/13/release-13-9.html ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4597-1 Released: Wed Dec 21 10:13:11 2022 Summary: Security update for curl Type: security Severity: important References: 1206308,1206309,CVE-2022-43551,CVE-2022-43552 This update for curl fixes the following issues: - CVE-2022-43552: HTTP Proxy deny use-after-free (bsc#1206309). - CVE-2022-43551: Fixed HSTS bypass via IDN (bsc#1206308). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4629-1 Released: Wed Dec 28 09:24:07 2022 Summary: Security update for systemd Type: security Severity: important References: 1200723,1205000,CVE-2022-4415 This update for systemd fixes the following issues: - CVE-2022-4415: Fixed systemd-coredump that did not respect the fs.suid_dumpable kernel setting (bsc#1205000). Bug fixes: - Support by-path devlink for multipath nvme block devices (bsc#1200723). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4645-1 Released: Sat Dec 31 16:04:44 2022 Summary: Security update for postgresql14, postgresql15 Type: recommended Severity: moderate References: 1205300 This update for postgresql14, postgresql15 fixes the following issues: postgresql15 is shipped in version 15.1. * https://www.postgresql.org/about/news/2543/ * https://www.postgresql.org/docs/15/release-15-1.html Update to 15.0: * https://www.postgresql.org/about/news/p-2526/ * https://www.postgresql.org/docs/15/release-15.html postgresql14 was updated to 14.6. (bsc#1205300) * https://www.postgresql.org/about/news/2543/ * https://www.postgresql.org/docs/14/release-14-6.html The libpq5 and libecpg6 libraries are now provided by postgresql15. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:25-1 Released: Thu Jan 5 09:51:41 2023 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: Version update from 2022f to 2022g (bsc#1177460): - In the Mexican state of Chihuahua: * The border strip near the US will change to agree with nearby US locations on 2022-11-30. * The strip's western part, represented by Ciudad Juarez, switches from -06 all year to -07/-06 with US DST rules, like El Paso, TX. * The eastern part, represented by Ojinaga, will observe US DST next year, like Presidio, TX. * A new Zone America/Ciudad_Juarez splits from America/Ojinaga. - Much of Greenland, represented by America/Nuuk, stops observing winter time after March 2023, so its daylight saving time becomes standard time. - Changes for pre-1996 northern Canada - Update to past DST transition in Colombia (1993), Singapore (1981) - 'timegm' is now supported by default ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:45-1 Released: Mon Jan 9 10:32:26 2023 Summary: Recommended update for libxml2 Type: recommended Severity: moderate References: 1204585 This update for libxml2 fixes the following issues: - Add W3C conformance tests to the testsuite (bsc#1204585): * Added file xmlts20080827.tar.gz ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:48-1 Released: Mon Jan 9 10:37:54 2023 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1199467 This update for libtirpc fixes the following issues: - Consider /proc/sys/net/ipv4/ip_local_reserved_ports, before binding to a random port (bsc#1199467) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:50-1 Released: Mon Jan 9 10:42:21 2023 Summary: Recommended update for shadow Type: recommended Severity: moderate References: 1205502 This update for shadow fixes the following issues: - Fix issue with user id field that cannot be interpreted (bsc#1205502) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:177-1 Released: Thu Jan 26 20:57:35 2023 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1194038,1205646 This update for util-linux fixes the following issues: - Fix tests not passing when '@' character is in build path: Fixes rpmbuild %checks fail when @ in the directory path (bsc#1194038). - libuuid continuous clock handling for time based UUIDs: Prevent use of the new libuuid ABI by uuidd %post before update of libuuid1 (bsc#1205646). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:178-1 Released: Thu Jan 26 20:58:21 2023 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1207182 This update for openssl-1_1 fixes the following issues: - FIPS: Add Pair-wise Consistency Test when generating DH key [bsc#1207182] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:188-1 Released: Fri Jan 27 12:07:19 2023 Summary: Recommended update for zlib Type: recommended Severity: important References: 1203652 This update for zlib fixes the following issues: - Follow up fix for bug bsc#1203652 due to libxml2 issues ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:201-1 Released: Fri Jan 27 15:24:15 2023 Summary: Security update for systemd Type: security Severity: moderate References: 1204944,1205000,1207264,CVE-2022-4415 This update for systemd fixes the following issues: - CVE-2022-4415: Fixed an issue where users could access coredumps with changed uid, gid or capabilities (bsc#1205000). Non-security fixes: - Enabled the pstore service (jsc#PED-2663). - Fixed an issue accessing TPM when secure boot is enabled (bsc#1204944). - Fixed an issue where a pamd file could get accidentally overwritten after an update (bsc#1207264). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:311-1 Released: Tue Feb 7 17:36:32 2023 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1207533,1207534,1207536,1207538,CVE-2022-4304,CVE-2022-4450,CVE-2023-0215,CVE-2023-0286 This update for openssl-1_1 fixes the following issues: - CVE-2023-0286: Fixed X.400 address type confusion in X.509 GENERAL_NAME_cmp for x400Address (bsc#1207533). - CVE-2023-0215: Fixed use-after-free following BIO_new_NDEF() (bsc#1207536). - CVE-2022-4450: Fixed double free after calling PEM_read_bio_ex() (bsc#1207538). - CVE-2022-4304: Fixed timing Oracle in RSA Decryption (bsc#1207534). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:429-1 Released: Wed Feb 15 17:41:22 2023 Summary: Security update for curl Type: security Severity: important References: 1207990,1207991,1207992,CVE-2023-23914,CVE-2023-23915,CVE-2023-23916 This update for curl fixes the following issues: - CVE-2023-23914: Fixed HSTS ignored on multiple requests (bsc#1207990). - CVE-2023-23915: Fixed HSTS amnesia with --parallel (bsc#1207991). - CVE-2023-23916: Fixed HTTP multi-header compression denial of service (bsc#1207992). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:464-1 Released: Mon Feb 20 18:11:37 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: This update for systemd fixes the following issues: - Merge of v249.15 - Drop workaround related to systemd-timesyncd that addressed a Factory issue. - Conditionalize the use of /lib/modprobe.d only on systems with split usr support enabled (i.e. SLE). - Make use of the %systemd_* rpm macros consistently. Using the upstream variants will ease the backports of Factory changes to SLE since Factory systemd uses the upstream variants exclusively. - machines.target belongs to systemd-container, do its init/cleanup steps from the scriptlets of this sub-package. - Make sure we apply the presets on units shipped by systemd package. - systemd-testsuite: move the integration tests in a dedicated sub directory. - Move systemd-cryptenroll into udev package. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:563-1 Released: Tue Feb 28 10:51:46 2023 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1207994 This update for openssl-1_1 fixes the following issues: - FIPS: Serialize jitterentropy calls to avoid thread safety issues [bsc#1207994] ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:569-1 Released: Tue Feb 28 11:08:10 2023 Summary: Security update for postgresql15 Type: security Severity: important References: 1208102,CVE-2022-41862 This update for postgresql15 fixes the following issues: Update to 15.2: - CVE-2022-41862: Fixed memory leak in libpq (bsc#1208102). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:583-1 Released: Wed Mar 1 11:07:08 2023 Summary: Security update for postgresql13 Type: security Severity: important References: 1208102,CVE-2022-41862 This update for postgresql13 fixes the following issues: Update to 13.10: - CVE-2022-41862: Fixed memory leak in libpq (bsc#1208102). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:617-1 Released: Fri Mar 3 16:49:06 2023 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: 1207789 This update for jitterentropy fixes the following issues: - build jitterentropy library with debuginfo (bsc#1207789) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:709-1 Released: Fri Mar 10 16:04:41 2023 Summary: Recommended update for console-setup Type: recommended Severity: moderate References: 1202853 This update for console-setup and kbd fixes the following issue: - Fix Caps_Lock mapping for us.map and others (bsc#1202853) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:714-1 Released: Mon Mar 13 10:53:25 2023 Summary: Recommended update for rpm Type: recommended Severity: important References: 1207294 This update for rpm fixes the following issues: - Fix missing python(abi) for 3.XX versions (bsc#1207294) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:776-1 Released: Thu Mar 16 17:29:23 2023 Summary: Recommended update for gcc12 Type: recommended Severity: moderate References: This update for gcc12 fixes the following issues: This update ships gcc12 also to the SUSE Linux Enterprise 15 SP1 LTSS and 15 SP2 LTSS products. SUSE Linux Enterprise 15 SP3 and SP4 get only refreshed builds without changes This update ship the GCC 12 compiler suite and its base libraries. The compiler baselibraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 11 ones. The new compilers for C, C++, and Fortran are provided in the SUSE Linux Enterprise Module for Development Tools. To use gcc12 compilers use: - install 'gcc12' or 'gcc12-c++' or one of the other 'gcc12-COMPILER' frontend packages. - override your makefile to use CC=gcc12, CXX=g++12 and similar overrides for the other languages. For a full changelog with all new GCC12 features, check out https://gcc.gnu.org/gcc-12/changes.html ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:782-1 Released: Thu Mar 16 19:08:34 2023 Summary: Recommended update for libgcrypt Type: recommended Severity: moderate References: 1208924,1208925,1208926 This update for libgcrypt fixes the following issues: - FIPS: ECC: Transition to error-state if PCT fail [bsc#1208925] - FIPS: ECDSA: Avoid no-keytest in ECDSA keygen [bsc#1208924] - FIPS: PBKDF2: Added additional checks for the minimum key length, salt length, iteration count and passphrase length to the kdf FIPS indicator in _gcry_fips_indicator_kdf() [bsc#1208926] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:783-1 Released: Thu Mar 16 19:09:03 2023 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1208998 This update for openssl-1_1 fixes the following issues: FIPS: Service-level indicator changes [bsc#1208998] * Add additional checks required by FIPS 140-3. Minimum values for PBKDF2 are: 112 bits for key, 128 bits for salt, 1000 for iteration count and 20 characters for password. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1582-1 Released: Mon Mar 27 10:31:52 2023 Summary: Security update for curl Type: security Severity: moderate References: 1209209,1209210,1209211,1209212,1209214,CVE-2023-27533,CVE-2023-27534,CVE-2023-27535,CVE-2023-27536,CVE-2023-27538 This update for curl fixes the following issues: - CVE-2023-27533: Fixed TELNET option IAC injection (bsc#1209209). - CVE-2023-27534: Fixed SFTP path ~ resolving discrepancy (bsc#1209210). - CVE-2023-27535: Fixed FTP too eager connection reuse (bsc#1209211). - CVE-2023-27536: Fixed GSS delegation too eager connection reuse (bsc#1209212). - CVE-2023-27538: Fixed SSH connection too eager reuse still (bsc#1209214). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1662-1 Released: Wed Mar 29 10:36:23 2023 Summary: Recommended update for patterns-base Type: recommended Severity: moderate References: 1203537 This update for patterns-base fixes the following issues: - change label of FIPS 140-2 to 140-3 to reflect our current certifications (bsc#1203537) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1688-1 Released: Wed Mar 29 18:19:10 2023 Summary: Security update for zstd Type: security Severity: moderate References: 1209533,CVE-2022-4899 This update for zstd fixes the following issues: - CVE-2022-4899: Fixed buffer overrun in util.c (bsc#1209533). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1718-1 Released: Fri Mar 31 15:47:34 2023 Summary: Security update for glibc Type: security Severity: moderate References: 1207571,1207957,1207975,1208358,CVE-2023-0687 This update for glibc fixes the following issues: Security issue fixed: - CVE-2023-0687: Fix allocated buffer overflow in gmon (bsc#1207975) Other issues fixed: - Fix avx2 strncmp offset compare condition check (bsc#1208358) - elf: Allow dlopen of filter object to work (bsc#1207571) - powerpc: Fix unrecognized instruction errors with recent GCC - x86: Cache computation for AMD architecture (bsc#1207957) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1745-1 Released: Tue Apr 4 09:05:23 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1209624,CVE-2023-0464 This update for openssl-1_1 fixes the following issues: - CVE-2023-0464: Fixed excessive Resource Usage Verifying X.509 Policy Constraints (bsc#1209624). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1753-1 Released: Tue Apr 4 11:55:00 2023 Summary: Recommended update for systemd-presets-common-SUSE Type: recommended Severity: moderate References: This update for systemd-presets-common-SUSE fixes the following issue: - Enable systemd-pstore.service by default (jsc#PED-2663) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1779-1 Released: Thu Apr 6 08:16:58 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1208432 This update for systemd fixes the following issues: - Fix return non-zero value when disabling SysVinit service (bsc#1208432) - Drop build requirement on libpci, it's not no longer needed - Move systemd-boot and all components managing (secure) UEFI boot into udev sub-package, so they aren't installed in systemd based containers ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1805-1 Released: Tue Apr 11 10:12:41 2023 Summary: Recommended update for timezone Type: recommended Severity: important References: This update for timezone fixes the following issues: - Version update from 2022g to 2023c: * Egypt now uses DST again, from April through October. * This year Morocco springs forward April 23, not April 30. * Palestine delays the start of DST this year. * Much of Greenland still uses DST from 2024 on. * America/Yellowknife now links to America/Edmonton. * tzselect can now use current time to help infer timezone. * The code now defaults to C99 or later. The following package changes have been done: - filesystem-15.0-11.8.1 updated - libldap-data-2.4.46-150200.14.11.2 updated - libtirpc-netconfig-1.2.6-150300.3.17.1 updated - glibc-2.31-150300.46.1 updated - libcrypt1-4.4.15-150300.4.4.3 updated - perl-base-5.26.1-150300.17.11.1 updated - libssh-config-0.9.6-150400.1.5 updated - libsepol1-3.1-150400.1.70 updated - liblz4-1-1.9.3-150400.1.7 updated - libgpg-error0-1.42-150400.1.101 updated - libcap2-2.63-150400.1.7 updated - libbz2-1-1.0.8-150400.1.122 updated - libaudit1-3.0.6-150400.2.13 updated - libzstd1-1.5.0-150400.3.3.1 updated - libuuid1-2.37.2-150400.8.14.1 updated - libudev1-249.16-150400.8.25.7 updated - libsmartcols1-2.37.2-150400.8.14.1 updated - libeconf0-0.4.6+git20220427.3016f4e-150400.3.3.1 updated - libcom_err2-1.46.4-150400.3.3.1 updated - libblkid1-2.37.2-150400.8.14.1 updated - libgcrypt20-1.9.4-150400.6.8.1 updated - libgcrypt20-hmac-1.9.4-150400.6.8.1 updated - libfdisk1-2.37.2-150400.8.14.1 updated - libz1-1.2.11-150000.3.39.1 updated - libpcre1-8.45-150000.20.13.1 updated - liblzma5-5.2.3-150000.4.7.1 updated - libjitterentropy3-3.4.0-150000.1.9.1 added - libgcc_s1-12.2.1+git416-150000.1.7.1 updated - libstdc++6-12.2.1+git416-150000.1.7.1 updated - libpsl5-0.20.1-150000.3.3.1 updated - libncurses6-6.1-150000.5.12.1 updated - terminfo-base-6.1-150000.5.12.1 updated - ncurses-utils-6.1-150000.5.12.1 updated - libelf1-0.185-150400.5.3.1 updated - libxml2-2-2.9.14-150400.5.13.1 updated - libsystemd0-249.16-150400.8.25.7 updated - libopenssl1_1-1.1.1l-150400.7.31.2 updated - libopenssl1_1-hmac-1.1.1l-150400.7.31.2 updated - libdw1-0.185-150400.5.3.1 updated - patterns-base-fips-20200124-150400.20.4.1 updated - libselinux1-3.1-150400.1.69 updated - libreadline7-7.0-150400.25.22 updated - libsemanage1-3.1-150400.1.65 updated - bash-4.4-150400.25.22 updated - bash-sh-4.4-150400.25.22 updated - cpio-2.13-150400.1.98 updated - libldap-2_4-2-2.4.46-150200.14.11.2 updated - libmount1-2.37.2-150400.8.14.1 updated - krb5-1.19.2-150400.3.3.1 updated - login_defs-4.8.1-150400.10.3.1 updated - coreutils-8.32-150400.7.5 updated - libssh4-0.9.6-150400.1.5 updated - sles-release-15.4-150400.55.1 updated - libtirpc3-1.2.6-150300.3.17.1 updated - grep-3.1-150000.4.6.1 updated - libcurl4-7.79.1-150400.5.18.1 updated - rpm-config-SUSE-1-150400.14.3.1 updated - permissions-20201225-150400.5.16.1 updated - rpm-ndb-4.14.3-150300.55.1 updated - pam-1.3.0-150000.6.61.1 updated - shadow-4.8.1-150400.10.3.1 updated - sysuser-shadow-3.1-150400.1.35 updated - system-group-hardware-20170617-150400.22.33 updated - util-linux-2.37.2-150400.8.14.1 updated - aaa_base-84.87+git20180409.04c9dae-150300.10.3.1 updated - timezone-2023c-150000.75.23.1 updated - libp11-kit0-0.23.22-150400.1.10 updated - glibc-locale-base-2.31-150300.46.1 updated - kbd-legacy-2.4.0-150400.5.3.1 updated - libapparmor1-3.0.4-150400.5.3.1 updated - libdbus-1-3-1.12.2-150400.18.5.1 updated - libdevmapper1_03-2.03.05_1.02.163-150400.185.1 updated - libexpat1-2.4.4-150400.3.12.1 updated - libicu65_1-ledata-65.1-150200.4.5.1 updated - libpq5-15.2-150200.5.6.1 updated - libseccomp2-2.5.3-150400.2.4 updated - systemd-presets-common-SUSE-15-150100.8.20.1 updated - update-alternatives-1.19.0.4-150000.4.4.1 updated - glibc-locale-2.31-150300.46.1 updated - kbd-2.4.0-150400.5.3.1 updated - libicu-suse65_1-65.1-150200.4.5.1 updated - libcryptsetup12-2.4.3-150400.1.110 updated - libcryptsetup12-hmac-2.4.3-150400.1.110 updated - systemd-presets-branding-SLE-15.1-150100.20.11.1 updated - postgresql-15-150400.4.6.2 updated - postgresql13-13.10-150200.5.37.1 updated - dbus-1-1.12.2-150400.18.5.1 updated - systemd-249.16-150400.8.25.7 updated - postgresql-server-15-150400.4.6.2 updated - postgresql13-server-13.10-150200.5.37.1 updated - container:sles15-image-15.0.0-27.14.50 updated From sle-updates at lists.suse.com Fri Apr 14 07:07:10 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 14 Apr 2023 09:07:10 +0200 (CEST) Subject: SUSE-CU-2023:1105-1: Security update of suse/postgres Message-ID: <20230414070710.90B6DF36E@maintenance.suse.de> SUSE Container Update Advisory: suse/postgres ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1105-1 Container Tags : suse/postgres:14 , suse/postgres:14-20.1 , suse/postgres:14.7 , suse/postgres:14.7-20.1 Container Release : 20.1 Severity : critical Type : security References : 1040589 1047178 1087072 1121365 1137373 1177460 1177460 1177460 1179416 1180125 1180995 1181658 1181805 1182983 1183543 1183545 1183659 1185299 1185637 1187670 1188548 1190651 1190651 1190651 1190653 1190700 1190740 1190824 1190888 1191020 1191157 1192951 1193282 1193489 1193659 1193711 1193859 1193951 1194038 1194047 1194708 1194968 1195059 1195157 1195251 1195283 1195628 1195680 1195680 1196025 1196026 1196093 1196107 1196168 1196169 1196171 1196275 1196406 1196490 1196647 1196784 1196861 1197004 1197024 1197065 1197178 1197459 1197570 1197718 1197771 1197794 1198062 1198165 1198166 1198176 1198341 1198446 1198471 1198472 1198523 1198627 1198720 1198731 1198732 1198751 1198752 1199074 1199132 1199140 1199140 1199166 1199232 1199240 1199467 1199475 1199492 1199524 1199944 1200170 1200334 1200437 1200485 1200550 1200723 1200734 1200735 1200736 1200737 1200747 1200800 1200855 1200855 1201099 1201276 1201293 1201385 1201560 1201640 1201680 1201795 1201942 1201959 1202011 1202117 1202148 1202148 1202175 1202310 1202324 1202344 1202368 1202593 1202750 1202853 1202870 1203018 1203046 1203069 1203216 1203438 1203482 1203537 1203652 1203652 1203911 1204111 1204112 1204113 1204179 1204211 1204366 1204367 1204383 1204386 1204585 1204649 1204708 1204944 1204968 1205000 1205000 1205126 1205156 1205300 1205502 1205646 1206308 1206309 1207182 1207264 1207294 1207533 1207534 1207536 1207538 1207571 1207789 1207957 1207975 1207990 1207991 1207992 1207994 1208102 1208102 1208358 1208432 1208924 1208925 1208926 1208998 1209209 1209210 1209211 1209212 1209214 1209533 1209624 CVE-2017-6512 CVE-2018-25032 CVE-2020-21913 CVE-2021-20266 CVE-2021-20271 CVE-2021-3421 CVE-2021-46828 CVE-2022-1271 CVE-2022-1292 CVE-2022-1304 CVE-2022-1552 CVE-2022-1586 CVE-2022-1664 CVE-2022-1706 CVE-2022-2068 CVE-2022-2097 CVE-2022-23308 CVE-2022-25235 CVE-2022-25236 CVE-2022-25313 CVE-2022-25314 CVE-2022-25315 CVE-2022-2625 CVE-2022-29155 CVE-2022-29458 CVE-2022-29824 CVE-2022-31252 CVE-2022-32205 CVE-2022-32206 CVE-2022-32207 CVE-2022-32208 CVE-2022-32221 CVE-2022-35252 CVE-2022-37434 CVE-2022-3821 CVE-2022-40303 CVE-2022-40304 CVE-2022-40674 CVE-2022-41862 CVE-2022-41862 CVE-2022-42010 CVE-2022-42011 CVE-2022-42012 CVE-2022-42898 CVE-2022-42916 CVE-2022-4304 CVE-2022-43551 CVE-2022-43552 CVE-2022-43680 CVE-2022-4415 CVE-2022-4415 CVE-2022-4450 CVE-2022-4899 CVE-2023-0215 CVE-2023-0286 CVE-2023-0464 CVE-2023-0687 CVE-2023-23914 CVE-2023-23915 CVE-2023-23916 CVE-2023-27533 CVE-2023-27534 CVE-2023-27535 CVE-2023-27536 CVE-2023-27538 ----------------------------------------------------------------- The container suse/postgres was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2682-1 Released: Thu Aug 12 20:06:19 2021 Summary: Security update for rpm Type: security Severity: important References: 1179416,1181805,1183543,1183545,CVE-2021-20266,CVE-2021-20271,CVE-2021-3421 This update for rpm fixes the following issues: - Changed default package verification level to 'none' to be compatible to rpm-4.14.1 - Made illegal obsoletes a warning - Fixed a potential access of freed mem in ndb's glue code (bsc#1179416) - Added support for enforcing signature policy and payload verification step to transactions (jsc#SLE-17817) - Added :humansi and :hmaniec query formatters for human readable output - Added query selectors for whatobsoletes and whatconflicts - Added support for sorting caret higher than base version - rpm does no longer require the signature header to be in a contiguous region when signing (bsc#1181805) Security fixes: - CVE-2021-3421: A flaw was found in the RPM package in the read functionality. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package or compromise an RPM repository, to cause RPM database corruption. The highest threat from this vulnerability is to data integrity (bsc#1183543) - CVE-2021-20271: A flaw was found in RPM's signature check functionality when reading a package file. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package, whose signature header was modified, to cause RPM database corruption and execute code. The highest threat from this vulnerability is to data integrity, confidentiality, and system availability (bsc#1183545) - CVE-2021-20266: A flaw was found in RPM's hdrblobInit() in lib/header.c. This flaw allows an attacker who can modify the rpmdb to cause an out-of-bounds read. The highest threat from this vulnerability is to system availability. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3445-1 Released: Fri Oct 15 09:03:39 2021 Summary: Security update for rpm Type: security Severity: important References: 1183659,1185299,1187670,1188548 This update for rpm fixes the following issues: Security issues fixed: - PGP hardening changes (bsc#1185299) Maintaince issues fixed: - Fixed zstd detection (bsc#1187670) - Added ndb rofs support (bsc#1188548) - Fixed deadlock when multiple rpm processes try tp acquire the database lock (bsc#1183659) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:96-1 Released: Tue Jan 18 05:14:44 2022 Summary: Recommended update for rpm Type: recommended Severity: important References: 1180125,1190824,1193711 This update for rpm fixes the following issues: - Fix header check so that old rpms no longer get rejected (bsc#1190824) - Add explicit requirement on python-rpm-macros (bsc#1180125, bsc#1193711) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:520-1 Released: Fri Feb 18 12:45:19 2022 Summary: Recommended update for rpm Type: recommended Severity: moderate References: 1194968 This update for rpm fixes the following issues: - Revert unwanted /usr/bin/python to /usr/bin/python2 change we got with the update to 4.14.3 (bsc#1194968) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:936-1 Released: Tue Mar 22 18:10:17 2022 Summary: Recommended update for filesystem and systemd-rpm-macros Type: recommended Severity: moderate References: 1196275,1196406 This update for filesystem and systemd-rpm-macros fixes the following issues: filesystem: - Add path /lib/modprobe.d (bsc#1196275, jsc#SLE-20639) systemd-rpm-macros: - Make %_modprobedir point to /lib/modprobe.d (bsc#1196275, bsc#1196406) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1047-1 Released: Wed Mar 30 16:20:56 2022 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1196093,1197024 This update for pam fixes the following issues: - Define _pam_vendordir as the variable is needed by systemd and others. (bsc#1196093) - Between allocating the variable 'ai' and free'ing them, there are two 'return NO' were we don't free this variable. This patch inserts freaddrinfo() calls before the 'return NO;'s. (bsc#1197024) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1061-1 Released: Wed Mar 30 18:27:06 2022 Summary: Security update for zlib Type: security Severity: important References: 1197459,CVE-2018-25032 This update for zlib fixes the following issues: - CVE-2018-25032: Fixed memory corruption on deflate (bsc#1197459). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1118-1 Released: Tue Apr 5 18:34:06 2022 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: - timezone update 2022a (bsc#1177460): * Palestine will spring forward on 2022-03-27, not on 03-26 * `zdump -v` now outputs better failure indications * Bug fixes for code that reads corrupted TZif data ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1158-1 Released: Tue Apr 12 14:44:43 2022 Summary: Security update for xz Type: security Severity: important References: 1198062,CVE-2022-1271 This update for xz fixes the following issues: - CVE-2022-1271: Fixed an incorrect escaping of malicious filenames (ZDI-CAN-16587). (bsc#1198062) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1281-1 Released: Wed Apr 20 12:26:38 2022 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1196647 This update for libtirpc fixes the following issues: - Add option to enforce connection via protocol version 2 first (bsc#1196647) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1374-1 Released: Mon Apr 25 15:02:13 2022 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1191157,1197004 This update for openldap2 fixes the following issues: - allow specification of max/min TLS version with TLS1.3 (bsc#1191157) - libldap was able to be out of step with openldap in some cases which could cause incorrect installations and symbol resolution failures. openldap2 and libldap now are locked to their related release versions. (bsc#1197004) - restore CLDAP functionality in CLI tools (jsc#PM-3288) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1409-1 Released: Tue Apr 26 12:54:57 2022 Summary: Recommended update for gcc11 Type: recommended Severity: moderate References: 1195628,1196107 This update for gcc11 fixes the following issues: - Add a list of Obsoletes to libstdc++6-pp-gcc11 so updates from packages provided by older GCC work. Add a requires from that package to the corresponding libstc++6 package to keep those at the same version. [bsc#1196107] - Fixed memory corruption when creating dependences with the D language frontend. - Add gcc11-PIE, similar to gcc-PIE but affecting gcc11 [bsc#1195628] - Put libstdc++6-pp Requires on the shared library and drop to Recommends. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1438-1 Released: Wed Apr 27 15:27:19 2022 Summary: Recommended update for systemd-presets-common-SUSE Type: recommended Severity: low References: 1195251 This update for systemd-presets-common-SUSE fixes the following issue: - enable vgauthd service for VMWare by default (bsc#1195251) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1451-1 Released: Thu Apr 28 10:47:22 2022 Summary: Recommended update for perl Type: recommended Severity: moderate References: 1193489 This update for perl fixes the following issues: - Fix Socket::VERSION evaluation and stabilize Socket:VERSION comparisons (bsc#1193489) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1463-1 Released: Fri Apr 29 09:39:45 2022 Summary: Recommended update for postgresql13 Type: recommended Severity: moderate References: 1190740,1195680 This update for postgresql13 fixes the following issues: - Upgrade to 14.2: (bsc#1195680) * https://www.postgresql.org/docs/14/release-14-2.html * Reindexing might be needed after applying this upgrade, so please read the release notes carefully. - Add constraints file with 12GB of memory for s390x as a workaround. (bsc#1190740) - Add a llvmjit-devel subpackage to pull in the right versions of clang and llvm for building extensions. - Fix some mistakes in the interdependencies between the implementation packages and their noarch counterpart. - Update the BuildIgnore section. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1655-1 Released: Fri May 13 15:36:10 2022 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1197794 This update for pam fixes the following issue: - Do not include obsolete header files (bsc#1197794) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1658-1 Released: Fri May 13 15:40:20 2022 Summary: Recommended update for libpsl Type: recommended Severity: important References: 1197771 This update for libpsl fixes the following issues: - Fix libpsl compilation issues (bsc#1197771) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1670-1 Released: Mon May 16 10:06:30 2022 Summary: Security update for openldap2 Type: security Severity: important References: 1199240,CVE-2022-29155 This update for openldap2 fixes the following issues: - CVE-2022-29155: Fixed SQL injection in back-sql (bsc#1199240). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1718-1 Released: Tue May 17 17:44:43 2022 Summary: Security update for e2fsprogs Type: security Severity: important References: 1198446,CVE-2022-1304 This update for e2fsprogs fixes the following issues: - CVE-2022-1304: Fixed out-of-bounds read/write leading to segmentation fault and possibly arbitrary code execution. (bsc#1198446) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1887-1 Released: Tue May 31 09:24:18 2022 Summary: Recommended update for grep Type: recommended Severity: moderate References: 1040589 This update for grep fixes the following issues: - Make profiling deterministic. (bsc#1040589, SLE-24115) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1899-1 Released: Wed Jun 1 10:43:22 2022 Summary: Recommended update for libtirpc Type: recommended Severity: important References: 1198176 This update for libtirpc fixes the following issues: - Add a check for nullpointer in check_address to prevent client from crashing (bsc#1198176) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1908-1 Released: Wed Jun 1 15:31:33 2022 Summary: Security update for postgresql14 Type: security Severity: important References: 1199475,CVE-2022-1552 This update for postgresql14 fixes the following issues: - CVE-2022-1552: Confine additional operations within 'security restricted operation' sandboxes (bsc#1199475). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1909-1 Released: Wed Jun 1 16:25:35 2022 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1198751 This update for glibc fixes the following issues: - Add the correct name for the IBM Z16 (bsc#1198751). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2019-1 Released: Wed Jun 8 16:50:07 2022 Summary: Recommended update for gcc11 Type: recommended Severity: moderate References: 1192951,1193659,1195283,1196861,1197065 This update for gcc11 fixes the following issues: Update to the GCC 11.3.0 release. * includes SLS hardening backport on x86_64. [bsc#1195283] * includes change to adjust gnats idea of the target, fixing the build of gprbuild. [bsc#1196861] * fixed miscompile of embedded premake in 0ad on i586. [bsc#1197065] * use --with-cpu rather than specifying --with-arch/--with-tune * Fix D memory corruption in -M output. * Fix ICE in is_this_parameter with coroutines. [bsc#1193659] * fixes issue with debug dumping together with -o /dev/null * fixes libgccjit issue showing up in emacs build [bsc#1192951] * Package mwaitintrin.h ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2294-1 Released: Wed Jul 6 13:34:15 2022 Summary: Security update for expat Type: security Severity: important References: 1196025,1196026,1196168,1196169,1196171,1196784,CVE-2022-25235,CVE-2022-25236,CVE-2022-25313,CVE-2022-25314,CVE-2022-25315 This update for expat fixes the following issues: - CVE-2022-25236: Fixed possible namespace-separator characters insertion into namespace URIs (bsc#1196025). - Fixed a regression caused by the patch for CVE-2022-25236 (bsc#1196784). - CVE-2022-25235: Fixed UTF-8 character validation in a certain context (bsc#1196026). - CVE-2022-25313: Fixed stack exhaustion in build_model() via uncontrolled recursion (bsc#1196168). - CVE-2022-25314: Fixed integer overflow in copyString (bsc#1196169). - CVE-2022-25315: Fixed integer overflow in storeRawNames (bsc#1196171). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2305-1 Released: Wed Jul 6 13:38:42 2022 Summary: Security update for curl Type: security Severity: important References: 1200734,1200735,1200736,1200737,CVE-2022-32205,CVE-2022-32206,CVE-2022-32207,CVE-2022-32208 This update for curl fixes the following issues: - CVE-2022-32205: Set-Cookie denial of service (bsc#1200734) - CVE-2022-32206: HTTP compression denial of service (bsc#1200735) - CVE-2022-32207: Unpreserved file permissions (bsc#1200736) - CVE-2022-32208: FTP-KRB bad message verification (bsc#1200737) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2308-1 Released: Wed Jul 6 14:15:13 2022 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1185637,1199166,1200550,1201099,CVE-2022-1292,CVE-2022-2068,CVE-2022-2097 This update for openssl-1_1 fixes the following issues: - CVE-2022-1292: Fixed command injection in c_rehash (bsc#1199166). - CVE-2022-2068: Fixed more shell code injection issues in c_rehash. (bsc#1200550) - CVE-2022-2097: Fixed partial missing encryption in AES OCB mode (bsc#1201099). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2323-1 Released: Thu Jul 7 12:16:58 2022 Summary: Recommended update for systemd-presets-branding-SLE Type: recommended Severity: low References: This update for systemd-presets-branding-SLE fixes the following issues: - Enable suseconnect-keepalive.timer for SUSEConnect (jsc#SLE-23312) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2361-1 Released: Tue Jul 12 12:05:01 2022 Summary: Security update for pcre Type: security Severity: important References: 1199232,CVE-2022-1586 This update for pcre fixes the following issues: - CVE-2022-1586: Fixed unicode property matching issue. (bsc#1199232) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2406-1 Released: Fri Jul 15 11:49:01 2022 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1197718,1199140,1200334,1200855 This update for glibc fixes the following issues: - powerpc: Fix VSX register number on __strncpy_power9 (bsc#1200334) - Disable warnings due to deprecated libselinux symbols used by nss and nscd (bsc#1197718) - i386: Remove broken CAN_USE_REGISTER_ASM_EBP (bsc#1197718) - rtld: Avoid using up static TLS surplus for optimizations (bsc#1200855, BZ #25051) This readds the s390 32bit glibc and libcrypt1 libraries (glibc-32bit, glibc-locale-base-32bit, libcrypt1-32bit). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2469-1 Released: Thu Jul 21 04:38:31 2022 Summary: Recommended update for systemd Type: recommended Severity: important References: 1137373,1181658,1194708,1195157,1197570,1198732,1200170,1201276 This update for systemd fixes the following issues: - Make {/etc,/usr/lib}/systemd/network owned by both udev and systemd-network. The configuration files put in these directories are read by both udevd and systemd-networkd (bsc#1201276) - Allow control characters in environment variable values (bsc#1200170) - Fix issues with multipath setup (bsc#1137373, bsc#1181658, bsc#1194708, bsc#1195157, bsc#1197570) - Fix parsing error in s390 udev rules conversion script (bsc#1198732) - core/device: device_coldplug(): don't set DEVICE_DEAD - core/device: do not downgrade device state if it is already enumerated - core/device: drop unnecessary condition ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2493-1 Released: Thu Jul 21 14:35:08 2022 Summary: Recommended update for rpm-config-SUSE Type: recommended Severity: moderate References: 1193282 This update for rpm-config-SUSE fixes the following issues: - Add SBAT values macros for other packages (bsc#1193282) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2494-1 Released: Thu Jul 21 15:16:42 2022 Summary: Recommended update for glibc Type: recommended Severity: important References: 1200855,1201560,1201640 This update for glibc fixes the following issues: - Remove tunables from static tls surplus patch which caused crashes (bsc#1200855) - i386: Disable check_consistency for GCC 5 and above (bsc#1201640, BZ #25788) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2552-1 Released: Tue Jul 26 14:55:40 2022 Summary: Security update for libxml2 Type: security Severity: important References: 1196490,1199132,CVE-2022-23308,CVE-2022-29824 This update for libxml2 fixes the following issues: Update to 2.9.14: - CVE-2022-29824: Fixed integer overflow that could have led to an out-of-bounds write in buf.c (xmlBuf*) and tree.c (xmlBuffer*) (bsc#1199132). Update to version 2.9.13: - CVE-2022-23308: Fixed a use-after-free of ID and IDREF attributes. (bsc#1196490) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2632-1 Released: Wed Aug 3 09:51:00 2022 Summary: Security update for permissions Type: security Severity: important References: 1198720,1200747,1201385 This update for permissions fixes the following issues: * apptainer: fix starter-suid location (bsc#1198720) * static permissions: remove deprecated bind / named chroot entries (bsc#1200747) * postfix: add postlog setgid for maildrop binary (bsc#1201385) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2706-1 Released: Tue Aug 9 09:17:54 2022 Summary: Recommended update for postgresql Type: recommended Severity: moderate References: 1195680 This update for postgresql fixes the following issues: - Fix the pg_server_requires macro on older rpm versions (SLE-12) - Avoid a dependency on awk in postgresql-script. - Move the dependency of llvmjit-devel on clang and llvm to the implementation packages where we can depend on the correct versions. - Fix postgresql_has_llvm usage - First round of changes to make it easier to build extensions for - add postgresql-llvmjit-devel subpackage: This package will pull in clang and llvm if the distro has a recent enough version, otherwise it will just pull postgresql-server-devel. - add postgresql macros to the postgresql-server-devel package those cover all the variables from pg_config and some macros to remove repitition from the spec files - Bump version to 14. (bsc#1195680) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2717-1 Released: Tue Aug 9 12:54:16 2022 Summary: Security update for ncurses Type: security Severity: moderate References: 1198627,CVE-2022-29458 This update for ncurses fixes the following issues: - CVE-2022-29458: Fixed segfaulting out-of-bounds read in convert_strings in tinfo/read_entry.c (bsc#1198627). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2796-1 Released: Fri Aug 12 14:34:31 2022 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: This update for jitterentropy fixes the following issues: jitterentropy is included in version 3.4.0 (jsc#SLE-24941): This is a FIPS 140-3 / NIST 800-90b compliant userspace jitter entropy generator library, used by other FIPS libraries. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2866-1 Released: Mon Aug 22 15:36:30 2022 Summary: Security update for systemd-presets-common-SUSE Type: security Severity: moderate References: 1199524,1200485,CVE-2022-1706 This update for systemd-presets-common-SUSE fixes the following issues: - CVE-2022-1706: Fixed accessible configs from unprivileged containers in VMs running on VMware products (bsc#1199524). The following non-security bugs were fixed: - Modify branding-preset-states to fix systemd-presets-common-SUSE not enabling new user systemd service preset configuration just as it handles system service presets. By passing an (optional) second parameter 'user', the save/apply-changes commands now work with user services instead of system ones (bsc#1200485) - Add the wireplumber user service preset to enable it by default in SLE15-SP4 where it replaced pipewire-media-session, but keep pipewire-media-session preset so we don't have to branch the systemd-presets-common-SUSE package for SP4 (bsc#1200485) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2901-1 Released: Fri Aug 26 03:34:23 2022 Summary: Recommended update for elfutils Type: recommended Severity: moderate References: This update for elfutils fixes the following issues: - Fix runtime dependency for devel package ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2904-1 Released: Fri Aug 26 05:28:34 2022 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1198341 This update for openldap2 fixes the following issues: - Prevent memory reuse which may lead to instability (bsc#1198341) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2920-1 Released: Fri Aug 26 15:17:02 2022 Summary: Recommended update for systemd Type: recommended Severity: important References: 1195059,1201795 This update for systemd fixes the following issues: - Don't replace /etc/systemd/system/tmp.mount symlink with a dangling one pointing to /usr/lib/systemd/ (bsc#1201795) - Drop or soften some of the deprecation warnings (jsc#PED-944) - Ensure root user can login even if systemd-user-sessions.service is not activated yet (bsc#1195059) - Avoid applying presets to any services shipped by the experimental sub-package, as they aren't enabled by default - analyze: Fix offline check for syscal filter - calendarspec: Fix timer skipping the next elapse - core: Allow command argument to be longer - hwdb: Add AV production controllers to hwdb and add uaccess - hwdb: Allow console users access to rfkill - hwdb: Allow end-users root-less access to TL866 EPROM readers - hwdb: Permit unsetting power/persist for USB devices - hwdb: Tag IR cameras as such - hwdb: Fix parsing issue - hwdb: Make usb match patterns uppercase - hwdb: Update the hardware database - journal-file: Stop using the event loop if it's already shutting down - journal-remote: Disable `--trust` option when gnutls is disabled and check_permission() should not be called - journald: Ensure resources are properly allocated for SIGTERM handling - kernel-install: Ensure modules.builtin.alias.bin is removed when no longer needed - macro: Account for negative values in DECIMAL_STR_WIDTH() - manager: Disallow clone3() function call in seccomp filters - missing-syscall: Define MOVE_MOUNT_T_EMPTY_PATH if missing - pid1,cgroup-show: Prevent failure if cgroup.procs in some subcgroups is not readable - resolve: Fix typo in dns_class_is_pseudo() - sd-event: Improve handling of process events and termination of processes - sd-ipv4acd: Fix ARP packet conflicts occurring when sender hardware is one of the host's interfaces - stdio-bridge: Improve the meaning of the error message - tmpfiles: Check for the correct directory ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2929-1 Released: Mon Aug 29 11:21:47 2022 Summary: Recommended update for timezone Type: recommended Severity: important References: 1202310 This update for timezone fixes the following issue: - Reflect new Chile DST change (bsc#1202310) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2947-1 Released: Wed Aug 31 09:16:21 2022 Summary: Security update for zlib Type: security Severity: important References: 1202175,CVE-2022-37434 This update for zlib fixes the following issues: - CVE-2022-37434: Fixed heap-based buffer over-read or buffer overflow via large gzip header extra field (bsc#1202175). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2977-1 Released: Thu Sep 1 12:30:19 2022 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1197178,1198731 This update for util-linux fixes the following issues: - agetty: Resolve tty name even if stdin is specified (bsc#1197178) - libmount: When moving a mount point, update all sub mount entries in utab (bsc#1198731) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2989-1 Released: Thu Sep 1 14:24:28 2022 Summary: Security update for postgresql14 Type: security Severity: important References: 1198166,1200437,1202368,CVE-2022-2625 This update for postgresql14 fixes the following issues: - Upgrade to version 14.5: - CVE-2022-2625: Fixed an issue where extension scripts would replace objects not belonging to that extension (bsc#1202368). - Upgrade to version 14.4 (bsc#1200437) - Release notes: https://www.postgresql.org/docs/release/14.4/ - Release announcement: https://www.postgresql.org/about/news/p-2470/ - Prevent possible corruption of indexes created or rebuilt with the CONCURRENTLY option (bsc#1200437) - Pin to llvm13 until the next patchlevel update (bsc#1198166) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3003-1 Released: Fri Sep 2 15:01:44 2022 Summary: Security update for curl Type: security Severity: low References: 1202593,CVE-2022-35252 This update for curl fixes the following issues: - CVE-2022-35252: Fixed a potential injection of control characters into cookies, which could be exploited by sister sites to cause a denial of service (bsc#1202593). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3118-1 Released: Tue Sep 6 15:43:53 2022 Summary: Recommended update for lvm2 Type: recommended Severity: moderate References: 1202011 This update for lvm2 fixes the following issues: - Do not use udev for device listing or device information (bsc#1202011) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3127-1 Released: Wed Sep 7 04:36:10 2022 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1198752,1200800 This update for libtirpc fixes the following issues: - Exclude ipv6 addresses in client protocol version 2 code (bsc#1200800) - Fix memory leak in params.r_addr assignement (bsc#1198752) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3142-1 Released: Wed Sep 7 09:54:18 2022 Summary: Security update for icu Type: security Severity: moderate References: 1193951,CVE-2020-21913 This update for icu fixes the following issues: - CVE-2020-21913: Fixed a memory safetey issue that could lead to use after free (bsc#1193951). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3215-1 Released: Thu Sep 8 15:58:27 2022 Summary: Recommended update for rpm Type: recommended Severity: moderate References: This update for rpm fixes the following issues: - Support Ed25519 RPM signatures [jsc#SLE-24714] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3262-1 Released: Tue Sep 13 15:34:29 2022 Summary: Recommended update for gcc11 Type: recommended Severity: moderate References: 1199140 This update for gcc11 ships some missing 32bit libraries for s390x. (bsc#1199140) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3271-1 Released: Wed Sep 14 06:45:39 2022 Summary: Security update for perl Type: security Severity: moderate References: 1047178,CVE-2017-6512 This update for perl fixes the following issues: - CVE-2017-6512: Fixed File::Path rmtree/remove_tree race condition (bsc#1047178). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3305-1 Released: Mon Sep 19 11:45:57 2022 Summary: Security update for libtirpc Type: security Severity: important References: 1201680,CVE-2021-46828 This update for libtirpc fixes the following issues: - CVE-2021-46828: Fixed denial of service vulnerability with lots of connections (bsc#1201680). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3328-1 Released: Wed Sep 21 12:48:56 2022 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: 1202870 This update for jitterentropy fixes the following issues: - Hide the non-GNUC constructs that are library internal from the exported header, to make it usable in builds with strict C99 compliance. (bsc#1202870) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3353-1 Released: Fri Sep 23 15:23:40 2022 Summary: Security update for permissions Type: security Severity: moderate References: 1203018,CVE-2022-31252 This update for permissions fixes the following issues: - CVE-2022-31252: Fixed chkstat group controlled paths (bsc#1203018). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3452-1 Released: Wed Sep 28 12:13:43 2022 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1201942 This update for glibc fixes the following issues: - Reversing calculation of __x86_shared_non_temporal_threshold (bsc#1201942) - powerpc: Optimized memcmp for power10 (jsc#PED-987) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3489-1 Released: Sat Oct 1 13:35:24 2022 Summary: Security update for expat Type: security Severity: important References: 1203438,CVE-2022-40674 This update for expat fixes the following issues: - CVE-2022-40674: Fixed use-after-free in the doContent function in xmlparse.c (bsc#1203438). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3521-1 Released: Tue Oct 4 14:18:56 2022 Summary: Recommended update for lvm2 Type: recommended Severity: critical References: 1198523 This update for lvm2 fixes the following issues: - Add additional check in the package to prevent removal of device-mapper library files during install (bsc#1198523) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3551-1 Released: Fri Oct 7 17:03:55 2022 Summary: Recommended update for libgcrypt Type: recommended Severity: moderate References: 1182983,1190700,1191020,1202117 This update for libgcrypt fixes the following issues: - FIPS: Fixed gpg/gpg2 gets out of core handler in FIPS mode while typing Tab key to Auto-Completion. [bsc#1182983] - FIPS: Ported libgcrypt to use jitterentropy [bsc#1202117, jsc#SLE-24941] * Enable the jitter based entropy generator by default in random.conf * Update the internal jitterentropy to version 3.4.0 - FIPS: Get most of the entropy from rndjent_poll [bsc#1202117] - FIPS: Check keylength in gcry_fips_indicator_kdf() [bsc#1190700] * Consider approved keylength greater or equal to 112 bits. - FIPS: Zeroize buffer and digest in check_binary_integrity() [bsc#1191020] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3555-1 Released: Mon Oct 10 14:05:12 2022 Summary: Recommended update for aaa_base Type: recommended Severity: important References: 1199492 This update for aaa_base fixes the following issues: - The wrapper rootsh is not a restricted shell. (bsc#1199492) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3663-1 Released: Wed Oct 19 19:05:21 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1121365,1180995,1190651,1190653,1190888,1193859,1198471,1198472,1201293,1202148,1203046,1203069 This update for openssl-1_1 fixes the following issues: - FIPS: Default to RFC-7919 groups for genparam and dhparam - FIPS: list only FIPS approved digest and public key algorithms [bsc#1121365, bsc#1190888, bsc#1193859, bsc#1198471, bsc#1198472] - FIPS: Add KAT for the RAND_DRBG implementation [bsc#1203069] - FIPS: openssl: RAND api should call into FIPS DRBG [bsc#1201293] * The FIPS_drbg implementation is not FIPS validated anymore. To provide backwards compatibility for applications that need FIPS compliant RNG number generation and use FIPS_drbg_generate, this function was re-wired to call the FIPS validated DRBG instance instead through the RAND_bytes() call. - FIPS: Fix minor memory leaks by FIPS patch [bsc#1203046] - FIPS: OpenSSL: Port openssl to use jitterentropy [bsc#1202148, jsc#SLE-24941] libcrypto.so now requires libjitterentropy3 library. - FIPS: OpenSSL Provide a service-level indicator [bsc#1190651] - FIPS: Add zeroization of temporary variables to the hmac integrity function FIPSCHECK_verify(). [bsc#1190653] ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3692-1 Released: Fri Oct 21 16:15:07 2022 Summary: Security update for libxml2 Type: security Severity: important References: 1204366,1204367,CVE-2022-40303,CVE-2022-40304 This update for libxml2 fixes the following issues: - CVE-2022-40303: Fixed integer overflows with XML_PARSE_HUGE (bsc#1204366). - CVE-2022-40304: Fixed dict corruption caused by entity reference cycles (bsc#1204367). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3785-1 Released: Wed Oct 26 20:20:19 2022 Summary: Security update for curl Type: security Severity: important References: 1204383,1204386,CVE-2022-32221,CVE-2022-42916 This update for curl fixes the following issues: - CVE-2022-32221: Fixed POST following PUT confusion (bsc#1204383). - CVE-2022-42916: Fixed HSTS bypass via IDN (bsc#1204386). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3787-1 Released: Thu Oct 27 04:41:09 2022 Summary: Recommended update for permissions Type: recommended Severity: important References: 1194047,1203911 This update for permissions fixes the following issues: - Fix regression introduced by backport of security fix (bsc#1203911) - Add permissions for enlightenment helper on 32bit arches (bsc#1194047) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3806-1 Released: Thu Oct 27 17:21:11 2022 Summary: Security update for dbus-1 Type: security Severity: important References: 1087072,1204111,1204112,1204113,CVE-2022-42010,CVE-2022-42011,CVE-2022-42012 This update for dbus-1 fixes the following issues: - CVE-2022-42010: Fixed potential crash that could be triggered by an invalid signature (bsc#1204111). - CVE-2022-42011: Fixed an out of bounds read caused by a fixed length array (bsc#1204112). - CVE-2022-42012: Fixed a use-after-free that could be trigged by a message in non-native endianness with out-of-band Unix file descriptor (bsc#1204113). Bugfixes: - Disable asserts (bsc#1087072). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3870-1 Released: Fri Nov 4 11:12:08 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1190651,1202148 This update for openssl-1_1 fixes the following issues: - FIPS: Add a missing dependency on jitterentropy-devel for libopenssl-1_1-devel (bsc#1202148) - FIPS: OpenSSL service-level indicator: Allow AES XTS 256 (bsc#1190651) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3884-1 Released: Mon Nov 7 10:59:26 2022 Summary: Security update for expat Type: security Severity: important References: 1204708,CVE-2022-43680 This update for expat fixes the following issues: - CVE-2022-43680: Fixed use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate (bsc#1204708). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3910-1 Released: Tue Nov 8 13:05:04 2022 Summary: Recommended update for pam Type: recommended Severity: moderate References: This update for pam fixes the following issue: - Update pam_motd to the most current version. (PED-1712) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3961-1 Released: Mon Nov 14 07:33:50 2022 Summary: Recommended update for zlib Type: recommended Severity: important References: 1203652 This update for zlib fixes the following issues: - Fix updating strm.adler with inflate() if DFLTCC is used (bsc#1203652) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3974-1 Released: Mon Nov 14 15:39:20 2022 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1201959,1204211 This update for util-linux fixes the following issues: - Fix file conflict during upgrade (bsc#1204211) - libuuid improvements (bsc#1201959, PED-1150): libuuid: Fix range when parsing UUIDs. Improve cache handling for short running applications-increment the cache size over runtime. Implement continuous clock handling for time based UUIDs. Check clock value from clock file to provide seamless libuuid. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3999-1 Released: Tue Nov 15 17:08:04 2022 Summary: Security update for systemd Type: security Severity: moderate References: 1204179,1204968,CVE-2022-3821 This update for systemd fixes the following issues: - CVE-2022-3821: Fixed buffer overrun in format_timespan() function (bsc#1204968). - Import commit 0cd50eedcc0692c1f907b24424215f8db7d3b428 * 0469b9f2bc pstore: do not try to load all known pstore modules * ad05f54439 pstore: Run after modules are loaded * ccad817445 core: Add trigger limit for path units * 281d818fe3 core/mount: also add default before dependency for automount mount units * ffe5b4afa8 logind: fix crash in logind on user-specified message string - Document udev naming scheme (bsc#1204179) - Make 'sle15-sp3' net naming scheme still available for backward compatibility reason ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4019-1 Released: Wed Nov 16 15:44:20 2022 Summary: Recommended update for apparmor Type: recommended Severity: low References: 1202344 This update for apparmor fixes the following issues: - profiles: permit php-fpm pid files directly under run/ (bsc#1202344) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4066-1 Released: Fri Nov 18 10:43:00 2022 Summary: Recommended update for timezone Type: recommended Severity: important References: 1177460,1202324,1204649,1205156 This update for timezone fixes the following issues: Update timezone version from 2022a to 2022f (bsc#1177460, bsc#1204649, bsc#1205156): - Mexico will no longer observe DST except near the US border - Chihuahua moves to year-round -06 on 2022-10-30 - Fiji no longer observes DST - In vanguard form, GMT is now a Zone and Etc/GMT a link - zic now supports links to links, and vanguard form uses this - Simplify four Ontario zones - Fix a Y2438 bug when reading TZif data - Enable 64-bit time_t on 32-bit glibc platforms - Omit large-file support when no longer needed - Jordan and Syria switch from +02/+03 with DST to year-round +03 - Palestine transitions are now Saturdays at 02:00 - Simplify three Ukraine zones into one - Improve tzselect on intercontinental Zones - Chile's DST is delayed by a week in September 2022 (bsc#1202324) - Iran no longer observes DST after 2022 - Rename Europe/Kiev to Europe/Kyiv - New `zic -R` command option - Vanguard form now uses %z ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4081-1 Released: Fri Nov 18 15:40:46 2022 Summary: Security update for dpkg Type: security Severity: low References: 1199944,CVE-2022-1664 This update for dpkg fixes the following issues: - CVE-2022-1664: Fixed a directory traversal vulnerability in Dpkg::Source::Archive (bsc#1199944). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4135-1 Released: Mon Nov 21 00:13:40 2022 Summary: Recommended update for libeconf Type: recommended Severity: moderate References: 1198165 This update for libeconf fixes the following issues: - Update to version 0.4.6+git - econftool: Parsing error: Reporting file and line nr. --delimeters=spaces accepting all kind of spaces for delimiter. - libeconf: Parse files correctly on space characters (1198165) - Update to version 0.4.5+git - econftool: New call 'syntax' for checking the configuration files only. Returns an error string with line number if error. New options '--comment' and '--delimeters' ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4153-1 Released: Mon Nov 21 14:34:09 2022 Summary: Security update for krb5 Type: security Severity: important References: 1205126,CVE-2022-42898 This update for krb5 fixes the following issues: - CVE-2022-42898: Fixed integer overflow in PAC parsing (bsc#1205126). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4198-1 Released: Wed Nov 23 13:15:04 2022 Summary: Recommended update for rpm Type: recommended Severity: moderate References: 1202750 This update for rpm fixes the following issues: - Strip critical bit in signature subpackage parsing - No longer deadlock DNF after pubkey import (bsc#1202750) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4212-1 Released: Thu Nov 24 15:53:48 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1190651 This update for openssl-1_1 fixes the following issues: - FIPS: Mark PBKDF2 with key shorter than 112 bits as non-approved (bsc#1190651) - FIPS: Consider RSA siggen/sigver with PKCS1 padding also approved (bsc#1190651) - FIPS: Return the correct indicator for a given EC group order bits (bsc#1190651) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4256-1 Released: Mon Nov 28 12:36:32 2022 Summary: Recommended update for gcc12 Type: recommended Severity: moderate References: This update for gcc12 fixes the following issues: This update ship the GCC 12 compiler suite and its base libraries. The compiler baselibraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 11 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP3 and SP4, and provided in the 'Development Tools' module. The Go, D and Ada language compiler parts are available unsupported via the PackageHub repositories. To use gcc12 compilers use: - install 'gcc12' or 'gcc12-c++' or one of the other 'gcc12-COMPILER' frontend packages. - override your Makefile to use CC=gcc12, CXX=g++12 and similar overrides for the other languages. For a full changelog with all new GCC12 features, check out https://gcc.gnu.org/gcc-12/changes.html ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4262-1 Released: Tue Nov 29 05:45:23 2022 Summary: Recommended update for lvm2 Type: recommended Severity: important References: 1199074,1203216,1203482 This update for lvm2 fixes the following issues: - Fix terminated lvmlockd not clearing/adopting locks, leading to inability to start volume group (bsc#1203216) - Fix device-mapper rpm package versioning to prevent migration issues (bsc#1199074) - Fix lvmlockd to support sanlock (bsc#1203482) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4597-1 Released: Wed Dec 21 10:13:11 2022 Summary: Security update for curl Type: security Severity: important References: 1206308,1206309,CVE-2022-43551,CVE-2022-43552 This update for curl fixes the following issues: - CVE-2022-43552: HTTP Proxy deny use-after-free (bsc#1206309). - CVE-2022-43551: Fixed HSTS bypass via IDN (bsc#1206308). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4629-1 Released: Wed Dec 28 09:24:07 2022 Summary: Security update for systemd Type: security Severity: important References: 1200723,1205000,CVE-2022-4415 This update for systemd fixes the following issues: - CVE-2022-4415: Fixed systemd-coredump that did not respect the fs.suid_dumpable kernel setting (bsc#1205000). Bug fixes: - Support by-path devlink for multipath nvme block devices (bsc#1200723). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4645-1 Released: Sat Dec 31 16:04:44 2022 Summary: Security update for postgresql14, postgresql15 Type: recommended Severity: moderate References: 1205300 This update for postgresql14, postgresql15 fixes the following issues: postgresql15 is shipped in version 15.1. * https://www.postgresql.org/about/news/2543/ * https://www.postgresql.org/docs/15/release-15-1.html Update to 15.0: * https://www.postgresql.org/about/news/p-2526/ * https://www.postgresql.org/docs/15/release-15.html postgresql14 was updated to 14.6. (bsc#1205300) * https://www.postgresql.org/about/news/2543/ * https://www.postgresql.org/docs/14/release-14-6.html The libpq5 and libecpg6 libraries are now provided by postgresql15. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:25-1 Released: Thu Jan 5 09:51:41 2023 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: Version update from 2022f to 2022g (bsc#1177460): - In the Mexican state of Chihuahua: * The border strip near the US will change to agree with nearby US locations on 2022-11-30. * The strip's western part, represented by Ciudad Juarez, switches from -06 all year to -07/-06 with US DST rules, like El Paso, TX. * The eastern part, represented by Ojinaga, will observe US DST next year, like Presidio, TX. * A new Zone America/Ciudad_Juarez splits from America/Ojinaga. - Much of Greenland, represented by America/Nuuk, stops observing winter time after March 2023, so its daylight saving time becomes standard time. - Changes for pre-1996 northern Canada - Update to past DST transition in Colombia (1993), Singapore (1981) - 'timegm' is now supported by default ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:45-1 Released: Mon Jan 9 10:32:26 2023 Summary: Recommended update for libxml2 Type: recommended Severity: moderate References: 1204585 This update for libxml2 fixes the following issues: - Add W3C conformance tests to the testsuite (bsc#1204585): * Added file xmlts20080827.tar.gz ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:48-1 Released: Mon Jan 9 10:37:54 2023 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1199467 This update for libtirpc fixes the following issues: - Consider /proc/sys/net/ipv4/ip_local_reserved_ports, before binding to a random port (bsc#1199467) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:50-1 Released: Mon Jan 9 10:42:21 2023 Summary: Recommended update for shadow Type: recommended Severity: moderate References: 1205502 This update for shadow fixes the following issues: - Fix issue with user id field that cannot be interpreted (bsc#1205502) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:177-1 Released: Thu Jan 26 20:57:35 2023 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1194038,1205646 This update for util-linux fixes the following issues: - Fix tests not passing when '@' character is in build path: Fixes rpmbuild %checks fail when @ in the directory path (bsc#1194038). - libuuid continuous clock handling for time based UUIDs: Prevent use of the new libuuid ABI by uuidd %post before update of libuuid1 (bsc#1205646). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:178-1 Released: Thu Jan 26 20:58:21 2023 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1207182 This update for openssl-1_1 fixes the following issues: - FIPS: Add Pair-wise Consistency Test when generating DH key [bsc#1207182] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:188-1 Released: Fri Jan 27 12:07:19 2023 Summary: Recommended update for zlib Type: recommended Severity: important References: 1203652 This update for zlib fixes the following issues: - Follow up fix for bug bsc#1203652 due to libxml2 issues ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:201-1 Released: Fri Jan 27 15:24:15 2023 Summary: Security update for systemd Type: security Severity: moderate References: 1204944,1205000,1207264,CVE-2022-4415 This update for systemd fixes the following issues: - CVE-2022-4415: Fixed an issue where users could access coredumps with changed uid, gid or capabilities (bsc#1205000). Non-security fixes: - Enabled the pstore service (jsc#PED-2663). - Fixed an issue accessing TPM when secure boot is enabled (bsc#1204944). - Fixed an issue where a pamd file could get accidentally overwritten after an update (bsc#1207264). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:311-1 Released: Tue Feb 7 17:36:32 2023 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1207533,1207534,1207536,1207538,CVE-2022-4304,CVE-2022-4450,CVE-2023-0215,CVE-2023-0286 This update for openssl-1_1 fixes the following issues: - CVE-2023-0286: Fixed X.400 address type confusion in X.509 GENERAL_NAME_cmp for x400Address (bsc#1207533). - CVE-2023-0215: Fixed use-after-free following BIO_new_NDEF() (bsc#1207536). - CVE-2022-4450: Fixed double free after calling PEM_read_bio_ex() (bsc#1207538). - CVE-2022-4304: Fixed timing Oracle in RSA Decryption (bsc#1207534). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:429-1 Released: Wed Feb 15 17:41:22 2023 Summary: Security update for curl Type: security Severity: important References: 1207990,1207991,1207992,CVE-2023-23914,CVE-2023-23915,CVE-2023-23916 This update for curl fixes the following issues: - CVE-2023-23914: Fixed HSTS ignored on multiple requests (bsc#1207990). - CVE-2023-23915: Fixed HSTS amnesia with --parallel (bsc#1207991). - CVE-2023-23916: Fixed HTTP multi-header compression denial of service (bsc#1207992). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:464-1 Released: Mon Feb 20 18:11:37 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: This update for systemd fixes the following issues: - Merge of v249.15 - Drop workaround related to systemd-timesyncd that addressed a Factory issue. - Conditionalize the use of /lib/modprobe.d only on systems with split usr support enabled (i.e. SLE). - Make use of the %systemd_* rpm macros consistently. Using the upstream variants will ease the backports of Factory changes to SLE since Factory systemd uses the upstream variants exclusively. - machines.target belongs to systemd-container, do its init/cleanup steps from the scriptlets of this sub-package. - Make sure we apply the presets on units shipped by systemd package. - systemd-testsuite: move the integration tests in a dedicated sub directory. - Move systemd-cryptenroll into udev package. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:563-1 Released: Tue Feb 28 10:51:46 2023 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1207994 This update for openssl-1_1 fixes the following issues: - FIPS: Serialize jitterentropy calls to avoid thread safety issues [bsc#1207994] ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:569-1 Released: Tue Feb 28 11:08:10 2023 Summary: Security update for postgresql15 Type: security Severity: important References: 1208102,CVE-2022-41862 This update for postgresql15 fixes the following issues: Update to 15.2: - CVE-2022-41862: Fixed memory leak in libpq (bsc#1208102). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:617-1 Released: Fri Mar 3 16:49:06 2023 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: 1207789 This update for jitterentropy fixes the following issues: - build jitterentropy library with debuginfo (bsc#1207789) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:705-1 Released: Fri Mar 10 14:10:54 2023 Summary: Security update for postgresql14 Type: security Severity: important References: 1208102,CVE-2022-41862 This update for postgresql14 fixes the following issues: Update to 14.7: - CVE-2022-41862: Fixed memory leak in libpq (bsc#1208102). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:709-1 Released: Fri Mar 10 16:04:41 2023 Summary: Recommended update for console-setup Type: recommended Severity: moderate References: 1202853 This update for console-setup and kbd fixes the following issue: - Fix Caps_Lock mapping for us.map and others (bsc#1202853) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:714-1 Released: Mon Mar 13 10:53:25 2023 Summary: Recommended update for rpm Type: recommended Severity: important References: 1207294 This update for rpm fixes the following issues: - Fix missing python(abi) for 3.XX versions (bsc#1207294) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:776-1 Released: Thu Mar 16 17:29:23 2023 Summary: Recommended update for gcc12 Type: recommended Severity: moderate References: This update for gcc12 fixes the following issues: This update ships gcc12 also to the SUSE Linux Enterprise 15 SP1 LTSS and 15 SP2 LTSS products. SUSE Linux Enterprise 15 SP3 and SP4 get only refreshed builds without changes This update ship the GCC 12 compiler suite and its base libraries. The compiler baselibraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 11 ones. The new compilers for C, C++, and Fortran are provided in the SUSE Linux Enterprise Module for Development Tools. To use gcc12 compilers use: - install 'gcc12' or 'gcc12-c++' or one of the other 'gcc12-COMPILER' frontend packages. - override your makefile to use CC=gcc12, CXX=g++12 and similar overrides for the other languages. For a full changelog with all new GCC12 features, check out https://gcc.gnu.org/gcc-12/changes.html ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:782-1 Released: Thu Mar 16 19:08:34 2023 Summary: Recommended update for libgcrypt Type: recommended Severity: moderate References: 1208924,1208925,1208926 This update for libgcrypt fixes the following issues: - FIPS: ECC: Transition to error-state if PCT fail [bsc#1208925] - FIPS: ECDSA: Avoid no-keytest in ECDSA keygen [bsc#1208924] - FIPS: PBKDF2: Added additional checks for the minimum key length, salt length, iteration count and passphrase length to the kdf FIPS indicator in _gcry_fips_indicator_kdf() [bsc#1208926] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:783-1 Released: Thu Mar 16 19:09:03 2023 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1208998 This update for openssl-1_1 fixes the following issues: FIPS: Service-level indicator changes [bsc#1208998] * Add additional checks required by FIPS 140-3. Minimum values for PBKDF2 are: 112 bits for key, 128 bits for salt, 1000 for iteration count and 20 characters for password. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1582-1 Released: Mon Mar 27 10:31:52 2023 Summary: Security update for curl Type: security Severity: moderate References: 1209209,1209210,1209211,1209212,1209214,CVE-2023-27533,CVE-2023-27534,CVE-2023-27535,CVE-2023-27536,CVE-2023-27538 This update for curl fixes the following issues: - CVE-2023-27533: Fixed TELNET option IAC injection (bsc#1209209). - CVE-2023-27534: Fixed SFTP path ~ resolving discrepancy (bsc#1209210). - CVE-2023-27535: Fixed FTP too eager connection reuse (bsc#1209211). - CVE-2023-27536: Fixed GSS delegation too eager connection reuse (bsc#1209212). - CVE-2023-27538: Fixed SSH connection too eager reuse still (bsc#1209214). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1662-1 Released: Wed Mar 29 10:36:23 2023 Summary: Recommended update for patterns-base Type: recommended Severity: moderate References: 1203537 This update for patterns-base fixes the following issues: - change label of FIPS 140-2 to 140-3 to reflect our current certifications (bsc#1203537) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1688-1 Released: Wed Mar 29 18:19:10 2023 Summary: Security update for zstd Type: security Severity: moderate References: 1209533,CVE-2022-4899 This update for zstd fixes the following issues: - CVE-2022-4899: Fixed buffer overrun in util.c (bsc#1209533). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1718-1 Released: Fri Mar 31 15:47:34 2023 Summary: Security update for glibc Type: security Severity: moderate References: 1207571,1207957,1207975,1208358,CVE-2023-0687 This update for glibc fixes the following issues: Security issue fixed: - CVE-2023-0687: Fix allocated buffer overflow in gmon (bsc#1207975) Other issues fixed: - Fix avx2 strncmp offset compare condition check (bsc#1208358) - elf: Allow dlopen of filter object to work (bsc#1207571) - powerpc: Fix unrecognized instruction errors with recent GCC - x86: Cache computation for AMD architecture (bsc#1207957) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1745-1 Released: Tue Apr 4 09:05:23 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1209624,CVE-2023-0464 This update for openssl-1_1 fixes the following issues: - CVE-2023-0464: Fixed excessive Resource Usage Verifying X.509 Policy Constraints (bsc#1209624). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1753-1 Released: Tue Apr 4 11:55:00 2023 Summary: Recommended update for systemd-presets-common-SUSE Type: recommended Severity: moderate References: This update for systemd-presets-common-SUSE fixes the following issue: - Enable systemd-pstore.service by default (jsc#PED-2663) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1779-1 Released: Thu Apr 6 08:16:58 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1208432 This update for systemd fixes the following issues: - Fix return non-zero value when disabling SysVinit service (bsc#1208432) - Drop build requirement on libpci, it's not no longer needed - Move systemd-boot and all components managing (secure) UEFI boot into udev sub-package, so they aren't installed in systemd based containers ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1805-1 Released: Tue Apr 11 10:12:41 2023 Summary: Recommended update for timezone Type: recommended Severity: important References: This update for timezone fixes the following issues: - Version update from 2022g to 2023c: * Egypt now uses DST again, from April through October. * This year Morocco springs forward April 23, not April 30. * Palestine delays the start of DST this year. * Much of Greenland still uses DST from 2024 on. * America/Yellowknife now links to America/Edmonton. * tzselect can now use current time to help infer timezone. * The code now defaults to C99 or later. The following package changes have been done: - filesystem-15.0-11.8.1 updated - libldap-data-2.4.46-150200.14.11.2 updated - libtirpc-netconfig-1.2.6-150300.3.17.1 updated - glibc-2.31-150300.46.1 updated - libcrypt1-4.4.15-150300.4.4.3 updated - perl-base-5.26.1-150300.17.11.1 updated - libssh-config-0.9.6-150400.1.5 updated - libsepol1-3.1-150400.1.70 updated - liblz4-1-1.9.3-150400.1.7 updated - libgpg-error0-1.42-150400.1.101 updated - libcap2-2.63-150400.1.7 updated - libbz2-1-1.0.8-150400.1.122 updated - libaudit1-3.0.6-150400.2.13 updated - libzstd1-1.5.0-150400.3.3.1 updated - libuuid1-2.37.2-150400.8.14.1 updated - libudev1-249.16-150400.8.25.7 updated - libsmartcols1-2.37.2-150400.8.14.1 updated - libeconf0-0.4.6+git20220427.3016f4e-150400.3.3.1 updated - libcom_err2-1.46.4-150400.3.3.1 updated - libblkid1-2.37.2-150400.8.14.1 updated - libgcrypt20-1.9.4-150400.6.8.1 updated - libgcrypt20-hmac-1.9.4-150400.6.8.1 updated - libfdisk1-2.37.2-150400.8.14.1 updated - libz1-1.2.11-150000.3.39.1 updated - libpcre1-8.45-150000.20.13.1 updated - liblzma5-5.2.3-150000.4.7.1 updated - libjitterentropy3-3.4.0-150000.1.9.1 added - libgcc_s1-12.2.1+git416-150000.1.7.1 updated - libstdc++6-12.2.1+git416-150000.1.7.1 updated - libpsl5-0.20.1-150000.3.3.1 updated - libncurses6-6.1-150000.5.12.1 updated - terminfo-base-6.1-150000.5.12.1 updated - ncurses-utils-6.1-150000.5.12.1 updated - libelf1-0.185-150400.5.3.1 updated - libxml2-2-2.9.14-150400.5.13.1 updated - libsystemd0-249.16-150400.8.25.7 updated - libopenssl1_1-1.1.1l-150400.7.31.2 updated - libopenssl1_1-hmac-1.1.1l-150400.7.31.2 updated - libdw1-0.185-150400.5.3.1 updated - patterns-base-fips-20200124-150400.20.4.1 updated - libselinux1-3.1-150400.1.69 updated - libreadline7-7.0-150400.25.22 updated - libsemanage1-3.1-150400.1.65 updated - bash-4.4-150400.25.22 updated - bash-sh-4.4-150400.25.22 updated - cpio-2.13-150400.1.98 updated - libldap-2_4-2-2.4.46-150200.14.11.2 updated - libmount1-2.37.2-150400.8.14.1 updated - krb5-1.19.2-150400.3.3.1 updated - login_defs-4.8.1-150400.10.3.1 updated - coreutils-8.32-150400.7.5 updated - libssh4-0.9.6-150400.1.5 updated - sles-release-15.4-150400.55.1 updated - libtirpc3-1.2.6-150300.3.17.1 updated - grep-3.1-150000.4.6.1 updated - libcurl4-7.79.1-150400.5.18.1 updated - rpm-config-SUSE-1-150400.14.3.1 updated - permissions-20201225-150400.5.16.1 updated - rpm-ndb-4.14.3-150300.55.1 updated - pam-1.3.0-150000.6.61.1 updated - shadow-4.8.1-150400.10.3.1 updated - sysuser-shadow-3.1-150400.1.35 updated - system-group-hardware-20170617-150400.22.33 updated - util-linux-2.37.2-150400.8.14.1 updated - aaa_base-84.87+git20180409.04c9dae-150300.10.3.1 updated - timezone-2023c-150000.75.23.1 updated - libp11-kit0-0.23.22-150400.1.10 updated - glibc-locale-base-2.31-150300.46.1 updated - kbd-legacy-2.4.0-150400.5.3.1 updated - libapparmor1-3.0.4-150400.5.3.1 updated - libdbus-1-3-1.12.2-150400.18.5.1 updated - libdevmapper1_03-2.03.05_1.02.163-150400.185.1 updated - libexpat1-2.4.4-150400.3.12.1 updated - libicu65_1-ledata-65.1-150200.4.5.1 updated - libpq5-15.2-150200.5.6.1 updated - libseccomp2-2.5.3-150400.2.4 updated - systemd-presets-common-SUSE-15-150100.8.20.1 updated - update-alternatives-1.19.0.4-150000.4.4.1 updated - glibc-locale-2.31-150300.46.1 updated - kbd-2.4.0-150400.5.3.1 updated - libicu-suse65_1-65.1-150200.4.5.1 updated - libcryptsetup12-2.4.3-150400.1.110 updated - libcryptsetup12-hmac-2.4.3-150400.1.110 updated - systemd-presets-branding-SLE-15.1-150100.20.11.1 updated - postgresql-15-150400.4.6.2 updated - postgresql14-14.7-150200.5.23.1 updated - dbus-1-1.12.2-150400.18.5.1 updated - systemd-249.16-150400.8.25.7 updated - postgresql-server-15-150400.4.6.2 updated - postgresql14-server-14.7-150200.5.23.1 updated - container:sles15-image-15.0.0-27.14.50 updated From sle-updates at lists.suse.com Fri Apr 14 07:07:44 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 14 Apr 2023 09:07:44 +0200 (CEST) Subject: SUSE-CU-2023:1109-1: Recommended update of suse/sles/15.5/cdi-apiserver Message-ID: <20230414070744.521A4F36E@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.5/cdi-apiserver ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1109-1 Container Tags : suse/sles/15.5/cdi-apiserver:1.55.0 , suse/sles/15.5/cdi-apiserver:1.55.0-150500.3.18 , suse/sles/15.5/cdi-apiserver:1.55.0.17.196 Container Release : 17.196 Severity : moderate Type : recommended References : 1208432 ----------------------------------------------------------------- The container suse/sles/15.5/cdi-apiserver was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1779-1 Released: Thu Apr 6 08:16:58 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1208432 This update for systemd fixes the following issues: - Fix return non-zero value when disabling SysVinit service (bsc#1208432) - Drop build requirement on libpci, it's not no longer needed - Move systemd-boot and all components managing (secure) UEFI boot into udev sub-package, so they aren't installed in systemd based containers The following package changes have been done: - libgcrypt20-1.9.4-150500.10.16 updated - libgcrypt20-hmac-1.9.4-150500.10.16 updated - libsystemd0-249.16-150400.8.25.7 updated - libopenssl1_1-1.1.1l-150500.15.1 updated - libopenssl1_1-hmac-1.1.1l-150500.15.1 updated - sles-release-15.5-150500.38.2 updated - containerized-data-importer-api-1.55.0-150500.3.18 updated - container:sles15-image-15.0.0-34.20 updated From sle-updates at lists.suse.com Fri Apr 14 07:07:49 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 14 Apr 2023 09:07:49 +0200 (CEST) Subject: SUSE-CU-2023:1110-1: Recommended update of suse/sles/15.5/cdi-cloner Message-ID: <20230414070749.19569F36E@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.5/cdi-cloner ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1110-1 Container Tags : suse/sles/15.5/cdi-cloner:1.55.0 , suse/sles/15.5/cdi-cloner:1.55.0-150500.3.18 , suse/sles/15.5/cdi-cloner:1.55.0.17.194 Container Release : 17.194 Severity : moderate Type : recommended References : 1208432 ----------------------------------------------------------------- The container suse/sles/15.5/cdi-cloner was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1779-1 Released: Thu Apr 6 08:16:58 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1208432 This update for systemd fixes the following issues: - Fix return non-zero value when disabling SysVinit service (bsc#1208432) - Drop build requirement on libpci, it's not no longer needed - Move systemd-boot and all components managing (secure) UEFI boot into udev sub-package, so they aren't installed in systemd based containers The following package changes have been done: - libgcrypt20-1.9.4-150500.10.16 updated - libgcrypt20-hmac-1.9.4-150500.10.16 updated - libsystemd0-249.16-150400.8.25.7 updated - libopenssl1_1-1.1.1l-150500.15.1 updated - libopenssl1_1-hmac-1.1.1l-150500.15.1 updated - sles-release-15.5-150500.38.2 updated - containerized-data-importer-cloner-1.55.0-150500.3.18 updated - container:sles15-image-15.0.0-34.20 updated From sle-updates at lists.suse.com Fri Apr 14 07:07:54 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 14 Apr 2023 09:07:54 +0200 (CEST) Subject: SUSE-CU-2023:1111-1: Recommended update of suse/sles/15.5/cdi-controller Message-ID: <20230414070754.082D9F36E@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.5/cdi-controller ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1111-1 Container Tags : suse/sles/15.5/cdi-controller:1.55.0 , suse/sles/15.5/cdi-controller:1.55.0-150500.3.18 , suse/sles/15.5/cdi-controller:1.55.0.17.195 Container Release : 17.195 Severity : moderate Type : recommended References : 1208432 ----------------------------------------------------------------- The container suse/sles/15.5/cdi-controller was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1779-1 Released: Thu Apr 6 08:16:58 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1208432 This update for systemd fixes the following issues: - Fix return non-zero value when disabling SysVinit service (bsc#1208432) - Drop build requirement on libpci, it's not no longer needed - Move systemd-boot and all components managing (secure) UEFI boot into udev sub-package, so they aren't installed in systemd based containers The following package changes have been done: - libgcrypt20-1.9.4-150500.10.16 updated - libgcrypt20-hmac-1.9.4-150500.10.16 updated - libsystemd0-249.16-150400.8.25.7 updated - libopenssl1_1-1.1.1l-150500.15.1 updated - libopenssl1_1-hmac-1.1.1l-150500.15.1 updated - sles-release-15.5-150500.38.2 updated - containerized-data-importer-controller-1.55.0-150500.3.18 updated - container:sles15-image-15.0.0-34.20 updated From sle-updates at lists.suse.com Fri Apr 14 07:07:59 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 14 Apr 2023 09:07:59 +0200 (CEST) Subject: SUSE-CU-2023:1112-1: Security update of suse/sles/15.5/cdi-importer Message-ID: <20230414070759.0EE4CF36E@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.5/cdi-importer ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1112-1 Container Tags : suse/sles/15.5/cdi-importer:1.55.0 , suse/sles/15.5/cdi-importer:1.55.0-150500.3.18 , suse/sles/15.5/cdi-importer:1.55.0.17.259 Container Release : 17.259 Severity : moderate Type : security References : 1208432 ----------------------------------------------------------------- The container suse/sles/15.5/cdi-importer was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1768-1 Released: Wed Apr 5 10:30:50 2023 Summary: Security update for skopeo Type: security Severity: moderate References: This update for skopeo fixes the following issue: - rebuild against the current go1.19 version to make sure bugs and security issues are fixed. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1779-1 Released: Thu Apr 6 08:16:58 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1208432 This update for systemd fixes the following issues: - Fix return non-zero value when disabling SysVinit service (bsc#1208432) - Drop build requirement on libpci, it's not no longer needed - Move systemd-boot and all components managing (secure) UEFI boot into udev sub-package, so they aren't installed in systemd based containers The following package changes have been done: - libudev1-249.16-150400.8.25.7 updated - libgcrypt20-1.9.4-150500.10.16 updated - libgcrypt20-hmac-1.9.4-150500.10.16 updated - libsystemd0-249.16-150400.8.25.7 updated - libopenssl1_1-1.1.1l-150500.15.1 updated - libopenssl1_1-hmac-1.1.1l-150500.15.1 updated - sles-release-15.5-150500.38.2 updated - libnettle8-3.8.1-150500.2.22 updated - qemu-block-curl-7.1.0-150500.47.9 updated - libhogweed6-3.8.1-150500.2.22 updated - systemd-249.16-150400.8.25.7 updated - qemu-tools-7.1.0-150500.47.9 updated - containerized-data-importer-importer-1.55.0-150500.3.18 updated - skopeo-0.1.41-150000.4.14.1 updated - container:sles15-image-15.0.0-34.20 updated From sle-updates at lists.suse.com Fri Apr 14 07:08:03 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 14 Apr 2023 09:08:03 +0200 (CEST) Subject: SUSE-CU-2023:1113-1: Recommended update of suse/sles/15.5/cdi-operator Message-ID: <20230414070803.F3051F36E@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.5/cdi-operator ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1113-1 Container Tags : suse/sles/15.5/cdi-operator:1.55.0 , suse/sles/15.5/cdi-operator:1.55.0-150500.3.18 , suse/sles/15.5/cdi-operator:1.55.0.17.195 Container Release : 17.195 Severity : moderate Type : recommended References : 1208432 ----------------------------------------------------------------- The container suse/sles/15.5/cdi-operator was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1779-1 Released: Thu Apr 6 08:16:58 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1208432 This update for systemd fixes the following issues: - Fix return non-zero value when disabling SysVinit service (bsc#1208432) - Drop build requirement on libpci, it's not no longer needed - Move systemd-boot and all components managing (secure) UEFI boot into udev sub-package, so they aren't installed in systemd based containers The following package changes have been done: - libgcrypt20-1.9.4-150500.10.16 updated - libgcrypt20-hmac-1.9.4-150500.10.16 updated - libsystemd0-249.16-150400.8.25.7 updated - libopenssl1_1-1.1.1l-150500.15.1 updated - libopenssl1_1-hmac-1.1.1l-150500.15.1 updated - sles-release-15.5-150500.38.2 updated - containerized-data-importer-operator-1.55.0-150500.3.18 updated - container:sles15-image-15.0.0-34.20 updated From sle-updates at lists.suse.com Fri Apr 14 07:08:08 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 14 Apr 2023 09:08:08 +0200 (CEST) Subject: SUSE-CU-2023:1114-1: Recommended update of suse/sles/15.5/cdi-uploadproxy Message-ID: <20230414070808.B6C57F36E@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.5/cdi-uploadproxy ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1114-1 Container Tags : suse/sles/15.5/cdi-uploadproxy:1.55.0 , suse/sles/15.5/cdi-uploadproxy:1.55.0-150500.3.18 , suse/sles/15.5/cdi-uploadproxy:1.55.0.17.195 Container Release : 17.195 Severity : moderate Type : recommended References : 1208432 ----------------------------------------------------------------- The container suse/sles/15.5/cdi-uploadproxy was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1779-1 Released: Thu Apr 6 08:16:58 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1208432 This update for systemd fixes the following issues: - Fix return non-zero value when disabling SysVinit service (bsc#1208432) - Drop build requirement on libpci, it's not no longer needed - Move systemd-boot and all components managing (secure) UEFI boot into udev sub-package, so they aren't installed in systemd based containers The following package changes have been done: - libgcrypt20-1.9.4-150500.10.16 updated - libgcrypt20-hmac-1.9.4-150500.10.16 updated - libsystemd0-249.16-150400.8.25.7 updated - libopenssl1_1-1.1.1l-150500.15.1 updated - libopenssl1_1-hmac-1.1.1l-150500.15.1 updated - sles-release-15.5-150500.38.2 updated - containerized-data-importer-uploadproxy-1.55.0-150500.3.18 updated - container:sles15-image-15.0.0-34.20 updated From sle-updates at lists.suse.com Fri Apr 14 07:08:13 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 14 Apr 2023 09:08:13 +0200 (CEST) Subject: SUSE-CU-2023:1115-1: Recommended update of suse/sles/15.5/cdi-uploadserver Message-ID: <20230414070813.631FFF36E@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.5/cdi-uploadserver ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1115-1 Container Tags : suse/sles/15.5/cdi-uploadserver:1.55.0 , suse/sles/15.5/cdi-uploadserver:1.55.0-150500.3.18 , suse/sles/15.5/cdi-uploadserver:1.55.0.17.256 Container Release : 17.256 Severity : moderate Type : recommended References : 1208432 ----------------------------------------------------------------- The container suse/sles/15.5/cdi-uploadserver was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1779-1 Released: Thu Apr 6 08:16:58 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1208432 This update for systemd fixes the following issues: - Fix return non-zero value when disabling SysVinit service (bsc#1208432) - Drop build requirement on libpci, it's not no longer needed - Move systemd-boot and all components managing (secure) UEFI boot into udev sub-package, so they aren't installed in systemd based containers The following package changes have been done: - libudev1-249.16-150400.8.25.7 updated - libgcrypt20-1.9.4-150500.10.16 updated - libgcrypt20-hmac-1.9.4-150500.10.16 updated - libsystemd0-249.16-150400.8.25.7 updated - libopenssl1_1-1.1.1l-150500.15.1 updated - libopenssl1_1-hmac-1.1.1l-150500.15.1 updated - sles-release-15.5-150500.38.2 updated - libnettle8-3.8.1-150500.2.22 updated - libhogweed6-3.8.1-150500.2.22 updated - qemu-tools-7.1.0-150500.47.9 updated - containerized-data-importer-uploadserver-1.55.0-150500.3.18 updated - container:sles15-image-15.0.0-34.20 updated From sle-updates at lists.suse.com Fri Apr 14 07:09:15 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 14 Apr 2023 09:09:15 +0200 (CEST) Subject: SUSE-CU-2023:1124-1: Recommended update of suse/sles/15.5/virt-api Message-ID: <20230414070915.C8CCDF36E@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.5/virt-api ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1124-1 Container Tags : suse/sles/15.5/virt-api:0.58.0 , suse/sles/15.5/virt-api:0.58.0-150500.4.21 , suse/sles/15.5/virt-api:0.58.0.17.230 Container Release : 17.230 Severity : moderate Type : recommended References : 1208432 ----------------------------------------------------------------- The container suse/sles/15.5/virt-api was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1779-1 Released: Thu Apr 6 08:16:58 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1208432 This update for systemd fixes the following issues: - Fix return non-zero value when disabling SysVinit service (bsc#1208432) - Drop build requirement on libpci, it's not no longer needed - Move systemd-boot and all components managing (secure) UEFI boot into udev sub-package, so they aren't installed in systemd based containers The following package changes have been done: - libgcrypt20-1.9.4-150500.10.16 updated - libgcrypt20-hmac-1.9.4-150500.10.16 updated - libsystemd0-249.16-150400.8.25.7 updated - libopenssl1_1-1.1.1l-150500.15.1 updated - libopenssl1_1-hmac-1.1.1l-150500.15.1 updated - sles-release-15.5-150500.38.2 updated - kubevirt-virt-api-0.58.0-150500.4.21 updated - container:sles15-image-15.0.0-34.20 updated From sle-updates at lists.suse.com Fri Apr 14 07:09:20 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 14 Apr 2023 09:09:20 +0200 (CEST) Subject: SUSE-CU-2023:1125-1: Recommended update of suse/sles/15.5/virt-controller Message-ID: <20230414070920.6BF72F36E@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.5/virt-controller ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1125-1 Container Tags : suse/sles/15.5/virt-controller:0.58.0 , suse/sles/15.5/virt-controller:0.58.0-150500.4.21 , suse/sles/15.5/virt-controller:0.58.0.17.230 Container Release : 17.230 Severity : moderate Type : recommended References : 1208432 ----------------------------------------------------------------- The container suse/sles/15.5/virt-controller was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1779-1 Released: Thu Apr 6 08:16:58 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1208432 This update for systemd fixes the following issues: - Fix return non-zero value when disabling SysVinit service (bsc#1208432) - Drop build requirement on libpci, it's not no longer needed - Move systemd-boot and all components managing (secure) UEFI boot into udev sub-package, so they aren't installed in systemd based containers The following package changes have been done: - libgcrypt20-1.9.4-150500.10.16 updated - libgcrypt20-hmac-1.9.4-150500.10.16 updated - libsystemd0-249.16-150400.8.25.7 updated - libopenssl1_1-1.1.1l-150500.15.1 updated - libopenssl1_1-hmac-1.1.1l-150500.15.1 updated - sles-release-15.5-150500.38.2 updated - kubevirt-virt-controller-0.58.0-150500.4.21 updated - container:sles15-image-15.0.0-34.20 updated From sle-updates at lists.suse.com Fri Apr 14 07:09:25 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 14 Apr 2023 09:09:25 +0200 (CEST) Subject: SUSE-CU-2023:1126-1: Recommended update of suse/sles/15.5/virt-exportproxy Message-ID: <20230414070925.29C51F36E@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.5/virt-exportproxy ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1126-1 Container Tags : suse/sles/15.5/virt-exportproxy:0.58.0 , suse/sles/15.5/virt-exportproxy:0.58.0-150500.4.21 , suse/sles/15.5/virt-exportproxy:0.58.0.1.228 Container Release : 1.228 Severity : moderate Type : recommended References : 1208432 ----------------------------------------------------------------- The container suse/sles/15.5/virt-exportproxy was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1779-1 Released: Thu Apr 6 08:16:58 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1208432 This update for systemd fixes the following issues: - Fix return non-zero value when disabling SysVinit service (bsc#1208432) - Drop build requirement on libpci, it's not no longer needed - Move systemd-boot and all components managing (secure) UEFI boot into udev sub-package, so they aren't installed in systemd based containers The following package changes have been done: - libgcrypt20-1.9.4-150500.10.16 updated - libgcrypt20-hmac-1.9.4-150500.10.16 updated - libsystemd0-249.16-150400.8.25.7 updated - libopenssl1_1-1.1.1l-150500.15.1 updated - libopenssl1_1-hmac-1.1.1l-150500.15.1 updated - sles-release-15.5-150500.38.2 updated - kubevirt-virt-exportproxy-0.58.0-150500.4.21 updated - container:sles15-image-15.0.0-34.20 updated From sle-updates at lists.suse.com Fri Apr 14 07:09:29 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 14 Apr 2023 09:09:29 +0200 (CEST) Subject: SUSE-CU-2023:1127-1: Recommended update of suse/sles/15.5/virt-exportserver Message-ID: <20230414070929.CABD8F36E@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.5/virt-exportserver ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1127-1 Container Tags : suse/sles/15.5/virt-exportserver:0.58.0 , suse/sles/15.5/virt-exportserver:0.58.0-150500.4.21 , suse/sles/15.5/virt-exportserver:0.58.0.1.228 Container Release : 1.228 Severity : moderate Type : recommended References : 1208432 ----------------------------------------------------------------- The container suse/sles/15.5/virt-exportserver was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1779-1 Released: Thu Apr 6 08:16:58 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1208432 This update for systemd fixes the following issues: - Fix return non-zero value when disabling SysVinit service (bsc#1208432) - Drop build requirement on libpci, it's not no longer needed - Move systemd-boot and all components managing (secure) UEFI boot into udev sub-package, so they aren't installed in systemd based containers The following package changes have been done: - libgcrypt20-1.9.4-150500.10.16 updated - libgcrypt20-hmac-1.9.4-150500.10.16 updated - libsystemd0-249.16-150400.8.25.7 updated - libopenssl1_1-1.1.1l-150500.15.1 updated - libopenssl1_1-hmac-1.1.1l-150500.15.1 updated - sles-release-15.5-150500.38.2 updated - kubevirt-virt-exportserver-0.58.0-150500.4.21 updated - container:sles15-image-15.0.0-34.20 updated From sle-updates at lists.suse.com Fri Apr 14 07:09:34 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 14 Apr 2023 09:09:34 +0200 (CEST) Subject: SUSE-CU-2023:1128-1: Recommended update of suse/sles/15.5/virt-handler Message-ID: <20230414070934.A01AAF36E@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.5/virt-handler ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1128-1 Container Tags : suse/sles/15.5/virt-handler:0.58.0 , suse/sles/15.5/virt-handler:0.58.0-150500.4.21 , suse/sles/15.5/virt-handler:0.58.0.18.292 Container Release : 18.292 Severity : moderate Type : recommended References : 1208432 ----------------------------------------------------------------- The container suse/sles/15.5/virt-handler was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1779-1 Released: Thu Apr 6 08:16:58 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1208432 This update for systemd fixes the following issues: - Fix return non-zero value when disabling SysVinit service (bsc#1208432) - Drop build requirement on libpci, it's not no longer needed - Move systemd-boot and all components managing (secure) UEFI boot into udev sub-package, so they aren't installed in systemd based containers The following package changes have been done: - libudev1-249.16-150400.8.25.7 updated - libgcrypt20-1.9.4-150500.10.16 updated - libgcrypt20-hmac-1.9.4-150500.10.16 updated - libsystemd0-249.16-150400.8.25.7 updated - libopenssl1_1-1.1.1l-150500.15.1 updated - libopenssl1_1-hmac-1.1.1l-150500.15.1 updated - sles-release-15.5-150500.38.2 updated - kubevirt-container-disk-0.58.0-150500.4.21 updated - kubevirt-virt-handler-0.58.0-150500.4.21 updated - libnettle8-3.8.1-150500.2.22 updated - libhogweed6-3.8.1-150500.2.22 updated - systemd-249.16-150400.8.25.7 updated - qemu-tools-7.1.0-150500.47.9 updated - container:sles15-image-15.0.0-34.20 updated From sle-updates at lists.suse.com Fri Apr 14 07:09:39 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 14 Apr 2023 09:09:39 +0200 (CEST) Subject: SUSE-CU-2023:1129-1: Recommended update of suse/sles/15.5/virt-launcher Message-ID: <20230414070939.6E07AF36E@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.5/virt-launcher ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1129-1 Container Tags : suse/sles/15.5/virt-launcher:0.58.0 , suse/sles/15.5/virt-launcher:0.58.0-150500.4.21 , suse/sles/15.5/virt-launcher:0.58.0.20.120 Container Release : 20.120 Severity : moderate Type : recommended References : 1208432 ----------------------------------------------------------------- The container suse/sles/15.5/virt-launcher was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1779-1 Released: Thu Apr 6 08:16:58 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1208432 This update for systemd fixes the following issues: - Fix return non-zero value when disabling SysVinit service (bsc#1208432) - Drop build requirement on libpci, it's not no longer needed - Move systemd-boot and all components managing (secure) UEFI boot into udev sub-package, so they aren't installed in systemd based containers The following package changes have been done: - libudev1-249.16-150400.8.25.7 updated - libgcrypt20-1.9.4-150500.10.16 updated - libgcrypt20-hmac-1.9.4-150500.10.16 updated - libsystemd0-249.16-150400.8.25.7 updated - libopenssl1_1-1.1.1l-150500.15.1 updated - libopenssl1_1-hmac-1.1.1l-150500.15.1 updated - sles-release-15.5-150500.38.2 updated - kubevirt-container-disk-0.58.0-150500.4.21 updated - libnettle8-3.8.1-150500.2.22 updated - qemu-accel-tcg-x86-7.1.0-150500.47.9 updated - qemu-ipxe-1.0.0+-150500.47.9 updated - qemu-seabios-1.16.0_0_gd239552-150500.47.9 updated - qemu-sgabios-8-150500.47.9 updated - qemu-vgabios-1.16.0_0_gd239552-150500.47.9 updated - libhogweed6-3.8.1-150500.2.22 updated - qemu-hw-usb-redirect-7.1.0-150500.47.9 updated - xen-libs-4.17.0_06-150500.1.5 updated - systemd-249.16-150400.8.25.7 updated - qemu-tools-7.1.0-150500.47.9 updated - udev-249.16-150400.8.25.7 updated - systemd-container-249.16-150400.8.25.7 updated - kubevirt-virt-launcher-0.58.0-150500.4.21 updated - qemu-x86-7.1.0-150500.47.9 updated - qemu-7.1.0-150500.47.9 updated - container:sles15-image-15.0.0-34.20 updated From sle-updates at lists.suse.com Fri Apr 14 07:09:44 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 14 Apr 2023 09:09:44 +0200 (CEST) Subject: SUSE-CU-2023:1130-1: Recommended update of suse/sles/15.5/libguestfs-tools Message-ID: <20230414070944.88ED4F36E@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.5/libguestfs-tools ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1130-1 Container Tags : suse/sles/15.5/libguestfs-tools:0.58.0 , suse/sles/15.5/libguestfs-tools:0.58.0-150500.4.21 , suse/sles/15.5/libguestfs-tools:0.58.0.17.213 Container Release : 17.213 Severity : moderate Type : recommended References : 1208432 ----------------------------------------------------------------- The container suse/sles/15.5/libguestfs-tools was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1779-1 Released: Thu Apr 6 08:16:58 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1208432 This update for systemd fixes the following issues: - Fix return non-zero value when disabling SysVinit service (bsc#1208432) - Drop build requirement on libpci, it's not no longer needed - Move systemd-boot and all components managing (secure) UEFI boot into udev sub-package, so they aren't installed in systemd based containers The following package changes have been done: - libudev1-249.16-150400.8.25.7 updated - libgcrypt20-1.9.4-150500.10.16 updated - libgcrypt20-hmac-1.9.4-150500.10.16 updated - libsystemd0-249.16-150400.8.25.7 updated - libopenssl1_1-1.1.1l-150500.15.1 updated - libopenssl1_1-hmac-1.1.1l-150500.15.1 updated - sles-release-15.5-150500.38.2 updated - btrfsprogs-udev-rules-5.14-150500.8.22 updated - libnettle8-3.8.1-150500.2.22 updated - mdadm-4.2-150500.3.5 updated - qemu-accel-tcg-x86-7.1.0-150500.47.9 updated - qemu-ipxe-1.0.0+-150500.47.9 updated - qemu-seabios-1.16.0_0_gd239552-150500.47.9 updated - qemu-sgabios-8-150500.47.9 updated - qemu-vgabios-1.16.0_0_gd239552-150500.47.9 updated - libhogweed6-3.8.1-150500.2.22 updated - btrfsprogs-5.14-150500.8.22 updated - xen-libs-4.17.0_06-150500.1.5 updated - systemd-249.16-150400.8.25.7 updated - qemu-tools-7.1.0-150500.47.9 updated - systemd-sysvinit-249.16-150400.8.25.7 updated - dracut-mkinitrd-deprecated-055+suse.353.g5603b001-150500.1.8 updated - udev-249.16-150400.8.25.7 updated - dracut-055+suse.353.g5603b001-150500.1.8 updated - kernel-kvmsmall-5.14.21-150500.48.1 updated - dracut-fips-055+suse.353.g5603b001-150500.1.8 updated - qemu-x86-7.1.0-150500.47.9 updated - qemu-7.1.0-150500.47.9 updated - libguestfs0-1.48.4-150500.1.13 updated - libguestfs-1.48.4-150500.1.13 updated - libguestfs-devel-1.48.4-150500.1.13 updated - container:sles15-image-15.0.0-34.20 updated From sle-updates at lists.suse.com Fri Apr 14 07:09:49 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 14 Apr 2023 09:09:49 +0200 (CEST) Subject: SUSE-CU-2023:1131-1: Recommended update of suse/sles/15.5/virt-operator Message-ID: <20230414070949.7CC0BF36E@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.5/virt-operator ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1131-1 Container Tags : suse/sles/15.5/virt-operator:0.58.0 , suse/sles/15.5/virt-operator:0.58.0-150500.4.21 , suse/sles/15.5/virt-operator:0.58.0.17.230 Container Release : 17.230 Severity : moderate Type : recommended References : 1208432 ----------------------------------------------------------------- The container suse/sles/15.5/virt-operator was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1779-1 Released: Thu Apr 6 08:16:58 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1208432 This update for systemd fixes the following issues: - Fix return non-zero value when disabling SysVinit service (bsc#1208432) - Drop build requirement on libpci, it's not no longer needed - Move systemd-boot and all components managing (secure) UEFI boot into udev sub-package, so they aren't installed in systemd based containers The following package changes have been done: - libgcrypt20-1.9.4-150500.10.16 updated - libgcrypt20-hmac-1.9.4-150500.10.16 updated - libsystemd0-249.16-150400.8.25.7 updated - libopenssl1_1-1.1.1l-150500.15.1 updated - libopenssl1_1-hmac-1.1.1l-150500.15.1 updated - sles-release-15.5-150500.38.2 updated - kubevirt-virt-operator-0.58.0-150500.4.21 updated - container:sles15-image-15.0.0-34.20 updated From sle-updates at lists.suse.com Fri Apr 14 07:18:10 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 14 Apr 2023 09:18:10 +0200 (CEST) Subject: SUSE-CU-2023:1131-1: Recommended update of suse/sles/15.5/virt-operator Message-ID: <20230414071810.8D0E3F36E@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.5/virt-operator ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1131-1 Container Tags : suse/sles/15.5/virt-operator:0.58.0 , suse/sles/15.5/virt-operator:0.58.0-150500.4.21 , suse/sles/15.5/virt-operator:0.58.0.17.230 Container Release : 17.230 Severity : moderate Type : recommended References : 1208432 ----------------------------------------------------------------- The container suse/sles/15.5/virt-operator was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1779-1 Released: Thu Apr 6 08:16:58 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1208432 This update for systemd fixes the following issues: - Fix return non-zero value when disabling SysVinit service (bsc#1208432) - Drop build requirement on libpci, it's not no longer needed - Move systemd-boot and all components managing (secure) UEFI boot into udev sub-package, so they aren't installed in systemd based containers The following package changes have been done: - libgcrypt20-1.9.4-150500.10.16 updated - libgcrypt20-hmac-1.9.4-150500.10.16 updated - libsystemd0-249.16-150400.8.25.7 updated - libopenssl1_1-1.1.1l-150500.15.1 updated - libopenssl1_1-hmac-1.1.1l-150500.15.1 updated - sles-release-15.5-150500.38.2 updated - kubevirt-virt-operator-0.58.0-150500.4.21 updated - container:sles15-image-15.0.0-34.20 updated From sle-updates at lists.suse.com Fri Apr 14 16:30:03 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 14 Apr 2023 16:30:03 -0000 Subject: SUSE-SU-2023:1860-1: important: Security update for wayland Message-ID: <168148980344.23760.6964444838381224602@smelt2.suse.de> # Security update for wayland Announcement ID: SUSE-SU-2023:1860-1 Rating: important References: * #1190486 Cross-References: * CVE-2021-3782 CVSS scores: * CVE-2021-3782 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2021-3782 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * Basesystem Module 15-SP4 * openSUSE Leap 15.4 * openSUSE Leap Micro 5.3 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves one vulnerability can now be installed. ## Description: This update for wayland fixes the following issues: * CVE-2021-3782: Fixed a reference-count overflow in libwayland-server SHM handling. (bsc#1190486) ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-1860=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-1860=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-1860=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-1860=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-1860=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-1860=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-1860=1 ## Package List: * openSUSE Leap Micro 5.3 (aarch64 x86_64) * libwayland-client0-1.19.0-150400.3.3.1 * wayland-debugsource-1.19.0-150400.3.3.1 * libwayland-egl1-99~1.19.0-150400.3.3.1 * libwayland-egl1-debuginfo-99~1.19.0-150400.3.3.1 * libwayland-cursor0-debuginfo-1.19.0-150400.3.3.1 * libwayland-client0-debuginfo-1.19.0-150400.3.3.1 * libwayland-cursor0-1.19.0-150400.3.3.1 * libwayland-server0-debuginfo-1.19.0-150400.3.3.1 * libwayland-server0-1.19.0-150400.3.3.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * libwayland-client0-1.19.0-150400.3.3.1 * wayland-debugsource-1.19.0-150400.3.3.1 * libwayland-egl1-99~1.19.0-150400.3.3.1 * wayland-devel-debuginfo-1.19.0-150400.3.3.1 * libwayland-egl1-debuginfo-99~1.19.0-150400.3.3.1 * libwayland-cursor0-debuginfo-1.19.0-150400.3.3.1 * libwayland-client0-debuginfo-1.19.0-150400.3.3.1 * wayland-devel-1.19.0-150400.3.3.1 * libwayland-cursor0-1.19.0-150400.3.3.1 * libwayland-server0-debuginfo-1.19.0-150400.3.3.1 * libwayland-server0-1.19.0-150400.3.3.1 * openSUSE Leap 15.4 (x86_64) * wayland-devel-32bit-1.19.0-150400.3.3.1 * libwayland-egl1-32bit-debuginfo-99~1.19.0-150400.3.3.1 * libwayland-server0-32bit-1.19.0-150400.3.3.1 * wayland-devel-32bit-debuginfo-1.19.0-150400.3.3.1 * libwayland-egl1-32bit-99~1.19.0-150400.3.3.1 * libwayland-server0-32bit-debuginfo-1.19.0-150400.3.3.1 * libwayland-cursor0-32bit-debuginfo-1.19.0-150400.3.3.1 * libwayland-client0-32bit-1.19.0-150400.3.3.1 * libwayland-client0-32bit-debuginfo-1.19.0-150400.3.3.1 * libwayland-cursor0-32bit-1.19.0-150400.3.3.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * libwayland-client0-1.19.0-150400.3.3.1 * wayland-debugsource-1.19.0-150400.3.3.1 * libwayland-egl1-99~1.19.0-150400.3.3.1 * libwayland-egl1-debuginfo-99~1.19.0-150400.3.3.1 * libwayland-cursor0-debuginfo-1.19.0-150400.3.3.1 * libwayland-client0-debuginfo-1.19.0-150400.3.3.1 * libwayland-cursor0-1.19.0-150400.3.3.1 * libwayland-server0-debuginfo-1.19.0-150400.3.3.1 * libwayland-server0-1.19.0-150400.3.3.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * libwayland-client0-1.19.0-150400.3.3.1 * wayland-debugsource-1.19.0-150400.3.3.1 * libwayland-egl1-99~1.19.0-150400.3.3.1 * libwayland-egl1-debuginfo-99~1.19.0-150400.3.3.1 * libwayland-cursor0-debuginfo-1.19.0-150400.3.3.1 * libwayland-client0-debuginfo-1.19.0-150400.3.3.1 * libwayland-cursor0-1.19.0-150400.3.3.1 * libwayland-server0-debuginfo-1.19.0-150400.3.3.1 * libwayland-server0-1.19.0-150400.3.3.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * libwayland-client0-1.19.0-150400.3.3.1 * wayland-debugsource-1.19.0-150400.3.3.1 * libwayland-egl1-99~1.19.0-150400.3.3.1 * libwayland-egl1-debuginfo-99~1.19.0-150400.3.3.1 * libwayland-cursor0-debuginfo-1.19.0-150400.3.3.1 * libwayland-client0-debuginfo-1.19.0-150400.3.3.1 * libwayland-cursor0-1.19.0-150400.3.3.1 * libwayland-server0-debuginfo-1.19.0-150400.3.3.1 * libwayland-server0-1.19.0-150400.3.3.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * libwayland-client0-1.19.0-150400.3.3.1 * wayland-debugsource-1.19.0-150400.3.3.1 * libwayland-egl1-99~1.19.0-150400.3.3.1 * libwayland-egl1-debuginfo-99~1.19.0-150400.3.3.1 * libwayland-cursor0-debuginfo-1.19.0-150400.3.3.1 * libwayland-client0-debuginfo-1.19.0-150400.3.3.1 * libwayland-cursor0-1.19.0-150400.3.3.1 * libwayland-server0-debuginfo-1.19.0-150400.3.3.1 * libwayland-server0-1.19.0-150400.3.3.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * libwayland-client0-1.19.0-150400.3.3.1 * wayland-debugsource-1.19.0-150400.3.3.1 * libwayland-egl1-99~1.19.0-150400.3.3.1 * wayland-devel-debuginfo-1.19.0-150400.3.3.1 * libwayland-egl1-debuginfo-99~1.19.0-150400.3.3.1 * libwayland-cursor0-debuginfo-1.19.0-150400.3.3.1 * libwayland-client0-debuginfo-1.19.0-150400.3.3.1 * wayland-devel-1.19.0-150400.3.3.1 * libwayland-cursor0-1.19.0-150400.3.3.1 * libwayland-server0-debuginfo-1.19.0-150400.3.3.1 * libwayland-server0-1.19.0-150400.3.3.1 * Basesystem Module 15-SP4 (x86_64) * libwayland-client0-32bit-1.19.0-150400.3.3.1 * libwayland-server0-32bit-debuginfo-1.19.0-150400.3.3.1 * libwayland-server0-32bit-1.19.0-150400.3.3.1 * libwayland-client0-32bit-debuginfo-1.19.0-150400.3.3.1 ## References: * https://www.suse.com/security/cve/CVE-2021-3782.html * https://bugzilla.suse.com/show_bug.cgi?id=1190486 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Apr 14 16:30:05 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 14 Apr 2023 16:30:05 -0000 Subject: SUSE-SU-2023:1859-1: important: Security update for golang-github-prometheus-prometheus Message-ID: <168148980512.23760.15836819297190777376@smelt2.suse.de> # Security update for golang-github-prometheus-prometheus Announcement ID: SUSE-SU-2023:1859-1 Rating: important References: * #1208049 Cross-References: * CVE-2022-46146 CVSS scores: * CVE-2022-46146 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-46146 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.4 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.2 Module 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Proxy 4.3 Module 4.3 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 An update that solves one vulnerability can now be installed. ## Description: This update for golang-github-prometheus-prometheus fixes the following issues: * CVE-2022-46146: Fixed authentication bypass via cache poisoning in Prometheus Exporter Toolkit (bsc#1208049). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-1859=1 * SUSE Manager Proxy 4.2 Module 4.2 zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.2-2023-1859=1 * SUSE Manager Proxy 4.3 Module 4.3 zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.3-2023-1859=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * golang-github-prometheus-prometheus-2.32.1-150100.4.12.1 * firewalld-prometheus-config-0.1-150100.4.12.1 * SUSE Manager Proxy 4.2 Module 4.2 (aarch64 ppc64le s390x x86_64) * golang-github-prometheus-prometheus-2.32.1-150100.4.12.1 * SUSE Manager Proxy 4.3 Module 4.3 (aarch64 ppc64le s390x x86_64) * golang-github-prometheus-prometheus-2.32.1-150100.4.12.1 ## References: * https://www.suse.com/security/cve/CVE-2022-46146.html * https://bugzilla.suse.com/show_bug.cgi?id=1208049 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Apr 14 16:30:06 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 14 Apr 2023 16:30:06 -0000 Subject: SUSE-SU-2023:1858-1: important: Security update for golang-github-prometheus-prometheus Message-ID: <168148980670.23760.14512228994744280401@smelt2.suse.de> # Security update for golang-github-prometheus-prometheus Announcement ID: SUSE-SU-2023:1858-1 Rating: important References: * #1208049 Cross-References: * CVE-2022-46146 CVSS scores: * CVE-2022-46146 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-46146 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise Desktop 12 * SUSE Linux Enterprise Desktop 12 SP1 * SUSE Linux Enterprise Desktop 12 SP2 * SUSE Linux Enterprise Desktop 12 SP3 * SUSE Linux Enterprise Desktop 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP2 * SUSE Linux Enterprise High Performance Computing 12 SP3 * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 * SUSE Linux Enterprise Server 12 SP1 * SUSE Linux Enterprise Server 12 SP2 * SUSE Linux Enterprise Server 12 SP3 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 * SUSE Linux Enterprise Server for SAP Applications 12 SP1 * SUSE Linux Enterprise Server for SAP Applications 12 SP2 * SUSE Linux Enterprise Server for SAP Applications 12 SP3 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Server for the Raspberry Pi 12-SP2 * SUSE Manager Client Tools for SLE 12 An update that solves one vulnerability can now be installed. ## Description: This update for golang-github-prometheus-prometheus fixes the following issues: * CVE-2022-46146: Fixed authentication bypass via cache poisoning in Prometheus Exporter Toolkit (bsc#1208049). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Manager Client Tools for SLE 12 zypper in -t patch SUSE-SLE-Manager-Tools-12-2023-1858=1 ## Package List: * SUSE Manager Client Tools for SLE 12 (aarch64 ppc64le s390x x86_64) * golang-github-prometheus-prometheus-2.32.1-1.41.1 ## References: * https://www.suse.com/security/cve/CVE-2022-46146.html * https://bugzilla.suse.com/show_bug.cgi?id=1208049 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Apr 14 16:30:09 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 14 Apr 2023 16:30:09 -0000 Subject: SUSE-SU-2023:1857-1: important: Security update for golang-github-prometheus-prometheus Message-ID: <168148980929.23760.1185968919212181255@smelt2.suse.de> # Security update for golang-github-prometheus-prometheus Announcement ID: SUSE-SU-2023:1857-1 Rating: important References: * #1208049 Cross-References: * CVE-2022-46146 CVSS scores: * CVE-2022-46146 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-46146 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 * SUSE Linux Enterprise Desktop 15 SP1 * SUSE Linux Enterprise Desktop 15 SP2 * SUSE Linux Enterprise Desktop 15 SP3 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP1 * SUSE Linux Enterprise Real Time 15 SP2 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Client Tools for SLE 15 An update that solves one vulnerability can now be installed. ## Description: This update for golang-github-prometheus-prometheus fixes the following issues: * CVE-2022-46146: Fixed authentication bypass via cache poisoning in Prometheus Exporter Toolkit (bsc#1208049). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Manager Client Tools for SLE 15 zypper in -t patch SUSE-SLE-Manager-Tools-15-2023-1857=1 ## Package List: * SUSE Manager Client Tools for SLE 15 (aarch64 ppc64le s390x x86_64) * golang-github-prometheus-prometheus-2.32.1-150000.3.44.1 * firewalld-prometheus-config-0.1-150000.3.44.1 ## References: * https://www.suse.com/security/cve/CVE-2022-46146.html * https://bugzilla.suse.com/show_bug.cgi?id=1208049 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Apr 14 16:30:12 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 14 Apr 2023 16:30:12 -0000 Subject: SUSE-SU-2023:1856-1: moderate: Security update for tftpboot-installation images Message-ID: <168148981200.23760.2945765814336997945@smelt2.suse.de> # Security update for tftpboot-installation images Announcement ID: SUSE-SU-2023:1856-1 Rating: moderate References: * #1198581 * #1209014 Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Workstation Extension 12 12-SP5 An update that has two fixes can now be installed. ## Description: This update provides updated tftboot-installation images, rebuilt with current shim and kernels. (bsc#1209014 bsc#1198581) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-1856=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-1856=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-1856=1 * SUSE Linux Enterprise Workstation Extension 12 12-SP5 zypper in -t patch SUSE-SLE-WE-12-SP5-2023-1856=1 ## Package List: * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * install-initrd-SLES-14.337.17-3.9.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (noarch) * tftpboot-installation-SLES-12-SP5-x86_64-14.337.17-3.9.1 * tftpboot-installation-SLES-12-SP5-aarch64-14.337.17-3.9.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * install-initrd-SLES-14.337.17-3.9.1 * SUSE Linux Enterprise Server 12 SP5 (noarch) * tftpboot-installation-SLES-12-SP5-ppc64le-14.337.17-3.9.1 * tftpboot-installation-SLES-12-SP5-x86_64-14.337.17-3.9.1 * tftpboot-installation-SLES-12-SP5-s390x-14.337.17-3.9.1 * tftpboot-installation-SLES-12-SP5-aarch64-14.337.17-3.9.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * install-initrd-SLES-14.337.17-3.9.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (noarch) * tftpboot-installation-SLES-12-SP5-ppc64le-14.337.17-3.9.1 * tftpboot-installation-SLES-12-SP5-x86_64-14.337.17-3.9.1 * SUSE Linux Enterprise Workstation Extension 12 12-SP5 (noarch) * tftpboot-installation-SLED-12-SP5-x86_64-14.337.17-3.9.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1198581 * https://bugzilla.suse.com/show_bug.cgi?id=1209014 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Apr 14 16:30:27 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 14 Apr 2023 16:30:27 -0000 Subject: SUSE-SU-2023:1855-1: important: Security update for MozillaFirefox Message-ID: <168148982700.23760.2207766558665906503@smelt2.suse.de> # Security update for MozillaFirefox Announcement ID: SUSE-SU-2023:1855-1 Rating: important References: * #1210212 Cross-References: * CVE-2023-1945 * CVE-2023-29531 * CVE-2023-29532 * CVE-2023-29533 * CVE-2023-29535 * CVE-2023-29536 * CVE-2023-29539 * CVE-2023-29541 * CVE-2023-29542 * CVE-2023-29545 * CVE-2023-29548 * CVE-2023-29550 CVSS scores: Affected Products: * Desktop Applications Module 15-SP4 * openSUSE Leap 15.4 * SUSE Enterprise Storage 7 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves 12 vulnerabilities can now be installed. ## Description: This update for MozillaFirefox fixes the following issues: * Firefox Extended Support Release 102.10.0 ESR (bsc#1210212) * CVE-2023-29531: Out-of-bound memory access in WebGL on macOS * CVE-2023-29532: Mozilla Maintenance Service Write-lock bypass * CVE-2023-29533: Fullscreen notification obscured * MFSA-TMP-2023-0001: Double-free in libwebp * CVE-2023-29535: Potential Memory Corruption following Garbage Collector compaction * CVE-2023-29536: Invalid free from JavaScript code * CVE-2023-29539: Content-Disposition filename truncation leads to Reflected File Download * CVE-2023-29541: Files with malicious extensions could have been downloaded unsafely on Linux * CVE-2023-29542: Bypass of file download extension restrictions * CVE-2023-29545: Windows Save As dialog resolved environment variables * CVE-2023-1945: Memory Corruption in Safe Browsing Code * CVE-2023-29548: Incorrect optimization result on ARM64 * CVE-2023-29550: Memory safety bugs fixed in Firefox 112 and Firefox ESR 102.10 ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-1855=1 * Desktop Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2023-1855=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-1855=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-1855=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-1855=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-1855=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-1855=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-1855=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-1855=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-1855=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-1855=1 * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-1855=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * MozillaFirefox-translations-common-102.10.0-150200.152.84.1 * MozillaFirefox-debuginfo-102.10.0-150200.152.84.1 * MozillaFirefox-102.10.0-150200.152.84.1 * MozillaFirefox-branding-upstream-102.10.0-150200.152.84.1 * MozillaFirefox-translations-other-102.10.0-150200.152.84.1 * MozillaFirefox-debugsource-102.10.0-150200.152.84.1 * MozillaFirefox-devel-102.10.0-150200.152.84.1 * Desktop Applications Module 15-SP4 (aarch64 ppc64le s390x x86_64) * MozillaFirefox-translations-common-102.10.0-150200.152.84.1 * MozillaFirefox-debuginfo-102.10.0-150200.152.84.1 * MozillaFirefox-102.10.0-150200.152.84.1 * MozillaFirefox-translations-other-102.10.0-150200.152.84.1 * MozillaFirefox-debugsource-102.10.0-150200.152.84.1 * Desktop Applications Module 15-SP4 (aarch64 ppc64le x86_64) * MozillaFirefox-devel-102.10.0-150200.152.84.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * MozillaFirefox-translations-common-102.10.0-150200.152.84.1 * MozillaFirefox-debuginfo-102.10.0-150200.152.84.1 * MozillaFirefox-102.10.0-150200.152.84.1 * MozillaFirefox-translations-other-102.10.0-150200.152.84.1 * MozillaFirefox-debugsource-102.10.0-150200.152.84.1 * MozillaFirefox-devel-102.10.0-150200.152.84.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * MozillaFirefox-translations-common-102.10.0-150200.152.84.1 * MozillaFirefox-debuginfo-102.10.0-150200.152.84.1 * MozillaFirefox-102.10.0-150200.152.84.1 * MozillaFirefox-translations-other-102.10.0-150200.152.84.1 * MozillaFirefox-debugsource-102.10.0-150200.152.84.1 * MozillaFirefox-devel-102.10.0-150200.152.84.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * MozillaFirefox-translations-common-102.10.0-150200.152.84.1 * MozillaFirefox-debuginfo-102.10.0-150200.152.84.1 * MozillaFirefox-102.10.0-150200.152.84.1 * MozillaFirefox-translations-other-102.10.0-150200.152.84.1 * MozillaFirefox-debugsource-102.10.0-150200.152.84.1 * MozillaFirefox-devel-102.10.0-150200.152.84.1 * SUSE Linux Enterprise Real Time 15 SP3 (x86_64) * MozillaFirefox-translations-common-102.10.0-150200.152.84.1 * MozillaFirefox-debuginfo-102.10.0-150200.152.84.1 * MozillaFirefox-102.10.0-150200.152.84.1 * MozillaFirefox-translations-other-102.10.0-150200.152.84.1 * MozillaFirefox-debugsource-102.10.0-150200.152.84.1 * MozillaFirefox-devel-102.10.0-150200.152.84.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * MozillaFirefox-translations-common-102.10.0-150200.152.84.1 * MozillaFirefox-debuginfo-102.10.0-150200.152.84.1 * MozillaFirefox-102.10.0-150200.152.84.1 * MozillaFirefox-translations-other-102.10.0-150200.152.84.1 * MozillaFirefox-debugsource-102.10.0-150200.152.84.1 * MozillaFirefox-devel-102.10.0-150200.152.84.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * MozillaFirefox-translations-common-102.10.0-150200.152.84.1 * MozillaFirefox-debuginfo-102.10.0-150200.152.84.1 * MozillaFirefox-102.10.0-150200.152.84.1 * MozillaFirefox-translations-other-102.10.0-150200.152.84.1 * MozillaFirefox-debugsource-102.10.0-150200.152.84.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le x86_64) * MozillaFirefox-devel-102.10.0-150200.152.84.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * MozillaFirefox-translations-common-102.10.0-150200.152.84.1 * MozillaFirefox-debuginfo-102.10.0-150200.152.84.1 * MozillaFirefox-102.10.0-150200.152.84.1 * MozillaFirefox-translations-other-102.10.0-150200.152.84.1 * MozillaFirefox-debugsource-102.10.0-150200.152.84.1 * MozillaFirefox-devel-102.10.0-150200.152.84.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * MozillaFirefox-translations-common-102.10.0-150200.152.84.1 * MozillaFirefox-debuginfo-102.10.0-150200.152.84.1 * MozillaFirefox-102.10.0-150200.152.84.1 * MozillaFirefox-translations-other-102.10.0-150200.152.84.1 * MozillaFirefox-debugsource-102.10.0-150200.152.84.1 * MozillaFirefox-devel-102.10.0-150200.152.84.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * MozillaFirefox-translations-common-102.10.0-150200.152.84.1 * MozillaFirefox-debuginfo-102.10.0-150200.152.84.1 * MozillaFirefox-102.10.0-150200.152.84.1 * MozillaFirefox-translations-other-102.10.0-150200.152.84.1 * MozillaFirefox-debugsource-102.10.0-150200.152.84.1 * MozillaFirefox-devel-102.10.0-150200.152.84.1 * SUSE Enterprise Storage 7 (aarch64 x86_64) * MozillaFirefox-translations-common-102.10.0-150200.152.84.1 * MozillaFirefox-debuginfo-102.10.0-150200.152.84.1 * MozillaFirefox-102.10.0-150200.152.84.1 * MozillaFirefox-translations-other-102.10.0-150200.152.84.1 * MozillaFirefox-debugsource-102.10.0-150200.152.84.1 * MozillaFirefox-devel-102.10.0-150200.152.84.1 ## References: * https://www.suse.com/security/cve/CVE-2023-1945.html * https://www.suse.com/security/cve/CVE-2023-29531.html * https://www.suse.com/security/cve/CVE-2023-29532.html * https://www.suse.com/security/cve/CVE-2023-29533.html * https://www.suse.com/security/cve/CVE-2023-29535.html * https://www.suse.com/security/cve/CVE-2023-29536.html * https://www.suse.com/security/cve/CVE-2023-29539.html * https://www.suse.com/security/cve/CVE-2023-29541.html * https://www.suse.com/security/cve/CVE-2023-29542.html * https://www.suse.com/security/cve/CVE-2023-29545.html * https://www.suse.com/security/cve/CVE-2023-29548.html * https://www.suse.com/security/cve/CVE-2023-29550.html * https://bugzilla.suse.com/show_bug.cgi?id=1210212 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Apr 14 16:30:28 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 14 Apr 2023 16:30:28 -0000 Subject: SUSE-SU-2023:1854-1: important: Security update for liblouis Message-ID: <168148982865.23760.4128612573591681666@smelt2.suse.de> # Security update for liblouis Announcement ID: SUSE-SU-2023:1854-1 Rating: important References: * #1209431 * #1209855 Cross-References: * CVE-2023-26768 CVSS scores: * CVE-2023-26768 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-26768 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * Desktop Applications Module 15-SP4 * openSUSE Leap 15.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves one vulnerability and has one fix can now be installed. ## Description: This update for liblouis fixes the following issues: * CVE-2023-26768: Fixed buffer overflow in lou_logFile() (bsc#1209431). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-1854=1 * Desktop Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2023-1854=1 ## Package List: * openSUSE Leap 15.4 (noarch) * liblouis-data-3.20.0-150400.3.13.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * liblouis-doc-3.20.0-150400.3.13.1 * python3-louis-3.20.0-150400.3.13.1 * liblouis-tools-3.20.0-150400.3.13.1 * liblouis-debuginfo-3.20.0-150400.3.13.1 * liblouis-tools-debuginfo-3.20.0-150400.3.13.1 * liblouis20-debuginfo-3.20.0-150400.3.13.1 * liblouis-devel-3.20.0-150400.3.13.1 * liblouis20-3.20.0-150400.3.13.1 * liblouis-debugsource-3.20.0-150400.3.13.1 * Desktop Applications Module 15-SP4 (noarch) * liblouis-data-3.20.0-150400.3.13.1 * Desktop Applications Module 15-SP4 (aarch64 ppc64le s390x x86_64) * python3-louis-3.20.0-150400.3.13.1 * liblouis-debuginfo-3.20.0-150400.3.13.1 * liblouis20-debuginfo-3.20.0-150400.3.13.1 * liblouis-devel-3.20.0-150400.3.13.1 * liblouis20-3.20.0-150400.3.13.1 * liblouis-debugsource-3.20.0-150400.3.13.1 ## References: * https://www.suse.com/security/cve/CVE-2023-26768.html * https://bugzilla.suse.com/show_bug.cgi?id=1209431 * https://bugzilla.suse.com/show_bug.cgi?id=1209855 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Apr 14 16:30:30 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 14 Apr 2023 16:30:30 -0000 Subject: SUSE-SU-2023:1853-1: important: Security update for tomcat Message-ID: <168148983031.23760.16078313110362388008@smelt2.suse.de> # Security update for tomcat Announcement ID: SUSE-SU-2023:1853-1 Rating: important References: * #1206840 Cross-References: * CVE-2022-45143 CVSS scores: * CVE-2022-45143 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2022-45143 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Affected Products: * openSUSE Leap 15.4 * SUSE Enterprise Storage 7 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 * Web and Scripting Module 15-SP4 An update that solves one vulnerability can now be installed. ## Description: This update for tomcat fixes the following issues: * CVE-2022-45143: Fixed JsonErrorReportValve injection (bsc#1206840). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-1853=1 * Web and Scripting Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP4-2023-1853=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-1853=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-1853=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-1853=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-1853=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-1853=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-1853=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-1853=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-1853=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-1853=1 * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-1853=1 ## Package List: * openSUSE Leap 15.4 (noarch) * tomcat-admin-webapps-9.0.43-150200.38.1 * tomcat-embed-9.0.43-150200.38.1 * tomcat-servlet-4_0-api-9.0.43-150200.38.1 * tomcat-el-3_0-api-9.0.43-150200.38.1 * tomcat-jsvc-9.0.43-150200.38.1 * tomcat-9.0.43-150200.38.1 * tomcat-lib-9.0.43-150200.38.1 * tomcat-webapps-9.0.43-150200.38.1 * tomcat-javadoc-9.0.43-150200.38.1 * tomcat-jsp-2_3-api-9.0.43-150200.38.1 * tomcat-docs-webapp-9.0.43-150200.38.1 * Web and Scripting Module 15-SP4 (noarch) * tomcat-admin-webapps-9.0.43-150200.38.1 * tomcat-servlet-4_0-api-9.0.43-150200.38.1 * tomcat-el-3_0-api-9.0.43-150200.38.1 * tomcat-9.0.43-150200.38.1 * tomcat-lib-9.0.43-150200.38.1 * tomcat-webapps-9.0.43-150200.38.1 * tomcat-jsp-2_3-api-9.0.43-150200.38.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * tomcat-admin-webapps-9.0.43-150200.38.1 * tomcat-servlet-4_0-api-9.0.43-150200.38.1 * tomcat-el-3_0-api-9.0.43-150200.38.1 * tomcat-9.0.43-150200.38.1 * tomcat-lib-9.0.43-150200.38.1 * tomcat-webapps-9.0.43-150200.38.1 * tomcat-jsp-2_3-api-9.0.43-150200.38.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * tomcat-admin-webapps-9.0.43-150200.38.1 * tomcat-servlet-4_0-api-9.0.43-150200.38.1 * tomcat-el-3_0-api-9.0.43-150200.38.1 * tomcat-9.0.43-150200.38.1 * tomcat-lib-9.0.43-150200.38.1 * tomcat-webapps-9.0.43-150200.38.1 * tomcat-jsp-2_3-api-9.0.43-150200.38.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * tomcat-admin-webapps-9.0.43-150200.38.1 * tomcat-servlet-4_0-api-9.0.43-150200.38.1 * tomcat-el-3_0-api-9.0.43-150200.38.1 * tomcat-9.0.43-150200.38.1 * tomcat-lib-9.0.43-150200.38.1 * tomcat-webapps-9.0.43-150200.38.1 * tomcat-jsp-2_3-api-9.0.43-150200.38.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch) * tomcat-admin-webapps-9.0.43-150200.38.1 * tomcat-servlet-4_0-api-9.0.43-150200.38.1 * tomcat-el-3_0-api-9.0.43-150200.38.1 * tomcat-9.0.43-150200.38.1 * tomcat-lib-9.0.43-150200.38.1 * tomcat-webapps-9.0.43-150200.38.1 * tomcat-jsp-2_3-api-9.0.43-150200.38.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * tomcat-admin-webapps-9.0.43-150200.38.1 * tomcat-servlet-4_0-api-9.0.43-150200.38.1 * tomcat-el-3_0-api-9.0.43-150200.38.1 * tomcat-9.0.43-150200.38.1 * tomcat-lib-9.0.43-150200.38.1 * tomcat-webapps-9.0.43-150200.38.1 * tomcat-jsp-2_3-api-9.0.43-150200.38.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch) * tomcat-admin-webapps-9.0.43-150200.38.1 * tomcat-servlet-4_0-api-9.0.43-150200.38.1 * tomcat-el-3_0-api-9.0.43-150200.38.1 * tomcat-9.0.43-150200.38.1 * tomcat-lib-9.0.43-150200.38.1 * tomcat-webapps-9.0.43-150200.38.1 * tomcat-jsp-2_3-api-9.0.43-150200.38.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * tomcat-admin-webapps-9.0.43-150200.38.1 * tomcat-servlet-4_0-api-9.0.43-150200.38.1 * tomcat-el-3_0-api-9.0.43-150200.38.1 * tomcat-9.0.43-150200.38.1 * tomcat-lib-9.0.43-150200.38.1 * tomcat-webapps-9.0.43-150200.38.1 * tomcat-jsp-2_3-api-9.0.43-150200.38.1 * SUSE Manager Server 4.2 (noarch) * tomcat-admin-webapps-9.0.43-150200.38.1 * tomcat-servlet-4_0-api-9.0.43-150200.38.1 * tomcat-el-3_0-api-9.0.43-150200.38.1 * tomcat-9.0.43-150200.38.1 * tomcat-lib-9.0.43-150200.38.1 * tomcat-webapps-9.0.43-150200.38.1 * tomcat-jsp-2_3-api-9.0.43-150200.38.1 * SUSE Enterprise Storage 7.1 (noarch) * tomcat-admin-webapps-9.0.43-150200.38.1 * tomcat-servlet-4_0-api-9.0.43-150200.38.1 * tomcat-el-3_0-api-9.0.43-150200.38.1 * tomcat-9.0.43-150200.38.1 * tomcat-lib-9.0.43-150200.38.1 * tomcat-webapps-9.0.43-150200.38.1 * tomcat-jsp-2_3-api-9.0.43-150200.38.1 * SUSE Enterprise Storage 7 (noarch) * tomcat-admin-webapps-9.0.43-150200.38.1 * tomcat-servlet-4_0-api-9.0.43-150200.38.1 * tomcat-el-3_0-api-9.0.43-150200.38.1 * tomcat-9.0.43-150200.38.1 * tomcat-lib-9.0.43-150200.38.1 * tomcat-webapps-9.0.43-150200.38.1 * tomcat-jsp-2_3-api-9.0.43-150200.38.1 ## References: * https://www.suse.com/security/cve/CVE-2022-45143.html * https://bugzilla.suse.com/show_bug.cgi?id=1206840 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Apr 14 16:30:31 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 14 Apr 2023 16:30:31 -0000 Subject: SUSE-SU-2023:1852-1: important: Security update for harfbuzz Message-ID: <168148983198.23760.18065376259313361049@smelt2.suse.de> # Security update for harfbuzz Announcement ID: SUSE-SU-2023:1852-1 Rating: important References: * #1207922 Cross-References: * CVE-2023-25193 CVSS scores: * CVE-2023-25193 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-25193 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * Basesystem Module 15-SP4 * openSUSE Leap 15.4 * openSUSE Leap Micro 5.3 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves one vulnerability can now be installed. ## Description: This update for harfbuzz fixes the following issues: * CVE-2023-25193: Fixed vulnerability that allowed attackers to trigger O(n^2) growth via consecutive marks (bsc#1207922). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-1852=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-1852=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-1852=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-1852=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-1852=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-1852=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-1852=1 ## Package List: * openSUSE Leap Micro 5.3 (aarch64 x86_64) * libharfbuzz0-3.4.0-150400.3.6.1 * libharfbuzz-gobject0-3.4.0-150400.3.6.1 * libharfbuzz-gobject0-debuginfo-3.4.0-150400.3.6.1 * typelib-1_0-HarfBuzz-0_0-3.4.0-150400.3.6.1 * harfbuzz-debugsource-3.4.0-150400.3.6.1 * libharfbuzz0-debuginfo-3.4.0-150400.3.6.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * libharfbuzz-icu0-3.4.0-150400.3.6.1 * libharfbuzz0-3.4.0-150400.3.6.1 * libharfbuzz-icu0-debuginfo-3.4.0-150400.3.6.1 * libharfbuzz-gobject0-3.4.0-150400.3.6.1 * harfbuzz-tools-debuginfo-3.4.0-150400.3.6.1 * libharfbuzz-subset0-3.4.0-150400.3.6.1 * libharfbuzz-gobject0-debuginfo-3.4.0-150400.3.6.1 * harfbuzz-tools-3.4.0-150400.3.6.1 * libharfbuzz-subset0-debuginfo-3.4.0-150400.3.6.1 * typelib-1_0-HarfBuzz-0_0-3.4.0-150400.3.6.1 * harfbuzz-debugsource-3.4.0-150400.3.6.1 * harfbuzz-devel-3.4.0-150400.3.6.1 * libharfbuzz0-debuginfo-3.4.0-150400.3.6.1 * openSUSE Leap 15.4 (x86_64) * libharfbuzz-subset0-32bit-3.4.0-150400.3.6.1 * libharfbuzz-gobject0-32bit-3.4.0-150400.3.6.1 * libharfbuzz0-32bit-3.4.0-150400.3.6.1 * libharfbuzz-icu0-32bit-debuginfo-3.4.0-150400.3.6.1 * libharfbuzz-subset0-32bit-debuginfo-3.4.0-150400.3.6.1 * libharfbuzz-icu0-32bit-3.4.0-150400.3.6.1 * libharfbuzz0-32bit-debuginfo-3.4.0-150400.3.6.1 * libharfbuzz-gobject0-32bit-debuginfo-3.4.0-150400.3.6.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * libharfbuzz0-3.4.0-150400.3.6.1 * libharfbuzz-gobject0-3.4.0-150400.3.6.1 * libharfbuzz-gobject0-debuginfo-3.4.0-150400.3.6.1 * typelib-1_0-HarfBuzz-0_0-3.4.0-150400.3.6.1 * harfbuzz-debugsource-3.4.0-150400.3.6.1 * libharfbuzz0-debuginfo-3.4.0-150400.3.6.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * libharfbuzz0-3.4.0-150400.3.6.1 * libharfbuzz-gobject0-3.4.0-150400.3.6.1 * libharfbuzz-gobject0-debuginfo-3.4.0-150400.3.6.1 * typelib-1_0-HarfBuzz-0_0-3.4.0-150400.3.6.1 * harfbuzz-debugsource-3.4.0-150400.3.6.1 * libharfbuzz0-debuginfo-3.4.0-150400.3.6.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * libharfbuzz0-3.4.0-150400.3.6.1 * libharfbuzz-gobject0-3.4.0-150400.3.6.1 * libharfbuzz-gobject0-debuginfo-3.4.0-150400.3.6.1 * typelib-1_0-HarfBuzz-0_0-3.4.0-150400.3.6.1 * harfbuzz-debugsource-3.4.0-150400.3.6.1 * libharfbuzz0-debuginfo-3.4.0-150400.3.6.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * libharfbuzz0-3.4.0-150400.3.6.1 * libharfbuzz-gobject0-3.4.0-150400.3.6.1 * libharfbuzz-gobject0-debuginfo-3.4.0-150400.3.6.1 * typelib-1_0-HarfBuzz-0_0-3.4.0-150400.3.6.1 * harfbuzz-debugsource-3.4.0-150400.3.6.1 * libharfbuzz0-debuginfo-3.4.0-150400.3.6.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * libharfbuzz-icu0-3.4.0-150400.3.6.1 * libharfbuzz0-3.4.0-150400.3.6.1 * libharfbuzz-icu0-debuginfo-3.4.0-150400.3.6.1 * libharfbuzz-gobject0-3.4.0-150400.3.6.1 * libharfbuzz-subset0-3.4.0-150400.3.6.1 * libharfbuzz-gobject0-debuginfo-3.4.0-150400.3.6.1 * libharfbuzz-subset0-debuginfo-3.4.0-150400.3.6.1 * typelib-1_0-HarfBuzz-0_0-3.4.0-150400.3.6.1 * harfbuzz-debugsource-3.4.0-150400.3.6.1 * harfbuzz-devel-3.4.0-150400.3.6.1 * libharfbuzz0-debuginfo-3.4.0-150400.3.6.1 * Basesystem Module 15-SP4 (x86_64) * libharfbuzz0-32bit-debuginfo-3.4.0-150400.3.6.1 * libharfbuzz0-32bit-3.4.0-150400.3.6.1 ## References: * https://www.suse.com/security/cve/CVE-2023-25193.html * https://bugzilla.suse.com/show_bug.cgi?id=1207922 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Apr 14 16:30:33 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 14 Apr 2023 16:30:33 -0000 Subject: SUSE-SU-2023:1851-1: important: Security update for container-suseconnect Message-ID: <168148983317.23760.7166535456985350272@smelt2.suse.de> # Security update for container-suseconnect Announcement ID: SUSE-SU-2023:1851-1 Rating: important References: Affected Products: * Containers Module 15-SP4 * SUSE CaaS Platform 4.0 * SUSE Enterprise Storage 7 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that can now be installed. ## Description: This update for container-suseconnect fixes the following issue: * rebuilt against current go version. ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Containers Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Containers-15-SP4-2023-1851=1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-1851=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-1851=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-1851=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-1851=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-1851=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-1851=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-1851=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-1851=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-1851=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-1851=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-1851=1 * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-1851=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. ## Package List: * Containers Module 15-SP4 (aarch64 ppc64le s390x x86_64) * container-suseconnect-2.4.0-150000.4.26.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * container-suseconnect-2.4.0-150000.4.26.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * container-suseconnect-2.4.0-150000.4.26.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * container-suseconnect-2.4.0-150000.4.26.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * container-suseconnect-2.4.0-150000.4.26.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * container-suseconnect-2.4.0-150000.4.26.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * container-suseconnect-2.4.0-150000.4.26.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * container-suseconnect-2.4.0-150000.4.26.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * container-suseconnect-2.4.0-150000.4.26.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * container-suseconnect-2.4.0-150000.4.26.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * container-suseconnect-2.4.0-150000.4.26.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * container-suseconnect-2.4.0-150000.4.26.1 * SUSE Enterprise Storage 7 (aarch64 x86_64) * container-suseconnect-2.4.0-150000.4.26.1 * SUSE CaaS Platform 4.0 (x86_64) * container-suseconnect-2.4.0-150000.4.26.1 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Apr 14 16:30:36 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 14 Apr 2023 16:30:36 -0000 Subject: SUSE-SU-2023:1850-1: moderate: Security update for java-1_8_0-ibm Message-ID: <168148983689.23760.7077374272407537392@smelt2.suse.de> # Security update for java-1_8_0-ibm Announcement ID: SUSE-SU-2023:1850-1 Rating: moderate References: * #1207246 * #1207248 * #1207249 * #1208480 Cross-References: * CVE-2022-21426 * CVE-2023-21830 * CVE-2023-21835 * CVE-2023-21843 CVSS scores: * CVE-2022-21426 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2022-21426 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2023-21830 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2023-21830 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2023-21835 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2023-21835 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2023-21843 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2023-21843 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N Affected Products: * Legacy Module 15-SP4 * openSUSE Leap 15.4 * SUSE CaaS Platform 4.0 * SUSE Enterprise Storage 7 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves four vulnerabilities can now be installed. ## Description: This update for java-1_8_0-ibm fixes the following issues: * Update to Java 8.0 Service Refresh 8 (bsc#1208480): * Security fixes: * CVE-2023-21830: Fixed improper restrictions in CORBA deserialization (bsc#1207249). * CVE-2023-21835: Fixed handshake DoS attack against DTLS connections (bsc#1207246). * CVE-2023-21843: Fixed soundbank URL remote loading (bsc#1207248). * New Features/Enhancements: * Add RSA-PSS signature to IBMJCECCA. * Defect Fixes: * IJ45437 Service, Build, Packaging and Deliver: Getting FIPSRUNTIMEEXCEPTION when calling java code: MESSAGEDIGEST.GETINSTANCE("SHA256", "IBMJCEFIPS"); in MAC * IJ45272 Class Libraries: Fix security vulnerability CVE-2023-21843 * IJ45280 Class Libraries: Update timezone information to the latest TZDATA2022F * IJ44896 Class Libraries: Update timezone information to the latest TZDATA2022G * IJ45436 Java Virtual Machine: Stack walking code gets into endless loop, hanging the application * IJ44079 Java Virtual Machine: When -DFILE.ENCODING is specified multiple times on the same command line the first option takes precedence instead of the last * IJ44532 JIT Compiler: Java JIT: Crash in DECREFERENCECOUNT() due to a NULL pointer * IJ44596 JIT Compiler: Java JIT: Invalid hard-coding of static final field object properties * IJ44107 JIT Compiler: JIT publishes new object reference to other threads without executing a memory flush * IX90193 ORB: Fix security vulnerability CVE-2023-21830 * IJ44267 Security: 8273553: SSLENGINEIMPL.CLOSEINBOUND also has similar error of JDK-8253368 * IJ45148 Security: code changes for tech preview * IJ44621 Security: Computing Diffie-Hellman secret repeatedly, using IBMJCEPLUS, causes a small memory leak * IJ44172 Security: Disable SHA-1 signed jars for EA * IJ44040 Security: Generating Diffie-Hellman key pairs repeatedly, using IBMJCEPLUS, Causes a small memory leak * IJ45200 Security: IBMJCEPLUS provider, during CHACHA20-POLY1305 crypto operations, incorrectly throws an ILLEGALSTATEEXCEPTION * IJ45182 Security: IBMJCEPLUS provider fails in RSAPSS and ECDSA during signature operations resulting in Java cores * IJ45201 Security: IBMJCEPLUS provider failures (two) with AESGCM algorithm * IJ45202 Security: KEYTOOL NPE if signing certificate does not contain a SUBJECTKEYIDENTIFIER extension * IJ44075 Security: PKCS11KEYSTORE.JAVA - DOESPUBLICKEYMATCHPRIVATEKEY() method uses SHA1XXXX signature algorithms to match private and public keys * IJ45203 Security: RSAPSS multiple names for KEYTYPE * IJ43920 Security: The PKCS12 keystore update and the PBES2 support * IJ40002 XML: Fix security vulnerability CVE-2022-21426 ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-1850=1 * Legacy Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Legacy-15-SP4-2023-1850=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-1850=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-1850=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-1850=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-1850=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-1850=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-1850=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-1850=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-1850=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-1850=1 * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-1850=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. ## Package List: * openSUSE Leap 15.4 (nosrc ppc64le s390x x86_64) * java-1_8_0-ibm-1.8.0_sr8.0-150000.3.71.1 * openSUSE Leap 15.4 (x86_64) * java-1_8_0-ibm-32bit-1.8.0_sr8.0-150000.3.71.1 * java-1_8_0-ibm-plugin-1.8.0_sr8.0-150000.3.71.1 * java-1_8_0-ibm-devel-32bit-1.8.0_sr8.0-150000.3.71.1 * java-1_8_0-ibm-alsa-1.8.0_sr8.0-150000.3.71.1 * openSUSE Leap 15.4 (ppc64le s390x x86_64) * java-1_8_0-ibm-demo-1.8.0_sr8.0-150000.3.71.1 * java-1_8_0-ibm-src-1.8.0_sr8.0-150000.3.71.1 * java-1_8_0-ibm-devel-1.8.0_sr8.0-150000.3.71.1 * Legacy Module 15-SP4 (nosrc ppc64le s390x x86_64) * java-1_8_0-ibm-1.8.0_sr8.0-150000.3.71.1 * Legacy Module 15-SP4 (ppc64le s390x x86_64) * java-1_8_0-ibm-devel-1.8.0_sr8.0-150000.3.71.1 * Legacy Module 15-SP4 (x86_64) * java-1_8_0-ibm-plugin-1.8.0_sr8.0-150000.3.71.1 * java-1_8_0-ibm-alsa-1.8.0_sr8.0-150000.3.71.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (nosrc x86_64) * java-1_8_0-ibm-1.8.0_sr8.0-150000.3.71.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (x86_64) * java-1_8_0-ibm-plugin-1.8.0_sr8.0-150000.3.71.1 * java-1_8_0-ibm-alsa-1.8.0_sr8.0-150000.3.71.1 * java-1_8_0-ibm-devel-1.8.0_sr8.0-150000.3.71.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (nosrc x86_64) * java-1_8_0-ibm-1.8.0_sr8.0-150000.3.71.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (x86_64) * java-1_8_0-ibm-plugin-1.8.0_sr8.0-150000.3.71.1 * java-1_8_0-ibm-alsa-1.8.0_sr8.0-150000.3.71.1 * java-1_8_0-ibm-devel-1.8.0_sr8.0-150000.3.71.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (nosrc ppc64le s390x x86_64) * java-1_8_0-ibm-1.8.0_sr8.0-150000.3.71.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (ppc64le s390x x86_64) * java-1_8_0-ibm-devel-1.8.0_sr8.0-150000.3.71.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (x86_64) * java-1_8_0-ibm-plugin-1.8.0_sr8.0-150000.3.71.1 * java-1_8_0-ibm-alsa-1.8.0_sr8.0-150000.3.71.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (nosrc ppc64le s390x x86_64) * java-1_8_0-ibm-1.8.0_sr8.0-150000.3.71.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (ppc64le s390x x86_64) * java-1_8_0-ibm-devel-1.8.0_sr8.0-150000.3.71.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (x86_64) * java-1_8_0-ibm-plugin-1.8.0_sr8.0-150000.3.71.1 * java-1_8_0-ibm-alsa-1.8.0_sr8.0-150000.3.71.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (nosrc ppc64le s390x x86_64) * java-1_8_0-ibm-1.8.0_sr8.0-150000.3.71.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (ppc64le s390x x86_64) * java-1_8_0-ibm-devel-1.8.0_sr8.0-150000.3.71.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (x86_64) * java-1_8_0-ibm-plugin-1.8.0_sr8.0-150000.3.71.1 * java-1_8_0-ibm-alsa-1.8.0_sr8.0-150000.3.71.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (nosrc ppc64le x86_64) * java-1_8_0-ibm-1.8.0_sr8.0-150000.3.71.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * java-1_8_0-ibm-devel-1.8.0_sr8.0-150000.3.71.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (x86_64) * java-1_8_0-ibm-plugin-1.8.0_sr8.0-150000.3.71.1 * java-1_8_0-ibm-alsa-1.8.0_sr8.0-150000.3.71.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (nosrc ppc64le x86_64) * java-1_8_0-ibm-1.8.0_sr8.0-150000.3.71.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * java-1_8_0-ibm-devel-1.8.0_sr8.0-150000.3.71.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (x86_64) * java-1_8_0-ibm-plugin-1.8.0_sr8.0-150000.3.71.1 * java-1_8_0-ibm-alsa-1.8.0_sr8.0-150000.3.71.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (nosrc ppc64le x86_64) * java-1_8_0-ibm-1.8.0_sr8.0-150000.3.71.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * java-1_8_0-ibm-devel-1.8.0_sr8.0-150000.3.71.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (x86_64) * java-1_8_0-ibm-plugin-1.8.0_sr8.0-150000.3.71.1 * java-1_8_0-ibm-alsa-1.8.0_sr8.0-150000.3.71.1 * SUSE Enterprise Storage 7.1 (nosrc x86_64) * java-1_8_0-ibm-1.8.0_sr8.0-150000.3.71.1 * SUSE Enterprise Storage 7.1 (x86_64) * java-1_8_0-ibm-plugin-1.8.0_sr8.0-150000.3.71.1 * java-1_8_0-ibm-alsa-1.8.0_sr8.0-150000.3.71.1 * java-1_8_0-ibm-devel-1.8.0_sr8.0-150000.3.71.1 * SUSE Enterprise Storage 7 (nosrc x86_64) * java-1_8_0-ibm-1.8.0_sr8.0-150000.3.71.1 * SUSE Enterprise Storage 7 (x86_64) * java-1_8_0-ibm-plugin-1.8.0_sr8.0-150000.3.71.1 * java-1_8_0-ibm-alsa-1.8.0_sr8.0-150000.3.71.1 * java-1_8_0-ibm-devel-1.8.0_sr8.0-150000.3.71.1 * SUSE CaaS Platform 4.0 (nosrc x86_64) * java-1_8_0-ibm-1.8.0_sr8.0-150000.3.71.1 * SUSE CaaS Platform 4.0 (x86_64) * java-1_8_0-ibm-plugin-1.8.0_sr8.0-150000.3.71.1 * java-1_8_0-ibm-alsa-1.8.0_sr8.0-150000.3.71.1 * java-1_8_0-ibm-devel-1.8.0_sr8.0-150000.3.71.1 ## References: * https://www.suse.com/security/cve/CVE-2022-21426.html * https://www.suse.com/security/cve/CVE-2023-21830.html * https://www.suse.com/security/cve/CVE-2023-21835.html * https://www.suse.com/security/cve/CVE-2023-21843.html * https://bugzilla.suse.com/show_bug.cgi?id=1207246 * https://bugzilla.suse.com/show_bug.cgi?id=1207248 * https://bugzilla.suse.com/show_bug.cgi?id=1207249 * https://bugzilla.suse.com/show_bug.cgi?id=1208480 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Apr 14 16:30:38 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 14 Apr 2023 16:30:38 -0000 Subject: SUSE-SU-2023:1849-1: important: Security update for apache2-mod_auth_openidc Message-ID: <168148983870.23760.3583774160072291263@smelt2.suse.de> # Security update for apache2-mod_auth_openidc Announcement ID: SUSE-SU-2023:1849-1 Rating: important References: * #1210073 Cross-References: * CVE-2023-28625 CVSS scores: * CVE-2023-28625 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-28625 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.4 * Server Applications Module 15-SP4 * SUSE CaaS Platform 4.0 * SUSE Enterprise Storage 7 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 An update that solves one vulnerability can now be installed. ## Description: This update for apache2-mod_auth_openidc fixes the following issues: * CVE-2023-28625: Fixed NULL pointer dereference when OIDCStripCookies was set and a crafted Cookie header was supplied (bsc#1210073). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-1849=1 * Server Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2023-1849=1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-1849=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-1849=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-1849=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-1849=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-1849=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-1849=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-1849=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-1849=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-1849=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-1849=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-1849=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-1849=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-1849=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-1849=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-1849=1 * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-1849=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * apache2-mod_auth_openidc-debuginfo-2.3.8-150100.3.25.1 * apache2-mod_auth_openidc-debugsource-2.3.8-150100.3.25.1 * apache2-mod_auth_openidc-2.3.8-150100.3.25.1 * Server Applications Module 15-SP4 (aarch64 ppc64le s390x x86_64) * apache2-mod_auth_openidc-debuginfo-2.3.8-150100.3.25.1 * apache2-mod_auth_openidc-debugsource-2.3.8-150100.3.25.1 * apache2-mod_auth_openidc-2.3.8-150100.3.25.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * apache2-mod_auth_openidc-debuginfo-2.3.8-150100.3.25.1 * apache2-mod_auth_openidc-debugsource-2.3.8-150100.3.25.1 * apache2-mod_auth_openidc-2.3.8-150100.3.25.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * apache2-mod_auth_openidc-debuginfo-2.3.8-150100.3.25.1 * apache2-mod_auth_openidc-debugsource-2.3.8-150100.3.25.1 * apache2-mod_auth_openidc-2.3.8-150100.3.25.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * apache2-mod_auth_openidc-debuginfo-2.3.8-150100.3.25.1 * apache2-mod_auth_openidc-debugsource-2.3.8-150100.3.25.1 * apache2-mod_auth_openidc-2.3.8-150100.3.25.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * apache2-mod_auth_openidc-debuginfo-2.3.8-150100.3.25.1 * apache2-mod_auth_openidc-debugsource-2.3.8-150100.3.25.1 * apache2-mod_auth_openidc-2.3.8-150100.3.25.1 * SUSE Linux Enterprise Real Time 15 SP3 (x86_64) * apache2-mod_auth_openidc-debuginfo-2.3.8-150100.3.25.1 * apache2-mod_auth_openidc-debugsource-2.3.8-150100.3.25.1 * apache2-mod_auth_openidc-2.3.8-150100.3.25.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le x86_64) * apache2-mod_auth_openidc-debuginfo-2.3.8-150100.3.25.1 * apache2-mod_auth_openidc-debugsource-2.3.8-150100.3.25.1 * apache2-mod_auth_openidc-2.3.8-150100.3.25.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * apache2-mod_auth_openidc-debuginfo-2.3.8-150100.3.25.1 * apache2-mod_auth_openidc-debugsource-2.3.8-150100.3.25.1 * apache2-mod_auth_openidc-2.3.8-150100.3.25.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * apache2-mod_auth_openidc-debuginfo-2.3.8-150100.3.25.1 * apache2-mod_auth_openidc-debugsource-2.3.8-150100.3.25.1 * apache2-mod_auth_openidc-2.3.8-150100.3.25.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * apache2-mod_auth_openidc-debuginfo-2.3.8-150100.3.25.1 * apache2-mod_auth_openidc-debugsource-2.3.8-150100.3.25.1 * apache2-mod_auth_openidc-2.3.8-150100.3.25.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * apache2-mod_auth_openidc-debuginfo-2.3.8-150100.3.25.1 * apache2-mod_auth_openidc-debugsource-2.3.8-150100.3.25.1 * apache2-mod_auth_openidc-2.3.8-150100.3.25.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * apache2-mod_auth_openidc-debuginfo-2.3.8-150100.3.25.1 * apache2-mod_auth_openidc-debugsource-2.3.8-150100.3.25.1 * apache2-mod_auth_openidc-2.3.8-150100.3.25.1 * SUSE Manager Proxy 4.2 (x86_64) * apache2-mod_auth_openidc-debuginfo-2.3.8-150100.3.25.1 * apache2-mod_auth_openidc-debugsource-2.3.8-150100.3.25.1 * apache2-mod_auth_openidc-2.3.8-150100.3.25.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * apache2-mod_auth_openidc-debuginfo-2.3.8-150100.3.25.1 * apache2-mod_auth_openidc-debugsource-2.3.8-150100.3.25.1 * apache2-mod_auth_openidc-2.3.8-150100.3.25.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * apache2-mod_auth_openidc-debuginfo-2.3.8-150100.3.25.1 * apache2-mod_auth_openidc-debugsource-2.3.8-150100.3.25.1 * apache2-mod_auth_openidc-2.3.8-150100.3.25.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * apache2-mod_auth_openidc-debuginfo-2.3.8-150100.3.25.1 * apache2-mod_auth_openidc-debugsource-2.3.8-150100.3.25.1 * apache2-mod_auth_openidc-2.3.8-150100.3.25.1 * SUSE Enterprise Storage 7 (aarch64 x86_64) * apache2-mod_auth_openidc-debuginfo-2.3.8-150100.3.25.1 * apache2-mod_auth_openidc-debugsource-2.3.8-150100.3.25.1 * apache2-mod_auth_openidc-2.3.8-150100.3.25.1 * SUSE CaaS Platform 4.0 (x86_64) * apache2-mod_auth_openidc-debuginfo-2.3.8-150100.3.25.1 * apache2-mod_auth_openidc-debugsource-2.3.8-150100.3.25.1 * apache2-mod_auth_openidc-2.3.8-150100.3.25.1 ## References: * https://www.suse.com/security/cve/CVE-2023-28625.html * https://bugzilla.suse.com/show_bug.cgi?id=1210073 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Apr 14 16:30:52 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 14 Apr 2023 16:30:52 -0000 Subject: SUSE-SU-2023:1848-1: important: Security update for the Linux Kernel Message-ID: <168148985234.23760.11493799905948896430@smelt2.suse.de> # Security update for the Linux Kernel Announcement ID: SUSE-SU-2023:1848-1 Rating: important References: * #1076830 * #1192273 * #1194535 * #1207036 * #1207125 * #1207168 * #1207795 * #1208179 * #1208599 * #1208777 * #1208811 * #1208850 * #1209008 * #1209052 * #1209256 * #1209289 * #1209291 * #1209532 * #1209547 * #1209549 * #1209634 * #1209778 * #1209845 * #1209887 Cross-References: * CVE-2017-5753 * CVE-2021-3923 * CVE-2021-4203 * CVE-2022-20567 * CVE-2023-0590 * CVE-2023-1076 * CVE-2023-1095 * CVE-2023-1281 * CVE-2023-1390 * CVE-2023-1513 * CVE-2023-23454 * CVE-2023-23455 * CVE-2023-28328 * CVE-2023-28464 * CVE-2023-28772 CVSS scores: * CVE-2017-5753 ( SUSE ): 7.1 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N * CVE-2017-5753 ( NVD ): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N * CVE-2017-5753 ( NVD ): 5.6 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N * CVE-2021-3923 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2021-3923 ( NVD ): 2.3 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N * CVE-2021-4203 ( SUSE ): 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:L * CVE-2021-4203 ( NVD ): 6.8 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2022-20567 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2022-20567 ( NVD ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-0590 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-0590 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-1076 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2023-1076 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N * CVE-2023-1095 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-1095 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-1281 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1281 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1390 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-1390 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-1513 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2023-1513 ( NVD ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2023-23454 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-23454 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-23455 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-23455 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-28464 ( SUSE ): 4.8 CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-28464 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-28772 ( SUSE ): 3.0 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:L * CVE-2023-28772 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.4 * SUSE CaaS Platform 4.0 * SUSE Linux Enterprise High Availability Extension 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Live Patching 15-SP1 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 Business Critical Linux 15-SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Manager Proxy 4.0 * SUSE Manager Retail Branch Server 4.0 * SUSE Manager Server 4.0 An update that solves 15 vulnerabilities and has nine fixes can now be installed. ## Description: The SUSE Linux Enterprise 15 SP1 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: * CVE-2017-5753: Fixed spectre V1 vulnerability on netlink (bsc#1209547). * CVE-2017-5753: Fixed spectre vulnerability in prlimit (bsc#1209256). * CVE-2021-3923: Fixed stack information leak vulnerability that could lead to kernel protection bypass in infiniband RDMA (bsc#1209778). * CVE-2021-4203: Fixed use-after-free read flaw that was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and SO_PEERGROUPS race with listen() (bsc#1194535). * CVE-2022-20567: Fixed use after free that could lead to a local privilege escalation in pppol2tp_create of l2tp_ppp.c (bsc#1208850). * CVE-2023-0590: Fixed race condition in qdisc_graft() (bsc#1207795). * CVE-2023-1076: Fixed incorrect UID assigned to tun/tap sockets (bsc#1208599). * CVE-2023-1095: Fixed a NULL pointer dereference in nf_tables due to zeroed list head (bsc#1208777). * CVE-2023-1281: Fixed use after free that could lead to privilege escalation in tcindex (bsc#1209634). * CVE-2023-1390: Fixed remote DoS vulnerability in tipc_link_xmit() (bsc#1209289). * CVE-2023-1513: Fixed an uninitialized portions of the kvm_debugregs structure that could be copied to userspace, causing an information leak (bsc#1209532). * CVE-2023-23454: Fixed a type-confusion in the CBQ network scheduler (bsc#1207036). * CVE-2023-23455: Fixed a denial of service inside atm_tc_enqueue in net/sched/sch_atm.c because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results) (bsc#1207125). * CVE-2023-28328: Fixed a denial of service issue in az6027 driver in drivers/media/usb/dev-usb/az6027.c (bsc#1209291). * CVE-2023-28464: Fixed user-after-free that could lead to privilege escalation in hci_conn_cleanup in net/bluetooth/hci_conn.c (bsc#1209052). * CVE-2023-28772: Fixed buffer overflow in seq_buf_putmem_hex in lib/seq_buf.c (bsc#1209549). The following non-security bugs were fixed: * Do not sign the vanilla kernel (bsc#1209008). * PCI: hv: Add a per-bus mutex state_lock (bsc#1208811). * PCI: hv: Fix a race condition in hv_irq_unmask() that can cause panic (bsc#1208811). * PCI: hv: Remove the useless hv_pcichild_state from struct hv_pci_dev (bsc#1208811). * PCI: hv: fix a race condition bug in hv_pci_query_relations() (bsc#1208811). * Revert "PCI: hv: Fix a timing issue which causes kdump to fail occasionally" (bsc#1208811). * cifs: fix double free in dfs mounts (bsc#1209845). * cifs: fix nodfs mount option (bsc#1209845). * cifs: handle reconnect of tcon when there is no cached dfs referral (bsc#1209845). * cifs: missing null pointer check in cifs_mount (bsc#1209845). * cifs: serialize all mount attempts (bsc#1209845). * cred: allow get_cred() and put_cred() to be given NULL (bsc#1209887). * ibmvnic: Process crqs after enabling interrupts (bsc#1192273 ltc#194629). * ibmvnic: do not stop queue in xmit (bsc#1192273 ltc#194629). * ipv6: raw: Deduct extension header length in rawv6_push_pending_frames (bsc#1207168). * kernel-module-subpackage: Fix expansion with -b parameter (bsc#1208179). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-1848=1 * SUSE Linux Enterprise Live Patching 15-SP1 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2023-1848=1 * SUSE Linux Enterprise High Availability Extension 15 SP1 zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2023-1848=1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-1848=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-1848=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-1848=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. ## Package List: * openSUSE Leap 15.4 (nosrc) * kernel-zfcpdump-4.12.14-150100.197.142.1 * kernel-kvmsmall-4.12.14-150100.197.142.1 * kernel-debug-4.12.14-150100.197.142.1 * kernel-default-4.12.14-150100.197.142.1 * openSUSE Leap 15.4 (ppc64le x86_64) * kernel-debug-base-debuginfo-4.12.14-150100.197.142.1 * kernel-debug-base-4.12.14-150100.197.142.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * kernel-vanilla-livepatch-devel-4.12.14-150100.197.142.1 * kernel-vanilla-devel-4.12.14-150100.197.142.1 * kernel-vanilla-devel-debuginfo-4.12.14-150100.197.142.1 * kernel-vanilla-debuginfo-4.12.14-150100.197.142.1 * kernel-default-base-debuginfo-4.12.14-150100.197.142.1 * kernel-vanilla-base-debuginfo-4.12.14-150100.197.142.1 * kernel-vanilla-debugsource-4.12.14-150100.197.142.1 * kernel-vanilla-base-4.12.14-150100.197.142.1 * openSUSE Leap 15.4 (x86_64) * kernel-kvmsmall-base-debuginfo-4.12.14-150100.197.142.1 * kernel-kvmsmall-base-4.12.14-150100.197.142.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 nosrc) * kernel-vanilla-4.12.14-150100.197.142.1 * openSUSE Leap 15.4 (s390x) * kernel-default-man-4.12.14-150100.197.142.1 * kernel-zfcpdump-man-4.12.14-150100.197.142.1 * SUSE Linux Enterprise Live Patching 15-SP1 (nosrc) * kernel-default-4.12.14-150100.197.142.1 * SUSE Linux Enterprise Live Patching 15-SP1 (ppc64le x86_64) * kernel-default-debugsource-4.12.14-150100.197.142.1 * kernel-default-debuginfo-4.12.14-150100.197.142.1 * kernel-livepatch-4_12_14-150100_197_142-default-1-150100.3.5.1 * kernel-default-livepatch-4.12.14-150100.197.142.1 * kernel-default-livepatch-devel-4.12.14-150100.197.142.1 * SUSE Linux Enterprise High Availability Extension 15 SP1 (aarch64 ppc64le s390x x86_64) * kernel-default-debugsource-4.12.14-150100.197.142.1 * kernel-default-debuginfo-4.12.14-150100.197.142.1 * gfs2-kmp-default-debuginfo-4.12.14-150100.197.142.1 * cluster-md-kmp-default-4.12.14-150100.197.142.1 * cluster-md-kmp-default-debuginfo-4.12.14-150100.197.142.1 * dlm-kmp-default-4.12.14-150100.197.142.1 * ocfs2-kmp-default-4.12.14-150100.197.142.1 * gfs2-kmp-default-4.12.14-150100.197.142.1 * ocfs2-kmp-default-debuginfo-4.12.14-150100.197.142.1 * dlm-kmp-default-debuginfo-4.12.14-150100.197.142.1 * SUSE Linux Enterprise High Availability Extension 15 SP1 (nosrc) * kernel-default-4.12.14-150100.197.142.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 nosrc x86_64) * kernel-default-4.12.14-150100.197.142.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * kernel-default-devel-4.12.14-150100.197.142.1 * kernel-obs-build-4.12.14-150100.197.142.1 * kernel-default-debugsource-4.12.14-150100.197.142.1 * kernel-default-debuginfo-4.12.14-150100.197.142.1 * kernel-obs-build-debugsource-4.12.14-150100.197.142.1 * kernel-default-base-4.12.14-150100.197.142.1 * kernel-default-base-debuginfo-4.12.14-150100.197.142.1 * kernel-default-devel-debuginfo-4.12.14-150100.197.142.1 * kernel-syms-4.12.14-150100.197.142.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (noarch) * kernel-source-4.12.14-150100.197.142.1 * kernel-macros-4.12.14-150100.197.142.1 * kernel-devel-4.12.14-150100.197.142.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (noarch nosrc) * kernel-docs-4.12.14-150100.197.142.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64 nosrc) * kernel-default-4.12.14-150100.197.142.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * kernel-default-devel-4.12.14-150100.197.142.1 * kernel-obs-build-4.12.14-150100.197.142.1 * kernel-default-debugsource-4.12.14-150100.197.142.1 * kernel-default-debuginfo-4.12.14-150100.197.142.1 * kernel-obs-build-debugsource-4.12.14-150100.197.142.1 * kernel-default-base-4.12.14-150100.197.142.1 * kernel-default-base-debuginfo-4.12.14-150100.197.142.1 * kernel-default-devel-debuginfo-4.12.14-150100.197.142.1 * reiserfs-kmp-default-4.12.14-150100.197.142.1 * kernel-syms-4.12.14-150100.197.142.1 * reiserfs-kmp-default-debuginfo-4.12.14-150100.197.142.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (noarch) * kernel-source-4.12.14-150100.197.142.1 * kernel-macros-4.12.14-150100.197.142.1 * kernel-devel-4.12.14-150100.197.142.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (noarch nosrc) * kernel-docs-4.12.14-150100.197.142.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (s390x) * kernel-default-man-4.12.14-150100.197.142.1 * kernel-zfcpdump-debugsource-4.12.14-150100.197.142.1 * kernel-zfcpdump-debuginfo-4.12.14-150100.197.142.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (nosrc) * kernel-zfcpdump-4.12.14-150100.197.142.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (nosrc ppc64le x86_64) * kernel-default-4.12.14-150100.197.142.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * kernel-default-devel-4.12.14-150100.197.142.1 * kernel-obs-build-4.12.14-150100.197.142.1 * kernel-default-debugsource-4.12.14-150100.197.142.1 * kernel-default-debuginfo-4.12.14-150100.197.142.1 * kernel-obs-build-debugsource-4.12.14-150100.197.142.1 * kernel-default-base-4.12.14-150100.197.142.1 * kernel-default-base-debuginfo-4.12.14-150100.197.142.1 * kernel-default-devel-debuginfo-4.12.14-150100.197.142.1 * reiserfs-kmp-default-4.12.14-150100.197.142.1 * kernel-syms-4.12.14-150100.197.142.1 * reiserfs-kmp-default-debuginfo-4.12.14-150100.197.142.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (noarch) * kernel-source-4.12.14-150100.197.142.1 * kernel-macros-4.12.14-150100.197.142.1 * kernel-devel-4.12.14-150100.197.142.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (noarch nosrc) * kernel-docs-4.12.14-150100.197.142.1 * SUSE CaaS Platform 4.0 (nosrc x86_64) * kernel-default-4.12.14-150100.197.142.1 * SUSE CaaS Platform 4.0 (x86_64) * kernel-default-devel-4.12.14-150100.197.142.1 * kernel-obs-build-4.12.14-150100.197.142.1 * kernel-default-debugsource-4.12.14-150100.197.142.1 * kernel-default-debuginfo-4.12.14-150100.197.142.1 * kernel-obs-build-debugsource-4.12.14-150100.197.142.1 * kernel-default-base-4.12.14-150100.197.142.1 * kernel-default-base-debuginfo-4.12.14-150100.197.142.1 * kernel-default-devel-debuginfo-4.12.14-150100.197.142.1 * reiserfs-kmp-default-4.12.14-150100.197.142.1 * kernel-syms-4.12.14-150100.197.142.1 * reiserfs-kmp-default-debuginfo-4.12.14-150100.197.142.1 * SUSE CaaS Platform 4.0 (noarch) * kernel-source-4.12.14-150100.197.142.1 * kernel-macros-4.12.14-150100.197.142.1 * kernel-devel-4.12.14-150100.197.142.1 * SUSE CaaS Platform 4.0 (noarch nosrc) * kernel-docs-4.12.14-150100.197.142.1 ## References: * https://www.suse.com/security/cve/CVE-2017-5753.html * https://www.suse.com/security/cve/CVE-2021-3923.html * https://www.suse.com/security/cve/CVE-2021-4203.html * https://www.suse.com/security/cve/CVE-2022-20567.html * https://www.suse.com/security/cve/CVE-2023-0590.html * https://www.suse.com/security/cve/CVE-2023-1076.html * https://www.suse.com/security/cve/CVE-2023-1095.html * https://www.suse.com/security/cve/CVE-2023-1281.html * https://www.suse.com/security/cve/CVE-2023-1390.html * https://www.suse.com/security/cve/CVE-2023-1513.html * https://www.suse.com/security/cve/CVE-2023-23454.html * https://www.suse.com/security/cve/CVE-2023-23455.html * https://www.suse.com/security/cve/CVE-2023-28328.html * https://www.suse.com/security/cve/CVE-2023-28464.html * https://www.suse.com/security/cve/CVE-2023-28772.html * https://bugzilla.suse.com/show_bug.cgi?id=1076830 * https://bugzilla.suse.com/show_bug.cgi?id=1192273 * https://bugzilla.suse.com/show_bug.cgi?id=1194535 * https://bugzilla.suse.com/show_bug.cgi?id=1207036 * https://bugzilla.suse.com/show_bug.cgi?id=1207125 * https://bugzilla.suse.com/show_bug.cgi?id=1207168 * https://bugzilla.suse.com/show_bug.cgi?id=1207795 * https://bugzilla.suse.com/show_bug.cgi?id=1208179 * https://bugzilla.suse.com/show_bug.cgi?id=1208599 * https://bugzilla.suse.com/show_bug.cgi?id=1208777 * https://bugzilla.suse.com/show_bug.cgi?id=1208811 * https://bugzilla.suse.com/show_bug.cgi?id=1208850 * https://bugzilla.suse.com/show_bug.cgi?id=1209008 * https://bugzilla.suse.com/show_bug.cgi?id=1209052 * https://bugzilla.suse.com/show_bug.cgi?id=1209256 * https://bugzilla.suse.com/show_bug.cgi?id=1209289 * https://bugzilla.suse.com/show_bug.cgi?id=1209291 * https://bugzilla.suse.com/show_bug.cgi?id=1209532 * https://bugzilla.suse.com/show_bug.cgi?id=1209547 * https://bugzilla.suse.com/show_bug.cgi?id=1209549 * https://bugzilla.suse.com/show_bug.cgi?id=1209634 * https://bugzilla.suse.com/show_bug.cgi?id=1209778 * https://bugzilla.suse.com/show_bug.cgi?id=1209845 * https://bugzilla.suse.com/show_bug.cgi?id=1209887 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Apr 14 16:30:54 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 14 Apr 2023 16:30:54 -0000 Subject: SUSE-SU-2023:1847-1: moderate: Security update for php7 Message-ID: <168148985429.23760.2365167981319894676@smelt2.suse.de> # Security update for php7 Announcement ID: SUSE-SU-2023:1847-1 Rating: moderate References: * #1208199 * #1209537 Cross-References: * CVE-2022-4900 CVSS scores: * CVE-2022-4900 ( SUSE ): 4.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP2 * SUSE Linux Enterprise High Performance Computing 12 SP3 * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 * SUSE Linux Enterprise Server 12 SP1 * SUSE Linux Enterprise Server 12 SP2 * SUSE Linux Enterprise Server 12 SP3 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 * SUSE Linux Enterprise Server for SAP Applications 12 SP1 * SUSE Linux Enterprise Server for SAP Applications 12 SP2 * SUSE Linux Enterprise Server for SAP Applications 12 SP3 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 * Web and Scripting Module 12 An update that solves one vulnerability and has one fix can now be installed. ## Description: This update for php7 fixes the following issues: * CVE-2022-4900: Fixed potential buffer overflow via PHP_CLI_SERVER_WORKERS environment variable. (bsc#1209537) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Web and Scripting Module 12 zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2023-1847=1 * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-1847=1 ## Package List: * Web and Scripting Module 12 (aarch64 ppc64le s390x x86_64) * php74-debugsource-7.4.33-1.56.1 * php74-dom-debuginfo-7.4.33-1.56.1 * php74-openssl-7.4.33-1.56.1 * php74-pcntl-7.4.33-1.56.1 * php74-debuginfo-7.4.33-1.56.1 * php74-odbc-debuginfo-7.4.33-1.56.1 * php74-posix-7.4.33-1.56.1 * php74-sysvsem-7.4.33-1.56.1 * php74-tidy-debuginfo-7.4.33-1.56.1 * php74-sysvsem-debuginfo-7.4.33-1.56.1 * php74-enchant-debuginfo-7.4.33-1.56.1 * php74-bcmath-7.4.33-1.56.1 * php74-exif-7.4.33-1.56.1 * php74-dom-7.4.33-1.56.1 * php74-enchant-7.4.33-1.56.1 * php74-openssl-debuginfo-7.4.33-1.56.1 * php74-ctype-7.4.33-1.56.1 * php74-xmlrpc-debuginfo-7.4.33-1.56.1 * php74-sysvshm-7.4.33-1.56.1 * php74-zlib-debuginfo-7.4.33-1.56.1 * php74-mysql-debuginfo-7.4.33-1.56.1 * php74-posix-debuginfo-7.4.33-1.56.1 * php74-gd-debuginfo-7.4.33-1.56.1 * php74-fpm-7.4.33-1.56.1 * php74-dba-7.4.33-1.56.1 * php74-ctype-debuginfo-7.4.33-1.56.1 * php74-dba-debuginfo-7.4.33-1.56.1 * php74-pdo-7.4.33-1.56.1 * php74-ldap-debuginfo-7.4.33-1.56.1 * php74-xmlreader-debuginfo-7.4.33-1.56.1 * php74-sockets-7.4.33-1.56.1 * php74-fastcgi-7.4.33-1.56.1 * php74-sysvmsg-7.4.33-1.56.1 * php74-snmp-7.4.33-1.56.1 * php74-intl-7.4.33-1.56.1 * php74-fileinfo-debuginfo-7.4.33-1.56.1 * php74-tokenizer-7.4.33-1.56.1 * php74-soap-7.4.33-1.56.1 * php74-zlib-7.4.33-1.56.1 * php74-json-debuginfo-7.4.33-1.56.1 * php74-tidy-7.4.33-1.56.1 * php74-gd-7.4.33-1.56.1 * php74-xsl-7.4.33-1.56.1 * php74-fpm-debuginfo-7.4.33-1.56.1 * php74-pcntl-debuginfo-7.4.33-1.56.1 * php74-gettext-debuginfo-7.4.33-1.56.1 * apache2-mod_php74-debuginfo-7.4.33-1.56.1 * php74-sockets-debuginfo-7.4.33-1.56.1 * php74-gettext-7.4.33-1.56.1 * php74-sysvmsg-debuginfo-7.4.33-1.56.1 * php74-xmlwriter-debuginfo-7.4.33-1.56.1 * php74-bz2-7.4.33-1.56.1 * php74-pgsql-debuginfo-7.4.33-1.56.1 * php74-sodium-debuginfo-7.4.33-1.56.1 * php74-shmop-7.4.33-1.56.1 * php74-mysql-7.4.33-1.56.1 * php74-ldap-7.4.33-1.56.1 * php74-fileinfo-7.4.33-1.56.1 * php74-iconv-debuginfo-7.4.33-1.56.1 * php74-odbc-7.4.33-1.56.1 * php74-7.4.33-1.56.1 * php74-sysvshm-debuginfo-7.4.33-1.56.1 * php74-exif-debuginfo-7.4.33-1.56.1 * php74-xsl-debuginfo-7.4.33-1.56.1 * php74-bz2-debuginfo-7.4.33-1.56.1 * php74-sqlite-7.4.33-1.56.1 * php74-mbstring-debuginfo-7.4.33-1.56.1 * php74-readline-7.4.33-1.56.1 * php74-fastcgi-debuginfo-7.4.33-1.56.1 * php74-pgsql-7.4.33-1.56.1 * php74-curl-debuginfo-7.4.33-1.56.1 * php74-calendar-debuginfo-7.4.33-1.56.1 * php74-gmp-debuginfo-7.4.33-1.56.1 * php74-bcmath-debuginfo-7.4.33-1.56.1 * php74-curl-7.4.33-1.56.1 * php74-calendar-7.4.33-1.56.1 * php74-iconv-7.4.33-1.56.1 * php74-snmp-debuginfo-7.4.33-1.56.1 * php74-opcache-7.4.33-1.56.1 * php74-pdo-debuginfo-7.4.33-1.56.1 * php74-xmlwriter-7.4.33-1.56.1 * php74-soap-debuginfo-7.4.33-1.56.1 * php74-tokenizer-debuginfo-7.4.33-1.56.1 * php74-xmlreader-7.4.33-1.56.1 * php74-zip-debuginfo-7.4.33-1.56.1 * apache2-mod_php74-7.4.33-1.56.1 * php74-phar-7.4.33-1.56.1 * php74-mbstring-7.4.33-1.56.1 * php74-shmop-debuginfo-7.4.33-1.56.1 * php74-readline-debuginfo-7.4.33-1.56.1 * php74-opcache-debuginfo-7.4.33-1.56.1 * php74-gmp-7.4.33-1.56.1 * php74-phar-debuginfo-7.4.33-1.56.1 * php74-zip-7.4.33-1.56.1 * php74-intl-debuginfo-7.4.33-1.56.1 * php74-xmlrpc-7.4.33-1.56.1 * php74-ftp-7.4.33-1.56.1 * php74-json-7.4.33-1.56.1 * php74-ftp-debuginfo-7.4.33-1.56.1 * php74-sodium-7.4.33-1.56.1 * php74-sqlite-debuginfo-7.4.33-1.56.1 * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * php74-debuginfo-7.4.33-1.56.1 * php74-debugsource-7.4.33-1.56.1 * php74-devel-7.4.33-1.56.1 ## References: * https://www.suse.com/security/cve/CVE-2022-4900.html * https://bugzilla.suse.com/show_bug.cgi?id=1208199 * https://bugzilla.suse.com/show_bug.cgi?id=1209537 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Apr 14 16:30:57 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 14 Apr 2023 16:30:57 -0000 Subject: SUSE-SU-2023:1846-1: moderate: Security update for php7 Message-ID: <168148985769.23760.14419998620895061445@smelt2.suse.de> # Security update for php7 Announcement ID: SUSE-SU-2023:1846-1 Rating: moderate References: * #1205162 * #1208199 * #1209537 Cross-References: * CVE-2022-4900 CVSS scores: * CVE-2022-4900 ( SUSE ): 4.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H Affected Products: * Legacy Module 15-SP4 * openSUSE Leap 15.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 * SUSE Package Hub 15 15-SP4 An update that solves one vulnerability and has two fixes can now be installed. ## Description: This update for php7 fixes the following issues: * CVE-2022-4900: Fixed potential buffer overflow via PHP_CLI_SERVER_WORKERS environment variable. (bsc#1209537) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-1846=1 * Legacy Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Legacy-15-SP4-2023-1846=1 * SUSE Package Hub 15 15-SP4 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2023-1846=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * php7-phar-7.4.33-150400.4.22.1 * php7-sysvmsg-debuginfo-7.4.33-150400.4.22.1 * php7-readline-7.4.33-150400.4.22.1 * php7-mysql-debuginfo-7.4.33-150400.4.22.1 * php7-sysvsem-debuginfo-7.4.33-150400.4.22.1 * php7-opcache-debuginfo-7.4.33-150400.4.22.1 * php7-enchant-debuginfo-7.4.33-150400.4.22.1 * php7-sqlite-debuginfo-7.4.33-150400.4.22.1 * php7-embed-7.4.33-150400.4.22.1 * php7-ctype-debuginfo-7.4.33-150400.4.22.1 * php7-mbstring-debuginfo-7.4.33-150400.4.22.1 * php7-xmlreader-debuginfo-7.4.33-150400.4.22.1 * php7-gmp-debuginfo-7.4.33-150400.4.22.1 * php7-dba-debuginfo-7.4.33-150400.4.22.1 * php7-iconv-debuginfo-7.4.33-150400.4.22.1 * php7-gettext-debuginfo-7.4.33-150400.4.22.1 * php7-ftp-debuginfo-7.4.33-150400.4.22.1 * php7-openssl-debuginfo-7.4.33-150400.4.22.1 * php7-bz2-debuginfo-7.4.33-150400.4.22.1 * php7-sockets-debuginfo-7.4.33-150400.4.22.1 * php7-debugsource-7.4.33-150400.4.22.1 * php7-snmp-debuginfo-7.4.33-150400.4.22.1 * php7-iconv-7.4.33-150400.4.22.1 * php7-ldap-7.4.33-150400.4.22.1 * php7-cli-debuginfo-7.4.33-150400.4.22.1 * php7-fastcgi-debugsource-7.4.33-150400.4.22.1 * php7-devel-7.4.33-150400.4.22.1 * php7-gd-7.4.33-150400.4.22.1 * php7-json-debuginfo-7.4.33-150400.4.22.1 * php7-odbc-debuginfo-7.4.33-150400.4.22.1 * php7-phar-debuginfo-7.4.33-150400.4.22.1 * php7-test-7.4.33-150400.4.22.2 * php7-gettext-7.4.33-150400.4.22.1 * php7-zlib-7.4.33-150400.4.22.1 * php7-dba-7.4.33-150400.4.22.1 * php7-embed-debuginfo-7.4.33-150400.4.22.1 * apache2-mod_php7-debuginfo-7.4.33-150400.4.22.1 * php7-tidy-debuginfo-7.4.33-150400.4.22.1 * php7-embed-debugsource-7.4.33-150400.4.22.1 * php7-pdo-7.4.33-150400.4.22.1 * php7-opcache-7.4.33-150400.4.22.1 * php7-sysvshm-debuginfo-7.4.33-150400.4.22.1 * php7-openssl-7.4.33-150400.4.22.1 * php7-shmop-debuginfo-7.4.33-150400.4.22.1 * apache2-mod_php7-7.4.33-150400.4.22.1 * php7-exif-debuginfo-7.4.33-150400.4.22.1 * php7-bcmath-debuginfo-7.4.33-150400.4.22.1 * php7-ctype-7.4.33-150400.4.22.1 * php7-tokenizer-debuginfo-7.4.33-150400.4.22.1 * php7-enchant-7.4.33-150400.4.22.1 * php7-dom-7.4.33-150400.4.22.1 * php7-odbc-7.4.33-150400.4.22.1 * php7-sysvshm-7.4.33-150400.4.22.1 * php7-pcntl-7.4.33-150400.4.22.1 * php7-pdo-debuginfo-7.4.33-150400.4.22.1 * php7-pgsql-debuginfo-7.4.33-150400.4.22.1 * php7-fpm-debugsource-7.4.33-150400.4.22.1 * php7-calendar-debuginfo-7.4.33-150400.4.22.1 * php7-calendar-7.4.33-150400.4.22.1 * php7-xmlreader-7.4.33-150400.4.22.1 * php7-readline-debuginfo-7.4.33-150400.4.22.1 * php7-mbstring-7.4.33-150400.4.22.1 * php7-posix-7.4.33-150400.4.22.1 * php7-debuginfo-7.4.33-150400.4.22.1 * php7-dom-debuginfo-7.4.33-150400.4.22.1 * php7-mysql-7.4.33-150400.4.22.1 * php7-fastcgi-7.4.33-150400.4.22.1 * php7-xmlwriter-debuginfo-7.4.33-150400.4.22.1 * php7-bz2-7.4.33-150400.4.22.1 * php7-fpm-7.4.33-150400.4.22.1 * php7-snmp-7.4.33-150400.4.22.1 * php7-cli-7.4.33-150400.4.22.1 * php7-soap-debuginfo-7.4.33-150400.4.22.1 * php7-xsl-debuginfo-7.4.33-150400.4.22.1 * php7-tokenizer-7.4.33-150400.4.22.1 * php7-exif-7.4.33-150400.4.22.1 * php7-sodium-7.4.33-150400.4.22.1 * php7-fpm-debuginfo-7.4.33-150400.4.22.1 * php7-sockets-7.4.33-150400.4.22.1 * php7-intl-debuginfo-7.4.33-150400.4.22.1 * php7-gd-debuginfo-7.4.33-150400.4.22.1 * php7-intl-7.4.33-150400.4.22.1 * php7-gmp-7.4.33-150400.4.22.1 * apache2-mod_php7-debugsource-7.4.33-150400.4.22.1 * php7-shmop-7.4.33-150400.4.22.1 * php7-curl-7.4.33-150400.4.22.1 * php7-fileinfo-debuginfo-7.4.33-150400.4.22.1 * php7-zip-7.4.33-150400.4.22.1 * php7-7.4.33-150400.4.22.1 * php7-sodium-debuginfo-7.4.33-150400.4.22.1 * php7-fileinfo-7.4.33-150400.4.22.1 * php7-sqlite-7.4.33-150400.4.22.1 * php7-xmlrpc-7.4.33-150400.4.22.1 * php7-xmlwriter-7.4.33-150400.4.22.1 * php7-curl-debuginfo-7.4.33-150400.4.22.1 * php7-fastcgi-debuginfo-7.4.33-150400.4.22.1 * php7-pcntl-debuginfo-7.4.33-150400.4.22.1 * php7-ftp-7.4.33-150400.4.22.1 * php7-xmlrpc-debuginfo-7.4.33-150400.4.22.1 * php7-soap-7.4.33-150400.4.22.1 * php7-tidy-7.4.33-150400.4.22.1 * php7-json-7.4.33-150400.4.22.1 * php7-pgsql-7.4.33-150400.4.22.1 * php7-sysvsem-7.4.33-150400.4.22.1 * php7-xsl-7.4.33-150400.4.22.1 * php7-sysvmsg-7.4.33-150400.4.22.1 * php7-zip-debuginfo-7.4.33-150400.4.22.1 * php7-ldap-debuginfo-7.4.33-150400.4.22.1 * php7-zlib-debuginfo-7.4.33-150400.4.22.1 * php7-posix-debuginfo-7.4.33-150400.4.22.1 * php7-bcmath-7.4.33-150400.4.22.1 * Legacy Module 15-SP4 (aarch64 ppc64le s390x x86_64) * php7-phar-7.4.33-150400.4.22.1 * php7-sysvmsg-debuginfo-7.4.33-150400.4.22.1 * php7-readline-7.4.33-150400.4.22.1 * php7-mysql-debuginfo-7.4.33-150400.4.22.1 * php7-sysvsem-debuginfo-7.4.33-150400.4.22.1 * php7-opcache-debuginfo-7.4.33-150400.4.22.1 * php7-enchant-debuginfo-7.4.33-150400.4.22.1 * php7-sqlite-debuginfo-7.4.33-150400.4.22.1 * php7-ctype-debuginfo-7.4.33-150400.4.22.1 * php7-mbstring-debuginfo-7.4.33-150400.4.22.1 * php7-xmlreader-debuginfo-7.4.33-150400.4.22.1 * php7-gmp-debuginfo-7.4.33-150400.4.22.1 * php7-dba-debuginfo-7.4.33-150400.4.22.1 * php7-iconv-debuginfo-7.4.33-150400.4.22.1 * php7-gettext-debuginfo-7.4.33-150400.4.22.1 * php7-ftp-debuginfo-7.4.33-150400.4.22.1 * php7-openssl-debuginfo-7.4.33-150400.4.22.1 * php7-bz2-debuginfo-7.4.33-150400.4.22.1 * php7-sockets-debuginfo-7.4.33-150400.4.22.1 * php7-debugsource-7.4.33-150400.4.22.1 * php7-snmp-debuginfo-7.4.33-150400.4.22.1 * php7-iconv-7.4.33-150400.4.22.1 * php7-ldap-7.4.33-150400.4.22.1 * php7-cli-debuginfo-7.4.33-150400.4.22.1 * php7-fastcgi-debugsource-7.4.33-150400.4.22.1 * php7-devel-7.4.33-150400.4.22.1 * php7-gd-7.4.33-150400.4.22.1 * php7-json-debuginfo-7.4.33-150400.4.22.1 * php7-odbc-debuginfo-7.4.33-150400.4.22.1 * php7-phar-debuginfo-7.4.33-150400.4.22.1 * php7-gettext-7.4.33-150400.4.22.1 * php7-zlib-7.4.33-150400.4.22.1 * php7-dba-7.4.33-150400.4.22.1 * apache2-mod_php7-debuginfo-7.4.33-150400.4.22.1 * php7-tidy-debuginfo-7.4.33-150400.4.22.1 * php7-pdo-7.4.33-150400.4.22.1 * php7-opcache-7.4.33-150400.4.22.1 * php7-sysvshm-debuginfo-7.4.33-150400.4.22.1 * php7-openssl-7.4.33-150400.4.22.1 * php7-shmop-debuginfo-7.4.33-150400.4.22.1 * apache2-mod_php7-7.4.33-150400.4.22.1 * php7-exif-debuginfo-7.4.33-150400.4.22.1 * php7-bcmath-debuginfo-7.4.33-150400.4.22.1 * php7-ctype-7.4.33-150400.4.22.1 * php7-tokenizer-debuginfo-7.4.33-150400.4.22.1 * php7-enchant-7.4.33-150400.4.22.1 * php7-dom-7.4.33-150400.4.22.1 * php7-odbc-7.4.33-150400.4.22.1 * php7-sysvshm-7.4.33-150400.4.22.1 * php7-pcntl-7.4.33-150400.4.22.1 * php7-pdo-debuginfo-7.4.33-150400.4.22.1 * php7-pgsql-debuginfo-7.4.33-150400.4.22.1 * php7-fpm-debugsource-7.4.33-150400.4.22.1 * php7-calendar-debuginfo-7.4.33-150400.4.22.1 * php7-calendar-7.4.33-150400.4.22.1 * php7-xmlreader-7.4.33-150400.4.22.1 * php7-readline-debuginfo-7.4.33-150400.4.22.1 * php7-mbstring-7.4.33-150400.4.22.1 * php7-posix-7.4.33-150400.4.22.1 * php7-debuginfo-7.4.33-150400.4.22.1 * php7-dom-debuginfo-7.4.33-150400.4.22.1 * php7-mysql-7.4.33-150400.4.22.1 * php7-fastcgi-7.4.33-150400.4.22.1 * php7-xmlwriter-debuginfo-7.4.33-150400.4.22.1 * php7-bz2-7.4.33-150400.4.22.1 * php7-fpm-7.4.33-150400.4.22.1 * php7-snmp-7.4.33-150400.4.22.1 * php7-cli-7.4.33-150400.4.22.1 * php7-soap-debuginfo-7.4.33-150400.4.22.1 * php7-xsl-debuginfo-7.4.33-150400.4.22.1 * php7-tokenizer-7.4.33-150400.4.22.1 * php7-exif-7.4.33-150400.4.22.1 * php7-sodium-7.4.33-150400.4.22.1 * php7-fpm-debuginfo-7.4.33-150400.4.22.1 * php7-sockets-7.4.33-150400.4.22.1 * php7-intl-debuginfo-7.4.33-150400.4.22.1 * php7-gd-debuginfo-7.4.33-150400.4.22.1 * php7-intl-7.4.33-150400.4.22.1 * php7-gmp-7.4.33-150400.4.22.1 * apache2-mod_php7-debugsource-7.4.33-150400.4.22.1 * php7-shmop-7.4.33-150400.4.22.1 * php7-curl-7.4.33-150400.4.22.1 * php7-fileinfo-debuginfo-7.4.33-150400.4.22.1 * php7-zip-7.4.33-150400.4.22.1 * php7-7.4.33-150400.4.22.1 * php7-sodium-debuginfo-7.4.33-150400.4.22.1 * php7-fileinfo-7.4.33-150400.4.22.1 * php7-sqlite-7.4.33-150400.4.22.1 * php7-xmlrpc-7.4.33-150400.4.22.1 * php7-xmlwriter-7.4.33-150400.4.22.1 * php7-curl-debuginfo-7.4.33-150400.4.22.1 * php7-fastcgi-debuginfo-7.4.33-150400.4.22.1 * php7-pcntl-debuginfo-7.4.33-150400.4.22.1 * php7-ftp-7.4.33-150400.4.22.1 * php7-xmlrpc-debuginfo-7.4.33-150400.4.22.1 * php7-soap-7.4.33-150400.4.22.1 * php7-tidy-7.4.33-150400.4.22.1 * php7-json-7.4.33-150400.4.22.1 * php7-pgsql-7.4.33-150400.4.22.1 * php7-sysvsem-7.4.33-150400.4.22.1 * php7-xsl-7.4.33-150400.4.22.1 * php7-sysvmsg-7.4.33-150400.4.22.1 * php7-zip-debuginfo-7.4.33-150400.4.22.1 * php7-ldap-debuginfo-7.4.33-150400.4.22.1 * php7-zlib-debuginfo-7.4.33-150400.4.22.1 * php7-posix-debuginfo-7.4.33-150400.4.22.1 * php7-bcmath-7.4.33-150400.4.22.1 * SUSE Package Hub 15 15-SP4 (aarch64 ppc64le s390x x86_64) * php7-embed-7.4.33-150400.4.22.1 * php7-embed-debugsource-7.4.33-150400.4.22.1 * php7-embed-debuginfo-7.4.33-150400.4.22.1 ## References: * https://www.suse.com/security/cve/CVE-2022-4900.html * https://bugzilla.suse.com/show_bug.cgi?id=1205162 * https://bugzilla.suse.com/show_bug.cgi?id=1208199 * https://bugzilla.suse.com/show_bug.cgi?id=1209537 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Apr 14 16:31:00 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 14 Apr 2023 16:31:00 -0000 Subject: SUSE-SU-2023:1844-1: moderate: Security update for aws-nitro-enclaves-cli Message-ID: <168148986042.23760.5385149657122958523@smelt2.suse.de> # Security update for aws-nitro-enclaves-cli Announcement ID: SUSE-SU-2023:1844-1 Rating: moderate References: * #1196972 * #1208555 Cross-References: * CVE-2022-24713 * CVE-2022-31394 CVSS scores: * CVE-2022-24713 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2022-24713 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2022-31394 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2022-31394 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.4 * Public Cloud Module 15-SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves two vulnerabilities can now be installed. ## Description: This update for aws-nitro-enclaves-cli fixes the following issues: Update aws-nitro-enclaves-cli to version 1.2.2~git0.4ccc639: * CVE-2022-31394: Fixed DoS vulnerability in hyper crate (bsc#1208555). Update aws-nitro-enclaves-cli to version 1.2.0~git2.841ef94: * CVE-2022-24713: Fixed ReDoS vulnerability in regex crate (bsc#1196972). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-1844=1 * Public Cloud Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2023-1844=1 ## Package List: * openSUSE Leap 15.4 (aarch64 x86_64) * aws-nitro-enclaves-binaryblobs-upstream-1.2.2~git0.4ccc639-150400.3.3.1 * aws-nitro-enclaves-cli-1.2.2~git0.4ccc639-150400.3.3.1 * system-group-ne-1.2.2~git0.4ccc639-150400.3.3.1 * aws-nitro-enclaves-cli-debugsource-1.2.2~git0.4ccc639-150400.3.3.1 * aws-nitro-enclaves-binaryblobs-upstream-debuginfo-1.2.2~git0.4ccc639-150400.3.3.1 * aws-nitro-enclaves-cli-debuginfo-1.2.2~git0.4ccc639-150400.3.3.1 * Public Cloud Module 15-SP4 (aarch64 x86_64) * aws-nitro-enclaves-binaryblobs-upstream-1.2.2~git0.4ccc639-150400.3.3.1 * aws-nitro-enclaves-cli-1.2.2~git0.4ccc639-150400.3.3.1 * system-group-ne-1.2.2~git0.4ccc639-150400.3.3.1 * aws-nitro-enclaves-cli-debugsource-1.2.2~git0.4ccc639-150400.3.3.1 * aws-nitro-enclaves-binaryblobs-upstream-debuginfo-1.2.2~git0.4ccc639-150400.3.3.1 * aws-nitro-enclaves-cli-debuginfo-1.2.2~git0.4ccc639-150400.3.3.1 ## References: * https://www.suse.com/security/cve/CVE-2022-24713.html * https://www.suse.com/security/cve/CVE-2022-31394.html * https://bugzilla.suse.com/show_bug.cgi?id=1196972 * https://bugzilla.suse.com/show_bug.cgi?id=1208555 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Apr 14 16:31:05 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 14 Apr 2023 16:31:05 -0000 Subject: SUSE-RU-2023:1842-1: important: Recommended update for crmsh Message-ID: <168148986531.23760.10093184656711094616@smelt2.suse.de> # Recommended update for crmsh Announcement ID: SUSE-RU-2023:1842-1 Rating: important References: * #1202177 * #1206606 * #1208327 * #1208934 * #1208936 * #1209986 Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise High Availability Extension 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has six recommended fixes can now be installed. ## Description: This update for crmsh fixes the following issues: * Check for passwordless SSH between cluster nodes (bsc#1209986) * Fix automatic upgrade to execute quietly and non-interactively (bsc#1208327, bsc#1208934) * Fix automatic upgrade not to run when crmsh is called by a non-root user (bsc#1208936) * Fix `crm cluster start` to wait till all nodes have joined the cluster before starting any resource or fencing systems (bsc#1202177) * Fix crm report to catch read exception and give a error message (bsc#1206606) ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-1842=1 * SUSE Linux Enterprise High Availability Extension 15 SP4 zypper in -t patch SUSE-SLE-Product-HA-15-SP4-2023-1842=1 ## Package List: * openSUSE Leap 15.4 (noarch) * crmsh-test-4.4.1+20230329.13f2537f-150400.3.17.1 * crmsh-scripts-4.4.1+20230329.13f2537f-150400.3.17.1 * crmsh-4.4.1+20230329.13f2537f-150400.3.17.1 * SUSE Linux Enterprise High Availability Extension 15 SP4 (noarch) * crmsh-scripts-4.4.1+20230329.13f2537f-150400.3.17.1 * crmsh-4.4.1+20230329.13f2537f-150400.3.17.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1202177 * https://bugzilla.suse.com/show_bug.cgi?id=1206606 * https://bugzilla.suse.com/show_bug.cgi?id=1208327 * https://bugzilla.suse.com/show_bug.cgi?id=1208934 * https://bugzilla.suse.com/show_bug.cgi?id=1208936 * https://bugzilla.suse.com/show_bug.cgi?id=1209986 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Apr 14 16:31:01 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 14 Apr 2023 16:31:01 -0000 Subject: SUSE-RU-2023:1843-1: important: Recommended update for installation-images Message-ID: <168148986194.23760.7783183369337540321@smelt2.suse.de> # Recommended update for installation-images Announcement ID: SUSE-RU-2023:1843-1 Rating: important References: * #1208981 Affected Products: * Basesystem Module 15-SP4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has one recommended fix can now be installed. ## Description: This update for installation-images fixes the following issues: * Include openssl hmac for SUSE Linux Enterprise Micro (bsc#1208981) ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-1843=1 ## Package List: * Basesystem Module 15-SP4 (noarch) * tftpboot-installation-SLE-15-SP4-s390x-16.57.26-150400.3.9.4 * tftpboot-installation-SLE-15-SP4-ppc64le-16.57.26-150400.3.9.4 * tftpboot-installation-SLE-15-SP4-aarch64-16.57.26-150400.3.9.4 * tftpboot-installation-SLE-15-SP4-x86_64-16.57.26-150400.3.9.4 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1208981 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Apr 14 16:31:07 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 14 Apr 2023 16:31:07 -0000 Subject: SUSE-RU-2023:1841-1: important: Recommended update for drbd-utils Message-ID: <168148986708.23760.8940232746384767897@smelt2.suse.de> # Recommended update for drbd-utils Announcement ID: SUSE-RU-2023:1841-1 Rating: important References: * #1208922 Affected Products: * openSUSE Leap 15.4 * openSUSE Leap Micro 5.3 * SUSE Linux Enterprise High Availability Extension 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 * SUSE Manager Server 4.3 Module 4.3 An update that has one recommended fix can now be installed. ## Description: This update for drbd-utils fixes the following issues: * Fix file conflict with `/lib/drbd` when migrating from SUSE Linux Enterprise 15 Service Pack 3 to Service Pack 4 (bsc#1208922) ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-1841=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-1841=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-1841=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-1841=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-1841=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-1841=1 * SUSE Manager Server 4.3 Module 4.3 zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.3-2023-1841=1 * SUSE Linux Enterprise High Availability Extension 15 SP4 zypper in -t patch SUSE-SLE-Product-HA-15-SP4-2023-1841=1 ## Package List: * openSUSE Leap Micro 5.3 (aarch64 x86_64) * drbd-utils-debugsource-9.19.0-150400.3.14.1 * drbd-utils-debuginfo-9.19.0-150400.3.14.1 * drbd-utils-9.19.0-150400.3.14.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * drbd-utils-debugsource-9.19.0-150400.3.14.1 * drbd-utils-debuginfo-9.19.0-150400.3.14.1 * drbd-utils-9.19.0-150400.3.14.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * drbd-utils-debugsource-9.19.0-150400.3.14.1 * drbd-utils-debuginfo-9.19.0-150400.3.14.1 * drbd-utils-9.19.0-150400.3.14.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * drbd-utils-debugsource-9.19.0-150400.3.14.1 * drbd-utils-debuginfo-9.19.0-150400.3.14.1 * drbd-utils-9.19.0-150400.3.14.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * drbd-utils-debugsource-9.19.0-150400.3.14.1 * drbd-utils-debuginfo-9.19.0-150400.3.14.1 * drbd-utils-9.19.0-150400.3.14.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * drbd-utils-debugsource-9.19.0-150400.3.14.1 * drbd-utils-debuginfo-9.19.0-150400.3.14.1 * drbd-utils-9.19.0-150400.3.14.1 * SUSE Manager Server 4.3 Module 4.3 (aarch64 ppc64le s390x x86_64) * drbd-utils-debugsource-9.19.0-150400.3.14.1 * drbd-utils-debuginfo-9.19.0-150400.3.14.1 * drbd-utils-9.19.0-150400.3.14.1 * SUSE Linux Enterprise High Availability Extension 15 SP4 (aarch64 ppc64le s390x x86_64) * drbd-utils-debugsource-9.19.0-150400.3.14.1 * drbd-utils-debuginfo-9.19.0-150400.3.14.1 * drbd-utils-9.19.0-150400.3.14.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1208922 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Sat Apr 15 07:05:24 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 15 Apr 2023 09:05:24 +0200 (CEST) Subject: SUSE-CU-2023:1132-1: Security update of suse/sle15 Message-ID: <20230415070524.C1B41F36E@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1132-1 Container Tags : suse/sle15:15.1 , suse/sle15:15.1.6.2.754 Container Release : 6.2.754 Severity : important Type : security References : ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1851-1 Released: Fri Apr 14 15:08:38 2023 Summary: Security update for container-suseconnect Type: security Severity: important References: This update for container-suseconnect fixes the following issue: - rebuilt against current go version. The following package changes have been done: - container-suseconnect-2.4.0-150000.4.26.1 updated From sle-updates at lists.suse.com Sat Apr 15 07:07:33 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 15 Apr 2023 09:07:33 +0200 (CEST) Subject: SUSE-CU-2023:1133-1: Security update of suse/sle15 Message-ID: <20230415070733.2F4BDF36E@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1133-1 Container Tags : suse/sle15:15.2 , suse/sle15:15.2.9.5.284 Container Release : 9.5.284 Severity : important Type : security References : ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1851-1 Released: Fri Apr 14 15:08:38 2023 Summary: Security update for container-suseconnect Type: security Severity: important References: This update for container-suseconnect fixes the following issue: - rebuilt against current go version. The following package changes have been done: - container-suseconnect-2.4.0-150000.4.26.1 updated From sle-updates at lists.suse.com Sat Apr 15 07:09:13 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 15 Apr 2023 09:09:13 +0200 (CEST) Subject: SUSE-CU-2023:1134-1: Security update of suse/sle15 Message-ID: <20230415070913.DD3FCF36E@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1134-1 Container Tags : bci/bci-base:15.3 , bci/bci-base:15.3.17.20.123 , suse/sle15:15.3 , suse/sle15:15.3.17.20.123 Container Release : 17.20.123 Severity : important Type : security References : ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1851-1 Released: Fri Apr 14 15:08:38 2023 Summary: Security update for container-suseconnect Type: security Severity: important References: This update for container-suseconnect fixes the following issue: - rebuilt against current go version. The following package changes have been done: - container-suseconnect-2.4.0-150000.4.26.1 updated From sle-updates at lists.suse.com Sat Apr 15 07:16:17 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 15 Apr 2023 09:16:17 +0200 (CEST) Subject: SUSE-CU-2023:1147-1: Security update of bci/openjdk-devel Message-ID: <20230415071617.D80B4F36E@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1147-1 Container Tags : bci/openjdk-devel:11 , bci/openjdk-devel:11-39.54 Container Release : 39.54 Severity : important Type : security References : 1207922 CVE-2023-25193 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1852-1 Released: Fri Apr 14 15:09:39 2023 Summary: Security update for harfbuzz Type: security Severity: important References: 1207922,CVE-2023-25193 This update for harfbuzz fixes the following issues: - CVE-2023-25193: Fixed vulnerability that allowed attackers to trigger O(n^2) growth via consecutive marks (bsc#1207922). The following package changes have been done: - libharfbuzz0-3.4.0-150400.3.6.1 updated - container:bci-openjdk-11-15.4.11-35.27 updated From sle-updates at lists.suse.com Sat Apr 15 07:17:04 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 15 Apr 2023 09:17:04 +0200 (CEST) Subject: SUSE-CU-2023:1148-1: Security update of bci/openjdk Message-ID: <20230415071704.84ADAF36E@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1148-1 Container Tags : bci/openjdk:11 , bci/openjdk:11-35.27 Container Release : 35.27 Severity : important Type : security References : 1207922 CVE-2023-25193 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1852-1 Released: Fri Apr 14 15:09:39 2023 Summary: Security update for harfbuzz Type: security Severity: important References: 1207922,CVE-2023-25193 This update for harfbuzz fixes the following issues: - CVE-2023-25193: Fixed vulnerability that allowed attackers to trigger O(n^2) growth via consecutive marks (bsc#1207922). The following package changes have been done: - libharfbuzz0-3.4.0-150400.3.6.1 updated - container:sles15-image-15.0.0-27.14.51 updated From sle-updates at lists.suse.com Sat Apr 15 07:21:20 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 15 Apr 2023 09:21:20 +0200 (CEST) Subject: SUSE-CU-2023:1159-1: Security update of suse/sle15 Message-ID: <20230415072120.A6A01F36E@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1159-1 Container Tags : bci/bci-base:15.4 , bci/bci-base:15.4.27.14.51 , suse/sle15:15.4 , suse/sle15:15.4.27.14.51 Container Release : 27.14.51 Severity : important Type : security References : ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1851-1 Released: Fri Apr 14 15:08:38 2023 Summary: Security update for container-suseconnect Type: security Severity: important References: This update for container-suseconnect fixes the following issue: - rebuilt against current go version. The following package changes have been done: - container-suseconnect-2.4.0-150000.4.26.1 updated From sle-updates at lists.suse.com Mon Apr 17 16:30:01 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 17 Apr 2023 16:30:01 -0000 Subject: SUSE-SU-2023:1871-1: important: Security update for nodejs10 Message-ID: <168174900180.11680.9794669380052455774@smelt2.suse.de> # Security update for nodejs10 Announcement ID: SUSE-SU-2023:1871-1 Rating: important References: * #1208744 Cross-References: * CVE-2022-25881 CVSS scores: * CVE-2022-25881 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2022-25881 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: * openSUSE Leap 15.4 * SUSE CaaS Platform 4.0 * SUSE Enterprise Storage 7 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 An update that solves one vulnerability can now be installed. ## Description: This update for nodejs10 fixes the following issues: * CVE-2022-25881: Fixed regular expression denial of service vulnerability (bsc#1208744). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-1871=1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-1871=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-1871=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-1871=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-1871=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-1871=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-1871=1 * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-1871=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * npm10-10.24.1-150000.1.59.1 * nodejs10-debuginfo-10.24.1-150000.1.59.1 * nodejs10-debugsource-10.24.1-150000.1.59.1 * nodejs10-10.24.1-150000.1.59.1 * nodejs10-devel-10.24.1-150000.1.59.1 * openSUSE Leap 15.4 (noarch) * nodejs10-docs-10.24.1-150000.1.59.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * npm10-10.24.1-150000.1.59.1 * nodejs10-debuginfo-10.24.1-150000.1.59.1 * nodejs10-debugsource-10.24.1-150000.1.59.1 * nodejs10-10.24.1-150000.1.59.1 * nodejs10-devel-10.24.1-150000.1.59.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (noarch) * nodejs10-docs-10.24.1-150000.1.59.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * npm10-10.24.1-150000.1.59.1 * nodejs10-debuginfo-10.24.1-150000.1.59.1 * nodejs10-debugsource-10.24.1-150000.1.59.1 * nodejs10-10.24.1-150000.1.59.1 * nodejs10-devel-10.24.1-150000.1.59.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * nodejs10-docs-10.24.1-150000.1.59.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * npm10-10.24.1-150000.1.59.1 * nodejs10-debuginfo-10.24.1-150000.1.59.1 * nodejs10-debugsource-10.24.1-150000.1.59.1 * nodejs10-10.24.1-150000.1.59.1 * nodejs10-devel-10.24.1-150000.1.59.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (noarch) * nodejs10-docs-10.24.1-150000.1.59.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * npm10-10.24.1-150000.1.59.1 * nodejs10-debuginfo-10.24.1-150000.1.59.1 * nodejs10-debugsource-10.24.1-150000.1.59.1 * nodejs10-10.24.1-150000.1.59.1 * nodejs10-devel-10.24.1-150000.1.59.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch) * nodejs10-docs-10.24.1-150000.1.59.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * npm10-10.24.1-150000.1.59.1 * nodejs10-debuginfo-10.24.1-150000.1.59.1 * nodejs10-debugsource-10.24.1-150000.1.59.1 * nodejs10-10.24.1-150000.1.59.1 * nodejs10-devel-10.24.1-150000.1.59.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (noarch) * nodejs10-docs-10.24.1-150000.1.59.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * npm10-10.24.1-150000.1.59.1 * nodejs10-debuginfo-10.24.1-150000.1.59.1 * nodejs10-debugsource-10.24.1-150000.1.59.1 * nodejs10-10.24.1-150000.1.59.1 * nodejs10-devel-10.24.1-150000.1.59.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch) * nodejs10-docs-10.24.1-150000.1.59.1 * SUSE Enterprise Storage 7 (aarch64 x86_64) * npm10-10.24.1-150000.1.59.1 * nodejs10-debuginfo-10.24.1-150000.1.59.1 * nodejs10-debugsource-10.24.1-150000.1.59.1 * nodejs10-10.24.1-150000.1.59.1 * nodejs10-devel-10.24.1-150000.1.59.1 * SUSE Enterprise Storage 7 (noarch) * nodejs10-docs-10.24.1-150000.1.59.1 * SUSE CaaS Platform 4.0 (x86_64) * npm10-10.24.1-150000.1.59.1 * nodejs10-debuginfo-10.24.1-150000.1.59.1 * nodejs10-debugsource-10.24.1-150000.1.59.1 * nodejs10-10.24.1-150000.1.59.1 * nodejs10-devel-10.24.1-150000.1.59.1 * SUSE CaaS Platform 4.0 (noarch) * nodejs10-docs-10.24.1-150000.1.59.1 ## References: * https://www.suse.com/security/cve/CVE-2022-25881.html * https://bugzilla.suse.com/show_bug.cgi?id=1208744 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Apr 17 16:30:03 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 17 Apr 2023 16:30:03 -0000 Subject: SUSE-SU-2023:1869-1: moderate: Security update for rubygem-rack Message-ID: <168174900358.11680.8807435671042691336@smelt2.suse.de> # Security update for rubygem-rack Announcement ID: SUSE-SU-2023:1869-1 Rating: moderate References: * #1209503 Cross-References: * CVE-2023-27539 CVSS scores: * CVE-2023-27539 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP3 * SUSE Linux Enterprise Server 12 SP3 * SUSE Linux Enterprise Server 12 SP4 * SUSE OpenStack Cloud Crowbar 8 * SUSE OpenStack Cloud Crowbar 9 An update that solves one vulnerability can now be installed. ## Description: This update for rubygem-rack fixes the following issues: * CVE-2023-27539: Fixed denial of service in header parsing (bsc#1209503). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE OpenStack Cloud Crowbar 8 zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2023-1869=1 * SUSE OpenStack Cloud Crowbar 9 zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2023-1869=1 ## Package List: * SUSE OpenStack Cloud Crowbar 8 (x86_64) * ruby2.1-rubygem-rack-1.6.13-3.19.1 * SUSE OpenStack Cloud Crowbar 9 (x86_64) * ruby2.1-rubygem-rack-1.6.13-3.19.1 ## References: * https://www.suse.com/security/cve/CVE-2023-27539.html * https://bugzilla.suse.com/show_bug.cgi?id=1209503 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Apr 17 16:30:05 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 17 Apr 2023 16:30:05 -0000 Subject: SUSE-RU-2023:1868-1: moderate: Recommended update for polkit-default-privs Message-ID: <168174900554.11680.13799187064961801319@smelt2.suse.de> # Recommended update for polkit-default-privs Announcement ID: SUSE-RU-2023:1868-1 Rating: moderate References: * #1209378 Affected Products: * Basesystem Module 15-SP4 * Development Tools Module 15-SP4 * openSUSE Leap 15.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has one recommended fix can now be installed. ## Description: This update for polkit-default-privs fixes the following issues: * backport of kinfocenter5 whitelisting (bsc#1209378) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-1868=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-1868=1 * Development Tools Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-1868=1 ## Package List: * openSUSE Leap 15.4 (noarch) * polkit-default-privs-13.2+20230317.d2bceab-150400.3.6.1 * polkit-whitelisting-13.2+20230317.d2bceab-150400.3.6.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * rpmlint-mini-1.10-150400.23.8.1 * Basesystem Module 15-SP4 (noarch) * polkit-default-privs-13.2+20230317.d2bceab-150400.3.6.1 * Development Tools Module 15-SP4 (aarch64 ppc64le s390x x86_64) * rpmlint-mini-debuginfo-1.10-150400.23.8.1 * rpmlint-mini-debugsource-1.10-150400.23.8.1 * rpmlint-mini-1.10-150400.23.8.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1209378 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Apr 17 16:30:07 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 17 Apr 2023 16:30:07 -0000 Subject: SUSE-SU-2023:1867-1: important: Security update for gradle Message-ID: <168174900736.11680.9876560850859642423@smelt2.suse.de> # Security update for gradle Announcement ID: SUSE-SU-2023:1867-1 Rating: important References: * #1184807 Cross-References: * CVE-2021-29428 CVSS scores: * CVE-2021-29428 ( SUSE ): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H * CVE-2021-29428 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * Development Tools Module 15-SP4 * openSUSE Leap 15.4 * SUSE Enterprise Storage 7 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves one vulnerability can now be installed. ## Description: This update for gradle fixes the following issues: * CVE-2021-29428: Fixed a local privilege escalation through system temporary directory. (bsc#1184807) ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-1867=1 * Development Tools Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-1867=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-1867=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-1867=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-1867=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-1867=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-1867=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-1867=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-1867=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-1867=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-1867=1 * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-1867=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * gradle-4.4.1-150200.3.7.1 * Development Tools Module 15-SP4 (aarch64 ppc64le s390x x86_64) * gradle-4.4.1-150200.3.7.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * gradle-4.4.1-150200.3.7.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * gradle-4.4.1-150200.3.7.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * gradle-4.4.1-150200.3.7.1 * SUSE Linux Enterprise Real Time 15 SP3 (x86_64) * gradle-4.4.1-150200.3.7.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * gradle-4.4.1-150200.3.7.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * gradle-4.4.1-150200.3.7.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * gradle-4.4.1-150200.3.7.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * gradle-4.4.1-150200.3.7.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * gradle-4.4.1-150200.3.7.1 * SUSE Enterprise Storage 7 (aarch64 x86_64) * gradle-4.4.1-150200.3.7.1 ## References: * https://www.suse.com/security/cve/CVE-2021-29428.html * https://bugzilla.suse.com/show_bug.cgi?id=1184807 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Apr 17 20:30:03 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 17 Apr 2023 20:30:03 -0000 Subject: SUSE-SU-2023:1872-1: important: Security update for nodejs14 Message-ID: <168176340319.32346.12274355646683056383@smelt2.suse.de> # Security update for nodejs14 Announcement ID: SUSE-SU-2023:1872-1 Rating: important References: * #1208744 Cross-References: * CVE-2022-25881 CVSS scores: * CVE-2022-25881 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2022-25881 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP2 * SUSE Linux Enterprise High Performance Computing 12 SP3 * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 * SUSE Linux Enterprise Server 12 SP1 * SUSE Linux Enterprise Server 12 SP2 * SUSE Linux Enterprise Server 12 SP3 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 * SUSE Linux Enterprise Server for SAP Applications 12 SP1 * SUSE Linux Enterprise Server for SAP Applications 12 SP2 * SUSE Linux Enterprise Server for SAP Applications 12 SP3 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * Web and Scripting Module 12 An update that solves one vulnerability can now be installed. ## Description: This update for nodejs14 fixes the following issues: * CVE-2022-25881: Fixed regular expression denial of service vulnerability (bsc#1208744). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Web and Scripting Module 12 zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2023-1872=1 ## Package List: * Web and Scripting Module 12 (aarch64 ppc64le s390x x86_64) * nodejs14-debugsource-14.21.3-6.43.1 * npm14-14.21.3-6.43.1 * nodejs14-debuginfo-14.21.3-6.43.1 * nodejs14-devel-14.21.3-6.43.1 * nodejs14-14.21.3-6.43.1 * Web and Scripting Module 12 (noarch) * nodejs14-docs-14.21.3-6.43.1 ## References: * https://www.suse.com/security/cve/CVE-2022-25881.html * https://bugzilla.suse.com/show_bug.cgi?id=1208744 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Apr 18 08:30:02 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 18 Apr 2023 08:30:02 -0000 Subject: SUSE-SU-2023:1877-1: important: Security update for pgadmin4 Message-ID: <168180660285.4625.16106969412523867400@smelt2.suse.de> # Security update for pgadmin4 Announcement ID: SUSE-SU-2023:1877-1 Rating: important References: * #1207464 Cross-References: * CVE-2023-0241 CVSS scores: * CVE-2023-0241 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2023-0241 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N Affected Products: * openSUSE Leap 15.4 * Server Applications Module 15-SP4 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 An update that solves one vulnerability can now be installed. ## Description: This update for pgadmin4 fixes the following issues: * CVE-2023-0241: Fixed a directory traversal vulnerability (bsc#1207464). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-1877=1 * Server Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2023-1877=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-1877=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-1877=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-1877=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-1877=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-1877=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-1877=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-1877=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-1877=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-1877=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * pgadmin4-4.30-150300.3.9.1 * pgadmin4-debuginfo-4.30-150300.3.9.1 * openSUSE Leap 15.4 (noarch) * pgadmin4-doc-4.30-150300.3.9.1 * pgadmin4-web-4.30-150300.3.9.1 * pgadmin4-web-uwsgi-4.30-150300.3.9.1 * Server Applications Module 15-SP4 (aarch64 ppc64le s390x x86_64) * pgadmin4-4.30-150300.3.9.1 * pgadmin4-debuginfo-4.30-150300.3.9.1 * Server Applications Module 15-SP4 (noarch) * pgadmin4-doc-4.30-150300.3.9.1 * pgadmin4-web-4.30-150300.3.9.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * pgadmin4-4.30-150300.3.9.1 * pgadmin4-debuginfo-4.30-150300.3.9.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * pgadmin4-doc-4.30-150300.3.9.1 * pgadmin4-web-4.30-150300.3.9.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * pgadmin4-4.30-150300.3.9.1 * pgadmin4-debuginfo-4.30-150300.3.9.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * pgadmin4-doc-4.30-150300.3.9.1 * pgadmin4-web-4.30-150300.3.9.1 * SUSE Linux Enterprise Real Time 15 SP3 (x86_64) * pgadmin4-4.30-150300.3.9.1 * pgadmin4-debuginfo-4.30-150300.3.9.1 * SUSE Linux Enterprise Real Time 15 SP3 (noarch) * pgadmin4-doc-4.30-150300.3.9.1 * pgadmin4-web-4.30-150300.3.9.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * pgadmin4-4.30-150300.3.9.1 * pgadmin4-debuginfo-4.30-150300.3.9.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * pgadmin4-doc-4.30-150300.3.9.1 * pgadmin4-web-4.30-150300.3.9.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * pgadmin4-4.30-150300.3.9.1 * pgadmin4-debuginfo-4.30-150300.3.9.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * pgadmin4-doc-4.30-150300.3.9.1 * pgadmin4-web-4.30-150300.3.9.1 * SUSE Manager Proxy 4.2 (x86_64) * pgadmin4-4.30-150300.3.9.1 * pgadmin4-debuginfo-4.30-150300.3.9.1 * SUSE Manager Proxy 4.2 (noarch) * pgadmin4-doc-4.30-150300.3.9.1 * pgadmin4-web-4.30-150300.3.9.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * pgadmin4-4.30-150300.3.9.1 * pgadmin4-debuginfo-4.30-150300.3.9.1 * SUSE Manager Retail Branch Server 4.2 (noarch) * pgadmin4-doc-4.30-150300.3.9.1 * pgadmin4-web-4.30-150300.3.9.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * pgadmin4-4.30-150300.3.9.1 * pgadmin4-debuginfo-4.30-150300.3.9.1 * SUSE Manager Server 4.2 (noarch) * pgadmin4-doc-4.30-150300.3.9.1 * pgadmin4-web-4.30-150300.3.9.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * pgadmin4-4.30-150300.3.9.1 * pgadmin4-debuginfo-4.30-150300.3.9.1 * SUSE Enterprise Storage 7.1 (noarch) * pgadmin4-doc-4.30-150300.3.9.1 * pgadmin4-web-4.30-150300.3.9.1 ## References: * https://www.suse.com/security/cve/CVE-2023-0241.html * https://bugzilla.suse.com/show_bug.cgi?id=1207464 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Apr 18 08:30:04 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 18 Apr 2023 08:30:04 -0000 Subject: SUSE-SU-2023:1876-1: important: Security update for nodejs12 Message-ID: <168180660480.4625.1940833278829064443@smelt2.suse.de> # Security update for nodejs12 Announcement ID: SUSE-SU-2023:1876-1 Rating: important References: * #1208744 Cross-References: * CVE-2022-25881 CVSS scores: * CVE-2022-25881 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2022-25881 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: * openSUSE Leap 15.4 * SUSE Enterprise Storage 7 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Manager Server 4.2 An update that solves one vulnerability can now be installed. ## Description: This update for nodejs12 fixes the following issues: * CVE-2022-25881: Fixed regular expression denial of service vulnerability (bsc#1208744). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-1876=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-1876=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-1876=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-1876=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-1876=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-1876=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-1876=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-1876=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-1876=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-1876=1 * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-1876=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * nodejs12-12.22.12-150200.4.47.1 * nodejs12-debuginfo-12.22.12-150200.4.47.1 * npm12-12.22.12-150200.4.47.1 * nodejs12-debugsource-12.22.12-150200.4.47.1 * nodejs12-devel-12.22.12-150200.4.47.1 * openSUSE Leap 15.4 (noarch) * nodejs12-docs-12.22.12-150200.4.47.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * nodejs12-12.22.12-150200.4.47.1 * nodejs12-debuginfo-12.22.12-150200.4.47.1 * npm12-12.22.12-150200.4.47.1 * nodejs12-debugsource-12.22.12-150200.4.47.1 * nodejs12-devel-12.22.12-150200.4.47.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * nodejs12-docs-12.22.12-150200.4.47.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * nodejs12-12.22.12-150200.4.47.1 * nodejs12-debuginfo-12.22.12-150200.4.47.1 * npm12-12.22.12-150200.4.47.1 * nodejs12-debugsource-12.22.12-150200.4.47.1 * nodejs12-devel-12.22.12-150200.4.47.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * nodejs12-docs-12.22.12-150200.4.47.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * nodejs12-12.22.12-150200.4.47.1 * nodejs12-debuginfo-12.22.12-150200.4.47.1 * npm12-12.22.12-150200.4.47.1 * nodejs12-debugsource-12.22.12-150200.4.47.1 * nodejs12-devel-12.22.12-150200.4.47.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * nodejs12-docs-12.22.12-150200.4.47.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * nodejs12-12.22.12-150200.4.47.1 * nodejs12-debuginfo-12.22.12-150200.4.47.1 * npm12-12.22.12-150200.4.47.1 * nodejs12-debugsource-12.22.12-150200.4.47.1 * nodejs12-devel-12.22.12-150200.4.47.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch) * nodejs12-docs-12.22.12-150200.4.47.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * nodejs12-12.22.12-150200.4.47.1 * nodejs12-debuginfo-12.22.12-150200.4.47.1 * npm12-12.22.12-150200.4.47.1 * nodejs12-debugsource-12.22.12-150200.4.47.1 * nodejs12-devel-12.22.12-150200.4.47.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * nodejs12-docs-12.22.12-150200.4.47.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * nodejs12-12.22.12-150200.4.47.1 * nodejs12-debuginfo-12.22.12-150200.4.47.1 * npm12-12.22.12-150200.4.47.1 * nodejs12-debugsource-12.22.12-150200.4.47.1 * nodejs12-devel-12.22.12-150200.4.47.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch) * nodejs12-docs-12.22.12-150200.4.47.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * nodejs12-12.22.12-150200.4.47.1 * nodejs12-debuginfo-12.22.12-150200.4.47.1 * npm12-12.22.12-150200.4.47.1 * nodejs12-debugsource-12.22.12-150200.4.47.1 * nodejs12-devel-12.22.12-150200.4.47.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * nodejs12-docs-12.22.12-150200.4.47.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * nodejs12-12.22.12-150200.4.47.1 * nodejs12-debuginfo-12.22.12-150200.4.47.1 * npm12-12.22.12-150200.4.47.1 * nodejs12-debugsource-12.22.12-150200.4.47.1 * nodejs12-devel-12.22.12-150200.4.47.1 * SUSE Manager Server 4.2 (noarch) * nodejs12-docs-12.22.12-150200.4.47.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * nodejs12-12.22.12-150200.4.47.1 * nodejs12-debuginfo-12.22.12-150200.4.47.1 * npm12-12.22.12-150200.4.47.1 * nodejs12-debugsource-12.22.12-150200.4.47.1 * nodejs12-devel-12.22.12-150200.4.47.1 * SUSE Enterprise Storage 7.1 (noarch) * nodejs12-docs-12.22.12-150200.4.47.1 * SUSE Enterprise Storage 7 (aarch64 x86_64) * nodejs12-12.22.12-150200.4.47.1 * nodejs12-debuginfo-12.22.12-150200.4.47.1 * npm12-12.22.12-150200.4.47.1 * nodejs12-debugsource-12.22.12-150200.4.47.1 * nodejs12-devel-12.22.12-150200.4.47.1 * SUSE Enterprise Storage 7 (noarch) * nodejs12-docs-12.22.12-150200.4.47.1 ## References: * https://www.suse.com/security/cve/CVE-2022-25881.html * https://bugzilla.suse.com/show_bug.cgi?id=1208744 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Apr 18 08:30:06 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 18 Apr 2023 08:30:06 -0000 Subject: SUSE-SU-2023:1875-1: important: Security update for nodejs14 Message-ID: <168180660673.4625.11169355165312535923@smelt2.suse.de> # Security update for nodejs14 Announcement ID: SUSE-SU-2023:1875-1 Rating: important References: * #1208744 Cross-References: * CVE-2022-25881 CVSS scores: * CVE-2022-25881 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2022-25881 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: * openSUSE Leap 15.4 * SUSE Enterprise Storage 7 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Manager Server 4.2 An update that solves one vulnerability can now be installed. ## Description: This update for nodejs14 fixes the following issues: * CVE-2022-25881: Fixed regular expression denial of service vulnerability (bsc#1208744). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-1875=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-1875=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-1875=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-1875=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-1875=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-1875=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-1875=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-1875=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-1875=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-1875=1 * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-1875=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * corepack14-14.21.3-150200.15.46.1 * nodejs14-debuginfo-14.21.3-150200.15.46.1 * npm14-14.21.3-150200.15.46.1 * nodejs14-debugsource-14.21.3-150200.15.46.1 * nodejs14-14.21.3-150200.15.46.1 * nodejs14-devel-14.21.3-150200.15.46.1 * openSUSE Leap 15.4 (noarch) * nodejs14-docs-14.21.3-150200.15.46.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * nodejs14-debuginfo-14.21.3-150200.15.46.1 * npm14-14.21.3-150200.15.46.1 * nodejs14-debugsource-14.21.3-150200.15.46.1 * nodejs14-14.21.3-150200.15.46.1 * nodejs14-devel-14.21.3-150200.15.46.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * nodejs14-docs-14.21.3-150200.15.46.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * nodejs14-debuginfo-14.21.3-150200.15.46.1 * npm14-14.21.3-150200.15.46.1 * nodejs14-debugsource-14.21.3-150200.15.46.1 * nodejs14-14.21.3-150200.15.46.1 * nodejs14-devel-14.21.3-150200.15.46.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * nodejs14-docs-14.21.3-150200.15.46.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * nodejs14-debuginfo-14.21.3-150200.15.46.1 * npm14-14.21.3-150200.15.46.1 * nodejs14-debugsource-14.21.3-150200.15.46.1 * nodejs14-14.21.3-150200.15.46.1 * nodejs14-devel-14.21.3-150200.15.46.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * nodejs14-docs-14.21.3-150200.15.46.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * nodejs14-debuginfo-14.21.3-150200.15.46.1 * npm14-14.21.3-150200.15.46.1 * nodejs14-debugsource-14.21.3-150200.15.46.1 * nodejs14-14.21.3-150200.15.46.1 * nodejs14-devel-14.21.3-150200.15.46.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch) * nodejs14-docs-14.21.3-150200.15.46.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * nodejs14-debuginfo-14.21.3-150200.15.46.1 * npm14-14.21.3-150200.15.46.1 * nodejs14-debugsource-14.21.3-150200.15.46.1 * nodejs14-14.21.3-150200.15.46.1 * nodejs14-devel-14.21.3-150200.15.46.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * nodejs14-docs-14.21.3-150200.15.46.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * nodejs14-debuginfo-14.21.3-150200.15.46.1 * npm14-14.21.3-150200.15.46.1 * nodejs14-debugsource-14.21.3-150200.15.46.1 * nodejs14-14.21.3-150200.15.46.1 * nodejs14-devel-14.21.3-150200.15.46.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch) * nodejs14-docs-14.21.3-150200.15.46.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * nodejs14-debuginfo-14.21.3-150200.15.46.1 * npm14-14.21.3-150200.15.46.1 * nodejs14-debugsource-14.21.3-150200.15.46.1 * nodejs14-14.21.3-150200.15.46.1 * nodejs14-devel-14.21.3-150200.15.46.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * nodejs14-docs-14.21.3-150200.15.46.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * nodejs14-debuginfo-14.21.3-150200.15.46.1 * npm14-14.21.3-150200.15.46.1 * nodejs14-debugsource-14.21.3-150200.15.46.1 * nodejs14-14.21.3-150200.15.46.1 * nodejs14-devel-14.21.3-150200.15.46.1 * SUSE Manager Server 4.2 (noarch) * nodejs14-docs-14.21.3-150200.15.46.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * nodejs14-debuginfo-14.21.3-150200.15.46.1 * npm14-14.21.3-150200.15.46.1 * nodejs14-debugsource-14.21.3-150200.15.46.1 * nodejs14-14.21.3-150200.15.46.1 * nodejs14-devel-14.21.3-150200.15.46.1 * SUSE Enterprise Storage 7.1 (noarch) * nodejs14-docs-14.21.3-150200.15.46.1 * SUSE Enterprise Storage 7 (aarch64 x86_64) * nodejs14-debuginfo-14.21.3-150200.15.46.1 * npm14-14.21.3-150200.15.46.1 * nodejs14-debugsource-14.21.3-150200.15.46.1 * nodejs14-14.21.3-150200.15.46.1 * nodejs14-devel-14.21.3-150200.15.46.1 * SUSE Enterprise Storage 7 (noarch) * nodejs14-docs-14.21.3-150200.15.46.1 ## References: * https://www.suse.com/security/cve/CVE-2022-25881.html * https://bugzilla.suse.com/show_bug.cgi?id=1208744 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Apr 18 08:30:08 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 18 Apr 2023 08:30:08 -0000 Subject: SUSE-SU-2023:1874-1: important: Security update for wayland Message-ID: <168180660879.4625.2497569305973677921@smelt2.suse.de> # Security update for wayland Announcement ID: SUSE-SU-2023:1874-1 Rating: important References: * #1190486 Cross-References: * CVE-2021-3782 CVSS scores: * CVE-2021-3782 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2021-3782 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE CaaS Platform 4.0 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 An update that solves one vulnerability can now be installed. ## Description: This update for wayland fixes the following issues: * CVE-2021-3782: Fixed a reference-count overflow in libwayland-server SHM handling. (bsc#1190486) ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-1874=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-1874=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-1874=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. ## Package List: * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * libwayland-egl1-99~1.16.0-150100.7.3.1 * libwayland-server0-1.16.0-150100.7.3.1 * libwayland-cursor0-1.16.0-150100.7.3.1 * wayland-debugsource-1.16.0-150100.7.3.1 * wayland-devel-debuginfo-1.16.0-150100.7.3.1 * wayland-devel-1.16.0-150100.7.3.1 * libwayland-client0-debuginfo-1.16.0-150100.7.3.1 * libwayland-egl1-debuginfo-99~1.16.0-150100.7.3.1 * libwayland-server0-debuginfo-1.16.0-150100.7.3.1 * libwayland-client0-1.16.0-150100.7.3.1 * libwayland-cursor0-debuginfo-1.16.0-150100.7.3.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (x86_64) * libwayland-server0-32bit-debuginfo-1.16.0-150100.7.3.1 * libwayland-server0-32bit-1.16.0-150100.7.3.1 * libwayland-client0-32bit-1.16.0-150100.7.3.1 * libwayland-client0-32bit-debuginfo-1.16.0-150100.7.3.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * libwayland-egl1-99~1.16.0-150100.7.3.1 * libwayland-server0-1.16.0-150100.7.3.1 * libwayland-cursor0-1.16.0-150100.7.3.1 * wayland-debugsource-1.16.0-150100.7.3.1 * wayland-devel-debuginfo-1.16.0-150100.7.3.1 * wayland-devel-1.16.0-150100.7.3.1 * libwayland-client0-debuginfo-1.16.0-150100.7.3.1 * libwayland-egl1-debuginfo-99~1.16.0-150100.7.3.1 * libwayland-server0-debuginfo-1.16.0-150100.7.3.1 * libwayland-client0-1.16.0-150100.7.3.1 * libwayland-cursor0-debuginfo-1.16.0-150100.7.3.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (x86_64) * libwayland-server0-32bit-debuginfo-1.16.0-150100.7.3.1 * libwayland-server0-32bit-1.16.0-150100.7.3.1 * libwayland-client0-32bit-1.16.0-150100.7.3.1 * libwayland-client0-32bit-debuginfo-1.16.0-150100.7.3.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * libwayland-egl1-99~1.16.0-150100.7.3.1 * libwayland-server0-1.16.0-150100.7.3.1 * libwayland-cursor0-1.16.0-150100.7.3.1 * wayland-debugsource-1.16.0-150100.7.3.1 * wayland-devel-debuginfo-1.16.0-150100.7.3.1 * wayland-devel-1.16.0-150100.7.3.1 * libwayland-client0-debuginfo-1.16.0-150100.7.3.1 * libwayland-egl1-debuginfo-99~1.16.0-150100.7.3.1 * libwayland-server0-debuginfo-1.16.0-150100.7.3.1 * libwayland-client0-1.16.0-150100.7.3.1 * libwayland-cursor0-debuginfo-1.16.0-150100.7.3.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (x86_64) * libwayland-server0-32bit-debuginfo-1.16.0-150100.7.3.1 * libwayland-server0-32bit-1.16.0-150100.7.3.1 * libwayland-client0-32bit-1.16.0-150100.7.3.1 * libwayland-client0-32bit-debuginfo-1.16.0-150100.7.3.1 * SUSE CaaS Platform 4.0 (x86_64) * libwayland-egl1-99~1.16.0-150100.7.3.1 * libwayland-server0-1.16.0-150100.7.3.1 * libwayland-cursor0-1.16.0-150100.7.3.1 * libwayland-client0-32bit-1.16.0-150100.7.3.1 * wayland-debugsource-1.16.0-150100.7.3.1 * wayland-devel-debuginfo-1.16.0-150100.7.3.1 * libwayland-server0-debuginfo-1.16.0-150100.7.3.1 * wayland-devel-1.16.0-150100.7.3.1 * libwayland-client0-debuginfo-1.16.0-150100.7.3.1 * libwayland-cursor0-debuginfo-1.16.0-150100.7.3.1 * libwayland-egl1-debuginfo-99~1.16.0-150100.7.3.1 * libwayland-server0-32bit-debuginfo-1.16.0-150100.7.3.1 * libwayland-server0-32bit-1.16.0-150100.7.3.1 * libwayland-client0-32bit-debuginfo-1.16.0-150100.7.3.1 * libwayland-client0-1.16.0-150100.7.3.1 ## References: * https://www.suse.com/security/cve/CVE-2021-3782.html * https://bugzilla.suse.com/show_bug.cgi?id=1190486 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Apr 18 08:30:11 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 18 Apr 2023 08:30:11 -0000 Subject: SUSE-SU-2023:1873-1: important: Security update for wayland Message-ID: <168180661194.4625.6781958151780657491@smelt2.suse.de> # Security update for wayland Announcement ID: SUSE-SU-2023:1873-1 Rating: important References: * #1190486 Cross-References: * CVE-2021-3782 CVSS scores: * CVE-2021-3782 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2021-3782 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Enterprise Storage 7 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Manager Proxy 4.2 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Server 4.2 An update that solves one vulnerability can now be installed. ## Description: This update for wayland fixes the following issues: * CVE-2021-3782: Fixed a reference-count overflow in libwayland-server SHM handling. (bsc#1190486) ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-1873=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-1873=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-1873=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-1873=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-1873=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-1873=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-1873=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-1873=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-1873=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-1873=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-1873=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-1873=1 * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-1873=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-1873=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-1873=1 ## Package List: * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * libwayland-cursor0-1.18.0-150200.3.3.1 * libwayland-egl1-99~1.18.0-150200.3.3.1 * libwayland-server0-1.18.0-150200.3.3.1 * wayland-devel-1.18.0-150200.3.3.1 * libwayland-client0-1.18.0-150200.3.3.1 * wayland-devel-debuginfo-1.18.0-150200.3.3.1 * libwayland-client0-debuginfo-1.18.0-150200.3.3.1 * wayland-debugsource-1.18.0-150200.3.3.1 * libwayland-server0-debuginfo-1.18.0-150200.3.3.1 * libwayland-egl1-debuginfo-99~1.18.0-150200.3.3.1 * libwayland-cursor0-debuginfo-1.18.0-150200.3.3.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (x86_64) * libwayland-client0-32bit-debuginfo-1.18.0-150200.3.3.1 * libwayland-client0-32bit-1.18.0-150200.3.3.1 * libwayland-server0-32bit-debuginfo-1.18.0-150200.3.3.1 * libwayland-server0-32bit-1.18.0-150200.3.3.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * libwayland-cursor0-1.18.0-150200.3.3.1 * libwayland-egl1-99~1.18.0-150200.3.3.1 * libwayland-server0-1.18.0-150200.3.3.1 * wayland-devel-1.18.0-150200.3.3.1 * libwayland-client0-1.18.0-150200.3.3.1 * wayland-devel-debuginfo-1.18.0-150200.3.3.1 * libwayland-client0-debuginfo-1.18.0-150200.3.3.1 * wayland-debugsource-1.18.0-150200.3.3.1 * libwayland-server0-debuginfo-1.18.0-150200.3.3.1 * libwayland-egl1-debuginfo-99~1.18.0-150200.3.3.1 * libwayland-cursor0-debuginfo-1.18.0-150200.3.3.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (x86_64) * libwayland-client0-32bit-debuginfo-1.18.0-150200.3.3.1 * libwayland-client0-32bit-1.18.0-150200.3.3.1 * libwayland-server0-32bit-debuginfo-1.18.0-150200.3.3.1 * libwayland-server0-32bit-1.18.0-150200.3.3.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * libwayland-cursor0-1.18.0-150200.3.3.1 * libwayland-egl1-99~1.18.0-150200.3.3.1 * libwayland-server0-1.18.0-150200.3.3.1 * wayland-devel-1.18.0-150200.3.3.1 * libwayland-client0-1.18.0-150200.3.3.1 * wayland-devel-debuginfo-1.18.0-150200.3.3.1 * libwayland-client0-debuginfo-1.18.0-150200.3.3.1 * wayland-debugsource-1.18.0-150200.3.3.1 * libwayland-server0-debuginfo-1.18.0-150200.3.3.1 * libwayland-egl1-debuginfo-99~1.18.0-150200.3.3.1 * libwayland-cursor0-debuginfo-1.18.0-150200.3.3.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (x86_64) * libwayland-client0-32bit-debuginfo-1.18.0-150200.3.3.1 * libwayland-client0-32bit-1.18.0-150200.3.3.1 * libwayland-server0-32bit-debuginfo-1.18.0-150200.3.3.1 * libwayland-server0-32bit-1.18.0-150200.3.3.1 * SUSE Linux Enterprise Real Time 15 SP3 (x86_64) * libwayland-cursor0-1.18.0-150200.3.3.1 * libwayland-egl1-99~1.18.0-150200.3.3.1 * libwayland-server0-1.18.0-150200.3.3.1 * libwayland-client0-32bit-1.18.0-150200.3.3.1 * wayland-devel-1.18.0-150200.3.3.1 * libwayland-server0-32bit-debuginfo-1.18.0-150200.3.3.1 * libwayland-client0-1.18.0-150200.3.3.1 * wayland-devel-debuginfo-1.18.0-150200.3.3.1 * libwayland-client0-debuginfo-1.18.0-150200.3.3.1 * libwayland-client0-32bit-debuginfo-1.18.0-150200.3.3.1 * wayland-debugsource-1.18.0-150200.3.3.1 * libwayland-server0-32bit-1.18.0-150200.3.3.1 * libwayland-server0-debuginfo-1.18.0-150200.3.3.1 * libwayland-egl1-debuginfo-99~1.18.0-150200.3.3.1 * libwayland-cursor0-debuginfo-1.18.0-150200.3.3.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * libwayland-cursor0-1.18.0-150200.3.3.1 * libwayland-egl1-99~1.18.0-150200.3.3.1 * libwayland-server0-1.18.0-150200.3.3.1 * wayland-devel-1.18.0-150200.3.3.1 * libwayland-client0-1.18.0-150200.3.3.1 * wayland-devel-debuginfo-1.18.0-150200.3.3.1 * libwayland-client0-debuginfo-1.18.0-150200.3.3.1 * wayland-debugsource-1.18.0-150200.3.3.1 * libwayland-server0-debuginfo-1.18.0-150200.3.3.1 * libwayland-egl1-debuginfo-99~1.18.0-150200.3.3.1 * libwayland-cursor0-debuginfo-1.18.0-150200.3.3.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (x86_64) * libwayland-client0-32bit-debuginfo-1.18.0-150200.3.3.1 * libwayland-client0-32bit-1.18.0-150200.3.3.1 * libwayland-server0-32bit-debuginfo-1.18.0-150200.3.3.1 * libwayland-server0-32bit-1.18.0-150200.3.3.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * libwayland-cursor0-1.18.0-150200.3.3.1 * libwayland-egl1-99~1.18.0-150200.3.3.1 * libwayland-server0-1.18.0-150200.3.3.1 * wayland-devel-1.18.0-150200.3.3.1 * libwayland-client0-1.18.0-150200.3.3.1 * wayland-devel-debuginfo-1.18.0-150200.3.3.1 * libwayland-client0-debuginfo-1.18.0-150200.3.3.1 * wayland-debugsource-1.18.0-150200.3.3.1 * libwayland-server0-debuginfo-1.18.0-150200.3.3.1 * libwayland-egl1-debuginfo-99~1.18.0-150200.3.3.1 * libwayland-cursor0-debuginfo-1.18.0-150200.3.3.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (x86_64) * libwayland-client0-32bit-debuginfo-1.18.0-150200.3.3.1 * libwayland-client0-32bit-1.18.0-150200.3.3.1 * libwayland-server0-32bit-debuginfo-1.18.0-150200.3.3.1 * libwayland-server0-32bit-1.18.0-150200.3.3.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * libwayland-cursor0-1.18.0-150200.3.3.1 * libwayland-egl1-99~1.18.0-150200.3.3.1 * libwayland-server0-1.18.0-150200.3.3.1 * wayland-devel-1.18.0-150200.3.3.1 * libwayland-client0-1.18.0-150200.3.3.1 * wayland-devel-debuginfo-1.18.0-150200.3.3.1 * libwayland-client0-debuginfo-1.18.0-150200.3.3.1 * wayland-debugsource-1.18.0-150200.3.3.1 * libwayland-server0-debuginfo-1.18.0-150200.3.3.1 * libwayland-egl1-debuginfo-99~1.18.0-150200.3.3.1 * libwayland-cursor0-debuginfo-1.18.0-150200.3.3.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (x86_64) * libwayland-client0-32bit-debuginfo-1.18.0-150200.3.3.1 * libwayland-client0-32bit-1.18.0-150200.3.3.1 * libwayland-server0-32bit-debuginfo-1.18.0-150200.3.3.1 * libwayland-server0-32bit-1.18.0-150200.3.3.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * libwayland-cursor0-1.18.0-150200.3.3.1 * libwayland-egl1-99~1.18.0-150200.3.3.1 * libwayland-server0-1.18.0-150200.3.3.1 * wayland-devel-1.18.0-150200.3.3.1 * libwayland-client0-1.18.0-150200.3.3.1 * wayland-devel-debuginfo-1.18.0-150200.3.3.1 * libwayland-client0-debuginfo-1.18.0-150200.3.3.1 * wayland-debugsource-1.18.0-150200.3.3.1 * libwayland-server0-debuginfo-1.18.0-150200.3.3.1 * libwayland-egl1-debuginfo-99~1.18.0-150200.3.3.1 * libwayland-cursor0-debuginfo-1.18.0-150200.3.3.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (x86_64) * libwayland-client0-32bit-debuginfo-1.18.0-150200.3.3.1 * libwayland-client0-32bit-1.18.0-150200.3.3.1 * libwayland-server0-32bit-debuginfo-1.18.0-150200.3.3.1 * libwayland-server0-32bit-1.18.0-150200.3.3.1 * SUSE Manager Proxy 4.2 (x86_64) * libwayland-cursor0-1.18.0-150200.3.3.1 * libwayland-egl1-99~1.18.0-150200.3.3.1 * libwayland-server0-1.18.0-150200.3.3.1 * libwayland-client0-32bit-1.18.0-150200.3.3.1 * wayland-devel-1.18.0-150200.3.3.1 * libwayland-server0-32bit-debuginfo-1.18.0-150200.3.3.1 * libwayland-client0-1.18.0-150200.3.3.1 * wayland-devel-debuginfo-1.18.0-150200.3.3.1 * libwayland-client0-debuginfo-1.18.0-150200.3.3.1 * libwayland-client0-32bit-debuginfo-1.18.0-150200.3.3.1 * wayland-debugsource-1.18.0-150200.3.3.1 * libwayland-server0-32bit-1.18.0-150200.3.3.1 * libwayland-server0-debuginfo-1.18.0-150200.3.3.1 * libwayland-egl1-debuginfo-99~1.18.0-150200.3.3.1 * libwayland-cursor0-debuginfo-1.18.0-150200.3.3.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * libwayland-cursor0-1.18.0-150200.3.3.1 * libwayland-egl1-99~1.18.0-150200.3.3.1 * libwayland-server0-1.18.0-150200.3.3.1 * libwayland-client0-32bit-1.18.0-150200.3.3.1 * wayland-devel-1.18.0-150200.3.3.1 * libwayland-server0-32bit-debuginfo-1.18.0-150200.3.3.1 * libwayland-client0-1.18.0-150200.3.3.1 * wayland-devel-debuginfo-1.18.0-150200.3.3.1 * libwayland-client0-debuginfo-1.18.0-150200.3.3.1 * libwayland-client0-32bit-debuginfo-1.18.0-150200.3.3.1 * wayland-debugsource-1.18.0-150200.3.3.1 * libwayland-server0-32bit-1.18.0-150200.3.3.1 * libwayland-server0-debuginfo-1.18.0-150200.3.3.1 * libwayland-egl1-debuginfo-99~1.18.0-150200.3.3.1 * libwayland-cursor0-debuginfo-1.18.0-150200.3.3.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * libwayland-cursor0-1.18.0-150200.3.3.1 * libwayland-egl1-99~1.18.0-150200.3.3.1 * libwayland-server0-1.18.0-150200.3.3.1 * wayland-devel-1.18.0-150200.3.3.1 * libwayland-client0-1.18.0-150200.3.3.1 * wayland-devel-debuginfo-1.18.0-150200.3.3.1 * libwayland-client0-debuginfo-1.18.0-150200.3.3.1 * wayland-debugsource-1.18.0-150200.3.3.1 * libwayland-server0-debuginfo-1.18.0-150200.3.3.1 * libwayland-egl1-debuginfo-99~1.18.0-150200.3.3.1 * libwayland-cursor0-debuginfo-1.18.0-150200.3.3.1 * SUSE Manager Server 4.2 (x86_64) * libwayland-client0-32bit-debuginfo-1.18.0-150200.3.3.1 * libwayland-client0-32bit-1.18.0-150200.3.3.1 * libwayland-server0-32bit-debuginfo-1.18.0-150200.3.3.1 * libwayland-server0-32bit-1.18.0-150200.3.3.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * libwayland-cursor0-1.18.0-150200.3.3.1 * libwayland-egl1-99~1.18.0-150200.3.3.1 * libwayland-server0-1.18.0-150200.3.3.1 * wayland-devel-1.18.0-150200.3.3.1 * libwayland-client0-1.18.0-150200.3.3.1 * wayland-devel-debuginfo-1.18.0-150200.3.3.1 * libwayland-client0-debuginfo-1.18.0-150200.3.3.1 * wayland-debugsource-1.18.0-150200.3.3.1 * libwayland-server0-debuginfo-1.18.0-150200.3.3.1 * libwayland-egl1-debuginfo-99~1.18.0-150200.3.3.1 * libwayland-cursor0-debuginfo-1.18.0-150200.3.3.1 * SUSE Enterprise Storage 7.1 (x86_64) * libwayland-client0-32bit-debuginfo-1.18.0-150200.3.3.1 * libwayland-client0-32bit-1.18.0-150200.3.3.1 * libwayland-server0-32bit-debuginfo-1.18.0-150200.3.3.1 * libwayland-server0-32bit-1.18.0-150200.3.3.1 * SUSE Enterprise Storage 7 (aarch64 x86_64) * libwayland-cursor0-1.18.0-150200.3.3.1 * libwayland-egl1-99~1.18.0-150200.3.3.1 * libwayland-server0-1.18.0-150200.3.3.1 * wayland-devel-1.18.0-150200.3.3.1 * libwayland-client0-1.18.0-150200.3.3.1 * wayland-devel-debuginfo-1.18.0-150200.3.3.1 * libwayland-client0-debuginfo-1.18.0-150200.3.3.1 * wayland-debugsource-1.18.0-150200.3.3.1 * libwayland-server0-debuginfo-1.18.0-150200.3.3.1 * libwayland-egl1-debuginfo-99~1.18.0-150200.3.3.1 * libwayland-cursor0-debuginfo-1.18.0-150200.3.3.1 * SUSE Enterprise Storage 7 (x86_64) * libwayland-client0-32bit-debuginfo-1.18.0-150200.3.3.1 * libwayland-client0-32bit-1.18.0-150200.3.3.1 * libwayland-server0-32bit-debuginfo-1.18.0-150200.3.3.1 * libwayland-server0-32bit-1.18.0-150200.3.3.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * libwayland-cursor0-1.18.0-150200.3.3.1 * libwayland-egl1-99~1.18.0-150200.3.3.1 * libwayland-server0-1.18.0-150200.3.3.1 * libwayland-client0-1.18.0-150200.3.3.1 * libwayland-client0-debuginfo-1.18.0-150200.3.3.1 * wayland-debugsource-1.18.0-150200.3.3.1 * libwayland-server0-debuginfo-1.18.0-150200.3.3.1 * libwayland-egl1-debuginfo-99~1.18.0-150200.3.3.1 * libwayland-cursor0-debuginfo-1.18.0-150200.3.3.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * libwayland-cursor0-1.18.0-150200.3.3.1 * libwayland-egl1-99~1.18.0-150200.3.3.1 * libwayland-server0-1.18.0-150200.3.3.1 * libwayland-client0-1.18.0-150200.3.3.1 * libwayland-client0-debuginfo-1.18.0-150200.3.3.1 * wayland-debugsource-1.18.0-150200.3.3.1 * libwayland-server0-debuginfo-1.18.0-150200.3.3.1 * libwayland-egl1-debuginfo-99~1.18.0-150200.3.3.1 * libwayland-cursor0-debuginfo-1.18.0-150200.3.3.1 ## References: * https://www.suse.com/security/cve/CVE-2021-3782.html * https://bugzilla.suse.com/show_bug.cgi?id=1190486 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Apr 18 12:30:22 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 18 Apr 2023 12:30:22 -0000 Subject: SUSE-SU-2023:1897-1: important: Security update for the Linux Kernel Message-ID: <168182102259.13690.8813697368582078069@smelt2.suse.de> # Security update for the Linux Kernel Announcement ID: SUSE-SU-2023:1897-1 Rating: important References: * #1065729 * #1109158 * #1189998 * #1193629 * #1194869 * #1203200 * #1206552 * #1207168 * #1207185 * #1207574 * #1208602 * #1208815 * #1208829 * #1208902 * #1209052 * #1209118 * #1209256 * #1209290 * #1209292 * #1209366 * #1209532 * #1209547 * #1209556 * #1209572 * #1209600 * #1209634 * #1209635 * #1209636 * #1209681 * #1209684 * #1209687 * #1209779 * #1209788 * #1209798 * #1209799 * #1209804 * #1209805 * #1210050 * #1210203 Cross-References: * CVE-2017-5753 * CVE-2022-4744 * CVE-2023-0394 * CVE-2023-1281 * CVE-2023-1513 * CVE-2023-1582 * CVE-2023-1611 * CVE-2023-1637 * CVE-2023-1652 * CVE-2023-1838 * CVE-2023-23001 * CVE-2023-28327 * CVE-2023-28464 * CVE-2023-28466 CVSS scores: * CVE-2017-5753 ( SUSE ): 7.1 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N * CVE-2017-5753 ( NVD ): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N * CVE-2017-5753 ( NVD ): 5.6 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N * CVE-2022-4744 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-4744 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-0394 ( SUSE ): 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-0394 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-1281 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1281 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1513 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2023-1513 ( NVD ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2023-1582 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-1582 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-1611 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-1611 ( NVD ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2023-1637 ( SUSE ): 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L * CVE-2023-1637 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2023-1652 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1652 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2023-1838 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-1838 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2023-23001 ( SUSE ): 2.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2023-23001 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-28327 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-28464 ( SUSE ): 4.8 CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-28464 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-28466 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-28466 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * Basesystem Module 15-SP4 * Development Tools Module 15-SP4 * Legacy Module 15-SP4 * openSUSE Leap 15.4 * openSUSE Leap Micro 5.3 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Availability Extension 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Live Patching 15-SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Workstation Extension 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves 14 vulnerabilities and has 25 fixes can now be installed. ## Description: The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: * CVE-2023-1611: Fixed an use-after-free flaw in btrfs_search_slot (bsc#1209687). * CVE-2023-1838: Fixed an use-after-free flaw in virtio network subcomponent. This flaw could allow a local attacker to crash the system and lead to a kernel information leak problem. (bsc#1210203). * CVE-2023-0394: Fixed a null pointer dereference in the network subcomponent. This flaw could cause system crashes (bsc#1207168). * CVE-2023-1513: Fixed an uninitialized portions of the kvm_debugregs structure that could be copied to userspace, causing an information leak (bsc#1209532). * CVE-2017-5753: Fixed spectre V1 vulnerability on netlink (bsc#1209547). * CVE-2017-5753: Fixed spectre vulnerability in prlimit (bsc#1209256). * CVE-2023-28464: Fixed user-after-free that could lead to privilege escalation in hci_conn_cleanup in net/bluetooth/hci_conn.c (bsc#1209052). * CVE-2023-28466: Fixed race condition that could lead to use-after-free or NULL pointer dereference in do_tls_getsockopt in net/tls/tls_main.c (bsc#1209366). * CVE-2023-1637: Fixed vulnerability that could lead to unauthorized access to CPU memory after resuming CPU from suspend-to-RAM (bsc#1209779). * CVE-2023-1652: Fixed use-after-free that could lead to DoS and information leak in nfsd4_ssc_setup_dul in fs/nfsd/nfs4proc.c (bsc#1209788). * CVE-2022-4744: Fixed double-free that could lead to DoS or privilege escalation in TUN/TAP device driver functionality (bsc#1209635). * CVE-2023-1281: Fixed use after free that could lead to privilege escalation in tcindex (bsc#1209634). * CVE-2023-1582: Fixed soft lockup in __page_mapcount (bsc#1209636). * CVE-2023-28327: Fixed DoS in in_skb in unix_diag_get_exact() (bsc#1209290). * CVE-2023-23001: Fixed misinterpretation of regulator_get return value in drivers/scsi/ufs/ufs-mediatek.c (bsc#1208829). The following non-security bugs were fixed: * ACPI: x86: utils: Add Cezanne to the list for forcing StorageD3Enable (git- fixes). * alarmtimer: Prevent starvation by small intervals and SIG_IGN (git-fixes) * ALSA: asihpi: check pao in control_message() (git-fixes). * ALSA: hda: intel-dsp-config: add MTL PCI id (git-fixes). * ALSA: hda/ca0132: fixup buffer overrun at tuning_ctl_set() (git-fixes). * ALSA: hda/conexant: Partial revert of a quirk for Lenovo (git-fixes). * ALSA: hda/realtek: Add quirk for Clevo X370SNW (git-fixes). * ALSA: hda/realtek: Add quirk for Lenovo ZhaoYang CF4620Z (git-fixes). * ALSA: hda/realtek: Add quirks for some Clevo laptops (git-fixes). * ALSA: hda/realtek: fix mute/micmute LEDs do not work for a HP platform (git- fixes). * ALSA: hda/realtek: fix mute/micmute LEDs for a HP ProBook (git-fixes). * ALSA: hda/realtek: Fix support for Dell Precision 3260 (git-fixes). * ALSA: hda/realtek: Fix the speaker output on Samsung Galaxy Book2 Pro (git- fixes). * ALSA: usb-audio: Fix recursive locking at XRUN during syncing (git-fixes). * ALSA: usb-audio: Fix regression on detection of Roland VS-100 (git-fixes). * ALSA: ymfpci: Fix BUG_ON in probe function (git-fixes). * arch: fix broken BuildID for arm64 and riscv (bsc#1209798). * ARM: dts: imx6sl: tolino-shine2hd: fix usbotg1 pinctrl (git-fixes). * ARM: dts: imx6sll: e60k02: fix usbotg1 pinctrl (git-fixes). * arm64: dts: freescale: Fix pca954x i2c-mux node names (git-fixes) * arm64: dts: imx8mm-nitrogen-r2: fix WM8960 clock name (git-fixes). * arm64: dts: imx8mn: specify #sound-dai-cells for SAI nodes (git-fixes). * arm64: dts: imx8mp-phycore-som: Remove invalid PMIC property (git-fixes) * arm64: dts: imx8mp: correct usb clocks (git-fixes) * arm64: dts: imx8mq: add mipi csi phy and csi bridge descriptions (git-fixes) * arm64: dts: imx8mq: fix mipi_csi bidirectional port numbers (git-fixes) * arm64: dts: qcom: sm8350: Mark UFS controller as cache coherent (git-fixes). * arm64/cpufeature: Fix field sign for DIT hwcap detection (git-fixes) * ASoC: codecs: tx-macro: Fix for KASAN: slab-out-of-bounds (git-fixes). * atm: idt77252: fix kmemleak when rmmod idt77252 (git-fixes). * Bluetooth: btqcomsmd: Fix command timeout after setting BD address (git- fixes). * Bluetooth: btsdio: fix use after free bug in btsdio_remove due to unfinished work (git-fixes). * Bluetooth: L2CAP: Fix responding with wrong PDU type (git-fixes). * ca8210: fix mac_len negative array access (git-fixes). * ca8210: Fix unsigned mac_len comparison with zero in ca8210_skb_tx() (git- fixes). * can: bcm: bcm_tx_setup(): fix KMSAN uninit-value in vfs_write (git-fixes). * can: isotp: isotp_ops: fix poll() to not report false EPOLLOUT events (git- fixes). * can: j1939: j1939_tp_tx_dat_new(): fix out-of-bounds memory access (git- fixes). * cifs: append path to open_enter trace event (bsc#1193629). * cifs: avoid race conditions with parallel reconnects (bsc#1193629). * cifs: avoid races in parallel reconnects in smb1 (bsc#1193629). * cifs: check only tcon status on tcon related functions (bsc#1193629). * cifs: do not poll server interfaces too regularly (bsc#1193629). * cifs: double lock in cifs_reconnect_tcon() (git-fixes). * cifs: dump pending mids for all channels in DebugData (bsc#1193629). * cifs: empty interface list when server does not support query interfaces (bsc#1193629). * cifs: fix dentry lookups in directory handle cache (bsc#1193629). * cifs: fix DFS traversal oops without CONFIG_CIFS_DFS_UPCALL (bsc#1193629). * cifs: fix missing unload_nls() in smb2_reconnect() (bsc#1193629). * cifs: Fix smb2_set_path_size() (git-fixes). * cifs: fix use-after-free bug in refresh_cache_worker() (bsc#1193629). * cifs: generate signkey for the channel that's reconnecting (bsc#1193629). * cifs: get rid of dead check in smb2_reconnect() (bsc#1193629). * cifs: lock chan_lock outside match_session (bsc#1193629). * cifs: Move the in_send statistic to __smb_send_rqst() (git-fixes). * cifs: prevent infinite recursion in CIFSGetDFSRefer() (bsc#1193629). * cifs: print session id while listing open files (bsc#1193629). * cifs: return DFS root session id in DebugData (bsc#1193629). * cifs: set DFS root session in cifs_get_smb_ses() (bsc#1193629). * cifs: use DFS root session instead of tcon ses (bsc#1193629). * clocksource/drivers/mediatek: Optimize systimer irq clear flow on shutdown (git-fixes). * debugfs: add debugfs_lookup_and_remove() (git-fixes). * drivers/base: Fix unsigned comparison to -1 in CPUMAP_FILE_MAX_BYTES (bsc#1208815). * drivers/base: fix userspace break from using bin_attributes for cpumap and cpulist (bsc#1208815). * drm/amd/display: Add DSC Support for Synaptics Cascaded MST Hub (git-fixes). * drm/amd/display: fix shift-out-of-bounds in CalculateVMAndRowBytes (git- fixes). * drm/amdkfd: Fix an illegal memory access (git-fixes). * drm/bridge: lt8912b: return EPROBE_DEFER if bridge is not found (git-fixes). * drm/etnaviv: fix reference leak when mmaping imported buffer (git-fixes). * drm/i915: Do not use BAR mappings for ring buffers with LLC (git-fixes). * drm/i915: Do not use stolen memory for ring buffers with LLC (git-fixes). * drm/i915: Preserve crtc_state->inherited during state clearing (git-fixes). * drm/i915: Remove unused bits of i915_vma/active api (git-fixes). * drm/i915/active: Fix missing debug object activation (git-fixes). * drm/i915/active: Fix misuse of non-idle barriers as fence trackers (git- fixes). * drm/i915/display: clean up comments (git-fixes). * drm/i915/display: Workaround cursor left overs with PSR2 selective fetch enabled (git-fixes). * drm/i915/display/psr: Handle plane and pipe restrictions at every page flip (git-fixes). * drm/i915/display/psr: Use drm damage helpers to calculate plane damaged area (git-fixes). * drm/i915/gt: perform uc late init after probe error injection (git-fixes). * drm/i915/psr: Use calculated io and fast wake lines (git-fixes). * drm/i915/tc: Fix the ICL PHY ownership check in TC-cold state (git-fixes). * drm/panfrost: Fix the panfrost_mmu_map_fault_addr() error path (git-fixes). * dt-bindings: serial: renesas,scif: Fix 4th IRQ for 4-IRQ SCIFs (git-fixes). * efi: sysfb_efi: Fix DMI quirks not working for simpledrm (git-fixes). * fbdev: au1200fb: Fix potential divide by zero (git-fixes). * fbdev: intelfb: Fix potential divide by zero (git-fixes). * fbdev: lxfb: Fix potential divide by zero (git-fixes). * fbdev: nvidia: Fix potential divide by zero (git-fixes). * fbdev: stifb: Provide valid pixelclock and add fb_check_var() checks (git- fixes). * fbdev: tgafb: Fix potential divide by zero (git-fixes). * firmware: arm_scmi: Fix device node validation for mailbox transport (git- fixes). * fotg210-udc: Add missing completion handler (git-fixes). * ftrace: Fix invalid address access in lookup_rec() when index is 0 (git- fixes). * ftrace: Fix issue that 'direct->addr' not restored in modify_ftrace_direct() (git-fixes). * ftrace: Mark get_lock_parent_ip() __always_inline (git-fixes). * gpio: davinci: Add irq chip flag to skip set wake (git-fixes). * gpio: GPIO_REGMAP: select REGMAP instead of depending on it (git-fixes). * HID: cp2112: Fix driver not registering GPIO IRQ chip as threaded (git- fixes). * HID: intel-ish-hid: ipc: Fix potential use-after-free in work function (git- fixes). * hwmon: fix potential sensor registration fail if of_node is missing (git- fixes). * i2c: hisi: Only use the completion interrupt to finish the transfer (git- fixes). * i2c: imx-lpi2c: check only for enabled interrupt flags (git-fixes). * i2c: xgene-slimpro: Fix out-of-bounds bug in xgene_slimpro_i2c_xfer() (git- fixes). * iio: adc: ad7791: fix IRQ flags (git-fixes). * iio: adc: ti-ads7950: Set `can_sleep` flag for GPIO chip (git-fixes). * iio: adis16480: select CONFIG_CRC32 (git-fixes). * iio: dac: cio-dac: Fix max DAC write value check for 12-bit (git-fixes). * iio: light: cm32181: Unregister second I2C client if present (git-fixes). * Input: alps - fix compatibility with -funsigned-char (bsc#1209805). * Input: focaltech - use explicitly signed char type (git-fixes). * Input: goodix - add Lenovo Yoga Book X90F to nine_bytes_report DMI table (git-fixes). * KABI FIX FOR: NFSv4: keep state manager thread active if swap is enabled (Never, kabi). * kABI workaround for xhci (git-fixes). * kABI: x86/msr: Remove .fixup usage (kabi). * kconfig: Update config changed flag before calling callback (git-fixes). * keys: Do not cache key in task struct if key is requested from kernel thread (git-fixes). * KVM: x86: fix sending PV IPI (git-fixes). * KVM: x86: fix sending PV IPI (git-fixes). * lan78xx: Add missing return code checks (git-fixes). * lan78xx: Fix exception on link speed change (git-fixes). * lan78xx: Fix memory allocation bug (git-fixes). * lan78xx: Fix partial packet errors on suspend/resume (git-fixes). * lan78xx: Fix race condition in disconnect handling (git-fixes). * lan78xx: Fix race conditions in suspend/resume handling (git-fixes). * lan78xx: Fix white space and style issues (git-fixes). * lan78xx: Remove unused pause frame queue (git-fixes). * lan78xx: Remove unused timer (git-fixes). * lan78xx: Set flow control threshold to prevent packet loss (git-fixes). * lockd: set file_lock start and end when decoding nlm4 testargs (git-fixes). * locking/rwbase: Mitigate indefinite writer starvation (bsc#1189998 (PREEMPT_RT prerequisite backports), bsc#1206552). * mm: memcg: fix swapcached stat accounting (bsc#1209804). * mm: mmap: remove newline at the end of the trace (git-fixes). * mmc: atmel-mci: fix race between stop command and start of next command (git-fixes). * mtd: rawnand: meson: fix bitmask for length in command word (git-fixes). * mtd: rawnand: meson: invalidate cache on polling ECC bit (git-fixes). * mtd: rawnand: stm32_fmc2: remove unsupported EDO mode (git-fixes). * mtd: rawnand: stm32_fmc2: use timings.mode instead of checking tRC_min (git- fixes). * mtdblock: tolerate corrected bit-flips (git-fixes). * net: asix: fix modprobe "sysfs: cannot create duplicate filename" (git- fixes). * net: mdio: thunder: Add missing fwnode_handle_put() (git-fixes). * net: phy: dp83869: fix default value for tx-/rx-internal-delay (git-fixes). * net: phy: Ensure state transitions are processed from phy_stop() (git- fixes). * net: phy: nxp-c45-tja11xx: fix MII_BASIC_CONFIG_REV bit (git-fixes). * net: phy: smsc: bail out in lan87xx_read_status if genphy_read_status fails (git-fixes). * net: qcom/emac: Fix use after free bug in emac_remove due to race condition (git-fixes). * net: usb: asix: remove redundant assignment to variable reg (git-fixes). * net: usb: cdc_mbim: avoid altsetting toggling for Telit FE990 (git-fixes). * net: usb: lan78xx: Limit packet length to skb->len (git-fixes). * net: usb: qmi_wwan: add Telit 0x1080 composition (git-fixes). * net: usb: smsc75xx: Limit packet length to skb->len (git-fixes). * net: usb: smsc75xx: Move packet length check to prevent kernel panic in skb_pull (git-fixes). * net: usb: smsc95xx: Limit packet length to skb->len (git-fixes). * net: usb: use eth_hw_addr_set() (git-fixes). * NFS: Fix an Oops in nfs_d_automount() (git-fixes). * NFS: fix disabling of swap (git-fixes). * NFS4trace: fix state manager flag printing (git-fixes). * NFSD: fix handling of readdir in v4root vs. mount upcall timeout (git- fixes). * NFSD: fix leaked reference count of nfsd4_ssc_umount_item (git-fixes). * NFSD: fix problems with cleanup on errors in nfsd4_copy (git-fixes). * NFSD: fix race to check ls_layouts (git-fixes). * NFSD: fix use-after-free in nfsd4_ssc_setup_dul() (git-fixes). * NFSD: Protect against filesystem freezing (git-fixes). * NFSD: shut down the NFSv4 state objects before the filecache (git-fixes). * NFSD: under NFSv4.1, fix double svc_xprt_put on rpc_create failure (git- fixes). * NFSD: zero out pointers after putting nfsd_files on COPY setup error (git- fixes). * NFSv4: Fix a credential leak in _nfs4_discover_trunking() (git-fixes). * NFSv4: Fix a deadlock between nfs4_open_recover_helper() and delegreturn (git-fixes). * NFSv4: Fix hangs when recovering open state after a server reboot (git- fixes). * NFSv4: keep state manager thread active if swap is enabled (git-fixes). * NFSv4: provide mount option to toggle trunking discovery (git-fixes). * NFSv4: Fix initialisation of struct nfs4_label (git-fixes). * NFSv4: Fail client initialisation if state manager thread can't run (git- fixes). * nilfs2: fix kernel-infoleak in nilfs_ioctl_wrap_copy() (git-fixes). * nilfs2: fix sysfs interface lifetime (git-fixes). * nvme-tcp: always fail a request when sending it failed (bsc#1208902). * PCI: hv: Add a per-bus mutex state_lock (bsc#1207185). * PCI: hv: fix a race condition bug in hv_pci_query_relations() (bsc#1207185). * PCI: hv: Fix a race condition in hv_irq_unmask() that can cause panic (bsc#1207185). * PCI: hv: Remove the useless hv_pcichild_state from struct hv_pci_dev (bsc#1207185). * PCI: hv: Use async probing to reduce boot time (bsc#1207185). * PCI/DPC: Await readiness of secondary bus after reset (git-fixes). * pinctrl: amd: Disable and mask interrupts on resume (git-fixes). * pinctrl: at91-pio4: fix domain name assignment (git-fixes). * pinctrl: ocelot: Fix alt mode for ocelot (git-fixes). * platform/chrome: cros_ec_chardev: fix kernel data leak from ioctl (git- fixes). * platform/x86: think-lmi: add debug_cmd (bsc#1210050). * platform/x86: think-lmi: add missing type attribute (git-fixes). * platform/x86: think-lmi: Add possible_values for ThinkStation (git-fixes). * platform/x86: think-lmi: Certificate authentication support (bsc#1210050). * platform/x86: think-lmi: certificate support clean ups (bsc#1210050). * platform/x86: think-lmi: Clean up display of current_value on Thinkstation (git-fixes). * platform/x86: think-lmi: Fix memory leak when showing current settings (git- fixes). * platform/x86: think-lmi: Fix memory leaks when parsing ThinkStation WMI strings (git-fixes). * platform/x86: think-lmi: Move kobject_init() call into tlmi_create_auth() (bsc#1210050). * platform/x86: think-lmi: only display possible_values if available (git- fixes). * platform/x86: think-lmi: Opcode support (bsc#1210050). * platform/x86: think-lmi: Prevent underflow in index_store() (bsc#1210050). * platform/x86: think-lmi: Simplify tlmi_analyze() error handling a bit (bsc#1210050). * platform/x86: think-lmi: use correct possible_values delimiters (git-fixes). * platform/x86: think-lmi: Use min_t() for comparison and assignment (bsc#1210050). * platform/x86: thinkpad_acpi: Accept ibm_init_struct.init() returning -ENODEV (bsc#1210050). * platform/x86: thinkpad_acpi: Add a s2idle resume quirk for a number of laptops (bsc#1210050). * platform/x86: thinkpad_acpi: Add dual fan probe (bsc#1210050). * platform/x86: thinkpad_acpi: Add dual-fan quirk for T15g (2nd gen) (bsc#1210050). * platform/x86: thinkpad_acpi: Add hotkey_notify_extended_hotkey() helper (bsc#1210050). * platform/x86: thinkpad_acpi: Add LED_RETAIN_AT_SHUTDOWN to led_class_devs (bsc#1210050). * platform/x86: thinkpad_acpi: Add lid_logo_dot to the list of safe LEDs (bsc#1210050). * platform/x86: thinkpad_acpi: Add PSC mode support (bsc#1210050). * platform/x86: thinkpad_acpi: Add quirk for ThinkPads without a fan (bsc#1210050). * platform/x86: thinkpad_acpi: clean up dytc profile convert (bsc#1210050). * platform/x86: thinkpad_acpi: Cleanup dytc_profile_available (bsc#1210050). * platform/x86: thinkpad_acpi: consistently check fan_get_status return (bsc#1210050). * platform/x86: thinkpad_acpi: Convert btusb DMI list to quirks (bsc#1210050). * platform/x86: thinkpad_acpi: Convert platform driver to use dev_groups (bsc#1210050). * platform/x86: thinkpad_acpi: Correct dual fan probe (bsc#1210050). * platform/x86: thinkpad_acpi: do not use PSC mode on Intel platforms (bsc#1210050). * platform/x86: thinkpad_acpi: Do not use test_bit on an integer (bsc#1210050). * platform/x86: thinkpad_acpi: Enable s2idle quirk for 21A1 machine type (bsc#1210050). * platform/x86: thinkpad_acpi: Explicitly set to balanced mode on startup (bsc#1210050). * platform/x86: thinkpad_acpi: Fix a memory leak of EFCH MMIO resource (bsc#1210050). * platform/x86: thinkpad_acpi: Fix coccinelle warnings (bsc#1210050). * platform/x86: thinkpad_acpi: Fix compiler warning about uninitialized err variable (bsc#1210050). * platform/x86: thinkpad_acpi: Fix incorrect use of platform profile on AMD platforms (bsc#1210050). * platform/x86: thinkpad_acpi: Fix max_brightness of thinklight (bsc#1210050). * platform/x86: thinkpad_acpi: Fix profile mode display in AMT mode (bsc#1210050). * platform/x86: thinkpad_acpi: Fix profile modes on Intel platforms (bsc#1210050). * platform/x86: thinkpad_acpi: Fix reporting a non present second fan on some models (bsc#1210050). * platform/x86: thinkpad_acpi: Fix the hwmon sysfs-attr showing up in the wrong place (bsc#1210050). * platform/x86: thinkpad_acpi: Fix thermal_temp_input_attr sorting (bsc#1210050). * platform/x86: thinkpad_acpi: Fix thinklight LED brightness returning 255 (bsc#1210050). * platform/x86: thinkpad_acpi: Get privacy-screen / lcdshadow ACPI handles only once (bsc#1210050). * platform/x86: thinkpad_acpi: Make *_init() functions return -ENODEV instead of 1 (bsc#1210050). * platform/x86: thinkpad_acpi: Properly indent code in tpacpi_dytc_profile_init() (bsc#1210050). * platform/x86: thinkpad_acpi: Register tpacpi_pdriver after subdriver init (bsc#1210050). * platform/x86: thinkpad_acpi: Remove "goto err_exit" from hotkey_init() (bsc#1210050). * platform/x86: thinkpad_acpi: Remove unused sensors_pdev_attrs_registered flag (bsc#1210050). * platform/x86: thinkpad_acpi: Restore missing hotkey_tablet_mode and hotkey_radio_sw sysfs-attr (bsc#1210050). * platform/x86: thinkpad_acpi: Simplify dytc_version handling (bsc#1210050). * platform/x86: thinkpad_acpi: Switch to common use of attributes (bsc#1210050). * platform/x86: thinkpad_acpi: tpacpi_attr_group contains driver attributes not device attrs (bsc#1210050). * platform/x86: thinkpad_acpi: Use backlight helper (bsc#1210050). * platform/x86: thinkpad_acpi: use strstarts() (bsc#1210050). * platform/x86: thinkpad-acpi: Add support for automatic mode transitions (bsc#1210050). * platform/x86: thinkpad-acpi: Enable AMT by default on supported systems (bsc#1210050). * platform/x86: thinkpad-acpi: profile capabilities as integer (bsc#1210050). * platform/x86/intel/pmc: Alder Lake PCH slp_s0_residency fix (git-fixes). * pNFS/filelayout: Fix coalescing test for single DS (git-fixes). * power: supply: da9150: Fix use after free bug in da9150_charger_remove due to race condition (git-fixes). * powerpc: Remove linker flag from KBUILD_AFLAGS (bsc#1194869). * powerpc/64s/interrupt: Fix interrupt exit race with security mitigation switch (bsc#1194869). * powerpc/btext: add missing of_node_put (bsc#1065729). * powerpc/ioda/iommu/debugfs: Generate unique debugfs entries (bsc#1194869). * powerpc/iommu: Add missing of_node_put in iommu_init_early_dart (bsc#1194869). * powerpc/iommu: fix memory leak with using debugfs_lookup() (bsc#1194869). * powerpc/kcsan: Exclude udelay to prevent recursive instrumentation (bsc#1194869). * powerpc/kexec_file: fix implicit decl error (bsc#1194869). * powerpc/powernv: fix missing of_node_put in uv_init() (bsc#1194869). * powerpc/powernv/ioda: Skip unallocated resources when mapping to PE (bsc#1065729). * powerpc/pseries/lpar: add missing RTAS retry status handling (bsc#1109158 ltc#169177 git-fixes). * powerpc/pseries/lparcfg: add missing RTAS retry status handling (bsc#1065729). * powerpc/rtas: ensure 4KB alignment for rtas_data_buf (bsc#1065729). * powerpc/vmlinux.lds: Define RUNTIME_DISCARD_EXIT (bsc#1194869). * powerpc/vmlinux.lds: Do not discard .comment (bsc#1194869). * powerpc/vmlinux.lds: Do not discard .rela* for relocatable builds (bsc#1194869). * powerpc/xmon: Fix -Wswitch-unreachable warning in bpt_cmds (bsc#1194869). * ppc64le: HWPOISON_INJECT=m (bsc#1209572). * pwm: cros-ec: Explicitly set .polarity in .get_state() (git-fixes). * pwm: sprd: Explicitly set .polarity in .get_state() (git-fixes). * r8169: fix RTL8168H and RTL8107E rx crc error (git-fixes). * rcu: Fix rcu_torture_read ftrace event (git-fixes). * regulator: Handle deferred clk (git-fixes). * ring-buffer: Fix race while reader and writer are on the same page (git- fixes). * ring-buffer: Handle race between rb_move_tail and rb_check_pages (git- fixes). * ring-buffer: remove obsolete comment for free_buffer_page() (git-fixes). * rpm/constraints.in: increase the disk size for armv6/7 to 24GB It grows and the build fails recently on SLE15-SP4/5. * s390/boot: simplify and fix kernel memory layout setup (bsc#1209600). * s390/dasd: fix no record found for raw_track_access (bsc#1207574). * s390/vfio-ap: fix memory leak in vfio_ap device driver (git-fixes). * sbitmap: Avoid lockups when waker gets preempted (bsc#1209118). * sched/psi: Fix use-after-free in ep_remove_wait_queue() (bsc#1209799). * scsi: qla2xxx: Synchronize the IOCB count to be in order (bsc#1209292 bsc#1209684 bsc#1209556). * sctp: sctp_sock_filter(): avoid list_entry() on possibly empty list (bsc#1208602, git-fixes). * serial: 8250: ASPEED_VUART: select REGMAP instead of depending on it (git- fixes). * serial: 8250: SERIAL_8250_ASPEED_VUART should depend on ARCH_ASPEED (git- fixes). * serial: fsl_lpuart: Fix comment typo (git-fixes). * smb3: fix unusable share after force unmount failure (bsc#1193629). * smb3: lower default deferred close timeout to address perf regression (bsc#1193629). * struct dwc3: mask new member (git-fixes). * SUNRPC: ensure the matching upcall is in-flight upon downcall (git-fixes). * SUNRPC: Fix a server shutdown leak (git-fixes). * SUNRPC: Fix missing release socket in rpc_sockname() (git-fixes). * thunderbolt: Add missing UNSET_INBOUND_SBTX for retimer access (git-fixes). * thunderbolt: Call tb_check_quirks() after initializing adapters (git-fixes). * thunderbolt: Disable interrupt auto clear for rings (git-fixes). * thunderbolt: Rename shadowed variables bit to interrupt_bit and auto_clear_bit (git-fixes). * thunderbolt: Use const qualifier for `ring_interrupt_index` (git-fixes). * thunderbolt: Use scale field when allocating USB3 bandwidth (git-fixes). * timers: Prevent union confusion from unexpected (git-fixes) * trace/hwlat: Do not start per-cpu thread if it is already running (git- fixes). * trace/hwlat: Do not wipe the contents of per-cpu thread data (git-fixes). * trace/hwlat: make use of the helper function kthread_run_on_cpu() (git- fixes). * tracing: Add NULL checks for buffer in ring_buffer_free_read_page() (git- fixes). * tracing: Add trace_array_puts() to write into instance (git-fixes). * tracing: Check field value in hist_field_name() (git-fixes). * tracing: Do not let histogram values have some modifiers (git-fixes). * tracing: Fix wrong return in kprobe_event_gen_test.c (git-fixes). * tracing: Free error logs of tracing instances (git-fixes). * tracing: Have tracing_snapshot_instance_cond() write errors to the appropriate instance (git-fixes). * tracing: Make splice_read available again (git-fixes). * tracing: Make tracepoint lockdep check actually test something (git-fixes). * tracing/hwlat: Replace sched_setaffinity with set_cpus_allowed_ptr (git- fixes). * tty: serial: fsl_lpuart: avoid checking for transfer complete when UARTCTRL_SBK is asserted in lpuart32_tx_empty (git-fixes). * tty: serial: fsl_lpuart: skip waiting for transmission complete when UARTCTRL_SBK is asserted (git-fixes). * tty: serial: sh-sci: Fix Rx on RZ/G2L SCI (git-fixes). * tty: serial: sh-sci: Fix transmit end interrupt handler (git-fixes). * uas: Add US_FL_NO_REPORT_OPCODES for JMicron JMS583Gen 2 (git-fixes). * USB: cdns3: Fix issue with using incorrect PCI device function (git-fixes). * USB: cdnsp: changes PCI Device ID to fix conflict with CNDS3 driver (git- fixes). * USB: cdnsp: Fixes error: uninitialized symbol 'len' (git-fixes). * USB: cdnsp: Fixes issue with redundant Status Stage (git-fixes). * USB: chipdea: core: fix return -EINVAL if request role is the same with current role (git-fixes). * USB: chipidea: fix memory leak with using debugfs_lookup() (git-fixes). * USB: dwc2: fix a devres leak in hw_enable upon suspend resume (git-fixes). * USB: dwc3: Fix a typo in field name (git-fixes). * USB: dwc3: fix memory leak with using debugfs_lookup() (git-fixes). * USB: dwc3: gadget: Add 1ms delay after end transfer command without IOC (git-fixes). * USB: fix memory leak with using debugfs_lookup() (git-fixes). * USB: fotg210: fix memory leak with using debugfs_lookup() (git-fixes). * USB: gadget: bcm63xx_udc: fix memory leak with using debugfs_lookup() (git- fixes). * USB: gadget: gr_udc: fix memory leak with using debugfs_lookup() (git- fixes). * USB: gadget: lpc32xx_udc: fix memory leak with using debugfs_lookup() (git- fixes). * USB: gadget: pxa25x_udc: fix memory leak with using debugfs_lookup() (git- fixes). * USB: gadget: pxa27x_udc: fix memory leak with using debugfs_lookup() (git- fixes). * USB: gadget: u_audio: do not let userspace block driver unbind (git-fixes). * USB: isp116x: fix memory leak with using debugfs_lookup() (git-fixes). * USB: isp1362: fix memory leak with using debugfs_lookup() (git-fixes). * USB: sl811: fix memory leak with using debugfs_lookup() (git-fixes). * USB: typec: altmodes/displayport: Fix configure initial pin assignment (git- fixes). * USB: typec: tcpm: fix warning when handle discover_identity message (git- fixes). * USB: ucsi: Fix NULL pointer deref in ucsi_connector_change() (git-fixes). * USB: ucsi: Fix ucsi->connector race (git-fixes). * USB: uhci: fix memory leak with using debugfs_lookup() (git-fixes). * USB: xhci: tegra: fix sleep in atomic call (git-fixes). * vdpa_sim: set last_used_idx as last_avail_idx in vdpasim_queue_ready (git- fixes). * wifi: mac80211: fix invalid drv_sta_pre_rcu_remove calls for non-uploaded sta (git-fixes). * wifi: mac80211: fix qos on mesh interfaces (git-fixes). * wireguard: ratelimiter: use hrtimer in selftest (git-fixes) * x86: Annotate call_on_stack() (git-fixes). * x86: Annotate call_on_stack() (git-fixes). * x86: link vdso and boot with -z noexecstack --no-warn-rwx-segments (bsc#1203200). * x86/bug: Merge annotate_reachable() into _BUG_FLAGS() asm (git-fixes). * x86/bug: Merge annotate_reachable() into _BUG_FLAGS() asm (git-fixes). * x86/fpu: Cache xfeature flags from CPUID (git-fixes). * x86/fpu: Remove unused supervisor only offsets (git-fixes). * x86/fpu: Remove unused supervisor only offsets (git-fixes). * x86/fpu/xsave: Handle compacted offsets correctly with supervisor states (git-fixes). * x86/fpu/xsave: Handle compacted offsets correctly with supervisor states (git-fixes). * x86/fpu/xstate: Fix the ARCH_REQ_XCOMP_PERM implementation (git-fixes). * x86/fpu/xstate: Fix the ARCH_REQ_XCOMP_PERM implementation (git-fixes). * x86/kvm: Do not use pv tlb/ipi/sched_yield if on 1 vCPU (git-fixes). * x86/kvm: Do not use pv tlb/ipi/sched_yield if on 1 vCPU (git-fixes). * x86/mce: Allow instrumentation during task work queueing (git-fixes). * x86/mce: Allow instrumentation during task work queueing (git-fixes). * x86/mce: Mark mce_end() noinstr (git-fixes). * x86/mce: Mark mce_end() noinstr (git-fixes). * x86/mce: Mark mce_panic() noinstr (git-fixes). * x86/mce: Mark mce_panic() noinstr (git-fixes). * x86/mce: Mark mce_read_aux() noinstr (git-fixes). * x86/mce: Mark mce_read_aux() noinstr (git-fixes). * x86/mce/inject: Avoid out-of-bounds write when setting flags (git-fixes). * x86/mce/inject: Avoid out-of-bounds write when setting flags (git-fixes). * x86/mm: Flush global TLB when switching to trampoline page-table (git- fixes). * x86/mm: Flush global TLB when switching to trampoline page-table (git- fixes). * x86/msr: Remove .fixup usage (git-fixes). * x86/sgx: Free backing memory after faulting the enclave page (git-fixes). * x86/sgx: Free backing memory after faulting the enclave page (git-fixes). * x86/sgx: Silence softlockup detection when releasing large enclaves (git- fixes). * x86/sgx: Silence softlockup detection when releasing large enclaves (git- fixes). * x86/uaccess: Move variable into switch case statement (git-fixes). * x86/uaccess: Move variable into switch case statement (git-fixes). * xfs: convert ptag flags to unsigned (git-fixes). * xfs: do not assert fail on perag references on teardown (git-fixes). * xfs: do not leak btree cursor when insrec fails after a split (git-fixes). * xfs: pass the correct cursor to xfs_iomap_prealloc_size (git-fixes). * xfs: remove xfs_setattr_time() declaration (git-fixes). * xfs: zero inode fork buffer at allocation (git-fixes). * xhci: also avoid the XHCI_ZERO_64B_REGS quirk with a passthrough iommu (git- fixes). * xhci: Free the command allocated for setting LPM if we return early (git- fixes). * xirc2ps_cs: Fix use after free bug in xirc2ps_detach (git-fixes). * xprtrdma: Fix regbuf data not freed in rpcrdma_req_create() (git-fixes). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-1897=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-1897=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-1897=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-1897=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-1897=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-1897=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-1897=1 * Development Tools Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-1897=1 * Legacy Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Legacy-15-SP4-2023-1897=1 * SUSE Linux Enterprise Live Patching 15-SP4 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2023-1897=1 Please note that this is the initial kernel livepatch without fixes itself, this package is later updated by separate standalone kernel livepatch updates. * SUSE Linux Enterprise High Availability Extension 15 SP4 zypper in -t patch SUSE-SLE-Product-HA-15-SP4-2023-1897=1 * SUSE Linux Enterprise Workstation Extension 15 SP4 zypper in -t patch SUSE-SLE-Product-WE-15-SP4-2023-1897=1 ## Package List: * openSUSE Leap Micro 5.3 (aarch64 nosrc x86_64) * kernel-default-5.14.21-150400.24.60.1 * openSUSE Leap Micro 5.3 (aarch64 x86_64) * kernel-default-debugsource-5.14.21-150400.24.60.1 * kernel-default-base-5.14.21-150400.24.60.1.150400.24.24.3 * kernel-default-debuginfo-5.14.21-150400.24.60.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * kernel-default-debuginfo-5.14.21-150400.24.60.1 * kernel-default-devel-debuginfo-5.14.21-150400.24.60.1 * kselftests-kmp-default-5.14.21-150400.24.60.1 * reiserfs-kmp-default-5.14.21-150400.24.60.1 * kernel-default-livepatch-5.14.21-150400.24.60.1 * kernel-syms-5.14.21-150400.24.60.1 * gfs2-kmp-default-5.14.21-150400.24.60.1 * kernel-default-livepatch-devel-5.14.21-150400.24.60.1 * dlm-kmp-default-debuginfo-5.14.21-150400.24.60.1 * kernel-default-devel-5.14.21-150400.24.60.1 * kernel-default-debugsource-5.14.21-150400.24.60.1 * kernel-obs-build-5.14.21-150400.24.60.1 * kselftests-kmp-default-debuginfo-5.14.21-150400.24.60.1 * kernel-default-optional-debuginfo-5.14.21-150400.24.60.1 * ocfs2-kmp-default-debuginfo-5.14.21-150400.24.60.1 * kernel-default-base-5.14.21-150400.24.60.1.150400.24.24.3 * kernel-obs-qa-5.14.21-150400.24.60.1 * kernel-default-extra-debuginfo-5.14.21-150400.24.60.1 * gfs2-kmp-default-debuginfo-5.14.21-150400.24.60.1 * kernel-obs-build-debugsource-5.14.21-150400.24.60.1 * reiserfs-kmp-default-debuginfo-5.14.21-150400.24.60.1 * kernel-default-extra-5.14.21-150400.24.60.1 * dlm-kmp-default-5.14.21-150400.24.60.1 * cluster-md-kmp-default-debuginfo-5.14.21-150400.24.60.1 * ocfs2-kmp-default-5.14.21-150400.24.60.1 * kernel-default-base-rebuild-5.14.21-150400.24.60.1.150400.24.24.3 * cluster-md-kmp-default-5.14.21-150400.24.60.1 * kernel-default-optional-5.14.21-150400.24.60.1 * openSUSE Leap 15.4 (nosrc ppc64le x86_64) * kernel-debug-5.14.21-150400.24.60.1 * openSUSE Leap 15.4 (ppc64le x86_64) * kernel-debug-devel-debuginfo-5.14.21-150400.24.60.1 * kernel-debug-debuginfo-5.14.21-150400.24.60.1 * kernel-debug-livepatch-devel-5.14.21-150400.24.60.1 * kernel-debug-devel-5.14.21-150400.24.60.1 * kernel-debug-debugsource-5.14.21-150400.24.60.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 nosrc) * kernel-default-5.14.21-150400.24.60.1 * openSUSE Leap 15.4 (noarch) * kernel-devel-5.14.21-150400.24.60.1 * kernel-source-vanilla-5.14.21-150400.24.60.1 * kernel-source-5.14.21-150400.24.60.1 * kernel-macros-5.14.21-150400.24.60.1 * kernel-docs-html-5.14.21-150400.24.60.1 * openSUSE Leap 15.4 (noarch nosrc) * kernel-docs-5.14.21-150400.24.60.1 * openSUSE Leap 15.4 (aarch64 nosrc ppc64le x86_64) * kernel-kvmsmall-5.14.21-150400.24.60.1 * openSUSE Leap 15.4 (aarch64 ppc64le x86_64) * kernel-kvmsmall-livepatch-devel-5.14.21-150400.24.60.1 * kernel-kvmsmall-debuginfo-5.14.21-150400.24.60.1 * kernel-kvmsmall-devel-5.14.21-150400.24.60.1 * kernel-kvmsmall-debugsource-5.14.21-150400.24.60.1 * kernel-kvmsmall-devel-debuginfo-5.14.21-150400.24.60.1 * openSUSE Leap 15.4 (nosrc s390x) * kernel-zfcpdump-5.14.21-150400.24.60.1 * openSUSE Leap 15.4 (s390x) * kernel-zfcpdump-debuginfo-5.14.21-150400.24.60.1 * kernel-zfcpdump-debugsource-5.14.21-150400.24.60.1 * openSUSE Leap 15.4 (aarch64) * kernel-64kb-extra-debuginfo-5.14.21-150400.24.60.1 * kernel-64kb-livepatch-devel-5.14.21-150400.24.60.1 * dtb-cavium-5.14.21-150400.24.60.1 * dtb-amd-5.14.21-150400.24.60.1 * dtb-broadcom-5.14.21-150400.24.60.1 * ocfs2-kmp-64kb-debuginfo-5.14.21-150400.24.60.1 * dtb-amazon-5.14.21-150400.24.60.1 * kernel-64kb-optional-5.14.21-150400.24.60.1 * dtb-hisilicon-5.14.21-150400.24.60.1 * dtb-apple-5.14.21-150400.24.60.1 * dlm-kmp-64kb-5.14.21-150400.24.60.1 * dtb-amlogic-5.14.21-150400.24.60.1 * dtb-apm-5.14.21-150400.24.60.1 * dtb-rockchip-5.14.21-150400.24.60.1 * dtb-mediatek-5.14.21-150400.24.60.1 * kernel-64kb-devel-debuginfo-5.14.21-150400.24.60.1 * kernel-64kb-devel-5.14.21-150400.24.60.1 * dtb-exynos-5.14.21-150400.24.60.1 * dtb-renesas-5.14.21-150400.24.60.1 * dtb-sprd-5.14.21-150400.24.60.1 * cluster-md-kmp-64kb-debuginfo-5.14.21-150400.24.60.1 * dtb-arm-5.14.21-150400.24.60.1 * dtb-socionext-5.14.21-150400.24.60.1 * ocfs2-kmp-64kb-5.14.21-150400.24.60.1 * dtb-nvidia-5.14.21-150400.24.60.1 * dlm-kmp-64kb-debuginfo-5.14.21-150400.24.60.1 * kselftests-kmp-64kb-debuginfo-5.14.21-150400.24.60.1 * cluster-md-kmp-64kb-5.14.21-150400.24.60.1 * kernel-64kb-optional-debuginfo-5.14.21-150400.24.60.1 * reiserfs-kmp-64kb-debuginfo-5.14.21-150400.24.60.1 * dtb-marvell-5.14.21-150400.24.60.1 * gfs2-kmp-64kb-5.14.21-150400.24.60.1 * kernel-64kb-extra-5.14.21-150400.24.60.1 * reiserfs-kmp-64kb-5.14.21-150400.24.60.1 * dtb-lg-5.14.21-150400.24.60.1 * dtb-altera-5.14.21-150400.24.60.1 * dtb-qcom-5.14.21-150400.24.60.1 * gfs2-kmp-64kb-debuginfo-5.14.21-150400.24.60.1 * dtb-allwinner-5.14.21-150400.24.60.1 * kselftests-kmp-64kb-5.14.21-150400.24.60.1 * kernel-64kb-debuginfo-5.14.21-150400.24.60.1 * kernel-64kb-debugsource-5.14.21-150400.24.60.1 * dtb-freescale-5.14.21-150400.24.60.1 * dtb-xilinx-5.14.21-150400.24.60.1 * openSUSE Leap 15.4 (nosrc) * dtb-aarch64-5.14.21-150400.24.60.1 * openSUSE Leap 15.4 (aarch64 nosrc) * kernel-64kb-5.14.21-150400.24.60.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 nosrc s390x x86_64) * kernel-default-5.14.21-150400.24.60.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * kernel-default-debugsource-5.14.21-150400.24.60.1 * kernel-default-base-5.14.21-150400.24.60.1.150400.24.24.3 * kernel-default-debuginfo-5.14.21-150400.24.60.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 nosrc s390x x86_64) * kernel-default-5.14.21-150400.24.60.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * kernel-default-debugsource-5.14.21-150400.24.60.1 * kernel-default-base-5.14.21-150400.24.60.1.150400.24.24.3 * kernel-default-debuginfo-5.14.21-150400.24.60.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 nosrc s390x x86_64) * kernel-default-5.14.21-150400.24.60.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * kernel-default-debugsource-5.14.21-150400.24.60.1 * kernel-default-base-5.14.21-150400.24.60.1.150400.24.24.3 * kernel-default-debuginfo-5.14.21-150400.24.60.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 nosrc s390x x86_64) * kernel-default-5.14.21-150400.24.60.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * kernel-default-debugsource-5.14.21-150400.24.60.1 * kernel-default-base-5.14.21-150400.24.60.1.150400.24.24.3 * kernel-default-debuginfo-5.14.21-150400.24.60.1 * Basesystem Module 15-SP4 (aarch64 nosrc) * kernel-64kb-5.14.21-150400.24.60.1 * Basesystem Module 15-SP4 (aarch64) * kernel-64kb-debuginfo-5.14.21-150400.24.60.1 * kernel-64kb-devel-debuginfo-5.14.21-150400.24.60.1 * kernel-64kb-devel-5.14.21-150400.24.60.1 * kernel-64kb-debugsource-5.14.21-150400.24.60.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64 nosrc) * kernel-default-5.14.21-150400.24.60.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * kernel-default-debuginfo-5.14.21-150400.24.60.1 * kernel-default-base-5.14.21-150400.24.60.1.150400.24.24.3 * kernel-default-devel-5.14.21-150400.24.60.1 * kernel-default-debugsource-5.14.21-150400.24.60.1 * kernel-default-devel-debuginfo-5.14.21-150400.24.60.1 * Basesystem Module 15-SP4 (noarch) * kernel-macros-5.14.21-150400.24.60.1 * kernel-devel-5.14.21-150400.24.60.1 * Basesystem Module 15-SP4 (nosrc s390x) * kernel-zfcpdump-5.14.21-150400.24.60.1 * Basesystem Module 15-SP4 (s390x) * kernel-zfcpdump-debuginfo-5.14.21-150400.24.60.1 * kernel-zfcpdump-debugsource-5.14.21-150400.24.60.1 * Development Tools Module 15-SP4 (noarch nosrc) * kernel-docs-5.14.21-150400.24.60.1 * Development Tools Module 15-SP4 (aarch64 ppc64le s390x x86_64) * kernel-obs-build-debugsource-5.14.21-150400.24.60.1 * kernel-syms-5.14.21-150400.24.60.1 * kernel-obs-build-5.14.21-150400.24.60.1 * Development Tools Module 15-SP4 (noarch) * kernel-source-5.14.21-150400.24.60.1 * Legacy Module 15-SP4 (nosrc) * kernel-default-5.14.21-150400.24.60.1 * Legacy Module 15-SP4 (aarch64 ppc64le s390x x86_64) * reiserfs-kmp-default-debuginfo-5.14.21-150400.24.60.1 * kernel-default-debugsource-5.14.21-150400.24.60.1 * kernel-default-debuginfo-5.14.21-150400.24.60.1 * reiserfs-kmp-default-5.14.21-150400.24.60.1 * SUSE Linux Enterprise Live Patching 15-SP4 (nosrc) * kernel-default-5.14.21-150400.24.60.1 * SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150400_24_60-default-debuginfo-1-150400.9.3.2 * kernel-default-debuginfo-5.14.21-150400.24.60.1 * kernel-default-livepatch-devel-5.14.21-150400.24.60.1 * kernel-livepatch-SLE15-SP4_Update_11-debugsource-1-150400.9.3.2 * kernel-default-debugsource-5.14.21-150400.24.60.1 * kernel-default-livepatch-5.14.21-150400.24.60.1 * kernel-livepatch-5_14_21-150400_24_60-default-1-150400.9.3.2 * SUSE Linux Enterprise High Availability Extension 15 SP4 (aarch64 ppc64le s390x x86_64) * cluster-md-kmp-default-debuginfo-5.14.21-150400.24.60.1 * kernel-default-debuginfo-5.14.21-150400.24.60.1 * ocfs2-kmp-default-debuginfo-5.14.21-150400.24.60.1 * dlm-kmp-default-debuginfo-5.14.21-150400.24.60.1 * ocfs2-kmp-default-5.14.21-150400.24.60.1 * kernel-default-debugsource-5.14.21-150400.24.60.1 * gfs2-kmp-default-debuginfo-5.14.21-150400.24.60.1 * cluster-md-kmp-default-5.14.21-150400.24.60.1 * gfs2-kmp-default-5.14.21-150400.24.60.1 * dlm-kmp-default-5.14.21-150400.24.60.1 * SUSE Linux Enterprise High Availability Extension 15 SP4 (nosrc) * kernel-default-5.14.21-150400.24.60.1 * SUSE Linux Enterprise Workstation Extension 15 SP4 (nosrc) * kernel-default-5.14.21-150400.24.60.1 * SUSE Linux Enterprise Workstation Extension 15 SP4 (x86_64) * kernel-default-extra-debuginfo-5.14.21-150400.24.60.1 * kernel-default-debugsource-5.14.21-150400.24.60.1 * kernel-default-debuginfo-5.14.21-150400.24.60.1 * kernel-default-extra-5.14.21-150400.24.60.1 ## References: * https://www.suse.com/security/cve/CVE-2017-5753.html * https://www.suse.com/security/cve/CVE-2022-4744.html * https://www.suse.com/security/cve/CVE-2023-0394.html * https://www.suse.com/security/cve/CVE-2023-1281.html * https://www.suse.com/security/cve/CVE-2023-1513.html * https://www.suse.com/security/cve/CVE-2023-1582.html * https://www.suse.com/security/cve/CVE-2023-1611.html * https://www.suse.com/security/cve/CVE-2023-1637.html * https://www.suse.com/security/cve/CVE-2023-1652.html * https://www.suse.com/security/cve/CVE-2023-1838.html * https://www.suse.com/security/cve/CVE-2023-23001.html * https://www.suse.com/security/cve/CVE-2023-28327.html * https://www.suse.com/security/cve/CVE-2023-28464.html * https://www.suse.com/security/cve/CVE-2023-28466.html * https://bugzilla.suse.com/show_bug.cgi?id=1065729 * https://bugzilla.suse.com/show_bug.cgi?id=1109158 * https://bugzilla.suse.com/show_bug.cgi?id=1189998 * https://bugzilla.suse.com/show_bug.cgi?id=1193629 * https://bugzilla.suse.com/show_bug.cgi?id=1194869 * https://bugzilla.suse.com/show_bug.cgi?id=1203200 * https://bugzilla.suse.com/show_bug.cgi?id=1206552 * https://bugzilla.suse.com/show_bug.cgi?id=1207168 * https://bugzilla.suse.com/show_bug.cgi?id=1207185 * https://bugzilla.suse.com/show_bug.cgi?id=1207574 * https://bugzilla.suse.com/show_bug.cgi?id=1208602 * https://bugzilla.suse.com/show_bug.cgi?id=1208815 * https://bugzilla.suse.com/show_bug.cgi?id=1208829 * https://bugzilla.suse.com/show_bug.cgi?id=1208902 * https://bugzilla.suse.com/show_bug.cgi?id=1209052 * https://bugzilla.suse.com/show_bug.cgi?id=1209118 * https://bugzilla.suse.com/show_bug.cgi?id=1209256 * https://bugzilla.suse.com/show_bug.cgi?id=1209290 * https://bugzilla.suse.com/show_bug.cgi?id=1209292 * https://bugzilla.suse.com/show_bug.cgi?id=1209366 * https://bugzilla.suse.com/show_bug.cgi?id=1209532 * https://bugzilla.suse.com/show_bug.cgi?id=1209547 * https://bugzilla.suse.com/show_bug.cgi?id=1209556 * https://bugzilla.suse.com/show_bug.cgi?id=1209572 * https://bugzilla.suse.com/show_bug.cgi?id=1209600 * https://bugzilla.suse.com/show_bug.cgi?id=1209634 * https://bugzilla.suse.com/show_bug.cgi?id=1209635 * https://bugzilla.suse.com/show_bug.cgi?id=1209636 * https://bugzilla.suse.com/show_bug.cgi?id=1209681 * https://bugzilla.suse.com/show_bug.cgi?id=1209684 * https://bugzilla.suse.com/show_bug.cgi?id=1209687 * https://bugzilla.suse.com/show_bug.cgi?id=1209779 * https://bugzilla.suse.com/show_bug.cgi?id=1209788 * https://bugzilla.suse.com/show_bug.cgi?id=1209798 * https://bugzilla.suse.com/show_bug.cgi?id=1209799 * https://bugzilla.suse.com/show_bug.cgi?id=1209804 * https://bugzilla.suse.com/show_bug.cgi?id=1209805 * https://bugzilla.suse.com/show_bug.cgi?id=1210050 * https://bugzilla.suse.com/show_bug.cgi?id=1210203 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Apr 18 12:30:24 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 18 Apr 2023 12:30:24 -0000 Subject: SUSE-SU-2023:1898-1: moderate: Security update for openssl-3 Message-ID: <168182102488.13690.17363113313349393552@smelt2.suse.de> # Security update for openssl-3 Announcement ID: SUSE-SU-2023:1898-1 Rating: moderate References: * #1209873 * #1209878 * #1210060 Cross-References: * CVE-2023-0465 * CVE-2023-0466 CVSS scores: * CVE-2023-0465 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N * CVE-2023-0465 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2023-0466 ( SUSE ): 2.0 CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N * CVE-2023-0466 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Affected Products: * Basesystem Module 15-SP4 * openSUSE Leap 15.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves two vulnerabilities and has one fix can now be installed. ## Description: This update for openssl-3 fixes the following issues: * CVE-2023-0465: Invalid certificate policies in leaf certificates were silently ignored (bsc#1209878). * CVE-2023-0466: Certificate policy check were not enabled (bsc#1209873). * Update further expiring certificates that affect tests (bsc#1210060) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-1898=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-1898=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * libopenssl3-debuginfo-3.0.1-150400.4.23.1 * openssl-3-debugsource-3.0.1-150400.4.23.1 * openssl-3-3.0.1-150400.4.23.1 * openssl-3-debuginfo-3.0.1-150400.4.23.1 * libopenssl-3-devel-3.0.1-150400.4.23.1 * libopenssl3-3.0.1-150400.4.23.1 * openSUSE Leap 15.4 (x86_64) * libopenssl-3-devel-32bit-3.0.1-150400.4.23.1 * libopenssl3-32bit-debuginfo-3.0.1-150400.4.23.1 * libopenssl3-32bit-3.0.1-150400.4.23.1 * openSUSE Leap 15.4 (noarch) * openssl-3-doc-3.0.1-150400.4.23.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * libopenssl3-debuginfo-3.0.1-150400.4.23.1 * openssl-3-debugsource-3.0.1-150400.4.23.1 * openssl-3-3.0.1-150400.4.23.1 * openssl-3-debuginfo-3.0.1-150400.4.23.1 * libopenssl-3-devel-3.0.1-150400.4.23.1 * libopenssl3-3.0.1-150400.4.23.1 ## References: * https://www.suse.com/security/cve/CVE-2023-0465.html * https://www.suse.com/security/cve/CVE-2023-0466.html * https://bugzilla.suse.com/show_bug.cgi?id=1209873 * https://bugzilla.suse.com/show_bug.cgi?id=1209878 * https://bugzilla.suse.com/show_bug.cgi?id=1210060 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Apr 18 12:30:26 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 18 Apr 2023 12:30:26 -0000 Subject: SUSE-RU-2023:1896-1: critical: Recommended update for cloud-regionsrv-client Message-ID: <168182102613.13690.6209102196309571463@smelt2.suse.de> # Recommended update for cloud-regionsrv-client Announcement ID: SUSE-RU-2023:1896-1 Rating: critical References: Affected Products: * openSUSE Leap 15.4 * openSUSE Leap Micro 5.3 * Public Cloud Module 15-SP2 * Public Cloud Module 15-SP1 * Public Cloud Module 15-SP3 * Public Cloud Module 15-SP4 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.0 * SUSE Manager Proxy 4.1 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.0 * SUSE Manager Retail Branch Server 4.1 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.0 * SUSE Manager Server 4.1 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 An update that can now be installed. ## Description: Release update to the unrestricted channel for SLE-15:Update codestream. ## Patch Instructions: To install this SUSE Critical update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-1896=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-1896=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-1896=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-1896=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-1896=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-1896=1 * Public Cloud Module 15-SP1 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP1-2023-1896=1 * Public Cloud Module 15-SP2 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP2-2023-1896=1 * Public Cloud Module 15-SP3 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP3-2023-1896=1 * Public Cloud Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2023-1896=1 ## Package List: * openSUSE Leap Micro 5.3 (noarch) * cloud-regionsrv-client-addon-azure-1.0.5-150000.6.91.1 * cloud-regionsrv-client-plugin-ec2-1.0.2-150000.6.91.1 * cloud-regionsrv-client-plugin-azure-2.0.0-150000.6.91.1 * cloud-regionsrv-client-generic-config-1.0.0-150000.6.91.1 * cloud-regionsrv-client-plugin-gce-1.0.0-150000.6.91.1 * cloud-regionsrv-client-10.1.0-150000.6.91.1 * openSUSE Leap 15.4 (noarch) * cloud-regionsrv-client-addon-azure-1.0.5-150000.6.91.1 * cloud-regionsrv-client-plugin-ec2-1.0.2-150000.6.91.1 * cloud-regionsrv-client-plugin-azure-2.0.0-150000.6.91.1 * cloud-regionsrv-client-generic-config-1.0.0-150000.6.91.1 * cloud-regionsrv-client-plugin-gce-1.0.0-150000.6.91.1 * cloud-regionsrv-client-10.1.0-150000.6.91.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (noarch) * cloud-regionsrv-client-addon-azure-1.0.5-150000.6.91.1 * cloud-regionsrv-client-plugin-ec2-1.0.2-150000.6.91.1 * cloud-regionsrv-client-plugin-azure-2.0.0-150000.6.91.1 * cloud-regionsrv-client-generic-config-1.0.0-150000.6.91.1 * cloud-regionsrv-client-plugin-gce-1.0.0-150000.6.91.1 * cloud-regionsrv-client-10.1.0-150000.6.91.1 * SUSE Linux Enterprise Micro 5.3 (noarch) * cloud-regionsrv-client-addon-azure-1.0.5-150000.6.91.1 * cloud-regionsrv-client-plugin-ec2-1.0.2-150000.6.91.1 * cloud-regionsrv-client-plugin-azure-2.0.0-150000.6.91.1 * cloud-regionsrv-client-generic-config-1.0.0-150000.6.91.1 * cloud-regionsrv-client-plugin-gce-1.0.0-150000.6.91.1 * cloud-regionsrv-client-10.1.0-150000.6.91.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (noarch) * cloud-regionsrv-client-addon-azure-1.0.5-150000.6.91.1 * cloud-regionsrv-client-plugin-ec2-1.0.2-150000.6.91.1 * cloud-regionsrv-client-plugin-azure-2.0.0-150000.6.91.1 * cloud-regionsrv-client-generic-config-1.0.0-150000.6.91.1 * cloud-regionsrv-client-plugin-gce-1.0.0-150000.6.91.1 * cloud-regionsrv-client-10.1.0-150000.6.91.1 * SUSE Linux Enterprise Micro 5.4 (noarch) * cloud-regionsrv-client-addon-azure-1.0.5-150000.6.91.1 * cloud-regionsrv-client-plugin-ec2-1.0.2-150000.6.91.1 * cloud-regionsrv-client-plugin-azure-2.0.0-150000.6.91.1 * cloud-regionsrv-client-generic-config-1.0.0-150000.6.91.1 * cloud-regionsrv-client-plugin-gce-1.0.0-150000.6.91.1 * cloud-regionsrv-client-10.1.0-150000.6.91.1 * Public Cloud Module 15-SP1 (noarch) * cloud-regionsrv-client-addon-azure-1.0.5-150000.6.91.1 * cloud-regionsrv-client-plugin-ec2-1.0.2-150000.6.91.1 * cloud-regionsrv-client-plugin-azure-2.0.0-150000.6.91.1 * cloud-regionsrv-client-generic-config-1.0.0-150000.6.91.1 * cloud-regionsrv-client-plugin-gce-1.0.0-150000.6.91.1 * cloud-regionsrv-client-10.1.0-150000.6.91.1 * Public Cloud Module 15-SP2 (noarch) * cloud-regionsrv-client-addon-azure-1.0.5-150000.6.91.1 * cloud-regionsrv-client-plugin-ec2-1.0.2-150000.6.91.1 * cloud-regionsrv-client-plugin-azure-2.0.0-150000.6.91.1 * cloud-regionsrv-client-generic-config-1.0.0-150000.6.91.1 * cloud-regionsrv-client-plugin-gce-1.0.0-150000.6.91.1 * cloud-regionsrv-client-10.1.0-150000.6.91.1 * Public Cloud Module 15-SP3 (noarch) * cloud-regionsrv-client-addon-azure-1.0.5-150000.6.91.1 * cloud-regionsrv-client-plugin-ec2-1.0.2-150000.6.91.1 * cloud-regionsrv-client-plugin-azure-2.0.0-150000.6.91.1 * cloud-regionsrv-client-generic-config-1.0.0-150000.6.91.1 * cloud-regionsrv-client-plugin-gce-1.0.0-150000.6.91.1 * cloud-regionsrv-client-10.1.0-150000.6.91.1 * Public Cloud Module 15-SP4 (noarch) * cloud-regionsrv-client-addon-azure-1.0.5-150000.6.91.1 * cloud-regionsrv-client-plugin-ec2-1.0.2-150000.6.91.1 * cloud-regionsrv-client-plugin-azure-2.0.0-150000.6.91.1 * cloud-regionsrv-client-generic-config-1.0.0-150000.6.91.1 * cloud-regionsrv-client-plugin-gce-1.0.0-150000.6.91.1 * cloud-regionsrv-client-10.1.0-150000.6.91.1 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Apr 18 12:30:27 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 18 Apr 2023 12:30:27 -0000 Subject: SUSE-SU-2023:1895-1: important: Security update for the Linux Kernel Message-ID: <168182102782.13690.10219727931864836939@smelt2.suse.de> # Security update for the Linux Kernel Announcement ID: SUSE-SU-2023:1895-1 Rating: important References: * #1209687 * #1210203 Cross-References: * CVE-2023-1611 * CVE-2023-1838 CVSS scores: * CVE-2023-1611 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-1611 ( NVD ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2023-1838 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-1838 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H Affected Products: * openSUSE Leap 15.4 * Public Cloud Module 15-SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves two vulnerabilities can now be installed. ## Description: The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: * CVE-2023-1611: Fixed an use-after-free flaw in btrfs_search_slot (bsc#1209687). * CVE-2023-1838: Fixed an use-after-free flaw in virtio network subcomponent. This flaw could allow a local attacker to crash the system and lead to a kernel information leak problem. (bsc#1210203). The following non-security bugs were fixed: * alarmtimer: Prevent starvation by small intervals and SIG_IGN (git-fixes) * ALSA: asihpi: check pao in control_message() (git-fixes). * ALSA: hda/ca0132: fixup buffer overrun at tuning_ctl_set() (git-fixes). * ALSA: hda/realtek: Add quirk for Clevo X370SNW (git-fixes). * ALSA: hda/realtek: fix mute/micmute LEDs do not work for a HP platform (git- fixes). * ALSA: hda/realtek: fix mute/micmute LEDs for a HP ProBook (git-fixes). * ASoC: codecs: tx-macro: Fix for KASAN: slab-out-of-bounds (git-fixes). * can: isotp: isotp_ops: fix poll() to not report false EPOLLOUT events (git- fixes). * can: j1939: j1939_tp_tx_dat_new(): fix out-of-bounds memory access (git- fixes). * cifs: double lock in cifs_reconnect_tcon() (git-fixes). * clocksource/drivers/mediatek: Optimize systimer irq clear flow on shutdown (git-fixes). * drm/amd/display: Add DSC Support for Synaptics Cascaded MST Hub (git-fixes). * drm/etnaviv: fix reference leak when mmaping imported buffer (git-fixes). * drm/panfrost: Fix the panfrost_mmu_map_fault_addr() error path (git-fixes). * dt-bindings: serial: renesas,scif: Fix 4th IRQ for 4-IRQ SCIFs (git-fixes). * fbdev: au1200fb: Fix potential divide by zero (git-fixes). * fbdev: intelfb: Fix potential divide by zero (git-fixes). * fbdev: lxfb: Fix potential divide by zero (git-fixes). * fbdev: nvidia: Fix potential divide by zero (git-fixes). * fbdev: tgafb: Fix potential divide by zero (git-fixes). * ftrace: Fix issue that 'direct->addr' not restored in modify_ftrace_direct() (git-fixes). * ftrace: Mark get_lock_parent_ip() __always_inline (git-fixes). * gpio: davinci: Add irq chip flag to skip set wake (git-fixes). * gpio: GPIO_REGMAP: select REGMAP instead of depending on it (git-fixes). * iio: adc: ad7791: fix IRQ flags (git-fixes). * iio: adc: ti-ads7950: Set `can_sleep` flag for GPIO chip (git-fixes). * iio: adis16480: select CONFIG_CRC32 (git-fixes). * iio: dac: cio-dac: Fix max DAC write value check for 12-bit (git-fixes). * iio: light: cm32181: Unregister second I2C client if present (git-fixes). * Input: focaltech - use explicitly signed char type (git-fixes). * Input: goodix - add Lenovo Yoga Book X90F to nine_bytes_report DMI table (git-fixes). * kABI workaround for xhci (git-fixes). * mm: mmap: remove newline at the end of the trace (git-fixes). * mtd: rawnand: meson: fix bitmask for length in command word (git-fixes). * mtd: rawnand: stm32_fmc2: remove unsupported EDO mode (git-fixes). * mtd: rawnand: stm32_fmc2: use timings.mode instead of checking tRC_min (git- fixes). * mtdblock: tolerate corrected bit-flips (git-fixes). * nilfs2: fix sysfs interface lifetime (git-fixes). * platform/x86: think-lmi: Clean up display of current_value on Thinkstation (git-fixes). * platform/x86: think-lmi: Fix memory leak when showing current settings (git- fixes). * platform/x86: think-lmi: Fix memory leaks when parsing ThinkStation WMI strings (git-fixes). * pwm: cros-ec: Explicitly set .polarity in .get_state() (git-fixes). * pwm: sprd: Explicitly set .polarity in .get_state() (git-fixes). * rcu: Fix rcu_torture_read ftrace event (git-fixes). * ring-buffer: Fix race while reader and writer are on the same page (git- fixes). * timers: Prevent union confusion from unexpected (git-fixes) * tracing: Add trace_array_puts() to write into instance (git-fixes). * tracing: Fix wrong return in kprobe_event_gen_test.c (git-fixes). * tracing: Free error logs of tracing instances (git-fixes). * tracing: Have tracing_snapshot_instance_cond() write errors to the appropriate instance (git-fixes). * tty: serial: fsl_lpuart: avoid checking for transfer complete when UARTCTRL_SBK is asserted in lpuart32_tx_empty (git-fixes). * tty: serial: sh-sci: Fix Rx on RZ/G2L SCI (git-fixes). * tty: serial: sh-sci: Fix transmit end interrupt handler (git-fixes). * usb: cdnsp: Fixes error: uninitialized symbol 'len' (git-fixes). * usb: typec: altmodes/displayport: Fix configure initial pin assignment (git- fixes). * usb: ucsi: Fix ucsi->connector race (git-fixes). * usb: xhci: tegra: fix sleep in atomic call (git-fixes). * wifi: mac80211: fix invalid drv_sta_pre_rcu_remove calls for non-uploaded sta (git-fixes). * wireguard: ratelimiter: use hrtimer in selftest (git-fixes) * xhci: also avoid the XHCI_ZERO_64B_REGS quirk with a passthrough iommu (git- fixes). * xhci: Free the command allocated for setting LPM if we return early (git- fixes). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-1895=1 * Public Cloud Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2023-1895=1 ## Package List: * openSUSE Leap 15.4 (aarch64 x86_64) * kselftests-kmp-azure-5.14.21-150400.14.46.1 * kernel-azure-livepatch-devel-5.14.21-150400.14.46.1 * cluster-md-kmp-azure-debuginfo-5.14.21-150400.14.46.1 * kernel-azure-optional-debuginfo-5.14.21-150400.14.46.1 * kernel-azure-devel-debuginfo-5.14.21-150400.14.46.1 * kernel-azure-debugsource-5.14.21-150400.14.46.1 * dlm-kmp-azure-debuginfo-5.14.21-150400.14.46.1 * ocfs2-kmp-azure-5.14.21-150400.14.46.1 * kernel-azure-devel-5.14.21-150400.14.46.1 * ocfs2-kmp-azure-debuginfo-5.14.21-150400.14.46.1 * kernel-azure-extra-debuginfo-5.14.21-150400.14.46.1 * kernel-azure-extra-5.14.21-150400.14.46.1 * gfs2-kmp-azure-debuginfo-5.14.21-150400.14.46.1 * kselftests-kmp-azure-debuginfo-5.14.21-150400.14.46.1 * kernel-azure-optional-5.14.21-150400.14.46.1 * reiserfs-kmp-azure-5.14.21-150400.14.46.1 * dlm-kmp-azure-5.14.21-150400.14.46.1 * cluster-md-kmp-azure-5.14.21-150400.14.46.1 * kernel-syms-azure-5.14.21-150400.14.46.1 * gfs2-kmp-azure-5.14.21-150400.14.46.1 * reiserfs-kmp-azure-debuginfo-5.14.21-150400.14.46.1 * kernel-azure-debuginfo-5.14.21-150400.14.46.1 * openSUSE Leap 15.4 (aarch64 nosrc x86_64) * kernel-azure-5.14.21-150400.14.46.1 * openSUSE Leap 15.4 (noarch) * kernel-source-azure-5.14.21-150400.14.46.1 * kernel-devel-azure-5.14.21-150400.14.46.1 * Public Cloud Module 15-SP4 (aarch64 nosrc x86_64) * kernel-azure-5.14.21-150400.14.46.1 * Public Cloud Module 15-SP4 (aarch64 x86_64) * kernel-azure-devel-debuginfo-5.14.21-150400.14.46.1 * kernel-syms-azure-5.14.21-150400.14.46.1 * kernel-azure-devel-5.14.21-150400.14.46.1 * kernel-azure-debugsource-5.14.21-150400.14.46.1 * kernel-azure-debuginfo-5.14.21-150400.14.46.1 * Public Cloud Module 15-SP4 (noarch) * kernel-source-azure-5.14.21-150400.14.46.1 * kernel-devel-azure-5.14.21-150400.14.46.1 ## References: * https://www.suse.com/security/cve/CVE-2023-1611.html * https://www.suse.com/security/cve/CVE-2023-1838.html * https://bugzilla.suse.com/show_bug.cgi?id=1209687 * https://bugzilla.suse.com/show_bug.cgi?id=1210203 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Apr 18 12:31:06 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 18 Apr 2023 12:31:06 -0000 Subject: SUSE-SU-2023:1894-1: important: Security update for the Linux Kernel Message-ID: <168182106604.13690.14362349800071542281@smelt2.suse.de> # Security update for the Linux Kernel Announcement ID: SUSE-SU-2023:1894-1 Rating: important References: * #1065729 * #1109158 * #1142926 * #1181001 * #1193231 * #1199837 * #1203693 * #1206010 * #1207001 * #1207125 * #1207890 * #1208048 * #1208599 * #1208777 * #1208850 * #1209052 * #1209118 * #1209126 * #1209256 * #1209289 * #1209291 * #1209292 * #1209532 * #1209547 * #1209549 * #1209556 * #1209572 * #1209613 * #1209634 * #1209684 * #1209687 * #1209777 * #1209778 * #1209798 Cross-References: * CVE-2017-5753 * CVE-2020-36691 * CVE-2021-3923 * CVE-2022-20567 * CVE-2023-1076 * CVE-2023-1095 * CVE-2023-1281 * CVE-2023-1390 * CVE-2023-1513 * CVE-2023-1611 * CVE-2023-23455 * CVE-2023-28328 * CVE-2023-28464 * CVE-2023-28772 CVSS scores: * CVE-2017-5753 ( SUSE ): 7.1 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N * CVE-2017-5753 ( NVD ): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N * CVE-2017-5753 ( NVD ): 5.6 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N * CVE-2020-36691 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2020-36691 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-3923 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2021-3923 ( NVD ): 2.3 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N * CVE-2022-20567 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2022-20567 ( NVD ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1076 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2023-1076 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N * CVE-2023-1095 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-1095 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-1281 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1281 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1390 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-1390 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-1513 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2023-1513 ( NVD ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2023-1611 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-1611 ( NVD ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2023-23455 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-23455 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-28328 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-28464 ( SUSE ): 4.8 CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-28464 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-28772 ( SUSE ): 3.0 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:L * CVE-2023-28772 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Real Time 12 SP5 * SUSE Linux Enterprise Server 12 SP5 An update that solves 14 vulnerabilities and has 20 fixes can now be installed. ## Description: The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: * CVE-2023-1611: Fixed an use-after-free flaw in btrfs_search_slot (bsc#1209687). * CVE-2020-36691: Fixed an issue which could allow attackers to cause a denial of service via a nested Netlink policy with a back reference (bsc#1209613). * CVE-2023-28772: Fixed buffer overflow in seq_buf_putmem_hex in lib/seq_buf.c (bsc#1209549). * CVE-2023-1513: Fixed an uninitialized portions of the kvm_debugregs structure that could be copied to userspace, causing an information leak (bsc#1209532). * CVE-2023-28464: Fixed user-after-free that could lead to privilege escalation in hci_conn_cleanup in net/bluetooth/hci_conn.c (bsc#1209052). * CVE-2021-3923: Fixed stack information leak vulnerability that could lead to kernel protection bypass in infiniband RDMA (bsc#1209778). * CVE-2023-1390: Fixed remote DoS vulnerability in tipc_link_xmit() (bsc#1209289). * CVE-2023-23455: Fixed a denial of service inside atm_tc_enqueue led by a type confusion (bsc#1207125). * CVE-2023-1281: Fixed use after free that could lead to privilege escalation in tcindex (bsc#1209634). * CVE-2017-5753: Fixed spectre V1 vulnerability on netlink (bsc#1209547). * CVE-2017-5753: Fixed spectre vulnerability in prlimit (bsc#1209256). * CVE-2023-28328: Fixed a denial of service issue in az6027 driver in drivers/media/usb/dev-usb/az6027.c (bsc#1209291). * CVE-2022-20567: Fixed use after free that could lead to a local privilege escalation in pppol2tp_create of l2tp_ppp.c (bsc#1208850). * CVE-2023-1076: Fixed incorrect UID assigned to tun/tap sockets (bsc#1208599). * CVE-2023-1095: Fixed a NULL pointer dereference in nf_tables due to zeroed list head (bsc#1208777). The following non-security bugs were fixed: * applicom: Fix PCI device refcount leak in applicom_init() (git-fixes). * ARM: 8702/1: head-common.S: Clear lr before jumping to start_kernel() (git- fixes) * arm64: cmpxchg_double*: hazard against entire exchange variable (git-fixes) * arm64: cpu_ops: fix a leaked reference by adding missing of_node_put (git- fixes) * arm64: Discard .note.GNU-stack section (bsc#1203693 bsc#1209798). * arm64: Do not forget syscall when starting a new thread. (git-fixes) * arm64: Fix compiler warning from pte_unmap() with (git-fixes) * arm64: fix oops in concurrently setting insn_emulation sysctls (git-fixes) * arm64: kaslr: Reserve size of ARM64_MEMSTART_ALIGN in linear region (git- fixes) * arm64: kprobe: make page to RO mode when allocate it (git-fixes) * arm64: kpti: ensure patched kernel text is fetched from PoU (git-fixes) * arm64: Mark __stack_chk_guard as __ro_after_init (git-fixes) * arm64: psci: Avoid printing in cpu_psci_cpu_die() (git-fixes) * arm64: psci: Reduce the waiting time for cpu_psci_cpu_kill() (git-fixes) * arm64: unwind: Prohibit probing on return_address() (git-fixes) * arm64: Use test_tsk_thread_flag() for checking TIF_SINGLESTEP (git-fixes) * arm64/alternatives: do not patch up internal branches (git-fixes) * arm64/alternatives: move length validation inside the subsection (git-fixes) * arm64/alternatives: use subsections for replacement sequences (git-fixes) * arm64/cpufeature: Fix field sign for DIT hwcap detection (git-fixes) * arm64/mm: fix variable 'pud' set but not used (git-fixes) * arm64/mm: return cpu_all_mask when node is NUMA_NO_NODE (git-fixes) * arm64/vdso: Discard .note.gnu.property sections in vDSO (git-fixes) * Bluetooth: btusb: Add VID:PID 13d3:3529 for Realtek RTL8821CE (git-fixes). * Bluetooth: btusb: do not call kfree_skb() under spin_lock_irqsave() (git- fixes). * crypto: arm64 - Fix unused variable compilation warnings of (git-fixes) * dt-bindings: reset: meson8b: fix duplicate reset IDs (git-fixes). * ftrace: Fix invalid address access in lookup_rec() when index is 0 (git- fixes). * ima: Fix function name error in comment (git-fixes). * Input: atmel_mxt_ts - fix double free in mxt_read_info_block (git-fixes). * ipv4: route: fix inet_rtm_getroute induced crash (git-fixes). * kabi: PCI: endpoint: Fix for concurrent memory allocation in OB address region (git-fixes). * kfifo: fix ternary sign extension bugs (git-fixes). * kgdb: Drop malformed kernel doc comment (git-fixes). * KVM: arm64: Hide system instruction access to Trace registers (git-fixes) * net: usb: lan78xx: Limit packet length to skb->len (git-fixes). * net: usb: qmi_wwan: Adding support for Cinterion MV31 (git-fixes). * net: usb: smsc75xx: Limit packet length to skb->len (git-fixes). * net: usb: smsc75xx: Move packet length check to prevent kernel panic in skb_pull (git-fixes). * net: usb: smsc95xx: Limit packet length to skb->len (git-fixes). * NFSv4: Fix hangs when recovering open state after a server reboot (git- fixes). * ntp: Limit TAI-UTC offset (git-fixes) * PCI: aardvark: Do not blindly enable ASPM L0s and do not write to read-only register (git-fixes). * PCI: aardvark: Do not rely on jiffies while holding spinlock (git-fixes). * PCI: aardvark: Do not touch PCIe registers if no card connected (git-fixes). * PCI: aardvark: Fix a leaked reference by adding missing of_node_put() (git- fixes). * PCI: aardvark: Fix checking for PIO Non-posted Request (git-fixes). * PCI: aardvark: Fix kernel panic during PIO transfer (git-fixes). * PCI: aardvark: Improve link training (git-fixes). * PCI: aardvark: Indicate error in 'val' when config read fails (git-fixes). * PCI: aardvark: Introduce an advk_pcie_valid_device() helper (git-fixes). * PCI: aardvark: Remove PCIe outbound window configuration (git-fixes). * PCI: aardvark: Train link immediately after enabling training (git-fixes). * PCI: aardvark: Wait for endpoint to be ready before training link (git- fixes). * PCI: Add ACS quirk for Intel Root Complex Integrated Endpoints (git-fixes). * PCI: Add ACS quirk for iProc PAXB (git-fixes). * PCI: Avoid FLR for AMD Matisse HD Audio & USB 3.0 (git-fixes). * PCI: Avoid FLR for AMD Starship USB 3.0 (git-fixes). * PCI: endpoint: Cast the page number to phys_addr_t (git-fixes). * PCI: endpoint: Fix for concurrent memory allocation in OB address region (git-fixes). * PCI: hv: Add a per-bus mutex state_lock (bsc#1207001). * PCI: hv: fix a race condition bug in hv_pci_query_relations() (bsc#1207001). * PCI: hv: Fix a race condition in hv_irq_unmask() that can cause panic (bsc#1207001). * PCI: hv: Remove the useless hv_pcichild_state from struct hv_pci_dev (bsc#1207001). * PCI: Make ACS quirk implementations more uniform (git-fixes). * PCI: PM: Avoid forcing PCI_D0 for wakeup reasons inconsistently (git-fixes). * PCI: PM: Avoid skipping bus-level PM on platforms without ACPI (git-fixes). * PCI: qcom: Use PHY_REFCLK_USE_PAD only for ipq8064 (git-fixes). * PCI: tegra: Fix OF node reference leak (git-fixes). * PCI: Unify ACS quirk desired vs provided checking (git-fixes). * PCI: Use pci_update_current_state() in pci_enable_device_flags() (git- fixes). * PCI: xgene-msi: Fix race in installing chained irq handler (git-fixes). * PCI/MSI: Enforce MSI entry updates to be visible (git-fixes). * PCI/MSI: Enforce that MSI-X table entry is masked for update (git-fixes). * PCI/MSI: Mask all unused MSI-X entries (git-fixes). * PCI/MSI: Skip masking MSI-X on Xen PV (git-fixes). * PCI/PM: Always return devices to D0 when thawing (git-fixes). * PCI/PM: Avoid using device_may_wakeup() for runtime PM (git-fixes). * PM: hibernate: flush swap writer after marking (git-fixes). * powerpc/btext: add missing of_node_put (bsc#1065729). * powerpc/powernv/ioda: Skip unallocated resources when mapping to PE (bsc#1065729). * powerpc/pseries/lpar: add missing RTAS retry status handling (bsc#1109158 ltc#169177 git-fixes). * powerpc/pseries/lparcfg: add missing RTAS retry status handling (bsc#1065729). * powerpc/rtas: ensure 4KB alignment for rtas_data_buf (bsc#1065729). * powerpc/xics: fix refcount leak in icp_opal_init() (bsc#1065729). * ppc64le: HWPOISON_INJECT=m (bsc#1209572). * ring-buffer: remove obsolete comment for free_buffer_page() (git-fixes). * s390/vfio-ap: fix memory leak in vfio_ap device driver (git-fixes). * sbitmap: Avoid lockups when waker gets preempted (bsc#1209118). * scsi: lpfc: Return DID_TRANSPORT_DISRUPTED instead of DID_REQUEUE (bsc#1199837). * scsi: qla2xxx: Synchronize the IOCB count to be in order (bsc#1209292 bsc#1209684 bsc#1209556). * SUNRPC: Fix a server shutdown leak (git-fixes). * timekeeping: Prevent 32bit truncation in (git-fixes) * timers: Clear timer_base::must_forward_clk with (bsc#1207890) * timers/sched_clock: Prevent generic sched_clock wrap caused by tick_freeze() (git-fixes). * tracing: Add NULL checks for buffer in ring_buffer_free_read_page() (git- fixes). * tracing/hwlat: Replace sched_setaffinity with set_cpus_allowed_ptr (git- fixes). * uprobes/x86: Fix detection of 32-bit user mode (git-fixes). * usb: chipidea: fix deadlock in ci_otg_del_timer (git-fixes). * usb: dwc3: exynos: Fix remove() function (git-fixes). * usb: dwc3: gadget: Stop processing more requests on IMI (git-fixes). * usb: misc: iowarrior: fix up header size for USB_DEVICE_ID_CODEMERCS_IOW100 (git-fixes). * usb: typec: altmodes/displayport: Fix probe pin assign check (git-fixes). * x86, boot: Remove multiple copy of static function sanitize_boot_params() (git-fixes). * x86/apic: Add name to irq chip (bsc#1206010). * x86/apic: Deinline x2apic functions (bsc#1181001 jsc#ECO-3191). * x86/apic: Fix arch_dynirq_lower_bound() bug for DT enabled machines (git- fixes). * x86/apic: Handle missing global clockevent gracefully (git-fixes bsc#1142926). * x86/apic: Soft disable APIC before initializing it (git-fixes). * x86/atomic: Fix smp_mb__{before,after}_atomic() (git-fixes). * x86/build: Add 'set -e' to mkcapflags.sh to delete broken capflags.c (git- fixes). * x86/decoder: Add TEST opcode to Group3-2 (git-fixes). * x86/ia32: Fix ia32_restore_sigcontext() AC leak (git-fixes). * x86/ioapic: Force affinity setup before startup (bsc#1193231). * x86/ioapic: Prevent inconsistent state when moving an interrupt (git-fixes). * x86/irq/64: Limit IST stack overflow check to #DB stack (git-fixes). * x86/lib/cpu: Address missing prototypes warning (git-fixes). * x86/mce: Lower throttling MCE messages' priority to warning (git-fixes). * x86/mm: Remove in_nmi() warning from 64-bit implementation of vmalloc_fault() (git-fixes). * x86/mm: Use the correct function type for native_set_fixmap() (git-fixes). * x86/paravirt: Fix callee-saved function ELF sizes (git-fixes). * x86/PCI: Fix PCI IRQ routing table memory leak (git-fixes). * x86/power: Fix 'nosmt' vs hibernation triple fault during resume (git- fixes). * x86/reboot: Always use NMI fallback when shutdown via reboot vector IPI fails (git-fixes). * x86/stacktrace: Prevent infinite loop in arch_stack_walk_user() (git-fixes). * x86/sysfb: Fix check for bad VRAM size (git-fixes). * x86/uaccess, signal: Fix AC=1 bloat (git-fixes). * x86/x2apic: Mark set_x2apic_phys_mode() as __init (bsc#1181001 jsc#ECO-3191). * x86/xen: Fix memory leak in xen_init_lock_cpu() (git-fixes). * x86/xen: Fix memory leak in xen_smp_intr_init{_pv}() (git-fixes). * xen/netfront: enable device after manual module load (git-fixes). * xen/netfront: Fix mismatched rtnl_unlock (git-fixes). * xen/netfront: Fix NULL sring after live migration (git-fixes). * xen/netfront: fix potential deadlock in xennet_remove() (git-fixes). * xen/netfront: Fix race between device setup and open (git-fixes). * xen/netfront: Update features after registering netdev (git-fixes). * xen/netfront: wait xenbus state change when load module manually (git- fixes). * xen/netfront: fix waiting for xenbus state change (git-fixes). * xen/netfront: stop tx queues during live migration (git-fixes). * xen/platform-pci: add missing free_irq() in error path (git-fixes). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Real Time 12 SP5 zypper in -t patch SUSE-SLE-RT-12-SP5-2023-1894=1 ## Package List: * SUSE Linux Enterprise Real Time 12 SP5 (x86_64) * dlm-kmp-rt-debuginfo-4.12.14-10.121.1 * kernel-syms-rt-4.12.14-10.121.1 * cluster-md-kmp-rt-debuginfo-4.12.14-10.121.1 * kernel-rt-debuginfo-4.12.14-10.121.1 * kernel-rt-devel-debuginfo-4.12.14-10.121.1 * kernel-rt-base-4.12.14-10.121.1 * kernel-rt_debug-devel-4.12.14-10.121.1 * kernel-rt_debug-devel-debuginfo-4.12.14-10.121.1 * ocfs2-kmp-rt-4.12.14-10.121.1 * kernel-rt-base-debuginfo-4.12.14-10.121.1 * ocfs2-kmp-rt-debuginfo-4.12.14-10.121.1 * kernel-rt_debug-debuginfo-4.12.14-10.121.1 * kernel-rt-debugsource-4.12.14-10.121.1 * gfs2-kmp-rt-4.12.14-10.121.1 * dlm-kmp-rt-4.12.14-10.121.1 * kernel-rt_debug-debugsource-4.12.14-10.121.1 * kernel-rt-devel-4.12.14-10.121.1 * cluster-md-kmp-rt-4.12.14-10.121.1 * gfs2-kmp-rt-debuginfo-4.12.14-10.121.1 * SUSE Linux Enterprise Real Time 12 SP5 (noarch) * kernel-devel-rt-4.12.14-10.121.1 * kernel-source-rt-4.12.14-10.121.1 * SUSE Linux Enterprise Real Time 12 SP5 (nosrc x86_64) * kernel-rt_debug-4.12.14-10.121.1 * kernel-rt-4.12.14-10.121.1 ## References: * https://www.suse.com/security/cve/CVE-2017-5753.html * https://www.suse.com/security/cve/CVE-2020-36691.html * https://www.suse.com/security/cve/CVE-2021-3923.html * https://www.suse.com/security/cve/CVE-2022-20567.html * https://www.suse.com/security/cve/CVE-2023-1076.html * https://www.suse.com/security/cve/CVE-2023-1095.html * https://www.suse.com/security/cve/CVE-2023-1281.html * https://www.suse.com/security/cve/CVE-2023-1390.html * https://www.suse.com/security/cve/CVE-2023-1513.html * https://www.suse.com/security/cve/CVE-2023-1611.html * https://www.suse.com/security/cve/CVE-2023-23455.html * https://www.suse.com/security/cve/CVE-2023-28328.html * https://www.suse.com/security/cve/CVE-2023-28464.html * https://www.suse.com/security/cve/CVE-2023-28772.html * https://bugzilla.suse.com/show_bug.cgi?id=1065729 * https://bugzilla.suse.com/show_bug.cgi?id=1109158 * https://bugzilla.suse.com/show_bug.cgi?id=1142926 * https://bugzilla.suse.com/show_bug.cgi?id=1181001 * https://bugzilla.suse.com/show_bug.cgi?id=1193231 * https://bugzilla.suse.com/show_bug.cgi?id=1199837 * https://bugzilla.suse.com/show_bug.cgi?id=1203693 * https://bugzilla.suse.com/show_bug.cgi?id=1206010 * https://bugzilla.suse.com/show_bug.cgi?id=1207001 * https://bugzilla.suse.com/show_bug.cgi?id=1207125 * https://bugzilla.suse.com/show_bug.cgi?id=1207890 * https://bugzilla.suse.com/show_bug.cgi?id=1208048 * https://bugzilla.suse.com/show_bug.cgi?id=1208599 * https://bugzilla.suse.com/show_bug.cgi?id=1208777 * https://bugzilla.suse.com/show_bug.cgi?id=1208850 * https://bugzilla.suse.com/show_bug.cgi?id=1209052 * https://bugzilla.suse.com/show_bug.cgi?id=1209118 * https://bugzilla.suse.com/show_bug.cgi?id=1209126 * https://bugzilla.suse.com/show_bug.cgi?id=1209256 * https://bugzilla.suse.com/show_bug.cgi?id=1209289 * https://bugzilla.suse.com/show_bug.cgi?id=1209291 * https://bugzilla.suse.com/show_bug.cgi?id=1209292 * https://bugzilla.suse.com/show_bug.cgi?id=1209532 * https://bugzilla.suse.com/show_bug.cgi?id=1209547 * https://bugzilla.suse.com/show_bug.cgi?id=1209549 * https://bugzilla.suse.com/show_bug.cgi?id=1209556 * https://bugzilla.suse.com/show_bug.cgi?id=1209572 * https://bugzilla.suse.com/show_bug.cgi?id=1209613 * https://bugzilla.suse.com/show_bug.cgi?id=1209634 * https://bugzilla.suse.com/show_bug.cgi?id=1209684 * https://bugzilla.suse.com/show_bug.cgi?id=1209687 * https://bugzilla.suse.com/show_bug.cgi?id=1209777 * https://bugzilla.suse.com/show_bug.cgi?id=1209778 * https://bugzilla.suse.com/show_bug.cgi?id=1209798 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Apr 18 12:31:08 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 18 Apr 2023 12:31:08 -0000 Subject: SUSE-RU-2023:1893-1: low: Recommended update for yast2-transfer Message-ID: <168182106855.13690.12713166836605726347@smelt2.suse.de> # Recommended update for yast2-transfer Announcement ID: SUSE-RU-2023:1893-1 Rating: low References: * #1208754 Affected Products: * SUSE CaaS Platform 4.0 * SUSE Enterprise Storage 7 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Manager Proxy 4.2 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Server 4.2 An update that has one recommended fix can now be installed. ## Description: This update for yast2-transfer fixes the following issue: * Fixed TFTP download, truncate the target when saving to an existing one (bsc#1208754) ## Patch Instructions: To install this SUSE Low update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-1893=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-1893=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-1893=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-1893=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-1893=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-1893=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-1893=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-1893=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-1893=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-1893=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-1893=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-1893=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-1893=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-1893=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-1893=1 * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-1893=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. ## Package List: * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * yast2-transfer-debugsource-4.1.1-150100.3.3.1 * yast2-transfer-4.1.1-150100.3.3.1 * yast2-transfer-debuginfo-4.1.1-150100.3.3.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * yast2-transfer-debugsource-4.1.1-150100.3.3.1 * yast2-transfer-4.1.1-150100.3.3.1 * yast2-transfer-debuginfo-4.1.1-150100.3.3.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * yast2-transfer-debugsource-4.1.1-150100.3.3.1 * yast2-transfer-4.1.1-150100.3.3.1 * yast2-transfer-debuginfo-4.1.1-150100.3.3.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * yast2-transfer-debugsource-4.1.1-150100.3.3.1 * yast2-transfer-4.1.1-150100.3.3.1 * yast2-transfer-debuginfo-4.1.1-150100.3.3.1 * SUSE Linux Enterprise Real Time 15 SP3 (x86_64) * yast2-transfer-debugsource-4.1.1-150100.3.3.1 * yast2-transfer-4.1.1-150100.3.3.1 * yast2-transfer-debuginfo-4.1.1-150100.3.3.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * yast2-transfer-debugsource-4.1.1-150100.3.3.1 * yast2-transfer-4.1.1-150100.3.3.1 * yast2-transfer-debuginfo-4.1.1-150100.3.3.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * yast2-transfer-debugsource-4.1.1-150100.3.3.1 * yast2-transfer-4.1.1-150100.3.3.1 * yast2-transfer-debuginfo-4.1.1-150100.3.3.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * yast2-transfer-debugsource-4.1.1-150100.3.3.1 * yast2-transfer-4.1.1-150100.3.3.1 * yast2-transfer-debuginfo-4.1.1-150100.3.3.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * yast2-transfer-debugsource-4.1.1-150100.3.3.1 * yast2-transfer-4.1.1-150100.3.3.1 * yast2-transfer-debuginfo-4.1.1-150100.3.3.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * yast2-transfer-debugsource-4.1.1-150100.3.3.1 * yast2-transfer-4.1.1-150100.3.3.1 * yast2-transfer-debuginfo-4.1.1-150100.3.3.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * yast2-transfer-debugsource-4.1.1-150100.3.3.1 * yast2-transfer-4.1.1-150100.3.3.1 * yast2-transfer-debuginfo-4.1.1-150100.3.3.1 * SUSE Manager Proxy 4.2 (x86_64) * yast2-transfer-debugsource-4.1.1-150100.3.3.1 * yast2-transfer-4.1.1-150100.3.3.1 * yast2-transfer-debuginfo-4.1.1-150100.3.3.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * yast2-transfer-debugsource-4.1.1-150100.3.3.1 * yast2-transfer-4.1.1-150100.3.3.1 * yast2-transfer-debuginfo-4.1.1-150100.3.3.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * yast2-transfer-debugsource-4.1.1-150100.3.3.1 * yast2-transfer-4.1.1-150100.3.3.1 * yast2-transfer-debuginfo-4.1.1-150100.3.3.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * yast2-transfer-debugsource-4.1.1-150100.3.3.1 * yast2-transfer-4.1.1-150100.3.3.1 * yast2-transfer-debuginfo-4.1.1-150100.3.3.1 * SUSE Enterprise Storage 7 (aarch64 x86_64) * yast2-transfer-debugsource-4.1.1-150100.3.3.1 * yast2-transfer-4.1.1-150100.3.3.1 * yast2-transfer-debuginfo-4.1.1-150100.3.3.1 * SUSE CaaS Platform 4.0 (x86_64) * yast2-transfer-debugsource-4.1.1-150100.3.3.1 * yast2-transfer-4.1.1-150100.3.3.1 * yast2-transfer-debuginfo-4.1.1-150100.3.3.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1208754 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Apr 18 12:31:16 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 18 Apr 2023 12:31:16 -0000 Subject: SUSE-SU-2023:1892-1: important: Security update for the Linux Kernel Message-ID: <168182107629.13690.14048371695244206833@smelt2.suse.de> # Security update for the Linux Kernel Announcement ID: SUSE-SU-2023:1892-1 Rating: important References: * #1207168 * #1208137 * #1208598 * #1208601 * #1208787 * #1209052 * #1209256 * #1209288 * #1209289 * #1209290 * #1209291 * #1209366 * #1209532 * #1209547 * #1209549 * #1209634 * #1209635 * #1209636 * #1209778 * #1209785 Cross-References: * CVE-2017-5753 * CVE-2021-3923 * CVE-2022-4744 * CVE-2023-0461 * CVE-2023-1075 * CVE-2023-1078 * CVE-2023-1281 * CVE-2023-1382 * CVE-2023-1390 * CVE-2023-1513 * CVE-2023-1582 * CVE-2023-28327 * CVE-2023-28328 * CVE-2023-28464 * CVE-2023-28466 * CVE-2023-28772 CVSS scores: * CVE-2017-5753 ( SUSE ): 7.1 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N * CVE-2017-5753 ( NVD ): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N * CVE-2017-5753 ( NVD ): 5.6 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N * CVE-2021-3923 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2021-3923 ( NVD ): 2.3 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N * CVE-2022-4744 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-4744 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-0461 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-0461 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1075 ( SUSE ): 2.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2023-1075 ( NVD ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2023-1078 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1078 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1281 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1281 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1382 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-1390 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-1390 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-1513 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2023-1513 ( NVD ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2023-1582 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-1582 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-28327 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-28328 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-28464 ( SUSE ): 4.8 CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-28464 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-28466 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-28466 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-28772 ( SUSE ): 3.0 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:L * CVE-2023-28772 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Real Time Module 15-SP3 An update that solves 16 vulnerabilities and has four fixes can now be installed. ## Description: The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed: * CVE-2023-0461: Fixed use-after-free in icsk_ulp_data (bsc#1208787). * CVE-2023-28772: Fixed buffer overflow in seq_buf_putmem_hex in lib/seq_buf.c (bsc#1209549). * CVE-2023-1513: Fixed an uninitialized portions of the kvm_debugregs structure that could be copied to userspace, causing an information leak (bsc#1209532). * CVE-2023-28464: Fixed user-after-free that could lead to privilege escalation in hci_conn_cleanup in net/bluetooth/hci_conn.c (bsc#1209052). * CVE-2023-28466: Fixed race condition that could lead to use-after-free or NULL pointer dereference in do_tls_getsockopt in net/tls/tls_main.c (bsc#1209366). * CVE-2021-3923: Fixed stack information leak vulnerability that could lead to kernel protection bypass in infiniband RDMA (bsc#1209778). * CVE-2023-1390: Fixed remote DoS vulnerability in tipc_link_xmit() (bsc#1209289). * CVE-2022-4744: Fixed double-free that could lead to DoS or privilege escalation in TUN/TAP device driver functionality (bsc#1209635). * CVE-2023-1281: Fixed use after free that could lead to privilege escalation in tcindex (bsc#1209634). * CVE-2023-1582: Fixed soft lockup in __page_mapcount (bsc#1209636). * CVE-2023-28327: Fixed DoS in in_skb in unix_diag_get_exact() (bsc#1209290). * CVE-2017-5753: Fixed spectre vulnerability in prlimit (bsc#1209256). * CVE-2023-1382: Fixed denial of service in tipc_conn_close (bsc#1209288). * CVE-2023-28328: Fixed a denial of service issue in az6027 driver in drivers/media/usb/dev-usb/az6027.c (bsc#1209291). * CVE-2023-1078: Fixed a heap out-of-bounds write in rds_rm_zerocopy_callback (bsc#1208601). * CVE-2023-1075: Fixed a type confusion in tls_is_tx_ready (bsc#1208598). * CVE-2017-5753: Fixed spectre V1 vulnerability on netlink (bsc#1209547). The following non-security bugs were fixed: * ipv6: raw: Deduct extension header length in rawv6_push_pending_frames (bsc#1207168). * net: ena: optimize data access in fast-path code (bsc#1208137). * PCI: hv: Add a per-bus mutex state_lock (bsc#1209785). * PCI: hv: fix a race condition bug in hv_pci_query_relations() (bsc#1209785). * PCI: hv: Fix a race condition in hv_irq_unmask() that can cause panic (bsc#1209785). * PCI: hv: Remove the useless hv_pcichild_state from struct hv_pci_dev (bsc#1209785). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Real Time Module 15-SP3 zypper in -t patch SUSE-SLE-Module-RT-15-SP3-2023-1892=1 * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-1892=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-1892=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-1892=1 ## Package List: * SUSE Real Time Module 15-SP3 (x86_64) * cluster-md-kmp-rt-debuginfo-5.3.18-150300.124.1 * kernel-rt_debug-devel-5.3.18-150300.124.1 * kernel-rt_debug-debuginfo-5.3.18-150300.124.1 * kernel-rt-devel-5.3.18-150300.124.1 * kernel-rt_debug-debugsource-5.3.18-150300.124.1 * gfs2-kmp-rt-debuginfo-5.3.18-150300.124.1 * gfs2-kmp-rt-5.3.18-150300.124.1 * dlm-kmp-rt-5.3.18-150300.124.1 * cluster-md-kmp-rt-5.3.18-150300.124.1 * kernel-rt-devel-debuginfo-5.3.18-150300.124.1 * ocfs2-kmp-rt-5.3.18-150300.124.1 * ocfs2-kmp-rt-debuginfo-5.3.18-150300.124.1 * kernel-rt_debug-devel-debuginfo-5.3.18-150300.124.1 * kernel-rt-debugsource-5.3.18-150300.124.1 * kernel-syms-rt-5.3.18-150300.124.1 * dlm-kmp-rt-debuginfo-5.3.18-150300.124.1 * kernel-rt-debuginfo-5.3.18-150300.124.1 * SUSE Real Time Module 15-SP3 (noarch) * kernel-devel-rt-5.3.18-150300.124.1 * kernel-source-rt-5.3.18-150300.124.1 * SUSE Real Time Module 15-SP3 (nosrc x86_64) * kernel-rt-5.3.18-150300.124.1 * SUSE Real Time Module 15-SP3 (nosrc) * kernel-rt_debug-5.3.18-150300.124.1 * SUSE Linux Enterprise Micro 5.1 (nosrc x86_64) * kernel-rt-5.3.18-150300.124.1 * SUSE Linux Enterprise Micro 5.1 (x86_64) * kernel-rt-debugsource-5.3.18-150300.124.1 * kernel-rt-debuginfo-5.3.18-150300.124.1 * SUSE Linux Enterprise Micro 5.2 (nosrc x86_64) * kernel-rt-5.3.18-150300.124.1 * SUSE Linux Enterprise Micro 5.2 (x86_64) * kernel-rt-debugsource-5.3.18-150300.124.1 * kernel-rt-debuginfo-5.3.18-150300.124.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (nosrc x86_64) * kernel-rt-5.3.18-150300.124.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (x86_64) * kernel-rt-debugsource-5.3.18-150300.124.1 * kernel-rt-debuginfo-5.3.18-150300.124.1 ## References: * https://www.suse.com/security/cve/CVE-2017-5753.html * https://www.suse.com/security/cve/CVE-2021-3923.html * https://www.suse.com/security/cve/CVE-2022-4744.html * https://www.suse.com/security/cve/CVE-2023-0461.html * https://www.suse.com/security/cve/CVE-2023-1075.html * https://www.suse.com/security/cve/CVE-2023-1078.html * https://www.suse.com/security/cve/CVE-2023-1281.html * https://www.suse.com/security/cve/CVE-2023-1382.html * https://www.suse.com/security/cve/CVE-2023-1390.html * https://www.suse.com/security/cve/CVE-2023-1513.html * https://www.suse.com/security/cve/CVE-2023-1582.html * https://www.suse.com/security/cve/CVE-2023-28327.html * https://www.suse.com/security/cve/CVE-2023-28328.html * https://www.suse.com/security/cve/CVE-2023-28464.html * https://www.suse.com/security/cve/CVE-2023-28466.html * https://www.suse.com/security/cve/CVE-2023-28772.html * https://bugzilla.suse.com/show_bug.cgi?id=1207168 * https://bugzilla.suse.com/show_bug.cgi?id=1208137 * https://bugzilla.suse.com/show_bug.cgi?id=1208598 * https://bugzilla.suse.com/show_bug.cgi?id=1208601 * https://bugzilla.suse.com/show_bug.cgi?id=1208787 * https://bugzilla.suse.com/show_bug.cgi?id=1209052 * https://bugzilla.suse.com/show_bug.cgi?id=1209256 * https://bugzilla.suse.com/show_bug.cgi?id=1209288 * https://bugzilla.suse.com/show_bug.cgi?id=1209289 * https://bugzilla.suse.com/show_bug.cgi?id=1209290 * https://bugzilla.suse.com/show_bug.cgi?id=1209291 * https://bugzilla.suse.com/show_bug.cgi?id=1209366 * https://bugzilla.suse.com/show_bug.cgi?id=1209532 * https://bugzilla.suse.com/show_bug.cgi?id=1209547 * https://bugzilla.suse.com/show_bug.cgi?id=1209549 * https://bugzilla.suse.com/show_bug.cgi?id=1209634 * https://bugzilla.suse.com/show_bug.cgi?id=1209635 * https://bugzilla.suse.com/show_bug.cgi?id=1209636 * https://bugzilla.suse.com/show_bug.cgi?id=1209778 * https://bugzilla.suse.com/show_bug.cgi?id=1209785 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Apr 18 12:31:18 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 18 Apr 2023 12:31:18 -0000 Subject: SUSE-RU-2023:1891-1: moderate: Recommended update for php8 Message-ID: <168182107885.13690.11575516184857157092@smelt2.suse.de> # Recommended update for php8 Announcement ID: SUSE-RU-2023:1891-1 Rating: moderate References: * #1205162 * #1208199 Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 * Web and Scripting Module 15-SP4 An update that has two recommended fixes can now be installed. ## Description: This update for php8 fixes the following issues: * ensure extension=mysqlnd will be called before extension=mysqli (bsc#1205162) * fix potential buffer overflow (bsc#1208199) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-1891=1 * Web and Scripting Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP4-2023-1891=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * php8-ldap-debuginfo-8.0.28-150400.4.31.1 * php8-zip-8.0.28-150400.4.31.1 * php8-gettext-8.0.28-150400.4.31.1 * php8-snmp-debuginfo-8.0.28-150400.4.31.1 * php8-tidy-debuginfo-8.0.28-150400.4.31.1 * php8-calendar-8.0.28-150400.4.31.1 * php8-pdo-8.0.28-150400.4.31.1 * php8-gd-8.0.28-150400.4.31.1 * php8-exif-8.0.28-150400.4.31.1 * php8-embed-8.0.28-150400.4.31.1 * php8-posix-8.0.28-150400.4.31.1 * php8-intl-8.0.28-150400.4.31.1 * php8-curl-8.0.28-150400.4.31.1 * php8-pgsql-8.0.28-150400.4.31.1 * php8-sysvsem-8.0.28-150400.4.31.1 * php8-test-8.0.28-150400.4.31.1 * php8-bz2-8.0.28-150400.4.31.1 * php8-fpm-8.0.28-150400.4.31.1 * php8-enchant-8.0.28-150400.4.31.1 * php8-phar-8.0.28-150400.4.31.1 * php8-iconv-8.0.28-150400.4.31.1 * php8-pgsql-debuginfo-8.0.28-150400.4.31.1 * apache2-mod_php8-debugsource-8.0.28-150400.4.31.1 * php8-pcntl-8.0.28-150400.4.31.1 * php8-bz2-debuginfo-8.0.28-150400.4.31.1 * php8-sysvshm-debuginfo-8.0.28-150400.4.31.1 * php8-pcntl-debuginfo-8.0.28-150400.4.31.1 * php8-snmp-8.0.28-150400.4.31.1 * php8-tokenizer-debuginfo-8.0.28-150400.4.31.1 * php8-fastcgi-debuginfo-8.0.28-150400.4.31.1 * php8-sysvmsg-debuginfo-8.0.28-150400.4.31.1 * apache2-mod_php8-8.0.28-150400.4.31.1 * php8-bcmath-debuginfo-8.0.28-150400.4.31.1 * php8-openssl-debuginfo-8.0.28-150400.4.31.1 * php8-xmlwriter-8.0.28-150400.4.31.1 * php8-readline-debuginfo-8.0.28-150400.4.31.1 * php8-fileinfo-debuginfo-8.0.28-150400.4.31.1 * php8-sysvshm-8.0.28-150400.4.31.1 * php8-phar-debuginfo-8.0.28-150400.4.31.1 * php8-sockets-8.0.28-150400.4.31.1 * php8-sqlite-debuginfo-8.0.28-150400.4.31.1 * php8-fpm-debugsource-8.0.28-150400.4.31.1 * php8-sqlite-8.0.28-150400.4.31.1 * php8-tokenizer-8.0.28-150400.4.31.1 * php8-dba-debuginfo-8.0.28-150400.4.31.1 * php8-mysql-debuginfo-8.0.28-150400.4.31.1 * php8-debugsource-8.0.28-150400.4.31.1 * php8-cli-8.0.28-150400.4.31.1 * php8-xmlwriter-debuginfo-8.0.28-150400.4.31.1 * php8-zlib-debuginfo-8.0.28-150400.4.31.1 * php8-zlib-8.0.28-150400.4.31.1 * php8-embed-debugsource-8.0.28-150400.4.31.1 * php8-fastcgi-8.0.28-150400.4.31.1 * php8-sysvsem-debuginfo-8.0.28-150400.4.31.1 * php8-zip-debuginfo-8.0.28-150400.4.31.1 * php8-sodium-8.0.28-150400.4.31.1 * php8-fileinfo-8.0.28-150400.4.31.1 * php8-dom-8.0.28-150400.4.31.1 * php8-iconv-debuginfo-8.0.28-150400.4.31.1 * php8-xsl-8.0.28-150400.4.31.1 * php8-fastcgi-debugsource-8.0.28-150400.4.31.1 * php8-dba-8.0.28-150400.4.31.1 * php8-readline-8.0.28-150400.4.31.1 * php8-gmp-8.0.28-150400.4.31.1 * php8-gettext-debuginfo-8.0.28-150400.4.31.1 * php8-opcache-debuginfo-8.0.28-150400.4.31.1 * php8-calendar-debuginfo-8.0.28-150400.4.31.1 * php8-bcmath-8.0.28-150400.4.31.1 * php8-openssl-8.0.28-150400.4.31.1 * php8-cli-debuginfo-8.0.28-150400.4.31.1 * php8-curl-debuginfo-8.0.28-150400.4.31.1 * php8-debuginfo-8.0.28-150400.4.31.1 * php8-odbc-8.0.28-150400.4.31.1 * php8-sysvmsg-8.0.28-150400.4.31.1 * php8-mbstring-debuginfo-8.0.28-150400.4.31.1 * php8-ftp-8.0.28-150400.4.31.1 * php8-soap-debuginfo-8.0.28-150400.4.31.1 * php8-sodium-debuginfo-8.0.28-150400.4.31.1 * php8-exif-debuginfo-8.0.28-150400.4.31.1 * php8-fpm-debuginfo-8.0.28-150400.4.31.1 * php8-gmp-debuginfo-8.0.28-150400.4.31.1 * php8-ctype-debuginfo-8.0.28-150400.4.31.1 * php8-devel-8.0.28-150400.4.31.1 * php8-soap-8.0.28-150400.4.31.1 * php8-ldap-8.0.28-150400.4.31.1 * php8-gd-debuginfo-8.0.28-150400.4.31.1 * php8-odbc-debuginfo-8.0.28-150400.4.31.1 * php8-shmop-8.0.28-150400.4.31.1 * php8-shmop-debuginfo-8.0.28-150400.4.31.1 * php8-dom-debuginfo-8.0.28-150400.4.31.1 * php8-enchant-debuginfo-8.0.28-150400.4.31.1 * php8-xmlreader-debuginfo-8.0.28-150400.4.31.1 * php8-sockets-debuginfo-8.0.28-150400.4.31.1 * php8-8.0.28-150400.4.31.1 * php8-xmlreader-8.0.28-150400.4.31.1 * php8-intl-debuginfo-8.0.28-150400.4.31.1 * php8-posix-debuginfo-8.0.28-150400.4.31.1 * php8-mbstring-8.0.28-150400.4.31.1 * php8-embed-debuginfo-8.0.28-150400.4.31.1 * php8-ctype-8.0.28-150400.4.31.1 * php8-pdo-debuginfo-8.0.28-150400.4.31.1 * php8-tidy-8.0.28-150400.4.31.1 * php8-xsl-debuginfo-8.0.28-150400.4.31.1 * php8-mysql-8.0.28-150400.4.31.1 * php8-opcache-8.0.28-150400.4.31.1 * php8-ftp-debuginfo-8.0.28-150400.4.31.1 * apache2-mod_php8-debuginfo-8.0.28-150400.4.31.1 * Web and Scripting Module 15-SP4 (aarch64 ppc64le s390x x86_64) * php8-ldap-debuginfo-8.0.28-150400.4.31.1 * php8-zip-8.0.28-150400.4.31.1 * php8-gettext-8.0.28-150400.4.31.1 * php8-snmp-debuginfo-8.0.28-150400.4.31.1 * php8-tidy-debuginfo-8.0.28-150400.4.31.1 * php8-calendar-8.0.28-150400.4.31.1 * php8-pdo-8.0.28-150400.4.31.1 * php8-gd-8.0.28-150400.4.31.1 * php8-exif-8.0.28-150400.4.31.1 * php8-embed-8.0.28-150400.4.31.1 * php8-posix-8.0.28-150400.4.31.1 * php8-intl-8.0.28-150400.4.31.1 * php8-curl-8.0.28-150400.4.31.1 * php8-pgsql-8.0.28-150400.4.31.1 * php8-sysvsem-8.0.28-150400.4.31.1 * php8-test-8.0.28-150400.4.31.1 * php8-bz2-8.0.28-150400.4.31.1 * php8-fpm-8.0.28-150400.4.31.1 * php8-enchant-8.0.28-150400.4.31.1 * php8-phar-8.0.28-150400.4.31.1 * php8-iconv-8.0.28-150400.4.31.1 * php8-pgsql-debuginfo-8.0.28-150400.4.31.1 * apache2-mod_php8-debugsource-8.0.28-150400.4.31.1 * php8-pcntl-8.0.28-150400.4.31.1 * php8-bz2-debuginfo-8.0.28-150400.4.31.1 * php8-sysvshm-debuginfo-8.0.28-150400.4.31.1 * php8-pcntl-debuginfo-8.0.28-150400.4.31.1 * php8-snmp-8.0.28-150400.4.31.1 * php8-tokenizer-debuginfo-8.0.28-150400.4.31.1 * php8-fastcgi-debuginfo-8.0.28-150400.4.31.1 * php8-sysvmsg-debuginfo-8.0.28-150400.4.31.1 * apache2-mod_php8-8.0.28-150400.4.31.1 * php8-bcmath-debuginfo-8.0.28-150400.4.31.1 * php8-openssl-debuginfo-8.0.28-150400.4.31.1 * php8-xmlwriter-8.0.28-150400.4.31.1 * php8-readline-debuginfo-8.0.28-150400.4.31.1 * php8-fileinfo-debuginfo-8.0.28-150400.4.31.1 * php8-sysvshm-8.0.28-150400.4.31.1 * php8-phar-debuginfo-8.0.28-150400.4.31.1 * php8-sockets-8.0.28-150400.4.31.1 * php8-sqlite-debuginfo-8.0.28-150400.4.31.1 * php8-fpm-debugsource-8.0.28-150400.4.31.1 * php8-sqlite-8.0.28-150400.4.31.1 * php8-tokenizer-8.0.28-150400.4.31.1 * php8-dba-debuginfo-8.0.28-150400.4.31.1 * php8-mysql-debuginfo-8.0.28-150400.4.31.1 * php8-debugsource-8.0.28-150400.4.31.1 * php8-cli-8.0.28-150400.4.31.1 * php8-xmlwriter-debuginfo-8.0.28-150400.4.31.1 * php8-zlib-debuginfo-8.0.28-150400.4.31.1 * php8-zlib-8.0.28-150400.4.31.1 * php8-embed-debugsource-8.0.28-150400.4.31.1 * php8-fastcgi-8.0.28-150400.4.31.1 * php8-sysvsem-debuginfo-8.0.28-150400.4.31.1 * php8-zip-debuginfo-8.0.28-150400.4.31.1 * php8-sodium-8.0.28-150400.4.31.1 * php8-fileinfo-8.0.28-150400.4.31.1 * php8-dom-8.0.28-150400.4.31.1 * php8-iconv-debuginfo-8.0.28-150400.4.31.1 * php8-xsl-8.0.28-150400.4.31.1 * php8-fastcgi-debugsource-8.0.28-150400.4.31.1 * php8-dba-8.0.28-150400.4.31.1 * php8-readline-8.0.28-150400.4.31.1 * php8-gmp-8.0.28-150400.4.31.1 * php8-gettext-debuginfo-8.0.28-150400.4.31.1 * php8-opcache-debuginfo-8.0.28-150400.4.31.1 * php8-calendar-debuginfo-8.0.28-150400.4.31.1 * php8-bcmath-8.0.28-150400.4.31.1 * php8-openssl-8.0.28-150400.4.31.1 * php8-cli-debuginfo-8.0.28-150400.4.31.1 * php8-curl-debuginfo-8.0.28-150400.4.31.1 * php8-debuginfo-8.0.28-150400.4.31.1 * php8-odbc-8.0.28-150400.4.31.1 * php8-sysvmsg-8.0.28-150400.4.31.1 * php8-mbstring-debuginfo-8.0.28-150400.4.31.1 * php8-ftp-8.0.28-150400.4.31.1 * php8-soap-debuginfo-8.0.28-150400.4.31.1 * php8-sodium-debuginfo-8.0.28-150400.4.31.1 * php8-exif-debuginfo-8.0.28-150400.4.31.1 * php8-fpm-debuginfo-8.0.28-150400.4.31.1 * php8-gmp-debuginfo-8.0.28-150400.4.31.1 * php8-ctype-debuginfo-8.0.28-150400.4.31.1 * php8-devel-8.0.28-150400.4.31.1 * php8-soap-8.0.28-150400.4.31.1 * php8-ldap-8.0.28-150400.4.31.1 * php8-gd-debuginfo-8.0.28-150400.4.31.1 * php8-odbc-debuginfo-8.0.28-150400.4.31.1 * php8-shmop-8.0.28-150400.4.31.1 * php8-shmop-debuginfo-8.0.28-150400.4.31.1 * php8-dom-debuginfo-8.0.28-150400.4.31.1 * php8-enchant-debuginfo-8.0.28-150400.4.31.1 * php8-xmlreader-debuginfo-8.0.28-150400.4.31.1 * php8-sockets-debuginfo-8.0.28-150400.4.31.1 * php8-8.0.28-150400.4.31.1 * php8-xmlreader-8.0.28-150400.4.31.1 * php8-intl-debuginfo-8.0.28-150400.4.31.1 * php8-posix-debuginfo-8.0.28-150400.4.31.1 * php8-mbstring-8.0.28-150400.4.31.1 * php8-embed-debuginfo-8.0.28-150400.4.31.1 * php8-ctype-8.0.28-150400.4.31.1 * php8-pdo-debuginfo-8.0.28-150400.4.31.1 * php8-tidy-8.0.28-150400.4.31.1 * php8-xsl-debuginfo-8.0.28-150400.4.31.1 * php8-mysql-8.0.28-150400.4.31.1 * php8-opcache-8.0.28-150400.4.31.1 * php8-ftp-debuginfo-8.0.28-150400.4.31.1 * apache2-mod_php8-debuginfo-8.0.28-150400.4.31.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1205162 * https://bugzilla.suse.com/show_bug.cgi?id=1208199 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Apr 18 12:31:20 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 18 Apr 2023 12:31:20 -0000 Subject: SUSE-RU-2023:1890-1: low: Recommended update for yast2-transfer Message-ID: <168182108068.13690.6361184409862082045@smelt2.suse.de> # Recommended update for yast2-transfer Announcement ID: SUSE-RU-2023:1890-1 Rating: low References: * #1208754 Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that has one recommended fix can now be installed. ## Description: This update for yast2-transfer fixes the following issue: * Fixed TFTP download, truncate the target when saving to an existing one (bsc#1208754) ## Patch Instructions: To install this SUSE Low update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-1890=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-1890=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-1890=1 ## Package List: * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * yast2-transfer-debugsource-3.1.4-5.3.2 * yast2-transfer-3.1.4-5.3.2 * yast2-transfer-debuginfo-3.1.4-5.3.2 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * yast2-transfer-debugsource-3.1.4-5.3.2 * yast2-transfer-3.1.4-5.3.2 * yast2-transfer-debuginfo-3.1.4-5.3.2 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * yast2-transfer-debugsource-3.1.4-5.3.2 * yast2-transfer-3.1.4-5.3.2 * yast2-transfer-debuginfo-3.1.4-5.3.2 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1208754 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Apr 18 12:31:21 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 18 Apr 2023 12:31:21 -0000 Subject: SUSE-RU-2023:1889-1: moderate: Recommended update for driverctl Message-ID: <168182108163.13690.11160313928504074462@smelt2.suse.de> # Recommended update for driverctl Announcement ID: SUSE-RU-2023:1889-1 Rating: moderate References: Affected Products: * Basesystem Module 15-SP4 * openSUSE Leap 15.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that can now be installed. ## Description: This update for driverctl fixes the following issues: * driverctl: add list-persisted command * Fix device driver binding issue after re-enumeration * driverctl: fix list_devices() when `driver_override` is not set * driverctl: fix --help to return success. * improve help text * bash-completion: suggest pci addresses instead of driver. * bash-completion: add support for options. * bash-completion: simplify and autocomplete cmds. * bash-completion: add support for list- commands. ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-1889=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-1889=1 ## Package List: * openSUSE Leap 15.4 (noarch) * driverctl-0.111-150400.3.3.1 * Basesystem Module 15-SP4 (noarch) * driverctl-0.111-150400.3.3.1 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Apr 18 12:31:24 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 18 Apr 2023 12:31:24 -0000 Subject: SUSE-RU-2023:1888-1: moderate: Recommended update for dracut Message-ID: <168182108471.13690.8433571646455587591@smelt2.suse.de> # Recommended update for dracut Announcement ID: SUSE-RU-2023:1888-1 Rating: moderate References: * #1208929 Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE OpenStack Cloud 9 * SUSE OpenStack Cloud Crowbar 9 An update that has one recommended fix can now be installed. ## Description: This update for dracut fixes the following issues: * Fix handling of omit_dracutmodules parameter (bsc#1208929) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE OpenStack Cloud 9 zypper in -t patch SUSE-OpenStack-Cloud-9-2023-1888=1 * SUSE OpenStack Cloud Crowbar 9 zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2023-1888=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 zypper in -t patch SUSE-SLE-SAP-12-SP4-2023-1888=1 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 zypper in -t patch SUSE-SLE-SERVER-12-SP4-ESPOS-2023-1888=1 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2023-1888=1 ## Package List: * SUSE OpenStack Cloud 9 (x86_64) * dracut-debuginfo-044.2-121.1 * dracut-fips-044.2-121.1 * dracut-debugsource-044.2-121.1 * dracut-044.2-121.1 * SUSE OpenStack Cloud Crowbar 9 (x86_64) * dracut-debuginfo-044.2-121.1 * dracut-fips-044.2-121.1 * dracut-debugsource-044.2-121.1 * dracut-044.2-121.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 (ppc64le x86_64) * dracut-debuginfo-044.2-121.1 * dracut-fips-044.2-121.1 * dracut-debugsource-044.2-121.1 * dracut-044.2-121.1 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 (aarch64 x86_64) * dracut-debuginfo-044.2-121.1 * dracut-fips-044.2-121.1 * dracut-debugsource-044.2-121.1 * dracut-044.2-121.1 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 (aarch64 ppc64le s390x x86_64) * dracut-debuginfo-044.2-121.1 * dracut-fips-044.2-121.1 * dracut-debugsource-044.2-121.1 * dracut-044.2-121.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1208929 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Apr 18 12:31:26 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 18 Apr 2023 12:31:26 -0000 Subject: SUSE-RU-2023:1887-1: moderate: Recommended update for dracut Message-ID: <168182108623.13690.15820685280128537328@smelt2.suse.de> # Recommended update for dracut Announcement ID: SUSE-RU-2023:1887-1 Rating: moderate References: * #1208929 Affected Products: * SUSE CaaS Platform 4.0 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 An update that has one recommended fix can now be installed. ## Description: This update for dracut fixes the following issues: * fix handling of omit_dracutmodules parameter (bsc#1208929) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-1887=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-1887=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-1887=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. ## Package List: * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * dracut-fips-044.2-150000.18.82.1 * dracut-ima-044.2-150000.18.82.1 * dracut-044.2-150000.18.82.1 * dracut-debuginfo-044.2-150000.18.82.1 * dracut-debugsource-044.2-150000.18.82.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * dracut-fips-044.2-150000.18.82.1 * dracut-ima-044.2-150000.18.82.1 * dracut-044.2-150000.18.82.1 * dracut-debuginfo-044.2-150000.18.82.1 * dracut-debugsource-044.2-150000.18.82.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * dracut-fips-044.2-150000.18.82.1 * dracut-ima-044.2-150000.18.82.1 * dracut-044.2-150000.18.82.1 * dracut-debuginfo-044.2-150000.18.82.1 * dracut-debugsource-044.2-150000.18.82.1 * SUSE CaaS Platform 4.0 (x86_64) * dracut-fips-044.2-150000.18.82.1 * dracut-ima-044.2-150000.18.82.1 * dracut-044.2-150000.18.82.1 * dracut-debuginfo-044.2-150000.18.82.1 * dracut-debugsource-044.2-150000.18.82.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1208929 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Apr 18 12:31:34 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 18 Apr 2023 12:31:34 -0000 Subject: SUSE-RU-2023:1886-1: moderate: Recommended update for dracut Message-ID: <168182109484.13690.3610318361956008726@smelt2.suse.de> # Recommended update for dracut Announcement ID: SUSE-RU-2023:1886-1 Rating: moderate References: * #1204929 * #1208929 Affected Products: * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Real Time 15 SP3 An update that has two recommended fixes can now be installed. ## Description: This update for dracut fixes the following issues: * Update to version 049.1+suse.251.g0b8dad5: * omission updates in conf files (bsc#1208929) * chown using rpc default group (bsc#1204929) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-1886=1 * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-1886=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-1886=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-1886=1 ## Package List: * SUSE Linux Enterprise Real Time 15 SP3 (x86_64) * dracut-049.1+suse.251.g0b8dad5-150200.3.66.1 * dracut-fips-049.1+suse.251.g0b8dad5-150200.3.66.1 * dracut-ima-049.1+suse.251.g0b8dad5-150200.3.66.1 * dracut-debugsource-049.1+suse.251.g0b8dad5-150200.3.66.1 * dracut-debuginfo-049.1+suse.251.g0b8dad5-150200.3.66.1 * SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64) * dracut-debuginfo-049.1+suse.251.g0b8dad5-150200.3.66.1 * dracut-049.1+suse.251.g0b8dad5-150200.3.66.1 * dracut-fips-049.1+suse.251.g0b8dad5-150200.3.66.1 * dracut-debugsource-049.1+suse.251.g0b8dad5-150200.3.66.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * dracut-debuginfo-049.1+suse.251.g0b8dad5-150200.3.66.1 * dracut-049.1+suse.251.g0b8dad5-150200.3.66.1 * dracut-fips-049.1+suse.251.g0b8dad5-150200.3.66.1 * dracut-debugsource-049.1+suse.251.g0b8dad5-150200.3.66.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * dracut-debuginfo-049.1+suse.251.g0b8dad5-150200.3.66.1 * dracut-049.1+suse.251.g0b8dad5-150200.3.66.1 * dracut-fips-049.1+suse.251.g0b8dad5-150200.3.66.1 * dracut-debugsource-049.1+suse.251.g0b8dad5-150200.3.66.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1204929 * https://bugzilla.suse.com/show_bug.cgi?id=1208929 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Apr 18 12:31:38 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 18 Apr 2023 12:31:38 -0000 Subject: SUSE-RU-2023:1885-1: moderate: Recommended update for dracut Message-ID: <168182109853.13690.2189607739395859276@smelt2.suse.de> # Recommended update for dracut Announcement ID: SUSE-RU-2023:1885-1 Rating: moderate References: * #1206195 * #1206439 Affected Products: * Basesystem Module 15-SP4 * openSUSE Leap 15.4 * openSUSE Leap Micro 5.3 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has two recommended fixes can now be installed. ## Description: This update for dracut fixes the following issues: * Update to version 055+suse.335.gccf7fbc6: * Always include all drivers that LVM can use (bsc#1206195) * Require libopenssl1_1-hmac for dracut-fips (bsc#1206439) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-1885=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-1885=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-1885=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-1885=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-1885=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-1885=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-1885=1 ## Package List: * openSUSE Leap Micro 5.3 (aarch64 x86_64) * dracut-055+suse.335.gccf7fbc6-150400.3.19.1 * dracut-mkinitrd-deprecated-055+suse.335.gccf7fbc6-150400.3.19.1 * dracut-debuginfo-055+suse.335.gccf7fbc6-150400.3.19.1 * dracut-debugsource-055+suse.335.gccf7fbc6-150400.3.19.1 * dracut-fips-055+suse.335.gccf7fbc6-150400.3.19.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * dracut-055+suse.335.gccf7fbc6-150400.3.19.1 * dracut-extra-055+suse.335.gccf7fbc6-150400.3.19.1 * dracut-tools-055+suse.335.gccf7fbc6-150400.3.19.1 * dracut-mkinitrd-deprecated-055+suse.335.gccf7fbc6-150400.3.19.1 * dracut-debuginfo-055+suse.335.gccf7fbc6-150400.3.19.1 * dracut-ima-055+suse.335.gccf7fbc6-150400.3.19.1 * dracut-debugsource-055+suse.335.gccf7fbc6-150400.3.19.1 * dracut-fips-055+suse.335.gccf7fbc6-150400.3.19.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * dracut-055+suse.335.gccf7fbc6-150400.3.19.1 * dracut-mkinitrd-deprecated-055+suse.335.gccf7fbc6-150400.3.19.1 * dracut-debuginfo-055+suse.335.gccf7fbc6-150400.3.19.1 * dracut-debugsource-055+suse.335.gccf7fbc6-150400.3.19.1 * dracut-fips-055+suse.335.gccf7fbc6-150400.3.19.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * dracut-055+suse.335.gccf7fbc6-150400.3.19.1 * dracut-mkinitrd-deprecated-055+suse.335.gccf7fbc6-150400.3.19.1 * dracut-debuginfo-055+suse.335.gccf7fbc6-150400.3.19.1 * dracut-debugsource-055+suse.335.gccf7fbc6-150400.3.19.1 * dracut-fips-055+suse.335.gccf7fbc6-150400.3.19.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * dracut-055+suse.335.gccf7fbc6-150400.3.19.1 * dracut-mkinitrd-deprecated-055+suse.335.gccf7fbc6-150400.3.19.1 * dracut-debuginfo-055+suse.335.gccf7fbc6-150400.3.19.1 * dracut-debugsource-055+suse.335.gccf7fbc6-150400.3.19.1 * dracut-fips-055+suse.335.gccf7fbc6-150400.3.19.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * dracut-055+suse.335.gccf7fbc6-150400.3.19.1 * dracut-mkinitrd-deprecated-055+suse.335.gccf7fbc6-150400.3.19.1 * dracut-debuginfo-055+suse.335.gccf7fbc6-150400.3.19.1 * dracut-debugsource-055+suse.335.gccf7fbc6-150400.3.19.1 * dracut-fips-055+suse.335.gccf7fbc6-150400.3.19.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * dracut-055+suse.335.gccf7fbc6-150400.3.19.1 * dracut-mkinitrd-deprecated-055+suse.335.gccf7fbc6-150400.3.19.1 * dracut-debuginfo-055+suse.335.gccf7fbc6-150400.3.19.1 * dracut-ima-055+suse.335.gccf7fbc6-150400.3.19.1 * dracut-debugsource-055+suse.335.gccf7fbc6-150400.3.19.1 * dracut-fips-055+suse.335.gccf7fbc6-150400.3.19.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1206195 * https://bugzilla.suse.com/show_bug.cgi?id=1206439 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Apr 18 12:31:40 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 18 Apr 2023 12:31:40 -0000 Subject: SUSE-RU-2023:1884-1: moderate: Recommended update for dracut Message-ID: <168182110001.13690.3305763895462102072@smelt2.suse.de> # Recommended update for dracut Announcement ID: SUSE-RU-2023:1884-1 Rating: moderate References: * #1208929 Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that has one recommended fix can now be installed. ## Description: This update for dracut fixes the following issues: * fix handling of omit_dracutmodules parameter (bsc#1208929) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-1884=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-1884=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-1884=1 ## Package List: * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * dracut-debugsource-044.2-124.1 * dracut-044.2-124.1 * dracut-fips-044.2-124.1 * dracut-debuginfo-044.2-124.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * dracut-debugsource-044.2-124.1 * dracut-044.2-124.1 * dracut-fips-044.2-124.1 * dracut-debuginfo-044.2-124.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * dracut-debugsource-044.2-124.1 * dracut-044.2-124.1 * dracut-fips-044.2-124.1 * dracut-debuginfo-044.2-124.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1208929 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Apr 18 12:31:43 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 18 Apr 2023 12:31:43 -0000 Subject: SUSE-RU-2023:1883-1: moderate: Recommended update for s390-tools Message-ID: <168182110310.13690.10991613600583241770@smelt2.suse.de> # Recommended update for s390-tools Announcement ID: SUSE-RU-2023:1883-1 Rating: moderate References: * #1208983 * #1209002 * #1209003 * #1209188 Affected Products: * Basesystem Module 15-SP4 * openSUSE Leap 15.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has four recommended fixes can now be installed. ## Description: This update for s390-tools fixes the following issues: * Fixes vmcp buffer evalutaion (bsc#1209002) * Adds support for kubernetes data collection (bsc#1209003) * Updated cputype (bsc#1208983) * Changed the script to avoid "/usr/bin/cputype: line xx: nnnn: command not found", when machine type was found more than once in the /proc/cpuinfo. This update is also signed with the new secure boot key from 2023. (bsc#1209188) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-1883=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-1883=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-1883=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-1883=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-1883=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-1883=1 ## Package List: * openSUSE Leap 15.4 (s390x) * s390-tools-debugsource-2.19.0-150400.7.18.5 * s390-tools-hmcdrvfs-debuginfo-2.19.0-150400.7.18.5 * s390-tools-hmcdrvfs-2.19.0-150400.7.18.5 * libkmipclient1-devel-2.19.0-150400.7.18.5 * s390-tools-zdsfs-debuginfo-2.19.0-150400.7.18.5 * osasnmpd-2.19.0-150400.7.18.5 * libkmipclient1-debuginfo-2.19.0-150400.7.18.5 * libekmfweb1-debuginfo-2.19.0-150400.7.18.5 * s390-tools-2.19.0-150400.7.18.5 * s390-tools-debuginfo-2.19.0-150400.7.18.5 * s390-tools-zdsfs-2.19.0-150400.7.18.5 * osasnmpd-debuginfo-2.19.0-150400.7.18.5 * libkmipclient1-2.19.0-150400.7.18.5 * libekmfweb1-2.19.0-150400.7.18.5 * libekmfweb1-devel-2.19.0-150400.7.18.5 * s390-tools-chreipl-fcp-mpath-2.19.0-150400.7.18.5 * SUSE Linux Enterprise Micro for Rancher 5.3 (s390x) * s390-tools-debugsource-2.19.0-150400.7.18.5 * s390-tools-2.19.0-150400.7.18.5 * libkmipclient1-debuginfo-2.19.0-150400.7.18.5 * libekmfweb1-debuginfo-2.19.0-150400.7.18.5 * s390-tools-debuginfo-2.19.0-150400.7.18.5 * libkmipclient1-2.19.0-150400.7.18.5 * libekmfweb1-2.19.0-150400.7.18.5 * SUSE Linux Enterprise Micro 5.3 (s390x) * s390-tools-debugsource-2.19.0-150400.7.18.5 * s390-tools-2.19.0-150400.7.18.5 * libkmipclient1-debuginfo-2.19.0-150400.7.18.5 * libekmfweb1-debuginfo-2.19.0-150400.7.18.5 * s390-tools-debuginfo-2.19.0-150400.7.18.5 * libkmipclient1-2.19.0-150400.7.18.5 * libekmfweb1-2.19.0-150400.7.18.5 * SUSE Linux Enterprise Micro for Rancher 5.4 (s390x) * s390-tools-debugsource-2.19.0-150400.7.18.5 * s390-tools-2.19.0-150400.7.18.5 * libkmipclient1-debuginfo-2.19.0-150400.7.18.5 * libekmfweb1-debuginfo-2.19.0-150400.7.18.5 * s390-tools-debuginfo-2.19.0-150400.7.18.5 * libkmipclient1-2.19.0-150400.7.18.5 * libekmfweb1-2.19.0-150400.7.18.5 * SUSE Linux Enterprise Micro 5.4 (s390x) * s390-tools-debugsource-2.19.0-150400.7.18.5 * s390-tools-2.19.0-150400.7.18.5 * libkmipclient1-debuginfo-2.19.0-150400.7.18.5 * libekmfweb1-debuginfo-2.19.0-150400.7.18.5 * s390-tools-debuginfo-2.19.0-150400.7.18.5 * libkmipclient1-2.19.0-150400.7.18.5 * libekmfweb1-2.19.0-150400.7.18.5 * Basesystem Module 15-SP4 (s390x) * s390-tools-debugsource-2.19.0-150400.7.18.5 * s390-tools-hmcdrvfs-debuginfo-2.19.0-150400.7.18.5 * s390-tools-hmcdrvfs-2.19.0-150400.7.18.5 * s390-tools-zdsfs-debuginfo-2.19.0-150400.7.18.5 * osasnmpd-2.19.0-150400.7.18.5 * libkmipclient1-debuginfo-2.19.0-150400.7.18.5 * libekmfweb1-debuginfo-2.19.0-150400.7.18.5 * s390-tools-2.19.0-150400.7.18.5 * s390-tools-debuginfo-2.19.0-150400.7.18.5 * s390-tools-zdsfs-2.19.0-150400.7.18.5 * osasnmpd-debuginfo-2.19.0-150400.7.18.5 * libkmipclient1-2.19.0-150400.7.18.5 * libekmfweb1-2.19.0-150400.7.18.5 * libekmfweb1-devel-2.19.0-150400.7.18.5 * s390-tools-chreipl-fcp-mpath-2.19.0-150400.7.18.5 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1208983 * https://bugzilla.suse.com/show_bug.cgi?id=1209002 * https://bugzilla.suse.com/show_bug.cgi?id=1209003 * https://bugzilla.suse.com/show_bug.cgi?id=1209188 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Apr 18 12:31:44 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 18 Apr 2023 12:31:44 -0000 Subject: SUSE-RU-2023:1882-1: moderate: Recommended update for makedumpfile Message-ID: <168182110474.13690.12697854077962216053@smelt2.suse.de> # Recommended update for makedumpfile Announcement ID: SUSE-RU-2023:1882-1 Rating: moderate References: * #1201209 Affected Products: * Basesystem Module 15-SP4 * openSUSE Leap 15.4 * openSUSE Leap Micro 5.3 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has one recommended fix can now be installed. ## Description: This update for makedumpfile fixes the following issues: * Fix memory leak issue in init_xen_crash_info (bsc#1201209) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-1882=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-1882=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-1882=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-1882=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-1882=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-1882=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-1882=1 ## Package List: * openSUSE Leap Micro 5.3 (aarch64 x86_64) * makedumpfile-debugsource-1.7.0-150400.4.3.1 * makedumpfile-1.7.0-150400.4.3.1 * makedumpfile-debuginfo-1.7.0-150400.4.3.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * makedumpfile-debugsource-1.7.0-150400.4.3.1 * makedumpfile-1.7.0-150400.4.3.1 * makedumpfile-debuginfo-1.7.0-150400.4.3.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * makedumpfile-debugsource-1.7.0-150400.4.3.1 * makedumpfile-1.7.0-150400.4.3.1 * makedumpfile-debuginfo-1.7.0-150400.4.3.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * makedumpfile-debugsource-1.7.0-150400.4.3.1 * makedumpfile-1.7.0-150400.4.3.1 * makedumpfile-debuginfo-1.7.0-150400.4.3.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * makedumpfile-debugsource-1.7.0-150400.4.3.1 * makedumpfile-1.7.0-150400.4.3.1 * makedumpfile-debuginfo-1.7.0-150400.4.3.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * makedumpfile-debugsource-1.7.0-150400.4.3.1 * makedumpfile-1.7.0-150400.4.3.1 * makedumpfile-debuginfo-1.7.0-150400.4.3.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * makedumpfile-debugsource-1.7.0-150400.4.3.1 * makedumpfile-1.7.0-150400.4.3.1 * makedumpfile-debuginfo-1.7.0-150400.4.3.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1201209 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Apr 18 12:31:46 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 18 Apr 2023 12:31:46 -0000 Subject: SUSE-RU-2023:1881-1: low: Recommended update for Mesa Message-ID: <168182110633.13690.11373068373959613070@smelt2.suse.de> # Recommended update for Mesa Announcement ID: SUSE-RU-2023:1881-1 Rating: low References: * #1208145 Affected Products: * Basesystem Module 15-SP4 * openSUSE Leap 15.4 * openSUSE Leap Micro 5.3 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Workstation Extension 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 * SUSE Package Hub 15 15-SP4 An update that has one recommended fix can now be installed. ## Description: This update for Mesa fixes the following issues: -Fixes blackscreen in Return To Monkey Island on Intel graphics (bsc#1208145) ## Patch Instructions: To install this SUSE Low update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-1881=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-1881=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-1881=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-1881=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-1881=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-1881=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-1881=1 * SUSE Package Hub 15 15-SP4 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2023-1881=1 * SUSE Linux Enterprise Workstation Extension 15 SP4 zypper in -t patch SUSE-SLE-Product-WE-15-SP4-2023-1881=1 ## Package List: * openSUSE Leap Micro 5.3 (aarch64 x86_64) * Mesa-debugsource-21.2.4-150400.68.12.1 * libgbm1-debuginfo-21.2.4-150400.68.12.1 * libgbm1-21.2.4-150400.68.12.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * Mesa-libEGL1-21.2.4-150400.68.12.1 * libOSMesa8-debuginfo-21.2.4-150400.68.12.1 * Mesa-21.2.4-150400.68.12.1 * Mesa-debugsource-21.2.4-150400.68.12.1 * Mesa-libGLESv2-devel-21.2.4-150400.68.12.1 * libOSMesa-devel-21.2.4-150400.68.12.1 * Mesa-drivers-debugsource-21.2.4-150400.68.12.1 * Mesa-libGL1-21.2.4-150400.68.12.1 * Mesa-dri-debuginfo-21.2.4-150400.68.12.1 * libgbm1-21.2.4-150400.68.12.1 * Mesa-libglapi0-debuginfo-21.2.4-150400.68.12.1 * Mesa-KHR-devel-21.2.4-150400.68.12.1 * Mesa-libGL1-debuginfo-21.2.4-150400.68.12.1 * Mesa-dri-devel-21.2.4-150400.68.12.1 * Mesa-libGLESv1_CM-devel-21.2.4-150400.68.12.1 * Mesa-libglapi-devel-21.2.4-150400.68.12.1 * Mesa-libGL-devel-21.2.4-150400.68.12.1 * Mesa-dri-21.2.4-150400.68.12.1 * Mesa-devel-21.2.4-150400.68.12.1 * Mesa-libEGL1-debuginfo-21.2.4-150400.68.12.1 * libOSMesa8-21.2.4-150400.68.12.1 * Mesa-libEGL-devel-21.2.4-150400.68.12.1 * libgbm-devel-21.2.4-150400.68.12.1 * Mesa-libglapi0-21.2.4-150400.68.12.1 * libgbm1-debuginfo-21.2.4-150400.68.12.1 * Mesa-libGLESv3-devel-21.2.4-150400.68.12.1 * openSUSE Leap 15.4 (x86_64) * Mesa-libglapi-devel-32bit-21.2.4-150400.68.12.1 * libgbm1-32bit-21.2.4-150400.68.12.1 * Mesa-dri-32bit-debuginfo-21.2.4-150400.68.12.1 * libvulkan_radeon-32bit-21.2.4-150400.68.12.1 * libXvMC_nouveau-32bit-debuginfo-21.2.4-150400.68.12.1 * Mesa-libEGL-devel-32bit-21.2.4-150400.68.12.1 * libvulkan_intel-32bit-debuginfo-21.2.4-150400.68.12.1 * libvulkan_radeon-32bit-debuginfo-21.2.4-150400.68.12.1 * Mesa-libEGL1-32bit-debuginfo-21.2.4-150400.68.12.1 * Mesa-vulkan-overlay-32bit-21.2.4-150400.68.12.1 * Mesa-libd3d-devel-32bit-21.2.4-150400.68.12.1 * libOSMesa8-32bit-21.2.4-150400.68.12.1 * libXvMC_nouveau-32bit-21.2.4-150400.68.12.1 * Mesa-libglapi0-32bit-debuginfo-21.2.4-150400.68.12.1 * Mesa-libGL-devel-32bit-21.2.4-150400.68.12.1 * libXvMC_r600-32bit-21.2.4-150400.68.12.1 * libgbm1-32bit-debuginfo-21.2.4-150400.68.12.1 * libvulkan_intel-21.2.4-150400.68.12.1 * Mesa-dri-nouveau-32bit-21.2.4-150400.68.12.1 * Mesa-libGL1-32bit-21.2.4-150400.68.12.1 * Mesa-vulkan-overlay-32bit-debuginfo-21.2.4-150400.68.12.1 * Mesa-dri-32bit-21.2.4-150400.68.12.1 * libvdpau_nouveau-32bit-debuginfo-21.2.4-150400.68.12.1 * libvdpau_radeonsi-32bit-21.2.4-150400.68.12.1 * Mesa-libd3d-32bit-21.2.4-150400.68.12.1 * libgbm-devel-32bit-21.2.4-150400.68.12.1 * libvulkan_intel-debuginfo-21.2.4-150400.68.12.1 * Mesa-libGLESv2-devel-32bit-21.2.4-150400.68.12.1 * libvdpau_r300-32bit-21.2.4-150400.68.12.1 * Mesa-libGLESv1_CM-devel-32bit-21.2.4-150400.68.12.1 * libvdpau_r600-32bit-debuginfo-21.2.4-150400.68.12.1 * libXvMC_r600-32bit-debuginfo-21.2.4-150400.68.12.1 * libvdpau_r600-32bit-21.2.4-150400.68.12.1 * Mesa-libGL1-32bit-debuginfo-21.2.4-150400.68.12.1 * Mesa-gallium-32bit-debuginfo-21.2.4-150400.68.12.1 * libOSMesa8-32bit-debuginfo-21.2.4-150400.68.12.1 * Mesa-vulkan-device-select-32bit-21.2.4-150400.68.12.1 * libOSMesa-devel-32bit-21.2.4-150400.68.12.1 * Mesa-dri-nouveau-32bit-debuginfo-21.2.4-150400.68.12.1 * Mesa-32bit-21.2.4-150400.68.12.1 * Mesa-libd3d-32bit-debuginfo-21.2.4-150400.68.12.1 * libvdpau_radeonsi-32bit-debuginfo-21.2.4-150400.68.12.1 * Mesa-libglapi0-32bit-21.2.4-150400.68.12.1 * libvdpau_nouveau-32bit-21.2.4-150400.68.12.1 * Mesa-vulkan-device-select-32bit-debuginfo-21.2.4-150400.68.12.1 * libvdpau_r300-32bit-debuginfo-21.2.4-150400.68.12.1 * libvulkan_intel-32bit-21.2.4-150400.68.12.1 * Mesa-gallium-32bit-21.2.4-150400.68.12.1 * Mesa-libEGL1-32bit-21.2.4-150400.68.12.1 * openSUSE Leap 15.4 (aarch64 ppc64le x86_64) * libxatracker-devel-1.0.0-150400.68.12.1 * libvdpau_r300-21.2.4-150400.68.12.1 * libvdpau_radeonsi-21.2.4-150400.68.12.1 * Mesa-libOpenCL-21.2.4-150400.68.12.1 * libvdpau_r600-debuginfo-21.2.4-150400.68.12.1 * Mesa-gallium-debuginfo-21.2.4-150400.68.12.1 * Mesa-gallium-21.2.4-150400.68.12.1 * libXvMC_r600-21.2.4-150400.68.12.1 * libvdpau_radeonsi-debuginfo-21.2.4-150400.68.12.1 * libvdpau_r300-debuginfo-21.2.4-150400.68.12.1 * Mesa-libva-21.2.4-150400.68.12.1 * libXvMC_nouveau-debuginfo-21.2.4-150400.68.12.1 * libxatracker2-debuginfo-1.0.0-150400.68.12.1 * libxatracker2-1.0.0-150400.68.12.1 * Mesa-libOpenCL-debuginfo-21.2.4-150400.68.12.1 * libvdpau_r600-21.2.4-150400.68.12.1 * Mesa-libva-debuginfo-21.2.4-150400.68.12.1 * libvdpau_nouveau-21.2.4-150400.68.12.1 * Mesa-dri-nouveau-21.2.4-150400.68.12.1 * libXvMC_r600-debuginfo-21.2.4-150400.68.12.1 * libXvMC_nouveau-21.2.4-150400.68.12.1 * Mesa-dri-nouveau-debuginfo-21.2.4-150400.68.12.1 * libvdpau_nouveau-debuginfo-21.2.4-150400.68.12.1 * openSUSE Leap 15.4 (aarch64 x86_64) * Mesa-vulkan-overlay-21.2.4-150400.68.12.1 * libvulkan_radeon-debuginfo-21.2.4-150400.68.12.1 * libvulkan_lvp-21.2.4-150400.68.12.1 * Mesa-libd3d-21.2.4-150400.68.12.1 * libvulkan_lvp-debuginfo-21.2.4-150400.68.12.1 * Mesa-vulkan-device-select-debuginfo-21.2.4-150400.68.12.1 * libvulkan_radeon-21.2.4-150400.68.12.1 * Mesa-vulkan-overlay-debuginfo-21.2.4-150400.68.12.1 * Mesa-libVulkan-devel-21.2.4-150400.68.12.1 * Mesa-libd3d-devel-21.2.4-150400.68.12.1 * Mesa-libd3d-debuginfo-21.2.4-150400.68.12.1 * Mesa-vulkan-device-select-21.2.4-150400.68.12.1 * openSUSE Leap 15.4 (aarch64) * Mesa-dri-vc4-21.2.4-150400.68.12.1 * libvulkan_broadcom-21.2.4-150400.68.12.1 * libvulkan_freedreno-21.2.4-150400.68.12.1 * libvulkan_broadcom-debuginfo-21.2.4-150400.68.12.1 * Mesa-dri-vc4-debuginfo-21.2.4-150400.68.12.1 * libvulkan_freedreno-debuginfo-21.2.4-150400.68.12.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * Mesa-debugsource-21.2.4-150400.68.12.1 * libgbm1-debuginfo-21.2.4-150400.68.12.1 * libgbm1-21.2.4-150400.68.12.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * Mesa-debugsource-21.2.4-150400.68.12.1 * libgbm1-debuginfo-21.2.4-150400.68.12.1 * libgbm1-21.2.4-150400.68.12.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * Mesa-debugsource-21.2.4-150400.68.12.1 * libgbm1-debuginfo-21.2.4-150400.68.12.1 * libgbm1-21.2.4-150400.68.12.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * Mesa-debugsource-21.2.4-150400.68.12.1 * libgbm1-debuginfo-21.2.4-150400.68.12.1 * libgbm1-21.2.4-150400.68.12.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * Mesa-libEGL1-21.2.4-150400.68.12.1 * libOSMesa8-debuginfo-21.2.4-150400.68.12.1 * Mesa-21.2.4-150400.68.12.1 * Mesa-debugsource-21.2.4-150400.68.12.1 * Mesa-libGLESv2-devel-21.2.4-150400.68.12.1 * libOSMesa-devel-21.2.4-150400.68.12.1 * Mesa-drivers-debugsource-21.2.4-150400.68.12.1 * Mesa-libGL1-21.2.4-150400.68.12.1 * Mesa-dri-debuginfo-21.2.4-150400.68.12.1 * libgbm1-21.2.4-150400.68.12.1 * Mesa-libglapi0-debuginfo-21.2.4-150400.68.12.1 * Mesa-KHR-devel-21.2.4-150400.68.12.1 * Mesa-libGL1-debuginfo-21.2.4-150400.68.12.1 * Mesa-dri-devel-21.2.4-150400.68.12.1 * Mesa-libGLESv1_CM-devel-21.2.4-150400.68.12.1 * Mesa-libglapi-devel-21.2.4-150400.68.12.1 * Mesa-libGL-devel-21.2.4-150400.68.12.1 * Mesa-dri-21.2.4-150400.68.12.1 * Mesa-devel-21.2.4-150400.68.12.1 * Mesa-libEGL1-debuginfo-21.2.4-150400.68.12.1 * libOSMesa8-21.2.4-150400.68.12.1 * Mesa-libEGL-devel-21.2.4-150400.68.12.1 * libgbm-devel-21.2.4-150400.68.12.1 * Mesa-libglapi0-21.2.4-150400.68.12.1 * libgbm1-debuginfo-21.2.4-150400.68.12.1 * Mesa-libGLESv3-devel-21.2.4-150400.68.12.1 * Basesystem Module 15-SP4 (aarch64 ppc64le x86_64) * libxatracker2-debuginfo-1.0.0-150400.68.12.1 * Mesa-gallium-debuginfo-21.2.4-150400.68.12.1 * Mesa-gallium-21.2.4-150400.68.12.1 * libxatracker2-1.0.0-150400.68.12.1 * libvdpau_r600-21.2.4-150400.68.12.1 * libxatracker-devel-1.0.0-150400.68.12.1 * libvdpau_r300-21.2.4-150400.68.12.1 * Mesa-libva-debuginfo-21.2.4-150400.68.12.1 * libvdpau_r300-debuginfo-21.2.4-150400.68.12.1 * Mesa-libva-21.2.4-150400.68.12.1 * libvdpau_r600-debuginfo-21.2.4-150400.68.12.1 * Basesystem Module 15-SP4 (aarch64 x86_64) * Mesa-vulkan-overlay-21.2.4-150400.68.12.1 * libvulkan_radeon-debuginfo-21.2.4-150400.68.12.1 * libvulkan_radeon-21.2.4-150400.68.12.1 * libvulkan_lvp-debuginfo-21.2.4-150400.68.12.1 * Mesa-vulkan-device-select-debuginfo-21.2.4-150400.68.12.1 * Mesa-vulkan-overlay-debuginfo-21.2.4-150400.68.12.1 * libvulkan_lvp-21.2.4-150400.68.12.1 * Mesa-vulkan-device-select-21.2.4-150400.68.12.1 * Basesystem Module 15-SP4 (x86_64) * Mesa-dri-32bit-debuginfo-21.2.4-150400.68.12.1 * Mesa-gallium-32bit-21.2.4-150400.68.12.1 * Mesa-libEGL1-32bit-debuginfo-21.2.4-150400.68.12.1 * libvdpau_radeonsi-21.2.4-150400.68.12.1 * Mesa-libglapi0-32bit-debuginfo-21.2.4-150400.68.12.1 * libvulkan_intel-21.2.4-150400.68.12.1 * libgbm1-32bit-debuginfo-21.2.4-150400.68.12.1 * Mesa-libGL1-32bit-21.2.4-150400.68.12.1 * libvdpau_radeonsi-debuginfo-21.2.4-150400.68.12.1 * Mesa-dri-32bit-21.2.4-150400.68.12.1 * libvulkan_intel-debuginfo-21.2.4-150400.68.12.1 * Mesa-libd3d-devel-21.2.4-150400.68.12.1 * Mesa-libVulkan-devel-21.2.4-150400.68.12.1 * Mesa-libGL1-32bit-debuginfo-21.2.4-150400.68.12.1 * Mesa-gallium-32bit-debuginfo-21.2.4-150400.68.12.1 * Mesa-libd3d-debuginfo-21.2.4-150400.68.12.1 * Mesa-32bit-21.2.4-150400.68.12.1 * Mesa-libd3d-21.2.4-150400.68.12.1 * Mesa-libglapi0-32bit-21.2.4-150400.68.12.1 * libgbm1-32bit-21.2.4-150400.68.12.1 * Mesa-libEGL1-32bit-21.2.4-150400.68.12.1 * SUSE Package Hub 15 15-SP4 (x86_64) * Mesa-debugsource-21.2.4-150400.68.12.1 * libOSMesa8-32bit-debuginfo-21.2.4-150400.68.12.1 * libOSMesa8-32bit-21.2.4-150400.68.12.1 * SUSE Linux Enterprise Workstation Extension 15 SP4 (x86_64) * libXvMC_nouveau-debuginfo-21.2.4-150400.68.12.1 * Mesa-dri-nouveau-21.2.4-150400.68.12.1 * libXvMC_nouveau-21.2.4-150400.68.12.1 * Mesa-dri-nouveau-debuginfo-21.2.4-150400.68.12.1 * Mesa-drivers-debugsource-21.2.4-150400.68.12.1 * libvdpau_nouveau-debuginfo-21.2.4-150400.68.12.1 * libvdpau_nouveau-21.2.4-150400.68.12.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1208145 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Apr 18 12:31:49 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 18 Apr 2023 12:31:49 -0000 Subject: SUSE-RU-2023:1880-1: low: Recommended update for systemd-rpm-macros Message-ID: <168182110911.13690.14823272377733485439@smelt2.suse.de> # Recommended update for systemd-rpm-macros Announcement ID: SUSE-RU-2023:1880-1 Rating: low References: * #1208079 Affected Products: * Basesystem Module 15-SP4 * openSUSE Leap 15.4 * openSUSE Leap Micro 5.3 * SUSE CaaS Platform 4.0 * SUSE Enterprise Storage 7 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 An update that has one recommended fix can now be installed. ## Description: This update for systemd-rpm-macros fixes the following issue: * Don't emit a warning when the flag file in /var/lib/systemd/migrated/ is not present as it's expected (bsc#1208079). ## Patch Instructions: To install this SUSE Low update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-1880=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-1880=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-1880=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-1880=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-1880=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-1880=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-1880=1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-1880=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-1880=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-1880=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-1880=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-1880=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-1880=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-1880=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-1880=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-1880=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-1880=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-1880=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-1880=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-1880=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-1880=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-1880=1 * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-1880=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. ## Package List: * openSUSE Leap Micro 5.3 (noarch) * systemd-rpm-macros-12-150000.7.30.1 * openSUSE Leap 15.4 (noarch) * systemd-rpm-macros-12-150000.7.30.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (noarch) * systemd-rpm-macros-12-150000.7.30.1 * SUSE Linux Enterprise Micro 5.3 (noarch) * systemd-rpm-macros-12-150000.7.30.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (noarch) * systemd-rpm-macros-12-150000.7.30.1 * SUSE Linux Enterprise Micro 5.4 (noarch) * systemd-rpm-macros-12-150000.7.30.1 * Basesystem Module 15-SP4 (noarch) * systemd-rpm-macros-12-150000.7.30.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (noarch) * systemd-rpm-macros-12-150000.7.30.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * systemd-rpm-macros-12-150000.7.30.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * systemd-rpm-macros-12-150000.7.30.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * systemd-rpm-macros-12-150000.7.30.1 * SUSE Linux Enterprise Real Time 15 SP3 (noarch) * systemd-rpm-macros-12-150000.7.30.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (noarch) * systemd-rpm-macros-12-150000.7.30.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch) * systemd-rpm-macros-12-150000.7.30.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * systemd-rpm-macros-12-150000.7.30.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (noarch) * systemd-rpm-macros-12-150000.7.30.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch) * systemd-rpm-macros-12-150000.7.30.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * systemd-rpm-macros-12-150000.7.30.1 * SUSE Manager Proxy 4.2 (noarch) * systemd-rpm-macros-12-150000.7.30.1 * SUSE Manager Retail Branch Server 4.2 (noarch) * systemd-rpm-macros-12-150000.7.30.1 * SUSE Manager Server 4.2 (noarch) * systemd-rpm-macros-12-150000.7.30.1 * SUSE Enterprise Storage 7.1 (noarch) * systemd-rpm-macros-12-150000.7.30.1 * SUSE Enterprise Storage 7 (noarch) * systemd-rpm-macros-12-150000.7.30.1 * SUSE CaaS Platform 4.0 (noarch) * systemd-rpm-macros-12-150000.7.30.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1208079 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Apr 18 16:30:02 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 18 Apr 2023 16:30:02 -0000 Subject: SUSE-SU-2023:1901-1: moderate: Security update for helm Message-ID: <168183540279.13287.7659056887469261400@smelt2.suse.de> # Security update for helm Announcement ID: SUSE-SU-2023:1901-1 Rating: moderate References: * #1209670 Affected Products: * Containers Module 15-SP4 * openSUSE Leap 15.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 * SUSE Package Hub 15 15-SP4 An update that has one fix can now be installed. ## Description: This update for helm fixes the following issues: Update to version 3.11.2: * chore(deps): bump github.com/rubenv/sql-migrate from 1.2.0 to 1.3.1 * the linter varcheck and deadcode are deprecated (since v1.49.0) * fix template --output-dir issue * build against a supported go version: go1.19 (bsc#1209670) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-1901=1 * Containers Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Containers-15-SP4-2023-1901=1 * SUSE Package Hub 15 15-SP4 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2023-1901=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * helm-3.11.2-150000.1.19.1 * helm-debuginfo-3.11.2-150000.1.19.1 * openSUSE Leap 15.4 (noarch) * helm-zsh-completion-3.11.2-150000.1.19.1 * helm-bash-completion-3.11.2-150000.1.19.1 * helm-fish-completion-3.11.2-150000.1.19.1 * Containers Module 15-SP4 (aarch64 ppc64le s390x x86_64) * helm-3.11.2-150000.1.19.1 * helm-debuginfo-3.11.2-150000.1.19.1 * Containers Module 15-SP4 (noarch) * helm-zsh-completion-3.11.2-150000.1.19.1 * helm-bash-completion-3.11.2-150000.1.19.1 * SUSE Package Hub 15 15-SP4 (noarch) * helm-fish-completion-3.11.2-150000.1.19.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1209670 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Apr 18 16:30:03 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 18 Apr 2023 16:30:03 -0000 Subject: SUSE-RU-2023:1900-1: moderate: Recommended update for libdnet Message-ID: <168183540394.13287.9520310950601968419@smelt2.suse.de> # Recommended update for libdnet Announcement ID: SUSE-RU-2023:1900-1 Rating: moderate References: Affected Products: * Basesystem Module 15-SP4 * openSUSE Leap 15.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that can now be installed. ## Description: This update for libdnet fixes the following issues: * update to 1.16.3: IPv6 support fixed some potential buffer overflows ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-1900=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-1900=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * libdnet1-debuginfo-1.16.3-150400.3.3.1 * libdnet1-1.16.3-150400.3.3.1 * libdnet-debugsource-1.16.3-150400.3.3.1 * libdnet-devel-1.16.3-150400.3.3.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * libdnet1-debuginfo-1.16.3-150400.3.3.1 * libdnet1-1.16.3-150400.3.3.1 * libdnet-debugsource-1.16.3-150400.3.3.1 * libdnet-devel-1.16.3-150400.3.3.1 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Apr 19 05:08:54 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 19 Apr 2023 05:08:54 -0000 Subject: SUSE-RU-2023:1806-1: important: Recommended update for timezone Message-ID: <168188093422.27507.13574665446953020932@smelt2.suse.de> # Recommended update for timezone Announcement ID: SUSE-RU-2023:1806-1 Rating: important References: Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP2 * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP2 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE OpenStack Cloud 9 * SUSE OpenStack Cloud Crowbar 9 An update that can now be installed. ## Description: This update for timezone fixes the following issues: * Version update from 2022g to 2023c: * Egypt now uses DST again, from April through October. * This year Morocco springs forward April 23, not April 30. * Palestine delays the start of DST this year. * Much of Greenland still uses DST from 2024 on. * America/Yellowknife now links to America/Edmonton. * tzselect can now use current time to help infer timezone. * The code now defaults to C99 or later. ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE OpenStack Cloud 9 zypper in -t patch SUSE-OpenStack-Cloud-9-2023-1806=1 * SUSE OpenStack Cloud Crowbar 9 zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2023-1806=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 zypper in -t patch SUSE-SLE-SAP-12-SP4-2023-1806=1 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2023-1806=1 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 zypper in -t patch SUSE-SLE-SERVER-12-SP4-ESPOS-2023-1806=1 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2023-1806=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-1806=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-1806=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-1806=1 ## Package List: * SUSE OpenStack Cloud 9 (x86_64) * timezone-debugsource-2023c-74.74.1 * timezone-debuginfo-2023c-74.74.1 * timezone-2023c-74.74.1 * SUSE OpenStack Cloud 9 (noarch) * timezone-java-2023c-74.74.1 * SUSE OpenStack Cloud Crowbar 9 (x86_64) * timezone-debugsource-2023c-74.74.1 * timezone-debuginfo-2023c-74.74.1 * timezone-2023c-74.74.1 * SUSE OpenStack Cloud Crowbar 9 (noarch) * timezone-java-2023c-74.74.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 (ppc64le x86_64) * timezone-debugsource-2023c-74.74.1 * timezone-debuginfo-2023c-74.74.1 * timezone-2023c-74.74.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 (noarch) * timezone-java-2023c-74.74.1 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 (x86_64) * timezone-debugsource-2023c-74.74.1 * timezone-debuginfo-2023c-74.74.1 * timezone-2023c-74.74.1 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 (noarch) * timezone-java-2023c-74.74.1 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 (aarch64 x86_64) * timezone-debugsource-2023c-74.74.1 * timezone-debuginfo-2023c-74.74.1 * timezone-2023c-74.74.1 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 (noarch) * timezone-java-2023c-74.74.1 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 (aarch64 ppc64le s390x x86_64) * timezone-debugsource-2023c-74.74.1 * timezone-debuginfo-2023c-74.74.1 * timezone-2023c-74.74.1 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 (noarch) * timezone-java-2023c-74.74.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * timezone-debugsource-2023c-74.74.1 * timezone-debuginfo-2023c-74.74.1 * timezone-2023c-74.74.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (noarch) * timezone-java-2023c-74.74.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * timezone-debugsource-2023c-74.74.1 * timezone-debuginfo-2023c-74.74.1 * timezone-2023c-74.74.1 * SUSE Linux Enterprise Server 12 SP5 (noarch) * timezone-java-2023c-74.74.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * timezone-debugsource-2023c-74.74.1 * timezone-debuginfo-2023c-74.74.1 * timezone-2023c-74.74.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (noarch) * timezone-java-2023c-74.74.1 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Apr 19 05:08:55 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 19 Apr 2023 05:08:55 -0000 Subject: SUSE-RU-2023:1805-1: important: Recommended update for timezone Message-ID: <168188093543.27507.6184598550254435681@smelt2.suse.de> # Recommended update for timezone Announcement ID: SUSE-RU-2023:1805-1 Rating: important References: Affected Products: * Basesystem Module 15-SP4 * openSUSE Leap 15.4 * openSUSE Leap Micro 5.3 * SUSE CaaS Platform 4.0 * SUSE Enterprise Storage 7 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 An update that can now be installed. ## Description: This update for timezone fixes the following issues: * Version update from 2022g to 2023c: * Egypt now uses DST again, from April through October. * This year Morocco springs forward April 23, not April 30. * Palestine delays the start of DST this year. * Much of Greenland still uses DST from 2024 on. * America/Yellowknife now links to America/Edmonton. * tzselect can now use current time to help infer timezone. * The code now defaults to C99 or later. ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-1805=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-1805=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-1805=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-1805=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-1805=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-1805=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-1805=1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-1805=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-1805=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-1805=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-1805=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-1805=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-1805=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-1805=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-1805=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-1805=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-1805=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-1805=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-1805=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-1805=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-1805=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-1805=1 * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-1805=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-1805=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-1805=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-1805=1 ## Package List: * openSUSE Leap Micro 5.3 (aarch64 x86_64) * timezone-debuginfo-2023c-150000.75.23.1 * timezone-2023c-150000.75.23.1 * timezone-debugsource-2023c-150000.75.23.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * timezone-debuginfo-2023c-150000.75.23.1 * timezone-2023c-150000.75.23.1 * timezone-debugsource-2023c-150000.75.23.1 * openSUSE Leap 15.4 (noarch) * timezone-java-2023c-150000.75.23.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * timezone-debuginfo-2023c-150000.75.23.1 * timezone-2023c-150000.75.23.1 * timezone-debugsource-2023c-150000.75.23.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * timezone-debuginfo-2023c-150000.75.23.1 * timezone-2023c-150000.75.23.1 * timezone-debugsource-2023c-150000.75.23.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * timezone-debuginfo-2023c-150000.75.23.1 * timezone-2023c-150000.75.23.1 * timezone-debugsource-2023c-150000.75.23.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * timezone-debuginfo-2023c-150000.75.23.1 * timezone-2023c-150000.75.23.1 * timezone-debugsource-2023c-150000.75.23.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * timezone-debuginfo-2023c-150000.75.23.1 * timezone-2023c-150000.75.23.1 * timezone-debugsource-2023c-150000.75.23.1 * Basesystem Module 15-SP4 (noarch) * timezone-java-2023c-150000.75.23.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * timezone-debuginfo-2023c-150000.75.23.1 * timezone-2023c-150000.75.23.1 * timezone-debugsource-2023c-150000.75.23.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (noarch) * timezone-java-2023c-150000.75.23.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * timezone-debuginfo-2023c-150000.75.23.1 * timezone-2023c-150000.75.23.1 * timezone-debugsource-2023c-150000.75.23.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * timezone-java-2023c-150000.75.23.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * timezone-debuginfo-2023c-150000.75.23.1 * timezone-2023c-150000.75.23.1 * timezone-debugsource-2023c-150000.75.23.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * timezone-java-2023c-150000.75.23.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * timezone-debuginfo-2023c-150000.75.23.1 * timezone-2023c-150000.75.23.1 * timezone-debugsource-2023c-150000.75.23.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * timezone-java-2023c-150000.75.23.1 * SUSE Linux Enterprise Real Time 15 SP3 (x86_64) * timezone-debuginfo-2023c-150000.75.23.1 * timezone-2023c-150000.75.23.1 * timezone-debugsource-2023c-150000.75.23.1 * SUSE Linux Enterprise Real Time 15 SP3 (noarch) * timezone-java-2023c-150000.75.23.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * timezone-debuginfo-2023c-150000.75.23.1 * timezone-2023c-150000.75.23.1 * timezone-debugsource-2023c-150000.75.23.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (noarch) * timezone-java-2023c-150000.75.23.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * timezone-debuginfo-2023c-150000.75.23.1 * timezone-2023c-150000.75.23.1 * timezone-debugsource-2023c-150000.75.23.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch) * timezone-java-2023c-150000.75.23.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * timezone-debuginfo-2023c-150000.75.23.1 * timezone-2023c-150000.75.23.1 * timezone-debugsource-2023c-150000.75.23.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * timezone-java-2023c-150000.75.23.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * timezone-debuginfo-2023c-150000.75.23.1 * timezone-2023c-150000.75.23.1 * timezone-debugsource-2023c-150000.75.23.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (noarch) * timezone-java-2023c-150000.75.23.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * timezone-debuginfo-2023c-150000.75.23.1 * timezone-2023c-150000.75.23.1 * timezone-debugsource-2023c-150000.75.23.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch) * timezone-java-2023c-150000.75.23.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * timezone-debuginfo-2023c-150000.75.23.1 * timezone-2023c-150000.75.23.1 * timezone-debugsource-2023c-150000.75.23.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * timezone-java-2023c-150000.75.23.1 * SUSE Manager Proxy 4.2 (x86_64) * timezone-debuginfo-2023c-150000.75.23.1 * timezone-2023c-150000.75.23.1 * timezone-debugsource-2023c-150000.75.23.1 * SUSE Manager Proxy 4.2 (noarch) * timezone-java-2023c-150000.75.23.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * timezone-debuginfo-2023c-150000.75.23.1 * timezone-2023c-150000.75.23.1 * timezone-debugsource-2023c-150000.75.23.1 * SUSE Manager Retail Branch Server 4.2 (noarch) * timezone-java-2023c-150000.75.23.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * timezone-debuginfo-2023c-150000.75.23.1 * timezone-2023c-150000.75.23.1 * timezone-debugsource-2023c-150000.75.23.1 * SUSE Manager Server 4.2 (noarch) * timezone-java-2023c-150000.75.23.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * timezone-debuginfo-2023c-150000.75.23.1 * timezone-2023c-150000.75.23.1 * timezone-debugsource-2023c-150000.75.23.1 * SUSE Enterprise Storage 7.1 (noarch) * timezone-java-2023c-150000.75.23.1 * SUSE Enterprise Storage 7 (aarch64 x86_64) * timezone-debuginfo-2023c-150000.75.23.1 * timezone-2023c-150000.75.23.1 * timezone-debugsource-2023c-150000.75.23.1 * SUSE Enterprise Storage 7 (noarch) * timezone-java-2023c-150000.75.23.1 * SUSE CaaS Platform 4.0 (x86_64) * timezone-debuginfo-2023c-150000.75.23.1 * timezone-2023c-150000.75.23.1 * timezone-debugsource-2023c-150000.75.23.1 * SUSE CaaS Platform 4.0 (noarch) * timezone-java-2023c-150000.75.23.1 * SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64) * timezone-debuginfo-2023c-150000.75.23.1 * timezone-2023c-150000.75.23.1 * timezone-debugsource-2023c-150000.75.23.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * timezone-debuginfo-2023c-150000.75.23.1 * timezone-2023c-150000.75.23.1 * timezone-debugsource-2023c-150000.75.23.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * timezone-debuginfo-2023c-150000.75.23.1 * timezone-2023c-150000.75.23.1 * timezone-debugsource-2023c-150000.75.23.1 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Apr 19 07:05:52 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 19 Apr 2023 09:05:52 +0200 (CEST) Subject: SUSE-CU-2023:1176-1: Security update of bci/nodejs Message-ID: <20230419070552.31282F36F@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1176-1 Container Tags : bci/node:14 , bci/node:14-37.33 , bci/nodejs:14 , bci/nodejs:14-37.33 Container Release : 37.33 Severity : important Type : security References : 1208744 CVE-2022-25881 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1875-1 Released: Tue Apr 18 09:36:11 2023 Summary: Security update for nodejs14 Type: security Severity: important References: 1208744,CVE-2022-25881 This update for nodejs14 fixes the following issues: - CVE-2022-25881: Fixed regular expression denial of service vulnerability (bsc#1208744). The following package changes have been done: - nodejs14-14.21.3-150200.15.46.1 updated - npm14-14.21.3-150200.15.46.1 updated From sle-updates at lists.suse.com Wed Apr 19 07:05:57 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 19 Apr 2023 09:05:57 +0200 (CEST) Subject: SUSE-CU-2023:1177-1: Recommended update of bci/php-apache Message-ID: <20230419070557.ECD3DF36F@maintenance.suse.de> SUSE Container Update Advisory: bci/php-apache ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1177-1 Container Tags : bci/php-apache:8 , bci/php-apache:8-2.29 Container Release : 2.29 Severity : moderate Type : recommended References : 1205162 1208199 ----------------------------------------------------------------- The container bci/php-apache was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1891-1 Released: Tue Apr 18 11:28:04 2023 Summary: Recommended update for php8 Type: recommended Severity: moderate References: 1205162,1208199 This update for php8 fixes the following issues: - ensure extension=mysqlnd will be called before extension=mysqli (bsc#1205162) - fix potential buffer overflow (bsc#1208199) The following package changes have been done: - php8-cli-8.0.28-150400.4.31.1 updated - php8-8.0.28-150400.4.31.1 updated - apache2-mod_php8-8.0.28-150400.4.31.1 updated - php8-openssl-8.0.28-150400.4.31.1 updated - php8-mbstring-8.0.28-150400.4.31.1 updated - php8-zlib-8.0.28-150400.4.31.1 updated - php8-zip-8.0.28-150400.4.31.1 updated - php8-curl-8.0.28-150400.4.31.1 updated - php8-phar-8.0.28-150400.4.31.1 updated From sle-updates at lists.suse.com Wed Apr 19 07:06:03 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 19 Apr 2023 09:06:03 +0200 (CEST) Subject: SUSE-CU-2023:1178-1: Recommended update of bci/php-fpm Message-ID: <20230419070603.41723F36F@maintenance.suse.de> SUSE Container Update Advisory: bci/php-fpm ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1178-1 Container Tags : bci/php-fpm:8 , bci/php-fpm:8-2.28 Container Release : 2.28 Severity : moderate Type : recommended References : 1205162 1208199 ----------------------------------------------------------------- The container bci/php-fpm was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1891-1 Released: Tue Apr 18 11:28:04 2023 Summary: Recommended update for php8 Type: recommended Severity: moderate References: 1205162,1208199 This update for php8 fixes the following issues: - ensure extension=mysqlnd will be called before extension=mysqli (bsc#1205162) - fix potential buffer overflow (bsc#1208199) The following package changes have been done: - php8-cli-8.0.28-150400.4.31.1 updated - php8-8.0.28-150400.4.31.1 updated - php8-fpm-8.0.28-150400.4.31.1 updated - php8-openssl-8.0.28-150400.4.31.1 updated - php8-mbstring-8.0.28-150400.4.31.1 updated - php8-zlib-8.0.28-150400.4.31.1 updated - php8-zip-8.0.28-150400.4.31.1 updated - php8-curl-8.0.28-150400.4.31.1 updated - php8-phar-8.0.28-150400.4.31.1 updated From sle-updates at lists.suse.com Wed Apr 19 07:06:08 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 19 Apr 2023 09:06:08 +0200 (CEST) Subject: SUSE-CU-2023:1179-1: Recommended update of bci/php Message-ID: <20230419070608.D3778F36F@maintenance.suse.de> SUSE Container Update Advisory: bci/php ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1179-1 Container Tags : bci/php:8 , bci/php:8-2.28 Container Release : 2.28 Severity : moderate Type : recommended References : 1205162 1208199 ----------------------------------------------------------------- The container bci/php was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1891-1 Released: Tue Apr 18 11:28:04 2023 Summary: Recommended update for php8 Type: recommended Severity: moderate References: 1205162,1208199 This update for php8 fixes the following issues: - ensure extension=mysqlnd will be called before extension=mysqli (bsc#1205162) - fix potential buffer overflow (bsc#1208199) The following package changes have been done: - php8-cli-8.0.28-150400.4.31.1 updated - php8-8.0.28-150400.4.31.1 updated - php8-openssl-8.0.28-150400.4.31.1 updated - php8-mbstring-8.0.28-150400.4.31.1 updated - php8-zlib-8.0.28-150400.4.31.1 updated - php8-curl-8.0.28-150400.4.31.1 updated - php8-zip-8.0.28-150400.4.31.1 updated - php8-phar-8.0.28-150400.4.31.1 updated From sle-updates at lists.suse.com Wed Apr 19 08:30:03 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 19 Apr 2023 08:30:03 -0000 Subject: SUSE-SU-2023:1908-1: moderate: Security update for openssl-1_1 Message-ID: <168189300378.14509.11219128132685478456@smelt2.suse.de> # Security update for openssl-1_1 Announcement ID: SUSE-SU-2023:1908-1 Rating: moderate References: * #1209873 * #1209878 Cross-References: * CVE-2023-0465 * CVE-2023-0466 CVSS scores: * CVE-2023-0465 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N * CVE-2023-0465 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2023-0466 ( SUSE ): 2.0 CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N * CVE-2023-0466 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Affected Products: * SUSE CaaS Platform 4.0 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 An update that solves two vulnerabilities can now be installed. ## Description: This update for openssl-1_1 fixes the following issues: * CVE-2023-0465: Fixed ignored invalid certificate policies in leaf certificates (bsc#1209878). * CVE-2023-0466: Fixed disabled certificate policy check (bsc#1209873). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-1908=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-1908=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-1908=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. ## Package List: * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * openssl-1_1-debugsource-1.1.0i-150100.14.48.1 * openssl-1_1-debuginfo-1.1.0i-150100.14.48.1 * libopenssl1_1-hmac-1.1.0i-150100.14.48.1 * openssl-1_1-1.1.0i-150100.14.48.1 * libopenssl1_1-1.1.0i-150100.14.48.1 * libopenssl-1_1-devel-1.1.0i-150100.14.48.1 * libopenssl1_1-debuginfo-1.1.0i-150100.14.48.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (x86_64) * libopenssl1_1-hmac-32bit-1.1.0i-150100.14.48.1 * libopenssl1_1-32bit-1.1.0i-150100.14.48.1 * libopenssl1_1-32bit-debuginfo-1.1.0i-150100.14.48.1 * libopenssl-1_1-devel-32bit-1.1.0i-150100.14.48.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * openssl-1_1-debugsource-1.1.0i-150100.14.48.1 * openssl-1_1-debuginfo-1.1.0i-150100.14.48.1 * libopenssl1_1-hmac-1.1.0i-150100.14.48.1 * openssl-1_1-1.1.0i-150100.14.48.1 * libopenssl1_1-1.1.0i-150100.14.48.1 * libopenssl-1_1-devel-1.1.0i-150100.14.48.1 * libopenssl1_1-debuginfo-1.1.0i-150100.14.48.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (x86_64) * libopenssl1_1-hmac-32bit-1.1.0i-150100.14.48.1 * libopenssl1_1-32bit-1.1.0i-150100.14.48.1 * libopenssl1_1-32bit-debuginfo-1.1.0i-150100.14.48.1 * libopenssl-1_1-devel-32bit-1.1.0i-150100.14.48.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * openssl-1_1-debugsource-1.1.0i-150100.14.48.1 * openssl-1_1-debuginfo-1.1.0i-150100.14.48.1 * libopenssl1_1-hmac-1.1.0i-150100.14.48.1 * openssl-1_1-1.1.0i-150100.14.48.1 * libopenssl1_1-1.1.0i-150100.14.48.1 * libopenssl-1_1-devel-1.1.0i-150100.14.48.1 * libopenssl1_1-debuginfo-1.1.0i-150100.14.48.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (x86_64) * libopenssl1_1-hmac-32bit-1.1.0i-150100.14.48.1 * libopenssl1_1-32bit-1.1.0i-150100.14.48.1 * libopenssl1_1-32bit-debuginfo-1.1.0i-150100.14.48.1 * libopenssl-1_1-devel-32bit-1.1.0i-150100.14.48.1 * SUSE CaaS Platform 4.0 (x86_64) * openssl-1_1-debugsource-1.1.0i-150100.14.48.1 * openssl-1_1-debuginfo-1.1.0i-150100.14.48.1 * libopenssl1_1-hmac-1.1.0i-150100.14.48.1 * libopenssl-1_1-devel-32bit-1.1.0i-150100.14.48.1 * libopenssl1_1-hmac-32bit-1.1.0i-150100.14.48.1 * openssl-1_1-1.1.0i-150100.14.48.1 * libopenssl1_1-32bit-debuginfo-1.1.0i-150100.14.48.1 * libopenssl1_1-32bit-1.1.0i-150100.14.48.1 * libopenssl1_1-1.1.0i-150100.14.48.1 * libopenssl-1_1-devel-1.1.0i-150100.14.48.1 * libopenssl1_1-debuginfo-1.1.0i-150100.14.48.1 ## References: * https://www.suse.com/security/cve/CVE-2023-0465.html * https://www.suse.com/security/cve/CVE-2023-0466.html * https://bugzilla.suse.com/show_bug.cgi?id=1209873 * https://bugzilla.suse.com/show_bug.cgi?id=1209878 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Apr 19 08:30:05 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 19 Apr 2023 08:30:05 -0000 Subject: SUSE-SU-2023:1907-1: moderate: Security update for openssl Message-ID: <168189300547.14509.11352042939871038737@smelt2.suse.de> # Security update for openssl Announcement ID: SUSE-SU-2023:1907-1 Rating: moderate References: * #1209873 * #1209878 Cross-References: * CVE-2023-0465 * CVE-2023-0466 CVSS scores: * CVE-2023-0465 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N * CVE-2023-0465 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2023-0466 ( SUSE ): 2.0 CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N * CVE-2023-0466 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP2 * SUSE Linux Enterprise Server 12 SP2 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 An update that solves two vulnerabilities can now be installed. ## Description: This update for openssl fixes the following issues: * CVE-2023-0465: Invalid certificate policies in leaf certificates were silently ignored (bsc#1209878). * CVE-2023-0466: Certificate policy check were not enabled (bsc#1209873). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2023-1907=1 ## Package List: * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 (x86_64) * libopenssl1_0_0-debuginfo-32bit-1.0.2j-60.92.1 * openssl-debugsource-1.0.2j-60.92.1 * libopenssl-devel-1.0.2j-60.92.1 * libopenssl1_0_0-1.0.2j-60.92.1 * libopenssl1_0_0-debuginfo-1.0.2j-60.92.1 * libopenssl1_0_0-32bit-1.0.2j-60.92.1 * libopenssl1_0_0-hmac-32bit-1.0.2j-60.92.1 * libopenssl1_0_0-hmac-1.0.2j-60.92.1 * openssl-1.0.2j-60.92.1 * openssl-debuginfo-1.0.2j-60.92.1 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 (noarch) * openssl-doc-1.0.2j-60.92.1 ## References: * https://www.suse.com/security/cve/CVE-2023-0465.html * https://www.suse.com/security/cve/CVE-2023-0466.html * https://bugzilla.suse.com/show_bug.cgi?id=1209873 * https://bugzilla.suse.com/show_bug.cgi?id=1209878 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Apr 19 08:30:07 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 19 Apr 2023 08:30:07 -0000 Subject: SUSE-RU-2023:1906-1: important: Recommended update for star Message-ID: <168189300702.14509.9853241060445840499@smelt2.suse.de> # Recommended update for star Announcement ID: SUSE-RU-2023:1906-1 Rating: important References: * #1208625 Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that has one recommended fix can now be installed. ## Description: This update for star fixes the following issues: * Fix memory access violation with `pax` command (bsc#1208625) ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-1906=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-1906=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-1906=1 ## Package List: * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * star-debugsource-1.5final-72.6.1 * star-1.5final-72.6.1 * star-debuginfo-1.5final-72.6.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * star-debugsource-1.5final-72.6.1 * star-1.5final-72.6.1 * star-debuginfo-1.5final-72.6.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * star-debugsource-1.5final-72.6.1 * star-1.5final-72.6.1 * star-debuginfo-1.5final-72.6.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1208625 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Apr 19 08:30:08 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 19 Apr 2023 08:30:08 -0000 Subject: SUSE-RU-2023:1905-1: important: Recommended update for busybox Message-ID: <168189300873.14509.193413692596849572@smelt2.suse.de> # Recommended update for busybox Announcement ID: SUSE-RU-2023:1905-1 Rating: important References: * #1209348 Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP2 * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP2 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE OpenStack Cloud 9 * SUSE OpenStack Cloud Crowbar 9 An update that has one recommended fix can now be installed. ## Description: This update for busybox fixes the following issues: * Re-enable configuration options for the following commands (bsc#1209348): * ftpget * ftpput * getty * halt * hwclock * init * linuxrc * makedevs * poweroff * reboot * telnetd ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE OpenStack Cloud 9 zypper in -t patch SUSE-OpenStack-Cloud-9-2023-1905=1 * SUSE OpenStack Cloud Crowbar 9 zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2023-1905=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 zypper in -t patch SUSE-SLE-SAP-12-SP4-2023-1905=1 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2023-1905=1 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 zypper in -t patch SUSE-SLE-SERVER-12-SP4-ESPOS-2023-1905=1 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2023-1905=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-1905=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-1905=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-1905=1 ## Package List: * SUSE OpenStack Cloud 9 (x86_64) * busybox-1.35.0-4.9.1 * SUSE OpenStack Cloud Crowbar 9 (x86_64) * busybox-1.35.0-4.9.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 (ppc64le x86_64) * busybox-1.35.0-4.9.1 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 (x86_64) * busybox-1.35.0-4.9.1 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 (aarch64 x86_64) * busybox-1.35.0-4.9.1 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 (aarch64 ppc64le s390x x86_64) * busybox-1.35.0-4.9.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * busybox-1.35.0-4.9.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * busybox-1.35.0-4.9.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * busybox-1.35.0-4.9.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1209348 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Apr 19 08:30:11 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 19 Apr 2023 08:30:11 -0000 Subject: SUSE-SU-2023:1904-1: important: Security update for grafana Message-ID: <168189301153.14509.8011783995966254249@smelt2.suse.de> # Security update for grafana Announcement ID: SUSE-SU-2023:1904-1 Rating: important References: * #1208819 * #1208821 * #1209645 Cross-References: * CVE-2023-0507 * CVE-2023-0594 * CVE-2023-1410 CVSS scores: * CVE-2023-0507 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N * CVE-2023-0507 ( NVD ): 7.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N * CVE-2023-0594 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N * CVE-2023-0594 ( NVD ): 7.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N * CVE-2023-1410 ( SUSE ): 5.7 CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N * CVE-2023-1410 ( NVD ): 6.2 CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:L/A:N Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 * SUSE Package Hub 15 15-SP4 An update that solves three vulnerabilities can now be installed. ## Description: This version update from 8.5.20 to 8.5.22 for grafana fixes the following issues: * Security issues fixed: * CVE-2023-1410: Fix XSS in Graphite functions tooltip (bsc#1209645) * CVE-2023-0507: Apply attribute sanitation to GeomapPanel (bsc#1208821) * CVE-2023-0594: Avoid storing XSS in TraceView panel (bsc#1208819) * The following non-security bug was fixed: * Login: Fix panic when UpsertUser is called without ReqContext ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-1904=1 * SUSE Package Hub 15 15-SP4 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2023-1904=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * grafana-debuginfo-8.5.22-150200.3.38.1 * grafana-8.5.22-150200.3.38.1 * SUSE Package Hub 15 15-SP4 (aarch64 ppc64le s390x x86_64) * grafana-debuginfo-8.5.22-150200.3.38.1 * grafana-8.5.22-150200.3.38.1 ## References: * https://www.suse.com/security/cve/CVE-2023-0507.html * https://www.suse.com/security/cve/CVE-2023-0594.html * https://www.suse.com/security/cve/CVE-2023-1410.html * https://bugzilla.suse.com/show_bug.cgi?id=1208819 * https://bugzilla.suse.com/show_bug.cgi?id=1208821 * https://bugzilla.suse.com/show_bug.cgi?id=1209645 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Apr 19 08:30:13 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 19 Apr 2023 08:30:13 -0000 Subject: SUSE-SU-2023:1903-1: important: Security update for SUSE Manager Client Tools Message-ID: <168189301351.14509.498854854841035306@smelt2.suse.de> # Security update for SUSE Manager Client Tools Announcement ID: SUSE-SU-2023:1903-1 Rating: important References: * #1208819 * #1208821 * #1209645 Cross-References: * CVE-2023-0507 * CVE-2023-0594 * CVE-2023-1410 CVSS scores: * CVE-2023-0507 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N * CVE-2023-0507 ( NVD ): 7.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N * CVE-2023-0594 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N * CVE-2023-0594 ( NVD ): 7.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N * CVE-2023-1410 ( SUSE ): 5.7 CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N * CVE-2023-1410 ( NVD ): 6.2 CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:L/A:N Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 * SUSE Linux Enterprise Desktop 15 SP1 * SUSE Linux Enterprise Desktop 15 SP2 * SUSE Linux Enterprise Desktop 15 SP3 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP1 * SUSE Linux Enterprise Real Time 15 SP2 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Client Tools for SLE 15 An update that solves three vulnerabilities can now be installed. ## Description: This update fixes the following issues: grafana version update from 8.5.20 to 8.5.22: * Security issues fixed: * CVE-2023-1410: Fix XSS in Graphite functions tooltip (bsc#1209645) * CVE-2023-0507: Apply attribute sanitation to GeomapPanel (bsc#1208821) * CVE-2023-0594: Avoid storing XSS in TraceView panel (bsc#1208819) * The following non-security bug was fixed: * Login: Fix panic when UpsertUser is called without ReqContext ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Manager Client Tools for SLE 15 zypper in -t patch SUSE-SLE-Manager-Tools-15-2023-1903=1 ## Package List: * SUSE Manager Client Tools for SLE 15 (aarch64 ppc64le s390x x86_64) * grafana-debuginfo-8.5.22-150000.1.45.1 * grafana-8.5.22-150000.1.45.1 ## References: * https://www.suse.com/security/cve/CVE-2023-0507.html * https://www.suse.com/security/cve/CVE-2023-0594.html * https://www.suse.com/security/cve/CVE-2023-1410.html * https://bugzilla.suse.com/show_bug.cgi?id=1208819 * https://bugzilla.suse.com/show_bug.cgi?id=1208821 * https://bugzilla.suse.com/show_bug.cgi?id=1209645 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Apr 19 08:30:15 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 19 Apr 2023 08:30:15 -0000 Subject: SUSE-SU-2023:1902-1: important: Security update for SUSE Manager Client Tools Message-ID: <168189301545.14509.3557906518762145726@smelt2.suse.de> # Security update for SUSE Manager Client Tools Announcement ID: SUSE-SU-2023:1902-1 Rating: important References: * #1208819 * #1208821 * #1209645 Cross-References: * CVE-2023-0507 * CVE-2023-0594 * CVE-2023-1410 CVSS scores: * CVE-2023-0507 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N * CVE-2023-0507 ( NVD ): 7.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N * CVE-2023-0594 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N * CVE-2023-0594 ( NVD ): 7.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N * CVE-2023-1410 ( SUSE ): 5.7 CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N * CVE-2023-1410 ( NVD ): 6.2 CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:L/A:N Affected Products: * SUSE Linux Enterprise Desktop 12 * SUSE Linux Enterprise Desktop 12 SP1 * SUSE Linux Enterprise Desktop 12 SP2 * SUSE Linux Enterprise Desktop 12 SP3 * SUSE Linux Enterprise Desktop 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP2 * SUSE Linux Enterprise High Performance Computing 12 SP3 * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 * SUSE Linux Enterprise Server 12 SP1 * SUSE Linux Enterprise Server 12 SP2 * SUSE Linux Enterprise Server 12 SP3 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 * SUSE Linux Enterprise Server for SAP Applications 12 SP1 * SUSE Linux Enterprise Server for SAP Applications 12 SP2 * SUSE Linux Enterprise Server for SAP Applications 12 SP3 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Server for the Raspberry Pi 12-SP2 * SUSE Manager Client Tools for SLE 12 An update that solves three vulnerabilities can now be installed. ## Description: This update fixes the following issues: grafana version update from 8.5.20 to 8.5.22: * Security issues fixed: * CVE-2023-1410: Fix XSS in Graphite functions tooltip (bsc#1209645) * CVE-2023-0507: Apply attribute sanitation to GeomapPanel (bsc#1208821) * CVE-2023-0594: Avoid storing XSS in TraceView panel (bsc#1208819) * The following non-security bug was fixed: * Login: Fix panic when UpsertUser is called without ReqContext ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Manager Client Tools for SLE 12 zypper in -t patch SUSE-SLE-Manager-Tools-12-2023-1902=1 ## Package List: * SUSE Manager Client Tools for SLE 12 (aarch64 ppc64le s390x x86_64) * grafana-8.5.22-1.45.1 ## References: * https://www.suse.com/security/cve/CVE-2023-0507.html * https://www.suse.com/security/cve/CVE-2023-0594.html * https://www.suse.com/security/cve/CVE-2023-1410.html * https://bugzilla.suse.com/show_bug.cgi?id=1208819 * https://bugzilla.suse.com/show_bug.cgi?id=1208821 * https://bugzilla.suse.com/show_bug.cgi?id=1209645 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Apr 19 12:30:02 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 19 Apr 2023 12:30:02 -0000 Subject: SUSE-SU-2023:1912-1: moderate: Security update for compat-openssl098 Message-ID: <168190740253.18323.6685542612380470562@smelt2.suse.de> # Security update for compat-openssl098 Announcement ID: SUSE-SU-2023:1912-1 Rating: moderate References: * #1209878 Cross-References: * CVE-2023-0465 CVSS scores: * CVE-2023-0465 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N * CVE-2023-0465 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Affected Products: * Legacy Module 12 * SUSE Linux Enterprise High Performance Computing 12 SP2 * SUSE Linux Enterprise High Performance Computing 12 SP3 * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 * SUSE Linux Enterprise Server 12 SP1 * SUSE Linux Enterprise Server 12 SP2 * SUSE Linux Enterprise Server 12 SP3 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 * SUSE Linux Enterprise Server for SAP Applications 12 SP1 * SUSE Linux Enterprise Server for SAP Applications 12 SP2 * SUSE Linux Enterprise Server for SAP Applications 12 SP3 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for compat-openssl098 fixes the following issues: * CVE-2023-0465: Invalid certificate policies in leaf certificates were silently ignored (bsc#1209878). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Legacy Module 12 zypper in -t patch SUSE-SLE-Module-Legacy-12-2023-1912=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 zypper in -t patch SUSE-SLE-SAP-12-SP4-2023-1912=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SAP-12-SP5-2023-1912=1 ## Package List: * Legacy Module 12 (s390x x86_64) * libopenssl0_9_8-debuginfo-32bit-0.9.8j-106.48.1 * libopenssl0_9_8-0.9.8j-106.48.1 * compat-openssl098-debugsource-0.9.8j-106.48.1 * libopenssl0_9_8-32bit-0.9.8j-106.48.1 * libopenssl0_9_8-debuginfo-0.9.8j-106.48.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 (x86_64) * libopenssl0_9_8-0.9.8j-106.48.1 * compat-openssl098-debugsource-0.9.8j-106.48.1 * libopenssl0_9_8-debuginfo-0.9.8j-106.48.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (x86_64) * libopenssl0_9_8-0.9.8j-106.48.1 * compat-openssl098-debugsource-0.9.8j-106.48.1 * libopenssl0_9_8-debuginfo-0.9.8j-106.48.1 ## References: * https://www.suse.com/security/cve/CVE-2023-0465.html * https://bugzilla.suse.com/show_bug.cgi?id=1209878 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Apr 19 12:30:05 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 19 Apr 2023 12:30:05 -0000 Subject: SUSE-SU-2023:1911-1: moderate: Security update for openssl-1_1 Message-ID: <168190740534.18323.9406796556980259417@smelt2.suse.de> # Security update for openssl-1_1 Announcement ID: SUSE-SU-2023:1911-1 Rating: moderate References: * #1209873 * #1209878 Cross-References: * CVE-2023-0465 * CVE-2023-0466 CVSS scores: * CVE-2023-0465 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N * CVE-2023-0465 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2023-0466 ( SUSE ): 2.0 CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N * CVE-2023-0466 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Affected Products: * Basesystem Module 15-SP4 * openSUSE Leap 15.4 * openSUSE Leap Micro 5.3 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves two vulnerabilities can now be installed. ## Description: This update for openssl-1_1 fixes the following issues: * CVE-2023-0465: Invalid certificate policies in leaf certificates were silently ignored (bsc#1209878). * CVE-2023-0466: Certificate policy check were not enabled (bsc#1209873). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-1911=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-1911=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-1911=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-1911=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-1911=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-1911=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-1911=1 ## Package List: * openSUSE Leap Micro 5.3 (aarch64 x86_64) * openssl-1_1-debugsource-1.1.1l-150400.7.34.1 * openssl-1_1-1.1.1l-150400.7.34.1 * libopenssl1_1-hmac-1.1.1l-150400.7.34.1 * libopenssl-1_1-devel-1.1.1l-150400.7.34.1 * libopenssl1_1-debuginfo-1.1.1l-150400.7.34.1 * libopenssl1_1-1.1.1l-150400.7.34.1 * openssl-1_1-debuginfo-1.1.1l-150400.7.34.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * openssl-1_1-debugsource-1.1.1l-150400.7.34.1 * openssl-1_1-1.1.1l-150400.7.34.1 * libopenssl1_1-hmac-1.1.1l-150400.7.34.1 * libopenssl-1_1-devel-1.1.1l-150400.7.34.1 * libopenssl1_1-debuginfo-1.1.1l-150400.7.34.1 * libopenssl1_1-1.1.1l-150400.7.34.1 * openssl-1_1-debuginfo-1.1.1l-150400.7.34.1 * openSUSE Leap 15.4 (x86_64) * libopenssl-1_1-devel-32bit-1.1.1l-150400.7.34.1 * libopenssl1_1-32bit-debuginfo-1.1.1l-150400.7.34.1 * libopenssl1_1-32bit-1.1.1l-150400.7.34.1 * libopenssl1_1-hmac-32bit-1.1.1l-150400.7.34.1 * openSUSE Leap 15.4 (noarch) * openssl-1_1-doc-1.1.1l-150400.7.34.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * openssl-1_1-debugsource-1.1.1l-150400.7.34.1 * openssl-1_1-1.1.1l-150400.7.34.1 * libopenssl1_1-hmac-1.1.1l-150400.7.34.1 * libopenssl-1_1-devel-1.1.1l-150400.7.34.1 * libopenssl1_1-debuginfo-1.1.1l-150400.7.34.1 * libopenssl1_1-1.1.1l-150400.7.34.1 * openssl-1_1-debuginfo-1.1.1l-150400.7.34.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * openssl-1_1-debugsource-1.1.1l-150400.7.34.1 * openssl-1_1-1.1.1l-150400.7.34.1 * libopenssl1_1-hmac-1.1.1l-150400.7.34.1 * libopenssl-1_1-devel-1.1.1l-150400.7.34.1 * libopenssl1_1-debuginfo-1.1.1l-150400.7.34.1 * libopenssl1_1-1.1.1l-150400.7.34.1 * openssl-1_1-debuginfo-1.1.1l-150400.7.34.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * openssl-1_1-debugsource-1.1.1l-150400.7.34.1 * openssl-1_1-1.1.1l-150400.7.34.1 * libopenssl1_1-hmac-1.1.1l-150400.7.34.1 * libopenssl-1_1-devel-1.1.1l-150400.7.34.1 * libopenssl1_1-debuginfo-1.1.1l-150400.7.34.1 * libopenssl1_1-1.1.1l-150400.7.34.1 * openssl-1_1-debuginfo-1.1.1l-150400.7.34.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * openssl-1_1-debugsource-1.1.1l-150400.7.34.1 * openssl-1_1-1.1.1l-150400.7.34.1 * libopenssl1_1-hmac-1.1.1l-150400.7.34.1 * libopenssl-1_1-devel-1.1.1l-150400.7.34.1 * libopenssl1_1-debuginfo-1.1.1l-150400.7.34.1 * libopenssl1_1-1.1.1l-150400.7.34.1 * openssl-1_1-debuginfo-1.1.1l-150400.7.34.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * openssl-1_1-debugsource-1.1.1l-150400.7.34.1 * openssl-1_1-1.1.1l-150400.7.34.1 * libopenssl1_1-hmac-1.1.1l-150400.7.34.1 * libopenssl-1_1-devel-1.1.1l-150400.7.34.1 * libopenssl1_1-debuginfo-1.1.1l-150400.7.34.1 * libopenssl1_1-1.1.1l-150400.7.34.1 * openssl-1_1-debuginfo-1.1.1l-150400.7.34.1 * Basesystem Module 15-SP4 (x86_64) * libopenssl-1_1-devel-32bit-1.1.1l-150400.7.34.1 * libopenssl1_1-32bit-debuginfo-1.1.1l-150400.7.34.1 * libopenssl1_1-32bit-1.1.1l-150400.7.34.1 * libopenssl1_1-hmac-32bit-1.1.1l-150400.7.34.1 ## References: * https://www.suse.com/security/cve/CVE-2023-0465.html * https://www.suse.com/security/cve/CVE-2023-0466.html * https://bugzilla.suse.com/show_bug.cgi?id=1209873 * https://bugzilla.suse.com/show_bug.cgi?id=1209878 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Apr 19 12:30:07 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 19 Apr 2023 12:30:07 -0000 Subject: SUSE-SU-2023:1910-1: moderate: Security update for glib2 Message-ID: <168190740725.18323.9469841156469548714@smelt2.suse.de> # Security update for glib2 Announcement ID: SUSE-SU-2023:1910-1 Rating: moderate References: * #1209713 * #1209714 Cross-References: * CVE-2023-24593 * CVE-2023-25180 CVSS scores: * CVE-2023-24593 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-25180 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 * SUSE Linux Enterprise Workstation Extension 12 12-SP5 An update that solves two vulnerabilities can now be installed. ## Description: This update for glib2 fixes the following issues: * CVE-2023-24593: Fixed a denial of service caused by handling a malicious text-form variant (bsc#1209714). * CVE-2023-25180: Fixed a denial of service caused by malicious serialised variant (bsc#1209713). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-1910=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-1910=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-1910=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-1910=1 * SUSE Linux Enterprise Workstation Extension 12 12-SP5 zypper in -t patch SUSE-SLE-WE-12-SP5-2023-1910=1 ## Package List: * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * glib2-debugsource-2.48.2-12.31.1 * libgio-fam-debuginfo-2.48.2-12.31.1 * glib2-devel-debuginfo-2.48.2-12.31.1 * glib2-devel-static-2.48.2-12.31.1 * libgio-fam-2.48.2-12.31.1 * glib2-devel-2.48.2-12.31.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * libgthread-2_0-0-2.48.2-12.31.1 * glib2-debugsource-2.48.2-12.31.1 * glib2-tools-2.48.2-12.31.1 * libgmodule-2_0-0-debuginfo-2.48.2-12.31.1 * libglib-2_0-0-debuginfo-2.48.2-12.31.1 * libglib-2_0-0-2.48.2-12.31.1 * libgobject-2_0-0-debuginfo-2.48.2-12.31.1 * libgthread-2_0-0-debuginfo-2.48.2-12.31.1 * libgio-2_0-0-2.48.2-12.31.1 * libgmodule-2_0-0-2.48.2-12.31.1 * libgobject-2_0-0-2.48.2-12.31.1 * libgio-2_0-0-debuginfo-2.48.2-12.31.1 * glib2-tools-debuginfo-2.48.2-12.31.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (noarch) * glib2-lang-2.48.2-12.31.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (x86_64) * libglib-2_0-0-debuginfo-32bit-2.48.2-12.31.1 * libgmodule-2_0-0-debuginfo-32bit-2.48.2-12.31.1 * libgmodule-2_0-0-32bit-2.48.2-12.31.1 * libgobject-2_0-0-debuginfo-32bit-2.48.2-12.31.1 * libgio-2_0-0-32bit-2.48.2-12.31.1 * libgobject-2_0-0-32bit-2.48.2-12.31.1 * libgthread-2_0-0-debuginfo-32bit-2.48.2-12.31.1 * libgio-2_0-0-debuginfo-32bit-2.48.2-12.31.1 * libgthread-2_0-0-32bit-2.48.2-12.31.1 * libglib-2_0-0-32bit-2.48.2-12.31.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * libgthread-2_0-0-2.48.2-12.31.1 * glib2-debugsource-2.48.2-12.31.1 * glib2-tools-2.48.2-12.31.1 * libgmodule-2_0-0-debuginfo-2.48.2-12.31.1 * libglib-2_0-0-debuginfo-2.48.2-12.31.1 * libglib-2_0-0-2.48.2-12.31.1 * libgobject-2_0-0-debuginfo-2.48.2-12.31.1 * libgthread-2_0-0-debuginfo-2.48.2-12.31.1 * libgio-2_0-0-2.48.2-12.31.1 * libgmodule-2_0-0-2.48.2-12.31.1 * libgobject-2_0-0-2.48.2-12.31.1 * libgio-2_0-0-debuginfo-2.48.2-12.31.1 * glib2-tools-debuginfo-2.48.2-12.31.1 * SUSE Linux Enterprise Server 12 SP5 (noarch) * glib2-lang-2.48.2-12.31.1 * SUSE Linux Enterprise Server 12 SP5 (s390x x86_64) * libglib-2_0-0-debuginfo-32bit-2.48.2-12.31.1 * libgmodule-2_0-0-debuginfo-32bit-2.48.2-12.31.1 * libgmodule-2_0-0-32bit-2.48.2-12.31.1 * libgobject-2_0-0-debuginfo-32bit-2.48.2-12.31.1 * libgio-2_0-0-32bit-2.48.2-12.31.1 * libgobject-2_0-0-32bit-2.48.2-12.31.1 * libgthread-2_0-0-debuginfo-32bit-2.48.2-12.31.1 * libgio-2_0-0-debuginfo-32bit-2.48.2-12.31.1 * libgthread-2_0-0-32bit-2.48.2-12.31.1 * libglib-2_0-0-32bit-2.48.2-12.31.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * libgthread-2_0-0-2.48.2-12.31.1 * glib2-debugsource-2.48.2-12.31.1 * glib2-tools-2.48.2-12.31.1 * libgmodule-2_0-0-debuginfo-2.48.2-12.31.1 * libglib-2_0-0-debuginfo-2.48.2-12.31.1 * libglib-2_0-0-2.48.2-12.31.1 * libgobject-2_0-0-debuginfo-2.48.2-12.31.1 * libgthread-2_0-0-debuginfo-2.48.2-12.31.1 * libgio-2_0-0-2.48.2-12.31.1 * libgmodule-2_0-0-2.48.2-12.31.1 * libgobject-2_0-0-2.48.2-12.31.1 * libgio-2_0-0-debuginfo-2.48.2-12.31.1 * glib2-tools-debuginfo-2.48.2-12.31.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (noarch) * glib2-lang-2.48.2-12.31.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (x86_64) * libglib-2_0-0-debuginfo-32bit-2.48.2-12.31.1 * libgmodule-2_0-0-debuginfo-32bit-2.48.2-12.31.1 * libgmodule-2_0-0-32bit-2.48.2-12.31.1 * libgobject-2_0-0-debuginfo-32bit-2.48.2-12.31.1 * libgio-2_0-0-32bit-2.48.2-12.31.1 * libgobject-2_0-0-32bit-2.48.2-12.31.1 * libgthread-2_0-0-debuginfo-32bit-2.48.2-12.31.1 * libgio-2_0-0-debuginfo-32bit-2.48.2-12.31.1 * libgthread-2_0-0-32bit-2.48.2-12.31.1 * libglib-2_0-0-32bit-2.48.2-12.31.1 * SUSE Linux Enterprise Workstation Extension 12 12-SP5 (x86_64) * libgio-fam-2.48.2-12.31.1 * glib2-debugsource-2.48.2-12.31.1 * libgio-fam-debuginfo-2.48.2-12.31.1 ## References: * https://www.suse.com/security/cve/CVE-2023-24593.html * https://www.suse.com/security/cve/CVE-2023-25180.html * https://bugzilla.suse.com/show_bug.cgi?id=1209713 * https://bugzilla.suse.com/show_bug.cgi?id=1209714 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Apr 19 12:30:08 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 19 Apr 2023 12:30:08 -0000 Subject: SUSE-SU-2023:1909-1: moderate: Security update for libgit2 Message-ID: <168190740887.18323.5961412033172645091@smelt2.suse.de> # Security update for libgit2 Announcement ID: SUSE-SU-2023:1909-1 Rating: moderate References: * #1207364 Cross-References: * CVE-2023-22742 CVSS scores: * CVE-2023-22742 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N * CVE-2023-22742 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Manager Server 4.2 * SUSE Manager Server 4.2 Module 4.2 * SUSE Manager Server 4.3 * SUSE Manager Server 4.3 Module 4.3 An update that solves one vulnerability can now be installed. ## Description: This update for libgit2 fixes the following issues: * CVE-2023-22742: Fixed SSH keys verification failure (bsc#1207364). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-1909=1 * SUSE Manager Server 4.2 Module 4.2 zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.2-2023-1909=1 * SUSE Manager Server 4.3 Module 4.3 zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.3-2023-1909=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-1909=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * libgit2-28-debuginfo-0.28.4-150200.3.6.1 * libgit2-28-0.28.4-150200.3.6.1 * openSUSE Leap 15.4 (x86_64) * libgit2-28-32bit-debuginfo-0.28.4-150200.3.6.1 * libgit2-28-32bit-0.28.4-150200.3.6.1 * SUSE Manager Server 4.2 Module 4.2 (aarch64 ppc64le s390x x86_64) * libgit2-debugsource-0.28.4-150200.3.6.1 * libgit2-28-debuginfo-0.28.4-150200.3.6.1 * libgit2-28-0.28.4-150200.3.6.1 * SUSE Manager Server 4.3 Module 4.3 (aarch64 ppc64le s390x x86_64) * libgit2-debugsource-0.28.4-150200.3.6.1 * libgit2-28-debuginfo-0.28.4-150200.3.6.1 * libgit2-28-0.28.4-150200.3.6.1 * SUSE Linux Enterprise Real Time 15 SP3 (x86_64) * libgit2-debugsource-0.28.4-150200.3.6.1 * libgit2-28-debuginfo-0.28.4-150200.3.6.1 * libgit2-28-0.28.4-150200.3.6.1 * libgit2-devel-0.28.4-150200.3.6.1 ## References: * https://www.suse.com/security/cve/CVE-2023-22742.html * https://bugzilla.suse.com/show_bug.cgi?id=1207364 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Apr 19 16:30:01 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 19 Apr 2023 16:30:01 -0000 Subject: SUSE-RU-2023:1920-1: moderate: Recommended update for hwdata Message-ID: <168192180133.13098.10176769443688353475@smelt2.suse.de> # Recommended update for hwdata Announcement ID: SUSE-RU-2023:1920-1 Rating: moderate References: Affected Products: * Basesystem Module 15-SP4 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * openSUSE Leap Micro 5.3 * SUSE Enterprise Storage 7 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 * SUSE Linux Enterprise Desktop 15 SP1 * SUSE Linux Enterprise Desktop 15 SP2 * SUSE Linux Enterprise Desktop 15 SP3 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP1 * SUSE Linux Enterprise Real Time 15 SP2 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Client Tools for SLE 15 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.2 Module 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Proxy 4.3 Module 4.3 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.2 * SUSE Manager Server 4.2 Module 4.2 * SUSE Manager Server 4.3 * SUSE Manager Server 4.3 Module 4.3 An update that can now be installed. ## Description: This update for hwdata fixes the following issues: * Update pci, usb and vendor ids ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-1920=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-1920=1 * SUSE Manager Client Tools for SLE 15 zypper in -t patch SUSE-SLE-Manager-Tools-15-2023-1920=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-1920=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-1920=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-1920=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-1920=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-1920=1 * SUSE Manager Proxy 4.2 Module 4.2 zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.2-2023-1920=1 * SUSE Manager Proxy 4.3 Module 4.3 zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.3-2023-1920=1 * SUSE Manager Server 4.2 Module 4.2 zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.2-2023-1920=1 * SUSE Manager Server 4.3 Module 4.3 zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.3-2023-1920=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-1920=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-1920=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-1920=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-1920=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-1920=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-1920=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-1920=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-1920=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-1920=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-1920=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-1920=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-1920=1 * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-1920=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-1920=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-1920=1 ## Package List: * openSUSE Leap Micro 5.3 (noarch) * hwdata-0.368-150000.3.57.1 * openSUSE Leap 15.4 (noarch) * hwdata-0.368-150000.3.57.1 * SUSE Manager Client Tools for SLE 15 (noarch) * hwdata-0.368-150000.3.57.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (noarch) * hwdata-0.368-150000.3.57.1 * SUSE Linux Enterprise Micro 5.3 (noarch) * hwdata-0.368-150000.3.57.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (noarch) * hwdata-0.368-150000.3.57.1 * SUSE Linux Enterprise Micro 5.4 (noarch) * hwdata-0.368-150000.3.57.1 * Basesystem Module 15-SP4 (noarch) * hwdata-0.368-150000.3.57.1 * SUSE Manager Proxy 4.2 Module 4.2 (noarch) * hwdata-0.368-150000.3.57.1 * SUSE Manager Proxy 4.3 Module 4.3 (noarch) * hwdata-0.368-150000.3.57.1 * SUSE Manager Server 4.2 Module 4.2 (noarch) * hwdata-0.368-150000.3.57.1 * SUSE Manager Server 4.3 Module 4.3 (noarch) * hwdata-0.368-150000.3.57.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * hwdata-0.368-150000.3.57.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * hwdata-0.368-150000.3.57.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * hwdata-0.368-150000.3.57.1 * SUSE Linux Enterprise Real Time 15 SP3 (noarch) * hwdata-0.368-150000.3.57.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch) * hwdata-0.368-150000.3.57.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * hwdata-0.368-150000.3.57.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch) * hwdata-0.368-150000.3.57.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * hwdata-0.368-150000.3.57.1 * SUSE Manager Proxy 4.2 (noarch) * hwdata-0.368-150000.3.57.1 * SUSE Manager Retail Branch Server 4.2 (noarch) * hwdata-0.368-150000.3.57.1 * SUSE Manager Server 4.2 (noarch) * hwdata-0.368-150000.3.57.1 * SUSE Enterprise Storage 7.1 (noarch) * hwdata-0.368-150000.3.57.1 * SUSE Enterprise Storage 7 (noarch) * hwdata-0.368-150000.3.57.1 * SUSE Linux Enterprise Micro 5.2 (noarch) * hwdata-0.368-150000.3.57.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (noarch) * hwdata-0.368-150000.3.57.1 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Apr 19 20:30:02 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 19 Apr 2023 20:30:02 -0000 Subject: SUSE-SU-2023:1922-1: moderate: Security update for openssl-1_0_0 Message-ID: <168193620211.5698.17789220990209024839@smelt2.suse.de> # Security update for openssl-1_0_0 Announcement ID: SUSE-SU-2023:1922-1 Rating: moderate References: * #1209873 * #1209878 Cross-References: * CVE-2023-0465 * CVE-2023-0466 CVSS scores: * CVE-2023-0465 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N * CVE-2023-0465 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2023-0466 ( SUSE ): 2.0 CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N * CVE-2023-0466 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Affected Products: * Legacy Module 15-SP4 * openSUSE Leap 15.4 * SUSE CaaS Platform 4.0 * SUSE Enterprise Storage 7 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves two vulnerabilities can now be installed. ## Description: This update for openssl-1_0_0 fixes the following issues: * CVE-2023-0465: Invalid certificate policies in leaf certificates were silently ignored (bsc#1209878). * CVE-2023-0466: Certificate policy check were not enabled (bsc#1209873). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-1922=1 * Legacy Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Legacy-15-SP4-2023-1922=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-1922=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-1922=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-1922=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-1922=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-1922=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-1922=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-1922=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-1922=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-1922=1 * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-1922=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * openssl-1_0_0-cavs-debuginfo-1.0.2p-150000.3.73.1 * libopenssl10-debuginfo-1.0.2p-150000.3.73.1 * libopenssl1_0_0-steam-1.0.2p-150000.3.73.1 * openssl-1_0_0-debuginfo-1.0.2p-150000.3.73.1 * libopenssl1_0_0-1.0.2p-150000.3.73.1 * openssl-1_0_0-1.0.2p-150000.3.73.1 * libopenssl10-1.0.2p-150000.3.73.1 * libopenssl1_0_0-steam-debuginfo-1.0.2p-150000.3.73.1 * openssl-1_0_0-debugsource-1.0.2p-150000.3.73.1 * openssl-1_0_0-cavs-1.0.2p-150000.3.73.1 * libopenssl-1_0_0-devel-1.0.2p-150000.3.73.1 * libopenssl1_0_0-debuginfo-1.0.2p-150000.3.73.1 * libopenssl1_0_0-hmac-1.0.2p-150000.3.73.1 * openSUSE Leap 15.4 (x86_64) * libopenssl1_0_0-32bit-1.0.2p-150000.3.73.1 * libopenssl-1_0_0-devel-32bit-1.0.2p-150000.3.73.1 * libopenssl1_0_0-hmac-32bit-1.0.2p-150000.3.73.1 * libopenssl1_0_0-32bit-debuginfo-1.0.2p-150000.3.73.1 * libopenssl1_0_0-steam-32bit-debuginfo-1.0.2p-150000.3.73.1 * libopenssl1_0_0-steam-32bit-1.0.2p-150000.3.73.1 * openSUSE Leap 15.4 (noarch) * openssl-1_0_0-doc-1.0.2p-150000.3.73.1 * Legacy Module 15-SP4 (aarch64 ppc64le s390x x86_64) * libopenssl10-debuginfo-1.0.2p-150000.3.73.1 * openssl-1_0_0-debuginfo-1.0.2p-150000.3.73.1 * libopenssl1_0_0-1.0.2p-150000.3.73.1 * openssl-1_0_0-1.0.2p-150000.3.73.1 * libopenssl10-1.0.2p-150000.3.73.1 * openssl-1_0_0-debugsource-1.0.2p-150000.3.73.1 * libopenssl-1_0_0-devel-1.0.2p-150000.3.73.1 * libopenssl1_0_0-debuginfo-1.0.2p-150000.3.73.1 * libopenssl1_0_0-hmac-1.0.2p-150000.3.73.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * libopenssl10-debuginfo-1.0.2p-150000.3.73.1 * openssl-1_0_0-debuginfo-1.0.2p-150000.3.73.1 * libopenssl1_0_0-1.0.2p-150000.3.73.1 * openssl-1_0_0-1.0.2p-150000.3.73.1 * libopenssl10-1.0.2p-150000.3.73.1 * openssl-1_0_0-debugsource-1.0.2p-150000.3.73.1 * libopenssl-1_0_0-devel-1.0.2p-150000.3.73.1 * libopenssl1_0_0-debuginfo-1.0.2p-150000.3.73.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * libopenssl10-debuginfo-1.0.2p-150000.3.73.1 * openssl-1_0_0-debuginfo-1.0.2p-150000.3.73.1 * libopenssl1_0_0-1.0.2p-150000.3.73.1 * openssl-1_0_0-1.0.2p-150000.3.73.1 * libopenssl10-1.0.2p-150000.3.73.1 * openssl-1_0_0-debugsource-1.0.2p-150000.3.73.1 * libopenssl-1_0_0-devel-1.0.2p-150000.3.73.1 * libopenssl1_0_0-debuginfo-1.0.2p-150000.3.73.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * openssl-1_0_0-debuginfo-1.0.2p-150000.3.73.1 * libopenssl1_0_0-1.0.2p-150000.3.73.1 * openssl-1_0_0-1.0.2p-150000.3.73.1 * openssl-1_0_0-debugsource-1.0.2p-150000.3.73.1 * libopenssl-1_0_0-devel-1.0.2p-150000.3.73.1 * libopenssl1_0_0-debuginfo-1.0.2p-150000.3.73.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * openssl-1_0_0-debuginfo-1.0.2p-150000.3.73.1 * libopenssl1_0_0-1.0.2p-150000.3.73.1 * openssl-1_0_0-1.0.2p-150000.3.73.1 * openssl-1_0_0-debugsource-1.0.2p-150000.3.73.1 * libopenssl-1_0_0-devel-1.0.2p-150000.3.73.1 * libopenssl1_0_0-debuginfo-1.0.2p-150000.3.73.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * libopenssl10-debuginfo-1.0.2p-150000.3.73.1 * openssl-1_0_0-debuginfo-1.0.2p-150000.3.73.1 * libopenssl1_0_0-1.0.2p-150000.3.73.1 * openssl-1_0_0-1.0.2p-150000.3.73.1 * libopenssl10-1.0.2p-150000.3.73.1 * openssl-1_0_0-debugsource-1.0.2p-150000.3.73.1 * libopenssl-1_0_0-devel-1.0.2p-150000.3.73.1 * libopenssl1_0_0-debuginfo-1.0.2p-150000.3.73.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * openssl-1_0_0-debuginfo-1.0.2p-150000.3.73.1 * libopenssl1_0_0-1.0.2p-150000.3.73.1 * openssl-1_0_0-1.0.2p-150000.3.73.1 * openssl-1_0_0-debugsource-1.0.2p-150000.3.73.1 * libopenssl-1_0_0-devel-1.0.2p-150000.3.73.1 * libopenssl1_0_0-debuginfo-1.0.2p-150000.3.73.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * openssl-1_0_0-debuginfo-1.0.2p-150000.3.73.1 * libopenssl1_0_0-1.0.2p-150000.3.73.1 * openssl-1_0_0-1.0.2p-150000.3.73.1 * openssl-1_0_0-debugsource-1.0.2p-150000.3.73.1 * libopenssl-1_0_0-devel-1.0.2p-150000.3.73.1 * libopenssl1_0_0-debuginfo-1.0.2p-150000.3.73.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * libopenssl10-debuginfo-1.0.2p-150000.3.73.1 * openssl-1_0_0-debuginfo-1.0.2p-150000.3.73.1 * libopenssl1_0_0-1.0.2p-150000.3.73.1 * openssl-1_0_0-1.0.2p-150000.3.73.1 * libopenssl10-1.0.2p-150000.3.73.1 * openssl-1_0_0-debugsource-1.0.2p-150000.3.73.1 * libopenssl-1_0_0-devel-1.0.2p-150000.3.73.1 * libopenssl1_0_0-debuginfo-1.0.2p-150000.3.73.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * libopenssl10-debuginfo-1.0.2p-150000.3.73.1 * openssl-1_0_0-debuginfo-1.0.2p-150000.3.73.1 * libopenssl1_0_0-1.0.2p-150000.3.73.1 * openssl-1_0_0-1.0.2p-150000.3.73.1 * libopenssl10-1.0.2p-150000.3.73.1 * openssl-1_0_0-debugsource-1.0.2p-150000.3.73.1 * libopenssl-1_0_0-devel-1.0.2p-150000.3.73.1 * libopenssl1_0_0-debuginfo-1.0.2p-150000.3.73.1 * SUSE Enterprise Storage 7 (aarch64 x86_64) * openssl-1_0_0-debuginfo-1.0.2p-150000.3.73.1 * libopenssl1_0_0-1.0.2p-150000.3.73.1 * openssl-1_0_0-1.0.2p-150000.3.73.1 * openssl-1_0_0-debugsource-1.0.2p-150000.3.73.1 * libopenssl-1_0_0-devel-1.0.2p-150000.3.73.1 * libopenssl1_0_0-debuginfo-1.0.2p-150000.3.73.1 * SUSE CaaS Platform 4.0 (x86_64) * openssl-1_0_0-debuginfo-1.0.2p-150000.3.73.1 * libopenssl1_0_0-1.0.2p-150000.3.73.1 * openssl-1_0_0-1.0.2p-150000.3.73.1 * openssl-1_0_0-debugsource-1.0.2p-150000.3.73.1 * libopenssl-1_0_0-devel-1.0.2p-150000.3.73.1 * libopenssl1_0_0-debuginfo-1.0.2p-150000.3.73.1 ## References: * https://www.suse.com/security/cve/CVE-2023-0465.html * https://www.suse.com/security/cve/CVE-2023-0466.html * https://bugzilla.suse.com/show_bug.cgi?id=1209873 * https://bugzilla.suse.com/show_bug.cgi?id=1209878 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Apr 19 20:30:04 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 19 Apr 2023 20:30:04 -0000 Subject: SUSE-SU-2023:1921-1: important: Security update for ovmf Message-ID: <168193620423.5698.13849045391410072919@smelt2.suse.de> # Security update for ovmf Announcement ID: SUSE-SU-2023:1921-1 Rating: important References: * #1174246 * #1196741 Cross-References: * CVE-2019-14560 * CVE-2021-38578 CVSS scores: * CVE-2019-14560 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:L * CVE-2021-38578 ( SUSE ): 7.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:L * CVE-2021-38578 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Enterprise Storage 7 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 An update that solves two vulnerabilities can now be installed. ## Description: This update for ovmf fixes the following issues: * CVE-2019-14560: Fixed potential secure boot bypass via an improper check of GetEfiGlobalVariable2 (bsc#1174246). * CVE-2021-38578: Fixed underflow in MdeModulePkg/PiSmmCore SmmEntryPointAdd (bsc#1196741). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-1921=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-1921=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-1921=1 * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-1921=1 ## Package List: * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * ovmf-201911-150200.7.27.1 * ovmf-tools-201911-150200.7.27.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * qemu-uefi-aarch64-201911-150200.7.27.1 * qemu-ovmf-x86_64-201911-150200.7.27.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * ovmf-201911-150200.7.27.1 * ovmf-tools-201911-150200.7.27.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch) * qemu-uefi-aarch64-201911-150200.7.27.1 * qemu-ovmf-x86_64-201911-150200.7.27.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (x86_64) * ovmf-201911-150200.7.27.1 * ovmf-tools-201911-150200.7.27.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch) * qemu-ovmf-x86_64-201911-150200.7.27.1 * SUSE Enterprise Storage 7 (aarch64 x86_64) * ovmf-201911-150200.7.27.1 * ovmf-tools-201911-150200.7.27.1 * SUSE Enterprise Storage 7 (noarch) * qemu-uefi-aarch64-201911-150200.7.27.1 * qemu-ovmf-x86_64-201911-150200.7.27.1 ## References: * https://www.suse.com/security/cve/CVE-2019-14560.html * https://www.suse.com/security/cve/CVE-2021-38578.html * https://bugzilla.suse.com/show_bug.cgi?id=1174246 * https://bugzilla.suse.com/show_bug.cgi?id=1196741 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Apr 20 07:04:18 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 20 Apr 2023 09:04:18 +0200 (CEST) Subject: SUSE-CU-2023:1183-1: Recommended update of suse/sle-micro/5.3/toolbox Message-ID: <20230420070418.0FA80F36F@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.3/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1183-1 Container Tags : suse/sle-micro/5.3/toolbox:12.1 , suse/sle-micro/5.3/toolbox:12.1-5.2.111 , suse/sle-micro/5.3/toolbox:latest Container Release : 5.2.111 Severity : low Type : recommended References : 1208079 ----------------------------------------------------------------- The container suse/sle-micro/5.3/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1880-1 Released: Tue Apr 18 11:11:27 2023 Summary: Recommended update for systemd-rpm-macros Type: recommended Severity: low References: 1208079 This update for systemd-rpm-macros fixes the following issue: - Don't emit a warning when the flag file in /var/lib/systemd/migrated/ is not present as it's expected (bsc#1208079). The following package changes have been done: - systemd-rpm-macros-12-150000.7.30.1 updated From sle-updates at lists.suse.com Thu Apr 20 07:04:42 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 20 Apr 2023 09:04:42 +0200 (CEST) Subject: SUSE-CU-2023:1185-1: Recommended update of suse/sle-micro/5.4/toolbox Message-ID: <20230420070442.B4560F36F@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.4/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1185-1 Container Tags : suse/sle-micro/5.4/toolbox:12.1 , suse/sle-micro/5.4/toolbox:12.1-4.2.8 , suse/sle-micro/5.4/toolbox:latest Container Release : 4.2.8 Severity : low Type : recommended References : 1208079 ----------------------------------------------------------------- The container suse/sle-micro/5.4/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1880-1 Released: Tue Apr 18 11:11:27 2023 Summary: Recommended update for systemd-rpm-macros Type: recommended Severity: low References: 1208079 This update for systemd-rpm-macros fixes the following issue: - Don't emit a warning when the flag file in /var/lib/systemd/migrated/ is not present as it's expected (bsc#1208079). The following package changes have been done: - systemd-rpm-macros-12-150000.7.30.1 updated From sle-updates at lists.suse.com Thu Apr 20 07:07:47 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 20 Apr 2023 09:07:47 +0200 (CEST) Subject: SUSE-CU-2023:1186-1: Security update of suse/sles12sp4 Message-ID: <20230420070748.004D8F36F@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp4 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1186-1 Container Tags : suse/sles12sp4:26.591 , suse/sles12sp4:latest Container Release : 26.591 Severity : moderate Type : security References : 1209873 1209878 CVE-2023-0465 CVE-2023-0466 ----------------------------------------------------------------- The container suse/sles12sp4 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1914-1 Released: Wed Apr 19 14:24:23 2023 Summary: Security update for openssl-1_0_0 Type: security Severity: moderate References: 1209873,1209878,CVE-2023-0465,CVE-2023-0466 This update for openssl-1_0_0 fixes the following issues: - CVE-2023-0465: Invalid certificate policies in leaf certificates were silently ignored (bsc#1209878). - CVE-2023-0466: Certificate policy check were not enabled (bsc#1209873). The following package changes have been done: - base-container-licenses-3.0-1.343 updated - container-suseconnect-2.0.0-1.226 updated - libopenssl1_0_0-1.0.2p-3.72.1 updated - openssl-1_0_0-1.0.2p-3.72.1 updated From sle-updates at lists.suse.com Thu Apr 20 07:10:03 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 20 Apr 2023 09:10:03 +0200 (CEST) Subject: SUSE-CU-2023:1187-1: Security update of suse/sles12sp5 Message-ID: <20230420071003.A6414F36F@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp5 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1187-1 Container Tags : suse/sles12sp5:6.5.459 , suse/sles12sp5:latest Container Release : 6.5.459 Severity : moderate Type : security References : 1209873 1209878 CVE-2023-0465 CVE-2023-0466 ----------------------------------------------------------------- The container suse/sles12sp5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1914-1 Released: Wed Apr 19 14:24:23 2023 Summary: Security update for openssl-1_0_0 Type: security Severity: moderate References: 1209873,1209878,CVE-2023-0465,CVE-2023-0466 This update for openssl-1_0_0 fixes the following issues: - CVE-2023-0465: Invalid certificate policies in leaf certificates were silently ignored (bsc#1209878). - CVE-2023-0466: Certificate policy check were not enabled (bsc#1209873). The following package changes have been done: - libopenssl1_0_0-1.0.2p-3.72.1 updated - openssl-1_0_0-1.0.2p-3.72.1 updated From sle-updates at lists.suse.com Thu Apr 20 07:13:21 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 20 Apr 2023 09:13:21 +0200 (CEST) Subject: SUSE-CU-2023:1188-1: Security update of suse/sle15 Message-ID: <20230420071321.0FE53F36F@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1188-1 Container Tags : suse/sle15:15.1 , suse/sle15:15.1.6.2.757 Container Release : 6.2.757 Severity : moderate Type : security References : 1209873 1209878 CVE-2023-0465 CVE-2023-0466 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1908-1 Released: Wed Apr 19 08:38:53 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1209873,1209878,CVE-2023-0465,CVE-2023-0466 This update for openssl-1_1 fixes the following issues: - CVE-2023-0465: Fixed ignored invalid certificate policies in leaf certificates (bsc#1209878). - CVE-2023-0466: Fixed disabled certificate policy check (bsc#1209873). The following package changes have been done: - libopenssl1_1-1.1.0i-150100.14.48.1 updated - openssl-1_1-1.1.0i-150100.14.48.1 updated From sle-updates at lists.suse.com Thu Apr 20 07:14:19 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 20 Apr 2023 09:14:19 +0200 (CEST) Subject: SUSE-CU-2023:1189-1: Security update of suse/389-ds Message-ID: <20230420071419.E7EFBF36F@maintenance.suse.de> SUSE Container Update Advisory: suse/389-ds ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1189-1 Container Tags : suse/389-ds:2.0 , suse/389-ds:2.0-21.11 , suse/389-ds:latest Container Release : 21.11 Severity : moderate Type : security References : 1208529 1209873 1209878 CVE-2023-0465 CVE-2023-0466 ----------------------------------------------------------------- The container suse/389-ds was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1911-1 Released: Wed Apr 19 13:02:33 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1209873,1209878,CVE-2023-0465,CVE-2023-0466 This update for openssl-1_1 fixes the following issues: - CVE-2023-0465: Invalid certificate policies in leaf certificates were silently ignored (bsc#1209878). - CVE-2023-0466: Certificate policy check were not enabled (bsc#1209873). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1916-1 Released: Wed Apr 19 16:17:58 2023 Summary: Recommended update for sles-release Type: recommended Severity: low References: 1208529 This update for sles-release fixes the following issue: - Filter libhogweed4 and libnettle6 so they dont get orphaned on system upgrades. (bsc#1208529) The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.34.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.34.1 updated - sles-release-15.4-150400.58.7.3 updated - openssl-1_1-1.1.1l-150400.7.34.1 updated - container:sles15-image-15.0.0-27.14.53 updated From sle-updates at lists.suse.com Thu Apr 20 07:14:31 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 20 Apr 2023 09:14:31 +0200 (CEST) Subject: SUSE-CU-2023:1190-1: Security update of bci/dotnet-aspnet Message-ID: <20230420071431.95A22F36F@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1190-1 Container Tags : bci/dotnet-aspnet:7.0 , bci/dotnet-aspnet:7.0-11.9 , bci/dotnet-aspnet:7.0.5 , bci/dotnet-aspnet:7.0.5-11.9 , bci/dotnet-aspnet:latest Container Release : 11.9 Severity : moderate Type : security References : 1208529 1209873 1209878 CVE-2023-0465 CVE-2023-0466 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1911-1 Released: Wed Apr 19 13:02:33 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1209873,1209878,CVE-2023-0465,CVE-2023-0466 This update for openssl-1_1 fixes the following issues: - CVE-2023-0465: Invalid certificate policies in leaf certificates were silently ignored (bsc#1209878). - CVE-2023-0466: Certificate policy check were not enabled (bsc#1209873). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1916-1 Released: Wed Apr 19 16:17:58 2023 Summary: Recommended update for sles-release Type: recommended Severity: low References: 1208529 This update for sles-release fixes the following issue: - Filter libhogweed4 and libnettle6 so they dont get orphaned on system upgrades. (bsc#1208529) The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.34.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.34.1 updated - sles-release-15.4-150400.58.7.3 updated - container:sles15-image-15.0.0-27.14.53 updated From sle-updates at lists.suse.com Thu Apr 20 07:14:42 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 20 Apr 2023 09:14:42 +0200 (CEST) Subject: SUSE-CU-2023:1191-1: Recommended update of bci/bci-busybox Message-ID: <20230420071442.AAC0AF36F@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-busybox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1191-1 Container Tags : bci/bci-busybox:15.4 , bci/bci-busybox:15.4.15.4 , bci/bci-busybox:latest Container Release : 15.4 Severity : low Type : recommended References : 1208529 ----------------------------------------------------------------- The container bci/bci-busybox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1916-1 Released: Wed Apr 19 16:17:58 2023 Summary: Recommended update for sles-release Type: recommended Severity: low References: 1208529 This update for sles-release fixes the following issue: - Filter libhogweed4 and libnettle6 so they dont get orphaned on system upgrades. (bsc#1208529) The following package changes have been done: - sles-release-15.4-150400.58.7.3 updated From sle-updates at lists.suse.com Thu Apr 20 07:15:52 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 20 Apr 2023 09:15:52 +0200 (CEST) Subject: SUSE-CU-2023:1192-1: Security update of bci/dotnet-sdk Message-ID: <20230420071552.BD3E8F36F@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1192-1 Container Tags : bci/dotnet-sdk:6.0 , bci/dotnet-sdk:6.0-33.9 , bci/dotnet-sdk:6.0.16 , bci/dotnet-sdk:6.0.16-33.9 Container Release : 33.9 Severity : moderate Type : security References : 1208529 1209873 1209878 CVE-2023-0465 CVE-2023-0466 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1911-1 Released: Wed Apr 19 13:02:33 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1209873,1209878,CVE-2023-0465,CVE-2023-0466 This update for openssl-1_1 fixes the following issues: - CVE-2023-0465: Invalid certificate policies in leaf certificates were silently ignored (bsc#1209878). - CVE-2023-0466: Certificate policy check were not enabled (bsc#1209873). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1916-1 Released: Wed Apr 19 16:17:58 2023 Summary: Recommended update for sles-release Type: recommended Severity: low References: 1208529 This update for sles-release fixes the following issue: - Filter libhogweed4 and libnettle6 so they dont get orphaned on system upgrades. (bsc#1208529) The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.34.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.34.1 updated - sles-release-15.4-150400.58.7.3 updated - container:sles15-image-15.0.0-27.14.53 updated From sle-updates at lists.suse.com Thu Apr 20 07:16:07 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 20 Apr 2023 09:16:07 +0200 (CEST) Subject: SUSE-CU-2023:1193-1: Security update of bci/dotnet-sdk Message-ID: <20230420071607.E7627F36F@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1193-1 Container Tags : bci/dotnet-sdk:7.0 , bci/dotnet-sdk:7.0-11.9 , bci/dotnet-sdk:7.0.5 , bci/dotnet-sdk:7.0.5-11.9 , bci/dotnet-sdk:latest Container Release : 11.9 Severity : moderate Type : security References : 1208529 1209873 1209878 CVE-2023-0465 CVE-2023-0466 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1911-1 Released: Wed Apr 19 13:02:33 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1209873,1209878,CVE-2023-0465,CVE-2023-0466 This update for openssl-1_1 fixes the following issues: - CVE-2023-0465: Invalid certificate policies in leaf certificates were silently ignored (bsc#1209878). - CVE-2023-0466: Certificate policy check were not enabled (bsc#1209873). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1916-1 Released: Wed Apr 19 16:17:58 2023 Summary: Recommended update for sles-release Type: recommended Severity: low References: 1208529 This update for sles-release fixes the following issue: - Filter libhogweed4 and libnettle6 so they dont get orphaned on system upgrades. (bsc#1208529) The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.34.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.34.1 updated - sles-release-15.4-150400.58.7.3 updated - container:sles15-image-15.0.0-27.14.53 updated From sle-updates at lists.suse.com Thu Apr 20 07:17:06 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 20 Apr 2023 09:17:06 +0200 (CEST) Subject: SUSE-CU-2023:1194-1: Security update of bci/dotnet-runtime Message-ID: <20230420071706.89B16F36F@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1194-1 Container Tags : bci/dotnet-runtime:6.0 , bci/dotnet-runtime:6.0-30.9 , bci/dotnet-runtime:6.0.16 , bci/dotnet-runtime:6.0.16-30.9 Container Release : 30.9 Severity : moderate Type : security References : 1208529 1209873 1209878 CVE-2023-0465 CVE-2023-0466 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1911-1 Released: Wed Apr 19 13:02:33 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1209873,1209878,CVE-2023-0465,CVE-2023-0466 This update for openssl-1_1 fixes the following issues: - CVE-2023-0465: Invalid certificate policies in leaf certificates were silently ignored (bsc#1209878). - CVE-2023-0466: Certificate policy check were not enabled (bsc#1209873). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1916-1 Released: Wed Apr 19 16:17:58 2023 Summary: Recommended update for sles-release Type: recommended Severity: low References: 1208529 This update for sles-release fixes the following issue: - Filter libhogweed4 and libnettle6 so they dont get orphaned on system upgrades. (bsc#1208529) The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.34.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.34.1 updated - sles-release-15.4-150400.58.7.3 updated - container:sles15-image-15.0.0-27.14.53 updated From sle-updates at lists.suse.com Thu Apr 20 07:17:17 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 20 Apr 2023 09:17:17 +0200 (CEST) Subject: SUSE-CU-2023:1195-1: Security update of bci/dotnet-runtime Message-ID: <20230420071717.0C744F36F@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1195-1 Container Tags : bci/dotnet-runtime:7.0 , bci/dotnet-runtime:7.0-11.9 , bci/dotnet-runtime:7.0.5 , bci/dotnet-runtime:7.0.5-11.9 , bci/dotnet-runtime:latest Container Release : 11.9 Severity : moderate Type : security References : 1208529 1209873 1209878 CVE-2023-0465 CVE-2023-0466 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1911-1 Released: Wed Apr 19 13:02:33 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1209873,1209878,CVE-2023-0465,CVE-2023-0466 This update for openssl-1_1 fixes the following issues: - CVE-2023-0465: Invalid certificate policies in leaf certificates were silently ignored (bsc#1209878). - CVE-2023-0466: Certificate policy check were not enabled (bsc#1209873). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1916-1 Released: Wed Apr 19 16:17:58 2023 Summary: Recommended update for sles-release Type: recommended Severity: low References: 1208529 This update for sles-release fixes the following issue: - Filter libhogweed4 and libnettle6 so they dont get orphaned on system upgrades. (bsc#1208529) The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.34.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.34.1 updated - sles-release-15.4-150400.58.7.3 updated - container:sles15-image-15.0.0-27.14.53 updated From sle-updates at lists.suse.com Thu Apr 20 07:17:57 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 20 Apr 2023 09:17:57 +0200 (CEST) Subject: SUSE-CU-2023:1196-1: Security update of bci/golang Message-ID: <20230420071757.247CDF36F@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1196-1 Container Tags : bci/golang:1.19 , bci/golang:1.19-22.34 Container Release : 22.34 Severity : moderate Type : security References : 1208529 1209873 1209878 CVE-2023-0465 CVE-2023-0466 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1911-1 Released: Wed Apr 19 13:02:33 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1209873,1209878,CVE-2023-0465,CVE-2023-0466 This update for openssl-1_1 fixes the following issues: - CVE-2023-0465: Invalid certificate policies in leaf certificates were silently ignored (bsc#1209878). - CVE-2023-0466: Certificate policy check were not enabled (bsc#1209873). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1916-1 Released: Wed Apr 19 16:17:58 2023 Summary: Recommended update for sles-release Type: recommended Severity: low References: 1208529 This update for sles-release fixes the following issue: - Filter libhogweed4 and libnettle6 so they dont get orphaned on system upgrades. (bsc#1208529) The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.34.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.34.1 updated - sles-release-15.4-150400.58.7.3 updated - container:sles15-image-15.0.0-27.14.53 updated From sle-updates at lists.suse.com Thu Apr 20 07:18:04 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 20 Apr 2023 09:18:04 +0200 (CEST) Subject: SUSE-CU-2023:1197-1: Security update of bci/golang Message-ID: <20230420071804.D12D5F36F@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1197-1 Container Tags : bci/golang:1.20 , bci/golang:1.20-2.33 , bci/golang:latest Container Release : 2.33 Severity : moderate Type : security References : 1208529 1209873 1209878 CVE-2023-0465 CVE-2023-0466 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1911-1 Released: Wed Apr 19 13:02:33 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1209873,1209878,CVE-2023-0465,CVE-2023-0466 This update for openssl-1_1 fixes the following issues: - CVE-2023-0465: Invalid certificate policies in leaf certificates were silently ignored (bsc#1209878). - CVE-2023-0466: Certificate policy check were not enabled (bsc#1209873). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1916-1 Released: Wed Apr 19 16:17:58 2023 Summary: Recommended update for sles-release Type: recommended Severity: low References: 1208529 This update for sles-release fixes the following issue: - Filter libhogweed4 and libnettle6 so they dont get orphaned on system upgrades. (bsc#1208529) The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.34.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.34.1 updated - sles-release-15.4-150400.58.7.3 updated - container:sles15-image-15.0.0-27.14.53 updated From sle-updates at lists.suse.com Thu Apr 20 07:18:58 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 20 Apr 2023 09:18:58 +0200 (CEST) Subject: SUSE-CU-2023:1198-1: Security update of bci/bci-init Message-ID: <20230420071858.99C93F36F@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1198-1 Container Tags : bci/bci-init:15.4 , bci/bci-init:15.4.26.38 , bci/bci-init:latest Container Release : 26.38 Severity : moderate Type : security References : 1208529 1209873 1209878 CVE-2023-0465 CVE-2023-0466 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1911-1 Released: Wed Apr 19 13:02:33 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1209873,1209878,CVE-2023-0465,CVE-2023-0466 This update for openssl-1_1 fixes the following issues: - CVE-2023-0465: Invalid certificate policies in leaf certificates were silently ignored (bsc#1209878). - CVE-2023-0466: Certificate policy check were not enabled (bsc#1209873). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1916-1 Released: Wed Apr 19 16:17:58 2023 Summary: Recommended update for sles-release Type: recommended Severity: low References: 1208529 This update for sles-release fixes the following issue: - Filter libhogweed4 and libnettle6 so they dont get orphaned on system upgrades. (bsc#1208529) The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.34.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.34.1 updated - sles-release-15.4-150400.58.7.3 updated - container:sles15-image-15.0.0-27.14.53 updated From sle-updates at lists.suse.com Thu Apr 20 07:19:13 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 20 Apr 2023 09:19:13 +0200 (CEST) Subject: SUSE-CU-2023:1199-1: Recommended update of bci/bci-micro Message-ID: <20230420071913.6B771F36F@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-micro ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1199-1 Container Tags : bci/bci-micro:15.4 , bci/bci-micro:15.4.18.5 , bci/bci-micro:latest Container Release : 18.5 Severity : low Type : recommended References : 1208529 ----------------------------------------------------------------- The container bci/bci-micro was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1916-1 Released: Wed Apr 19 16:17:58 2023 Summary: Recommended update for sles-release Type: recommended Severity: low References: 1208529 This update for sles-release fixes the following issue: - Filter libhogweed4 and libnettle6 so they dont get orphaned on system upgrades. (bsc#1208529) The following package changes have been done: - sles-release-15.4-150400.58.7.3 updated From sle-updates at lists.suse.com Thu Apr 20 07:19:31 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 20 Apr 2023 09:19:31 +0200 (CEST) Subject: SUSE-CU-2023:1200-1: Recommended update of bci/bci-minimal Message-ID: <20230420071931.2E713F36F@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-minimal ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1200-1 Container Tags : bci/bci-minimal:15.4 , bci/bci-minimal:15.4.18.14 , bci/bci-minimal:latest Container Release : 18.14 Severity : low Type : recommended References : 1208529 ----------------------------------------------------------------- The container bci/bci-minimal was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1916-1 Released: Wed Apr 19 16:17:58 2023 Summary: Recommended update for sles-release Type: recommended Severity: low References: 1208529 This update for sles-release fixes the following issue: - Filter libhogweed4 and libnettle6 so they dont get orphaned on system upgrades. (bsc#1208529) The following package changes have been done: - sles-release-15.4-150400.58.7.3 updated - container:micro-image-15.4.0-18.5 updated From sle-updates at lists.suse.com Thu Apr 20 07:20:14 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 20 Apr 2023 09:20:14 +0200 (CEST) Subject: SUSE-CU-2023:1201-1: Security update of bci/nodejs Message-ID: <20230420072014.BB0CFF36F@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1201-1 Container Tags : bci/node:16 , bci/node:16-15.35 , bci/nodejs:16 , bci/nodejs:16-15.35 Container Release : 15.35 Severity : moderate Type : security References : 1208529 1209873 1209878 CVE-2023-0465 CVE-2023-0466 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1911-1 Released: Wed Apr 19 13:02:33 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1209873,1209878,CVE-2023-0465,CVE-2023-0466 This update for openssl-1_1 fixes the following issues: - CVE-2023-0465: Invalid certificate policies in leaf certificates were silently ignored (bsc#1209878). - CVE-2023-0466: Certificate policy check were not enabled (bsc#1209873). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1916-1 Released: Wed Apr 19 16:17:58 2023 Summary: Recommended update for sles-release Type: recommended Severity: low References: 1208529 This update for sles-release fixes the following issue: - Filter libhogweed4 and libnettle6 so they dont get orphaned on system upgrades. (bsc#1208529) The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.34.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.34.1 updated - sles-release-15.4-150400.58.7.3 updated - container:sles15-image-15.0.0-27.14.53 updated From sle-updates at lists.suse.com Thu Apr 20 07:20:26 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 20 Apr 2023 09:20:26 +0200 (CEST) Subject: SUSE-CU-2023:1202-1: Security update of bci/nodejs Message-ID: <20230420072026.E65C6F36F@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1202-1 Container Tags : bci/node:18 , bci/node:18-3.34 , bci/node:latest , bci/nodejs:18 , bci/nodejs:18-3.34 , bci/nodejs:latest Container Release : 3.34 Severity : moderate Type : security References : 1208529 1209873 1209878 CVE-2023-0465 CVE-2023-0466 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1911-1 Released: Wed Apr 19 13:02:33 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1209873,1209878,CVE-2023-0465,CVE-2023-0466 This update for openssl-1_1 fixes the following issues: - CVE-2023-0465: Invalid certificate policies in leaf certificates were silently ignored (bsc#1209878). - CVE-2023-0466: Certificate policy check were not enabled (bsc#1209873). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1916-1 Released: Wed Apr 19 16:17:58 2023 Summary: Recommended update for sles-release Type: recommended Severity: low References: 1208529 This update for sles-release fixes the following issue: - Filter libhogweed4 and libnettle6 so they dont get orphaned on system upgrades. (bsc#1208529) The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.34.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.34.1 updated - sles-release-15.4-150400.58.7.3 updated - container:sles15-image-15.0.0-27.14.53 updated From sle-updates at lists.suse.com Thu Apr 20 07:21:40 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 20 Apr 2023 09:21:40 +0200 (CEST) Subject: SUSE-CU-2023:1203-1: Security update of bci/openjdk-devel Message-ID: <20230420072140.88064F36F@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1203-1 Container Tags : bci/openjdk-devel:11 , bci/openjdk-devel:11-39.67 Container Release : 39.67 Severity : moderate Type : security References : 1208529 1209873 1209878 CVE-2023-0465 CVE-2023-0466 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1911-1 Released: Wed Apr 19 13:02:33 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1209873,1209878,CVE-2023-0465,CVE-2023-0466 This update for openssl-1_1 fixes the following issues: - CVE-2023-0465: Invalid certificate policies in leaf certificates were silently ignored (bsc#1209878). - CVE-2023-0466: Certificate policy check were not enabled (bsc#1209873). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1916-1 Released: Wed Apr 19 16:17:58 2023 Summary: Recommended update for sles-release Type: recommended Severity: low References: 1208529 This update for sles-release fixes the following issue: - Filter libhogweed4 and libnettle6 so they dont get orphaned on system upgrades. (bsc#1208529) The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.34.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.34.1 updated - sles-release-15.4-150400.58.7.3 updated - openssl-1_1-1.1.1l-150400.7.34.1 updated - container:bci-openjdk-11-15.4.11-35.34 updated From sle-updates at lists.suse.com Thu Apr 20 07:22:40 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 20 Apr 2023 09:22:40 +0200 (CEST) Subject: SUSE-CU-2023:1204-1: Security update of bci/openjdk Message-ID: <20230420072240.8E41CF36F@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1204-1 Container Tags : bci/openjdk:11 , bci/openjdk:11-35.34 Container Release : 35.34 Severity : moderate Type : security References : 1208529 1209873 1209878 CVE-2023-0465 CVE-2023-0466 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1911-1 Released: Wed Apr 19 13:02:33 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1209873,1209878,CVE-2023-0465,CVE-2023-0466 This update for openssl-1_1 fixes the following issues: - CVE-2023-0465: Invalid certificate policies in leaf certificates were silently ignored (bsc#1209878). - CVE-2023-0466: Certificate policy check were not enabled (bsc#1209873). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1916-1 Released: Wed Apr 19 16:17:58 2023 Summary: Recommended update for sles-release Type: recommended Severity: low References: 1208529 This update for sles-release fixes the following issue: - Filter libhogweed4 and libnettle6 so they dont get orphaned on system upgrades. (bsc#1208529) The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.34.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.34.1 updated - sles-release-15.4-150400.58.7.3 updated - openssl-1_1-1.1.1l-150400.7.34.1 updated - container:sles15-image-15.0.0-27.14.53 updated From sle-updates at lists.suse.com Thu Apr 20 08:30:04 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 20 Apr 2023 08:30:04 -0000 Subject: SUSE-SU-2023:1927-1: moderate: Security update for ImageMagick Message-ID: <168197940456.31185.15922622709013352307@smelt2.suse.de> # Security update for ImageMagick Announcement ID: SUSE-SU-2023:1927-1 Rating: moderate References: * #1210308 Cross-References: * CVE-2023-1906 CVSS scores: * CVE-2023-1906 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H Affected Products: * Desktop Applications Module 15-SP4 * Development Tools Module 15-SP4 * openSUSE Leap 15.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves one vulnerability can now be installed. ## Description: This update for ImageMagick fixes the following issues: * CVE-2023-1906: Fixed a heap-based buffer overflow in ImportMultiSpectralQuantum. (bsc#1210308) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-1927=1 * Desktop Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2023-1927=1 * Development Tools Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-1927=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * ImageMagick-debugsource-7.1.0.9-150400.6.18.1 * ImageMagick-config-7-SUSE-7.1.0.9-150400.6.18.1 * libMagickWand-7_Q16HDRI10-7.1.0.9-150400.6.18.1 * perl-PerlMagick-7.1.0.9-150400.6.18.1 * ImageMagick-7.1.0.9-150400.6.18.1 * ImageMagick-config-7-upstream-7.1.0.9-150400.6.18.1 * ImageMagick-extra-debuginfo-7.1.0.9-150400.6.18.1 * libMagick++-7_Q16HDRI5-debuginfo-7.1.0.9-150400.6.18.1 * libMagickCore-7_Q16HDRI10-7.1.0.9-150400.6.18.1 * libMagickCore-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.18.1 * libMagickWand-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.18.1 * perl-PerlMagick-debuginfo-7.1.0.9-150400.6.18.1 * ImageMagick-extra-7.1.0.9-150400.6.18.1 * libMagick++-7_Q16HDRI5-7.1.0.9-150400.6.18.1 * ImageMagick-devel-7.1.0.9-150400.6.18.1 * ImageMagick-debuginfo-7.1.0.9-150400.6.18.1 * libMagick++-devel-7.1.0.9-150400.6.18.1 * openSUSE Leap 15.4 (x86_64) * libMagickCore-7_Q16HDRI10-32bit-debuginfo-7.1.0.9-150400.6.18.1 * ImageMagick-devel-32bit-7.1.0.9-150400.6.18.1 * libMagick++-devel-32bit-7.1.0.9-150400.6.18.1 * libMagickWand-7_Q16HDRI10-32bit-7.1.0.9-150400.6.18.1 * libMagick++-7_Q16HDRI5-32bit-7.1.0.9-150400.6.18.1 * libMagick++-7_Q16HDRI5-32bit-debuginfo-7.1.0.9-150400.6.18.1 * libMagickCore-7_Q16HDRI10-32bit-7.1.0.9-150400.6.18.1 * libMagickWand-7_Q16HDRI10-32bit-debuginfo-7.1.0.9-150400.6.18.1 * openSUSE Leap 15.4 (noarch) * ImageMagick-doc-7.1.0.9-150400.6.18.1 * Desktop Applications Module 15-SP4 (aarch64 ppc64le s390x x86_64) * ImageMagick-debugsource-7.1.0.9-150400.6.18.1 * ImageMagick-config-7-SUSE-7.1.0.9-150400.6.18.1 * libMagickWand-7_Q16HDRI10-7.1.0.9-150400.6.18.1 * ImageMagick-7.1.0.9-150400.6.18.1 * ImageMagick-config-7-upstream-7.1.0.9-150400.6.18.1 * libMagickCore-7_Q16HDRI10-7.1.0.9-150400.6.18.1 * libMagick++-7_Q16HDRI5-debuginfo-7.1.0.9-150400.6.18.1 * libMagickCore-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.18.1 * libMagickWand-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.18.1 * libMagick++-7_Q16HDRI5-7.1.0.9-150400.6.18.1 * ImageMagick-devel-7.1.0.9-150400.6.18.1 * ImageMagick-debuginfo-7.1.0.9-150400.6.18.1 * libMagick++-devel-7.1.0.9-150400.6.18.1 * Development Tools Module 15-SP4 (aarch64 ppc64le s390x x86_64) * ImageMagick-debugsource-7.1.0.9-150400.6.18.1 * perl-PerlMagick-7.1.0.9-150400.6.18.1 * ImageMagick-debuginfo-7.1.0.9-150400.6.18.1 * perl-PerlMagick-debuginfo-7.1.0.9-150400.6.18.1 ## References: * https://www.suse.com/security/cve/CVE-2023-1906.html * https://bugzilla.suse.com/show_bug.cgi?id=1210308 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Apr 20 08:30:06 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 20 Apr 2023 08:30:06 -0000 Subject: SUSE-SU-2023:1926-1: moderate: Security update for openssl1 Message-ID: <168197940633.31185.15341507088389751240@smelt2.suse.de> # Security update for openssl1 Announcement ID: SUSE-SU-2023:1926-1 Rating: moderate References: * #1209873 * #1209878 Cross-References: * CVE-2023-0465 * CVE-2023-0466 CVSS scores: * CVE-2023-0465 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N * CVE-2023-0465 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2023-0466 ( SUSE ): 2.0 CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N * CVE-2023-0466 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Affected Products: * SUSE Linux Enterprise Server 11 SP4 * SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE 11-SP4 An update that solves two vulnerabilities can now be installed. ## Description: This update for openssl1 fixes the following issues: * CVE-2023-0465: Invalid certificate policies in leaf certificates were silently ignored (bsc#1209878). * CVE-2023-0466: Certificate policy check were not enabled (bsc#1209873). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE 11-SP4 zypper in -t patch SUSE-SLE-SERVER-11-SP4-LTSS-EXTREME-CORE-2023-1926=1 * SUSE Linux Enterprise Server 11 SP4 zypper in -t patch SUSE-SLE-SERVER-11-SP4-LTSS-EXTREME-CORE-2023-1926=1 ## Package List: * SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE 11-SP4 (x86_64) * libopenssl1_0_0-32bit-1.0.1g-0.58.62.1 * libopenssl1-devel-1.0.1g-0.58.62.1 * openssl1-1.0.1g-0.58.62.1 * openssl1-doc-1.0.1g-0.58.62.1 * libopenssl1_0_0-1.0.1g-0.58.62.1 * SUSE Linux Enterprise Server 11 SP4 (x86_64) * libopenssl1_0_0-32bit-1.0.1g-0.58.62.1 * libopenssl1-devel-1.0.1g-0.58.62.1 * openssl1-1.0.1g-0.58.62.1 * openssl1-doc-1.0.1g-0.58.62.1 * libopenssl1_0_0-1.0.1g-0.58.62.1 ## References: * https://www.suse.com/security/cve/CVE-2023-0465.html * https://www.suse.com/security/cve/CVE-2023-0466.html * https://bugzilla.suse.com/show_bug.cgi?id=1209873 * https://bugzilla.suse.com/show_bug.cgi?id=1209878 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Apr 20 08:30:08 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 20 Apr 2023 08:30:08 -0000 Subject: SUSE-RU-2023:1925-1: moderate: Recommended update for rpmlint Message-ID: <168197940800.31185.1532257732801574338@smelt2.suse.de> # Recommended update for rpmlint Announcement ID: SUSE-RU-2023:1925-1 Rating: moderate References: * #1206414 * #1209378 Affected Products: * Development Tools Module 15-SP4 * openSUSE Leap 15.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has two recommended fixes can now be installed. ## Description: This update for rpmlint fixes the following issues: * kinfocenter5 whitelisting for D-Bus (bsc#1209378) * usbguard whitelisting for D-Bus (bsc#1206414) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-1925=1 * Development Tools Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-1925=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-1925=1 ## Package List: * openSUSE Leap 15.4 (noarch) * rpmlint-1.10-150000.7.67.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * rpmlint-mini-1.10-150400.23.10.2 * Development Tools Module 15-SP4 (noarch) * rpmlint-1.10-150000.7.67.1 * Development Tools Module 15-SP4 (aarch64 ppc64le s390x x86_64) * rpmlint-mini-debugsource-1.10-150400.23.10.2 * rpmlint-mini-1.10-150400.23.10.2 * rpmlint-mini-debuginfo-1.10-150400.23.10.2 * SUSE Linux Enterprise Real Time 15 SP3 (noarch) * rpmlint-1.10-150000.7.67.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1206414 * https://bugzilla.suse.com/show_bug.cgi?id=1209378 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Apr 20 08:30:09 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 20 Apr 2023 08:30:09 -0000 Subject: SUSE-SU-2023:1924-1: important: Security update for nodejs16 Message-ID: <168197940940.31185.1677526827576756801@smelt2.suse.de> # Security update for nodejs16 Announcement ID: SUSE-SU-2023:1924-1 Rating: important References: * #1208744 Cross-References: * CVE-2022-25881 CVSS scores: * CVE-2022-25881 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2022-25881 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 * Web and Scripting Module 15-SP4 An update that solves one vulnerability can now be installed. ## Description: This update for nodejs16 fixes the following issues: Update to nodejs LTS version 16.20.0: Security fixes: * CVE-2022-25881: Fixed ReDoS vulnerability in http-cache-semantics (bsc#1208744). Other changes: * update undici to 5.20.0 * update c-ares to 1.19.0 * update npm to 8.19.4 ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-1924=1 * Web and Scripting Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP4-2023-1924=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * nodejs16-devel-16.20.0-150400.3.18.2 * nodejs16-debuginfo-16.20.0-150400.3.18.2 * corepack16-16.20.0-150400.3.18.2 * nodejs16-16.20.0-150400.3.18.2 * nodejs16-debugsource-16.20.0-150400.3.18.2 * npm16-16.20.0-150400.3.18.2 * openSUSE Leap 15.4 (noarch) * nodejs16-docs-16.20.0-150400.3.18.2 * Web and Scripting Module 15-SP4 (aarch64 ppc64le s390x x86_64) * nodejs16-devel-16.20.0-150400.3.18.2 * nodejs16-debuginfo-16.20.0-150400.3.18.2 * nodejs16-16.20.0-150400.3.18.2 * nodejs16-debugsource-16.20.0-150400.3.18.2 * npm16-16.20.0-150400.3.18.2 * Web and Scripting Module 15-SP4 (noarch) * nodejs16-docs-16.20.0-150400.3.18.2 ## References: * https://www.suse.com/security/cve/CVE-2022-25881.html * https://bugzilla.suse.com/show_bug.cgi?id=1208744 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Apr 20 08:30:10 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 20 Apr 2023 08:30:10 -0000 Subject: SUSE-SU-2023:1923-1: important: Security update for nodejs16 Message-ID: <168197941092.31185.7060002516778526732@smelt2.suse.de> # Security update for nodejs16 Announcement ID: SUSE-SU-2023:1923-1 Rating: important References: * #1208744 Cross-References: * CVE-2022-25881 CVSS scores: * CVE-2022-25881 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2022-25881 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Manager Server 4.2 An update that solves one vulnerability can now be installed. ## Description: This update for nodejs16 fixes the following issues: Update to nodejs LTS version 16.20.0: Security fixes: * CVE-2022-25881: Fixed ReDoS vulnerability in http-cache-semantics (bsc#1208744). Other changes: * update undici to 5.20.0 * update c-ares to 1.19.0 * update npm to 8.19.4 ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-1923=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-1923=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-1923=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-1923=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-1923=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-1923=1 ## Package List: * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * npm16-16.20.0-150300.7.21.2 * nodejs16-16.20.0-150300.7.21.2 * nodejs16-debuginfo-16.20.0-150300.7.21.2 * nodejs16-devel-16.20.0-150300.7.21.2 * nodejs16-debugsource-16.20.0-150300.7.21.2 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * nodejs16-docs-16.20.0-150300.7.21.2 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * npm16-16.20.0-150300.7.21.2 * nodejs16-16.20.0-150300.7.21.2 * nodejs16-debuginfo-16.20.0-150300.7.21.2 * nodejs16-devel-16.20.0-150300.7.21.2 * nodejs16-debugsource-16.20.0-150300.7.21.2 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * nodejs16-docs-16.20.0-150300.7.21.2 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * npm16-16.20.0-150300.7.21.2 * nodejs16-16.20.0-150300.7.21.2 * nodejs16-debuginfo-16.20.0-150300.7.21.2 * nodejs16-devel-16.20.0-150300.7.21.2 * nodejs16-debugsource-16.20.0-150300.7.21.2 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * nodejs16-docs-16.20.0-150300.7.21.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * npm16-16.20.0-150300.7.21.2 * nodejs16-16.20.0-150300.7.21.2 * nodejs16-debuginfo-16.20.0-150300.7.21.2 * nodejs16-devel-16.20.0-150300.7.21.2 * nodejs16-debugsource-16.20.0-150300.7.21.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * nodejs16-docs-16.20.0-150300.7.21.2 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * npm16-16.20.0-150300.7.21.2 * nodejs16-16.20.0-150300.7.21.2 * nodejs16-debuginfo-16.20.0-150300.7.21.2 * nodejs16-devel-16.20.0-150300.7.21.2 * nodejs16-debugsource-16.20.0-150300.7.21.2 * SUSE Manager Server 4.2 (noarch) * nodejs16-docs-16.20.0-150300.7.21.2 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * npm16-16.20.0-150300.7.21.2 * nodejs16-16.20.0-150300.7.21.2 * nodejs16-debuginfo-16.20.0-150300.7.21.2 * nodejs16-devel-16.20.0-150300.7.21.2 * nodejs16-debugsource-16.20.0-150300.7.21.2 * SUSE Enterprise Storage 7.1 (noarch) * nodejs16-docs-16.20.0-150300.7.21.2 ## References: * https://www.suse.com/security/cve/CVE-2022-25881.html * https://bugzilla.suse.com/show_bug.cgi?id=1208744 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Apr 20 08:59:16 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 20 Apr 2023 10:59:16 +0200 (CEST) Subject: SUSE-CU-2023:1204-1: Security update of bci/openjdk Message-ID: <20230420085916.91D59F36F@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1204-1 Container Tags : bci/openjdk:11 , bci/openjdk:11-35.34 Container Release : 35.34 Severity : moderate Type : security References : 1208529 1209873 1209878 CVE-2023-0465 CVE-2023-0466 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1911-1 Released: Wed Apr 19 13:02:33 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1209873,1209878,CVE-2023-0465,CVE-2023-0466 This update for openssl-1_1 fixes the following issues: - CVE-2023-0465: Invalid certificate policies in leaf certificates were silently ignored (bsc#1209878). - CVE-2023-0466: Certificate policy check were not enabled (bsc#1209873). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1916-1 Released: Wed Apr 19 16:17:58 2023 Summary: Recommended update for sles-release Type: recommended Severity: low References: 1208529 This update for sles-release fixes the following issue: - Filter libhogweed4 and libnettle6 so they dont get orphaned on system upgrades. (bsc#1208529) The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.34.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.34.1 updated - sles-release-15.4-150400.58.7.3 updated - openssl-1_1-1.1.1l-150400.7.34.1 updated - container:sles15-image-15.0.0-27.14.53 updated From sle-updates at lists.suse.com Thu Apr 20 08:59:45 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 20 Apr 2023 10:59:45 +0200 (CEST) Subject: SUSE-CU-2023:1205-1: Security update of bci/openjdk-devel Message-ID: <20230420085945.F021BF36F@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1205-1 Container Tags : bci/openjdk-devel:17 , bci/openjdk-devel:17-14.66 , bci/openjdk-devel:latest Container Release : 14.66 Severity : moderate Type : security References : 1208529 1209873 1209878 CVE-2023-0465 CVE-2023-0466 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1911-1 Released: Wed Apr 19 13:02:33 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1209873,1209878,CVE-2023-0465,CVE-2023-0466 This update for openssl-1_1 fixes the following issues: - CVE-2023-0465: Invalid certificate policies in leaf certificates were silently ignored (bsc#1209878). - CVE-2023-0466: Certificate policy check were not enabled (bsc#1209873). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1916-1 Released: Wed Apr 19 16:17:58 2023 Summary: Recommended update for sles-release Type: recommended Severity: low References: 1208529 This update for sles-release fixes the following issue: - Filter libhogweed4 and libnettle6 so they dont get orphaned on system upgrades. (bsc#1208529) The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.34.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.34.1 updated - sles-release-15.4-150400.58.7.3 updated - openssl-1_1-1.1.1l-150400.7.34.1 updated - container:bci-openjdk-17-15.4.17-13.35 updated From sle-updates at lists.suse.com Thu Apr 20 09:00:07 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 20 Apr 2023 11:00:07 +0200 (CEST) Subject: SUSE-CU-2023:1206-1: Security update of bci/openjdk Message-ID: <20230420090007.1B066F7E7@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1206-1 Container Tags : bci/openjdk:17 , bci/openjdk:17-13.35 , bci/openjdk:latest Container Release : 13.35 Severity : moderate Type : security References : 1208529 1209873 1209878 CVE-2023-0465 CVE-2023-0466 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1911-1 Released: Wed Apr 19 13:02:33 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1209873,1209878,CVE-2023-0465,CVE-2023-0466 This update for openssl-1_1 fixes the following issues: - CVE-2023-0465: Invalid certificate policies in leaf certificates were silently ignored (bsc#1209878). - CVE-2023-0466: Certificate policy check were not enabled (bsc#1209873). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1916-1 Released: Wed Apr 19 16:17:58 2023 Summary: Recommended update for sles-release Type: recommended Severity: low References: 1208529 This update for sles-release fixes the following issue: - Filter libhogweed4 and libnettle6 so they dont get orphaned on system upgrades. (bsc#1208529) The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.34.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.34.1 updated - sles-release-15.4-150400.58.7.3 updated - openssl-1_1-1.1.1l-150400.7.34.1 updated - container:sles15-image-15.0.0-27.14.53 updated From sle-updates at lists.suse.com Thu Apr 20 09:01:12 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 20 Apr 2023 11:01:12 +0200 (CEST) Subject: SUSE-CU-2023:1207-1: Security update of suse/pcp Message-ID: <20230420090112.5D0F8F79F@maintenance.suse.de> SUSE Container Update Advisory: suse/pcp ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1207-1 Container Tags : suse/pcp:5 , suse/pcp:5-14.15 , suse/pcp:5.2 , suse/pcp:5.2-14.15 , suse/pcp:5.2.5 , suse/pcp:5.2.5-14.15 , suse/pcp:latest Container Release : 14.15 Severity : moderate Type : security References : 1208529 1209873 1209878 CVE-2023-0465 CVE-2023-0466 ----------------------------------------------------------------- The container suse/pcp was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1911-1 Released: Wed Apr 19 13:02:33 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1209873,1209878,CVE-2023-0465,CVE-2023-0466 This update for openssl-1_1 fixes the following issues: - CVE-2023-0465: Invalid certificate policies in leaf certificates were silently ignored (bsc#1209878). - CVE-2023-0466: Certificate policy check were not enabled (bsc#1209873). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1916-1 Released: Wed Apr 19 16:17:58 2023 Summary: Recommended update for sles-release Type: recommended Severity: low References: 1208529 This update for sles-release fixes the following issue: - Filter libhogweed4 and libnettle6 so they dont get orphaned on system upgrades. (bsc#1208529) The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.34.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.34.1 updated - sles-release-15.4-150400.58.7.3 updated - container:bci-bci-init-15.4-15.4-26.37 updated From sle-updates at lists.suse.com Thu Apr 20 09:01:19 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 20 Apr 2023 11:01:19 +0200 (CEST) Subject: SUSE-CU-2023:1208-1: Security update of bci/php-apache Message-ID: <20230420090119.6D989F79F@maintenance.suse.de> SUSE Container Update Advisory: bci/php-apache ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1208-1 Container Tags : bci/php-apache:8 , bci/php-apache:8-2.33 Container Release : 2.33 Severity : moderate Type : security References : 1208529 1209873 1209878 CVE-2023-0465 CVE-2023-0466 ----------------------------------------------------------------- The container bci/php-apache was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1911-1 Released: Wed Apr 19 13:02:33 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1209873,1209878,CVE-2023-0465,CVE-2023-0466 This update for openssl-1_1 fixes the following issues: - CVE-2023-0465: Invalid certificate policies in leaf certificates were silently ignored (bsc#1209878). - CVE-2023-0466: Certificate policy check were not enabled (bsc#1209873). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1916-1 Released: Wed Apr 19 16:17:58 2023 Summary: Recommended update for sles-release Type: recommended Severity: low References: 1208529 This update for sles-release fixes the following issue: - Filter libhogweed4 and libnettle6 so they dont get orphaned on system upgrades. (bsc#1208529) The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.34.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.34.1 updated - sles-release-15.4-150400.58.7.3 updated - container:sles15-image-15.0.0-27.14.53 updated From sle-updates at lists.suse.com Thu Apr 20 09:01:26 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 20 Apr 2023 11:01:26 +0200 (CEST) Subject: SUSE-CU-2023:1209-1: Security update of bci/php-fpm Message-ID: <20230420090126.2624AF79F@maintenance.suse.de> SUSE Container Update Advisory: bci/php-fpm ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1209-1 Container Tags : bci/php-fpm:8 , bci/php-fpm:8-2.32 Container Release : 2.32 Severity : moderate Type : security References : 1208529 1209873 1209878 CVE-2023-0465 CVE-2023-0466 ----------------------------------------------------------------- The container bci/php-fpm was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1911-1 Released: Wed Apr 19 13:02:33 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1209873,1209878,CVE-2023-0465,CVE-2023-0466 This update for openssl-1_1 fixes the following issues: - CVE-2023-0465: Invalid certificate policies in leaf certificates were silently ignored (bsc#1209878). - CVE-2023-0466: Certificate policy check were not enabled (bsc#1209873). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1916-1 Released: Wed Apr 19 16:17:58 2023 Summary: Recommended update for sles-release Type: recommended Severity: low References: 1208529 This update for sles-release fixes the following issue: - Filter libhogweed4 and libnettle6 so they dont get orphaned on system upgrades. (bsc#1208529) The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.34.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.34.1 updated - sles-release-15.4-150400.58.7.3 updated - container:sles15-image-15.0.0-27.14.53 updated From sle-updates at lists.suse.com Thu Apr 20 09:01:33 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 20 Apr 2023 11:01:33 +0200 (CEST) Subject: SUSE-CU-2023:1210-1: Security update of bci/php Message-ID: <20230420090133.BEBF3F79F@maintenance.suse.de> SUSE Container Update Advisory: bci/php ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1210-1 Container Tags : bci/php:8 , bci/php:8-2.32 Container Release : 2.32 Severity : moderate Type : security References : 1208529 1209873 1209878 CVE-2023-0465 CVE-2023-0466 ----------------------------------------------------------------- The container bci/php was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1911-1 Released: Wed Apr 19 13:02:33 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1209873,1209878,CVE-2023-0465,CVE-2023-0466 This update for openssl-1_1 fixes the following issues: - CVE-2023-0465: Invalid certificate policies in leaf certificates were silently ignored (bsc#1209878). - CVE-2023-0466: Certificate policy check were not enabled (bsc#1209873). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1916-1 Released: Wed Apr 19 16:17:58 2023 Summary: Recommended update for sles-release Type: recommended Severity: low References: 1208529 This update for sles-release fixes the following issue: - Filter libhogweed4 and libnettle6 so they dont get orphaned on system upgrades. (bsc#1208529) The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.34.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.34.1 updated - sles-release-15.4-150400.58.7.3 updated - container:sles15-image-15.0.0-27.14.53 updated From sle-updates at lists.suse.com Thu Apr 20 09:02:22 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 20 Apr 2023 11:02:22 +0200 (CEST) Subject: SUSE-CU-2023:1212-1: Security update of bci/python Message-ID: <20230420090222.39297F79F@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1212-1 Container Tags : bci/python:3 , bci/python:3-12.31 , bci/python:3.10 , bci/python:3.10-12.31 , bci/python:latest Container Release : 12.31 Severity : moderate Type : security References : 1208529 1209873 1209878 CVE-2023-0465 CVE-2023-0466 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1911-1 Released: Wed Apr 19 13:02:33 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1209873,1209878,CVE-2023-0465,CVE-2023-0466 This update for openssl-1_1 fixes the following issues: - CVE-2023-0465: Invalid certificate policies in leaf certificates were silently ignored (bsc#1209878). - CVE-2023-0466: Certificate policy check were not enabled (bsc#1209873). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1916-1 Released: Wed Apr 19 16:17:58 2023 Summary: Recommended update for sles-release Type: recommended Severity: low References: 1208529 This update for sles-release fixes the following issue: - Filter libhogweed4 and libnettle6 so they dont get orphaned on system upgrades. (bsc#1208529) The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.34.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.34.1 updated - sles-release-15.4-150400.58.7.3 updated - openssl-1_1-1.1.1l-150400.7.34.1 updated - container:sles15-image-15.0.0-27.14.53 updated From sle-updates at lists.suse.com Thu Apr 20 09:03:13 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 20 Apr 2023 11:03:13 +0200 (CEST) Subject: SUSE-CU-2023:1213-1: Security update of bci/python Message-ID: <20230420090313.BD14FF79F@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1213-1 Container Tags : bci/python:3 , bci/python:3-35.31 , bci/python:3.6 , bci/python:3.6-35.31 Container Release : 35.31 Severity : moderate Type : security References : 1208529 1209873 1209878 CVE-2023-0465 CVE-2023-0466 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1911-1 Released: Wed Apr 19 13:02:33 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1209873,1209878,CVE-2023-0465,CVE-2023-0466 This update for openssl-1_1 fixes the following issues: - CVE-2023-0465: Invalid certificate policies in leaf certificates were silently ignored (bsc#1209878). - CVE-2023-0466: Certificate policy check were not enabled (bsc#1209873). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1916-1 Released: Wed Apr 19 16:17:58 2023 Summary: Recommended update for sles-release Type: recommended Severity: low References: 1208529 This update for sles-release fixes the following issue: - Filter libhogweed4 and libnettle6 so they dont get orphaned on system upgrades. (bsc#1208529) The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.34.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.34.1 updated - sles-release-15.4-150400.58.7.3 updated - openssl-1_1-1.1.1l-150400.7.34.1 updated - container:sles15-image-15.0.0-27.14.53 updated From sle-updates at lists.suse.com Thu Apr 20 09:04:01 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 20 Apr 2023 11:04:01 +0200 (CEST) Subject: SUSE-CU-2023:1214-1: Security update of bci/ruby Message-ID: <20230420090401.3B602F79F@maintenance.suse.de> SUSE Container Update Advisory: bci/ruby ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1214-1 Container Tags : bci/ruby:2 , bci/ruby:2-34.30 , bci/ruby:2.5 , bci/ruby:2.5-34.30 , bci/ruby:latest Container Release : 34.30 Severity : moderate Type : security References : 1208529 1209873 1209878 CVE-2023-0465 CVE-2023-0466 ----------------------------------------------------------------- The container bci/ruby was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1911-1 Released: Wed Apr 19 13:02:33 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1209873,1209878,CVE-2023-0465,CVE-2023-0466 This update for openssl-1_1 fixes the following issues: - CVE-2023-0465: Invalid certificate policies in leaf certificates were silently ignored (bsc#1209878). - CVE-2023-0466: Certificate policy check were not enabled (bsc#1209873). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1916-1 Released: Wed Apr 19 16:17:58 2023 Summary: Recommended update for sles-release Type: recommended Severity: low References: 1208529 This update for sles-release fixes the following issue: - Filter libhogweed4 and libnettle6 so they dont get orphaned on system upgrades. (bsc#1208529) The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.34.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.34.1 updated - sles-release-15.4-150400.58.7.3 updated - container:sles15-image-15.0.0-27.14.53 updated From sle-updates at lists.suse.com Thu Apr 20 09:04:11 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 20 Apr 2023 11:04:11 +0200 (CEST) Subject: SUSE-CU-2023:1215-1: Security update of bci/rust Message-ID: <20230420090411.DEB10F79F@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1215-1 Container Tags : bci/rust:1.67 , bci/rust:1.67-4.8 Container Release : 4.8 Severity : moderate Type : security References : 1208529 1209873 1209878 CVE-2023-0465 CVE-2023-0466 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1911-1 Released: Wed Apr 19 13:02:33 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1209873,1209878,CVE-2023-0465,CVE-2023-0466 This update for openssl-1_1 fixes the following issues: - CVE-2023-0465: Invalid certificate policies in leaf certificates were silently ignored (bsc#1209878). - CVE-2023-0466: Certificate policy check were not enabled (bsc#1209873). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1916-1 Released: Wed Apr 19 16:17:58 2023 Summary: Recommended update for sles-release Type: recommended Severity: low References: 1208529 This update for sles-release fixes the following issue: - Filter libhogweed4 and libnettle6 so they dont get orphaned on system upgrades. (bsc#1208529) The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.34.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.34.1 updated - sles-release-15.4-150400.58.7.3 updated - container:sles15-image-15.0.0-27.14.53 updated From sle-updates at lists.suse.com Thu Apr 20 09:04:13 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 20 Apr 2023 11:04:13 +0200 (CEST) Subject: SUSE-CU-2023:1216-1: Security update of bci/rust Message-ID: <20230420090413.EEE2FF79F@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1216-1 Container Tags : bci/rust:1.68 , bci/rust:1.68-2.8 , bci/rust:latest Container Release : 2.8 Severity : moderate Type : security References : 1208529 1209873 1209878 CVE-2023-0465 CVE-2023-0466 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1911-1 Released: Wed Apr 19 13:02:33 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1209873,1209878,CVE-2023-0465,CVE-2023-0466 This update for openssl-1_1 fixes the following issues: - CVE-2023-0465: Invalid certificate policies in leaf certificates were silently ignored (bsc#1209878). - CVE-2023-0466: Certificate policy check were not enabled (bsc#1209873). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1916-1 Released: Wed Apr 19 16:17:58 2023 Summary: Recommended update for sles-release Type: recommended Severity: low References: 1208529 This update for sles-release fixes the following issue: - Filter libhogweed4 and libnettle6 so they dont get orphaned on system upgrades. (bsc#1208529) The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.34.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.34.1 updated - sles-release-15.4-150400.58.7.3 updated - container:sles15-image-15.0.0-27.14.53 updated From sle-updates at lists.suse.com Thu Apr 20 09:04:52 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 20 Apr 2023 11:04:52 +0200 (CEST) Subject: SUSE-CU-2023:1217-1: Security update of suse/sle15 Message-ID: <20230420090452.05D1DF79F@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1217-1 Container Tags : bci/bci-base:15.4 , bci/bci-base:15.4.27.14.53 , suse/sle15:15.4 , suse/sle15:15.4.27.14.53 Container Release : 27.14.53 Severity : moderate Type : security References : 1208529 1209873 1209878 CVE-2023-0465 CVE-2023-0466 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1911-1 Released: Wed Apr 19 13:02:33 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1209873,1209878,CVE-2023-0465,CVE-2023-0466 This update for openssl-1_1 fixes the following issues: - CVE-2023-0465: Invalid certificate policies in leaf certificates were silently ignored (bsc#1209878). - CVE-2023-0466: Certificate policy check were not enabled (bsc#1209873). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1916-1 Released: Wed Apr 19 16:17:58 2023 Summary: Recommended update for sles-release Type: recommended Severity: low References: 1208529 This update for sles-release fixes the following issue: - Filter libhogweed4 and libnettle6 so they dont get orphaned on system upgrades. (bsc#1208529) The following package changes have been done: - libopenssl1_1-hmac-1.1.1l-150400.7.34.1 updated - libopenssl1_1-1.1.1l-150400.7.34.1 updated - openssl-1_1-1.1.1l-150400.7.34.1 updated - sles-release-15.4-150400.58.7.3 updated From sle-updates at lists.suse.com Thu Apr 20 12:30:01 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 20 Apr 2023 12:30:01 -0000 Subject: SUSE-SU-2023:1930-1: moderate: Security update for dnsmasq Message-ID: <168199380170.26526.3618655002597039193@smelt2.suse.de> # Security update for dnsmasq Announcement ID: SUSE-SU-2023:1930-1 Rating: moderate References: * #1209358 Cross-References: * CVE-2023-28450 CVSS scores: * CVE-2023-28450 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2023-28450 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Real Time 15 SP3 An update that solves one vulnerability can now be installed. ## Description: This update for dnsmasq fixes the following issues: * CVE-2023-28450: Fixed default maximum size for EDNS.0 UDP packets (bsc#1209358). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-1930=1 * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-1930=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-1930=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-1930=1 ## Package List: * SUSE Linux Enterprise Real Time 15 SP3 (x86_64) * dnsmasq-debuginfo-2.86-150100.7.23.1 * dnsmasq-2.86-150100.7.23.1 * dnsmasq-debugsource-2.86-150100.7.23.1 * SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64) * dnsmasq-debuginfo-2.86-150100.7.23.1 * dnsmasq-2.86-150100.7.23.1 * dnsmasq-debugsource-2.86-150100.7.23.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * dnsmasq-debuginfo-2.86-150100.7.23.1 * dnsmasq-2.86-150100.7.23.1 * dnsmasq-debugsource-2.86-150100.7.23.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * dnsmasq-debuginfo-2.86-150100.7.23.1 * dnsmasq-2.86-150100.7.23.1 * dnsmasq-debugsource-2.86-150100.7.23.1 ## References: * https://www.suse.com/security/cve/CVE-2023-28450.html * https://bugzilla.suse.com/show_bug.cgi?id=1209358 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Apr 20 12:30:03 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 20 Apr 2023 12:30:03 -0000 Subject: SUSE-SU-2023:1928-1: important: Security update for python-Flask Message-ID: <168199380373.26526.1697582299158575027@smelt2.suse.de> # Security update for python-Flask Announcement ID: SUSE-SU-2023:1928-1 Rating: important References: * #1141968 Cross-References: * CVE-2019-1010083 CVSS scores: * CVE-2019-1010083 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2019-1010083 ( SUSE ): 4.3 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2019-1010083 ( NVD ): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * Public Cloud Module 12 * SUSE Linux Enterprise High Performance Computing 12 SP2 * SUSE Linux Enterprise High Performance Computing 12 SP3 * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 * SUSE Linux Enterprise Server 12 SP1 * SUSE Linux Enterprise Server 12 SP2 * SUSE Linux Enterprise Server 12 SP3 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 * SUSE Linux Enterprise Server for SAP Applications 12 SP1 * SUSE Linux Enterprise Server for SAP Applications 12 SP2 * SUSE Linux Enterprise Server for SAP Applications 12 SP3 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for python-Flask fixes the following issues: * CVE-2019-1010083: Fixed DoS via crafted encoded JSON data (bsc#1141968). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Public Cloud Module 12 zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2023-1928=1 ## Package List: * Public Cloud Module 12 (noarch) * python3-Flask-0.12.1-7.7.1 * python-Flask-0.12.1-7.7.1 ## References: * https://www.suse.com/security/cve/CVE-2019-1010083.html * https://bugzilla.suse.com/show_bug.cgi?id=1141968 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Apr 20 16:30:02 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 20 Apr 2023 16:30:02 -0000 Subject: SUSE-SU-2023:1931-1: important: Security update for wireshark Message-ID: <168200820291.17690.8359620182457012152@smelt2.suse.de> # Security update for wireshark Announcement ID: SUSE-SU-2023:1931-1 Rating: important References: * #1210403 * #1210404 * #1210405 Cross-References: * CVE-2023-1992 * CVE-2023-1993 * CVE-2023-1994 CVSS scores: * CVE-2023-1992 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-1992 ( NVD ): 6.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L * CVE-2023-1993 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2023-1993 ( NVD ): 6.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L * CVE-2023-1994 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-1994 ( NVD ): 6.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L Affected Products: * Basesystem Module 15-SP4 * Desktop Applications Module 15-SP4 * openSUSE Leap 15.4 * SUSE CaaS Platform 4.0 * SUSE Enterprise Storage 7 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 An update that solves three vulnerabilities can now be installed. ## Description: This update for wireshark fixes the following issues: * CVE-2023-1992: Fixed RPCoRDMA dissector crash (bsc#1210405). * CVE-2023-1993: Fixed LISP dissector large loop (bsc#1210404). * CVE-2023-1994: Fixed GQUIC dissector crash (bsc#1210403). Update to 3.6.13: * Further features, bug fixes and updated protocol support as listed in: https://www.wireshark.org/docs/relnotes/wireshark-3.6.13.html ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-1931=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-1931=1 * Desktop Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2023-1931=1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-1931=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-1931=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-1931=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-1931=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-1931=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-1931=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-1931=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-1931=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-1931=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-1931=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-1931=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-1931=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-1931=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-1931=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-1931=1 * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-1931=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * libwiretap12-debuginfo-3.6.13-150000.3.89.1 * libwsutil13-debuginfo-3.6.13-150000.3.89.1 * wireshark-devel-3.6.13-150000.3.89.1 * wireshark-ui-qt-3.6.13-150000.3.89.1 * libwsutil13-3.6.13-150000.3.89.1 * wireshark-debuginfo-3.6.13-150000.3.89.1 * libwireshark15-debuginfo-3.6.13-150000.3.89.1 * wireshark-debugsource-3.6.13-150000.3.89.1 * libwiretap12-3.6.13-150000.3.89.1 * wireshark-3.6.13-150000.3.89.1 * libwireshark15-3.6.13-150000.3.89.1 * wireshark-ui-qt-debuginfo-3.6.13-150000.3.89.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * libwiretap12-debuginfo-3.6.13-150000.3.89.1 * libwsutil13-debuginfo-3.6.13-150000.3.89.1 * libwsutil13-3.6.13-150000.3.89.1 * wireshark-debuginfo-3.6.13-150000.3.89.1 * libwireshark15-debuginfo-3.6.13-150000.3.89.1 * wireshark-debugsource-3.6.13-150000.3.89.1 * libwiretap12-3.6.13-150000.3.89.1 * wireshark-3.6.13-150000.3.89.1 * libwireshark15-3.6.13-150000.3.89.1 * Desktop Applications Module 15-SP4 (aarch64 ppc64le s390x x86_64) * wireshark-ui-qt-3.6.13-150000.3.89.1 * wireshark-devel-3.6.13-150000.3.89.1 * wireshark-debuginfo-3.6.13-150000.3.89.1 * wireshark-debugsource-3.6.13-150000.3.89.1 * wireshark-ui-qt-debuginfo-3.6.13-150000.3.89.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * libwiretap12-debuginfo-3.6.13-150000.3.89.1 * libwsutil13-debuginfo-3.6.13-150000.3.89.1 * wireshark-devel-3.6.13-150000.3.89.1 * wireshark-ui-qt-3.6.13-150000.3.89.1 * libwsutil13-3.6.13-150000.3.89.1 * wireshark-debuginfo-3.6.13-150000.3.89.1 * libwireshark15-debuginfo-3.6.13-150000.3.89.1 * wireshark-debugsource-3.6.13-150000.3.89.1 * libwiretap12-3.6.13-150000.3.89.1 * wireshark-3.6.13-150000.3.89.1 * libwireshark15-3.6.13-150000.3.89.1 * wireshark-ui-qt-debuginfo-3.6.13-150000.3.89.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * libwiretap12-debuginfo-3.6.13-150000.3.89.1 * libwsutil13-debuginfo-3.6.13-150000.3.89.1 * wireshark-devel-3.6.13-150000.3.89.1 * wireshark-ui-qt-3.6.13-150000.3.89.1 * libwsutil13-3.6.13-150000.3.89.1 * wireshark-debuginfo-3.6.13-150000.3.89.1 * libwireshark15-debuginfo-3.6.13-150000.3.89.1 * wireshark-debugsource-3.6.13-150000.3.89.1 * libwiretap12-3.6.13-150000.3.89.1 * wireshark-3.6.13-150000.3.89.1 * libwireshark15-3.6.13-150000.3.89.1 * wireshark-ui-qt-debuginfo-3.6.13-150000.3.89.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * libwiretap12-debuginfo-3.6.13-150000.3.89.1 * libwsutil13-debuginfo-3.6.13-150000.3.89.1 * wireshark-devel-3.6.13-150000.3.89.1 * wireshark-ui-qt-3.6.13-150000.3.89.1 * libwsutil13-3.6.13-150000.3.89.1 * wireshark-debuginfo-3.6.13-150000.3.89.1 * libwireshark15-debuginfo-3.6.13-150000.3.89.1 * wireshark-debugsource-3.6.13-150000.3.89.1 * libwiretap12-3.6.13-150000.3.89.1 * wireshark-3.6.13-150000.3.89.1 * libwireshark15-3.6.13-150000.3.89.1 * wireshark-ui-qt-debuginfo-3.6.13-150000.3.89.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * libwiretap12-debuginfo-3.6.13-150000.3.89.1 * libwsutil13-debuginfo-3.6.13-150000.3.89.1 * wireshark-devel-3.6.13-150000.3.89.1 * wireshark-ui-qt-3.6.13-150000.3.89.1 * libwsutil13-3.6.13-150000.3.89.1 * wireshark-debuginfo-3.6.13-150000.3.89.1 * libwireshark15-debuginfo-3.6.13-150000.3.89.1 * wireshark-debugsource-3.6.13-150000.3.89.1 * libwiretap12-3.6.13-150000.3.89.1 * wireshark-3.6.13-150000.3.89.1 * libwireshark15-3.6.13-150000.3.89.1 * wireshark-ui-qt-debuginfo-3.6.13-150000.3.89.1 * SUSE Linux Enterprise Real Time 15 SP3 (x86_64) * libwiretap12-debuginfo-3.6.13-150000.3.89.1 * libwsutil13-debuginfo-3.6.13-150000.3.89.1 * wireshark-devel-3.6.13-150000.3.89.1 * wireshark-ui-qt-3.6.13-150000.3.89.1 * libwsutil13-3.6.13-150000.3.89.1 * wireshark-debuginfo-3.6.13-150000.3.89.1 * libwireshark15-debuginfo-3.6.13-150000.3.89.1 * wireshark-debugsource-3.6.13-150000.3.89.1 * libwiretap12-3.6.13-150000.3.89.1 * wireshark-3.6.13-150000.3.89.1 * libwireshark15-3.6.13-150000.3.89.1 * wireshark-ui-qt-debuginfo-3.6.13-150000.3.89.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * libwiretap12-debuginfo-3.6.13-150000.3.89.1 * libwsutil13-debuginfo-3.6.13-150000.3.89.1 * wireshark-devel-3.6.13-150000.3.89.1 * wireshark-ui-qt-3.6.13-150000.3.89.1 * libwsutil13-3.6.13-150000.3.89.1 * wireshark-debuginfo-3.6.13-150000.3.89.1 * libwireshark15-debuginfo-3.6.13-150000.3.89.1 * wireshark-debugsource-3.6.13-150000.3.89.1 * libwiretap12-3.6.13-150000.3.89.1 * wireshark-3.6.13-150000.3.89.1 * libwireshark15-3.6.13-150000.3.89.1 * wireshark-ui-qt-debuginfo-3.6.13-150000.3.89.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * libwiretap12-debuginfo-3.6.13-150000.3.89.1 * libwsutil13-debuginfo-3.6.13-150000.3.89.1 * wireshark-devel-3.6.13-150000.3.89.1 * wireshark-ui-qt-3.6.13-150000.3.89.1 * libwsutil13-3.6.13-150000.3.89.1 * wireshark-debuginfo-3.6.13-150000.3.89.1 * libwireshark15-debuginfo-3.6.13-150000.3.89.1 * wireshark-debugsource-3.6.13-150000.3.89.1 * libwiretap12-3.6.13-150000.3.89.1 * wireshark-3.6.13-150000.3.89.1 * libwireshark15-3.6.13-150000.3.89.1 * wireshark-ui-qt-debuginfo-3.6.13-150000.3.89.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * libwiretap12-debuginfo-3.6.13-150000.3.89.1 * libwsutil13-debuginfo-3.6.13-150000.3.89.1 * wireshark-devel-3.6.13-150000.3.89.1 * wireshark-ui-qt-3.6.13-150000.3.89.1 * libwsutil13-3.6.13-150000.3.89.1 * wireshark-debuginfo-3.6.13-150000.3.89.1 * libwireshark15-debuginfo-3.6.13-150000.3.89.1 * wireshark-debugsource-3.6.13-150000.3.89.1 * libwiretap12-3.6.13-150000.3.89.1 * wireshark-3.6.13-150000.3.89.1 * libwireshark15-3.6.13-150000.3.89.1 * wireshark-ui-qt-debuginfo-3.6.13-150000.3.89.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * libwiretap12-debuginfo-3.6.13-150000.3.89.1 * libwsutil13-debuginfo-3.6.13-150000.3.89.1 * wireshark-devel-3.6.13-150000.3.89.1 * wireshark-ui-qt-3.6.13-150000.3.89.1 * libwsutil13-3.6.13-150000.3.89.1 * wireshark-debuginfo-3.6.13-150000.3.89.1 * libwireshark15-debuginfo-3.6.13-150000.3.89.1 * wireshark-debugsource-3.6.13-150000.3.89.1 * libwiretap12-3.6.13-150000.3.89.1 * wireshark-3.6.13-150000.3.89.1 * libwireshark15-3.6.13-150000.3.89.1 * wireshark-ui-qt-debuginfo-3.6.13-150000.3.89.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * libwiretap12-debuginfo-3.6.13-150000.3.89.1 * libwsutil13-debuginfo-3.6.13-150000.3.89.1 * wireshark-devel-3.6.13-150000.3.89.1 * wireshark-ui-qt-3.6.13-150000.3.89.1 * libwsutil13-3.6.13-150000.3.89.1 * wireshark-debuginfo-3.6.13-150000.3.89.1 * libwireshark15-debuginfo-3.6.13-150000.3.89.1 * wireshark-debugsource-3.6.13-150000.3.89.1 * libwiretap12-3.6.13-150000.3.89.1 * wireshark-3.6.13-150000.3.89.1 * libwireshark15-3.6.13-150000.3.89.1 * wireshark-ui-qt-debuginfo-3.6.13-150000.3.89.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * libwiretap12-debuginfo-3.6.13-150000.3.89.1 * libwsutil13-debuginfo-3.6.13-150000.3.89.1 * wireshark-devel-3.6.13-150000.3.89.1 * wireshark-ui-qt-3.6.13-150000.3.89.1 * libwsutil13-3.6.13-150000.3.89.1 * wireshark-debuginfo-3.6.13-150000.3.89.1 * libwireshark15-debuginfo-3.6.13-150000.3.89.1 * wireshark-debugsource-3.6.13-150000.3.89.1 * libwiretap12-3.6.13-150000.3.89.1 * wireshark-3.6.13-150000.3.89.1 * libwireshark15-3.6.13-150000.3.89.1 * wireshark-ui-qt-debuginfo-3.6.13-150000.3.89.1 * SUSE Manager Proxy 4.2 (x86_64) * libwiretap12-debuginfo-3.6.13-150000.3.89.1 * libwsutil13-debuginfo-3.6.13-150000.3.89.1 * libwsutil13-3.6.13-150000.3.89.1 * wireshark-debuginfo-3.6.13-150000.3.89.1 * libwireshark15-debuginfo-3.6.13-150000.3.89.1 * wireshark-debugsource-3.6.13-150000.3.89.1 * libwiretap12-3.6.13-150000.3.89.1 * wireshark-3.6.13-150000.3.89.1 * libwireshark15-3.6.13-150000.3.89.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * libwiretap12-debuginfo-3.6.13-150000.3.89.1 * libwsutil13-debuginfo-3.6.13-150000.3.89.1 * libwsutil13-3.6.13-150000.3.89.1 * wireshark-debuginfo-3.6.13-150000.3.89.1 * libwireshark15-debuginfo-3.6.13-150000.3.89.1 * wireshark-debugsource-3.6.13-150000.3.89.1 * libwiretap12-3.6.13-150000.3.89.1 * wireshark-3.6.13-150000.3.89.1 * libwireshark15-3.6.13-150000.3.89.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * libwiretap12-debuginfo-3.6.13-150000.3.89.1 * libwsutil13-debuginfo-3.6.13-150000.3.89.1 * libwsutil13-3.6.13-150000.3.89.1 * wireshark-debuginfo-3.6.13-150000.3.89.1 * libwireshark15-debuginfo-3.6.13-150000.3.89.1 * wireshark-debugsource-3.6.13-150000.3.89.1 * libwiretap12-3.6.13-150000.3.89.1 * wireshark-3.6.13-150000.3.89.1 * libwireshark15-3.6.13-150000.3.89.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * libwiretap12-debuginfo-3.6.13-150000.3.89.1 * libwsutil13-debuginfo-3.6.13-150000.3.89.1 * wireshark-devel-3.6.13-150000.3.89.1 * wireshark-ui-qt-3.6.13-150000.3.89.1 * libwsutil13-3.6.13-150000.3.89.1 * wireshark-debuginfo-3.6.13-150000.3.89.1 * libwireshark15-debuginfo-3.6.13-150000.3.89.1 * wireshark-debugsource-3.6.13-150000.3.89.1 * libwiretap12-3.6.13-150000.3.89.1 * wireshark-3.6.13-150000.3.89.1 * libwireshark15-3.6.13-150000.3.89.1 * wireshark-ui-qt-debuginfo-3.6.13-150000.3.89.1 * SUSE Enterprise Storage 7 (aarch64 x86_64) * libwiretap12-debuginfo-3.6.13-150000.3.89.1 * libwsutil13-debuginfo-3.6.13-150000.3.89.1 * wireshark-devel-3.6.13-150000.3.89.1 * wireshark-ui-qt-3.6.13-150000.3.89.1 * libwsutil13-3.6.13-150000.3.89.1 * wireshark-debuginfo-3.6.13-150000.3.89.1 * libwireshark15-debuginfo-3.6.13-150000.3.89.1 * wireshark-debugsource-3.6.13-150000.3.89.1 * libwiretap12-3.6.13-150000.3.89.1 * wireshark-3.6.13-150000.3.89.1 * libwireshark15-3.6.13-150000.3.89.1 * wireshark-ui-qt-debuginfo-3.6.13-150000.3.89.1 * SUSE CaaS Platform 4.0 (x86_64) * libwiretap12-debuginfo-3.6.13-150000.3.89.1 * libwsutil13-debuginfo-3.6.13-150000.3.89.1 * wireshark-devel-3.6.13-150000.3.89.1 * wireshark-ui-qt-3.6.13-150000.3.89.1 * libwsutil13-3.6.13-150000.3.89.1 * wireshark-debuginfo-3.6.13-150000.3.89.1 * libwireshark15-debuginfo-3.6.13-150000.3.89.1 * wireshark-debugsource-3.6.13-150000.3.89.1 * libwiretap12-3.6.13-150000.3.89.1 * wireshark-3.6.13-150000.3.89.1 * libwireshark15-3.6.13-150000.3.89.1 * wireshark-ui-qt-debuginfo-3.6.13-150000.3.89.1 ## References: * https://www.suse.com/security/cve/CVE-2023-1992.html * https://www.suse.com/security/cve/CVE-2023-1993.html * https://www.suse.com/security/cve/CVE-2023-1994.html * https://bugzilla.suse.com/show_bug.cgi?id=1210403 * https://bugzilla.suse.com/show_bug.cgi?id=1210404 * https://bugzilla.suse.com/show_bug.cgi?id=1210405 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Apr 21 07:04:27 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 21 Apr 2023 09:04:27 +0200 (CEST) Subject: SUSE-CU-2023:1220-1: Security update of suse/registry Message-ID: <20230421070427.E19C3F457@maintenance.suse.de> SUSE Container Update Advisory: suse/registry ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1220-1 Container Tags : suse/registry:2.8 , suse/registry:2.8-8.1 , suse/registry:latest Container Release : 8.1 Severity : moderate Type : security References : 1209873 1209878 CVE-2023-0465 CVE-2023-0466 ----------------------------------------------------------------- The container suse/registry was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1911-1 Released: Wed Apr 19 13:02:33 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1209873,1209878,CVE-2023-0465,CVE-2023-0466 This update for openssl-1_1 fixes the following issues: - CVE-2023-0465: Invalid certificate policies in leaf certificates were silently ignored (bsc#1209878). - CVE-2023-0466: Certificate policy check were not enabled (bsc#1209873). The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.34.1 updated - openssl-1_1-1.1.1l-150400.7.34.1 updated - container:micro-image-15.4.0-18.5 updated From sle-updates at lists.suse.com Fri Apr 21 07:06:24 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 21 Apr 2023 09:06:24 +0200 (CEST) Subject: SUSE-CU-2023:1223-1: Security update of bci/nodejs Message-ID: <20230421070624.C89BAF457@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1223-1 Container Tags : bci/node:16 , bci/node:16-15.36 , bci/nodejs:16 , bci/nodejs:16-15.36 Container Release : 15.36 Severity : important Type : security References : 1208744 CVE-2022-25881 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1924-1 Released: Thu Apr 20 08:58:59 2023 Summary: Security update for nodejs16 Type: security Severity: important References: 1208744,CVE-2022-25881 This update for nodejs16 fixes the following issues: Update to nodejs LTS version 16.20.0: Security fixes: - CVE-2022-25881: Fixed ReDoS vulnerability in http-cache-semantics (bsc#1208744). Other changes: - update undici to 5.20.0 - update c-ares to 1.19.0 - update npm to 8.19.4 The following package changes have been done: - nodejs16-16.20.0-150400.3.18.2 updated - npm16-16.20.0-150400.3.18.2 updated From sle-updates at lists.suse.com Fri Apr 21 07:08:48 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 21 Apr 2023 09:08:48 +0200 (CEST) Subject: SUSE-CU-2023:1227-1: Security update of suse/postgres Message-ID: <20230421070848.C95A9F457@maintenance.suse.de> SUSE Container Update Advisory: suse/postgres ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1227-1 Container Tags : suse/postgres:14 , suse/postgres:14-20.10 , suse/postgres:14.7 , suse/postgres:14.7-20.10 Container Release : 20.10 Severity : moderate Type : security References : 1208529 1209873 1209878 CVE-2023-0465 CVE-2023-0466 ----------------------------------------------------------------- The container suse/postgres was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1911-1 Released: Wed Apr 19 13:02:33 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1209873,1209878,CVE-2023-0465,CVE-2023-0466 This update for openssl-1_1 fixes the following issues: - CVE-2023-0465: Invalid certificate policies in leaf certificates were silently ignored (bsc#1209878). - CVE-2023-0466: Certificate policy check were not enabled (bsc#1209873). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1916-1 Released: Wed Apr 19 16:17:58 2023 Summary: Recommended update for sles-release Type: recommended Severity: low References: 1208529 This update for sles-release fixes the following issue: - Filter libhogweed4 and libnettle6 so they dont get orphaned on system upgrades. (bsc#1208529) The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.34.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.34.1 updated - sles-release-15.4-150400.58.7.3 updated - container:sles15-image-15.0.0-27.14.53 updated From sle-updates at lists.suse.com Fri Apr 21 12:30:04 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 21 Apr 2023 12:30:04 -0000 Subject: SUSE-SU-2023:1944-1: moderate: Security update for libmicrohttpd Message-ID: <168208020469.31108.4710238717146100725@smelt2.suse.de> # Security update for libmicrohttpd Announcement ID: SUSE-SU-2023:1944-1 Rating: moderate References: * #1208745 Cross-References: * CVE-2023-27371 CVSS scores: * CVE-2023-27371 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-27371 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for libmicrohttpd fixes the following issues: * CVE-2023-27371: Fixed parser bug that could be used to crash servers using the MHD_PostProcessor (bsc#1208745). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-1944=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-1944=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-1944=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-1944=1 ## Package List: * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * libmicrohttpd-debugsource-0.9.30-6.3.1 * libmicrohttpd-devel-0.9.30-6.3.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * libmicrohttpd-debugsource-0.9.30-6.3.1 * libmicrohttpd10-debuginfo-0.9.30-6.3.1 * libmicrohttpd10-0.9.30-6.3.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * libmicrohttpd-debugsource-0.9.30-6.3.1 * libmicrohttpd10-debuginfo-0.9.30-6.3.1 * libmicrohttpd10-0.9.30-6.3.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * libmicrohttpd-debugsource-0.9.30-6.3.1 * libmicrohttpd10-debuginfo-0.9.30-6.3.1 * libmicrohttpd10-0.9.30-6.3.1 ## References: * https://www.suse.com/security/cve/CVE-2023-27371.html * https://bugzilla.suse.com/show_bug.cgi?id=1208745 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Apr 21 12:30:06 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 21 Apr 2023 12:30:06 -0000 Subject: SUSE-SU-2023:1942-1: important: Security update for nodejs16 Message-ID: <168208020678.31108.17338504871793232023@smelt2.suse.de> # Security update for nodejs16 Announcement ID: SUSE-SU-2023:1942-1 Rating: important References: * #1208744 Cross-References: * CVE-2022-25881 CVSS scores: * CVE-2022-25881 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2022-25881 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP2 * SUSE Linux Enterprise High Performance Computing 12 SP3 * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 * SUSE Linux Enterprise Server 12 SP1 * SUSE Linux Enterprise Server 12 SP2 * SUSE Linux Enterprise Server 12 SP3 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 * SUSE Linux Enterprise Server for SAP Applications 12 SP1 * SUSE Linux Enterprise Server for SAP Applications 12 SP2 * SUSE Linux Enterprise Server for SAP Applications 12 SP3 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * Web and Scripting Module 12 An update that solves one vulnerability can now be installed. ## Description: This update for nodejs16 fixes the following issues: Update to nodejs LTS version 16.20.0: Security fixes: * CVE-2022-25881: Fixed ReDoS vulnerability in http-cache-semantics (bsc#1208744). Other changes: * update undici to 5.20.0 * update c-ares to 1.19.0 * update npm to 8.19.4 ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Web and Scripting Module 12 zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2023-1942=1 ## Package List: * Web and Scripting Module 12 (aarch64 ppc64le s390x x86_64) * nodejs16-debugsource-16.20.0-8.27.1 * nodejs16-devel-16.20.0-8.27.1 * nodejs16-debuginfo-16.20.0-8.27.1 * npm16-16.20.0-8.27.1 * nodejs16-16.20.0-8.27.1 * Web and Scripting Module 12 (noarch) * nodejs16-docs-16.20.0-8.27.1 ## References: * https://www.suse.com/security/cve/CVE-2022-25881.html * https://bugzilla.suse.com/show_bug.cgi?id=1208744 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Apr 21 12:30:08 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 21 Apr 2023 12:30:08 -0000 Subject: SUSE-SU-2023:1941-1: important: Security update for ovmf Message-ID: <168208020872.31108.9513256653902482806@smelt2.suse.de> # Security update for ovmf Announcement ID: SUSE-SU-2023:1941-1 Rating: important References: * #1174246 * #1196741 Cross-References: * CVE-2019-14560 * CVE-2021-38578 CVSS scores: * CVE-2019-14560 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:L * CVE-2021-38578 ( SUSE ): 7.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:L * CVE-2021-38578 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE OpenStack Cloud 9 * SUSE OpenStack Cloud Crowbar 9 An update that solves two vulnerabilities can now be installed. ## Description: This update for ovmf fixes the following issues: * CVE-2019-14560: Fixed potential secure boot bypass via an improper check of GetEfiGlobalVariable2 (bsc#1174246). * CVE-2021-38578: Fixed underflow in MdeModulePkg/PiSmmCore SmmEntryPointAdd (bsc#1196741). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE OpenStack Cloud 9 zypper in -t patch SUSE-OpenStack-Cloud-9-2023-1941=1 * SUSE OpenStack Cloud Crowbar 9 zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2023-1941=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 zypper in -t patch SUSE-SLE-SAP-12-SP4-2023-1941=1 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 zypper in -t patch SUSE-SLE-SERVER-12-SP4-ESPOS-2023-1941=1 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2023-1941=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-1941=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-1941=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-1941=1 ## Package List: * SUSE OpenStack Cloud 9 (x86_64) * ovmf-tools-2017+git1510945757.b2662641d5-3.41.2 * ovmf-2017+git1510945757.b2662641d5-3.41.2 * SUSE OpenStack Cloud 9 (noarch) * qemu-ovmf-x86_64-2017+git1510945757.b2662641d5-3.41.2 * SUSE OpenStack Cloud Crowbar 9 (x86_64) * ovmf-tools-2017+git1510945757.b2662641d5-3.41.2 * ovmf-2017+git1510945757.b2662641d5-3.41.2 * SUSE OpenStack Cloud Crowbar 9 (noarch) * qemu-ovmf-x86_64-2017+git1510945757.b2662641d5-3.41.2 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 (x86_64) * ovmf-tools-2017+git1510945757.b2662641d5-3.41.2 * ovmf-2017+git1510945757.b2662641d5-3.41.2 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 (noarch) * qemu-ovmf-x86_64-2017+git1510945757.b2662641d5-3.41.2 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 (aarch64 x86_64) * ovmf-tools-2017+git1510945757.b2662641d5-3.41.2 * ovmf-2017+git1510945757.b2662641d5-3.41.2 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 (noarch) * qemu-uefi-aarch64-2017+git1510945757.b2662641d5-3.41.2 * qemu-ovmf-x86_64-2017+git1510945757.b2662641d5-3.41.2 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 (aarch64 x86_64) * ovmf-tools-2017+git1510945757.b2662641d5-3.41.2 * ovmf-2017+git1510945757.b2662641d5-3.41.2 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 (noarch) * qemu-uefi-aarch64-2017+git1510945757.b2662641d5-3.41.2 * qemu-ovmf-x86_64-2017+git1510945757.b2662641d5-3.41.2 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * ovmf-tools-2017+git1510945757.b2662641d5-3.41.2 * ovmf-2017+git1510945757.b2662641d5-3.41.2 * SUSE Linux Enterprise High Performance Computing 12 SP5 (noarch) * qemu-uefi-aarch64-2017+git1510945757.b2662641d5-3.41.2 * qemu-ovmf-x86_64-2017+git1510945757.b2662641d5-3.41.2 * SUSE Linux Enterprise Server 12 SP5 (aarch64 x86_64) * ovmf-tools-2017+git1510945757.b2662641d5-3.41.2 * ovmf-2017+git1510945757.b2662641d5-3.41.2 * SUSE Linux Enterprise Server 12 SP5 (noarch) * qemu-uefi-aarch64-2017+git1510945757.b2662641d5-3.41.2 * qemu-ovmf-x86_64-2017+git1510945757.b2662641d5-3.41.2 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (x86_64) * ovmf-tools-2017+git1510945757.b2662641d5-3.41.2 * ovmf-2017+git1510945757.b2662641d5-3.41.2 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (noarch) * qemu-ovmf-x86_64-2017+git1510945757.b2662641d5-3.41.2 ## References: * https://www.suse.com/security/cve/CVE-2019-14560.html * https://www.suse.com/security/cve/CVE-2021-38578.html * https://bugzilla.suse.com/show_bug.cgi?id=1174246 * https://bugzilla.suse.com/show_bug.cgi?id=1196741 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Apr 21 12:30:10 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 21 Apr 2023 12:30:10 -0000 Subject: SUSE-SU-2023:1940-1: important: Security update for ovmf Message-ID: <168208021068.31108.16601016862716674756@smelt2.suse.de> # Security update for ovmf Announcement ID: SUSE-SU-2023:1940-1 Rating: important References: * #1174246 * #1196741 Cross-References: * CVE-2019-14560 * CVE-2021-38578 CVSS scores: * CVE-2019-14560 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:L * CVE-2021-38578 ( SUSE ): 7.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:L * CVE-2021-38578 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE CaaS Platform 4.0 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 An update that solves two vulnerabilities can now be installed. ## Description: This update for ovmf fixes the following issues: * CVE-2019-14560: Fixed potential secure boot bypass via an improper check of GetEfiGlobalVariable2 (bsc#1174246). * CVE-2021-38578: Fixed underflow in MdeModulePkg/PiSmmCore SmmEntryPointAdd (bsc#1196741). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-1940=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-1940=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-1940=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. ## Package List: * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * ovmf-tools-2017+git1510945757.b2662641d5-150000.5.46.1 * ovmf-2017+git1510945757.b2662641d5-150000.5.46.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (noarch) * qemu-ovmf-x86_64-2017+git1510945757.b2662641d5-150000.5.46.1 * qemu-uefi-aarch64-2017+git1510945757.b2662641d5-150000.5.46.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * ovmf-tools-2017+git1510945757.b2662641d5-150000.5.46.1 * ovmf-2017+git1510945757.b2662641d5-150000.5.46.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (noarch) * qemu-ovmf-x86_64-2017+git1510945757.b2662641d5-150000.5.46.1 * qemu-uefi-aarch64-2017+git1510945757.b2662641d5-150000.5.46.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (x86_64) * ovmf-tools-2017+git1510945757.b2662641d5-150000.5.46.1 * ovmf-2017+git1510945757.b2662641d5-150000.5.46.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (noarch) * qemu-ovmf-x86_64-2017+git1510945757.b2662641d5-150000.5.46.1 * SUSE CaaS Platform 4.0 (x86_64) * ovmf-tools-2017+git1510945757.b2662641d5-150000.5.46.1 * ovmf-2017+git1510945757.b2662641d5-150000.5.46.1 * SUSE CaaS Platform 4.0 (noarch) * qemu-ovmf-x86_64-2017+git1510945757.b2662641d5-150000.5.46.1 ## References: * https://www.suse.com/security/cve/CVE-2019-14560.html * https://www.suse.com/security/cve/CVE-2021-38578.html * https://bugzilla.suse.com/show_bug.cgi?id=1174246 * https://bugzilla.suse.com/show_bug.cgi?id=1196741 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Apr 21 12:30:13 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 21 Apr 2023 12:30:13 -0000 Subject: SUSE-RU-2023:1939-1: moderate: Recommended update for mozilla-nss Message-ID: <168208021310.31108.17397755424917499040@smelt2.suse.de> # Recommended update for mozilla-nss Announcement ID: SUSE-RU-2023:1939-1 Rating: moderate References: * #1191546 * #1207209 * #1208242 * #1208999 Affected Products: * Basesystem Module 15-SP4 * openSUSE Leap 15.4 * openSUSE Leap Micro 5.3 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has four recommended fixes can now be installed. ## Description: This update for mozilla-nss fixes the following issues: * FIPS 140-3: Adjust SLI reporting for PBKDF2 parameter validation (bsc#1208999) * FIPS 140-3: Update session->lastOpWasFIPS before destroying the key after derivation in the CKM_TLS12_KEY_AND_MAC_DERIVE, CKM_NSS_TLS_KEY_AND_MAC_DERIVE_SHA256, CKM_TLS_KEY_AND_MAC_DERIVE and CKM_SSL3_KEY_AND_MAC_DERIVE cases. (bsc#1191546) * FIPS 140-3: more changes for pairwise consistency checks. (bsc#1207209) * Add manpages to mozilla-nss-tools (bsc#1208242) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-1939=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-1939=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-1939=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-1939=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-1939=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-1939=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-1939=1 ## Package List: * openSUSE Leap Micro 5.3 (aarch64 x86_64) * libsoftokn3-hmac-3.79.4-150400.3.29.1 * libfreebl3-debuginfo-3.79.4-150400.3.29.1 * libsoftokn3-3.79.4-150400.3.29.1 * mozilla-nss-3.79.4-150400.3.29.1 * libsoftokn3-debuginfo-3.79.4-150400.3.29.1 * libfreebl3-hmac-3.79.4-150400.3.29.1 * libfreebl3-3.79.4-150400.3.29.1 * mozilla-nss-tools-3.79.4-150400.3.29.1 * mozilla-nss-tools-debuginfo-3.79.4-150400.3.29.1 * mozilla-nss-certs-debuginfo-3.79.4-150400.3.29.1 * mozilla-nss-debugsource-3.79.4-150400.3.29.1 * mozilla-nss-certs-3.79.4-150400.3.29.1 * mozilla-nss-debuginfo-3.79.4-150400.3.29.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * libsoftokn3-hmac-3.79.4-150400.3.29.1 * libfreebl3-debuginfo-3.79.4-150400.3.29.1 * libsoftokn3-3.79.4-150400.3.29.1 * mozilla-nss-3.79.4-150400.3.29.1 * libsoftokn3-debuginfo-3.79.4-150400.3.29.1 * libfreebl3-hmac-3.79.4-150400.3.29.1 * mozilla-nss-devel-3.79.4-150400.3.29.1 * mozilla-nss-sysinit-3.79.4-150400.3.29.1 * libfreebl3-3.79.4-150400.3.29.1 * mozilla-nss-tools-3.79.4-150400.3.29.1 * mozilla-nss-tools-debuginfo-3.79.4-150400.3.29.1 * mozilla-nss-certs-debuginfo-3.79.4-150400.3.29.1 * mozilla-nss-debugsource-3.79.4-150400.3.29.1 * mozilla-nss-certs-3.79.4-150400.3.29.1 * mozilla-nss-sysinit-debuginfo-3.79.4-150400.3.29.1 * mozilla-nss-debuginfo-3.79.4-150400.3.29.1 * openSUSE Leap 15.4 (x86_64) * libfreebl3-32bit-debuginfo-3.79.4-150400.3.29.1 * mozilla-nss-certs-32bit-debuginfo-3.79.4-150400.3.29.1 * mozilla-nss-sysinit-32bit-3.79.4-150400.3.29.1 * libsoftokn3-hmac-32bit-3.79.4-150400.3.29.1 * mozilla-nss-certs-32bit-3.79.4-150400.3.29.1 * mozilla-nss-sysinit-32bit-debuginfo-3.79.4-150400.3.29.1 * mozilla-nss-32bit-3.79.4-150400.3.29.1 * libfreebl3-32bit-3.79.4-150400.3.29.1 * libsoftokn3-32bit-3.79.4-150400.3.29.1 * libfreebl3-hmac-32bit-3.79.4-150400.3.29.1 * mozilla-nss-32bit-debuginfo-3.79.4-150400.3.29.1 * libsoftokn3-32bit-debuginfo-3.79.4-150400.3.29.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * libsoftokn3-hmac-3.79.4-150400.3.29.1 * libfreebl3-debuginfo-3.79.4-150400.3.29.1 * libsoftokn3-3.79.4-150400.3.29.1 * mozilla-nss-3.79.4-150400.3.29.1 * libsoftokn3-debuginfo-3.79.4-150400.3.29.1 * libfreebl3-hmac-3.79.4-150400.3.29.1 * libfreebl3-3.79.4-150400.3.29.1 * mozilla-nss-tools-3.79.4-150400.3.29.1 * mozilla-nss-tools-debuginfo-3.79.4-150400.3.29.1 * mozilla-nss-certs-debuginfo-3.79.4-150400.3.29.1 * mozilla-nss-debugsource-3.79.4-150400.3.29.1 * mozilla-nss-certs-3.79.4-150400.3.29.1 * mozilla-nss-debuginfo-3.79.4-150400.3.29.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * libsoftokn3-hmac-3.79.4-150400.3.29.1 * libfreebl3-debuginfo-3.79.4-150400.3.29.1 * libsoftokn3-3.79.4-150400.3.29.1 * mozilla-nss-3.79.4-150400.3.29.1 * libsoftokn3-debuginfo-3.79.4-150400.3.29.1 * libfreebl3-hmac-3.79.4-150400.3.29.1 * libfreebl3-3.79.4-150400.3.29.1 * mozilla-nss-tools-3.79.4-150400.3.29.1 * mozilla-nss-tools-debuginfo-3.79.4-150400.3.29.1 * mozilla-nss-certs-debuginfo-3.79.4-150400.3.29.1 * mozilla-nss-debugsource-3.79.4-150400.3.29.1 * mozilla-nss-certs-3.79.4-150400.3.29.1 * mozilla-nss-debuginfo-3.79.4-150400.3.29.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * libsoftokn3-hmac-3.79.4-150400.3.29.1 * libfreebl3-debuginfo-3.79.4-150400.3.29.1 * libsoftokn3-3.79.4-150400.3.29.1 * mozilla-nss-3.79.4-150400.3.29.1 * libsoftokn3-debuginfo-3.79.4-150400.3.29.1 * libfreebl3-hmac-3.79.4-150400.3.29.1 * libfreebl3-3.79.4-150400.3.29.1 * mozilla-nss-tools-3.79.4-150400.3.29.1 * mozilla-nss-tools-debuginfo-3.79.4-150400.3.29.1 * mozilla-nss-certs-debuginfo-3.79.4-150400.3.29.1 * mozilla-nss-debugsource-3.79.4-150400.3.29.1 * mozilla-nss-certs-3.79.4-150400.3.29.1 * mozilla-nss-debuginfo-3.79.4-150400.3.29.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * libsoftokn3-hmac-3.79.4-150400.3.29.1 * libfreebl3-debuginfo-3.79.4-150400.3.29.1 * libsoftokn3-3.79.4-150400.3.29.1 * mozilla-nss-3.79.4-150400.3.29.1 * libsoftokn3-debuginfo-3.79.4-150400.3.29.1 * libfreebl3-hmac-3.79.4-150400.3.29.1 * libfreebl3-3.79.4-150400.3.29.1 * mozilla-nss-tools-3.79.4-150400.3.29.1 * mozilla-nss-tools-debuginfo-3.79.4-150400.3.29.1 * mozilla-nss-certs-debuginfo-3.79.4-150400.3.29.1 * mozilla-nss-debugsource-3.79.4-150400.3.29.1 * mozilla-nss-certs-3.79.4-150400.3.29.1 * mozilla-nss-debuginfo-3.79.4-150400.3.29.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * libsoftokn3-hmac-3.79.4-150400.3.29.1 * libfreebl3-debuginfo-3.79.4-150400.3.29.1 * libsoftokn3-3.79.4-150400.3.29.1 * mozilla-nss-3.79.4-150400.3.29.1 * libsoftokn3-debuginfo-3.79.4-150400.3.29.1 * libfreebl3-hmac-3.79.4-150400.3.29.1 * mozilla-nss-devel-3.79.4-150400.3.29.1 * mozilla-nss-sysinit-3.79.4-150400.3.29.1 * libfreebl3-3.79.4-150400.3.29.1 * mozilla-nss-tools-3.79.4-150400.3.29.1 * mozilla-nss-tools-debuginfo-3.79.4-150400.3.29.1 * mozilla-nss-certs-debuginfo-3.79.4-150400.3.29.1 * mozilla-nss-debugsource-3.79.4-150400.3.29.1 * mozilla-nss-certs-3.79.4-150400.3.29.1 * mozilla-nss-sysinit-debuginfo-3.79.4-150400.3.29.1 * mozilla-nss-debuginfo-3.79.4-150400.3.29.1 * Basesystem Module 15-SP4 (x86_64) * libfreebl3-32bit-debuginfo-3.79.4-150400.3.29.1 * mozilla-nss-certs-32bit-debuginfo-3.79.4-150400.3.29.1 * libsoftokn3-hmac-32bit-3.79.4-150400.3.29.1 * mozilla-nss-certs-32bit-3.79.4-150400.3.29.1 * mozilla-nss-32bit-3.79.4-150400.3.29.1 * libfreebl3-32bit-3.79.4-150400.3.29.1 * libsoftokn3-32bit-3.79.4-150400.3.29.1 * libfreebl3-hmac-32bit-3.79.4-150400.3.29.1 * mozilla-nss-32bit-debuginfo-3.79.4-150400.3.29.1 * libsoftokn3-32bit-debuginfo-3.79.4-150400.3.29.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1191546 * https://bugzilla.suse.com/show_bug.cgi?id=1207209 * https://bugzilla.suse.com/show_bug.cgi?id=1208242 * https://bugzilla.suse.com/show_bug.cgi?id=1208999 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Apr 21 16:30:02 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 21 Apr 2023 16:30:02 -0000 Subject: SUSE-SU-2023:1949-1: important: Security update for openstack-cinder, openstack-nova, python-oslo.utils Message-ID: <168209460240.8692.6521333917596122802@smelt2.suse.de> # Security update for openstack-cinder, openstack-nova, python-oslo.utils Announcement ID: SUSE-SU-2023:1949-1 Rating: important References: * #1207321 Cross-References: * CVE-2022-47951 CVSS scores: * CVE-2022-47951 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-47951 ( NVD ): 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N Affected Products: * HPE Helion OpenStack 8 * SUSE Linux Enterprise High Performance Computing 12 SP3 * SUSE Linux Enterprise Server 12 SP3 * SUSE OpenStack Cloud 8 * SUSE OpenStack Cloud Crowbar 8 An update that solves one vulnerability can now be installed. ## Description: This update for openstack-cinder, openstack-nova, python-oslo.utils contains the following fixes: Security fixes included on this update: openstack-cinder, openstack-nova: * CVE-2022-47951: Fixed file access control through custom VMDK flat descriptor. (bsc#1207321) Non-security changes included on this update: Changes in openstack-cinder: \- Fixed file access control through custom VMDK flat descriptor. (bsc#1207321, CVE-2022-47951) Changes in openstack-nova: \- Fixed file access control through custom VMDK flat descriptor. (bsc#1207321, CVE-2022-47951) Changes in python-oslo.utils: \- Report format specific details when using JSON output format. (bsc#1207321) ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * HPE Helion OpenStack 8 zypper in -t patch HPE-Helion-OpenStack-8-2023-1949=1 * SUSE OpenStack Cloud 8 zypper in -t patch SUSE-OpenStack-Cloud-8-2023-1949=1 * SUSE OpenStack Cloud Crowbar 8 zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2023-1949=1 ## Package List: * HPE Helion OpenStack 8 (noarch) * python-cinder-11.2.3~dev29-3.31.2 * openstack-nova-conductor-16.1.9~dev92-3.51.2 * openstack-nova-16.1.9~dev92-3.51.2 * openstack-cinder-api-11.2.3~dev29-3.31.2 * openstack-cinder-doc-11.2.3~dev29-3.31.1 * venv-openstack-murano-x86_64-4.0.2~dev3-12.40.1 * venv-openstack-horizon-hpe-x86_64-12.0.5~dev6-14.50.1 * venv-openstack-designate-x86_64-5.0.3~dev7-12.41.1 * venv-openstack-aodh-x86_64-5.1.1~dev7-12.42.1 * openstack-cinder-scheduler-11.2.3~dev29-3.31.2 * venv-openstack-ironic-x86_64-9.1.8~dev8-12.43.1 * openstack-nova-api-16.1.9~dev92-3.51.2 * openstack-nova-consoleauth-16.1.9~dev92-3.51.2 * venv-openstack-heat-x86_64-9.0.8~dev22-12.47.1 * venv-openstack-octavia-x86_64-1.0.6~dev3-12.43.1 * venv-openstack-sahara-x86_64-7.0.5~dev4-11.42.1 * openstack-nova-novncproxy-16.1.9~dev92-3.51.2 * openstack-nova-serialproxy-16.1.9~dev92-3.51.2 * openstack-nova-placement-api-16.1.9~dev92-3.51.2 * venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.33.1 * venv-openstack-monasca-x86_64-2.2.2~dev1-11.47.1 * venv-openstack-trove-x86_64-8.0.2~dev2-11.42.1 * venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.38.1 * python-nova-16.1.9~dev92-3.51.2 * python-oslo.utils-3.28.4-3.9.1 * venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.40.1 * openstack-nova-cells-16.1.9~dev92-3.51.2 * venv-openstack-manila-x86_64-5.1.1~dev5-12.47.1 * venv-openstack-glance-x86_64-15.0.3~dev3-12.41.1 * openstack-nova-scheduler-16.1.9~dev92-3.51.2 * openstack-cinder-volume-11.2.3~dev29-3.31.2 * venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.38.1 * openstack-nova-vncproxy-16.1.9~dev92-3.51.2 * venv-openstack-keystone-x86_64-12.0.4~dev11-11.47.1 * openstack-nova-compute-16.1.9~dev92-3.51.2 * openstack-cinder-backup-11.2.3~dev29-3.31.2 * openstack-nova-doc-16.1.9~dev92-3.51.1 * venv-openstack-barbican-x86_64-5.0.2~dev3-12.45.1 * venv-openstack-cinder-x86_64-11.2.3~dev29-14.44.1 * venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.42.1 * openstack-nova-console-16.1.9~dev92-3.51.2 * venv-openstack-nova-x86_64-16.1.9~dev92-11.46.1 * venv-openstack-neutron-x86_64-11.0.9~dev69-13.48.1 * openstack-cinder-11.2.3~dev29-3.31.2 * SUSE OpenStack Cloud 8 (noarch) * python-cinder-11.2.3~dev29-3.31.2 * openstack-nova-conductor-16.1.9~dev92-3.51.2 * openstack-nova-16.1.9~dev92-3.51.2 * openstack-cinder-api-11.2.3~dev29-3.31.2 * openstack-cinder-doc-11.2.3~dev29-3.31.1 * venv-openstack-murano-x86_64-4.0.2~dev3-12.40.1 * venv-openstack-designate-x86_64-5.0.3~dev7-12.41.1 * venv-openstack-aodh-x86_64-5.1.1~dev7-12.42.1 * openstack-cinder-scheduler-11.2.3~dev29-3.31.2 * venv-openstack-ironic-x86_64-9.1.8~dev8-12.43.1 * openstack-nova-api-16.1.9~dev92-3.51.2 * openstack-nova-consoleauth-16.1.9~dev92-3.51.2 * venv-openstack-heat-x86_64-9.0.8~dev22-12.47.1 * venv-openstack-octavia-x86_64-1.0.6~dev3-12.43.1 * venv-openstack-sahara-x86_64-7.0.5~dev4-11.42.1 * openstack-nova-novncproxy-16.1.9~dev92-3.51.2 * openstack-nova-serialproxy-16.1.9~dev92-3.51.2 * openstack-nova-placement-api-16.1.9~dev92-3.51.2 * venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.33.1 * venv-openstack-monasca-x86_64-2.2.2~dev1-11.47.1 * venv-openstack-trove-x86_64-8.0.2~dev2-11.42.1 * venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.38.1 * python-nova-16.1.9~dev92-3.51.2 * python-oslo.utils-3.28.4-3.9.1 * venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.40.1 * openstack-nova-cells-16.1.9~dev92-3.51.2 * venv-openstack-manila-x86_64-5.1.1~dev5-12.47.1 * venv-openstack-glance-x86_64-15.0.3~dev3-12.41.1 * openstack-nova-scheduler-16.1.9~dev92-3.51.2 * openstack-cinder-volume-11.2.3~dev29-3.31.2 * venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.38.1 * openstack-nova-vncproxy-16.1.9~dev92-3.51.2 * venv-openstack-keystone-x86_64-12.0.4~dev11-11.47.1 * openstack-nova-compute-16.1.9~dev92-3.51.2 * openstack-cinder-backup-11.2.3~dev29-3.31.2 * openstack-nova-doc-16.1.9~dev92-3.51.1 * venv-openstack-barbican-x86_64-5.0.2~dev3-12.45.1 * venv-openstack-cinder-x86_64-11.2.3~dev29-14.44.1 * venv-openstack-horizon-x86_64-12.0.5~dev6-14.50.2 * openstack-nova-console-16.1.9~dev92-3.51.2 * venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.42.1 * venv-openstack-nova-x86_64-16.1.9~dev92-11.46.1 * venv-openstack-neutron-x86_64-11.0.9~dev69-13.48.1 * openstack-cinder-11.2.3~dev29-3.31.2 * SUSE OpenStack Cloud Crowbar 8 (noarch) * python-cinder-11.2.3~dev29-3.31.2 * openstack-nova-conductor-16.1.9~dev92-3.51.2 * openstack-nova-16.1.9~dev92-3.51.2 * openstack-cinder-api-11.2.3~dev29-3.31.2 * openstack-cinder-doc-11.2.3~dev29-3.31.1 * openstack-cinder-scheduler-11.2.3~dev29-3.31.2 * openstack-nova-api-16.1.9~dev92-3.51.2 * openstack-nova-consoleauth-16.1.9~dev92-3.51.2 * openstack-nova-novncproxy-16.1.9~dev92-3.51.2 * openstack-nova-serialproxy-16.1.9~dev92-3.51.2 * openstack-nova-placement-api-16.1.9~dev92-3.51.2 * python-nova-16.1.9~dev92-3.51.2 * python-oslo.utils-3.28.4-3.9.1 * openstack-nova-cells-16.1.9~dev92-3.51.2 * openstack-nova-scheduler-16.1.9~dev92-3.51.2 * openstack-cinder-volume-11.2.3~dev29-3.31.2 * openstack-nova-vncproxy-16.1.9~dev92-3.51.2 * openstack-nova-compute-16.1.9~dev92-3.51.2 * openstack-cinder-backup-11.2.3~dev29-3.31.2 * openstack-nova-doc-16.1.9~dev92-3.51.1 * openstack-nova-console-16.1.9~dev92-3.51.2 * openstack-cinder-11.2.3~dev29-3.31.2 ## References: * https://www.suse.com/security/cve/CVE-2022-47951.html * https://bugzilla.suse.com/show_bug.cgi?id=1207321 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Apr 21 16:30:05 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 21 Apr 2023 16:30:05 -0000 Subject: SUSE-SU-2023:1948-1: moderate: Security update for jettison Message-ID: <168209460555.8692.16109901373354752646@smelt2.suse.de> # Security update for jettison Announcement ID: SUSE-SU-2023:1948-1 Rating: moderate References: * #1209605 Cross-References: * CVE-2023-1436 CVSS scores: * CVE-2023-1436 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-1436 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.4 An update that solves one vulnerability can now be installed. ## Description: This update for jettison fixes the following issues: Upgrade to version 1.5.4: * CVE-2023-1436: Fixed infinite recursion triggered when constructing a JSONArray from a Collection (bsc#1209605). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-1948=1 ## Package List: * openSUSE Leap 15.4 (noarch) * jettison-javadoc-1.5.4-150200.3.7.1 * jettison-1.5.4-150200.3.7.1 ## References: * https://www.suse.com/security/cve/CVE-2023-1436.html * https://bugzilla.suse.com/show_bug.cgi?id=1209605 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Apr 21 16:30:07 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 21 Apr 2023 16:30:07 -0000 Subject: SUSE-SU-2023:1947-1: moderate: Security update for dmidecode Message-ID: <168209460740.8692.10634721641811698791@smelt2.suse.de> # Security update for dmidecode Announcement ID: SUSE-SU-2023:1947-1 Rating: moderate References: * #1210418 Cross-References: * CVE-2023-30630 CVSS scores: * CVE-2023-30630 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2023-30630 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * Basesystem Module 15-SP4 * openSUSE Leap 15.4 * openSUSE Leap Micro 5.3 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves one vulnerability can now be installed. ## Description: This update for dmidecode fixes the following issues: * CVE-2023-30630: Fixed potential privilege escalation vulnerability via file overwrite (bsc#1210418). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-1947=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-1947=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-1947=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-1947=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-1947=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-1947=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-1947=1 ## Package List: * openSUSE Leap Micro 5.3 (aarch64 x86_64) * dmidecode-debuginfo-3.4-150400.16.8.1 * dmidecode-debugsource-3.4-150400.16.8.1 * dmidecode-3.4-150400.16.8.1 * openSUSE Leap 15.4 (aarch64 x86_64) * dmidecode-debuginfo-3.4-150400.16.8.1 * dmidecode-debugsource-3.4-150400.16.8.1 * dmidecode-3.4-150400.16.8.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 x86_64) * dmidecode-debuginfo-3.4-150400.16.8.1 * dmidecode-debugsource-3.4-150400.16.8.1 * dmidecode-3.4-150400.16.8.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 x86_64) * dmidecode-debuginfo-3.4-150400.16.8.1 * dmidecode-debugsource-3.4-150400.16.8.1 * dmidecode-3.4-150400.16.8.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 x86_64) * dmidecode-debuginfo-3.4-150400.16.8.1 * dmidecode-debugsource-3.4-150400.16.8.1 * dmidecode-3.4-150400.16.8.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 x86_64) * dmidecode-debuginfo-3.4-150400.16.8.1 * dmidecode-debugsource-3.4-150400.16.8.1 * dmidecode-3.4-150400.16.8.1 * Basesystem Module 15-SP4 (aarch64 x86_64) * dmidecode-debuginfo-3.4-150400.16.8.1 * dmidecode-debugsource-3.4-150400.16.8.1 * dmidecode-3.4-150400.16.8.1 ## References: * https://www.suse.com/security/cve/CVE-2023-30630.html * https://bugzilla.suse.com/show_bug.cgi?id=1210418 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Apr 21 16:30:09 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 21 Apr 2023 16:30:09 -0000 Subject: SUSE-RU-2023:1946-1: important: Recommended update for nvme-stas Message-ID: <168209460972.8692.10504845361512247675@smelt2.suse.de> # Recommended update for nvme-stas Announcement ID: SUSE-RU-2023:1946-1 Rating: important References: * #1207436 Affected Products: * Basesystem Module 15-SP4 * openSUSE Leap 15.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has one recommended fix can now be installed. ## Description: This update for nvme-stas fixes the following issue: * Update to version 1.1.9 * Add _nvme-disc._udp to the list of mDNS service types * Fix RoCe and iwarp support (bsc#1207436) ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-1946=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-1946=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * nvme-stas-1.1.9-150400.3.9.3 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * nvme-stas-1.1.9-150400.3.9.3 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1207436 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Apr 21 16:30:11 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 21 Apr 2023 16:30:11 -0000 Subject: SUSE-RU-2023:1945-1: moderate: Recommended update for elfutils Message-ID: <168209461179.8692.8217165805010464846@smelt2.suse.de> # Recommended update for elfutils Announcement ID: SUSE-RU-2023:1945-1 Rating: moderate References: * #1203599 Affected Products: * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Manager Proxy 4.2 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Server 4.2 An update that has one recommended fix can now be installed. ## Description: This update for elfutils fixes the following issues: * go1.19 builds created debuginfo that was not extractable using rpm / elfutils 0.177. (bsc#1203599) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-1945=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-1945=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-1945=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-1945=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-1945=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-1945=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-1945=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-1945=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-1945=1 * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-1945=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-1945=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-1945=1 ## Package List: * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * elfutils-debuginfo-0.177-150300.11.6.1 * elfutils-debugsource-0.177-150300.11.6.1 * libdw1-debuginfo-0.177-150300.11.6.1 * libdw1-0.177-150300.11.6.1 * elfutils-0.177-150300.11.6.1 * libdw-devel-0.177-150300.11.6.1 * libasm-devel-0.177-150300.11.6.1 * libelf-devel-0.177-150300.11.6.1 * libelf1-0.177-150300.11.6.1 * libasm1-0.177-150300.11.6.1 * libebl-plugins-0.177-150300.11.6.1 * libelf1-debuginfo-0.177-150300.11.6.1 * libasm1-debuginfo-0.177-150300.11.6.1 * libebl-plugins-debuginfo-0.177-150300.11.6.1 * libebl-devel-0.177-150300.11.6.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * elfutils-lang-0.177-150300.11.6.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (x86_64) * libelf1-32bit-0.177-150300.11.6.1 * libebl-plugins-32bit-0.177-150300.11.6.1 * libelf1-32bit-debuginfo-0.177-150300.11.6.1 * libebl-plugins-32bit-debuginfo-0.177-150300.11.6.1 * libdw1-32bit-debuginfo-0.177-150300.11.6.1 * libdw1-32bit-0.177-150300.11.6.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * elfutils-debuginfo-0.177-150300.11.6.1 * elfutils-debugsource-0.177-150300.11.6.1 * libdw1-debuginfo-0.177-150300.11.6.1 * libdw1-0.177-150300.11.6.1 * elfutils-0.177-150300.11.6.1 * libdw-devel-0.177-150300.11.6.1 * libasm-devel-0.177-150300.11.6.1 * libelf-devel-0.177-150300.11.6.1 * libelf1-0.177-150300.11.6.1 * libasm1-0.177-150300.11.6.1 * libebl-plugins-0.177-150300.11.6.1 * libelf1-debuginfo-0.177-150300.11.6.1 * libasm1-debuginfo-0.177-150300.11.6.1 * libebl-plugins-debuginfo-0.177-150300.11.6.1 * libebl-devel-0.177-150300.11.6.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * elfutils-lang-0.177-150300.11.6.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (x86_64) * libelf1-32bit-0.177-150300.11.6.1 * libebl-plugins-32bit-0.177-150300.11.6.1 * libelf1-32bit-debuginfo-0.177-150300.11.6.1 * libebl-plugins-32bit-debuginfo-0.177-150300.11.6.1 * libdw1-32bit-debuginfo-0.177-150300.11.6.1 * libdw1-32bit-0.177-150300.11.6.1 * SUSE Linux Enterprise Real Time 15 SP3 (x86_64) * elfutils-debugsource-0.177-150300.11.6.1 * libelf1-0.177-150300.11.6.1 * libebl-plugins-0.177-150300.11.6.1 * libelf1-32bit-0.177-150300.11.6.1 * libdw1-0.177-150300.11.6.1 * elfutils-0.177-150300.11.6.1 * libdw1-32bit-0.177-150300.11.6.1 * libelf1-32bit-debuginfo-0.177-150300.11.6.1 * libasm-devel-0.177-150300.11.6.1 * libasm1-debuginfo-0.177-150300.11.6.1 * libdw1-32bit-debuginfo-0.177-150300.11.6.1 * libdw-devel-0.177-150300.11.6.1 * libelf-devel-0.177-150300.11.6.1 * libasm1-0.177-150300.11.6.1 * elfutils-debuginfo-0.177-150300.11.6.1 * libdw1-debuginfo-0.177-150300.11.6.1 * libebl-plugins-32bit-0.177-150300.11.6.1 * libebl-plugins-32bit-debuginfo-0.177-150300.11.6.1 * libelf1-debuginfo-0.177-150300.11.6.1 * libebl-plugins-debuginfo-0.177-150300.11.6.1 * libebl-devel-0.177-150300.11.6.1 * SUSE Linux Enterprise Real Time 15 SP3 (noarch) * elfutils-lang-0.177-150300.11.6.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * elfutils-debuginfo-0.177-150300.11.6.1 * elfutils-debugsource-0.177-150300.11.6.1 * libdw1-debuginfo-0.177-150300.11.6.1 * libdw1-0.177-150300.11.6.1 * elfutils-0.177-150300.11.6.1 * libdw-devel-0.177-150300.11.6.1 * libasm-devel-0.177-150300.11.6.1 * libelf-devel-0.177-150300.11.6.1 * libelf1-0.177-150300.11.6.1 * libasm1-0.177-150300.11.6.1 * libebl-plugins-0.177-150300.11.6.1 * libelf1-debuginfo-0.177-150300.11.6.1 * libasm1-debuginfo-0.177-150300.11.6.1 * libebl-plugins-debuginfo-0.177-150300.11.6.1 * libebl-devel-0.177-150300.11.6.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * elfutils-lang-0.177-150300.11.6.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (x86_64) * libelf1-32bit-0.177-150300.11.6.1 * libebl-plugins-32bit-0.177-150300.11.6.1 * libelf1-32bit-debuginfo-0.177-150300.11.6.1 * libebl-plugins-32bit-debuginfo-0.177-150300.11.6.1 * libdw1-32bit-debuginfo-0.177-150300.11.6.1 * libdw1-32bit-0.177-150300.11.6.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * elfutils-debuginfo-0.177-150300.11.6.1 * elfutils-debugsource-0.177-150300.11.6.1 * libdw1-debuginfo-0.177-150300.11.6.1 * libdw1-0.177-150300.11.6.1 * elfutils-0.177-150300.11.6.1 * libdw-devel-0.177-150300.11.6.1 * libasm-devel-0.177-150300.11.6.1 * libelf-devel-0.177-150300.11.6.1 * libelf1-0.177-150300.11.6.1 * libasm1-0.177-150300.11.6.1 * libebl-plugins-0.177-150300.11.6.1 * libelf1-debuginfo-0.177-150300.11.6.1 * libasm1-debuginfo-0.177-150300.11.6.1 * libebl-plugins-debuginfo-0.177-150300.11.6.1 * libebl-devel-0.177-150300.11.6.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * elfutils-lang-0.177-150300.11.6.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (x86_64) * libelf1-32bit-0.177-150300.11.6.1 * libebl-plugins-32bit-0.177-150300.11.6.1 * libelf1-32bit-debuginfo-0.177-150300.11.6.1 * libebl-plugins-32bit-debuginfo-0.177-150300.11.6.1 * libdw1-32bit-debuginfo-0.177-150300.11.6.1 * libdw1-32bit-0.177-150300.11.6.1 * SUSE Manager Proxy 4.2 (x86_64) * elfutils-debugsource-0.177-150300.11.6.1 * libelf1-0.177-150300.11.6.1 * libebl-plugins-0.177-150300.11.6.1 * libelf1-32bit-0.177-150300.11.6.1 * libdw1-0.177-150300.11.6.1 * elfutils-0.177-150300.11.6.1 * libdw1-32bit-0.177-150300.11.6.1 * libelf1-32bit-debuginfo-0.177-150300.11.6.1 * libasm-devel-0.177-150300.11.6.1 * libasm1-debuginfo-0.177-150300.11.6.1 * libdw1-32bit-debuginfo-0.177-150300.11.6.1 * libdw-devel-0.177-150300.11.6.1 * libelf-devel-0.177-150300.11.6.1 * libasm1-0.177-150300.11.6.1 * elfutils-debuginfo-0.177-150300.11.6.1 * libdw1-debuginfo-0.177-150300.11.6.1 * libebl-plugins-32bit-0.177-150300.11.6.1 * libebl-plugins-32bit-debuginfo-0.177-150300.11.6.1 * libelf1-debuginfo-0.177-150300.11.6.1 * libebl-plugins-debuginfo-0.177-150300.11.6.1 * libebl-devel-0.177-150300.11.6.1 * SUSE Manager Proxy 4.2 (noarch) * elfutils-lang-0.177-150300.11.6.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * elfutils-debugsource-0.177-150300.11.6.1 * libelf1-0.177-150300.11.6.1 * libebl-plugins-0.177-150300.11.6.1 * libelf1-32bit-0.177-150300.11.6.1 * libdw1-0.177-150300.11.6.1 * elfutils-0.177-150300.11.6.1 * libdw1-32bit-0.177-150300.11.6.1 * libelf1-32bit-debuginfo-0.177-150300.11.6.1 * libasm-devel-0.177-150300.11.6.1 * libasm1-debuginfo-0.177-150300.11.6.1 * libdw1-32bit-debuginfo-0.177-150300.11.6.1 * libdw-devel-0.177-150300.11.6.1 * libelf-devel-0.177-150300.11.6.1 * libasm1-0.177-150300.11.6.1 * elfutils-debuginfo-0.177-150300.11.6.1 * libdw1-debuginfo-0.177-150300.11.6.1 * libebl-plugins-32bit-0.177-150300.11.6.1 * libebl-plugins-32bit-debuginfo-0.177-150300.11.6.1 * libelf1-debuginfo-0.177-150300.11.6.1 * libebl-plugins-debuginfo-0.177-150300.11.6.1 * libebl-devel-0.177-150300.11.6.1 * SUSE Manager Retail Branch Server 4.2 (noarch) * elfutils-lang-0.177-150300.11.6.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * elfutils-debuginfo-0.177-150300.11.6.1 * elfutils-debugsource-0.177-150300.11.6.1 * libdw1-debuginfo-0.177-150300.11.6.1 * libdw1-0.177-150300.11.6.1 * elfutils-0.177-150300.11.6.1 * libdw-devel-0.177-150300.11.6.1 * libasm-devel-0.177-150300.11.6.1 * libelf-devel-0.177-150300.11.6.1 * libelf1-0.177-150300.11.6.1 * libasm1-0.177-150300.11.6.1 * libebl-plugins-0.177-150300.11.6.1 * libelf1-debuginfo-0.177-150300.11.6.1 * libasm1-debuginfo-0.177-150300.11.6.1 * libebl-plugins-debuginfo-0.177-150300.11.6.1 * libebl-devel-0.177-150300.11.6.1 * SUSE Manager Server 4.2 (noarch) * elfutils-lang-0.177-150300.11.6.1 * SUSE Manager Server 4.2 (x86_64) * libelf1-32bit-0.177-150300.11.6.1 * libebl-plugins-32bit-0.177-150300.11.6.1 * libelf1-32bit-debuginfo-0.177-150300.11.6.1 * libebl-plugins-32bit-debuginfo-0.177-150300.11.6.1 * libdw1-32bit-debuginfo-0.177-150300.11.6.1 * libdw1-32bit-0.177-150300.11.6.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * elfutils-debuginfo-0.177-150300.11.6.1 * elfutils-debugsource-0.177-150300.11.6.1 * libdw1-debuginfo-0.177-150300.11.6.1 * libdw1-0.177-150300.11.6.1 * elfutils-0.177-150300.11.6.1 * libdw-devel-0.177-150300.11.6.1 * libasm-devel-0.177-150300.11.6.1 * libelf-devel-0.177-150300.11.6.1 * libelf1-0.177-150300.11.6.1 * libasm1-0.177-150300.11.6.1 * libebl-plugins-0.177-150300.11.6.1 * libelf1-debuginfo-0.177-150300.11.6.1 * libasm1-debuginfo-0.177-150300.11.6.1 * libebl-plugins-debuginfo-0.177-150300.11.6.1 * libebl-devel-0.177-150300.11.6.1 * SUSE Enterprise Storage 7.1 (noarch) * elfutils-lang-0.177-150300.11.6.1 * SUSE Enterprise Storage 7.1 (x86_64) * libelf1-32bit-0.177-150300.11.6.1 * libebl-plugins-32bit-0.177-150300.11.6.1 * libelf1-32bit-debuginfo-0.177-150300.11.6.1 * libebl-plugins-32bit-debuginfo-0.177-150300.11.6.1 * libdw1-32bit-debuginfo-0.177-150300.11.6.1 * libdw1-32bit-0.177-150300.11.6.1 * SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64) * elfutils-debuginfo-0.177-150300.11.6.1 * elfutils-debugsource-0.177-150300.11.6.1 * libdw1-debuginfo-0.177-150300.11.6.1 * libdw1-0.177-150300.11.6.1 * elfutils-0.177-150300.11.6.1 * libelf1-0.177-150300.11.6.1 * libasm1-0.177-150300.11.6.1 * libebl-plugins-0.177-150300.11.6.1 * libelf1-debuginfo-0.177-150300.11.6.1 * libasm1-debuginfo-0.177-150300.11.6.1 * libebl-plugins-debuginfo-0.177-150300.11.6.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * elfutils-debuginfo-0.177-150300.11.6.1 * elfutils-debugsource-0.177-150300.11.6.1 * libdw1-debuginfo-0.177-150300.11.6.1 * libdw1-0.177-150300.11.6.1 * elfutils-0.177-150300.11.6.1 * libelf1-0.177-150300.11.6.1 * libasm1-0.177-150300.11.6.1 * libebl-plugins-0.177-150300.11.6.1 * libelf1-debuginfo-0.177-150300.11.6.1 * libasm1-debuginfo-0.177-150300.11.6.1 * libebl-plugins-debuginfo-0.177-150300.11.6.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * elfutils-debuginfo-0.177-150300.11.6.1 * elfutils-debugsource-0.177-150300.11.6.1 * libdw1-debuginfo-0.177-150300.11.6.1 * libdw1-0.177-150300.11.6.1 * elfutils-0.177-150300.11.6.1 * libelf1-0.177-150300.11.6.1 * libasm1-0.177-150300.11.6.1 * libebl-plugins-0.177-150300.11.6.1 * libelf1-debuginfo-0.177-150300.11.6.1 * libasm1-debuginfo-0.177-150300.11.6.1 * libebl-plugins-debuginfo-0.177-150300.11.6.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1203599 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Sat Apr 22 07:02:26 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 22 Apr 2023 09:02:26 +0200 (CEST) Subject: SUSE-CU-2023:1229-1: Security update of rancher/elemental-builder-image/5.3 Message-ID: <20230422070226.43F3BF457@maintenance.suse.de> SUSE Container Update Advisory: rancher/elemental-builder-image/5.3 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1229-1 Container Tags : rancher/elemental-builder-image/5.3:0.2.5 , rancher/elemental-builder-image/5.3:0.2.5-4.2.2 , rancher/elemental-builder-image/5.3:latest Container Release : 4.2.2 Severity : important Type : security References : 1121365 1177460 1177460 1180995 1190651 1190651 1190651 1190653 1190888 1193859 1194038 1194047 1198165 1198471 1198472 1199467 1201293 1201959 1202148 1202148 1202324 1202870 1203046 1203069 1203537 1203652 1203652 1203911 1204211 1204366 1204367 1204383 1204386 1204585 1204649 1205126 1205156 1205502 1205646 1206308 1206309 1207182 1207533 1207534 1207536 1207538 1207789 1207990 1207991 1207992 1207994 1208079 1208432 1208924 1208925 1208926 1208998 1209209 1209210 1209211 1209212 1209214 1209533 1209624 1209873 1209878 CVE-2022-32221 CVE-2022-40303 CVE-2022-40304 CVE-2022-42898 CVE-2022-42916 CVE-2022-4304 CVE-2022-43551 CVE-2022-43552 CVE-2022-4450 CVE-2022-4899 CVE-2023-0215 CVE-2023-0286 CVE-2023-0464 CVE-2023-0465 CVE-2023-0466 CVE-2023-23914 CVE-2023-23915 CVE-2023-23916 CVE-2023-27533 CVE-2023-27534 CVE-2023-27535 CVE-2023-27536 CVE-2023-27538 ----------------------------------------------------------------- The container rancher/elemental-builder-image/5.3 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2796-1 Released: Fri Aug 12 14:34:31 2022 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: This update for jitterentropy fixes the following issues: jitterentropy is included in version 3.4.0 (jsc#SLE-24941): This is a FIPS 140-3 / NIST 800-90b compliant userspace jitter entropy generator library, used by other FIPS libraries. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3328-1 Released: Wed Sep 21 12:48:56 2022 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: 1202870 This update for jitterentropy fixes the following issues: - Hide the non-GNUC constructs that are library internal from the exported header, to make it usable in builds with strict C99 compliance. (bsc#1202870) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3663-1 Released: Wed Oct 19 19:05:21 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1121365,1180995,1190651,1190653,1190888,1193859,1198471,1198472,1201293,1202148,1203046,1203069 This update for openssl-1_1 fixes the following issues: - FIPS: Default to RFC-7919 groups for genparam and dhparam - FIPS: list only FIPS approved digest and public key algorithms [bsc#1121365, bsc#1190888, bsc#1193859, bsc#1198471, bsc#1198472] - FIPS: Add KAT for the RAND_DRBG implementation [bsc#1203069] - FIPS: openssl: RAND api should call into FIPS DRBG [bsc#1201293] * The FIPS_drbg implementation is not FIPS validated anymore. To provide backwards compatibility for applications that need FIPS compliant RNG number generation and use FIPS_drbg_generate, this function was re-wired to call the FIPS validated DRBG instance instead through the RAND_bytes() call. - FIPS: Fix minor memory leaks by FIPS patch [bsc#1203046] - FIPS: OpenSSL: Port openssl to use jitterentropy [bsc#1202148, jsc#SLE-24941] libcrypto.so now requires libjitterentropy3 library. - FIPS: OpenSSL Provide a service-level indicator [bsc#1190651] - FIPS: Add zeroization of temporary variables to the hmac integrity function FIPSCHECK_verify(). [bsc#1190653] ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3692-1 Released: Fri Oct 21 16:15:07 2022 Summary: Security update for libxml2 Type: security Severity: important References: 1204366,1204367,CVE-2022-40303,CVE-2022-40304 This update for libxml2 fixes the following issues: - CVE-2022-40303: Fixed integer overflows with XML_PARSE_HUGE (bsc#1204366). - CVE-2022-40304: Fixed dict corruption caused by entity reference cycles (bsc#1204367). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3785-1 Released: Wed Oct 26 20:20:19 2022 Summary: Security update for curl Type: security Severity: important References: 1204383,1204386,CVE-2022-32221,CVE-2022-42916 This update for curl fixes the following issues: - CVE-2022-32221: Fixed POST following PUT confusion (bsc#1204383). - CVE-2022-42916: Fixed HSTS bypass via IDN (bsc#1204386). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3787-1 Released: Thu Oct 27 04:41:09 2022 Summary: Recommended update for permissions Type: recommended Severity: important References: 1194047,1203911 This update for permissions fixes the following issues: - Fix regression introduced by backport of security fix (bsc#1203911) - Add permissions for enlightenment helper on 32bit arches (bsc#1194047) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3870-1 Released: Fri Nov 4 11:12:08 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1190651,1202148 This update for openssl-1_1 fixes the following issues: - FIPS: Add a missing dependency on jitterentropy-devel for libopenssl-1_1-devel (bsc#1202148) - FIPS: OpenSSL service-level indicator: Allow AES XTS 256 (bsc#1190651) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3910-1 Released: Tue Nov 8 13:05:04 2022 Summary: Recommended update for pam Type: recommended Severity: moderate References: This update for pam fixes the following issue: - Update pam_motd to the most current version. (PED-1712) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3961-1 Released: Mon Nov 14 07:33:50 2022 Summary: Recommended update for zlib Type: recommended Severity: important References: 1203652 This update for zlib fixes the following issues: - Fix updating strm.adler with inflate() if DFLTCC is used (bsc#1203652) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3974-1 Released: Mon Nov 14 15:39:20 2022 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1201959,1204211 This update for util-linux fixes the following issues: - Fix file conflict during upgrade (bsc#1204211) - libuuid improvements (bsc#1201959, PED-1150): libuuid: Fix range when parsing UUIDs. Improve cache handling for short running applications-increment the cache size over runtime. Implement continuous clock handling for time based UUIDs. Check clock value from clock file to provide seamless libuuid. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4066-1 Released: Fri Nov 18 10:43:00 2022 Summary: Recommended update for timezone Type: recommended Severity: important References: 1177460,1202324,1204649,1205156 This update for timezone fixes the following issues: Update timezone version from 2022a to 2022f (bsc#1177460, bsc#1204649, bsc#1205156): - Mexico will no longer observe DST except near the US border - Chihuahua moves to year-round -06 on 2022-10-30 - Fiji no longer observes DST - In vanguard form, GMT is now a Zone and Etc/GMT a link - zic now supports links to links, and vanguard form uses this - Simplify four Ontario zones - Fix a Y2438 bug when reading TZif data - Enable 64-bit time_t on 32-bit glibc platforms - Omit large-file support when no longer needed - Jordan and Syria switch from +02/+03 with DST to year-round +03 - Palestine transitions are now Saturdays at 02:00 - Simplify three Ukraine zones into one - Improve tzselect on intercontinental Zones - Chile's DST is delayed by a week in September 2022 (bsc#1202324) - Iran no longer observes DST after 2022 - Rename Europe/Kiev to Europe/Kyiv - New `zic -R` command option - Vanguard form now uses %z ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4135-1 Released: Mon Nov 21 00:13:40 2022 Summary: Recommended update for libeconf Type: recommended Severity: moderate References: 1198165 This update for libeconf fixes the following issues: - Update to version 0.4.6+git - econftool: Parsing error: Reporting file and line nr. --delimeters=spaces accepting all kind of spaces for delimiter. - libeconf: Parse files correctly on space characters (1198165) - Update to version 0.4.5+git - econftool: New call 'syntax' for checking the configuration files only. Returns an error string with line number if error. New options '--comment' and '--delimeters' ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4153-1 Released: Mon Nov 21 14:34:09 2022 Summary: Security update for krb5 Type: security Severity: important References: 1205126,CVE-2022-42898 This update for krb5 fixes the following issues: - CVE-2022-42898: Fixed integer overflow in PAC parsing (bsc#1205126). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4212-1 Released: Thu Nov 24 15:53:48 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1190651 This update for openssl-1_1 fixes the following issues: - FIPS: Mark PBKDF2 with key shorter than 112 bits as non-approved (bsc#1190651) - FIPS: Consider RSA siggen/sigver with PKCS1 padding also approved (bsc#1190651) - FIPS: Return the correct indicator for a given EC group order bits (bsc#1190651) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4256-1 Released: Mon Nov 28 12:36:32 2022 Summary: Recommended update for gcc12 Type: recommended Severity: moderate References: This update for gcc12 fixes the following issues: This update ship the GCC 12 compiler suite and its base libraries. The compiler baselibraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 11 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP3 and SP4, and provided in the 'Development Tools' module. The Go, D and Ada language compiler parts are available unsupported via the PackageHub repositories. To use gcc12 compilers use: - install 'gcc12' or 'gcc12-c++' or one of the other 'gcc12-COMPILER' frontend packages. - override your Makefile to use CC=gcc12, CXX=g++12 and similar overrides for the other languages. For a full changelog with all new GCC12 features, check out https://gcc.gnu.org/gcc-12/changes.html ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4597-1 Released: Wed Dec 21 10:13:11 2022 Summary: Security update for curl Type: security Severity: important References: 1206308,1206309,CVE-2022-43551,CVE-2022-43552 This update for curl fixes the following issues: - CVE-2022-43552: HTTP Proxy deny use-after-free (bsc#1206309). - CVE-2022-43551: Fixed HSTS bypass via IDN (bsc#1206308). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:25-1 Released: Thu Jan 5 09:51:41 2023 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: Version update from 2022f to 2022g (bsc#1177460): - In the Mexican state of Chihuahua: * The border strip near the US will change to agree with nearby US locations on 2022-11-30. * The strip's western part, represented by Ciudad Juarez, switches from -06 all year to -07/-06 with US DST rules, like El Paso, TX. * The eastern part, represented by Ojinaga, will observe US DST next year, like Presidio, TX. * A new Zone America/Ciudad_Juarez splits from America/Ojinaga. - Much of Greenland, represented by America/Nuuk, stops observing winter time after March 2023, so its daylight saving time becomes standard time. - Changes for pre-1996 northern Canada - Update to past DST transition in Colombia (1993), Singapore (1981) - 'timegm' is now supported by default ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:45-1 Released: Mon Jan 9 10:32:26 2023 Summary: Recommended update for libxml2 Type: recommended Severity: moderate References: 1204585 This update for libxml2 fixes the following issues: - Add W3C conformance tests to the testsuite (bsc#1204585): * Added file xmlts20080827.tar.gz ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:48-1 Released: Mon Jan 9 10:37:54 2023 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1199467 This update for libtirpc fixes the following issues: - Consider /proc/sys/net/ipv4/ip_local_reserved_ports, before binding to a random port (bsc#1199467) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:50-1 Released: Mon Jan 9 10:42:21 2023 Summary: Recommended update for shadow Type: recommended Severity: moderate References: 1205502 This update for shadow fixes the following issues: - Fix issue with user id field that cannot be interpreted (bsc#1205502) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:177-1 Released: Thu Jan 26 20:57:35 2023 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1194038,1205646 This update for util-linux fixes the following issues: - Fix tests not passing when '@' character is in build path: Fixes rpmbuild %checks fail when @ in the directory path (bsc#1194038). - libuuid continuous clock handling for time based UUIDs: Prevent use of the new libuuid ABI by uuidd %post before update of libuuid1 (bsc#1205646). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:178-1 Released: Thu Jan 26 20:58:21 2023 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1207182 This update for openssl-1_1 fixes the following issues: - FIPS: Add Pair-wise Consistency Test when generating DH key [bsc#1207182] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:188-1 Released: Fri Jan 27 12:07:19 2023 Summary: Recommended update for zlib Type: recommended Severity: important References: 1203652 This update for zlib fixes the following issues: - Follow up fix for bug bsc#1203652 due to libxml2 issues ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:311-1 Released: Tue Feb 7 17:36:32 2023 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1207533,1207534,1207536,1207538,CVE-2022-4304,CVE-2022-4450,CVE-2023-0215,CVE-2023-0286 This update for openssl-1_1 fixes the following issues: - CVE-2023-0286: Fixed X.400 address type confusion in X.509 GENERAL_NAME_cmp for x400Address (bsc#1207533). - CVE-2023-0215: Fixed use-after-free following BIO_new_NDEF() (bsc#1207536). - CVE-2022-4450: Fixed double free after calling PEM_read_bio_ex() (bsc#1207538). - CVE-2022-4304: Fixed timing Oracle in RSA Decryption (bsc#1207534). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:429-1 Released: Wed Feb 15 17:41:22 2023 Summary: Security update for curl Type: security Severity: important References: 1207990,1207991,1207992,CVE-2023-23914,CVE-2023-23915,CVE-2023-23916 This update for curl fixes the following issues: - CVE-2023-23914: Fixed HSTS ignored on multiple requests (bsc#1207990). - CVE-2023-23915: Fixed HSTS amnesia with --parallel (bsc#1207991). - CVE-2023-23916: Fixed HTTP multi-header compression denial of service (bsc#1207992). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:563-1 Released: Tue Feb 28 10:51:46 2023 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1207994 This update for openssl-1_1 fixes the following issues: - FIPS: Serialize jitterentropy calls to avoid thread safety issues [bsc#1207994] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:617-1 Released: Fri Mar 3 16:49:06 2023 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: 1207789 This update for jitterentropy fixes the following issues: - build jitterentropy library with debuginfo (bsc#1207789) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:776-1 Released: Thu Mar 16 17:29:23 2023 Summary: Recommended update for gcc12 Type: recommended Severity: moderate References: This update for gcc12 fixes the following issues: This update ships gcc12 also to the SUSE Linux Enterprise 15 SP1 LTSS and 15 SP2 LTSS products. SUSE Linux Enterprise 15 SP3 and SP4 get only refreshed builds without changes This update ship the GCC 12 compiler suite and its base libraries. The compiler baselibraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 11 ones. The new compilers for C, C++, and Fortran are provided in the SUSE Linux Enterprise Module for Development Tools. To use gcc12 compilers use: - install 'gcc12' or 'gcc12-c++' or one of the other 'gcc12-COMPILER' frontend packages. - override your makefile to use CC=gcc12, CXX=g++12 and similar overrides for the other languages. For a full changelog with all new GCC12 features, check out https://gcc.gnu.org/gcc-12/changes.html ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:782-1 Released: Thu Mar 16 19:08:34 2023 Summary: Recommended update for libgcrypt Type: recommended Severity: moderate References: 1208924,1208925,1208926 This update for libgcrypt fixes the following issues: - FIPS: ECC: Transition to error-state if PCT fail [bsc#1208925] - FIPS: ECDSA: Avoid no-keytest in ECDSA keygen [bsc#1208924] - FIPS: PBKDF2: Added additional checks for the minimum key length, salt length, iteration count and passphrase length to the kdf FIPS indicator in _gcry_fips_indicator_kdf() [bsc#1208926] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:783-1 Released: Thu Mar 16 19:09:03 2023 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1208998 This update for openssl-1_1 fixes the following issues: FIPS: Service-level indicator changes [bsc#1208998] * Add additional checks required by FIPS 140-3. Minimum values for PBKDF2 are: 112 bits for key, 128 bits for salt, 1000 for iteration count and 20 characters for password. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1582-1 Released: Mon Mar 27 10:31:52 2023 Summary: Security update for curl Type: security Severity: moderate References: 1209209,1209210,1209211,1209212,1209214,CVE-2023-27533,CVE-2023-27534,CVE-2023-27535,CVE-2023-27536,CVE-2023-27538 This update for curl fixes the following issues: - CVE-2023-27533: Fixed TELNET option IAC injection (bsc#1209209). - CVE-2023-27534: Fixed SFTP path ~ resolving discrepancy (bsc#1209210). - CVE-2023-27535: Fixed FTP too eager connection reuse (bsc#1209211). - CVE-2023-27536: Fixed GSS delegation too eager connection reuse (bsc#1209212). - CVE-2023-27538: Fixed SSH connection too eager reuse still (bsc#1209214). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1662-1 Released: Wed Mar 29 10:36:23 2023 Summary: Recommended update for patterns-base Type: recommended Severity: moderate References: 1203537 This update for patterns-base fixes the following issues: - change label of FIPS 140-2 to 140-3 to reflect our current certifications (bsc#1203537) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1688-1 Released: Wed Mar 29 18:19:10 2023 Summary: Security update for zstd Type: security Severity: moderate References: 1209533,CVE-2022-4899 This update for zstd fixes the following issues: - CVE-2022-4899: Fixed buffer overrun in util.c (bsc#1209533). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1745-1 Released: Tue Apr 4 09:05:23 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1209624,CVE-2023-0464 This update for openssl-1_1 fixes the following issues: - CVE-2023-0464: Fixed excessive Resource Usage Verifying X.509 Policy Constraints (bsc#1209624). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1779-1 Released: Thu Apr 6 08:16:58 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1208432 This update for systemd fixes the following issues: - Fix return non-zero value when disabling SysVinit service (bsc#1208432) - Drop build requirement on libpci, it's not no longer needed - Move systemd-boot and all components managing (secure) UEFI boot into udev sub-package, so they aren't installed in systemd based containers ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1805-1 Released: Tue Apr 11 10:12:41 2023 Summary: Recommended update for timezone Type: recommended Severity: important References: This update for timezone fixes the following issues: - Version update from 2022g to 2023c: * Egypt now uses DST again, from April through October. * This year Morocco springs forward April 23, not April 30. * Palestine delays the start of DST this year. * Much of Greenland still uses DST from 2024 on. * America/Yellowknife now links to America/Edmonton. * tzselect can now use current time to help infer timezone. * The code now defaults to C99 or later. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1880-1 Released: Tue Apr 18 11:11:27 2023 Summary: Recommended update for systemd-rpm-macros Type: recommended Severity: low References: 1208079 This update for systemd-rpm-macros fixes the following issue: - Don't emit a warning when the flag file in /var/lib/systemd/migrated/ is not present as it's expected (bsc#1208079). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1911-1 Released: Wed Apr 19 13:02:33 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1209873,1209878,CVE-2023-0465,CVE-2023-0466 This update for openssl-1_1 fixes the following issues: - CVE-2023-0465: Invalid certificate policies in leaf certificates were silently ignored (bsc#1209878). - CVE-2023-0466: Certificate policy check were not enabled (bsc#1209873). The following package changes have been done: - libtirpc-netconfig-1.2.6-150300.3.17.1 updated - glibc-2.31-150300.46.1 updated - libzstd1-1.5.0-150400.3.3.1 updated - libuuid1-2.37.2-150400.8.14.1 updated - libudev1-249.16-150400.8.25.7 updated - libsmartcols1-2.37.2-150400.8.14.1 updated - libeconf0-0.4.6+git20220427.3016f4e-150400.3.3.1 updated - libblkid1-2.37.2-150400.8.14.1 updated - libgcrypt20-1.9.4-150400.6.8.1 updated - libgcrypt20-hmac-1.9.4-150400.6.8.1 updated - libfdisk1-2.37.2-150400.8.14.1 updated - libz1-1.2.11-150000.3.39.1 updated - libjitterentropy3-3.4.0-150000.1.9.1 added - libgcc_s1-12.2.1+git416-150000.1.7.1 updated - libstdc++6-12.2.1+git416-150000.1.7.1 updated - libxml2-2-2.9.14-150400.5.13.1 updated - libsystemd0-249.16-150400.8.25.7 updated - libopenssl1_1-1.1.1l-150400.7.34.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.34.1 updated - patterns-base-fips-20200124-150400.20.4.1 updated - libmount1-2.37.2-150400.8.14.1 updated - krb5-1.19.2-150400.3.3.1 updated - login_defs-4.8.1-150400.10.3.1 updated - libtirpc3-1.2.6-150300.3.17.1 updated - libcurl4-7.79.1-150400.5.18.1 updated - permissions-20201225-150400.5.16.1 updated - pam-1.3.0-150000.6.61.1 updated - shadow-4.8.1-150400.10.3.1 updated - util-linux-2.37.2-150400.8.14.1 updated - timezone-2023c-150000.75.23.1 updated - systemd-rpm-macros-12-150000.7.30.1 updated - systemd-249.16-150400.8.25.7 updated - udev-249.16-150400.8.25.7 updated - elemental-cli-0.2.5-150400.1.1 updated - container:sles15-image-15.0.0-27.14.53 updated From sle-updates at lists.suse.com Sat Apr 22 07:02:28 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 22 Apr 2023 09:02:28 +0200 (CEST) Subject: SUSE-CU-2023:1230-1: Security update of rancher/elemental-teal/5.3 Message-ID: <20230422070228.A330CF457@maintenance.suse.de> SUSE Container Update Advisory: rancher/elemental-teal/5.3 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1230-1 Container Tags : rancher/elemental-teal/5.3:1.1.4 , rancher/elemental-teal/5.3:1.1.4-3.2.6 , rancher/elemental-teal/5.3:latest Container Release : 3.2.6 Severity : important Type : security References : 1184124 1206195 1206439 1207571 1207957 1207975 1208079 1208358 1208432 1209188 1209624 1209873 1209878 CVE-2023-0464 CVE-2023-0465 CVE-2023-0466 CVE-2023-0687 ----------------------------------------------------------------- The container rancher/elemental-teal/5.3 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2179-1 Released: Mon Jun 28 17:36:37 2021 Summary: Recommended update for thin-provisioning-tools Type: recommended Severity: moderate References: 1184124 This update for thin-provisioning-tools fixes the following issues: - Link as position-independent executable (bsc#1184124) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1717-1 Released: Fri Mar 31 15:18:35 2023 Summary: Security update for grub2 Type: security Severity: moderate References: 1209188 This update of grub2 fixes the following issues: - rebuild the package with the new secure boot key (bsc#1209188). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1718-1 Released: Fri Mar 31 15:47:34 2023 Summary: Security update for glibc Type: security Severity: moderate References: 1207571,1207957,1207975,1208358,CVE-2023-0687 This update for glibc fixes the following issues: Security issue fixed: - CVE-2023-0687: Fix allocated buffer overflow in gmon (bsc#1207975) Other issues fixed: - Fix avx2 strncmp offset compare condition check (bsc#1208358) - elf: Allow dlopen of filter object to work (bsc#1207571) - powerpc: Fix unrecognized instruction errors with recent GCC - x86: Cache computation for AMD architecture (bsc#1207957) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1745-1 Released: Tue Apr 4 09:05:23 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1209624,CVE-2023-0464 This update for openssl-1_1 fixes the following issues: - CVE-2023-0464: Fixed excessive Resource Usage Verifying X.509 Policy Constraints (bsc#1209624). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1779-1 Released: Thu Apr 6 08:16:58 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1208432 This update for systemd fixes the following issues: - Fix return non-zero value when disabling SysVinit service (bsc#1208432) - Drop build requirement on libpci, it's not no longer needed - Move systemd-boot and all components managing (secure) UEFI boot into udev sub-package, so they aren't installed in systemd based containers ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1805-1 Released: Tue Apr 11 10:12:41 2023 Summary: Recommended update for timezone Type: recommended Severity: important References: This update for timezone fixes the following issues: - Version update from 2022g to 2023c: * Egypt now uses DST again, from April through October. * This year Morocco springs forward April 23, not April 30. * Palestine delays the start of DST this year. * Much of Greenland still uses DST from 2024 on. * America/Yellowknife now links to America/Edmonton. * tzselect can now use current time to help infer timezone. * The code now defaults to C99 or later. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1880-1 Released: Tue Apr 18 11:11:27 2023 Summary: Recommended update for systemd-rpm-macros Type: recommended Severity: low References: 1208079 This update for systemd-rpm-macros fixes the following issue: - Don't emit a warning when the flag file in /var/lib/systemd/migrated/ is not present as it's expected (bsc#1208079). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1885-1 Released: Tue Apr 18 11:15:17 2023 Summary: Recommended update for dracut Type: recommended Severity: moderate References: 1206195,1206439 This update for dracut fixes the following issues: - Update to version 055+suse.335.gccf7fbc6: * Always include all drivers that LVM can use (bsc#1206195) * Require libopenssl1_1-hmac for dracut-fips (bsc#1206439) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1911-1 Released: Wed Apr 19 13:02:33 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1209873,1209878,CVE-2023-0465,CVE-2023-0466 This update for openssl-1_1 fixes the following issues: - CVE-2023-0465: Invalid certificate policies in leaf certificates were silently ignored (bsc#1209878). - CVE-2023-0466: Certificate policy check were not enabled (bsc#1209873). The following package changes have been done: - glibc-2.31-150300.46.1 updated - libudev1-249.16-150400.8.25.7 updated - libaio1-0.3.109-1.25 added - libsystemd0-249.16-150400.8.25.7 updated - liblvm2cmd2_03-2.03.05-150400.185.1 added - libdevmapper-event1_03-2.03.05_1.02.163-150400.185.1 added - elemental-dracut-config-0.10.6-150400.1.1 updated - elemental-grub-config-0.10.6-150400.1.1 updated - elemental-immutable-rootfs-0.10.6-150400.1.1 updated - elemental-register-1.2.2-150400.1.1 updated - elemental-support-1.2.2-150400.1.1 updated - elemental-system-agent-0.3.2-150400.1.1 updated - elemental-updater-1.1.4-150400.1.1 updated - timezone-2023c-150000.75.23.1 updated - thin-provisioning-tools-0.7.5-3.3.1 added - systemd-rpm-macros-12-150000.7.30.1 updated - device-mapper-2.03.05_1.02.163-150400.185.1 added - grub2-2.06-150400.11.25.1 updated - grub2-i386-pc-2.06-150400.11.25.1 updated - glibc-locale-base-2.31-150300.46.1 updated - libopenssl1_1-1.1.1l-150400.7.34.1 updated - systemd-249.16-150400.8.25.7 updated - libnm0-1.38.2-150400.3.2.3 updated - udev-249.16-150400.8.25.7 updated - systemd-sysvinit-249.16-150400.8.25.7 updated - dracut-055+suse.335.gccf7fbc6-150400.3.19.1 updated - lvm2-2.03.05-150400.185.1 added - kernel-firmware-usb-network-20220509-150400.4.13.1 added - kernel-firmware-realtek-20220509-150400.4.13.1 added - kernel-firmware-qlogic-20220509-150400.4.13.1 added - kernel-firmware-platform-20220509-150400.4.13.1 added - kernel-firmware-network-20220509-150400.4.13.1 added - kernel-firmware-mellanox-20220509-150400.4.13.1 added - kernel-firmware-mediatek-20220509-150400.4.13.1 added - kernel-firmware-marvell-20220509-150400.4.13.1 added - kernel-firmware-liquidio-20220509-150400.4.13.1 added - kernel-firmware-iwlwifi-20220509-150400.4.13.1 added - kernel-firmware-intel-20220509-150400.4.13.1 added - kernel-firmware-i915-20220509-150400.4.13.1 added - kernel-firmware-chelsio-20220509-150400.4.13.1 added - kernel-firmware-bnx2-20220509-150400.4.13.1 added - NetworkManager-1.38.2-150400.3.2.3 updated - kernel-firmware-ath10k-20220509-150400.4.13.1 added - kernel-firmware-ath11k-20220509-150400.4.13.1 added - kernel-firmware-atheros-20220509-150400.4.13.1 added - kernel-firmware-bluetooth-20220509-150400.4.13.1 added - kernel-firmware-brcm-20220509-150400.4.13.1 added - kernel-firmware-dpaa2-20220509-150400.4.13.1 added - kernel-firmware-media-20220509-150400.4.13.1 added - kernel-firmware-mwifiex-20220509-150400.4.13.1 added - kernel-firmware-nfp-20220509-150400.4.13.1 added - kernel-firmware-nvidia-20220509-150400.4.13.1 added - kernel-firmware-prestera-20220509-150400.4.13.1 added - kernel-firmware-qcom-20220509-150400.4.13.1 added - kernel-firmware-radeon-20220509-150400.4.13.1 added - kernel-firmware-serial-20220509-150400.4.13.1 added - kernel-firmware-sound-20220509-150400.4.13.1 added - kernel-firmware-ti-20220509-150400.4.13.1 added - kernel-firmware-ueagle-20220509-150400.4.13.1 added - libpwquality1-1.4.4-150400.15.4 added - systemd-presets-branding-Elemental-20230303-150400.1.1 updated - kernel-firmware-all-20220509-150400.4.13.1 added - cryptsetup-2.4.3-150400.1.110 added - elemental-cli-0.2.5-150400.1.1 updated - elemental-init-setup-0.10.6-150400.1.1 updated - elemental-init-services-0.10.6-150400.1.1 updated - elemental-init-recovery-0.10.6-150400.1.1 updated - elemental-init-network-0.10.6-150400.1.1 updated - elemental-init-live-0.10.6-150400.1.1 updated - elemental-init-boot-assessment-0.10.6-150400.1.1 updated - elemental-init-config-0.10.6-150400.1.1 updated - elemental-toolkit-0.10.6-150400.1.1 updated - elemental-1.1.4-150400.1.1 updated - k9s-0.27.3-150400.1.1 updated - container:micro-for-rancher-image-5.3.0-7.2.131 updated From sle-updates at lists.suse.com Sat Apr 22 07:02:30 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 22 Apr 2023 09:02:30 +0200 (CEST) Subject: SUSE-CU-2023:1231-1: Security update of rancher/elemental-operator/5.3 Message-ID: <20230422070230.BC8F5F457@maintenance.suse.de> SUSE Container Update Advisory: rancher/elemental-operator/5.3 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1231-1 Container Tags : rancher/elemental-operator/5.3:1.2.2 , rancher/elemental-operator/5.3:1.2.2-3.2.2 , rancher/elemental-operator/5.3:latest Container Release : 3.2.2 Severity : important Type : security References : 1121365 1177460 1177460 1180995 1190651 1190651 1190651 1190653 1190888 1193859 1194038 1194047 1198165 1198471 1198472 1199467 1200723 1201293 1201959 1202148 1202148 1202324 1202870 1203046 1203069 1203537 1203652 1203652 1203911 1204179 1204211 1204366 1204367 1204383 1204386 1204585 1204649 1204944 1204968 1205000 1205000 1205126 1205156 1205502 1205646 1206308 1206309 1207182 1207264 1207533 1207534 1207536 1207538 1207571 1207789 1207957 1207975 1207990 1207991 1207992 1207994 1208358 1208432 1208924 1208925 1208926 1208998 1209209 1209210 1209211 1209212 1209214 1209533 1209624 1209873 1209878 CVE-2022-32221 CVE-2022-3821 CVE-2022-40303 CVE-2022-40304 CVE-2022-42898 CVE-2022-42916 CVE-2022-4304 CVE-2022-43551 CVE-2022-43552 CVE-2022-4415 CVE-2022-4415 CVE-2022-4450 CVE-2022-4899 CVE-2023-0215 CVE-2023-0286 CVE-2023-0464 CVE-2023-0465 CVE-2023-0466 CVE-2023-0687 CVE-2023-23914 CVE-2023-23915 CVE-2023-23916 CVE-2023-27533 CVE-2023-27534 CVE-2023-27535 CVE-2023-27536 CVE-2023-27538 ----------------------------------------------------------------- The container rancher/elemental-operator/5.3 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2796-1 Released: Fri Aug 12 14:34:31 2022 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: This update for jitterentropy fixes the following issues: jitterentropy is included in version 3.4.0 (jsc#SLE-24941): This is a FIPS 140-3 / NIST 800-90b compliant userspace jitter entropy generator library, used by other FIPS libraries. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3328-1 Released: Wed Sep 21 12:48:56 2022 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: 1202870 This update for jitterentropy fixes the following issues: - Hide the non-GNUC constructs that are library internal from the exported header, to make it usable in builds with strict C99 compliance. (bsc#1202870) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3663-1 Released: Wed Oct 19 19:05:21 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1121365,1180995,1190651,1190653,1190888,1193859,1198471,1198472,1201293,1202148,1203046,1203069 This update for openssl-1_1 fixes the following issues: - FIPS: Default to RFC-7919 groups for genparam and dhparam - FIPS: list only FIPS approved digest and public key algorithms [bsc#1121365, bsc#1190888, bsc#1193859, bsc#1198471, bsc#1198472] - FIPS: Add KAT for the RAND_DRBG implementation [bsc#1203069] - FIPS: openssl: RAND api should call into FIPS DRBG [bsc#1201293] * The FIPS_drbg implementation is not FIPS validated anymore. To provide backwards compatibility for applications that need FIPS compliant RNG number generation and use FIPS_drbg_generate, this function was re-wired to call the FIPS validated DRBG instance instead through the RAND_bytes() call. - FIPS: Fix minor memory leaks by FIPS patch [bsc#1203046] - FIPS: OpenSSL: Port openssl to use jitterentropy [bsc#1202148, jsc#SLE-24941] libcrypto.so now requires libjitterentropy3 library. - FIPS: OpenSSL Provide a service-level indicator [bsc#1190651] - FIPS: Add zeroization of temporary variables to the hmac integrity function FIPSCHECK_verify(). [bsc#1190653] ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3692-1 Released: Fri Oct 21 16:15:07 2022 Summary: Security update for libxml2 Type: security Severity: important References: 1204366,1204367,CVE-2022-40303,CVE-2022-40304 This update for libxml2 fixes the following issues: - CVE-2022-40303: Fixed integer overflows with XML_PARSE_HUGE (bsc#1204366). - CVE-2022-40304: Fixed dict corruption caused by entity reference cycles (bsc#1204367). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3785-1 Released: Wed Oct 26 20:20:19 2022 Summary: Security update for curl Type: security Severity: important References: 1204383,1204386,CVE-2022-32221,CVE-2022-42916 This update for curl fixes the following issues: - CVE-2022-32221: Fixed POST following PUT confusion (bsc#1204383). - CVE-2022-42916: Fixed HSTS bypass via IDN (bsc#1204386). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3787-1 Released: Thu Oct 27 04:41:09 2022 Summary: Recommended update for permissions Type: recommended Severity: important References: 1194047,1203911 This update for permissions fixes the following issues: - Fix regression introduced by backport of security fix (bsc#1203911) - Add permissions for enlightenment helper on 32bit arches (bsc#1194047) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3870-1 Released: Fri Nov 4 11:12:08 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1190651,1202148 This update for openssl-1_1 fixes the following issues: - FIPS: Add a missing dependency on jitterentropy-devel for libopenssl-1_1-devel (bsc#1202148) - FIPS: OpenSSL service-level indicator: Allow AES XTS 256 (bsc#1190651) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3910-1 Released: Tue Nov 8 13:05:04 2022 Summary: Recommended update for pam Type: recommended Severity: moderate References: This update for pam fixes the following issue: - Update pam_motd to the most current version. (PED-1712) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3961-1 Released: Mon Nov 14 07:33:50 2022 Summary: Recommended update for zlib Type: recommended Severity: important References: 1203652 This update for zlib fixes the following issues: - Fix updating strm.adler with inflate() if DFLTCC is used (bsc#1203652) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3974-1 Released: Mon Nov 14 15:39:20 2022 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1201959,1204211 This update for util-linux fixes the following issues: - Fix file conflict during upgrade (bsc#1204211) - libuuid improvements (bsc#1201959, PED-1150): libuuid: Fix range when parsing UUIDs. Improve cache handling for short running applications-increment the cache size over runtime. Implement continuous clock handling for time based UUIDs. Check clock value from clock file to provide seamless libuuid. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3999-1 Released: Tue Nov 15 17:08:04 2022 Summary: Security update for systemd Type: security Severity: moderate References: 1204179,1204968,CVE-2022-3821 This update for systemd fixes the following issues: - CVE-2022-3821: Fixed buffer overrun in format_timespan() function (bsc#1204968). - Import commit 0cd50eedcc0692c1f907b24424215f8db7d3b428 * 0469b9f2bc pstore: do not try to load all known pstore modules * ad05f54439 pstore: Run after modules are loaded * ccad817445 core: Add trigger limit for path units * 281d818fe3 core/mount: also add default before dependency for automount mount units * ffe5b4afa8 logind: fix crash in logind on user-specified message string - Document udev naming scheme (bsc#1204179) - Make 'sle15-sp3' net naming scheme still available for backward compatibility reason ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4066-1 Released: Fri Nov 18 10:43:00 2022 Summary: Recommended update for timezone Type: recommended Severity: important References: 1177460,1202324,1204649,1205156 This update for timezone fixes the following issues: Update timezone version from 2022a to 2022f (bsc#1177460, bsc#1204649, bsc#1205156): - Mexico will no longer observe DST except near the US border - Chihuahua moves to year-round -06 on 2022-10-30 - Fiji no longer observes DST - In vanguard form, GMT is now a Zone and Etc/GMT a link - zic now supports links to links, and vanguard form uses this - Simplify four Ontario zones - Fix a Y2438 bug when reading TZif data - Enable 64-bit time_t on 32-bit glibc platforms - Omit large-file support when no longer needed - Jordan and Syria switch from +02/+03 with DST to year-round +03 - Palestine transitions are now Saturdays at 02:00 - Simplify three Ukraine zones into one - Improve tzselect on intercontinental Zones - Chile's DST is delayed by a week in September 2022 (bsc#1202324) - Iran no longer observes DST after 2022 - Rename Europe/Kiev to Europe/Kyiv - New `zic -R` command option - Vanguard form now uses %z ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4135-1 Released: Mon Nov 21 00:13:40 2022 Summary: Recommended update for libeconf Type: recommended Severity: moderate References: 1198165 This update for libeconf fixes the following issues: - Update to version 0.4.6+git - econftool: Parsing error: Reporting file and line nr. --delimeters=spaces accepting all kind of spaces for delimiter. - libeconf: Parse files correctly on space characters (1198165) - Update to version 0.4.5+git - econftool: New call 'syntax' for checking the configuration files only. Returns an error string with line number if error. New options '--comment' and '--delimeters' ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4153-1 Released: Mon Nov 21 14:34:09 2022 Summary: Security update for krb5 Type: security Severity: important References: 1205126,CVE-2022-42898 This update for krb5 fixes the following issues: - CVE-2022-42898: Fixed integer overflow in PAC parsing (bsc#1205126). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4212-1 Released: Thu Nov 24 15:53:48 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1190651 This update for openssl-1_1 fixes the following issues: - FIPS: Mark PBKDF2 with key shorter than 112 bits as non-approved (bsc#1190651) - FIPS: Consider RSA siggen/sigver with PKCS1 padding also approved (bsc#1190651) - FIPS: Return the correct indicator for a given EC group order bits (bsc#1190651) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4256-1 Released: Mon Nov 28 12:36:32 2022 Summary: Recommended update for gcc12 Type: recommended Severity: moderate References: This update for gcc12 fixes the following issues: This update ship the GCC 12 compiler suite and its base libraries. The compiler baselibraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 11 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP3 and SP4, and provided in the 'Development Tools' module. The Go, D and Ada language compiler parts are available unsupported via the PackageHub repositories. To use gcc12 compilers use: - install 'gcc12' or 'gcc12-c++' or one of the other 'gcc12-COMPILER' frontend packages. - override your Makefile to use CC=gcc12, CXX=g++12 and similar overrides for the other languages. For a full changelog with all new GCC12 features, check out https://gcc.gnu.org/gcc-12/changes.html ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4597-1 Released: Wed Dec 21 10:13:11 2022 Summary: Security update for curl Type: security Severity: important References: 1206308,1206309,CVE-2022-43551,CVE-2022-43552 This update for curl fixes the following issues: - CVE-2022-43552: HTTP Proxy deny use-after-free (bsc#1206309). - CVE-2022-43551: Fixed HSTS bypass via IDN (bsc#1206308). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4629-1 Released: Wed Dec 28 09:24:07 2022 Summary: Security update for systemd Type: security Severity: important References: 1200723,1205000,CVE-2022-4415 This update for systemd fixes the following issues: - CVE-2022-4415: Fixed systemd-coredump that did not respect the fs.suid_dumpable kernel setting (bsc#1205000). Bug fixes: - Support by-path devlink for multipath nvme block devices (bsc#1200723). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:25-1 Released: Thu Jan 5 09:51:41 2023 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: Version update from 2022f to 2022g (bsc#1177460): - In the Mexican state of Chihuahua: * The border strip near the US will change to agree with nearby US locations on 2022-11-30. * The strip's western part, represented by Ciudad Juarez, switches from -06 all year to -07/-06 with US DST rules, like El Paso, TX. * The eastern part, represented by Ojinaga, will observe US DST next year, like Presidio, TX. * A new Zone America/Ciudad_Juarez splits from America/Ojinaga. - Much of Greenland, represented by America/Nuuk, stops observing winter time after March 2023, so its daylight saving time becomes standard time. - Changes for pre-1996 northern Canada - Update to past DST transition in Colombia (1993), Singapore (1981) - 'timegm' is now supported by default ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:45-1 Released: Mon Jan 9 10:32:26 2023 Summary: Recommended update for libxml2 Type: recommended Severity: moderate References: 1204585 This update for libxml2 fixes the following issues: - Add W3C conformance tests to the testsuite (bsc#1204585): * Added file xmlts20080827.tar.gz ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:48-1 Released: Mon Jan 9 10:37:54 2023 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1199467 This update for libtirpc fixes the following issues: - Consider /proc/sys/net/ipv4/ip_local_reserved_ports, before binding to a random port (bsc#1199467) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:50-1 Released: Mon Jan 9 10:42:21 2023 Summary: Recommended update for shadow Type: recommended Severity: moderate References: 1205502 This update for shadow fixes the following issues: - Fix issue with user id field that cannot be interpreted (bsc#1205502) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:177-1 Released: Thu Jan 26 20:57:35 2023 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1194038,1205646 This update for util-linux fixes the following issues: - Fix tests not passing when '@' character is in build path: Fixes rpmbuild %checks fail when @ in the directory path (bsc#1194038). - libuuid continuous clock handling for time based UUIDs: Prevent use of the new libuuid ABI by uuidd %post before update of libuuid1 (bsc#1205646). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:178-1 Released: Thu Jan 26 20:58:21 2023 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1207182 This update for openssl-1_1 fixes the following issues: - FIPS: Add Pair-wise Consistency Test when generating DH key [bsc#1207182] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:188-1 Released: Fri Jan 27 12:07:19 2023 Summary: Recommended update for zlib Type: recommended Severity: important References: 1203652 This update for zlib fixes the following issues: - Follow up fix for bug bsc#1203652 due to libxml2 issues ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:201-1 Released: Fri Jan 27 15:24:15 2023 Summary: Security update for systemd Type: security Severity: moderate References: 1204944,1205000,1207264,CVE-2022-4415 This update for systemd fixes the following issues: - CVE-2022-4415: Fixed an issue where users could access coredumps with changed uid, gid or capabilities (bsc#1205000). Non-security fixes: - Enabled the pstore service (jsc#PED-2663). - Fixed an issue accessing TPM when secure boot is enabled (bsc#1204944). - Fixed an issue where a pamd file could get accidentally overwritten after an update (bsc#1207264). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:311-1 Released: Tue Feb 7 17:36:32 2023 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1207533,1207534,1207536,1207538,CVE-2022-4304,CVE-2022-4450,CVE-2023-0215,CVE-2023-0286 This update for openssl-1_1 fixes the following issues: - CVE-2023-0286: Fixed X.400 address type confusion in X.509 GENERAL_NAME_cmp for x400Address (bsc#1207533). - CVE-2023-0215: Fixed use-after-free following BIO_new_NDEF() (bsc#1207536). - CVE-2022-4450: Fixed double free after calling PEM_read_bio_ex() (bsc#1207538). - CVE-2022-4304: Fixed timing Oracle in RSA Decryption (bsc#1207534). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:429-1 Released: Wed Feb 15 17:41:22 2023 Summary: Security update for curl Type: security Severity: important References: 1207990,1207991,1207992,CVE-2023-23914,CVE-2023-23915,CVE-2023-23916 This update for curl fixes the following issues: - CVE-2023-23914: Fixed HSTS ignored on multiple requests (bsc#1207990). - CVE-2023-23915: Fixed HSTS amnesia with --parallel (bsc#1207991). - CVE-2023-23916: Fixed HTTP multi-header compression denial of service (bsc#1207992). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:464-1 Released: Mon Feb 20 18:11:37 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: This update for systemd fixes the following issues: - Merge of v249.15 - Drop workaround related to systemd-timesyncd that addressed a Factory issue. - Conditionalize the use of /lib/modprobe.d only on systems with split usr support enabled (i.e. SLE). - Make use of the %systemd_* rpm macros consistently. Using the upstream variants will ease the backports of Factory changes to SLE since Factory systemd uses the upstream variants exclusively. - machines.target belongs to systemd-container, do its init/cleanup steps from the scriptlets of this sub-package. - Make sure we apply the presets on units shipped by systemd package. - systemd-testsuite: move the integration tests in a dedicated sub directory. - Move systemd-cryptenroll into udev package. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:563-1 Released: Tue Feb 28 10:51:46 2023 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1207994 This update for openssl-1_1 fixes the following issues: - FIPS: Serialize jitterentropy calls to avoid thread safety issues [bsc#1207994] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:617-1 Released: Fri Mar 3 16:49:06 2023 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: 1207789 This update for jitterentropy fixes the following issues: - build jitterentropy library with debuginfo (bsc#1207789) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:776-1 Released: Thu Mar 16 17:29:23 2023 Summary: Recommended update for gcc12 Type: recommended Severity: moderate References: This update for gcc12 fixes the following issues: This update ships gcc12 also to the SUSE Linux Enterprise 15 SP1 LTSS and 15 SP2 LTSS products. SUSE Linux Enterprise 15 SP3 and SP4 get only refreshed builds without changes This update ship the GCC 12 compiler suite and its base libraries. The compiler baselibraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 11 ones. The new compilers for C, C++, and Fortran are provided in the SUSE Linux Enterprise Module for Development Tools. To use gcc12 compilers use: - install 'gcc12' or 'gcc12-c++' or one of the other 'gcc12-COMPILER' frontend packages. - override your makefile to use CC=gcc12, CXX=g++12 and similar overrides for the other languages. For a full changelog with all new GCC12 features, check out https://gcc.gnu.org/gcc-12/changes.html ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:782-1 Released: Thu Mar 16 19:08:34 2023 Summary: Recommended update for libgcrypt Type: recommended Severity: moderate References: 1208924,1208925,1208926 This update for libgcrypt fixes the following issues: - FIPS: ECC: Transition to error-state if PCT fail [bsc#1208925] - FIPS: ECDSA: Avoid no-keytest in ECDSA keygen [bsc#1208924] - FIPS: PBKDF2: Added additional checks for the minimum key length, salt length, iteration count and passphrase length to the kdf FIPS indicator in _gcry_fips_indicator_kdf() [bsc#1208926] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:783-1 Released: Thu Mar 16 19:09:03 2023 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1208998 This update for openssl-1_1 fixes the following issues: FIPS: Service-level indicator changes [bsc#1208998] * Add additional checks required by FIPS 140-3. Minimum values for PBKDF2 are: 112 bits for key, 128 bits for salt, 1000 for iteration count and 20 characters for password. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1582-1 Released: Mon Mar 27 10:31:52 2023 Summary: Security update for curl Type: security Severity: moderate References: 1209209,1209210,1209211,1209212,1209214,CVE-2023-27533,CVE-2023-27534,CVE-2023-27535,CVE-2023-27536,CVE-2023-27538 This update for curl fixes the following issues: - CVE-2023-27533: Fixed TELNET option IAC injection (bsc#1209209). - CVE-2023-27534: Fixed SFTP path ~ resolving discrepancy (bsc#1209210). - CVE-2023-27535: Fixed FTP too eager connection reuse (bsc#1209211). - CVE-2023-27536: Fixed GSS delegation too eager connection reuse (bsc#1209212). - CVE-2023-27538: Fixed SSH connection too eager reuse still (bsc#1209214). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1662-1 Released: Wed Mar 29 10:36:23 2023 Summary: Recommended update for patterns-base Type: recommended Severity: moderate References: 1203537 This update for patterns-base fixes the following issues: - change label of FIPS 140-2 to 140-3 to reflect our current certifications (bsc#1203537) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1688-1 Released: Wed Mar 29 18:19:10 2023 Summary: Security update for zstd Type: security Severity: moderate References: 1209533,CVE-2022-4899 This update for zstd fixes the following issues: - CVE-2022-4899: Fixed buffer overrun in util.c (bsc#1209533). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1718-1 Released: Fri Mar 31 15:47:34 2023 Summary: Security update for glibc Type: security Severity: moderate References: 1207571,1207957,1207975,1208358,CVE-2023-0687 This update for glibc fixes the following issues: Security issue fixed: - CVE-2023-0687: Fix allocated buffer overflow in gmon (bsc#1207975) Other issues fixed: - Fix avx2 strncmp offset compare condition check (bsc#1208358) - elf: Allow dlopen of filter object to work (bsc#1207571) - powerpc: Fix unrecognized instruction errors with recent GCC - x86: Cache computation for AMD architecture (bsc#1207957) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1745-1 Released: Tue Apr 4 09:05:23 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1209624,CVE-2023-0464 This update for openssl-1_1 fixes the following issues: - CVE-2023-0464: Fixed excessive Resource Usage Verifying X.509 Policy Constraints (bsc#1209624). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1779-1 Released: Thu Apr 6 08:16:58 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1208432 This update for systemd fixes the following issues: - Fix return non-zero value when disabling SysVinit service (bsc#1208432) - Drop build requirement on libpci, it's not no longer needed - Move systemd-boot and all components managing (secure) UEFI boot into udev sub-package, so they aren't installed in systemd based containers ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1805-1 Released: Tue Apr 11 10:12:41 2023 Summary: Recommended update for timezone Type: recommended Severity: important References: This update for timezone fixes the following issues: - Version update from 2022g to 2023c: * Egypt now uses DST again, from April through October. * This year Morocco springs forward April 23, not April 30. * Palestine delays the start of DST this year. * Much of Greenland still uses DST from 2024 on. * America/Yellowknife now links to America/Edmonton. * tzselect can now use current time to help infer timezone. * The code now defaults to C99 or later. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1911-1 Released: Wed Apr 19 13:02:33 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1209873,1209878,CVE-2023-0465,CVE-2023-0466 This update for openssl-1_1 fixes the following issues: - CVE-2023-0465: Invalid certificate policies in leaf certificates were silently ignored (bsc#1209878). - CVE-2023-0466: Certificate policy check were not enabled (bsc#1209873). The following package changes have been done: - libtirpc-netconfig-1.2.6-150300.3.17.1 updated - glibc-2.31-150300.46.1 updated - libzstd1-1.5.0-150400.3.3.1 updated - libuuid1-2.37.2-150400.8.14.1 updated - libsmartcols1-2.37.2-150400.8.14.1 updated - libeconf0-0.4.6+git20220427.3016f4e-150400.3.3.1 updated - libblkid1-2.37.2-150400.8.14.1 updated - libgcrypt20-1.9.4-150400.6.8.1 updated - libgcrypt20-hmac-1.9.4-150400.6.8.1 updated - libfdisk1-2.37.2-150400.8.14.1 updated - libz1-1.2.11-150000.3.39.1 updated - libjitterentropy3-3.4.0-150000.1.9.1 added - libgcc_s1-12.2.1+git416-150000.1.7.1 updated - libstdc++6-12.2.1+git416-150000.1.7.1 updated - libxml2-2-2.9.14-150400.5.13.1 updated - libsystemd0-249.16-150400.8.25.7 updated - libopenssl1_1-1.1.1l-150400.7.34.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.34.1 updated - patterns-base-fips-20200124-150400.20.4.1 updated - libmount1-2.37.2-150400.8.14.1 updated - krb5-1.19.2-150400.3.3.1 updated - login_defs-4.8.1-150400.10.3.1 updated - libtirpc3-1.2.6-150300.3.17.1 updated - libcurl4-7.79.1-150400.5.18.1 updated - permissions-20201225-150400.5.16.1 updated - pam-1.3.0-150000.6.61.1 updated - shadow-4.8.1-150400.10.3.1 updated - util-linux-2.37.2-150400.8.14.1 updated - timezone-2023c-150000.75.23.1 updated - container:sles15-image-15.0.0-27.14.53 updated - elemental-operator-1.0.2-150400.1.2 removed From sle-updates at lists.suse.com Sat Apr 22 07:04:16 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 22 Apr 2023 09:04:16 +0200 (CEST) Subject: SUSE-CU-2023:1234-1: Security update of suse/sle-micro/5.3/toolbox Message-ID: <20230422070416.19598F457@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.3/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1234-1 Container Tags : suse/sle-micro/5.3/toolbox:12.1 , suse/sle-micro/5.3/toolbox:12.1-5.2.112 , suse/sle-micro/5.3/toolbox:latest Container Release : 5.2.112 Severity : critical Type : security References : 1121365 1177460 1177460 1178233 1180995 1190651 1190651 1190651 1190653 1190888 1193859 1194047 1194530 1198165 1198471 1198472 1199467 1201293 1201590 1202148 1202148 1202324 1202750 1202870 1203046 1203069 1203248 1203249 1203537 1203652 1203652 1203681 1203715 1203911 1204244 1204256 1204357 1204366 1204367 1204383 1204386 1204548 1204585 1204649 1204956 1205126 1205156 1205502 1205570 1205636 1206308 1206309 1206337 1206412 1206579 1206949 1207182 1207294 1207533 1207534 1207536 1207538 1207789 1207990 1207991 1207992 1207994 1208924 1208925 1208926 1208998 1209209 1209210 1209211 1209212 1209214 1209533 1209624 1209873 1209878 CVE-2021-22569 CVE-2022-1941 CVE-2022-3171 CVE-2022-32221 CVE-2022-3515 CVE-2022-40303 CVE-2022-40304 CVE-2022-42898 CVE-2022-42916 CVE-2022-4304 CVE-2022-43551 CVE-2022-43552 CVE-2022-4450 CVE-2022-46908 CVE-2022-47629 CVE-2022-4899 CVE-2023-0215 CVE-2023-0286 CVE-2023-0464 CVE-2023-0465 CVE-2023-0466 CVE-2023-23914 CVE-2023-23915 CVE-2023-23916 CVE-2023-27533 CVE-2023-27534 CVE-2023-27535 CVE-2023-27536 CVE-2023-27538 ----------------------------------------------------------------- The container suse/sle-micro/5.3/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2796-1 Released: Fri Aug 12 14:34:31 2022 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: This update for jitterentropy fixes the following issues: jitterentropy is included in version 3.4.0 (jsc#SLE-24941): This is a FIPS 140-3 / NIST 800-90b compliant userspace jitter entropy generator library, used by other FIPS libraries. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3328-1 Released: Wed Sep 21 12:48:56 2022 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: 1202870 This update for jitterentropy fixes the following issues: - Hide the non-GNUC constructs that are library internal from the exported header, to make it usable in builds with strict C99 compliance. (bsc#1202870) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3663-1 Released: Wed Oct 19 19:05:21 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1121365,1180995,1190651,1190653,1190888,1193859,1198471,1198472,1201293,1202148,1203046,1203069 This update for openssl-1_1 fixes the following issues: - FIPS: Default to RFC-7919 groups for genparam and dhparam - FIPS: list only FIPS approved digest and public key algorithms [bsc#1121365, bsc#1190888, bsc#1193859, bsc#1198471, bsc#1198472] - FIPS: Add KAT for the RAND_DRBG implementation [bsc#1203069] - FIPS: openssl: RAND api should call into FIPS DRBG [bsc#1201293] * The FIPS_drbg implementation is not FIPS validated anymore. To provide backwards compatibility for applications that need FIPS compliant RNG number generation and use FIPS_drbg_generate, this function was re-wired to call the FIPS validated DRBG instance instead through the RAND_bytes() call. - FIPS: Fix minor memory leaks by FIPS patch [bsc#1203046] - FIPS: OpenSSL: Port openssl to use jitterentropy [bsc#1202148, jsc#SLE-24941] libcrypto.so now requires libjitterentropy3 library. - FIPS: OpenSSL Provide a service-level indicator [bsc#1190651] - FIPS: Add zeroization of temporary variables to the hmac integrity function FIPSCHECK_verify(). [bsc#1190653] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3670-1 Released: Thu Oct 20 10:44:13 2022 Summary: Recommended update for zchunk Type: recommended Severity: moderate References: 1204244 This update for zchunk fixes the following issues: - Make sure to ship libzck1 to Micro 5.3 (bsc#1204244) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3683-1 Released: Fri Oct 21 11:48:39 2022 Summary: Security update for libksba Type: security Severity: critical References: 1204357,CVE-2022-3515 This update for libksba fixes the following issues: - CVE-2022-3515: Fixed a possible overflow in the TLV parser (bsc#1204357). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3692-1 Released: Fri Oct 21 16:15:07 2022 Summary: Security update for libxml2 Type: security Severity: important References: 1204366,1204367,CVE-2022-40303,CVE-2022-40304 This update for libxml2 fixes the following issues: - CVE-2022-40303: Fixed integer overflows with XML_PARSE_HUGE (bsc#1204366). - CVE-2022-40304: Fixed dict corruption caused by entity reference cycles (bsc#1204367). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3785-1 Released: Wed Oct 26 20:20:19 2022 Summary: Security update for curl Type: security Severity: important References: 1204383,1204386,CVE-2022-32221,CVE-2022-42916 This update for curl fixes the following issues: - CVE-2022-32221: Fixed POST following PUT confusion (bsc#1204383). - CVE-2022-42916: Fixed HSTS bypass via IDN (bsc#1204386). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3787-1 Released: Thu Oct 27 04:41:09 2022 Summary: Recommended update for permissions Type: recommended Severity: important References: 1194047,1203911 This update for permissions fixes the following issues: - Fix regression introduced by backport of security fix (bsc#1203911) - Add permissions for enlightenment helper on 32bit arches (bsc#1194047) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3870-1 Released: Fri Nov 4 11:12:08 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1190651,1202148 This update for openssl-1_1 fixes the following issues: - FIPS: Add a missing dependency on jitterentropy-devel for libopenssl-1_1-devel (bsc#1202148) - FIPS: OpenSSL service-level indicator: Allow AES XTS 256 (bsc#1190651) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3910-1 Released: Tue Nov 8 13:05:04 2022 Summary: Recommended update for pam Type: recommended Severity: moderate References: This update for pam fixes the following issue: - Update pam_motd to the most current version. (PED-1712) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3922-1 Released: Wed Nov 9 09:03:33 2022 Summary: Security update for protobuf Type: security Severity: important References: 1194530,1203681,1204256,CVE-2021-22569,CVE-2022-1941,CVE-2022-3171 This update for protobuf fixes the following issues: - CVE-2021-22569: Fixed Denial of Service in protobuf-java in the parsing procedure for binary data (bsc#1194530). - CVE-2022-1941: Fix a potential DoS issue in protobuf-cpp and protobuf-python (bsc#1203681) - CVE-2022-3171: Fix a potential DoS issue when parsing with binary data in protobuf-java (bsc#1204256) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3961-1 Released: Mon Nov 14 07:33:50 2022 Summary: Recommended update for zlib Type: recommended Severity: important References: 1203652 This update for zlib fixes the following issues: - Fix updating strm.adler with inflate() if DFLTCC is used (bsc#1203652) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4062-1 Released: Fri Nov 18 09:05:07 2022 Summary: Recommended update for libusb-1_0 Type: recommended Severity: moderate References: 1201590 This update for libusb-1_0 fixes the following issues: - Fix regression where some devices no longer work if they have a configuration value of 0 (bsc#1201590) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4066-1 Released: Fri Nov 18 10:43:00 2022 Summary: Recommended update for timezone Type: recommended Severity: important References: 1177460,1202324,1204649,1205156 This update for timezone fixes the following issues: Update timezone version from 2022a to 2022f (bsc#1177460, bsc#1204649, bsc#1205156): - Mexico will no longer observe DST except near the US border - Chihuahua moves to year-round -06 on 2022-10-30 - Fiji no longer observes DST - In vanguard form, GMT is now a Zone and Etc/GMT a link - zic now supports links to links, and vanguard form uses this - Simplify four Ontario zones - Fix a Y2438 bug when reading TZif data - Enable 64-bit time_t on 32-bit glibc platforms - Omit large-file support when no longer needed - Jordan and Syria switch from +02/+03 with DST to year-round +03 - Palestine transitions are now Saturdays at 02:00 - Simplify three Ukraine zones into one - Improve tzselect on intercontinental Zones - Chile's DST is delayed by a week in September 2022 (bsc#1202324) - Iran no longer observes DST after 2022 - Rename Europe/Kiev to Europe/Kyiv - New `zic -R` command option - Vanguard form now uses %z ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4135-1 Released: Mon Nov 21 00:13:40 2022 Summary: Recommended update for libeconf Type: recommended Severity: moderate References: 1198165 This update for libeconf fixes the following issues: - Update to version 0.4.6+git - econftool: Parsing error: Reporting file and line nr. --delimeters=spaces accepting all kind of spaces for delimiter. - libeconf: Parse files correctly on space characters (1198165) - Update to version 0.4.5+git - econftool: New call 'syntax' for checking the configuration files only. Returns an error string with line number if error. New options '--comment' and '--delimeters' ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4153-1 Released: Mon Nov 21 14:34:09 2022 Summary: Security update for krb5 Type: security Severity: important References: 1205126,CVE-2022-42898 This update for krb5 fixes the following issues: - CVE-2022-42898: Fixed integer overflow in PAC parsing (bsc#1205126). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4198-1 Released: Wed Nov 23 13:15:04 2022 Summary: Recommended update for rpm Type: recommended Severity: moderate References: 1202750 This update for rpm fixes the following issues: - Strip critical bit in signature subpackage parsing - No longer deadlock DNF after pubkey import (bsc#1202750) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4212-1 Released: Thu Nov 24 15:53:48 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1190651 This update for openssl-1_1 fixes the following issues: - FIPS: Mark PBKDF2 with key shorter than 112 bits as non-approved (bsc#1190651) - FIPS: Consider RSA siggen/sigver with PKCS1 padding also approved (bsc#1190651) - FIPS: Return the correct indicator for a given EC group order bits (bsc#1190651) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4597-1 Released: Wed Dec 21 10:13:11 2022 Summary: Security update for curl Type: security Severity: important References: 1206308,1206309,CVE-2022-43551,CVE-2022-43552 This update for curl fixes the following issues: - CVE-2022-43552: HTTP Proxy deny use-after-free (bsc#1206309). - CVE-2022-43551: Fixed HSTS bypass via IDN (bsc#1206308). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4628-1 Released: Wed Dec 28 09:23:13 2022 Summary: Security update for sqlite3 Type: security Severity: moderate References: 1206337,CVE-2022-46908 This update for sqlite3 fixes the following issues: - CVE-2022-46908: Properly implement the azProhibitedFunctions protection mechanism, when relying on --safe for execution of an untrusted CLI script (bsc#1206337). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:25-1 Released: Thu Jan 5 09:51:41 2023 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: Version update from 2022f to 2022g (bsc#1177460): - In the Mexican state of Chihuahua: * The border strip near the US will change to agree with nearby US locations on 2022-11-30. * The strip's western part, represented by Ciudad Juarez, switches from -06 all year to -07/-06 with US DST rules, like El Paso, TX. * The eastern part, represented by Ojinaga, will observe US DST next year, like Presidio, TX. * A new Zone America/Ciudad_Juarez splits from America/Ojinaga. - Much of Greenland, represented by America/Nuuk, stops observing winter time after March 2023, so its daylight saving time becomes standard time. - Changes for pre-1996 northern Canada - Update to past DST transition in Colombia (1993), Singapore (1981) - 'timegm' is now supported by default ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:45-1 Released: Mon Jan 9 10:32:26 2023 Summary: Recommended update for libxml2 Type: recommended Severity: moderate References: 1204585 This update for libxml2 fixes the following issues: - Add W3C conformance tests to the testsuite (bsc#1204585): * Added file xmlts20080827.tar.gz ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:48-1 Released: Mon Jan 9 10:37:54 2023 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1199467 This update for libtirpc fixes the following issues: - Consider /proc/sys/net/ipv4/ip_local_reserved_ports, before binding to a random port (bsc#1199467) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:50-1 Released: Mon Jan 9 10:42:21 2023 Summary: Recommended update for shadow Type: recommended Severity: moderate References: 1205502 This update for shadow fixes the following issues: - Fix issue with user id field that cannot be interpreted (bsc#1205502) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:56-1 Released: Mon Jan 9 11:13:43 2023 Summary: Security update for libksba Type: security Severity: moderate References: 1206579,CVE-2022-47629 This update for libksba fixes the following issues: - CVE-2022-47629: Fixed an integer overflow vulnerability in the CRL signature parser (bsc#1206579). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:178-1 Released: Thu Jan 26 20:58:21 2023 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1207182 This update for openssl-1_1 fixes the following issues: - FIPS: Add Pair-wise Consistency Test when generating DH key [bsc#1207182] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:181-1 Released: Thu Jan 26 21:55:43 2023 Summary: Recommended update for procps Type: recommended Severity: low References: 1206412 This update for procps fixes the following issues: - Improve memory handling/usage (bsc#1206412) - Make sure that correct library version is installed (bsc#1206412) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:188-1 Released: Fri Jan 27 12:07:19 2023 Summary: Recommended update for zlib Type: recommended Severity: important References: 1203652 This update for zlib fixes the following issues: - Follow up fix for bug bsc#1203652 due to libxml2 issues ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:311-1 Released: Tue Feb 7 17:36:32 2023 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1207533,1207534,1207536,1207538,CVE-2022-4304,CVE-2022-4450,CVE-2023-0215,CVE-2023-0286 This update for openssl-1_1 fixes the following issues: - CVE-2023-0286: Fixed X.400 address type confusion in X.509 GENERAL_NAME_cmp for x400Address (bsc#1207533). - CVE-2023-0215: Fixed use-after-free following BIO_new_NDEF() (bsc#1207536). - CVE-2022-4450: Fixed double free after calling PEM_read_bio_ex() (bsc#1207538). - CVE-2022-4304: Fixed timing Oracle in RSA Decryption (bsc#1207534). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:429-1 Released: Wed Feb 15 17:41:22 2023 Summary: Security update for curl Type: security Severity: important References: 1207990,1207991,1207992,CVE-2023-23914,CVE-2023-23915,CVE-2023-23916 This update for curl fixes the following issues: - CVE-2023-23914: Fixed HSTS ignored on multiple requests (bsc#1207990). - CVE-2023-23915: Fixed HSTS amnesia with --parallel (bsc#1207991). - CVE-2023-23916: Fixed HTTP multi-header compression denial of service (bsc#1207992). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:563-1 Released: Tue Feb 28 10:51:46 2023 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1207994 This update for openssl-1_1 fixes the following issues: - FIPS: Serialize jitterentropy calls to avoid thread safety issues [bsc#1207994] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:617-1 Released: Fri Mar 3 16:49:06 2023 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: 1207789 This update for jitterentropy fixes the following issues: - build jitterentropy library with debuginfo (bsc#1207789) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:714-1 Released: Mon Mar 13 10:53:25 2023 Summary: Recommended update for rpm Type: recommended Severity: important References: 1207294 This update for rpm fixes the following issues: - Fix missing python(abi) for 3.XX versions (bsc#1207294) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:782-1 Released: Thu Mar 16 19:08:34 2023 Summary: Recommended update for libgcrypt Type: recommended Severity: moderate References: 1208924,1208925,1208926 This update for libgcrypt fixes the following issues: - FIPS: ECC: Transition to error-state if PCT fail [bsc#1208925] - FIPS: ECDSA: Avoid no-keytest in ECDSA keygen [bsc#1208924] - FIPS: PBKDF2: Added additional checks for the minimum key length, salt length, iteration count and passphrase length to the kdf FIPS indicator in _gcry_fips_indicator_kdf() [bsc#1208926] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:783-1 Released: Thu Mar 16 19:09:03 2023 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1208998 This update for openssl-1_1 fixes the following issues: FIPS: Service-level indicator changes [bsc#1208998] * Add additional checks required by FIPS 140-3. Minimum values for PBKDF2 are: 112 bits for key, 128 bits for salt, 1000 for iteration count and 20 characters for password. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:788-1 Released: Thu Mar 16 19:37:59 2023 Summary: Recommended update for libsolv, libzypp, zypper Type: recommended Severity: important References: 1178233,1203248,1203249,1203715,1204548,1204956,1205570,1205636,1206949 This update for libsolv, libzypp, zypper fixes the following issues: libsolv: - Do not autouninstall SUSE PTF packages - Ensure 'duplinvolvedmap_all' is reset when a solver is reused - Fix 'keep installed' jobs not disabling 'best update' rules - New '-P' and '-W' options for `testsolv` - New introspection interface for weak dependencies similar to ruleinfos - Ensure special case file dependencies are written correctly in the testcase writer - Support better info about alternatives - Support decision reason queries - Support merging of related decisions - Support stringification of multiple solvables - Support stringification of ruleinfo, decisioninfo and decision reasons libzypp: - Avoid calling getsockopt when we know the info already. This patch should fix logging on WSL, getsockopt seems to not be fully supported but the code required it when accepting new socket connections (bsc#1178233) - Avoid redirecting 'history.logfile=/dev/null' into the target - Create '.no_auto_prune' in the package cache dir to prevent auto cleanup of orphaned repositories (bsc#1204956) - Enhance yaml-cpp detection - Improve download of optional files - MultiCurl: Make sure to reset the progress function when falling back. - Properly reset range requests (bsc#1204548) - Removing a PTF without enabled repos should always fail (bsc#1203248) Without enabled repos, the dependent PTF-packages would be removed (not replaced!) as well. To remove a PTF `zypper install -- -PTF` or a dedicated `zypper removeptf PTF` should be used. This will update the installed PTF packages to theit latest version. - Skip media.1/media download for http repo status calc. This patch allows zypp to skip a extra media.1/media download to calculate if a repository needs to be refreshed. This optimisation only takes place if the repo does specify only downloading base urls. - Use a dynamic fallback for BLKSIZE in downloads. When not receiving a blocklist via metalink file from the server MediaMultiCurl used to fallback to a fixed, relatively small BLKSIZE. This patch changes the fallback into a dynamic value based on the filesize using a similar metric as the MirrorCache implementation on the server side. - ProgressData: enforce reporting the INIT||END state (bsc#1206949) - ps: fix service detection on newer Tumbleweed systems (bsc#1205636) zypper: - Allow to (re)add a service with the same URL (bsc#1203715) - Bump dependency requirement to libzypp-devel 17.31.7 or greater - Explain outdatedness of repositories - patterns: Avoid dispylaing superfluous @System entries (bsc#1205570) - Provide `removeptf` command (bsc#1203249) A remove command which prefers replacing dependant packages to removing them as well. A PTF is typically removed as soon as the fix it provides is applied to the latest official update of the dependant packages. However it is not desired for the dependant packages to be removed together with the PTF, which is what the remove command would do. The `removeptf` command however will aim to replace the dependant packages by their official update versions. - Update man page and explain '.no_auto_prune' (bsc#1204956) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1582-1 Released: Mon Mar 27 10:31:52 2023 Summary: Security update for curl Type: security Severity: moderate References: 1209209,1209210,1209211,1209212,1209214,CVE-2023-27533,CVE-2023-27534,CVE-2023-27535,CVE-2023-27536,CVE-2023-27538 This update for curl fixes the following issues: - CVE-2023-27533: Fixed TELNET option IAC injection (bsc#1209209). - CVE-2023-27534: Fixed SFTP path ~ resolving discrepancy (bsc#1209210). - CVE-2023-27535: Fixed FTP too eager connection reuse (bsc#1209211). - CVE-2023-27536: Fixed GSS delegation too eager connection reuse (bsc#1209212). - CVE-2023-27538: Fixed SSH connection too eager reuse still (bsc#1209214). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1662-1 Released: Wed Mar 29 10:36:23 2023 Summary: Recommended update for patterns-base Type: recommended Severity: moderate References: 1203537 This update for patterns-base fixes the following issues: - change label of FIPS 140-2 to 140-3 to reflect our current certifications (bsc#1203537) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1688-1 Released: Wed Mar 29 18:19:10 2023 Summary: Security update for zstd Type: security Severity: moderate References: 1209533,CVE-2022-4899 This update for zstd fixes the following issues: - CVE-2022-4899: Fixed buffer overrun in util.c (bsc#1209533). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1745-1 Released: Tue Apr 4 09:05:23 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1209624,CVE-2023-0464 This update for openssl-1_1 fixes the following issues: - CVE-2023-0464: Fixed excessive Resource Usage Verifying X.509 Policy Constraints (bsc#1209624). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1805-1 Released: Tue Apr 11 10:12:41 2023 Summary: Recommended update for timezone Type: recommended Severity: important References: This update for timezone fixes the following issues: - Version update from 2022g to 2023c: * Egypt now uses DST again, from April through October. * This year Morocco springs forward April 23, not April 30. * Palestine delays the start of DST this year. * Much of Greenland still uses DST from 2024 on. * America/Yellowknife now links to America/Edmonton. * tzselect can now use current time to help infer timezone. * The code now defaults to C99 or later. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1911-1 Released: Wed Apr 19 13:02:33 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1209873,1209878,CVE-2023-0465,CVE-2023-0466 This update for openssl-1_1 fixes the following issues: - CVE-2023-0465: Invalid certificate policies in leaf certificates were silently ignored (bsc#1209878). - CVE-2023-0466: Certificate policy check were not enabled (bsc#1209873). The following package changes have been done: - glibc-2.31-150300.46.1 updated - krb5-1.19.2-150400.3.3.1 updated - libblkid1-2.37.2-150400.8.14.1 updated - libcurl4-7.79.1-150400.5.18.1 updated - libeconf0-0.4.6+git20220427.3016f4e-150400.3.3.1 updated - libfdisk1-2.37.2-150400.8.14.1 updated - libgcc_s1-12.2.1+git416-150000.1.7.1 updated - libgcrypt20-hmac-1.9.4-150400.6.8.1 updated - libgcrypt20-1.9.4-150400.6.8.1 updated - libglib-2_0-0-2.70.5-150400.3.3.1 updated - libjitterentropy3-3.4.0-150000.1.9.1 added - libksba8-1.3.5-150000.4.6.1 updated - libmount1-2.37.2-150400.8.14.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.34.1 updated - libopenssl1_1-1.1.1l-150400.7.34.1 updated - libprocps7-3.3.15-150000.7.28.1 updated - libprotobuf-lite20-3.9.2-150200.4.19.2 updated - libsmartcols1-2.37.2-150400.8.14.1 updated - libsolv-tools-0.7.23-150400.3.3.1 updated - libsqlite3-0-3.39.3-150000.3.20.1 updated - libsystemd0-249.16-150400.8.25.7 updated - libtirpc-netconfig-1.2.6-150300.3.17.1 updated - libtirpc3-1.2.6-150300.3.17.1 updated - libudev1-249.16-150400.8.25.7 updated - libusb-1_0-0-1.0.24-150400.3.3.1 updated - libuuid1-2.37.2-150400.8.14.1 updated - libxml2-2-2.9.14-150400.5.13.1 updated - libz1-1.2.11-150000.3.39.1 updated - libzck1-1.1.16-150400.3.2.1 updated - libzstd1-1.5.0-150400.3.3.1 updated - libzypp-17.31.8-150400.3.14.1 updated - login_defs-4.8.1-150400.10.3.1 updated - openssl-1_1-1.1.1l-150400.7.34.1 updated - pam-1.3.0-150000.6.61.1 updated - patterns-base-fips-20200124-150400.20.4.1 updated - permissions-20201225-150400.5.16.1 updated - procps-3.3.15-150000.7.28.1 updated - rpm-ndb-4.14.3-150300.55.1 updated - shadow-4.8.1-150400.10.3.1 updated - timezone-2023c-150000.75.23.1 updated - util-linux-2.37.2-150400.8.14.1 updated - zypper-1.14.59-150400.3.12.2 updated - container:sles15-image-15.0.0-27.14.53 updated From sle-updates at lists.suse.com Sat Apr 22 07:04:44 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 22 Apr 2023 09:04:44 +0200 (CEST) Subject: SUSE-CU-2023:1236-1: Security update of suse/sle-micro/5.4/toolbox Message-ID: <20230422070444.0F2BCF457@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.4/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1236-1 Container Tags : suse/sle-micro/5.4/toolbox:12.1 , suse/sle-micro/5.4/toolbox:12.1-4.2.9 , suse/sle-micro/5.4/toolbox:latest Container Release : 4.2.9 Severity : critical Type : security References : 1121365 1177460 1177460 1178233 1180995 1190651 1190651 1190651 1190653 1190888 1193859 1194047 1194530 1198165 1198471 1198472 1199467 1201293 1201590 1202148 1202148 1202324 1202750 1202870 1203046 1203069 1203248 1203249 1203537 1203652 1203652 1203681 1203715 1203911 1204244 1204256 1204357 1204366 1204367 1204383 1204386 1204548 1204585 1204649 1204956 1205126 1205156 1205570 1205636 1206308 1206309 1206337 1206412 1206579 1206949 1207182 1207294 1207533 1207534 1207536 1207538 1207789 1207990 1207991 1207992 1207994 1208924 1208925 1208926 1208998 1209209 1209210 1209211 1209212 1209214 1209533 1209624 1209873 1209878 CVE-2021-22569 CVE-2022-1941 CVE-2022-3171 CVE-2022-32221 CVE-2022-3515 CVE-2022-40303 CVE-2022-40304 CVE-2022-42898 CVE-2022-42916 CVE-2022-4304 CVE-2022-43551 CVE-2022-43552 CVE-2022-4450 CVE-2022-46908 CVE-2022-47629 CVE-2022-4899 CVE-2023-0215 CVE-2023-0286 CVE-2023-0464 CVE-2023-0465 CVE-2023-0466 CVE-2023-23914 CVE-2023-23915 CVE-2023-23916 CVE-2023-27533 CVE-2023-27534 CVE-2023-27535 CVE-2023-27536 CVE-2023-27538 ----------------------------------------------------------------- The container suse/sle-micro/5.4/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2796-1 Released: Fri Aug 12 14:34:31 2022 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: This update for jitterentropy fixes the following issues: jitterentropy is included in version 3.4.0 (jsc#SLE-24941): This is a FIPS 140-3 / NIST 800-90b compliant userspace jitter entropy generator library, used by other FIPS libraries. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3328-1 Released: Wed Sep 21 12:48:56 2022 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: 1202870 This update for jitterentropy fixes the following issues: - Hide the non-GNUC constructs that are library internal from the exported header, to make it usable in builds with strict C99 compliance. (bsc#1202870) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3663-1 Released: Wed Oct 19 19:05:21 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1121365,1180995,1190651,1190653,1190888,1193859,1198471,1198472,1201293,1202148,1203046,1203069 This update for openssl-1_1 fixes the following issues: - FIPS: Default to RFC-7919 groups for genparam and dhparam - FIPS: list only FIPS approved digest and public key algorithms [bsc#1121365, bsc#1190888, bsc#1193859, bsc#1198471, bsc#1198472] - FIPS: Add KAT for the RAND_DRBG implementation [bsc#1203069] - FIPS: openssl: RAND api should call into FIPS DRBG [bsc#1201293] * The FIPS_drbg implementation is not FIPS validated anymore. To provide backwards compatibility for applications that need FIPS compliant RNG number generation and use FIPS_drbg_generate, this function was re-wired to call the FIPS validated DRBG instance instead through the RAND_bytes() call. - FIPS: Fix minor memory leaks by FIPS patch [bsc#1203046] - FIPS: OpenSSL: Port openssl to use jitterentropy [bsc#1202148, jsc#SLE-24941] libcrypto.so now requires libjitterentropy3 library. - FIPS: OpenSSL Provide a service-level indicator [bsc#1190651] - FIPS: Add zeroization of temporary variables to the hmac integrity function FIPSCHECK_verify(). [bsc#1190653] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3670-1 Released: Thu Oct 20 10:44:13 2022 Summary: Recommended update for zchunk Type: recommended Severity: moderate References: 1204244 This update for zchunk fixes the following issues: - Make sure to ship libzck1 to Micro 5.3 (bsc#1204244) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3683-1 Released: Fri Oct 21 11:48:39 2022 Summary: Security update for libksba Type: security Severity: critical References: 1204357,CVE-2022-3515 This update for libksba fixes the following issues: - CVE-2022-3515: Fixed a possible overflow in the TLV parser (bsc#1204357). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3692-1 Released: Fri Oct 21 16:15:07 2022 Summary: Security update for libxml2 Type: security Severity: important References: 1204366,1204367,CVE-2022-40303,CVE-2022-40304 This update for libxml2 fixes the following issues: - CVE-2022-40303: Fixed integer overflows with XML_PARSE_HUGE (bsc#1204366). - CVE-2022-40304: Fixed dict corruption caused by entity reference cycles (bsc#1204367). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3785-1 Released: Wed Oct 26 20:20:19 2022 Summary: Security update for curl Type: security Severity: important References: 1204383,1204386,CVE-2022-32221,CVE-2022-42916 This update for curl fixes the following issues: - CVE-2022-32221: Fixed POST following PUT confusion (bsc#1204383). - CVE-2022-42916: Fixed HSTS bypass via IDN (bsc#1204386). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3787-1 Released: Thu Oct 27 04:41:09 2022 Summary: Recommended update for permissions Type: recommended Severity: important References: 1194047,1203911 This update for permissions fixes the following issues: - Fix regression introduced by backport of security fix (bsc#1203911) - Add permissions for enlightenment helper on 32bit arches (bsc#1194047) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3870-1 Released: Fri Nov 4 11:12:08 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1190651,1202148 This update for openssl-1_1 fixes the following issues: - FIPS: Add a missing dependency on jitterentropy-devel for libopenssl-1_1-devel (bsc#1202148) - FIPS: OpenSSL service-level indicator: Allow AES XTS 256 (bsc#1190651) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3910-1 Released: Tue Nov 8 13:05:04 2022 Summary: Recommended update for pam Type: recommended Severity: moderate References: This update for pam fixes the following issue: - Update pam_motd to the most current version. (PED-1712) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3922-1 Released: Wed Nov 9 09:03:33 2022 Summary: Security update for protobuf Type: security Severity: important References: 1194530,1203681,1204256,CVE-2021-22569,CVE-2022-1941,CVE-2022-3171 This update for protobuf fixes the following issues: - CVE-2021-22569: Fixed Denial of Service in protobuf-java in the parsing procedure for binary data (bsc#1194530). - CVE-2022-1941: Fix a potential DoS issue in protobuf-cpp and protobuf-python (bsc#1203681) - CVE-2022-3171: Fix a potential DoS issue when parsing with binary data in protobuf-java (bsc#1204256) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3961-1 Released: Mon Nov 14 07:33:50 2022 Summary: Recommended update for zlib Type: recommended Severity: important References: 1203652 This update for zlib fixes the following issues: - Fix updating strm.adler with inflate() if DFLTCC is used (bsc#1203652) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4062-1 Released: Fri Nov 18 09:05:07 2022 Summary: Recommended update for libusb-1_0 Type: recommended Severity: moderate References: 1201590 This update for libusb-1_0 fixes the following issues: - Fix regression where some devices no longer work if they have a configuration value of 0 (bsc#1201590) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4066-1 Released: Fri Nov 18 10:43:00 2022 Summary: Recommended update for timezone Type: recommended Severity: important References: 1177460,1202324,1204649,1205156 This update for timezone fixes the following issues: Update timezone version from 2022a to 2022f (bsc#1177460, bsc#1204649, bsc#1205156): - Mexico will no longer observe DST except near the US border - Chihuahua moves to year-round -06 on 2022-10-30 - Fiji no longer observes DST - In vanguard form, GMT is now a Zone and Etc/GMT a link - zic now supports links to links, and vanguard form uses this - Simplify four Ontario zones - Fix a Y2438 bug when reading TZif data - Enable 64-bit time_t on 32-bit glibc platforms - Omit large-file support when no longer needed - Jordan and Syria switch from +02/+03 with DST to year-round +03 - Palestine transitions are now Saturdays at 02:00 - Simplify three Ukraine zones into one - Improve tzselect on intercontinental Zones - Chile's DST is delayed by a week in September 2022 (bsc#1202324) - Iran no longer observes DST after 2022 - Rename Europe/Kiev to Europe/Kyiv - New `zic -R` command option - Vanguard form now uses %z ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4135-1 Released: Mon Nov 21 00:13:40 2022 Summary: Recommended update for libeconf Type: recommended Severity: moderate References: 1198165 This update for libeconf fixes the following issues: - Update to version 0.4.6+git - econftool: Parsing error: Reporting file and line nr. --delimeters=spaces accepting all kind of spaces for delimiter. - libeconf: Parse files correctly on space characters (1198165) - Update to version 0.4.5+git - econftool: New call 'syntax' for checking the configuration files only. Returns an error string with line number if error. New options '--comment' and '--delimeters' ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4153-1 Released: Mon Nov 21 14:34:09 2022 Summary: Security update for krb5 Type: security Severity: important References: 1205126,CVE-2022-42898 This update for krb5 fixes the following issues: - CVE-2022-42898: Fixed integer overflow in PAC parsing (bsc#1205126). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4198-1 Released: Wed Nov 23 13:15:04 2022 Summary: Recommended update for rpm Type: recommended Severity: moderate References: 1202750 This update for rpm fixes the following issues: - Strip critical bit in signature subpackage parsing - No longer deadlock DNF after pubkey import (bsc#1202750) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4212-1 Released: Thu Nov 24 15:53:48 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1190651 This update for openssl-1_1 fixes the following issues: - FIPS: Mark PBKDF2 with key shorter than 112 bits as non-approved (bsc#1190651) - FIPS: Consider RSA siggen/sigver with PKCS1 padding also approved (bsc#1190651) - FIPS: Return the correct indicator for a given EC group order bits (bsc#1190651) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4597-1 Released: Wed Dec 21 10:13:11 2022 Summary: Security update for curl Type: security Severity: important References: 1206308,1206309,CVE-2022-43551,CVE-2022-43552 This update for curl fixes the following issues: - CVE-2022-43552: HTTP Proxy deny use-after-free (bsc#1206309). - CVE-2022-43551: Fixed HSTS bypass via IDN (bsc#1206308). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4628-1 Released: Wed Dec 28 09:23:13 2022 Summary: Security update for sqlite3 Type: security Severity: moderate References: 1206337,CVE-2022-46908 This update for sqlite3 fixes the following issues: - CVE-2022-46908: Properly implement the azProhibitedFunctions protection mechanism, when relying on --safe for execution of an untrusted CLI script (bsc#1206337). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:25-1 Released: Thu Jan 5 09:51:41 2023 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: Version update from 2022f to 2022g (bsc#1177460): - In the Mexican state of Chihuahua: * The border strip near the US will change to agree with nearby US locations on 2022-11-30. * The strip's western part, represented by Ciudad Juarez, switches from -06 all year to -07/-06 with US DST rules, like El Paso, TX. * The eastern part, represented by Ojinaga, will observe US DST next year, like Presidio, TX. * A new Zone America/Ciudad_Juarez splits from America/Ojinaga. - Much of Greenland, represented by America/Nuuk, stops observing winter time after March 2023, so its daylight saving time becomes standard time. - Changes for pre-1996 northern Canada - Update to past DST transition in Colombia (1993), Singapore (1981) - 'timegm' is now supported by default ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:45-1 Released: Mon Jan 9 10:32:26 2023 Summary: Recommended update for libxml2 Type: recommended Severity: moderate References: 1204585 This update for libxml2 fixes the following issues: - Add W3C conformance tests to the testsuite (bsc#1204585): * Added file xmlts20080827.tar.gz ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:48-1 Released: Mon Jan 9 10:37:54 2023 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1199467 This update for libtirpc fixes the following issues: - Consider /proc/sys/net/ipv4/ip_local_reserved_ports, before binding to a random port (bsc#1199467) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:56-1 Released: Mon Jan 9 11:13:43 2023 Summary: Security update for libksba Type: security Severity: moderate References: 1206579,CVE-2022-47629 This update for libksba fixes the following issues: - CVE-2022-47629: Fixed an integer overflow vulnerability in the CRL signature parser (bsc#1206579). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:178-1 Released: Thu Jan 26 20:58:21 2023 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1207182 This update for openssl-1_1 fixes the following issues: - FIPS: Add Pair-wise Consistency Test when generating DH key [bsc#1207182] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:181-1 Released: Thu Jan 26 21:55:43 2023 Summary: Recommended update for procps Type: recommended Severity: low References: 1206412 This update for procps fixes the following issues: - Improve memory handling/usage (bsc#1206412) - Make sure that correct library version is installed (bsc#1206412) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:188-1 Released: Fri Jan 27 12:07:19 2023 Summary: Recommended update for zlib Type: recommended Severity: important References: 1203652 This update for zlib fixes the following issues: - Follow up fix for bug bsc#1203652 due to libxml2 issues ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:311-1 Released: Tue Feb 7 17:36:32 2023 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1207533,1207534,1207536,1207538,CVE-2022-4304,CVE-2022-4450,CVE-2023-0215,CVE-2023-0286 This update for openssl-1_1 fixes the following issues: - CVE-2023-0286: Fixed X.400 address type confusion in X.509 GENERAL_NAME_cmp for x400Address (bsc#1207533). - CVE-2023-0215: Fixed use-after-free following BIO_new_NDEF() (bsc#1207536). - CVE-2022-4450: Fixed double free after calling PEM_read_bio_ex() (bsc#1207538). - CVE-2022-4304: Fixed timing Oracle in RSA Decryption (bsc#1207534). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:429-1 Released: Wed Feb 15 17:41:22 2023 Summary: Security update for curl Type: security Severity: important References: 1207990,1207991,1207992,CVE-2023-23914,CVE-2023-23915,CVE-2023-23916 This update for curl fixes the following issues: - CVE-2023-23914: Fixed HSTS ignored on multiple requests (bsc#1207990). - CVE-2023-23915: Fixed HSTS amnesia with --parallel (bsc#1207991). - CVE-2023-23916: Fixed HTTP multi-header compression denial of service (bsc#1207992). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:563-1 Released: Tue Feb 28 10:51:46 2023 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1207994 This update for openssl-1_1 fixes the following issues: - FIPS: Serialize jitterentropy calls to avoid thread safety issues [bsc#1207994] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:617-1 Released: Fri Mar 3 16:49:06 2023 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: 1207789 This update for jitterentropy fixes the following issues: - build jitterentropy library with debuginfo (bsc#1207789) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:714-1 Released: Mon Mar 13 10:53:25 2023 Summary: Recommended update for rpm Type: recommended Severity: important References: 1207294 This update for rpm fixes the following issues: - Fix missing python(abi) for 3.XX versions (bsc#1207294) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:782-1 Released: Thu Mar 16 19:08:34 2023 Summary: Recommended update for libgcrypt Type: recommended Severity: moderate References: 1208924,1208925,1208926 This update for libgcrypt fixes the following issues: - FIPS: ECC: Transition to error-state if PCT fail [bsc#1208925] - FIPS: ECDSA: Avoid no-keytest in ECDSA keygen [bsc#1208924] - FIPS: PBKDF2: Added additional checks for the minimum key length, salt length, iteration count and passphrase length to the kdf FIPS indicator in _gcry_fips_indicator_kdf() [bsc#1208926] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:783-1 Released: Thu Mar 16 19:09:03 2023 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1208998 This update for openssl-1_1 fixes the following issues: FIPS: Service-level indicator changes [bsc#1208998] * Add additional checks required by FIPS 140-3. Minimum values for PBKDF2 are: 112 bits for key, 128 bits for salt, 1000 for iteration count and 20 characters for password. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:788-1 Released: Thu Mar 16 19:37:59 2023 Summary: Recommended update for libsolv, libzypp, zypper Type: recommended Severity: important References: 1178233,1203248,1203249,1203715,1204548,1204956,1205570,1205636,1206949 This update for libsolv, libzypp, zypper fixes the following issues: libsolv: - Do not autouninstall SUSE PTF packages - Ensure 'duplinvolvedmap_all' is reset when a solver is reused - Fix 'keep installed' jobs not disabling 'best update' rules - New '-P' and '-W' options for `testsolv` - New introspection interface for weak dependencies similar to ruleinfos - Ensure special case file dependencies are written correctly in the testcase writer - Support better info about alternatives - Support decision reason queries - Support merging of related decisions - Support stringification of multiple solvables - Support stringification of ruleinfo, decisioninfo and decision reasons libzypp: - Avoid calling getsockopt when we know the info already. This patch should fix logging on WSL, getsockopt seems to not be fully supported but the code required it when accepting new socket connections (bsc#1178233) - Avoid redirecting 'history.logfile=/dev/null' into the target - Create '.no_auto_prune' in the package cache dir to prevent auto cleanup of orphaned repositories (bsc#1204956) - Enhance yaml-cpp detection - Improve download of optional files - MultiCurl: Make sure to reset the progress function when falling back. - Properly reset range requests (bsc#1204548) - Removing a PTF without enabled repos should always fail (bsc#1203248) Without enabled repos, the dependent PTF-packages would be removed (not replaced!) as well. To remove a PTF `zypper install -- -PTF` or a dedicated `zypper removeptf PTF` should be used. This will update the installed PTF packages to theit latest version. - Skip media.1/media download for http repo status calc. This patch allows zypp to skip a extra media.1/media download to calculate if a repository needs to be refreshed. This optimisation only takes place if the repo does specify only downloading base urls. - Use a dynamic fallback for BLKSIZE in downloads. When not receiving a blocklist via metalink file from the server MediaMultiCurl used to fallback to a fixed, relatively small BLKSIZE. This patch changes the fallback into a dynamic value based on the filesize using a similar metric as the MirrorCache implementation on the server side. - ProgressData: enforce reporting the INIT||END state (bsc#1206949) - ps: fix service detection on newer Tumbleweed systems (bsc#1205636) zypper: - Allow to (re)add a service with the same URL (bsc#1203715) - Bump dependency requirement to libzypp-devel 17.31.7 or greater - Explain outdatedness of repositories - patterns: Avoid dispylaing superfluous @System entries (bsc#1205570) - Provide `removeptf` command (bsc#1203249) A remove command which prefers replacing dependant packages to removing them as well. A PTF is typically removed as soon as the fix it provides is applied to the latest official update of the dependant packages. However it is not desired for the dependant packages to be removed together with the PTF, which is what the remove command would do. The `removeptf` command however will aim to replace the dependant packages by their official update versions. - Update man page and explain '.no_auto_prune' (bsc#1204956) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1582-1 Released: Mon Mar 27 10:31:52 2023 Summary: Security update for curl Type: security Severity: moderate References: 1209209,1209210,1209211,1209212,1209214,CVE-2023-27533,CVE-2023-27534,CVE-2023-27535,CVE-2023-27536,CVE-2023-27538 This update for curl fixes the following issues: - CVE-2023-27533: Fixed TELNET option IAC injection (bsc#1209209). - CVE-2023-27534: Fixed SFTP path ~ resolving discrepancy (bsc#1209210). - CVE-2023-27535: Fixed FTP too eager connection reuse (bsc#1209211). - CVE-2023-27536: Fixed GSS delegation too eager connection reuse (bsc#1209212). - CVE-2023-27538: Fixed SSH connection too eager reuse still (bsc#1209214). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1662-1 Released: Wed Mar 29 10:36:23 2023 Summary: Recommended update for patterns-base Type: recommended Severity: moderate References: 1203537 This update for patterns-base fixes the following issues: - change label of FIPS 140-2 to 140-3 to reflect our current certifications (bsc#1203537) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1688-1 Released: Wed Mar 29 18:19:10 2023 Summary: Security update for zstd Type: security Severity: moderate References: 1209533,CVE-2022-4899 This update for zstd fixes the following issues: - CVE-2022-4899: Fixed buffer overrun in util.c (bsc#1209533). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1745-1 Released: Tue Apr 4 09:05:23 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1209624,CVE-2023-0464 This update for openssl-1_1 fixes the following issues: - CVE-2023-0464: Fixed excessive Resource Usage Verifying X.509 Policy Constraints (bsc#1209624). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1805-1 Released: Tue Apr 11 10:12:41 2023 Summary: Recommended update for timezone Type: recommended Severity: important References: This update for timezone fixes the following issues: - Version update from 2022g to 2023c: * Egypt now uses DST again, from April through October. * This year Morocco springs forward April 23, not April 30. * Palestine delays the start of DST this year. * Much of Greenland still uses DST from 2024 on. * America/Yellowknife now links to America/Edmonton. * tzselect can now use current time to help infer timezone. * The code now defaults to C99 or later. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1911-1 Released: Wed Apr 19 13:02:33 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1209873,1209878,CVE-2023-0465,CVE-2023-0466 This update for openssl-1_1 fixes the following issues: - CVE-2023-0465: Invalid certificate policies in leaf certificates were silently ignored (bsc#1209878). - CVE-2023-0466: Certificate policy check were not enabled (bsc#1209873). The following package changes have been done: - glibc-2.31-150300.46.1 updated - krb5-1.19.2-150400.3.3.1 updated - libblkid1-2.37.2-150400.8.14.1 updated - libcurl4-7.79.1-150400.5.18.1 updated - libeconf0-0.4.6+git20220427.3016f4e-150400.3.3.1 updated - libfdisk1-2.37.2-150400.8.14.1 updated - libgcc_s1-12.2.1+git416-150000.1.7.1 updated - libgcrypt20-hmac-1.9.4-150400.6.8.1 updated - libgcrypt20-1.9.4-150400.6.8.1 updated - libglib-2_0-0-2.70.5-150400.3.3.1 updated - libjitterentropy3-3.4.0-150000.1.9.1 added - libksba8-1.3.5-150000.4.6.1 updated - libmount1-2.37.2-150400.8.14.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.34.1 updated - libopenssl1_1-1.1.1l-150400.7.34.1 updated - libprocps7-3.3.15-150000.7.28.1 updated - libprotobuf-lite20-3.9.2-150200.4.19.2 updated - libsmartcols1-2.37.2-150400.8.14.1 updated - libsolv-tools-0.7.23-150400.3.3.1 updated - libsqlite3-0-3.39.3-150000.3.20.1 updated - libsystemd0-249.16-150400.8.25.7 updated - libtirpc-netconfig-1.2.6-150300.3.17.1 updated - libtirpc3-1.2.6-150300.3.17.1 updated - libudev1-249.16-150400.8.25.7 updated - libusb-1_0-0-1.0.24-150400.3.3.1 updated - libuuid1-2.37.2-150400.8.14.1 updated - libxml2-2-2.9.14-150400.5.13.1 updated - libz1-1.2.11-150000.3.39.1 updated - libzck1-1.1.16-150400.3.2.1 updated - libzstd1-1.5.0-150400.3.3.1 updated - libzypp-17.31.8-150400.3.14.1 updated - login_defs-4.8.1-150400.10.3.1 updated - openssl-1_1-1.1.1l-150400.7.34.1 updated - pam-1.3.0-150000.6.61.1 updated - patterns-base-fips-20200124-150400.20.4.1 updated - permissions-20201225-150400.5.16.1 updated - procps-3.3.15-150000.7.28.1 updated - rpm-ndb-4.14.3-150300.55.1 updated - shadow-4.8.1-150400.10.3.1 updated - timezone-2023c-150000.75.23.1 updated - util-linux-2.37.2-150400.8.14.1 updated - zypper-1.14.59-150400.3.12.2 updated - container:sles15-image-15.0.0-27.14.53 updated From sle-updates at lists.suse.com Sat Apr 22 07:06:55 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 22 Apr 2023 09:06:55 +0200 (CEST) Subject: SUSE-CU-2023:1237-1: Recommended update of suse/sle15 Message-ID: <20230422070655.41730F457@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1237-1 Container Tags : bci/bci-base:15.3 , bci/bci-base:15.3.17.20.126 , suse/sle15:15.3 , suse/sle15:15.3.17.20.126 Container Release : 17.20.126 Severity : moderate Type : recommended References : 1203599 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1945-1 Released: Fri Apr 21 14:13:27 2023 Summary: Recommended update for elfutils Type: recommended Severity: moderate References: 1203599 This update for elfutils fixes the following issues: - go1.19 builds created debuginfo that was not extractable using rpm / elfutils 0.177. (bsc#1203599) The following package changes have been done: - libdw1-0.177-150300.11.6.1 updated - libebl-plugins-0.177-150300.11.6.1 updated - libelf1-0.177-150300.11.6.1 updated From sle-updates at lists.suse.com Sat Apr 22 07:07:41 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 22 Apr 2023 09:07:41 +0200 (CEST) Subject: SUSE-CU-2023:1238-1: Recommended update of suse/389-ds Message-ID: <20230422070741.95F3CF457@maintenance.suse.de> SUSE Container Update Advisory: suse/389-ds ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1238-1 Container Tags : suse/389-ds:2.0 , suse/389-ds:2.0-21.13 , suse/389-ds:latest Container Release : 21.13 Severity : moderate Type : recommended References : 1191546 1207209 1208242 1208999 ----------------------------------------------------------------- The container suse/389-ds was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1939-1 Released: Fri Apr 21 11:14:30 2023 Summary: Recommended update for mozilla-nss Type: recommended Severity: moderate References: 1191546,1207209,1208242,1208999 This update for mozilla-nss fixes the following issues: - FIPS 140-3: Adjust SLI reporting for PBKDF2 parameter validation (bsc#1208999) - FIPS 140-3: Update session->lastOpWasFIPS before destroying the key after derivation in the CKM_TLS12_KEY_AND_MAC_DERIVE, CKM_NSS_TLS_KEY_AND_MAC_DERIVE_SHA256, CKM_TLS_KEY_AND_MAC_DERIVE and CKM_SSL3_KEY_AND_MAC_DERIVE cases. (bsc#1191546) - FIPS 140-3: more changes for pairwise consistency checks. (bsc#1207209) - Add manpages to mozilla-nss-tools (bsc#1208242) The following package changes have been done: - libfreebl3-3.79.4-150400.3.29.1 updated - libfreebl3-hmac-3.79.4-150400.3.29.1 updated - mozilla-nss-certs-3.79.4-150400.3.29.1 updated - libsoftokn3-3.79.4-150400.3.29.1 updated - mozilla-nss-3.79.4-150400.3.29.1 updated - mozilla-nss-tools-3.79.4-150400.3.29.1 updated - libsoftokn3-hmac-3.79.4-150400.3.29.1 updated From sle-updates at lists.suse.com Sat Apr 22 07:08:31 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 22 Apr 2023 09:08:31 +0200 (CEST) Subject: SUSE-CU-2023:1239-1: Security update of bci/dotnet-aspnet Message-ID: <20230422070831.21AAEF457@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1239-1 Container Tags : bci/dotnet-aspnet:6.0 , bci/dotnet-aspnet:6.0-31.10 , bci/dotnet-aspnet:6.0.16 , bci/dotnet-aspnet:6.0.16-31.10 Container Release : 31.10 Severity : moderate Type : security References : 1208529 1209873 1209878 CVE-2023-0465 CVE-2023-0466 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1911-1 Released: Wed Apr 19 13:02:33 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1209873,1209878,CVE-2023-0465,CVE-2023-0466 This update for openssl-1_1 fixes the following issues: - CVE-2023-0465: Invalid certificate policies in leaf certificates were silently ignored (bsc#1209878). - CVE-2023-0466: Certificate policy check were not enabled (bsc#1209873). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1916-1 Released: Wed Apr 19 16:17:58 2023 Summary: Recommended update for sles-release Type: recommended Severity: low References: 1208529 This update for sles-release fixes the following issue: - Filter libhogweed4 and libnettle6 so they dont get orphaned on system upgrades. (bsc#1208529) The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.34.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.34.1 updated - sles-release-15.4-150400.58.7.3 updated - container:sles15-image-15.0.0-27.14.53 updated From sle-updates at lists.suse.com Sat Apr 22 07:09:31 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 22 Apr 2023 09:09:31 +0200 (CEST) Subject: SUSE-CU-2023:1240-1: Recommended update of bci/openjdk-devel Message-ID: <20230422070931.35D6CF457@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1240-1 Container Tags : bci/openjdk-devel:11 , bci/openjdk-devel:11-39.71 Container Release : 39.71 Severity : moderate Type : recommended References : 1191546 1207209 1208242 1208999 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1939-1 Released: Fri Apr 21 11:14:30 2023 Summary: Recommended update for mozilla-nss Type: recommended Severity: moderate References: 1191546,1207209,1208242,1208999 This update for mozilla-nss fixes the following issues: - FIPS 140-3: Adjust SLI reporting for PBKDF2 parameter validation (bsc#1208999) - FIPS 140-3: Update session->lastOpWasFIPS before destroying the key after derivation in the CKM_TLS12_KEY_AND_MAC_DERIVE, CKM_NSS_TLS_KEY_AND_MAC_DERIVE_SHA256, CKM_TLS_KEY_AND_MAC_DERIVE and CKM_SSL3_KEY_AND_MAC_DERIVE cases. (bsc#1191546) - FIPS 140-3: more changes for pairwise consistency checks. (bsc#1207209) - Add manpages to mozilla-nss-tools (bsc#1208242) The following package changes have been done: - libfreebl3-3.79.4-150400.3.29.1 updated - libfreebl3-hmac-3.79.4-150400.3.29.1 updated - mozilla-nss-certs-3.79.4-150400.3.29.1 updated - libsoftokn3-3.79.4-150400.3.29.1 updated - mozilla-nss-3.79.4-150400.3.29.1 updated - libsoftokn3-hmac-3.79.4-150400.3.29.1 updated - container:bci-openjdk-11-15.4.11-35.36 updated From sle-updates at lists.suse.com Sat Apr 22 07:10:18 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 22 Apr 2023 09:10:18 +0200 (CEST) Subject: SUSE-CU-2023:1241-1: Recommended update of bci/openjdk Message-ID: <20230422071018.AAB20F457@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1241-1 Container Tags : bci/openjdk:11 , bci/openjdk:11-35.36 Container Release : 35.36 Severity : moderate Type : recommended References : 1191546 1207209 1208242 1208999 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1939-1 Released: Fri Apr 21 11:14:30 2023 Summary: Recommended update for mozilla-nss Type: recommended Severity: moderate References: 1191546,1207209,1208242,1208999 This update for mozilla-nss fixes the following issues: - FIPS 140-3: Adjust SLI reporting for PBKDF2 parameter validation (bsc#1208999) - FIPS 140-3: Update session->lastOpWasFIPS before destroying the key after derivation in the CKM_TLS12_KEY_AND_MAC_DERIVE, CKM_NSS_TLS_KEY_AND_MAC_DERIVE_SHA256, CKM_TLS_KEY_AND_MAC_DERIVE and CKM_SSL3_KEY_AND_MAC_DERIVE cases. (bsc#1191546) - FIPS 140-3: more changes for pairwise consistency checks. (bsc#1207209) - Add manpages to mozilla-nss-tools (bsc#1208242) The following package changes have been done: - libfreebl3-3.79.4-150400.3.29.1 updated - libfreebl3-hmac-3.79.4-150400.3.29.1 updated - mozilla-nss-certs-3.79.4-150400.3.29.1 updated - libsoftokn3-3.79.4-150400.3.29.1 updated - mozilla-nss-3.79.4-150400.3.29.1 updated - libsoftokn3-hmac-3.79.4-150400.3.29.1 updated From sle-updates at lists.suse.com Sat Apr 22 07:10:47 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 22 Apr 2023 09:10:47 +0200 (CEST) Subject: SUSE-CU-2023:1242-1: Recommended update of bci/openjdk-devel Message-ID: <20230422071047.1B4FAF457@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1242-1 Container Tags : bci/openjdk-devel:17 , bci/openjdk-devel:17-14.70 , bci/openjdk-devel:latest Container Release : 14.70 Severity : moderate Type : recommended References : 1191546 1207209 1208242 1208999 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1939-1 Released: Fri Apr 21 11:14:30 2023 Summary: Recommended update for mozilla-nss Type: recommended Severity: moderate References: 1191546,1207209,1208242,1208999 This update for mozilla-nss fixes the following issues: - FIPS 140-3: Adjust SLI reporting for PBKDF2 parameter validation (bsc#1208999) - FIPS 140-3: Update session->lastOpWasFIPS before destroying the key after derivation in the CKM_TLS12_KEY_AND_MAC_DERIVE, CKM_NSS_TLS_KEY_AND_MAC_DERIVE_SHA256, CKM_TLS_KEY_AND_MAC_DERIVE and CKM_SSL3_KEY_AND_MAC_DERIVE cases. (bsc#1191546) - FIPS 140-3: more changes for pairwise consistency checks. (bsc#1207209) - Add manpages to mozilla-nss-tools (bsc#1208242) The following package changes have been done: - libfreebl3-3.79.4-150400.3.29.1 updated - libfreebl3-hmac-3.79.4-150400.3.29.1 updated - mozilla-nss-certs-3.79.4-150400.3.29.1 updated - libsoftokn3-3.79.4-150400.3.29.1 updated - mozilla-nss-3.79.4-150400.3.29.1 updated - libsoftokn3-hmac-3.79.4-150400.3.29.1 updated - container:bci-openjdk-17-15.4.17-13.37 updated From sle-updates at lists.suse.com Sat Apr 22 07:11:07 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 22 Apr 2023 09:11:07 +0200 (CEST) Subject: SUSE-CU-2023:1243-1: Recommended update of bci/openjdk Message-ID: <20230422071107.E0C9AF457@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1243-1 Container Tags : bci/openjdk:17 , bci/openjdk:17-13.37 , bci/openjdk:latest Container Release : 13.37 Severity : moderate Type : recommended References : 1191546 1207209 1208242 1208999 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1939-1 Released: Fri Apr 21 11:14:30 2023 Summary: Recommended update for mozilla-nss Type: recommended Severity: moderate References: 1191546,1207209,1208242,1208999 This update for mozilla-nss fixes the following issues: - FIPS 140-3: Adjust SLI reporting for PBKDF2 parameter validation (bsc#1208999) - FIPS 140-3: Update session->lastOpWasFIPS before destroying the key after derivation in the CKM_TLS12_KEY_AND_MAC_DERIVE, CKM_NSS_TLS_KEY_AND_MAC_DERIVE_SHA256, CKM_TLS_KEY_AND_MAC_DERIVE and CKM_SSL3_KEY_AND_MAC_DERIVE cases. (bsc#1191546) - FIPS 140-3: more changes for pairwise consistency checks. (bsc#1207209) - Add manpages to mozilla-nss-tools (bsc#1208242) The following package changes have been done: - libfreebl3-3.79.4-150400.3.29.1 updated - libfreebl3-hmac-3.79.4-150400.3.29.1 updated - mozilla-nss-certs-3.79.4-150400.3.29.1 updated - libsoftokn3-3.79.4-150400.3.29.1 updated - mozilla-nss-3.79.4-150400.3.29.1 updated - libsoftokn3-hmac-3.79.4-150400.3.29.1 updated From sle-updates at lists.suse.com Sat Apr 22 07:12:09 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 22 Apr 2023 09:12:09 +0200 (CEST) Subject: SUSE-CU-2023:1244-1: Recommended update of suse/pcp Message-ID: <20230422071209.87873F457@maintenance.suse.de> SUSE Container Update Advisory: suse/pcp ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1244-1 Container Tags : suse/pcp:5 , suse/pcp:5-14.18 , suse/pcp:5.2 , suse/pcp:5.2-14.18 , suse/pcp:5.2.5 , suse/pcp:5.2.5-14.18 , suse/pcp:latest Container Release : 14.18 Severity : moderate Type : recommended References : 1191546 1207209 1208242 1208999 ----------------------------------------------------------------- The container suse/pcp was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1939-1 Released: Fri Apr 21 11:14:30 2023 Summary: Recommended update for mozilla-nss Type: recommended Severity: moderate References: 1191546,1207209,1208242,1208999 This update for mozilla-nss fixes the following issues: - FIPS 140-3: Adjust SLI reporting for PBKDF2 parameter validation (bsc#1208999) - FIPS 140-3: Update session->lastOpWasFIPS before destroying the key after derivation in the CKM_TLS12_KEY_AND_MAC_DERIVE, CKM_NSS_TLS_KEY_AND_MAC_DERIVE_SHA256, CKM_TLS_KEY_AND_MAC_DERIVE and CKM_SSL3_KEY_AND_MAC_DERIVE cases. (bsc#1191546) - FIPS 140-3: more changes for pairwise consistency checks. (bsc#1207209) - Add manpages to mozilla-nss-tools (bsc#1208242) The following package changes have been done: - libfreebl3-3.79.4-150400.3.29.1 updated - libfreebl3-hmac-3.79.4-150400.3.29.1 updated - mozilla-nss-certs-3.79.4-150400.3.29.1 updated - libsoftokn3-3.79.4-150400.3.29.1 updated - mozilla-nss-3.79.4-150400.3.29.1 updated - libsoftokn3-hmac-3.79.4-150400.3.29.1 updated From sle-updates at lists.suse.com Sun Apr 23 07:03:39 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 23 Apr 2023 09:03:39 +0200 (CEST) Subject: SUSE-CU-2023:1261-1: Security update of suse/sle-micro/5.1/toolbox Message-ID: <20230423070339.E3394F79F@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.1/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1261-1 Container Tags : suse/sle-micro/5.1/toolbox:12.1 , suse/sle-micro/5.1/toolbox:12.1-2.2.377 , suse/sle-micro/5.1/toolbox:latest Container Release : 2.2.377 Severity : critical Type : security References : 1033084 1033085 1033086 1033087 1033088 1033089 1033090 1082318 1104264 1106390 1107066 1107067 1111973 1112723 1112726 1121365 1123685 1125007 1167864 1177460 1177460 1178233 1180995 1181475 1181961 1189282 1189802 1194530 1194550 1195773 1196125 1197684 1198341 1198472 1198627 1198752 1198925 1199042 1199467 1199492 1199895 1200800 1200993 1201092 1201225 1201576 1201638 1201680 1201783 1201972 1201978 1202175 1202310 1202324 1202593 1202750 1202812 1203018 1203046 1203248 1203249 1203599 1203649 1203652 1203652 1203681 1203715 1203911 1204137 1204256 1204357 1204366 1204367 1204383 1204548 1204585 1204649 1204956 1205126 1205156 1205570 1205636 1206309 1206337 1206412 1206579 1206738 1206949 1207294 1207533 1207534 1207536 1207538 1207992 1209209 1209210 1209211 1209212 1209214 1209624 1209873 1209878 CVE-2016-3709 CVE-2017-7607 CVE-2017-7608 CVE-2017-7609 CVE-2017-7610 CVE-2017-7611 CVE-2017-7612 CVE-2017-7613 CVE-2018-16062 CVE-2018-16402 CVE-2018-16403 CVE-2018-18310 CVE-2018-18520 CVE-2018-18521 CVE-2019-7146 CVE-2019-7148 CVE-2019-7149 CVE-2019-7150 CVE-2019-7664 CVE-2019-7665 CVE-2020-10696 CVE-2021-20206 CVE-2021-22569 CVE-2021-36690 CVE-2021-46828 CVE-2022-1941 CVE-2022-29458 CVE-2022-2990 CVE-2022-31252 CVE-2022-3171 CVE-2022-32221 CVE-2022-34903 CVE-2022-3515 CVE-2022-35252 CVE-2022-35737 CVE-2022-37434 CVE-2022-40303 CVE-2022-40304 CVE-2022-42898 CVE-2022-4304 CVE-2022-43552 CVE-2022-4450 CVE-2022-46908 CVE-2022-47629 CVE-2023-0215 CVE-2023-0286 CVE-2023-0464 CVE-2023-0465 CVE-2023-0466 CVE-2023-23916 CVE-2023-27533 CVE-2023-27534 CVE-2023-27535 CVE-2023-27536 CVE-2023-27538 ----------------------------------------------------------------- The container suse/sle-micro/5.1/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2546-1 Released: Mon Jul 25 14:43:22 2022 Summary: Security update for gpg2 Type: security Severity: important References: 1196125,1201225,CVE-2022-34903 This update for gpg2 fixes the following issues: - CVE-2022-34903: Fixed a status injection vulnerability (bsc#1201225). - Use AES as default cipher instead of 3DES when we are in FIPS mode. (bsc#1196125) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2572-1 Released: Thu Jul 28 04:22:33 2022 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1194550,1197684,1199042 This update for libzypp, zypper fixes the following issues: libzypp: - appdata plugin: Pass path to the repodata/ directory inside the cache (bsc#1197684) - zypp-rpm: flush rpm script output buffer before sending endOfScriptTag - PluginRepoverification: initial version hooked into repo::Downloader and repo refresh - Immediately start monitoring the download.transfer_timeout. Do not wait until the first data arrived (bsc#1199042) - singletrans: no dry-run commit if doing just download-only - Work around cases where sat repo.start points to an invalid solvable. May happen if (wrong arch) solvables were removed at the beginning of the repo. - Fix misplaced #endif SINGLE_RPMTRANS_AS_DEFAULT_FOR_ZYPPER zypper: - Basic JobReport for 'cmdout/monitor' - versioncmp: if verbose, also print the edition 'parts' which are compared - Make sure MediaAccess is closed on exception (bsc#1194550) - Display plus-content hint conditionally - Honor the NO_COLOR environment variable when auto-detecting whether to use color - Define table columns which should be sorted natural [case insensitive] - lr/ls: Use highlight color on name and alias as well ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2614-1 Released: Mon Aug 1 10:41:04 2022 Summary: Security update for dwarves and elfutils Type: security Severity: moderate References: 1033084,1033085,1033086,1033087,1033088,1033089,1033090,1082318,1104264,1106390,1107066,1107067,1111973,1112723,1112726,1123685,1125007,CVE-2017-7607,CVE-2017-7608,CVE-2017-7609,CVE-2017-7610,CVE-2017-7611,CVE-2017-7612,CVE-2017-7613,CVE-2018-16062,CVE-2018-16402,CVE-2018-16403,CVE-2018-18310,CVE-2018-18520,CVE-2018-18521,CVE-2019-7146,CVE-2019-7148,CVE-2019-7149,CVE-2019-7150,CVE-2019-7664,CVE-2019-7665 This update for dwarves and elfutils fixes the following issues: elfutils was updated to version 0.177 (jsc#SLE-24501): - elfclassify: New tool to analyze ELF objects. - readelf: Print DW_AT_data_member_location as decimal offset. Decode DW_AT_discr_list block attributes. - libdw: Add DW_AT_GNU_numerator, DW_AT_GNU_denominator and DW_AT_GNU_bias. - libdwelf: Add dwelf_elf_e_machine_string. dwelf_elf_begin now only returns NULL when there is an error reading or decompressing a file. If the file is not an ELF file an ELF handle of type ELF_K_NONE is returned. - backends: Add support for C-SKY. Update to version 0.176: - build: Add new --enable-install-elfh option. Do NOT use this for system installs (it overrides glibc elf.h). - backends: riscv improved core file and return value location support. - Fixes: - CVE-2019-7146, CVE-2019-7148, CVE-2019-7149, CVE-2019-7664 - CVE-2019-7150: dwfl_segment_report_module doesn't check whether the dyn data read from core file is truncated (bsc#1123685) - CVE-2019-7665: NT_PLATFORM core file note should be a zero terminated string (CVE is a bit misleading, as this is not a bug in libelf as described) (bsc#1125007) Update to version 0.175: - readelf: Handle mutliple .debug_macro sections. Recognize and parse GNU Property, NT_VERSION and GNU Build Attribute ELF Notes. - strip: Handle SHT_GROUP correctly. Add strip --reloc-debug-sections-only option. Handle relocations against GNU compressed sections. - libdwelf: New function dwelf_elf_begin. - libcpu: Recognize bpf jump variants BPF_JLT, BPF_JLE, BPF_JSLT and BPF_JSLE. backends: RISCV handles ADD/SUB relocations. Handle SHT_X86_64_UNWIND. - CVE-2018-18521: arlib: Divide-by-zero vulnerabilities in the function arlib_add_symbols() used by eu-ranlib (bsc#1112723) - CVE-2018-18310: Invalid Address Read problem in dwfl_segment_report_module.c (bsc#1111973) - CVE-2018-18520: eu-size: Bad handling of ar files inside are files (bsc#1112726) Update to version 0.174: - libelf, libdw and all tools now handle extended shnum and shstrndx correctly. - elfcompress: Don't rewrite input file if no section data needs updating. Try harder to keep same file mode bits (suid) on rewrite. - strip: Handle mixed (out of order) allocated/non-allocated sections. - unstrip: Handle SHT_GROUP sections. - backends: RISCV and M68K now have backend implementations to generate CFI based backtraces. - Fixes: - CVE-2018-16402: libelf: denial of service/double free on an attempt to decompress the same section twice (bsc#1107066) Double-free crash in nm and readelf - CVE-2018-16403: heap buffer overflow in readelf (bsc#1107067) - CVE-2018-16062: heap-buffer-overflow in /elfutils/libdw/dwarf_getaranges.c:156 (bsc#1106390) Update to version 0.173: - More fixes for crashes and hangs found by afl-fuzz. In particular various functions now detect and break infinite loops caused by bad DIE tree cycles. - readelf: Will now lookup the size and signedness of constant value types to display them correctly (and not just how they were encoded). - libdw: New function dwarf_next_lines to read CU-less .debug_line data. dwarf_begin_elf now accepts ELF files containing just .debug_line or .debug_frame sections (which can be read without needing a DIE tree from the .debug_info section). Removed dwarf_getscn_info, which was never implemented. - backends: Handle BPF simple relocations. The RISCV backends now handles ABI specific CFI and knows about RISCV register types and names. Update to version 0.172: - Various bug fixes in libdw and eu-readelf dealing with bad DWARF5 data. Thanks to running the afl fuzzer on eu-readelf and various testcases. Update to version 0.171: - DWARF5 and split dwarf, including GNU DebugFission, are supported now. Data can be read from the new DWARF sections .debug_addr, .debug_line_str, .debug_loclists, .debug_str_offsets and .debug_rnglists. Plus the new DWARF5 and GNU DebugFission encodings of the existing .debug sections. Also in split DWARF .dwo (DWARF object) files. This support is mostly handled by existing functions (dwarf_getlocation*, dwarf_getsrclines, dwarf_ranges, dwarf_form*, etc.) now returning the data from the new sections and data formats. But some new functions have been added to more easily get information about skeleton and split compile units (dwarf_get_units and dwarf_cu_info), handle new attribute data (dwarf_getabbrevattr_data) and to keep references to Dwarf_Dies that might come from different sections or files (dwarf_die_addr_die). - Not yet supported are .dwp (Dwarf Package) and .sup (Dwarf Supplementary) files, the .debug_names index, the .debug_cu_index and .debug_tu_index sections. Only a single .debug_info (and .debug_types) section are currently handled. - readelf: Handle all new DWARF5 sections. --debug-dump=info+ will show split unit DIEs when found. --dwarf-skeleton can be used when inspecting a .dwo file. Recognizes GNU locviews with --debug-dump=loc. - libdw: New functions dwarf_die_addr_die, dwarf_get_units, dwarf_getabbrevattr_data and dwarf_cu_info. libdw will now try to resolve the alt file on first use of an alt attribute FORM when not set yet with dwarf_set_alt. dwarf_aggregate_size() now works with multi-dimensional arrays. - libdwfl: Use process_vm_readv when available instead of ptrace. backends: Add a RISC-V backend. There were various improvements to build on Windows. The sha1 and md5 implementations have been removed, they weren't used. Update to version 0.170: - libdw: Added new DWARF5 attribute, tag, character encoding, language code, calling convention, defaulted member function and macro constants to dwarf.h. New functions dwarf_default_lower_bound and dwarf_line_file. dwarf_peel_type now handles DWARF5 immutable, packed and shared tags. dwarf_getmacros now handles DWARF5 .debug_macro sections. - strip: Add -R, --remove-section=SECTION and --keep-section=SECTION. - backends: The bpf disassembler is now always build on all platforms. Update to version 0.169: - backends: Add support for EM_PPC64 GNU_ATTRIBUTES. Frame pointer unwinding fallback support for i386, x86_64, aarch64. - translations: Update Polish translation. - CVE-2017-7611: elfutils: DoS (heap-based buffer over-read and application crash) via a crafted ELF file (bsc#1033088) - CVE-2017-7610: elflint: heap-based buffer overflow in check_group (bsc#1033087) - CVE-2017-7609: memory allocation failure in __libelf_decompress (bsc#1033086) - CVE-2017-7607: heap-based buffer overflow in handle_gnu_hashi (readelf.c) (bsc#1033084) - CVE-2017-7608: heap-based buffer overflow in ebl_object_note_type_name (eblobjnotetypename.c) (bsc#1033085) - CVE-2017-7613: elfutils: denial of service (memory consumption) via a crafted ELF file (bsc#1033090) - CVE-2017-7612: elfutils: denial of service (heap-based buffer over-read and application crash) via a crafted ELF file (bsc#1033089) - Don't make elfutils recommend elfutils-lang as elfutils-lang already supplements elfutils. dwarves is shipped new in version 1.22 to provide tooling for use by the Linux Kernel BTF verification framework. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2717-1 Released: Tue Aug 9 12:54:16 2022 Summary: Security update for ncurses Type: security Severity: moderate References: 1198627,CVE-2022-29458 This update for ncurses fixes the following issues: - CVE-2022-29458: Fixed segfaulting out-of-bounds read in convert_strings in tinfo/read_entry.c (bsc#1198627). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2904-1 Released: Fri Aug 26 05:28:34 2022 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1198341 This update for openldap2 fixes the following issues: - Prevent memory reuse which may lead to instability (bsc#1198341) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2929-1 Released: Mon Aug 29 11:21:47 2022 Summary: Recommended update for timezone Type: recommended Severity: important References: 1202310 This update for timezone fixes the following issue: - Reflect new Chile DST change (bsc#1202310) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2944-1 Released: Wed Aug 31 05:39:14 2022 Summary: Recommended update for procps Type: recommended Severity: important References: 1181475 This update for procps fixes the following issues: - Fix 'free' command reporting misleading 'used' value (bsc#1181475) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2947-1 Released: Wed Aug 31 09:16:21 2022 Summary: Security update for zlib Type: security Severity: important References: 1202175,CVE-2022-37434 This update for zlib fixes the following issues: - CVE-2022-37434: Fixed heap-based buffer over-read or buffer overflow via large gzip header extra field (bsc#1202175). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2994-1 Released: Fri Sep 2 10:44:54 2022 Summary: Recommended update for lame, libass, libcdio-paranoia, libdc1394, libgsm, libva, libvdpau, libvorbis, libvpx, libwebp, openjpeg, opus, speex, twolame Type: recommended Severity: moderate References: 1198925 This update for lame, libass, libcdio-paranoia, libdc1394, libgsm, libva, libvdpau, libvorbis, libvpx, libwebp, openjpeg, opus, speex, twolame adds some missing 32bit libraries to some products. (bsc#1198925) No codechanges were done in this update. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3004-1 Released: Fri Sep 2 15:02:14 2022 Summary: Security update for curl Type: security Severity: low References: 1202593,CVE-2022-35252 This update for curl fixes the following issues: - CVE-2022-35252: Fixed a potential injection of control characters into cookies, which could be exploited by sister sites to cause a denial of service (bsc#1202593). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3127-1 Released: Wed Sep 7 04:36:10 2022 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1198752,1200800 This update for libtirpc fixes the following issues: - Exclude ipv6 addresses in client protocol version 2 code (bsc#1200800) - Fix memory leak in params.r_addr assignement (bsc#1198752) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3215-1 Released: Thu Sep 8 15:58:27 2022 Summary: Recommended update for rpm Type: recommended Severity: moderate References: This update for rpm fixes the following issues: - Support Ed25519 RPM signatures [jsc#SLE-24714] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3223-1 Released: Fri Sep 9 04:33:35 2022 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1199895,1200993,1201092,1201576,1201638 This update for libzypp, zypper fixes the following issues: libzypp: - Improve handling of package locks, allowing to reset the status of its initial state (bsc#1199895) - Fix issues when receiving exceptions from curl_easy_cleanup (bsc#1201092) - Don't auto-flag kernel-firmware as 'reboot-needed' (bsc#1200993) - Remove Medianetwork and its dependent code. First reason for this is that MediaNetwork was just meant as a way to test the new CURL based downloaded. Second the Provide API is going to completely replace the current media backend. zypper: - Truncate the 'Name' column when using `zypper lr`, if the table is wider than the terminal (bsc#1201638) - Reject install/remove modifier without argument (bsc#1201576) - zypper-download: Handle unresolvable arguments as errors - Put signing key supplying repository name in quotes ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3276-1 Released: Thu Sep 15 06:15:29 2022 Summary: This update fixes the following issues: Type: recommended Severity: moderate References: Implement ECO jsc#SLE-20950 to fix the channel configuration for libeconf-devel having L3 support (instead of unsupported). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3304-1 Released: Mon Sep 19 11:43:25 2022 Summary: Recommended update for libassuan Type: recommended Severity: moderate References: This update for libassuan fixes the following issues: - Add a timeout for writing to a SOCKS5 proxy - Add workaround for a problem with LD_LIBRARY_PATH on newer systems - Fix issue in the logging code - Fix some build trivialities - Upgrade autoconf ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3305-1 Released: Mon Sep 19 11:45:57 2022 Summary: Security update for libtirpc Type: security Severity: important References: 1201680,CVE-2021-46828 This update for libtirpc fixes the following issues: - CVE-2021-46828: Fixed denial of service vulnerability with lots of connections (bsc#1201680). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3307-1 Released: Mon Sep 19 13:26:51 2022 Summary: Security update for sqlite3 Type: security Severity: moderate References: 1189802,1195773,1201783,CVE-2021-36690,CVE-2022-35737 This update for sqlite3 fixes the following issues: - CVE-2022-35737: Fixed an array-bounds overflow if billions of bytes are used in a string argument to a C API (bnc#1201783). - CVE-2021-36690: Fixed an issue with the SQLite Expert extension when a column has no collating sequence (bsc#1189802). - Package the Tcl bindings here again so that we only ship one copy of SQLite (bsc#1195773). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3394-1 Released: Mon Sep 26 16:05:19 2022 Summary: Security update for permissions Type: security Severity: moderate References: 1203018,CVE-2022-31252 This update for permissions fixes the following issues: - CVE-2022-31252: Fixed chkstat group controlled paths (bsc#1203018). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3555-1 Released: Mon Oct 10 14:05:12 2022 Summary: Recommended update for aaa_base Type: recommended Severity: important References: 1199492 This update for aaa_base fixes the following issues: - The wrapper rootsh is not a restricted shell. (bsc#1199492) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3565-1 Released: Tue Oct 11 16:17:38 2022 Summary: Recommended update for libzypp, zypper Type: recommended Severity: critical References: 1189282,1201972,1203649 This update for libzypp, zypper fixes the following issues: libzypp: - Enable 'zck' support for SUSE Linux Enterprise 15 Service Pack 4 and newer (bsc#1189282) - Fix regression leading to `-allow-vendor-change` and `no-allow-vendor-change` options being ignored (bsc#1201972) - Remove migration code that is no longer needed (bsc#1203649) - Store logrotate files in vendor specif directory '/usr/etc/logrotate.d' if so defined zypper: - Fix contradiction in the man page: `--download-in-advance` option is the default behavior - Fix regression leading to `-allow-vendor-change` and `no-allow-vendor-change` options being ignored (bsc#1201972) - Fix tests to use locale 'C.UTF-8' rather than 'en_US' - Make sure 'up' respects solver related CLI options (bsc#1201972) - Remove unneeded code to compute the PPP status because it is now auto established - Store logrotate files in vendor specif directory '/usr/etc/logrotate.d' if so defined ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3683-1 Released: Fri Oct 21 11:48:39 2022 Summary: Security update for libksba Type: security Severity: critical References: 1204357,CVE-2022-3515 This update for libksba fixes the following issues: - CVE-2022-3515: Fixed a possible overflow in the TLV parser (bsc#1204357). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3766-1 Released: Wed Oct 26 11:38:01 2022 Summary: Security update for buildah Type: security Severity: important References: 1167864,1181961,1202812,CVE-2020-10696,CVE-2021-20206,CVE-2022-2990 This update for buildah fixes the following issues: - CVE-2021-20206: Fixed an issue in libcni that could allow an attacker to execute arbitrary binaries on the host (bsc#1181961). - CVE-2020-10696: Fixed an issue that could lead to files being overwritten during the image building process (bsc#1167864). - CVE-2022-2990: Fixed possible information disclosure and modification / bsc#1202812 Buildah was updated to version 1.27.1: * run: add container gid to additional groups - Add fix for CVE-2022-2990 / bsc#1202812 Update to version 1.27.0: * Don't try to call runLabelStdioPipes if spec.Linux is not set * build: support filtering cache by duration using --cache-ttl * build: support building from commit when using git repo as build context * build: clean up git repos correctly when using subdirs * integration tests: quote '?' in shell scripts * test: manifest inspect should have OCIv1 annotation * vendor: bump to c/common at 87fab4b7019a * Failure to determine a file or directory should print an error * refactor: remove unused CommitOptions from generateBuildOutput * stage_executor: generate output for cases with no commit * stage_executor, commit: output only if last stage in build * Use errors.Is() instead of os.Is{Not,}Exist * Minor test tweak for podman-remote compatibility * Cirrus: Use the latest imgts container * imagebuildah: complain about the right Dockerfile * tests: don't try to wrap `nil` errors * cmd/buildah.commitCmd: don't shadow 'err' * cmd/buildah.pullCmd: complain about DecryptConfig/EncryptConfig * Fix a copy/paste error message * Fix a typo in an error message * build,cache: support pulling/pushing cache layers to/from remote sources * Update vendor of containers/(common, storage, image) * Rename chroot/run.go to chroot/run_linux.go * Don't bother telling codespell to skip files that don't exist * Set user namespace defaults correctly for the library * imagebuildah: optimize cache hits for COPY and ADD instructions * Cirrus: Update VM images w/ updated bats * docs, run: show SELinux label flag for cache and bind mounts * imagebuildah, build: remove undefined concurrent writes * bump github.com/opencontainers/runtime-tools * Add FreeBSD support for 'buildah info' * Vendor in latest containers/(storage, common, image) * Add freebsd cross build targets * Make the jail package build on 32bit platforms * Cirrus: Ensure the build-push VM image is labeled * GHA: Fix dynamic script filename * Vendor in containers/(common, storage, image) * Run codespell * Remove import of github.com/pkg/errors * Avoid using cgo in pkg/jail * Rename footypes to fooTypes for naming consistency * Move cleanupTempVolumes and cleanupRunMounts to run_common.go * Make the various run mounts work for FreeBSD * Move get{Bind,Tmpfs,Secret,SSH}Mount to run_common.go * Move runSetupRunMounts to run_common.go * Move cleanableDestinationListFromMounts to run_common.go * Make setupMounts and runSetupBuiltinVolumes work on FreeBSD * Move setupMounts and runSetupBuiltinVolumes to run_common.go * Tidy up - runMakeStdioPipe can't be shared with linux * Move runAcceptTerminal to run_common.go * Move stdio copying utilities to run_common.go * Move runUsingRuntime and runCollectOutput to run_common.go * Move fileCloser, waitForSync and contains to run_common.go * Move checkAndOverrideIsolationOptions to run_common.go * Move DefaultNamespaceOptions to run_common.go * Move getNetworkInterface to run_common.go * Move configureEnvironment to run_common.go * Don't crash in configureUIDGID if Process.Capabilities is nil * Move configureUIDGID to run_common.go * Move runLookupPath to run_common.go * Move setupTerminal to run_common.go * Move etc file generation utilities to run_common.go * Add run support for FreeBSD * Add a simple FreeBSD jail library * Add FreeBSD support to pkg/chrootuser * Sync call signature for RunUsingChroot with chroot/run.go * test: verify feature to resolve basename with args * vendor: bump openshift/imagebuilder to master at 4151e43 * GHA: Remove required reserved-name use * buildah: set XDG_RUNTIME_DIR before setting default runroot * imagebuildah: honor build output even if build container is not commited * chroot: honor DefaultErrnoRet * [CI:DOCS] improve pull-policy documentation * tests: retrofit test since --file does not supports dir * Switch to golang native error wrapping * BuildDockerfiles: error out if path to containerfile is a directory * define.downloadToDirectory: fail early if bad HTTP response * GHA: Allow re-use of Cirrus-Cron fail-mail workflow * add: fail on bad http response instead of writing to container * [CI:DOCS] Update buildahimage comment * lint: inspectable is never nil * vendor: c/common to common at 7e1563b * build: support OCI hooks for ephemeral build containers * [CI:BUILD] Install latest buildah instead of compiling * Add subid support with BuildRequires and BUILDTAG [NO NEW TESTS NEEDED] * Make sure cpp is installed in buildah images * demo: use unshare for rootless invocations * buildah.spec.rpkg: initial addition * build: fix test for subid 4 * build, userns: add support for --userns=auto * Fix building upstream buildah image * Remove redundant buildahimages-are-sane validation * Docs: Update multi-arch buildah images readme * Cirrus: Migrate multiarch build off github actions * retrofit-tests: we skip unused stages so use stages * stage_executor: dont rely on stage while looking for additional-context * buildkit, multistage: skip computing unwanted stages * More test cleanup * copier: work around freebsd bug for 'mkdir /' * Replace $BUILDAH_BINARY with buildah() function * Fix up buildah images * Make util and copier build on FreeBSD * Vendor in latest github.com/sirupsen/logrus * Makefile: allow building without .git * run_unix: don't return an error from getNetworkInterface * run_unix: return a valid DefaultNamespaceOptions * Update vendor of containers/storage * chroot: use ActKillThread instead of ActKill * use resolvconf package from c/common/libnetwork * update c/common to latest main * copier: add `NoOverwriteNonDirDir` option * Sort buildoptions and move cli/build functions to internal * Fix TODO: de-spaghettify run mounts * Move options parsing out of build.go and into pkg/cli * [CI:DOCS] Tutorial 04 - Include Debian/Ubuntu deps * build, multiarch: support splitting build logs for --platform * [CI:BUILD] WIP Cleanup Image Dockerfiles * cli remove stutter * docker-parity: ignore sanity check if baseImage history is null * build, commit: allow disabling image history with --omit-history * Fix use generic/ambiguous DEBUG name * Cirrus: use Ubuntu 22.04 LTS * Fix codespell errors * Remove util.StringInSlice because it is defined in containers/common * buildah: add support for renaming a device in rootless setups * squash: never use build cache when computing last step of last stage * Update vendor of containers/(common, storage, image) * buildkit: supports additionalBuildContext in builds via --build-context * buildah source pull/push: show progress bar * run: allow resuing secret twice in different RUN steps * test helpers: default to being rootless-aware * Add --cpp-flag flag to buildah build * build: accept branch and subdirectory when context is git repo * Vendor in latest containers/common * vendor: update c/storage and c/image * Fix gentoo install docs * copier: move NSS load to new process * Add test for prevention of reusing encrypted layers * Make `buildah build --label foo` create an empty 'foo' label again Update to version 1.26.4: * build, multiarch: support splitting build logs for --platform * copier: add `NoOverwriteNonDirDir` option * docker-parity: ignore sanity check if baseImage history is null * build, commit: allow disabling image history with --omit-history * buildkit: supports additionalBuildContext in builds via --build-context * Add --cpp-flag flag to buildah build Update to version 1.26.3: * define.downloadToDirectory: fail early if bad HTTP response * add: fail on bad http response instead of writing to container * squash: never use build cache when computing last step of last stage * run: allow resuing secret twice in different RUN steps * integration tests: update expected error messages * integration tests: quote '?' in shell scripts * Use errors.Is() to check for storage errors * lint: inspectable is never nil * chroot: use ActKillThread instead of ActKill * chroot: honor DefaultErrnoRet * Set user namespace defaults correctly for the library * contrib/rpm/buildah.spec: fix `rpm` parser warnings Drop requires on apparmor pattern, should be moved elsewhere for systems which want AppArmor instead of SELinux. - Update BuildRequires to libassuan-devel >= 2.5.2, pkgconfig file is required to build. Update to version 1.26.2: * buildah: add support for renaming a device in rootless setups Update to version 1.26.1: * Make `buildah build --label foo` create an empty 'foo' label again * imagebuildah,build: move deepcopy of args before we spawn goroutine * Vendor in containers/storage v1.40.2 * buildah.BuilderOptions.DefaultEnv is ignored, so mark it as deprecated * help output: get more consistent about option usage text * Handle OS version and features flags * buildah build: --annotation and --label should remove values * buildah build: add a --env * buildah: deep copy options.Args before performing concurrent build/stage * test: inline platform and builtinargs behaviour * vendor: bump imagebuilder to master/009dbc6 * build: automatically set correct TARGETPLATFORM where expected * Vendor in containers/(common, storage, image) * imagebuildah, executor: process arg variables while populating baseMap * buildkit: add support for custom build output with --output * Cirrus: Update CI VMs to F36 * fix staticcheck linter warning for deprecated function * Fix docs build on FreeBSD * copier.unwrapError(): update for Go 1.16 * copier.PutOptions: add StripSetuidBit/StripSetgidBit/StripStickyBit * copier.Put(): write to read-only directories * Ed's periodic test cleanup * using consistent lowercase 'invalid' word in returned err msg * use etchosts package from c/common * run: set actual hostname in /etc/hostname to match docker parity * Update vendor of containers/(common,storage,image) * manifest-create: allow creating manifest list from local image * Update vendor of storage,common,image * Initialize network backend before first pull * oci spec: change special mount points for namespaces * tests/helpers.bash: assert handle corner cases correctly * buildah: actually use containers.conf settings * integration tests: learn to start a dummy registry * Fix error check to work on Podman * buildah build should accept at most one arg * tests: reduce concurrency for flaky bud-multiple-platform-no-run * vendor in latest containers/common,image,storage * manifest-add: allow override arch,variant while adding image * Remove a stray `\` from .containerenv * Vendor in latest opencontainers/selinux v1.10.1 * build, commit: allow removing default identity labels * Create shorter names for containers based on image IDs * test: skip rootless on cgroupv2 in root env * fix hang when oci runtime fails * Set permissions for GitHub actions * copier test: use correct UID/GID in test archives * run: set parent-death signals and forward SIGHUP/SIGINT/SIGTERM ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3773-1 Released: Wed Oct 26 12:19:29 2022 Summary: Security update for curl Type: security Severity: important References: 1204383,CVE-2022-32221 This update for curl fixes the following issues: - CVE-2022-32221: Fixed POST following PUT confusion (bsc#1204383). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3776-1 Released: Wed Oct 26 14:06:43 2022 Summary: Recommended update for permissions Type: recommended Severity: important References: 1203911,1204137 This update for permissions fixes the following issues: - Revert changes that replaced ping capabilities with ICMP_PROTO sockets. Older SUSE Linux Enterprise versions don't properly support ICMP_PROTO sockets feature yet (bsc#1204137) - Fix regression introduced by backport of security fix (bsc#1203911) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3871-1 Released: Fri Nov 4 13:26:29 2022 Summary: Security update for libxml2 Type: security Severity: important References: 1201978,1204366,1204367,CVE-2016-3709,CVE-2022-40303,CVE-2022-40304 This update for libxml2 fixes the following issues: - CVE-2016-3709: Fixed possible XSS vulnerability (bsc#1201978). - CVE-2022-40303: Fixed integer overflows with XML_PARSE_HUGE (bsc#1204366). - CVE-2022-40304: Fixed dict corruption caused by entity reference cycles (bsc#1204367). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3901-1 Released: Tue Nov 8 10:50:06 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1180995,1203046 This update for openssl-1_1 fixes the following issues: - Default to RFC7919 groups when generating ECDH parameters using 'genpkey' or 'dhparam' in FIPS mode (bsc#1180995) - Fix memory leaks (bsc#1203046) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3910-1 Released: Tue Nov 8 13:05:04 2022 Summary: Recommended update for pam Type: recommended Severity: moderate References: This update for pam fixes the following issue: - Update pam_motd to the most current version. (PED-1712) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3922-1 Released: Wed Nov 9 09:03:33 2022 Summary: Security update for protobuf Type: security Severity: important References: 1194530,1203681,1204256,CVE-2021-22569,CVE-2022-1941,CVE-2022-3171 This update for protobuf fixes the following issues: - CVE-2021-22569: Fixed Denial of Service in protobuf-java in the parsing procedure for binary data (bsc#1194530). - CVE-2022-1941: Fix a potential DoS issue in protobuf-cpp and protobuf-python (bsc#1203681) - CVE-2022-3171: Fix a potential DoS issue when parsing with binary data in protobuf-java (bsc#1204256) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3961-1 Released: Mon Nov 14 07:33:50 2022 Summary: Recommended update for zlib Type: recommended Severity: important References: 1203652 This update for zlib fixes the following issues: - Fix updating strm.adler with inflate() if DFLTCC is used (bsc#1203652) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4066-1 Released: Fri Nov 18 10:43:00 2022 Summary: Recommended update for timezone Type: recommended Severity: important References: 1177460,1202324,1204649,1205156 This update for timezone fixes the following issues: Update timezone version from 2022a to 2022f (bsc#1177460, bsc#1204649, bsc#1205156): - Mexico will no longer observe DST except near the US border - Chihuahua moves to year-round -06 on 2022-10-30 - Fiji no longer observes DST - In vanguard form, GMT is now a Zone and Etc/GMT a link - zic now supports links to links, and vanguard form uses this - Simplify four Ontario zones - Fix a Y2438 bug when reading TZif data - Enable 64-bit time_t on 32-bit glibc platforms - Omit large-file support when no longer needed - Jordan and Syria switch from +02/+03 with DST to year-round +03 - Palestine transitions are now Saturdays at 02:00 - Simplify three Ukraine zones into one - Improve tzselect on intercontinental Zones - Chile's DST is delayed by a week in September 2022 (bsc#1202324) - Iran no longer observes DST after 2022 - Rename Europe/Kiev to Europe/Kyiv - New `zic -R` command option - Vanguard form now uses %z ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4198-1 Released: Wed Nov 23 13:15:04 2022 Summary: Recommended update for rpm Type: recommended Severity: moderate References: 1202750 This update for rpm fixes the following issues: - Strip critical bit in signature subpackage parsing - No longer deadlock DNF after pubkey import (bsc#1202750) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4628-1 Released: Wed Dec 28 09:23:13 2022 Summary: Security update for sqlite3 Type: security Severity: moderate References: 1206337,CVE-2022-46908 This update for sqlite3 fixes the following issues: - CVE-2022-46908: Properly implement the azProhibitedFunctions protection mechanism, when relying on --safe for execution of an untrusted CLI script (bsc#1206337). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4633-1 Released: Wed Dec 28 09:32:15 2022 Summary: Security update for curl Type: security Severity: moderate References: 1206309,CVE-2022-43552 This update for curl fixes the following issues: - CVE-2022-43552: HTTP Proxy deny use-after-free (bsc#1206309). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:25-1 Released: Thu Jan 5 09:51:41 2023 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: Version update from 2022f to 2022g (bsc#1177460): - In the Mexican state of Chihuahua: * The border strip near the US will change to agree with nearby US locations on 2022-11-30. * The strip's western part, represented by Ciudad Juarez, switches from -06 all year to -07/-06 with US DST rules, like El Paso, TX. * The eastern part, represented by Ojinaga, will observe US DST next year, like Presidio, TX. * A new Zone America/Ciudad_Juarez splits from America/Ojinaga. - Much of Greenland, represented by America/Nuuk, stops observing winter time after March 2023, so its daylight saving time becomes standard time. - Changes for pre-1996 northern Canada - Update to past DST transition in Colombia (1993), Singapore (1981) - 'timegm' is now supported by default ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:48-1 Released: Mon Jan 9 10:37:54 2023 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1199467 This update for libtirpc fixes the following issues: - Consider /proc/sys/net/ipv4/ip_local_reserved_ports, before binding to a random port (bsc#1199467) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:56-1 Released: Mon Jan 9 11:13:43 2023 Summary: Security update for libksba Type: security Severity: moderate References: 1206579,CVE-2022-47629 This update for libksba fixes the following issues: - CVE-2022-47629: Fixed an integer overflow vulnerability in the CRL signature parser (bsc#1206579). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:176-1 Released: Thu Jan 26 20:56:20 2023 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1206738 This update for permissions fixes the following issues: Update to version 20181225: * Backport postfix permissions to SLE 15 SP2 (bsc#1206738) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:181-1 Released: Thu Jan 26 21:55:43 2023 Summary: Recommended update for procps Type: recommended Severity: low References: 1206412 This update for procps fixes the following issues: - Improve memory handling/usage (bsc#1206412) - Make sure that correct library version is installed (bsc#1206412) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:188-1 Released: Fri Jan 27 12:07:19 2023 Summary: Recommended update for zlib Type: recommended Severity: important References: 1203652 This update for zlib fixes the following issues: - Follow up fix for bug bsc#1203652 due to libxml2 issues ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:198-1 Released: Fri Jan 27 14:26:54 2023 Summary: Security update for krb5 Type: security Severity: important References: 1205126,CVE-2022-42898 This update for krb5 fixes the following issues: - CVE-2022-42898: Fixed integer overflow in PAC parsing (bsc#1205126). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:310-1 Released: Tue Feb 7 17:35:34 2023 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1121365,1198472,1207533,1207534,1207536,1207538,CVE-2022-4304,CVE-2022-4450,CVE-2023-0215,CVE-2023-0286 This update for openssl-1_1 fixes the following issues: - CVE-2023-0286: Fixed X.400 address type confusion in X.509 GENERAL_NAME_cmp for x400Address (bsc#1207533). - CVE-2023-0215: Fixed use-after-free following BIO_new_NDEF() (bsc#1207536). - CVE-2022-4450: Fixed double free after calling PEM_read_bio_ex() (bsc#1207538). - CVE-2022-4304: Fixed timing Oracle in RSA Decryption (bsc#1207534). - FIPS: list only FIPS approved public key algorithms (bsc#1121365, bsc#1198472) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:676-1 Released: Wed Mar 8 14:33:23 2023 Summary: Recommended update for libxml2 Type: recommended Severity: moderate References: 1204585 This update for libxml2 fixes the following issues: - Add W3C conformance tests to the testsuite (bsc#1204585): * Added file xmlts20080827.tar.gz ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:714-1 Released: Mon Mar 13 10:53:25 2023 Summary: Recommended update for rpm Type: recommended Severity: important References: 1207294 This update for rpm fixes the following issues: - Fix missing python(abi) for 3.XX versions (bsc#1207294) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:786-1 Released: Thu Mar 16 19:36:09 2023 Summary: Recommended update for libsolv, libzypp, zypper Type: recommended Severity: important References: 1178233,1203248,1203249,1203715,1204548,1204956,1205570,1205636,1206949 This update for libsolv, libzypp, zypper fixes the following issues: libsolv: - Do not autouninstall SUSE PTF packages - Ensure 'duplinvolvedmap_all' is reset when a solver is reused - Fix 'keep installed' jobs not disabling 'best update' rules - New '-P' and '-W' options for `testsolv` - New introspection interface for weak dependencies similar to ruleinfos - Ensure special case file dependencies are written correctly in the testcase writer - Support better info about alternatives - Support decision reason queries - Support merging of related decisions - Support stringification of multiple solvables - Support stringification of ruleinfo, decisioninfo and decision reasons libzypp: - Avoid calling getsockopt when we know the info already. This patch should fix logging on WSL, getsockopt seems to not be fully supported but the code required it when accepting new socket connections (bsc#1178233) - Avoid redirecting 'history.logfile=/dev/null' into the target - Create '.no_auto_prune' in the package cache dir to prevent auto cleanup of orphaned repositories (bsc#1204956) - Enhance yaml-cpp detection - Improve download of optional files - MultiCurl: Make sure to reset the progress function when falling back. - Properly reset range requests (bsc#1204548) - Removing a PTF without enabled repos should always fail (bsc#1203248) Without enabled repos, the dependent PTF-packages would be removed (not replaced!) as well. To remove a PTF `zypper install -- -PTF` or a dedicated `zypper removeptf PTF` should be used. This will update the installed PTF packages to theit latest version. - Skip media.1/media download for http repo status calc. This patch allows zypp to skip a extra media.1/media download to calculate if a repository needs to be refreshed. This optimisation only takes place if the repo does specify only downloading base urls. - Use a dynamic fallback for BLKSIZE in downloads. When not receiving a blocklist via metalink file from the server MediaMultiCurl used to fallback to a fixed, relatively small BLKSIZE. This patch changes the fallback into a dynamic value based on the filesize using a similar metric as the MirrorCache implementation on the server side. - ProgressData: enforce reporting the INIT||END state (bsc#1206949) - ps: fix service detection on newer Tumbleweed systems (bsc#1205636) zypper: - Allow to (re)add a service with the same URL (bsc#1203715) - Bump dependency requirement to libzypp-devel 17.31.7 or greater - Explain outdatedness of repositories - patterns: Avoid dispylaing superfluous @System entries (bsc#1205570) - Provide `removeptf` command (bsc#1203249) A remove command which prefers replacing dependant packages to removing them as well. A PTF is typically removed as soon as the fix it provides is applied to the latest official update of the dependant packages. However it is not desired for the dependant packages to be removed together with the PTF, which is what the remove command would do. The `removeptf` command however will aim to replace the dependant packages by their official update versions. - Update man page and explain '.no_auto_prune' (bsc#1204956) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1711-1 Released: Fri Mar 31 13:33:04 2023 Summary: Security update for curl Type: security Severity: moderate References: 1207992,1209209,1209210,1209211,1209212,1209214,CVE-2023-23916,CVE-2023-27533,CVE-2023-27534,CVE-2023-27535,CVE-2023-27536,CVE-2023-27538 This update for curl fixes the following issues: - CVE-2023-27533: Fixed TELNET option IAC injection (bsc#1209209). - CVE-2023-27534: Fixed SFTP path ~ resolving discrepancy (bsc#1209210). - CVE-2023-27535: Fixed FTP too eager connection reuse (bsc#1209211). - CVE-2023-27536: Fixed GSS delegation too eager connection reuse (bsc#1209212). - CVE-2023-27538: Fixed SSH connection too eager reuse still (bsc#1209214). - CVE-2023-23916: Fixed HTTP multi-header compression denial of service (bsc#1207992). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1790-1 Released: Thu Apr 6 15:36:15 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1209624,1209873,1209878,CVE-2023-0464,CVE-2023-0465,CVE-2023-0466 This update for openssl-1_1 fixes the following issues: - CVE-2023-0464: Fixed excessive Resource Usage Verifying X.509 Policy Constraints (bsc#1209624). - CVE-2023-0465: Invalid certificate policies in leaf certificates were silently ignored (bsc#1209878). - CVE-2023-0466: Certificate policy check were not enabled (bsc#1209873). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1805-1 Released: Tue Apr 11 10:12:41 2023 Summary: Recommended update for timezone Type: recommended Severity: important References: This update for timezone fixes the following issues: - Version update from 2022g to 2023c: * Egypt now uses DST again, from April through October. * This year Morocco springs forward April 23, not April 30. * Palestine delays the start of DST this year. * Much of Greenland still uses DST from 2024 on. * America/Yellowknife now links to America/Edmonton. * tzselect can now use current time to help infer timezone. * The code now defaults to C99 or later. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1945-1 Released: Fri Apr 21 14:13:27 2023 Summary: Recommended update for elfutils Type: recommended Severity: moderate References: 1203599 This update for elfutils fixes the following issues: - go1.19 builds created debuginfo that was not extractable using rpm / elfutils 0.177. (bsc#1203599) The following package changes have been done: - aaa_base-84.87+git20180409.04c9dae-150300.10.3.1 updated - glibc-2.31-150300.46.1 updated - gpg2-2.2.27-150300.3.5.1 updated - krb5-1.19.2-150300.10.1 updated - libassuan0-2.5.5-150000.4.3.1 updated - libblkid1-2.36.2-150300.4.32.1 updated - libcurl4-7.66.0-150200.4.52.1 updated - libdw1-0.177-150300.11.6.1 updated - libebl-plugins-0.177-150300.11.6.1 updated - libeconf0-0.4.4+git20220104.962774f-150300.3.8.1 updated - libelf1-0.177-150300.11.6.1 updated - libfdisk1-2.36.2-150300.4.32.1 updated - libgcc_s1-12.2.1+git416-150000.1.7.1 updated - libglib-2_0-0-2.62.6-150200.3.10.1 updated - libgpg-error0-1.42-150300.9.3.1 updated - libksba8-1.3.5-150000.4.6.1 updated - libldap-2_4-2-2.4.46-150200.14.11.2 updated - libldap-data-2.4.46-150200.14.11.2 updated - libmount1-2.36.2-150300.4.32.1 updated - libncurses6-6.1-150000.5.12.1 updated - libopenssl1_1-hmac-1.1.1d-150200.11.62.1 updated - libopenssl1_1-1.1.1d-150200.11.62.1 updated - libprocps7-3.3.15-150000.7.28.1 updated - libprotobuf-lite20-3.9.2-150200.4.19.2 updated - libsmartcols1-2.36.2-150300.4.32.1 updated - libsolv-tools-0.7.23-150200.15.1 updated - libsqlite3-0-3.39.3-150000.3.20.1 updated - libsystemd0-246.16-150300.7.57.1 updated - libtirpc-netconfig-1.2.6-150300.3.17.1 updated - libtirpc3-1.2.6-150300.3.17.1 updated - libudev1-246.16-150300.7.57.1 updated - libusb-1_0-0-1.0.21-150000.3.5.1 updated - libuuid1-2.36.2-150300.4.32.1 updated - libxml2-2-2.9.7-150000.3.54.1 updated - libz1-1.2.11-150000.3.39.1 updated - libzypp-17.31.8-150200.50.1 updated - ncurses-utils-6.1-150000.5.12.1 updated - openssl-1_1-1.1.1d-150200.11.62.1 updated - pam-1.3.0-150000.6.61.1 updated - perl-base-5.26.1-150300.17.11.1 updated - permissions-20181225-150200.23.23.1 updated - procps-3.3.15-150000.7.28.1 updated - rpm-ndb-4.14.3-150300.55.1 updated - terminfo-base-6.1-150000.5.12.1 updated - timezone-2023c-150000.75.23.1 updated - util-linux-2.36.2-150300.4.32.1 updated - zypper-1.14.59-150200.42.2 updated - container:sles15-image-15.0.0-17.20.126 updated From sle-updates at lists.suse.com Sun Apr 23 07:04:06 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 23 Apr 2023 09:04:06 +0200 (CEST) Subject: SUSE-CU-2023:1262-1: Security update of suse/sle-micro/5.2/toolbox Message-ID: <20230423070406.622C2F79F@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.2/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1262-1 Container Tags : suse/sle-micro/5.2/toolbox:12.1 , suse/sle-micro/5.2/toolbox:12.1-6.2.199 , suse/sle-micro/5.2/toolbox:latest Container Release : 6.2.199 Severity : critical Type : security References : 1033084 1033085 1033086 1033087 1033088 1033089 1033090 1082318 1104264 1106390 1107066 1107067 1111973 1112723 1112726 1121365 1123685 1125007 1167864 1177460 1177460 1178233 1180995 1181475 1181961 1189282 1189802 1194530 1194550 1195773 1196125 1197684 1198341 1198472 1198627 1198752 1198925 1199042 1199467 1199492 1199895 1200800 1200993 1201092 1201225 1201576 1201638 1201680 1201783 1201972 1201978 1202175 1202310 1202324 1202593 1202750 1202812 1203018 1203046 1203248 1203249 1203599 1203649 1203652 1203652 1203681 1203715 1203911 1204137 1204256 1204357 1204366 1204367 1204383 1204548 1204585 1204649 1204956 1205126 1205156 1205570 1205636 1206309 1206337 1206412 1206579 1206738 1206949 1207294 1207533 1207534 1207536 1207538 1207992 1209209 1209210 1209211 1209212 1209214 1209624 1209873 1209878 CVE-2016-3709 CVE-2017-7607 CVE-2017-7608 CVE-2017-7609 CVE-2017-7610 CVE-2017-7611 CVE-2017-7612 CVE-2017-7613 CVE-2018-16062 CVE-2018-16402 CVE-2018-16403 CVE-2018-18310 CVE-2018-18520 CVE-2018-18521 CVE-2019-7146 CVE-2019-7148 CVE-2019-7149 CVE-2019-7150 CVE-2019-7664 CVE-2019-7665 CVE-2020-10696 CVE-2021-20206 CVE-2021-22569 CVE-2021-36690 CVE-2021-46828 CVE-2022-1941 CVE-2022-29458 CVE-2022-2990 CVE-2022-31252 CVE-2022-3171 CVE-2022-32221 CVE-2022-34903 CVE-2022-3515 CVE-2022-35252 CVE-2022-35737 CVE-2022-37434 CVE-2022-40303 CVE-2022-40304 CVE-2022-42898 CVE-2022-4304 CVE-2022-43552 CVE-2022-4450 CVE-2022-46908 CVE-2022-47629 CVE-2023-0215 CVE-2023-0286 CVE-2023-0464 CVE-2023-0465 CVE-2023-0466 CVE-2023-23916 CVE-2023-27533 CVE-2023-27534 CVE-2023-27535 CVE-2023-27536 CVE-2023-27538 ----------------------------------------------------------------- The container suse/sle-micro/5.2/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2546-1 Released: Mon Jul 25 14:43:22 2022 Summary: Security update for gpg2 Type: security Severity: important References: 1196125,1201225,CVE-2022-34903 This update for gpg2 fixes the following issues: - CVE-2022-34903: Fixed a status injection vulnerability (bsc#1201225). - Use AES as default cipher instead of 3DES when we are in FIPS mode. (bsc#1196125) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2572-1 Released: Thu Jul 28 04:22:33 2022 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1194550,1197684,1199042 This update for libzypp, zypper fixes the following issues: libzypp: - appdata plugin: Pass path to the repodata/ directory inside the cache (bsc#1197684) - zypp-rpm: flush rpm script output buffer before sending endOfScriptTag - PluginRepoverification: initial version hooked into repo::Downloader and repo refresh - Immediately start monitoring the download.transfer_timeout. Do not wait until the first data arrived (bsc#1199042) - singletrans: no dry-run commit if doing just download-only - Work around cases where sat repo.start points to an invalid solvable. May happen if (wrong arch) solvables were removed at the beginning of the repo. - Fix misplaced #endif SINGLE_RPMTRANS_AS_DEFAULT_FOR_ZYPPER zypper: - Basic JobReport for 'cmdout/monitor' - versioncmp: if verbose, also print the edition 'parts' which are compared - Make sure MediaAccess is closed on exception (bsc#1194550) - Display plus-content hint conditionally - Honor the NO_COLOR environment variable when auto-detecting whether to use color - Define table columns which should be sorted natural [case insensitive] - lr/ls: Use highlight color on name and alias as well ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2614-1 Released: Mon Aug 1 10:41:04 2022 Summary: Security update for dwarves and elfutils Type: security Severity: moderate References: 1033084,1033085,1033086,1033087,1033088,1033089,1033090,1082318,1104264,1106390,1107066,1107067,1111973,1112723,1112726,1123685,1125007,CVE-2017-7607,CVE-2017-7608,CVE-2017-7609,CVE-2017-7610,CVE-2017-7611,CVE-2017-7612,CVE-2017-7613,CVE-2018-16062,CVE-2018-16402,CVE-2018-16403,CVE-2018-18310,CVE-2018-18520,CVE-2018-18521,CVE-2019-7146,CVE-2019-7148,CVE-2019-7149,CVE-2019-7150,CVE-2019-7664,CVE-2019-7665 This update for dwarves and elfutils fixes the following issues: elfutils was updated to version 0.177 (jsc#SLE-24501): - elfclassify: New tool to analyze ELF objects. - readelf: Print DW_AT_data_member_location as decimal offset. Decode DW_AT_discr_list block attributes. - libdw: Add DW_AT_GNU_numerator, DW_AT_GNU_denominator and DW_AT_GNU_bias. - libdwelf: Add dwelf_elf_e_machine_string. dwelf_elf_begin now only returns NULL when there is an error reading or decompressing a file. If the file is not an ELF file an ELF handle of type ELF_K_NONE is returned. - backends: Add support for C-SKY. Update to version 0.176: - build: Add new --enable-install-elfh option. Do NOT use this for system installs (it overrides glibc elf.h). - backends: riscv improved core file and return value location support. - Fixes: - CVE-2019-7146, CVE-2019-7148, CVE-2019-7149, CVE-2019-7664 - CVE-2019-7150: dwfl_segment_report_module doesn't check whether the dyn data read from core file is truncated (bsc#1123685) - CVE-2019-7665: NT_PLATFORM core file note should be a zero terminated string (CVE is a bit misleading, as this is not a bug in libelf as described) (bsc#1125007) Update to version 0.175: - readelf: Handle mutliple .debug_macro sections. Recognize and parse GNU Property, NT_VERSION and GNU Build Attribute ELF Notes. - strip: Handle SHT_GROUP correctly. Add strip --reloc-debug-sections-only option. Handle relocations against GNU compressed sections. - libdwelf: New function dwelf_elf_begin. - libcpu: Recognize bpf jump variants BPF_JLT, BPF_JLE, BPF_JSLT and BPF_JSLE. backends: RISCV handles ADD/SUB relocations. Handle SHT_X86_64_UNWIND. - CVE-2018-18521: arlib: Divide-by-zero vulnerabilities in the function arlib_add_symbols() used by eu-ranlib (bsc#1112723) - CVE-2018-18310: Invalid Address Read problem in dwfl_segment_report_module.c (bsc#1111973) - CVE-2018-18520: eu-size: Bad handling of ar files inside are files (bsc#1112726) Update to version 0.174: - libelf, libdw and all tools now handle extended shnum and shstrndx correctly. - elfcompress: Don't rewrite input file if no section data needs updating. Try harder to keep same file mode bits (suid) on rewrite. - strip: Handle mixed (out of order) allocated/non-allocated sections. - unstrip: Handle SHT_GROUP sections. - backends: RISCV and M68K now have backend implementations to generate CFI based backtraces. - Fixes: - CVE-2018-16402: libelf: denial of service/double free on an attempt to decompress the same section twice (bsc#1107066) Double-free crash in nm and readelf - CVE-2018-16403: heap buffer overflow in readelf (bsc#1107067) - CVE-2018-16062: heap-buffer-overflow in /elfutils/libdw/dwarf_getaranges.c:156 (bsc#1106390) Update to version 0.173: - More fixes for crashes and hangs found by afl-fuzz. In particular various functions now detect and break infinite loops caused by bad DIE tree cycles. - readelf: Will now lookup the size and signedness of constant value types to display them correctly (and not just how they were encoded). - libdw: New function dwarf_next_lines to read CU-less .debug_line data. dwarf_begin_elf now accepts ELF files containing just .debug_line or .debug_frame sections (which can be read without needing a DIE tree from the .debug_info section). Removed dwarf_getscn_info, which was never implemented. - backends: Handle BPF simple relocations. The RISCV backends now handles ABI specific CFI and knows about RISCV register types and names. Update to version 0.172: - Various bug fixes in libdw and eu-readelf dealing with bad DWARF5 data. Thanks to running the afl fuzzer on eu-readelf and various testcases. Update to version 0.171: - DWARF5 and split dwarf, including GNU DebugFission, are supported now. Data can be read from the new DWARF sections .debug_addr, .debug_line_str, .debug_loclists, .debug_str_offsets and .debug_rnglists. Plus the new DWARF5 and GNU DebugFission encodings of the existing .debug sections. Also in split DWARF .dwo (DWARF object) files. This support is mostly handled by existing functions (dwarf_getlocation*, dwarf_getsrclines, dwarf_ranges, dwarf_form*, etc.) now returning the data from the new sections and data formats. But some new functions have been added to more easily get information about skeleton and split compile units (dwarf_get_units and dwarf_cu_info), handle new attribute data (dwarf_getabbrevattr_data) and to keep references to Dwarf_Dies that might come from different sections or files (dwarf_die_addr_die). - Not yet supported are .dwp (Dwarf Package) and .sup (Dwarf Supplementary) files, the .debug_names index, the .debug_cu_index and .debug_tu_index sections. Only a single .debug_info (and .debug_types) section are currently handled. - readelf: Handle all new DWARF5 sections. --debug-dump=info+ will show split unit DIEs when found. --dwarf-skeleton can be used when inspecting a .dwo file. Recognizes GNU locviews with --debug-dump=loc. - libdw: New functions dwarf_die_addr_die, dwarf_get_units, dwarf_getabbrevattr_data and dwarf_cu_info. libdw will now try to resolve the alt file on first use of an alt attribute FORM when not set yet with dwarf_set_alt. dwarf_aggregate_size() now works with multi-dimensional arrays. - libdwfl: Use process_vm_readv when available instead of ptrace. backends: Add a RISC-V backend. There were various improvements to build on Windows. The sha1 and md5 implementations have been removed, they weren't used. Update to version 0.170: - libdw: Added new DWARF5 attribute, tag, character encoding, language code, calling convention, defaulted member function and macro constants to dwarf.h. New functions dwarf_default_lower_bound and dwarf_line_file. dwarf_peel_type now handles DWARF5 immutable, packed and shared tags. dwarf_getmacros now handles DWARF5 .debug_macro sections. - strip: Add -R, --remove-section=SECTION and --keep-section=SECTION. - backends: The bpf disassembler is now always build on all platforms. Update to version 0.169: - backends: Add support for EM_PPC64 GNU_ATTRIBUTES. Frame pointer unwinding fallback support for i386, x86_64, aarch64. - translations: Update Polish translation. - CVE-2017-7611: elfutils: DoS (heap-based buffer over-read and application crash) via a crafted ELF file (bsc#1033088) - CVE-2017-7610: elflint: heap-based buffer overflow in check_group (bsc#1033087) - CVE-2017-7609: memory allocation failure in __libelf_decompress (bsc#1033086) - CVE-2017-7607: heap-based buffer overflow in handle_gnu_hashi (readelf.c) (bsc#1033084) - CVE-2017-7608: heap-based buffer overflow in ebl_object_note_type_name (eblobjnotetypename.c) (bsc#1033085) - CVE-2017-7613: elfutils: denial of service (memory consumption) via a crafted ELF file (bsc#1033090) - CVE-2017-7612: elfutils: denial of service (heap-based buffer over-read and application crash) via a crafted ELF file (bsc#1033089) - Don't make elfutils recommend elfutils-lang as elfutils-lang already supplements elfutils. dwarves is shipped new in version 1.22 to provide tooling for use by the Linux Kernel BTF verification framework. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2717-1 Released: Tue Aug 9 12:54:16 2022 Summary: Security update for ncurses Type: security Severity: moderate References: 1198627,CVE-2022-29458 This update for ncurses fixes the following issues: - CVE-2022-29458: Fixed segfaulting out-of-bounds read in convert_strings in tinfo/read_entry.c (bsc#1198627). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2904-1 Released: Fri Aug 26 05:28:34 2022 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1198341 This update for openldap2 fixes the following issues: - Prevent memory reuse which may lead to instability (bsc#1198341) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2929-1 Released: Mon Aug 29 11:21:47 2022 Summary: Recommended update for timezone Type: recommended Severity: important References: 1202310 This update for timezone fixes the following issue: - Reflect new Chile DST change (bsc#1202310) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2944-1 Released: Wed Aug 31 05:39:14 2022 Summary: Recommended update for procps Type: recommended Severity: important References: 1181475 This update for procps fixes the following issues: - Fix 'free' command reporting misleading 'used' value (bsc#1181475) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2947-1 Released: Wed Aug 31 09:16:21 2022 Summary: Security update for zlib Type: security Severity: important References: 1202175,CVE-2022-37434 This update for zlib fixes the following issues: - CVE-2022-37434: Fixed heap-based buffer over-read or buffer overflow via large gzip header extra field (bsc#1202175). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2994-1 Released: Fri Sep 2 10:44:54 2022 Summary: Recommended update for lame, libass, libcdio-paranoia, libdc1394, libgsm, libva, libvdpau, libvorbis, libvpx, libwebp, openjpeg, opus, speex, twolame Type: recommended Severity: moderate References: 1198925 This update for lame, libass, libcdio-paranoia, libdc1394, libgsm, libva, libvdpau, libvorbis, libvpx, libwebp, openjpeg, opus, speex, twolame adds some missing 32bit libraries to some products. (bsc#1198925) No codechanges were done in this update. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3004-1 Released: Fri Sep 2 15:02:14 2022 Summary: Security update for curl Type: security Severity: low References: 1202593,CVE-2022-35252 This update for curl fixes the following issues: - CVE-2022-35252: Fixed a potential injection of control characters into cookies, which could be exploited by sister sites to cause a denial of service (bsc#1202593). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3127-1 Released: Wed Sep 7 04:36:10 2022 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1198752,1200800 This update for libtirpc fixes the following issues: - Exclude ipv6 addresses in client protocol version 2 code (bsc#1200800) - Fix memory leak in params.r_addr assignement (bsc#1198752) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3215-1 Released: Thu Sep 8 15:58:27 2022 Summary: Recommended update for rpm Type: recommended Severity: moderate References: This update for rpm fixes the following issues: - Support Ed25519 RPM signatures [jsc#SLE-24714] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3223-1 Released: Fri Sep 9 04:33:35 2022 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1199895,1200993,1201092,1201576,1201638 This update for libzypp, zypper fixes the following issues: libzypp: - Improve handling of package locks, allowing to reset the status of its initial state (bsc#1199895) - Fix issues when receiving exceptions from curl_easy_cleanup (bsc#1201092) - Don't auto-flag kernel-firmware as 'reboot-needed' (bsc#1200993) - Remove Medianetwork and its dependent code. First reason for this is that MediaNetwork was just meant as a way to test the new CURL based downloaded. Second the Provide API is going to completely replace the current media backend. zypper: - Truncate the 'Name' column when using `zypper lr`, if the table is wider than the terminal (bsc#1201638) - Reject install/remove modifier without argument (bsc#1201576) - zypper-download: Handle unresolvable arguments as errors - Put signing key supplying repository name in quotes ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3276-1 Released: Thu Sep 15 06:15:29 2022 Summary: This update fixes the following issues: Type: recommended Severity: moderate References: Implement ECO jsc#SLE-20950 to fix the channel configuration for libeconf-devel having L3 support (instead of unsupported). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3304-1 Released: Mon Sep 19 11:43:25 2022 Summary: Recommended update for libassuan Type: recommended Severity: moderate References: This update for libassuan fixes the following issues: - Add a timeout for writing to a SOCKS5 proxy - Add workaround for a problem with LD_LIBRARY_PATH on newer systems - Fix issue in the logging code - Fix some build trivialities - Upgrade autoconf ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3305-1 Released: Mon Sep 19 11:45:57 2022 Summary: Security update for libtirpc Type: security Severity: important References: 1201680,CVE-2021-46828 This update for libtirpc fixes the following issues: - CVE-2021-46828: Fixed denial of service vulnerability with lots of connections (bsc#1201680). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3307-1 Released: Mon Sep 19 13:26:51 2022 Summary: Security update for sqlite3 Type: security Severity: moderate References: 1189802,1195773,1201783,CVE-2021-36690,CVE-2022-35737 This update for sqlite3 fixes the following issues: - CVE-2022-35737: Fixed an array-bounds overflow if billions of bytes are used in a string argument to a C API (bnc#1201783). - CVE-2021-36690: Fixed an issue with the SQLite Expert extension when a column has no collating sequence (bsc#1189802). - Package the Tcl bindings here again so that we only ship one copy of SQLite (bsc#1195773). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3394-1 Released: Mon Sep 26 16:05:19 2022 Summary: Security update for permissions Type: security Severity: moderate References: 1203018,CVE-2022-31252 This update for permissions fixes the following issues: - CVE-2022-31252: Fixed chkstat group controlled paths (bsc#1203018). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3555-1 Released: Mon Oct 10 14:05:12 2022 Summary: Recommended update for aaa_base Type: recommended Severity: important References: 1199492 This update for aaa_base fixes the following issues: - The wrapper rootsh is not a restricted shell. (bsc#1199492) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3565-1 Released: Tue Oct 11 16:17:38 2022 Summary: Recommended update for libzypp, zypper Type: recommended Severity: critical References: 1189282,1201972,1203649 This update for libzypp, zypper fixes the following issues: libzypp: - Enable 'zck' support for SUSE Linux Enterprise 15 Service Pack 4 and newer (bsc#1189282) - Fix regression leading to `-allow-vendor-change` and `no-allow-vendor-change` options being ignored (bsc#1201972) - Remove migration code that is no longer needed (bsc#1203649) - Store logrotate files in vendor specif directory '/usr/etc/logrotate.d' if so defined zypper: - Fix contradiction in the man page: `--download-in-advance` option is the default behavior - Fix regression leading to `-allow-vendor-change` and `no-allow-vendor-change` options being ignored (bsc#1201972) - Fix tests to use locale 'C.UTF-8' rather than 'en_US' - Make sure 'up' respects solver related CLI options (bsc#1201972) - Remove unneeded code to compute the PPP status because it is now auto established - Store logrotate files in vendor specif directory '/usr/etc/logrotate.d' if so defined ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3683-1 Released: Fri Oct 21 11:48:39 2022 Summary: Security update for libksba Type: security Severity: critical References: 1204357,CVE-2022-3515 This update for libksba fixes the following issues: - CVE-2022-3515: Fixed a possible overflow in the TLV parser (bsc#1204357). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3766-1 Released: Wed Oct 26 11:38:01 2022 Summary: Security update for buildah Type: security Severity: important References: 1167864,1181961,1202812,CVE-2020-10696,CVE-2021-20206,CVE-2022-2990 This update for buildah fixes the following issues: - CVE-2021-20206: Fixed an issue in libcni that could allow an attacker to execute arbitrary binaries on the host (bsc#1181961). - CVE-2020-10696: Fixed an issue that could lead to files being overwritten during the image building process (bsc#1167864). - CVE-2022-2990: Fixed possible information disclosure and modification / bsc#1202812 Buildah was updated to version 1.27.1: * run: add container gid to additional groups - Add fix for CVE-2022-2990 / bsc#1202812 Update to version 1.27.0: * Don't try to call runLabelStdioPipes if spec.Linux is not set * build: support filtering cache by duration using --cache-ttl * build: support building from commit when using git repo as build context * build: clean up git repos correctly when using subdirs * integration tests: quote '?' in shell scripts * test: manifest inspect should have OCIv1 annotation * vendor: bump to c/common at 87fab4b7019a * Failure to determine a file or directory should print an error * refactor: remove unused CommitOptions from generateBuildOutput * stage_executor: generate output for cases with no commit * stage_executor, commit: output only if last stage in build * Use errors.Is() instead of os.Is{Not,}Exist * Minor test tweak for podman-remote compatibility * Cirrus: Use the latest imgts container * imagebuildah: complain about the right Dockerfile * tests: don't try to wrap `nil` errors * cmd/buildah.commitCmd: don't shadow 'err' * cmd/buildah.pullCmd: complain about DecryptConfig/EncryptConfig * Fix a copy/paste error message * Fix a typo in an error message * build,cache: support pulling/pushing cache layers to/from remote sources * Update vendor of containers/(common, storage, image) * Rename chroot/run.go to chroot/run_linux.go * Don't bother telling codespell to skip files that don't exist * Set user namespace defaults correctly for the library * imagebuildah: optimize cache hits for COPY and ADD instructions * Cirrus: Update VM images w/ updated bats * docs, run: show SELinux label flag for cache and bind mounts * imagebuildah, build: remove undefined concurrent writes * bump github.com/opencontainers/runtime-tools * Add FreeBSD support for 'buildah info' * Vendor in latest containers/(storage, common, image) * Add freebsd cross build targets * Make the jail package build on 32bit platforms * Cirrus: Ensure the build-push VM image is labeled * GHA: Fix dynamic script filename * Vendor in containers/(common, storage, image) * Run codespell * Remove import of github.com/pkg/errors * Avoid using cgo in pkg/jail * Rename footypes to fooTypes for naming consistency * Move cleanupTempVolumes and cleanupRunMounts to run_common.go * Make the various run mounts work for FreeBSD * Move get{Bind,Tmpfs,Secret,SSH}Mount to run_common.go * Move runSetupRunMounts to run_common.go * Move cleanableDestinationListFromMounts to run_common.go * Make setupMounts and runSetupBuiltinVolumes work on FreeBSD * Move setupMounts and runSetupBuiltinVolumes to run_common.go * Tidy up - runMakeStdioPipe can't be shared with linux * Move runAcceptTerminal to run_common.go * Move stdio copying utilities to run_common.go * Move runUsingRuntime and runCollectOutput to run_common.go * Move fileCloser, waitForSync and contains to run_common.go * Move checkAndOverrideIsolationOptions to run_common.go * Move DefaultNamespaceOptions to run_common.go * Move getNetworkInterface to run_common.go * Move configureEnvironment to run_common.go * Don't crash in configureUIDGID if Process.Capabilities is nil * Move configureUIDGID to run_common.go * Move runLookupPath to run_common.go * Move setupTerminal to run_common.go * Move etc file generation utilities to run_common.go * Add run support for FreeBSD * Add a simple FreeBSD jail library * Add FreeBSD support to pkg/chrootuser * Sync call signature for RunUsingChroot with chroot/run.go * test: verify feature to resolve basename with args * vendor: bump openshift/imagebuilder to master at 4151e43 * GHA: Remove required reserved-name use * buildah: set XDG_RUNTIME_DIR before setting default runroot * imagebuildah: honor build output even if build container is not commited * chroot: honor DefaultErrnoRet * [CI:DOCS] improve pull-policy documentation * tests: retrofit test since --file does not supports dir * Switch to golang native error wrapping * BuildDockerfiles: error out if path to containerfile is a directory * define.downloadToDirectory: fail early if bad HTTP response * GHA: Allow re-use of Cirrus-Cron fail-mail workflow * add: fail on bad http response instead of writing to container * [CI:DOCS] Update buildahimage comment * lint: inspectable is never nil * vendor: c/common to common at 7e1563b * build: support OCI hooks for ephemeral build containers * [CI:BUILD] Install latest buildah instead of compiling * Add subid support with BuildRequires and BUILDTAG [NO NEW TESTS NEEDED] * Make sure cpp is installed in buildah images * demo: use unshare for rootless invocations * buildah.spec.rpkg: initial addition * build: fix test for subid 4 * build, userns: add support for --userns=auto * Fix building upstream buildah image * Remove redundant buildahimages-are-sane validation * Docs: Update multi-arch buildah images readme * Cirrus: Migrate multiarch build off github actions * retrofit-tests: we skip unused stages so use stages * stage_executor: dont rely on stage while looking for additional-context * buildkit, multistage: skip computing unwanted stages * More test cleanup * copier: work around freebsd bug for 'mkdir /' * Replace $BUILDAH_BINARY with buildah() function * Fix up buildah images * Make util and copier build on FreeBSD * Vendor in latest github.com/sirupsen/logrus * Makefile: allow building without .git * run_unix: don't return an error from getNetworkInterface * run_unix: return a valid DefaultNamespaceOptions * Update vendor of containers/storage * chroot: use ActKillThread instead of ActKill * use resolvconf package from c/common/libnetwork * update c/common to latest main * copier: add `NoOverwriteNonDirDir` option * Sort buildoptions and move cli/build functions to internal * Fix TODO: de-spaghettify run mounts * Move options parsing out of build.go and into pkg/cli * [CI:DOCS] Tutorial 04 - Include Debian/Ubuntu deps * build, multiarch: support splitting build logs for --platform * [CI:BUILD] WIP Cleanup Image Dockerfiles * cli remove stutter * docker-parity: ignore sanity check if baseImage history is null * build, commit: allow disabling image history with --omit-history * Fix use generic/ambiguous DEBUG name * Cirrus: use Ubuntu 22.04 LTS * Fix codespell errors * Remove util.StringInSlice because it is defined in containers/common * buildah: add support for renaming a device in rootless setups * squash: never use build cache when computing last step of last stage * Update vendor of containers/(common, storage, image) * buildkit: supports additionalBuildContext in builds via --build-context * buildah source pull/push: show progress bar * run: allow resuing secret twice in different RUN steps * test helpers: default to being rootless-aware * Add --cpp-flag flag to buildah build * build: accept branch and subdirectory when context is git repo * Vendor in latest containers/common * vendor: update c/storage and c/image * Fix gentoo install docs * copier: move NSS load to new process * Add test for prevention of reusing encrypted layers * Make `buildah build --label foo` create an empty 'foo' label again Update to version 1.26.4: * build, multiarch: support splitting build logs for --platform * copier: add `NoOverwriteNonDirDir` option * docker-parity: ignore sanity check if baseImage history is null * build, commit: allow disabling image history with --omit-history * buildkit: supports additionalBuildContext in builds via --build-context * Add --cpp-flag flag to buildah build Update to version 1.26.3: * define.downloadToDirectory: fail early if bad HTTP response * add: fail on bad http response instead of writing to container * squash: never use build cache when computing last step of last stage * run: allow resuing secret twice in different RUN steps * integration tests: update expected error messages * integration tests: quote '?' in shell scripts * Use errors.Is() to check for storage errors * lint: inspectable is never nil * chroot: use ActKillThread instead of ActKill * chroot: honor DefaultErrnoRet * Set user namespace defaults correctly for the library * contrib/rpm/buildah.spec: fix `rpm` parser warnings Drop requires on apparmor pattern, should be moved elsewhere for systems which want AppArmor instead of SELinux. - Update BuildRequires to libassuan-devel >= 2.5.2, pkgconfig file is required to build. Update to version 1.26.2: * buildah: add support for renaming a device in rootless setups Update to version 1.26.1: * Make `buildah build --label foo` create an empty 'foo' label again * imagebuildah,build: move deepcopy of args before we spawn goroutine * Vendor in containers/storage v1.40.2 * buildah.BuilderOptions.DefaultEnv is ignored, so mark it as deprecated * help output: get more consistent about option usage text * Handle OS version and features flags * buildah build: --annotation and --label should remove values * buildah build: add a --env * buildah: deep copy options.Args before performing concurrent build/stage * test: inline platform and builtinargs behaviour * vendor: bump imagebuilder to master/009dbc6 * build: automatically set correct TARGETPLATFORM where expected * Vendor in containers/(common, storage, image) * imagebuildah, executor: process arg variables while populating baseMap * buildkit: add support for custom build output with --output * Cirrus: Update CI VMs to F36 * fix staticcheck linter warning for deprecated function * Fix docs build on FreeBSD * copier.unwrapError(): update for Go 1.16 * copier.PutOptions: add StripSetuidBit/StripSetgidBit/StripStickyBit * copier.Put(): write to read-only directories * Ed's periodic test cleanup * using consistent lowercase 'invalid' word in returned err msg * use etchosts package from c/common * run: set actual hostname in /etc/hostname to match docker parity * Update vendor of containers/(common,storage,image) * manifest-create: allow creating manifest list from local image * Update vendor of storage,common,image * Initialize network backend before first pull * oci spec: change special mount points for namespaces * tests/helpers.bash: assert handle corner cases correctly * buildah: actually use containers.conf settings * integration tests: learn to start a dummy registry * Fix error check to work on Podman * buildah build should accept at most one arg * tests: reduce concurrency for flaky bud-multiple-platform-no-run * vendor in latest containers/common,image,storage * manifest-add: allow override arch,variant while adding image * Remove a stray `\` from .containerenv * Vendor in latest opencontainers/selinux v1.10.1 * build, commit: allow removing default identity labels * Create shorter names for containers based on image IDs * test: skip rootless on cgroupv2 in root env * fix hang when oci runtime fails * Set permissions for GitHub actions * copier test: use correct UID/GID in test archives * run: set parent-death signals and forward SIGHUP/SIGINT/SIGTERM ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3773-1 Released: Wed Oct 26 12:19:29 2022 Summary: Security update for curl Type: security Severity: important References: 1204383,CVE-2022-32221 This update for curl fixes the following issues: - CVE-2022-32221: Fixed POST following PUT confusion (bsc#1204383). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3776-1 Released: Wed Oct 26 14:06:43 2022 Summary: Recommended update for permissions Type: recommended Severity: important References: 1203911,1204137 This update for permissions fixes the following issues: - Revert changes that replaced ping capabilities with ICMP_PROTO sockets. Older SUSE Linux Enterprise versions don't properly support ICMP_PROTO sockets feature yet (bsc#1204137) - Fix regression introduced by backport of security fix (bsc#1203911) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3871-1 Released: Fri Nov 4 13:26:29 2022 Summary: Security update for libxml2 Type: security Severity: important References: 1201978,1204366,1204367,CVE-2016-3709,CVE-2022-40303,CVE-2022-40304 This update for libxml2 fixes the following issues: - CVE-2016-3709: Fixed possible XSS vulnerability (bsc#1201978). - CVE-2022-40303: Fixed integer overflows with XML_PARSE_HUGE (bsc#1204366). - CVE-2022-40304: Fixed dict corruption caused by entity reference cycles (bsc#1204367). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3901-1 Released: Tue Nov 8 10:50:06 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1180995,1203046 This update for openssl-1_1 fixes the following issues: - Default to RFC7919 groups when generating ECDH parameters using 'genpkey' or 'dhparam' in FIPS mode (bsc#1180995) - Fix memory leaks (bsc#1203046) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3910-1 Released: Tue Nov 8 13:05:04 2022 Summary: Recommended update for pam Type: recommended Severity: moderate References: This update for pam fixes the following issue: - Update pam_motd to the most current version. (PED-1712) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3922-1 Released: Wed Nov 9 09:03:33 2022 Summary: Security update for protobuf Type: security Severity: important References: 1194530,1203681,1204256,CVE-2021-22569,CVE-2022-1941,CVE-2022-3171 This update for protobuf fixes the following issues: - CVE-2021-22569: Fixed Denial of Service in protobuf-java in the parsing procedure for binary data (bsc#1194530). - CVE-2022-1941: Fix a potential DoS issue in protobuf-cpp and protobuf-python (bsc#1203681) - CVE-2022-3171: Fix a potential DoS issue when parsing with binary data in protobuf-java (bsc#1204256) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3961-1 Released: Mon Nov 14 07:33:50 2022 Summary: Recommended update for zlib Type: recommended Severity: important References: 1203652 This update for zlib fixes the following issues: - Fix updating strm.adler with inflate() if DFLTCC is used (bsc#1203652) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4066-1 Released: Fri Nov 18 10:43:00 2022 Summary: Recommended update for timezone Type: recommended Severity: important References: 1177460,1202324,1204649,1205156 This update for timezone fixes the following issues: Update timezone version from 2022a to 2022f (bsc#1177460, bsc#1204649, bsc#1205156): - Mexico will no longer observe DST except near the US border - Chihuahua moves to year-round -06 on 2022-10-30 - Fiji no longer observes DST - In vanguard form, GMT is now a Zone and Etc/GMT a link - zic now supports links to links, and vanguard form uses this - Simplify four Ontario zones - Fix a Y2438 bug when reading TZif data - Enable 64-bit time_t on 32-bit glibc platforms - Omit large-file support when no longer needed - Jordan and Syria switch from +02/+03 with DST to year-round +03 - Palestine transitions are now Saturdays at 02:00 - Simplify three Ukraine zones into one - Improve tzselect on intercontinental Zones - Chile's DST is delayed by a week in September 2022 (bsc#1202324) - Iran no longer observes DST after 2022 - Rename Europe/Kiev to Europe/Kyiv - New `zic -R` command option - Vanguard form now uses %z ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4198-1 Released: Wed Nov 23 13:15:04 2022 Summary: Recommended update for rpm Type: recommended Severity: moderate References: 1202750 This update for rpm fixes the following issues: - Strip critical bit in signature subpackage parsing - No longer deadlock DNF after pubkey import (bsc#1202750) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4628-1 Released: Wed Dec 28 09:23:13 2022 Summary: Security update for sqlite3 Type: security Severity: moderate References: 1206337,CVE-2022-46908 This update for sqlite3 fixes the following issues: - CVE-2022-46908: Properly implement the azProhibitedFunctions protection mechanism, when relying on --safe for execution of an untrusted CLI script (bsc#1206337). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4633-1 Released: Wed Dec 28 09:32:15 2022 Summary: Security update for curl Type: security Severity: moderate References: 1206309,CVE-2022-43552 This update for curl fixes the following issues: - CVE-2022-43552: HTTP Proxy deny use-after-free (bsc#1206309). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:25-1 Released: Thu Jan 5 09:51:41 2023 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: Version update from 2022f to 2022g (bsc#1177460): - In the Mexican state of Chihuahua: * The border strip near the US will change to agree with nearby US locations on 2022-11-30. * The strip's western part, represented by Ciudad Juarez, switches from -06 all year to -07/-06 with US DST rules, like El Paso, TX. * The eastern part, represented by Ojinaga, will observe US DST next year, like Presidio, TX. * A new Zone America/Ciudad_Juarez splits from America/Ojinaga. - Much of Greenland, represented by America/Nuuk, stops observing winter time after March 2023, so its daylight saving time becomes standard time. - Changes for pre-1996 northern Canada - Update to past DST transition in Colombia (1993), Singapore (1981) - 'timegm' is now supported by default ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:48-1 Released: Mon Jan 9 10:37:54 2023 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1199467 This update for libtirpc fixes the following issues: - Consider /proc/sys/net/ipv4/ip_local_reserved_ports, before binding to a random port (bsc#1199467) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:56-1 Released: Mon Jan 9 11:13:43 2023 Summary: Security update for libksba Type: security Severity: moderate References: 1206579,CVE-2022-47629 This update for libksba fixes the following issues: - CVE-2022-47629: Fixed an integer overflow vulnerability in the CRL signature parser (bsc#1206579). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:176-1 Released: Thu Jan 26 20:56:20 2023 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1206738 This update for permissions fixes the following issues: Update to version 20181225: * Backport postfix permissions to SLE 15 SP2 (bsc#1206738) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:181-1 Released: Thu Jan 26 21:55:43 2023 Summary: Recommended update for procps Type: recommended Severity: low References: 1206412 This update for procps fixes the following issues: - Improve memory handling/usage (bsc#1206412) - Make sure that correct library version is installed (bsc#1206412) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:188-1 Released: Fri Jan 27 12:07:19 2023 Summary: Recommended update for zlib Type: recommended Severity: important References: 1203652 This update for zlib fixes the following issues: - Follow up fix for bug bsc#1203652 due to libxml2 issues ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:198-1 Released: Fri Jan 27 14:26:54 2023 Summary: Security update for krb5 Type: security Severity: important References: 1205126,CVE-2022-42898 This update for krb5 fixes the following issues: - CVE-2022-42898: Fixed integer overflow in PAC parsing (bsc#1205126). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:310-1 Released: Tue Feb 7 17:35:34 2023 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1121365,1198472,1207533,1207534,1207536,1207538,CVE-2022-4304,CVE-2022-4450,CVE-2023-0215,CVE-2023-0286 This update for openssl-1_1 fixes the following issues: - CVE-2023-0286: Fixed X.400 address type confusion in X.509 GENERAL_NAME_cmp for x400Address (bsc#1207533). - CVE-2023-0215: Fixed use-after-free following BIO_new_NDEF() (bsc#1207536). - CVE-2022-4450: Fixed double free after calling PEM_read_bio_ex() (bsc#1207538). - CVE-2022-4304: Fixed timing Oracle in RSA Decryption (bsc#1207534). - FIPS: list only FIPS approved public key algorithms (bsc#1121365, bsc#1198472) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:676-1 Released: Wed Mar 8 14:33:23 2023 Summary: Recommended update for libxml2 Type: recommended Severity: moderate References: 1204585 This update for libxml2 fixes the following issues: - Add W3C conformance tests to the testsuite (bsc#1204585): * Added file xmlts20080827.tar.gz ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:714-1 Released: Mon Mar 13 10:53:25 2023 Summary: Recommended update for rpm Type: recommended Severity: important References: 1207294 This update for rpm fixes the following issues: - Fix missing python(abi) for 3.XX versions (bsc#1207294) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:786-1 Released: Thu Mar 16 19:36:09 2023 Summary: Recommended update for libsolv, libzypp, zypper Type: recommended Severity: important References: 1178233,1203248,1203249,1203715,1204548,1204956,1205570,1205636,1206949 This update for libsolv, libzypp, zypper fixes the following issues: libsolv: - Do not autouninstall SUSE PTF packages - Ensure 'duplinvolvedmap_all' is reset when a solver is reused - Fix 'keep installed' jobs not disabling 'best update' rules - New '-P' and '-W' options for `testsolv` - New introspection interface for weak dependencies similar to ruleinfos - Ensure special case file dependencies are written correctly in the testcase writer - Support better info about alternatives - Support decision reason queries - Support merging of related decisions - Support stringification of multiple solvables - Support stringification of ruleinfo, decisioninfo and decision reasons libzypp: - Avoid calling getsockopt when we know the info already. This patch should fix logging on WSL, getsockopt seems to not be fully supported but the code required it when accepting new socket connections (bsc#1178233) - Avoid redirecting 'history.logfile=/dev/null' into the target - Create '.no_auto_prune' in the package cache dir to prevent auto cleanup of orphaned repositories (bsc#1204956) - Enhance yaml-cpp detection - Improve download of optional files - MultiCurl: Make sure to reset the progress function when falling back. - Properly reset range requests (bsc#1204548) - Removing a PTF without enabled repos should always fail (bsc#1203248) Without enabled repos, the dependent PTF-packages would be removed (not replaced!) as well. To remove a PTF `zypper install -- -PTF` or a dedicated `zypper removeptf PTF` should be used. This will update the installed PTF packages to theit latest version. - Skip media.1/media download for http repo status calc. This patch allows zypp to skip a extra media.1/media download to calculate if a repository needs to be refreshed. This optimisation only takes place if the repo does specify only downloading base urls. - Use a dynamic fallback for BLKSIZE in downloads. When not receiving a blocklist via metalink file from the server MediaMultiCurl used to fallback to a fixed, relatively small BLKSIZE. This patch changes the fallback into a dynamic value based on the filesize using a similar metric as the MirrorCache implementation on the server side. - ProgressData: enforce reporting the INIT||END state (bsc#1206949) - ps: fix service detection on newer Tumbleweed systems (bsc#1205636) zypper: - Allow to (re)add a service with the same URL (bsc#1203715) - Bump dependency requirement to libzypp-devel 17.31.7 or greater - Explain outdatedness of repositories - patterns: Avoid dispylaing superfluous @System entries (bsc#1205570) - Provide `removeptf` command (bsc#1203249) A remove command which prefers replacing dependant packages to removing them as well. A PTF is typically removed as soon as the fix it provides is applied to the latest official update of the dependant packages. However it is not desired for the dependant packages to be removed together with the PTF, which is what the remove command would do. The `removeptf` command however will aim to replace the dependant packages by their official update versions. - Update man page and explain '.no_auto_prune' (bsc#1204956) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1711-1 Released: Fri Mar 31 13:33:04 2023 Summary: Security update for curl Type: security Severity: moderate References: 1207992,1209209,1209210,1209211,1209212,1209214,CVE-2023-23916,CVE-2023-27533,CVE-2023-27534,CVE-2023-27535,CVE-2023-27536,CVE-2023-27538 This update for curl fixes the following issues: - CVE-2023-27533: Fixed TELNET option IAC injection (bsc#1209209). - CVE-2023-27534: Fixed SFTP path ~ resolving discrepancy (bsc#1209210). - CVE-2023-27535: Fixed FTP too eager connection reuse (bsc#1209211). - CVE-2023-27536: Fixed GSS delegation too eager connection reuse (bsc#1209212). - CVE-2023-27538: Fixed SSH connection too eager reuse still (bsc#1209214). - CVE-2023-23916: Fixed HTTP multi-header compression denial of service (bsc#1207992). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1790-1 Released: Thu Apr 6 15:36:15 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1209624,1209873,1209878,CVE-2023-0464,CVE-2023-0465,CVE-2023-0466 This update for openssl-1_1 fixes the following issues: - CVE-2023-0464: Fixed excessive Resource Usage Verifying X.509 Policy Constraints (bsc#1209624). - CVE-2023-0465: Invalid certificate policies in leaf certificates were silently ignored (bsc#1209878). - CVE-2023-0466: Certificate policy check were not enabled (bsc#1209873). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1805-1 Released: Tue Apr 11 10:12:41 2023 Summary: Recommended update for timezone Type: recommended Severity: important References: This update for timezone fixes the following issues: - Version update from 2022g to 2023c: * Egypt now uses DST again, from April through October. * This year Morocco springs forward April 23, not April 30. * Palestine delays the start of DST this year. * Much of Greenland still uses DST from 2024 on. * America/Yellowknife now links to America/Edmonton. * tzselect can now use current time to help infer timezone. * The code now defaults to C99 or later. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1945-1 Released: Fri Apr 21 14:13:27 2023 Summary: Recommended update for elfutils Type: recommended Severity: moderate References: 1203599 This update for elfutils fixes the following issues: - go1.19 builds created debuginfo that was not extractable using rpm / elfutils 0.177. (bsc#1203599) The following package changes have been done: - aaa_base-84.87+git20180409.04c9dae-150300.10.3.1 updated - glibc-2.31-150300.46.1 updated - gpg2-2.2.27-150300.3.5.1 updated - krb5-1.19.2-150300.10.1 updated - libassuan0-2.5.5-150000.4.3.1 updated - libblkid1-2.36.2-150300.4.32.1 updated - libcurl4-7.66.0-150200.4.52.1 updated - libdw1-0.177-150300.11.6.1 updated - libebl-plugins-0.177-150300.11.6.1 updated - libeconf0-0.4.4+git20220104.962774f-150300.3.8.1 updated - libelf1-0.177-150300.11.6.1 updated - libfdisk1-2.36.2-150300.4.32.1 updated - libgcc_s1-12.2.1+git416-150000.1.7.1 updated - libglib-2_0-0-2.62.6-150200.3.10.1 updated - libgpg-error0-1.42-150300.9.3.1 updated - libksba8-1.3.5-150000.4.6.1 updated - libldap-2_4-2-2.4.46-150200.14.11.2 updated - libldap-data-2.4.46-150200.14.11.2 updated - libmount1-2.36.2-150300.4.32.1 updated - libncurses6-6.1-150000.5.12.1 updated - libopenssl1_1-hmac-1.1.1d-150200.11.62.1 updated - libopenssl1_1-1.1.1d-150200.11.62.1 updated - libprocps7-3.3.15-150000.7.28.1 updated - libprotobuf-lite20-3.9.2-150200.4.19.2 updated - libsmartcols1-2.36.2-150300.4.32.1 updated - libsolv-tools-0.7.23-150200.15.1 updated - libsqlite3-0-3.39.3-150000.3.20.1 updated - libsystemd0-246.16-150300.7.57.1 updated - libtirpc-netconfig-1.2.6-150300.3.17.1 updated - libtirpc3-1.2.6-150300.3.17.1 updated - libudev1-246.16-150300.7.57.1 updated - libusb-1_0-0-1.0.21-150000.3.5.1 updated - libuuid1-2.36.2-150300.4.32.1 updated - libxml2-2-2.9.7-150000.3.54.1 updated - libz1-1.2.11-150000.3.39.1 updated - libzypp-17.31.8-150200.50.1 updated - ncurses-utils-6.1-150000.5.12.1 updated - openssl-1_1-1.1.1d-150200.11.62.1 updated - pam-1.3.0-150000.6.61.1 updated - perl-base-5.26.1-150300.17.11.1 updated - permissions-20181225-150200.23.23.1 updated - procps-3.3.15-150000.7.28.1 updated - rpm-ndb-4.14.3-150300.55.1 updated - terminfo-base-6.1-150000.5.12.1 updated - timezone-2023c-150000.75.23.1 updated - util-linux-2.36.2-150300.4.32.1 updated - zypper-1.14.59-150200.42.2 updated - container:sles15-image-15.0.0-17.20.126 updated From sle-updates at lists.suse.com Mon Apr 24 08:30:01 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 24 Apr 2023 08:30:01 -0000 Subject: SUSE-RU-2023:1952-1: low: Recommended update for crash Message-ID: <168232500162.26670.5778291488531921329@smelt2.suse.de> # Recommended update for crash Announcement ID: SUSE-RU-2023:1952-1 Rating: low References: * #1205681 Affected Products: * Development Tools Module 15-SP4 * openSUSE Leap 15.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has one recommended fix can now be installed. ## Description: This update for crash fixes the following issues: * crash-devel requires zlib-devel (bsc#1205681) ## Patch Instructions: To install this SUSE Low update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-1952=1 * Development Tools Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-1952=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * crash-devel-7.3.0-150400.3.5.8 * crash-doc-7.3.0-150400.3.5.8 * crash-kmp-default-debuginfo-7.3.0_k5.14.21_150400.24.49-150400.3.5.8 * crash-eppic-debuginfo-7.3.0-150400.3.5.8 * crash-eppic-7.3.0-150400.3.5.8 * crash-debuginfo-7.3.0-150400.3.5.8 * crash-debugsource-7.3.0-150400.3.5.8 * crash-kmp-default-7.3.0_k5.14.21_150400.24.49-150400.3.5.8 * crash-7.3.0-150400.3.5.8 * openSUSE Leap 15.4 (x86_64) * crash-gcore-7.3.0-150400.3.5.8 * crash-gcore-debuginfo-7.3.0-150400.3.5.8 * openSUSE Leap 15.4 (aarch64) * crash-kmp-64kb-7.3.0_k5.14.21_150400.24.49-150400.3.5.8 * crash-kmp-64kb-debuginfo-7.3.0_k5.14.21_150400.24.49-150400.3.5.8 * Development Tools Module 15-SP4 (aarch64 ppc64le s390x x86_64) * crash-devel-7.3.0-150400.3.5.8 * crash-kmp-default-debuginfo-7.3.0_k5.14.21_150400.24.49-150400.3.5.8 * crash-debuginfo-7.3.0-150400.3.5.8 * crash-debugsource-7.3.0-150400.3.5.8 * crash-kmp-default-7.3.0_k5.14.21_150400.24.49-150400.3.5.8 * crash-7.3.0-150400.3.5.8 * Development Tools Module 15-SP4 (aarch64) * crash-kmp-64kb-7.3.0_k5.14.21_150400.24.49-150400.3.5.8 * crash-kmp-64kb-debuginfo-7.3.0_k5.14.21_150400.24.49-150400.3.5.8 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1205681 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Apr 24 12:30:02 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 24 Apr 2023 12:30:02 -0000 Subject: SUSE-SU-2023:1960-1: moderate: Security update for openssl Message-ID: <168233940272.1017.16678908486739132599@smelt2.suse.de> # Security update for openssl Announcement ID: SUSE-SU-2023:1960-1 Rating: moderate References: * #1209878 Cross-References: * CVE-2023-0465 CVSS scores: * CVE-2023-0465 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N * CVE-2023-0465 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Affected Products: * SUSE Linux Enterprise Server 11 SP4 * SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE 11-SP4 An update that solves one vulnerability can now be installed. ## Description: This update for openssl fixes the following issues: * CVE-2023-0465: Invalid certificate policies in leaf certificates were silently ignored (bsc#1209878). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE 11-SP4 zypper in -t patch SUSE-SLE-SERVER-11-SP4-LTSS-EXTREME-CORE-2023-1960=1 * SUSE Linux Enterprise Server 11 SP4 zypper in -t patch SUSE-SLE-SERVER-11-SP4-LTSS-EXTREME-CORE-2023-1960=1 ## Package List: * SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE 11-SP4 (x86_64) * libopenssl0_9_8-hmac-0.9.8j-0.106.66.1 * libopenssl0_9_8-32bit-0.9.8j-0.106.66.1 * openssl-0.9.8j-0.106.66.1 * libopenssl0_9_8-0.9.8j-0.106.66.1 * openssl-doc-0.9.8j-0.106.66.1 * libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.66.1 * SUSE Linux Enterprise Server 11 SP4 (x86_64) * libopenssl0_9_8-hmac-0.9.8j-0.106.66.1 * libopenssl0_9_8-32bit-0.9.8j-0.106.66.1 * openssl-0.9.8j-0.106.66.1 * libopenssl0_9_8-0.9.8j-0.106.66.1 * openssl-doc-0.9.8j-0.106.66.1 * libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.66.1 ## References: * https://www.suse.com/security/cve/CVE-2023-0465.html * https://bugzilla.suse.com/show_bug.cgi?id=1209878 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Apr 24 12:30:03 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 24 Apr 2023 12:30:03 -0000 Subject: SUSE-RU-2023:1959-1: moderate: Recommended update for go1.18-openssl Message-ID: <168233940382.1017.12873210316398001273@smelt2.suse.de> # Recommended update for go1.18-openssl Announcement ID: SUSE-RU-2023:1959-1 Rating: moderate References: Affected Products: * Development Tools Module 15-SP4 * openSUSE Leap 15.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that can now be installed. ## Description: This update for go1.18-openssl fixes the following issues: * Update to version 1.18.7.2 cut from the go1.18-openssl-fips branch at the revision tagged go1.18.7-2-openssl-fips. ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-1959=1 * Development Tools Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-1959=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-1959=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * go1.18-openssl-doc-1.18.7.2-150000.1.6.1 * go1.18-openssl-1.18.7.2-150000.1.6.1 * openSUSE Leap 15.4 (aarch64 x86_64) * go1.18-openssl-race-1.18.7.2-150000.1.6.1 * Development Tools Module 15-SP4 (aarch64 ppc64le s390x x86_64) * go1.18-openssl-doc-1.18.7.2-150000.1.6.1 * go1.18-openssl-1.18.7.2-150000.1.6.1 * Development Tools Module 15-SP4 (aarch64 x86_64) * go1.18-openssl-race-1.18.7.2-150000.1.6.1 * SUSE Linux Enterprise Real Time 15 SP3 (x86_64) * go1.18-openssl-doc-1.18.7.2-150000.1.6.1 * go1.18-openssl-1.18.7.2-150000.1.6.1 * go1.18-openssl-race-1.18.7.2-150000.1.6.1 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Apr 24 12:30:07 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 24 Apr 2023 12:30:07 -0000 Subject: SUSE-SU-2023:1958-1: important: Security update for ovmf Message-ID: <168233940762.1017.4876438604617864110@smelt2.suse.de> # Security update for ovmf Announcement ID: SUSE-SU-2023:1958-1 Rating: important References: * #1174246 * #1196741 Cross-References: * CVE-2019-14560 * CVE-2021-38578 CVSS scores: * CVE-2019-14560 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:L * CVE-2021-38578 ( SUSE ): 7.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:L * CVE-2021-38578 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Manager Proxy 4.2 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Server 4.2 An update that solves two vulnerabilities can now be installed. ## Description: This update for ovmf fixes the following issues: * CVE-2019-14560: Fixed potential secure boot bypass via an improper check of GetEfiGlobalVariable2 (bsc#1174246). * CVE-2021-38578: Fixed underflow in MdeModulePkg/PiSmmCore SmmEntryPointAdd (bsc#1196741). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-1958=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-1958=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-1958=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-1958=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-1958=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-1958=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-1958=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-1958=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-1958=1 * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-1958=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-1958=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-1958=1 ## Package List: * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * ovmf-202008-150300.10.20.1 * ovmf-tools-202008-150300.10.20.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * qemu-ovmf-x86_64-202008-150300.10.20.1 * qemu-uefi-aarch64-202008-150300.10.20.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * ovmf-202008-150300.10.20.1 * ovmf-tools-202008-150300.10.20.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * qemu-ovmf-x86_64-202008-150300.10.20.1 * qemu-uefi-aarch64-202008-150300.10.20.1 * SUSE Linux Enterprise Real Time 15 SP3 (x86_64) * ovmf-202008-150300.10.20.1 * ovmf-tools-202008-150300.10.20.1 * SUSE Linux Enterprise Real Time 15 SP3 (noarch) * qemu-ovmf-x86_64-202008-150300.10.20.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 x86_64) * ovmf-202008-150300.10.20.1 * ovmf-tools-202008-150300.10.20.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * qemu-ovmf-x86_64-202008-150300.10.20.1 * qemu-uefi-aarch64-202008-150300.10.20.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (x86_64) * ovmf-202008-150300.10.20.1 * ovmf-tools-202008-150300.10.20.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * qemu-ovmf-x86_64-202008-150300.10.20.1 * SUSE Manager Proxy 4.2 (x86_64) * ovmf-202008-150300.10.20.1 * ovmf-tools-202008-150300.10.20.1 * SUSE Manager Proxy 4.2 (noarch) * qemu-ovmf-x86_64-202008-150300.10.20.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * ovmf-202008-150300.10.20.1 * ovmf-tools-202008-150300.10.20.1 * SUSE Manager Retail Branch Server 4.2 (noarch) * qemu-ovmf-x86_64-202008-150300.10.20.1 * SUSE Manager Server 4.2 (x86_64) * ovmf-202008-150300.10.20.1 * ovmf-tools-202008-150300.10.20.1 * SUSE Manager Server 4.2 (noarch) * qemu-ovmf-x86_64-202008-150300.10.20.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * ovmf-202008-150300.10.20.1 * ovmf-tools-202008-150300.10.20.1 * SUSE Enterprise Storage 7.1 (noarch) * qemu-ovmf-x86_64-202008-150300.10.20.1 * qemu-uefi-aarch64-202008-150300.10.20.1 * SUSE Linux Enterprise Micro 5.1 (noarch) * qemu-ovmf-x86_64-202008-150300.10.20.1 * qemu-uefi-aarch64-202008-150300.10.20.1 * SUSE Linux Enterprise Micro 5.2 (noarch) * qemu-ovmf-x86_64-202008-150300.10.20.1 * qemu-uefi-aarch64-202008-150300.10.20.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (noarch) * qemu-ovmf-x86_64-202008-150300.10.20.1 * qemu-uefi-aarch64-202008-150300.10.20.1 ## References: * https://www.suse.com/security/cve/CVE-2019-14560.html * https://www.suse.com/security/cve/CVE-2021-38578.html * https://bugzilla.suse.com/show_bug.cgi?id=1174246 * https://bugzilla.suse.com/show_bug.cgi?id=1196741 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Apr 24 12:30:10 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 24 Apr 2023 12:30:10 -0000 Subject: SUSE-RU-2023:1957-1: moderate: Recommended update for bcache-tools Message-ID: <168233941025.1017.5382332654485122908@smelt2.suse.de> # Recommended update for bcache-tools Announcement ID: SUSE-RU-2023:1957-1 Rating: moderate References: * #1208425 Affected Products: * Basesystem Module 15-SP4 * openSUSE Leap 15.4 * openSUSE Leap Micro 5.3 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has one recommended fix can now be installed. ## Description: This update for bcache-tools fixes the following issues: * Improve device recognition (bsc#1208425) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-1957=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-1957=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-1957=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-1957=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-1957=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-1957=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-1957=1 ## Package List: * openSUSE Leap Micro 5.3 (aarch64 s390x x86_64) * bcache-tools-1.1-150400.8.3.1 * openSUSE Leap Micro 5.3 (aarch64 x86_64) * bcache-tools-debuginfo-1.1-150400.8.3.1 * bcache-tools-debugsource-1.1-150400.8.3.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * bcache-tools-debuginfo-1.1-150400.8.3.1 * bcache-tools-1.1-150400.8.3.1 * bcache-tools-debugsource-1.1-150400.8.3.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * bcache-tools-debuginfo-1.1-150400.8.3.1 * bcache-tools-1.1-150400.8.3.1 * bcache-tools-debugsource-1.1-150400.8.3.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * bcache-tools-debuginfo-1.1-150400.8.3.1 * bcache-tools-1.1-150400.8.3.1 * bcache-tools-debugsource-1.1-150400.8.3.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * bcache-tools-debuginfo-1.1-150400.8.3.1 * bcache-tools-1.1-150400.8.3.1 * bcache-tools-debugsource-1.1-150400.8.3.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * bcache-tools-debuginfo-1.1-150400.8.3.1 * bcache-tools-1.1-150400.8.3.1 * bcache-tools-debugsource-1.1-150400.8.3.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * bcache-tools-debuginfo-1.1-150400.8.3.1 * bcache-tools-1.1-150400.8.3.1 * bcache-tools-debugsource-1.1-150400.8.3.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1208425 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Apr 24 12:30:11 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 24 Apr 2023 12:30:11 -0000 Subject: SUSE-SU-2023:1956-1: moderate: Security update for avahi Message-ID: <168233941185.1017.14168218238364482881@smelt2.suse.de> # Security update for avahi Announcement ID: SUSE-SU-2023:1956-1 Rating: moderate References: * #1210328 Cross-References: * CVE-2023-1981 CVSS scores: * CVE-2023-1981 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 * SUSE Linux Enterprise Workstation Extension 12 12-SP5 An update that solves one vulnerability can now be installed. ## Description: This update for avahi fixes the following issues: * CVE-2023-1981: Fixed crash in avahi-daemon (bsc#1210328). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-1956=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-1956=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-1956=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-1956=1 * SUSE Linux Enterprise Workstation Extension 12 12-SP5 zypper in -t patch SUSE-SLE-WE-12-SP5-2023-1956=1 ## Package List: * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * libavahi-gobject0-0.6.32-32.18.1 * libavahi-ui0-0.6.32-32.18.1 * avahi-glib2-debugsource-0.6.32-32.18.1 * libavahi-gobject-devel-0.6.32-32.18.1 * libavahi-ui-gtk3-0-0.6.32-32.18.1 * libavahi-devel-0.6.32-32.18.1 * libhowl0-0.6.32-32.18.1 * avahi-compat-mDNSResponder-devel-0.6.32-32.18.1 * avahi-compat-howl-devel-0.6.32-32.18.1 * avahi-debugsource-0.6.32-32.18.1 * libavahi-ui0-debuginfo-0.6.32-32.18.1 * libavahi-glib-devel-0.6.32-32.18.1 * typelib-1_0-Avahi-0_6-0.6.32-32.18.1 * libhowl0-debuginfo-0.6.32-32.18.1 * libavahi-gobject0-debuginfo-0.6.32-32.18.1 * python-avahi-0.6.32-32.18.1 * avahi-debuginfo-0.6.32-32.18.1 * libavahi-ui-gtk3-0-debuginfo-0.6.32-32.18.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * avahi-0.6.32-32.18.1 * avahi-glib2-debugsource-0.6.32-32.18.1 * libavahi-core7-0.6.32-32.18.1 * libavahi-glib1-0.6.32-32.18.1 * libavahi-common3-0.6.32-32.18.1 * libavahi-common3-debuginfo-0.6.32-32.18.1 * libavahi-glib1-debuginfo-0.6.32-32.18.1 * avahi-utils-0.6.32-32.18.1 * libdns_sd-debuginfo-0.6.32-32.18.1 * avahi-debugsource-0.6.32-32.18.1 * avahi-utils-debuginfo-0.6.32-32.18.1 * libavahi-core7-debuginfo-0.6.32-32.18.1 * libavahi-client3-debuginfo-0.6.32-32.18.1 * libdns_sd-0.6.32-32.18.1 * avahi-debuginfo-0.6.32-32.18.1 * libavahi-client3-0.6.32-32.18.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (noarch) * avahi-lang-0.6.32-32.18.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (x86_64) * libdns_sd-32bit-0.6.32-32.18.1 * avahi-debuginfo-32bit-0.6.32-32.18.1 * libavahi-common3-32bit-0.6.32-32.18.1 * libdns_sd-debuginfo-32bit-0.6.32-32.18.1 * libavahi-glib1-debuginfo-32bit-0.6.32-32.18.1 * libavahi-glib1-32bit-0.6.32-32.18.1 * libavahi-client3-32bit-0.6.32-32.18.1 * libavahi-client3-debuginfo-32bit-0.6.32-32.18.1 * libavahi-common3-debuginfo-32bit-0.6.32-32.18.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * avahi-0.6.32-32.18.1 * avahi-glib2-debugsource-0.6.32-32.18.1 * libavahi-core7-0.6.32-32.18.1 * libavahi-glib1-0.6.32-32.18.1 * libavahi-common3-0.6.32-32.18.1 * libavahi-common3-debuginfo-0.6.32-32.18.1 * libavahi-glib1-debuginfo-0.6.32-32.18.1 * avahi-utils-0.6.32-32.18.1 * libdns_sd-debuginfo-0.6.32-32.18.1 * avahi-debugsource-0.6.32-32.18.1 * avahi-utils-debuginfo-0.6.32-32.18.1 * libavahi-core7-debuginfo-0.6.32-32.18.1 * libavahi-client3-debuginfo-0.6.32-32.18.1 * libdns_sd-0.6.32-32.18.1 * avahi-debuginfo-0.6.32-32.18.1 * libavahi-client3-0.6.32-32.18.1 * SUSE Linux Enterprise Server 12 SP5 (noarch) * avahi-lang-0.6.32-32.18.1 * SUSE Linux Enterprise Server 12 SP5 (s390x x86_64) * libdns_sd-32bit-0.6.32-32.18.1 * avahi-debuginfo-32bit-0.6.32-32.18.1 * libavahi-common3-32bit-0.6.32-32.18.1 * libdns_sd-debuginfo-32bit-0.6.32-32.18.1 * libavahi-glib1-debuginfo-32bit-0.6.32-32.18.1 * libavahi-glib1-32bit-0.6.32-32.18.1 * libavahi-client3-32bit-0.6.32-32.18.1 * libavahi-client3-debuginfo-32bit-0.6.32-32.18.1 * libavahi-common3-debuginfo-32bit-0.6.32-32.18.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * avahi-0.6.32-32.18.1 * avahi-glib2-debugsource-0.6.32-32.18.1 * libavahi-core7-0.6.32-32.18.1 * libavahi-glib1-0.6.32-32.18.1 * libavahi-common3-0.6.32-32.18.1 * libavahi-common3-debuginfo-0.6.32-32.18.1 * libavahi-glib1-debuginfo-0.6.32-32.18.1 * avahi-utils-0.6.32-32.18.1 * libdns_sd-debuginfo-0.6.32-32.18.1 * avahi-debugsource-0.6.32-32.18.1 * avahi-utils-debuginfo-0.6.32-32.18.1 * libavahi-core7-debuginfo-0.6.32-32.18.1 * libavahi-client3-debuginfo-0.6.32-32.18.1 * libdns_sd-0.6.32-32.18.1 * avahi-debuginfo-0.6.32-32.18.1 * libavahi-client3-0.6.32-32.18.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (noarch) * avahi-lang-0.6.32-32.18.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (x86_64) * libdns_sd-32bit-0.6.32-32.18.1 * avahi-debuginfo-32bit-0.6.32-32.18.1 * libavahi-common3-32bit-0.6.32-32.18.1 * libdns_sd-debuginfo-32bit-0.6.32-32.18.1 * libavahi-glib1-debuginfo-32bit-0.6.32-32.18.1 * libavahi-glib1-32bit-0.6.32-32.18.1 * libavahi-client3-32bit-0.6.32-32.18.1 * libavahi-client3-debuginfo-32bit-0.6.32-32.18.1 * libavahi-common3-debuginfo-32bit-0.6.32-32.18.1 * SUSE Linux Enterprise Workstation Extension 12 12-SP5 (x86_64) * libavahi-gobject0-0.6.32-32.18.1 * libavahi-ui0-0.6.32-32.18.1 * avahi-glib2-debugsource-0.6.32-32.18.1 * libavahi-ui-gtk3-0-0.6.32-32.18.1 * libavahi-ui0-debuginfo-0.6.32-32.18.1 * libavahi-gobject0-debuginfo-0.6.32-32.18.1 * libavahi-ui-gtk3-0-debuginfo-0.6.32-32.18.1 ## References: * https://www.suse.com/security/cve/CVE-2023-1981.html * https://bugzilla.suse.com/show_bug.cgi?id=1210328 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Apr 24 12:30:12 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 24 Apr 2023 12:30:12 -0000 Subject: SUSE-RU-2023:1955-1: moderate: Recommended update for mariadb Message-ID: <168233941295.1017.12665770070848554329@smelt2.suse.de> # Recommended update for mariadb Announcement ID: SUSE-RU-2023:1955-1 Rating: moderate References: Affected Products: * Galera for Ericsson 15 SP4 * openSUSE Leap 15.4 * Server Applications Module 15-SP4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 * SUSE Package Hub 15 15-SP4 An update that can now be installed. ## Description: This update for mariadb fixes the following issues: * Update to 10.6.12: ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-1955=1 * SUSE Package Hub 15 15-SP4 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2023-1955=1 * Server Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2023-1955=1 * Galera for Ericsson 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-ERICSSON-2023-1955=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * mariadb-test-10.6.12-150400.3.20.5 * mariadb-debugsource-10.6.12-150400.3.20.5 * mariadb-client-debuginfo-10.6.12-150400.3.20.5 * mariadb-debuginfo-10.6.12-150400.3.20.5 * libmariadbd19-10.6.12-150400.3.20.5 * libmariadbd-devel-10.6.12-150400.3.20.5 * mariadb-bench-debuginfo-10.6.12-150400.3.20.5 * mariadb-tools-debuginfo-10.6.12-150400.3.20.5 * mariadb-10.6.12-150400.3.20.5 * mariadb-bench-10.6.12-150400.3.20.5 * mariadb-rpm-macros-10.6.12-150400.3.20.5 * mariadb-client-10.6.12-150400.3.20.5 * libmariadbd19-debuginfo-10.6.12-150400.3.20.5 * mariadb-galera-10.6.12-150400.3.20.5 * mariadb-tools-10.6.12-150400.3.20.5 * mariadb-test-debuginfo-10.6.12-150400.3.20.5 * openSUSE Leap 15.4 (noarch) * mariadb-errormessages-10.6.12-150400.3.20.5 * SUSE Package Hub 15 15-SP4 (aarch64 ppc64le s390x x86_64) * mariadb-galera-10.6.12-150400.3.20.5 * mariadb-debugsource-10.6.12-150400.3.20.5 * mariadb-debuginfo-10.6.12-150400.3.20.5 * Server Applications Module 15-SP4 (aarch64 ppc64le s390x x86_64) * mariadb-debugsource-10.6.12-150400.3.20.5 * mariadb-client-debuginfo-10.6.12-150400.3.20.5 * mariadb-debuginfo-10.6.12-150400.3.20.5 * libmariadbd19-10.6.12-150400.3.20.5 * libmariadbd-devel-10.6.12-150400.3.20.5 * mariadb-tools-debuginfo-10.6.12-150400.3.20.5 * mariadb-10.6.12-150400.3.20.5 * mariadb-client-10.6.12-150400.3.20.5 * libmariadbd19-debuginfo-10.6.12-150400.3.20.5 * mariadb-tools-10.6.12-150400.3.20.5 * Server Applications Module 15-SP4 (noarch) * mariadb-errormessages-10.6.12-150400.3.20.5 * Galera for Ericsson 15 SP4 (x86_64) * mariadb-galera-10.6.12-150400.3.20.5 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Apr 24 12:30:14 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 24 Apr 2023 12:30:14 -0000 Subject: SUSE-RU-2023:1954-1: low: Recommended update for xmlsec1 Message-ID: <168233941480.1017.16419538522226758901@smelt2.suse.de> # Recommended update for xmlsec1 Announcement ID: SUSE-RU-2023:1954-1 Rating: low References: * #1201617 Affected Products: * Basesystem Module 15-SP4 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * openSUSE Leap Micro 5.3 * SUSE CaaS Platform 4.0 * SUSE Enterprise Storage 7 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Workstation Extension 15 SP4 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 * SUSE Package Hub 15 15-SP4 An update that has one recommended fix can now be installed. ## Description: This update for xmlsec1 fixes the following issue: * Ship missing xmlsec1 to synchronize its version across different products (bsc#1201617) ## Patch Instructions: To install this SUSE Low update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-1954=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-1954=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-1954=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-1954=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-1954=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-1954=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-1954=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-1954=1 * SUSE Package Hub 15 15-SP4 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2023-1954=1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-1954=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-1954=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-1954=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-1954=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-1954=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-1954=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-1954=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-1954=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-1954=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-1954=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-1954=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-1954=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-1954=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-1954=1 * SUSE Linux Enterprise Workstation Extension 15 SP4 zypper in -t patch SUSE-SLE-Product-WE-15-SP4-2023-1954=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-1954=1 * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-1954=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-1954=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-1954=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-1954=1 ## Package List: * openSUSE Leap Micro 5.3 (x86_64) * xmlsec1-debuginfo-1.2.28-150100.7.13.4 * xmlsec1-debugsource-1.2.28-150100.7.13.4 * libxmlsec1-openssl1-1.2.28-150100.7.13.4 * libxmlsec1-openssl1-debuginfo-1.2.28-150100.7.13.4 * libxmlsec1-1-1.2.28-150100.7.13.4 * libxmlsec1-1-debuginfo-1.2.28-150100.7.13.4 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * libxmlsec1-gnutls1-debuginfo-1.2.28-150100.7.13.4 * libxmlsec1-nss1-1.2.28-150100.7.13.4 * xmlsec1-gcrypt-devel-1.2.28-150100.7.13.4 * xmlsec1-nss-devel-1.2.28-150100.7.13.4 * xmlsec1-openssl-devel-1.2.28-150100.7.13.4 * xmlsec1-gnutls-devel-1.2.28-150100.7.13.4 * xmlsec1-debuginfo-1.2.28-150100.7.13.4 * xmlsec1-debugsource-1.2.28-150100.7.13.4 * libxmlsec1-openssl1-1.2.28-150100.7.13.4 * xmlsec1-1.2.28-150100.7.13.4 * libxmlsec1-openssl1-debuginfo-1.2.28-150100.7.13.4 * libxmlsec1-gnutls1-1.2.28-150100.7.13.4 * xmlsec1-devel-1.2.28-150100.7.13.4 * libxmlsec1-gcrypt1-1.2.28-150100.7.13.4 * libxmlsec1-gcrypt1-debuginfo-1.2.28-150100.7.13.4 * libxmlsec1-1-1.2.28-150100.7.13.4 * libxmlsec1-1-debuginfo-1.2.28-150100.7.13.4 * libxmlsec1-nss1-debuginfo-1.2.28-150100.7.13.4 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * libxmlsec1-gnutls1-debuginfo-1.2.28-150100.7.13.4 * libxmlsec1-nss1-1.2.28-150100.7.13.4 * xmlsec1-gcrypt-devel-1.2.28-150100.7.13.4 * xmlsec1-nss-devel-1.2.28-150100.7.13.4 * xmlsec1-openssl-devel-1.2.28-150100.7.13.4 * xmlsec1-gnutls-devel-1.2.28-150100.7.13.4 * xmlsec1-debuginfo-1.2.28-150100.7.13.4 * xmlsec1-debugsource-1.2.28-150100.7.13.4 * libxmlsec1-openssl1-1.2.28-150100.7.13.4 * xmlsec1-1.2.28-150100.7.13.4 * libxmlsec1-openssl1-debuginfo-1.2.28-150100.7.13.4 * libxmlsec1-gnutls1-1.2.28-150100.7.13.4 * xmlsec1-devel-1.2.28-150100.7.13.4 * libxmlsec1-gcrypt1-1.2.28-150100.7.13.4 * libxmlsec1-gcrypt1-debuginfo-1.2.28-150100.7.13.4 * libxmlsec1-1-1.2.28-150100.7.13.4 * libxmlsec1-1-debuginfo-1.2.28-150100.7.13.4 * libxmlsec1-nss1-debuginfo-1.2.28-150100.7.13.4 * SUSE Linux Enterprise Micro for Rancher 5.3 (x86_64) * xmlsec1-debuginfo-1.2.28-150100.7.13.4 * xmlsec1-debugsource-1.2.28-150100.7.13.4 * libxmlsec1-openssl1-1.2.28-150100.7.13.4 * libxmlsec1-openssl1-debuginfo-1.2.28-150100.7.13.4 * libxmlsec1-1-1.2.28-150100.7.13.4 * libxmlsec1-1-debuginfo-1.2.28-150100.7.13.4 * SUSE Linux Enterprise Micro 5.3 (x86_64) * xmlsec1-debuginfo-1.2.28-150100.7.13.4 * xmlsec1-debugsource-1.2.28-150100.7.13.4 * libxmlsec1-openssl1-1.2.28-150100.7.13.4 * libxmlsec1-openssl1-debuginfo-1.2.28-150100.7.13.4 * libxmlsec1-1-1.2.28-150100.7.13.4 * libxmlsec1-1-debuginfo-1.2.28-150100.7.13.4 * SUSE Linux Enterprise Micro for Rancher 5.4 (x86_64) * xmlsec1-debuginfo-1.2.28-150100.7.13.4 * xmlsec1-debugsource-1.2.28-150100.7.13.4 * libxmlsec1-openssl1-1.2.28-150100.7.13.4 * libxmlsec1-openssl1-debuginfo-1.2.28-150100.7.13.4 * libxmlsec1-1-1.2.28-150100.7.13.4 * libxmlsec1-1-debuginfo-1.2.28-150100.7.13.4 * SUSE Linux Enterprise Micro 5.4 (x86_64) * xmlsec1-debuginfo-1.2.28-150100.7.13.4 * xmlsec1-debugsource-1.2.28-150100.7.13.4 * libxmlsec1-openssl1-1.2.28-150100.7.13.4 * libxmlsec1-openssl1-debuginfo-1.2.28-150100.7.13.4 * libxmlsec1-1-1.2.28-150100.7.13.4 * libxmlsec1-1-debuginfo-1.2.28-150100.7.13.4 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * libxmlsec1-gnutls1-debuginfo-1.2.28-150100.7.13.4 * libxmlsec1-nss1-1.2.28-150100.7.13.4 * xmlsec1-gcrypt-devel-1.2.28-150100.7.13.4 * xmlsec1-nss-devel-1.2.28-150100.7.13.4 * xmlsec1-openssl-devel-1.2.28-150100.7.13.4 * xmlsec1-gnutls-devel-1.2.28-150100.7.13.4 * xmlsec1-debuginfo-1.2.28-150100.7.13.4 * xmlsec1-debugsource-1.2.28-150100.7.13.4 * libxmlsec1-openssl1-1.2.28-150100.7.13.4 * xmlsec1-1.2.28-150100.7.13.4 * libxmlsec1-openssl1-debuginfo-1.2.28-150100.7.13.4 * libxmlsec1-gnutls1-1.2.28-150100.7.13.4 * xmlsec1-devel-1.2.28-150100.7.13.4 * libxmlsec1-gcrypt1-1.2.28-150100.7.13.4 * libxmlsec1-gcrypt1-debuginfo-1.2.28-150100.7.13.4 * libxmlsec1-1-1.2.28-150100.7.13.4 * libxmlsec1-1-debuginfo-1.2.28-150100.7.13.4 * libxmlsec1-nss1-debuginfo-1.2.28-150100.7.13.4 * SUSE Package Hub 15 15-SP4 (aarch64 ppc64le s390x x86_64) * libxmlsec1-gnutls1-debuginfo-1.2.28-150100.7.13.4 * xmlsec1-openssl-devel-1.2.28-150100.7.13.4 * xmlsec1-gnutls-devel-1.2.28-150100.7.13.4 * xmlsec1-debugsource-1.2.28-150100.7.13.4 * libxmlsec1-gnutls1-1.2.28-150100.7.13.4 * xmlsec1-devel-1.2.28-150100.7.13.4 * libxmlsec1-gcrypt1-1.2.28-150100.7.13.4 * libxmlsec1-gcrypt1-debuginfo-1.2.28-150100.7.13.4 * xmlsec1-debuginfo-1.2.28-150100.7.13.4 * xmlsec1-1.2.28-150100.7.13.4 * SUSE Package Hub 15 15-SP4 (aarch64 ppc64le s390x) * libxmlsec1-nss1-1.2.28-150100.7.13.4 * libxmlsec1-nss1-debuginfo-1.2.28-150100.7.13.4 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * xmlsec1-openssl-devel-1.2.28-150100.7.13.4 * libxmlsec1-nss1-1.2.28-150100.7.13.4 * xmlsec1-nss-devel-1.2.28-150100.7.13.4 * xmlsec1-debuginfo-1.2.28-150100.7.13.4 * xmlsec1-debugsource-1.2.28-150100.7.13.4 * libxmlsec1-openssl1-1.2.28-150100.7.13.4 * libxmlsec1-openssl1-debuginfo-1.2.28-150100.7.13.4 * xmlsec1-devel-1.2.28-150100.7.13.4 * libxmlsec1-1-1.2.28-150100.7.13.4 * libxmlsec1-1-debuginfo-1.2.28-150100.7.13.4 * libxmlsec1-nss1-debuginfo-1.2.28-150100.7.13.4 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * xmlsec1-openssl-devel-1.2.28-150100.7.13.4 * libxmlsec1-nss1-1.2.28-150100.7.13.4 * xmlsec1-nss-devel-1.2.28-150100.7.13.4 * xmlsec1-debuginfo-1.2.28-150100.7.13.4 * xmlsec1-debugsource-1.2.28-150100.7.13.4 * libxmlsec1-openssl1-1.2.28-150100.7.13.4 * libxmlsec1-openssl1-debuginfo-1.2.28-150100.7.13.4 * xmlsec1-devel-1.2.28-150100.7.13.4 * libxmlsec1-1-1.2.28-150100.7.13.4 * libxmlsec1-1-debuginfo-1.2.28-150100.7.13.4 * libxmlsec1-nss1-debuginfo-1.2.28-150100.7.13.4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * libxmlsec1-gnutls1-debuginfo-1.2.28-150100.7.13.4 * libxmlsec1-nss1-1.2.28-150100.7.13.4 * xmlsec1-gcrypt-devel-1.2.28-150100.7.13.4 * xmlsec1-nss-devel-1.2.28-150100.7.13.4 * xmlsec1-openssl-devel-1.2.28-150100.7.13.4 * xmlsec1-gnutls-devel-1.2.28-150100.7.13.4 * xmlsec1-debuginfo-1.2.28-150100.7.13.4 * xmlsec1-debugsource-1.2.28-150100.7.13.4 * libxmlsec1-openssl1-1.2.28-150100.7.13.4 * xmlsec1-1.2.28-150100.7.13.4 * libxmlsec1-openssl1-debuginfo-1.2.28-150100.7.13.4 * libxmlsec1-gnutls1-1.2.28-150100.7.13.4 * xmlsec1-devel-1.2.28-150100.7.13.4 * libxmlsec1-gcrypt1-1.2.28-150100.7.13.4 * libxmlsec1-gcrypt1-debuginfo-1.2.28-150100.7.13.4 * libxmlsec1-1-1.2.28-150100.7.13.4 * libxmlsec1-1-debuginfo-1.2.28-150100.7.13.4 * libxmlsec1-nss1-debuginfo-1.2.28-150100.7.13.4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * libxmlsec1-gnutls1-debuginfo-1.2.28-150100.7.13.4 * libxmlsec1-nss1-1.2.28-150100.7.13.4 * xmlsec1-gcrypt-devel-1.2.28-150100.7.13.4 * xmlsec1-nss-devel-1.2.28-150100.7.13.4 * xmlsec1-openssl-devel-1.2.28-150100.7.13.4 * xmlsec1-gnutls-devel-1.2.28-150100.7.13.4 * xmlsec1-debuginfo-1.2.28-150100.7.13.4 * xmlsec1-debugsource-1.2.28-150100.7.13.4 * libxmlsec1-openssl1-1.2.28-150100.7.13.4 * xmlsec1-1.2.28-150100.7.13.4 * libxmlsec1-openssl1-debuginfo-1.2.28-150100.7.13.4 * libxmlsec1-gnutls1-1.2.28-150100.7.13.4 * xmlsec1-devel-1.2.28-150100.7.13.4 * libxmlsec1-gcrypt1-1.2.28-150100.7.13.4 * libxmlsec1-gcrypt1-debuginfo-1.2.28-150100.7.13.4 * libxmlsec1-1-1.2.28-150100.7.13.4 * libxmlsec1-1-debuginfo-1.2.28-150100.7.13.4 * libxmlsec1-nss1-debuginfo-1.2.28-150100.7.13.4 * SUSE Linux Enterprise Real Time 15 SP3 (x86_64) * xmlsec1-openssl-devel-1.2.28-150100.7.13.4 * libxmlsec1-nss1-1.2.28-150100.7.13.4 * xmlsec1-debuginfo-1.2.28-150100.7.13.4 * xmlsec1-debugsource-1.2.28-150100.7.13.4 * libxmlsec1-openssl1-1.2.28-150100.7.13.4 * libxmlsec1-openssl1-debuginfo-1.2.28-150100.7.13.4 * xmlsec1-devel-1.2.28-150100.7.13.4 * libxmlsec1-1-1.2.28-150100.7.13.4 * libxmlsec1-1-debuginfo-1.2.28-150100.7.13.4 * xmlsec1-nss-devel-1.2.28-150100.7.13.4 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * xmlsec1-openssl-devel-1.2.28-150100.7.13.4 * libxmlsec1-nss1-1.2.28-150100.7.13.4 * xmlsec1-nss-devel-1.2.28-150100.7.13.4 * xmlsec1-debuginfo-1.2.28-150100.7.13.4 * xmlsec1-debugsource-1.2.28-150100.7.13.4 * libxmlsec1-openssl1-1.2.28-150100.7.13.4 * libxmlsec1-openssl1-debuginfo-1.2.28-150100.7.13.4 * xmlsec1-devel-1.2.28-150100.7.13.4 * libxmlsec1-1-1.2.28-150100.7.13.4 * libxmlsec1-1-debuginfo-1.2.28-150100.7.13.4 * libxmlsec1-nss1-debuginfo-1.2.28-150100.7.13.4 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * xmlsec1-openssl-devel-1.2.28-150100.7.13.4 * libxmlsec1-nss1-1.2.28-150100.7.13.4 * xmlsec1-nss-devel-1.2.28-150100.7.13.4 * xmlsec1-debuginfo-1.2.28-150100.7.13.4 * xmlsec1-debugsource-1.2.28-150100.7.13.4 * libxmlsec1-openssl1-1.2.28-150100.7.13.4 * libxmlsec1-openssl1-debuginfo-1.2.28-150100.7.13.4 * xmlsec1-devel-1.2.28-150100.7.13.4 * libxmlsec1-1-1.2.28-150100.7.13.4 * libxmlsec1-1-debuginfo-1.2.28-150100.7.13.4 * libxmlsec1-nss1-debuginfo-1.2.28-150100.7.13.4 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * libxmlsec1-gnutls1-debuginfo-1.2.28-150100.7.13.4 * libxmlsec1-nss1-1.2.28-150100.7.13.4 * xmlsec1-gcrypt-devel-1.2.28-150100.7.13.4 * xmlsec1-nss-devel-1.2.28-150100.7.13.4 * xmlsec1-openssl-devel-1.2.28-150100.7.13.4 * xmlsec1-gnutls-devel-1.2.28-150100.7.13.4 * xmlsec1-debuginfo-1.2.28-150100.7.13.4 * xmlsec1-debugsource-1.2.28-150100.7.13.4 * libxmlsec1-openssl1-1.2.28-150100.7.13.4 * xmlsec1-1.2.28-150100.7.13.4 * libxmlsec1-openssl1-debuginfo-1.2.28-150100.7.13.4 * libxmlsec1-gnutls1-1.2.28-150100.7.13.4 * xmlsec1-devel-1.2.28-150100.7.13.4 * libxmlsec1-gcrypt1-1.2.28-150100.7.13.4 * libxmlsec1-gcrypt1-debuginfo-1.2.28-150100.7.13.4 * libxmlsec1-1-1.2.28-150100.7.13.4 * libxmlsec1-1-debuginfo-1.2.28-150100.7.13.4 * libxmlsec1-nss1-debuginfo-1.2.28-150100.7.13.4 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * xmlsec1-openssl-devel-1.2.28-150100.7.13.4 * libxmlsec1-nss1-1.2.28-150100.7.13.4 * xmlsec1-nss-devel-1.2.28-150100.7.13.4 * xmlsec1-debuginfo-1.2.28-150100.7.13.4 * xmlsec1-debugsource-1.2.28-150100.7.13.4 * libxmlsec1-openssl1-1.2.28-150100.7.13.4 * libxmlsec1-openssl1-debuginfo-1.2.28-150100.7.13.4 * xmlsec1-devel-1.2.28-150100.7.13.4 * libxmlsec1-1-1.2.28-150100.7.13.4 * libxmlsec1-1-debuginfo-1.2.28-150100.7.13.4 * libxmlsec1-nss1-debuginfo-1.2.28-150100.7.13.4 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * xmlsec1-openssl-devel-1.2.28-150100.7.13.4 * libxmlsec1-nss1-1.2.28-150100.7.13.4 * xmlsec1-nss-devel-1.2.28-150100.7.13.4 * xmlsec1-debuginfo-1.2.28-150100.7.13.4 * xmlsec1-debugsource-1.2.28-150100.7.13.4 * libxmlsec1-openssl1-1.2.28-150100.7.13.4 * libxmlsec1-openssl1-debuginfo-1.2.28-150100.7.13.4 * xmlsec1-devel-1.2.28-150100.7.13.4 * libxmlsec1-1-1.2.28-150100.7.13.4 * libxmlsec1-1-debuginfo-1.2.28-150100.7.13.4 * libxmlsec1-nss1-debuginfo-1.2.28-150100.7.13.4 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * libxmlsec1-gnutls1-debuginfo-1.2.28-150100.7.13.4 * libxmlsec1-nss1-1.2.28-150100.7.13.4 * xmlsec1-gcrypt-devel-1.2.28-150100.7.13.4 * xmlsec1-nss-devel-1.2.28-150100.7.13.4 * xmlsec1-openssl-devel-1.2.28-150100.7.13.4 * xmlsec1-gnutls-devel-1.2.28-150100.7.13.4 * xmlsec1-debuginfo-1.2.28-150100.7.13.4 * xmlsec1-debugsource-1.2.28-150100.7.13.4 * libxmlsec1-openssl1-1.2.28-150100.7.13.4 * xmlsec1-1.2.28-150100.7.13.4 * libxmlsec1-openssl1-debuginfo-1.2.28-150100.7.13.4 * libxmlsec1-gnutls1-1.2.28-150100.7.13.4 * xmlsec1-devel-1.2.28-150100.7.13.4 * libxmlsec1-gcrypt1-1.2.28-150100.7.13.4 * libxmlsec1-gcrypt1-debuginfo-1.2.28-150100.7.13.4 * libxmlsec1-1-1.2.28-150100.7.13.4 * libxmlsec1-1-debuginfo-1.2.28-150100.7.13.4 * libxmlsec1-nss1-debuginfo-1.2.28-150100.7.13.4 * SUSE Manager Proxy 4.2 (x86_64) * xmlsec1-openssl-devel-1.2.28-150100.7.13.4 * libxmlsec1-nss1-1.2.28-150100.7.13.4 * xmlsec1-debuginfo-1.2.28-150100.7.13.4 * xmlsec1-debugsource-1.2.28-150100.7.13.4 * libxmlsec1-openssl1-1.2.28-150100.7.13.4 * libxmlsec1-openssl1-debuginfo-1.2.28-150100.7.13.4 * xmlsec1-devel-1.2.28-150100.7.13.4 * libxmlsec1-1-1.2.28-150100.7.13.4 * libxmlsec1-1-debuginfo-1.2.28-150100.7.13.4 * xmlsec1-nss-devel-1.2.28-150100.7.13.4 * SUSE Manager Retail Branch Server 4.2 (x86_64) * xmlsec1-openssl-devel-1.2.28-150100.7.13.4 * libxmlsec1-nss1-1.2.28-150100.7.13.4 * xmlsec1-debuginfo-1.2.28-150100.7.13.4 * xmlsec1-debugsource-1.2.28-150100.7.13.4 * libxmlsec1-openssl1-1.2.28-150100.7.13.4 * libxmlsec1-openssl1-debuginfo-1.2.28-150100.7.13.4 * xmlsec1-devel-1.2.28-150100.7.13.4 * libxmlsec1-1-1.2.28-150100.7.13.4 * libxmlsec1-1-debuginfo-1.2.28-150100.7.13.4 * xmlsec1-nss-devel-1.2.28-150100.7.13.4 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * xmlsec1-openssl-devel-1.2.28-150100.7.13.4 * libxmlsec1-nss1-1.2.28-150100.7.13.4 * xmlsec1-debuginfo-1.2.28-150100.7.13.4 * xmlsec1-debugsource-1.2.28-150100.7.13.4 * libxmlsec1-openssl1-1.2.28-150100.7.13.4 * libxmlsec1-openssl1-debuginfo-1.2.28-150100.7.13.4 * xmlsec1-devel-1.2.28-150100.7.13.4 * libxmlsec1-1-1.2.28-150100.7.13.4 * libxmlsec1-1-debuginfo-1.2.28-150100.7.13.4 * xmlsec1-nss-devel-1.2.28-150100.7.13.4 * SUSE Linux Enterprise Workstation Extension 15 SP4 (x86_64) * xmlsec1-openssl-devel-1.2.28-150100.7.13.4 * libxmlsec1-nss1-1.2.28-150100.7.13.4 * xmlsec1-nss-devel-1.2.28-150100.7.13.4 * xmlsec1-debugsource-1.2.28-150100.7.13.4 * xmlsec1-devel-1.2.28-150100.7.13.4 * xmlsec1-debuginfo-1.2.28-150100.7.13.4 * libxmlsec1-nss1-debuginfo-1.2.28-150100.7.13.4 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * libxmlsec1-gnutls1-debuginfo-1.2.28-150100.7.13.4 * libxmlsec1-nss1-1.2.28-150100.7.13.4 * xmlsec1-gcrypt-devel-1.2.28-150100.7.13.4 * xmlsec1-nss-devel-1.2.28-150100.7.13.4 * xmlsec1-openssl-devel-1.2.28-150100.7.13.4 * xmlsec1-gnutls-devel-1.2.28-150100.7.13.4 * xmlsec1-debuginfo-1.2.28-150100.7.13.4 * xmlsec1-debugsource-1.2.28-150100.7.13.4 * libxmlsec1-openssl1-1.2.28-150100.7.13.4 * xmlsec1-1.2.28-150100.7.13.4 * libxmlsec1-openssl1-debuginfo-1.2.28-150100.7.13.4 * libxmlsec1-gnutls1-1.2.28-150100.7.13.4 * xmlsec1-devel-1.2.28-150100.7.13.4 * libxmlsec1-gcrypt1-1.2.28-150100.7.13.4 * libxmlsec1-gcrypt1-debuginfo-1.2.28-150100.7.13.4 * libxmlsec1-1-1.2.28-150100.7.13.4 * libxmlsec1-1-debuginfo-1.2.28-150100.7.13.4 * libxmlsec1-nss1-debuginfo-1.2.28-150100.7.13.4 * SUSE Enterprise Storage 7 (aarch64 x86_64) * xmlsec1-openssl-devel-1.2.28-150100.7.13.4 * libxmlsec1-nss1-1.2.28-150100.7.13.4 * xmlsec1-nss-devel-1.2.28-150100.7.13.4 * xmlsec1-debuginfo-1.2.28-150100.7.13.4 * xmlsec1-debugsource-1.2.28-150100.7.13.4 * libxmlsec1-openssl1-1.2.28-150100.7.13.4 * libxmlsec1-openssl1-debuginfo-1.2.28-150100.7.13.4 * xmlsec1-devel-1.2.28-150100.7.13.4 * libxmlsec1-1-1.2.28-150100.7.13.4 * libxmlsec1-1-debuginfo-1.2.28-150100.7.13.4 * libxmlsec1-nss1-debuginfo-1.2.28-150100.7.13.4 * SUSE CaaS Platform 4.0 (x86_64) * xmlsec1-openssl-devel-1.2.28-150100.7.13.4 * libxmlsec1-nss1-1.2.28-150100.7.13.4 * xmlsec1-nss-devel-1.2.28-150100.7.13.4 * xmlsec1-debuginfo-1.2.28-150100.7.13.4 * xmlsec1-debugsource-1.2.28-150100.7.13.4 * libxmlsec1-openssl1-1.2.28-150100.7.13.4 * libxmlsec1-openssl1-debuginfo-1.2.28-150100.7.13.4 * xmlsec1-devel-1.2.28-150100.7.13.4 * libxmlsec1-1-1.2.28-150100.7.13.4 * libxmlsec1-1-debuginfo-1.2.28-150100.7.13.4 * libxmlsec1-nss1-debuginfo-1.2.28-150100.7.13.4 * SUSE Linux Enterprise Micro 5.1 (x86_64) * xmlsec1-debuginfo-1.2.28-150100.7.13.4 * xmlsec1-debugsource-1.2.28-150100.7.13.4 * libxmlsec1-openssl1-1.2.28-150100.7.13.4 * libxmlsec1-openssl1-debuginfo-1.2.28-150100.7.13.4 * libxmlsec1-1-1.2.28-150100.7.13.4 * libxmlsec1-1-debuginfo-1.2.28-150100.7.13.4 * SUSE Linux Enterprise Micro 5.2 (x86_64) * xmlsec1-debuginfo-1.2.28-150100.7.13.4 * xmlsec1-debugsource-1.2.28-150100.7.13.4 * libxmlsec1-openssl1-1.2.28-150100.7.13.4 * libxmlsec1-openssl1-debuginfo-1.2.28-150100.7.13.4 * libxmlsec1-1-1.2.28-150100.7.13.4 * libxmlsec1-1-debuginfo-1.2.28-150100.7.13.4 * SUSE Linux Enterprise Micro for Rancher 5.2 (x86_64) * xmlsec1-debuginfo-1.2.28-150100.7.13.4 * xmlsec1-debugsource-1.2.28-150100.7.13.4 * libxmlsec1-openssl1-1.2.28-150100.7.13.4 * libxmlsec1-openssl1-debuginfo-1.2.28-150100.7.13.4 * libxmlsec1-1-1.2.28-150100.7.13.4 * libxmlsec1-1-debuginfo-1.2.28-150100.7.13.4 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1201617 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Apr 24 12:30:16 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 24 Apr 2023 12:30:16 -0000 Subject: SUSE-SU-2023:1953-1: important: Security update for indent Message-ID: <168233941623.1017.7075886871439193361@smelt2.suse.de> # Security update for indent Announcement ID: SUSE-SU-2023:1953-1 Rating: important References: * #1209718 Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 An update that has one fix can now be installed. ## Description: This update for indent fixes the following issues: * Fixed multiple memory safety issues (bsc#1209718). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-1953=1 ## Package List: * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * indent-2.2.10-38.3.1 * indent-debugsource-2.2.10-38.3.1 * indent-debuginfo-2.2.10-38.3.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1209718 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Apr 24 16:30:03 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 24 Apr 2023 16:30:03 -0000 Subject: SUSE-RU-2023:1969-1: moderate: Recommended update for mozilla-nss Message-ID: <168235380385.19355.17828734398490125049@smelt2.suse.de> # Recommended update for mozilla-nss Announcement ID: SUSE-RU-2023:1969-1 Rating: moderate References: * #1191546 * #1207209 * #1208242 * #1208999 Affected Products: * SUSE CaaS Platform 4.0 * SUSE Enterprise Storage 7 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Manager Proxy 4.2 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Server 4.2 An update that has four recommended fixes can now be installed. ## Description: This update for mozilla-nss fixes the following issues: * Adjust SLI reporting for PBKDF2 parameter validation (bsc#1208999) * Update session->lastOpWasFIPS before destroying the key after derivation in the CKM_TLS12_KEY_AND_MAC_DERIVE, CKM_NSS_TLS_KEY_AND_MAC_DERIVE_SHA256, CKM_TLS_KEY_AND_MAC_DERIVE and CKM_SSL3_KEY_AND_MAC_DERIVE cases. (bsc#1191546) * FIPS: more changes for pairwise consistency checks. (bsc#1207209) * Add manpages to mozilla-nss-tools (bsc#1208242) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-1969=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-1969=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-1969=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-1969=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-1969=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-1969=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-1969=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-1969=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-1969=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-1969=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-1969=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-1969=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-1969=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-1969=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-1969=1 * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-1969=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-1969=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-1969=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-1969=1 ## Package List: * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * libsoftokn3-3.79.4-150000.3.96.1 * libfreebl3-hmac-3.79.4-150000.3.96.1 * mozilla-nss-3.79.4-150000.3.96.1 * mozilla-nss-debuginfo-3.79.4-150000.3.96.1 * mozilla-nss-certs-debuginfo-3.79.4-150000.3.96.1 * mozilla-nss-tools-3.79.4-150000.3.96.1 * mozilla-nss-certs-3.79.4-150000.3.96.1 * mozilla-nss-sysinit-3.79.4-150000.3.96.1 * mozilla-nss-sysinit-debuginfo-3.79.4-150000.3.96.1 * mozilla-nss-debugsource-3.79.4-150000.3.96.1 * mozilla-nss-devel-3.79.4-150000.3.96.1 * mozilla-nss-tools-debuginfo-3.79.4-150000.3.96.1 * libfreebl3-3.79.4-150000.3.96.1 * libfreebl3-debuginfo-3.79.4-150000.3.96.1 * libsoftokn3-hmac-3.79.4-150000.3.96.1 * libsoftokn3-debuginfo-3.79.4-150000.3.96.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (x86_64) * mozilla-nss-32bit-3.79.4-150000.3.96.1 * libfreebl3-32bit-3.79.4-150000.3.96.1 * mozilla-nss-certs-32bit-debuginfo-3.79.4-150000.3.96.1 * mozilla-nss-32bit-debuginfo-3.79.4-150000.3.96.1 * mozilla-nss-certs-32bit-3.79.4-150000.3.96.1 * libfreebl3-32bit-debuginfo-3.79.4-150000.3.96.1 * libsoftokn3-32bit-debuginfo-3.79.4-150000.3.96.1 * libsoftokn3-hmac-32bit-3.79.4-150000.3.96.1 * libsoftokn3-32bit-3.79.4-150000.3.96.1 * libfreebl3-hmac-32bit-3.79.4-150000.3.96.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * libsoftokn3-3.79.4-150000.3.96.1 * libfreebl3-hmac-3.79.4-150000.3.96.1 * mozilla-nss-3.79.4-150000.3.96.1 * mozilla-nss-debuginfo-3.79.4-150000.3.96.1 * mozilla-nss-certs-debuginfo-3.79.4-150000.3.96.1 * mozilla-nss-tools-3.79.4-150000.3.96.1 * mozilla-nss-certs-3.79.4-150000.3.96.1 * mozilla-nss-sysinit-3.79.4-150000.3.96.1 * mozilla-nss-sysinit-debuginfo-3.79.4-150000.3.96.1 * mozilla-nss-debugsource-3.79.4-150000.3.96.1 * mozilla-nss-devel-3.79.4-150000.3.96.1 * mozilla-nss-tools-debuginfo-3.79.4-150000.3.96.1 * libfreebl3-3.79.4-150000.3.96.1 * libfreebl3-debuginfo-3.79.4-150000.3.96.1 * libsoftokn3-hmac-3.79.4-150000.3.96.1 * libsoftokn3-debuginfo-3.79.4-150000.3.96.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (x86_64) * mozilla-nss-32bit-3.79.4-150000.3.96.1 * libfreebl3-32bit-3.79.4-150000.3.96.1 * mozilla-nss-certs-32bit-debuginfo-3.79.4-150000.3.96.1 * mozilla-nss-32bit-debuginfo-3.79.4-150000.3.96.1 * mozilla-nss-certs-32bit-3.79.4-150000.3.96.1 * libfreebl3-32bit-debuginfo-3.79.4-150000.3.96.1 * libsoftokn3-32bit-debuginfo-3.79.4-150000.3.96.1 * libsoftokn3-hmac-32bit-3.79.4-150000.3.96.1 * libsoftokn3-32bit-3.79.4-150000.3.96.1 * libfreebl3-hmac-32bit-3.79.4-150000.3.96.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * libsoftokn3-3.79.4-150000.3.96.1 * libfreebl3-hmac-3.79.4-150000.3.96.1 * mozilla-nss-3.79.4-150000.3.96.1 * mozilla-nss-debuginfo-3.79.4-150000.3.96.1 * mozilla-nss-certs-debuginfo-3.79.4-150000.3.96.1 * mozilla-nss-tools-3.79.4-150000.3.96.1 * mozilla-nss-certs-3.79.4-150000.3.96.1 * mozilla-nss-sysinit-3.79.4-150000.3.96.1 * mozilla-nss-sysinit-debuginfo-3.79.4-150000.3.96.1 * mozilla-nss-debugsource-3.79.4-150000.3.96.1 * mozilla-nss-devel-3.79.4-150000.3.96.1 * mozilla-nss-tools-debuginfo-3.79.4-150000.3.96.1 * libfreebl3-3.79.4-150000.3.96.1 * libfreebl3-debuginfo-3.79.4-150000.3.96.1 * libsoftokn3-hmac-3.79.4-150000.3.96.1 * libsoftokn3-debuginfo-3.79.4-150000.3.96.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (x86_64) * mozilla-nss-32bit-3.79.4-150000.3.96.1 * libfreebl3-32bit-3.79.4-150000.3.96.1 * mozilla-nss-certs-32bit-debuginfo-3.79.4-150000.3.96.1 * mozilla-nss-32bit-debuginfo-3.79.4-150000.3.96.1 * mozilla-nss-certs-32bit-3.79.4-150000.3.96.1 * libfreebl3-32bit-debuginfo-3.79.4-150000.3.96.1 * mozilla-nss-sysinit-32bit-3.79.4-150000.3.96.1 * libsoftokn3-32bit-debuginfo-3.79.4-150000.3.96.1 * mozilla-nss-sysinit-32bit-debuginfo-3.79.4-150000.3.96.1 * libsoftokn3-hmac-32bit-3.79.4-150000.3.96.1 * libsoftokn3-32bit-3.79.4-150000.3.96.1 * libfreebl3-hmac-32bit-3.79.4-150000.3.96.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * libsoftokn3-3.79.4-150000.3.96.1 * libfreebl3-hmac-3.79.4-150000.3.96.1 * mozilla-nss-3.79.4-150000.3.96.1 * mozilla-nss-debuginfo-3.79.4-150000.3.96.1 * mozilla-nss-certs-debuginfo-3.79.4-150000.3.96.1 * mozilla-nss-tools-3.79.4-150000.3.96.1 * mozilla-nss-certs-3.79.4-150000.3.96.1 * mozilla-nss-sysinit-3.79.4-150000.3.96.1 * mozilla-nss-sysinit-debuginfo-3.79.4-150000.3.96.1 * mozilla-nss-debugsource-3.79.4-150000.3.96.1 * mozilla-nss-devel-3.79.4-150000.3.96.1 * mozilla-nss-tools-debuginfo-3.79.4-150000.3.96.1 * libfreebl3-3.79.4-150000.3.96.1 * libfreebl3-debuginfo-3.79.4-150000.3.96.1 * libsoftokn3-hmac-3.79.4-150000.3.96.1 * libsoftokn3-debuginfo-3.79.4-150000.3.96.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (x86_64) * mozilla-nss-32bit-3.79.4-150000.3.96.1 * libfreebl3-32bit-3.79.4-150000.3.96.1 * mozilla-nss-certs-32bit-debuginfo-3.79.4-150000.3.96.1 * mozilla-nss-32bit-debuginfo-3.79.4-150000.3.96.1 * mozilla-nss-certs-32bit-3.79.4-150000.3.96.1 * libfreebl3-32bit-debuginfo-3.79.4-150000.3.96.1 * mozilla-nss-sysinit-32bit-3.79.4-150000.3.96.1 * libsoftokn3-32bit-debuginfo-3.79.4-150000.3.96.1 * mozilla-nss-sysinit-32bit-debuginfo-3.79.4-150000.3.96.1 * libsoftokn3-hmac-32bit-3.79.4-150000.3.96.1 * libsoftokn3-32bit-3.79.4-150000.3.96.1 * libfreebl3-hmac-32bit-3.79.4-150000.3.96.1 * SUSE Linux Enterprise Real Time 15 SP3 (x86_64) * mozilla-nss-certs-32bit-debuginfo-3.79.4-150000.3.96.1 * mozilla-nss-sysinit-debuginfo-3.79.4-150000.3.96.1 * mozilla-nss-debugsource-3.79.4-150000.3.96.1 * mozilla-nss-tools-debuginfo-3.79.4-150000.3.96.1 * libsoftokn3-hmac-3.79.4-150000.3.96.1 * libsoftokn3-hmac-32bit-3.79.4-150000.3.96.1 * libsoftokn3-3.79.4-150000.3.96.1 * mozilla-nss-32bit-3.79.4-150000.3.96.1 * mozilla-nss-certs-debuginfo-3.79.4-150000.3.96.1 * libfreebl3-32bit-3.79.4-150000.3.96.1 * mozilla-nss-32bit-debuginfo-3.79.4-150000.3.96.1 * libsoftokn3-32bit-3.79.4-150000.3.96.1 * libfreebl3-hmac-3.79.4-150000.3.96.1 * mozilla-nss-3.79.4-150000.3.96.1 * mozilla-nss-tools-3.79.4-150000.3.96.1 * mozilla-nss-sysinit-3.79.4-150000.3.96.1 * mozilla-nss-certs-32bit-3.79.4-150000.3.96.1 * libfreebl3-32bit-debuginfo-3.79.4-150000.3.96.1 * libsoftokn3-debuginfo-3.79.4-150000.3.96.1 * mozilla-nss-debuginfo-3.79.4-150000.3.96.1 * mozilla-nss-certs-3.79.4-150000.3.96.1 * mozilla-nss-devel-3.79.4-150000.3.96.1 * libfreebl3-3.79.4-150000.3.96.1 * libfreebl3-debuginfo-3.79.4-150000.3.96.1 * libsoftokn3-32bit-debuginfo-3.79.4-150000.3.96.1 * libfreebl3-hmac-32bit-3.79.4-150000.3.96.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * libsoftokn3-3.79.4-150000.3.96.1 * libfreebl3-hmac-3.79.4-150000.3.96.1 * mozilla-nss-3.79.4-150000.3.96.1 * mozilla-nss-debuginfo-3.79.4-150000.3.96.1 * mozilla-nss-certs-debuginfo-3.79.4-150000.3.96.1 * mozilla-nss-tools-3.79.4-150000.3.96.1 * mozilla-nss-certs-3.79.4-150000.3.96.1 * mozilla-nss-sysinit-3.79.4-150000.3.96.1 * mozilla-nss-sysinit-debuginfo-3.79.4-150000.3.96.1 * mozilla-nss-debugsource-3.79.4-150000.3.96.1 * mozilla-nss-devel-3.79.4-150000.3.96.1 * mozilla-nss-tools-debuginfo-3.79.4-150000.3.96.1 * libfreebl3-3.79.4-150000.3.96.1 * libfreebl3-debuginfo-3.79.4-150000.3.96.1 * libsoftokn3-hmac-3.79.4-150000.3.96.1 * libsoftokn3-debuginfo-3.79.4-150000.3.96.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (x86_64) * mozilla-nss-32bit-3.79.4-150000.3.96.1 * libfreebl3-32bit-3.79.4-150000.3.96.1 * mozilla-nss-certs-32bit-debuginfo-3.79.4-150000.3.96.1 * mozilla-nss-32bit-debuginfo-3.79.4-150000.3.96.1 * mozilla-nss-certs-32bit-3.79.4-150000.3.96.1 * libfreebl3-32bit-debuginfo-3.79.4-150000.3.96.1 * libsoftokn3-32bit-debuginfo-3.79.4-150000.3.96.1 * libsoftokn3-hmac-32bit-3.79.4-150000.3.96.1 * libsoftokn3-32bit-3.79.4-150000.3.96.1 * libfreebl3-hmac-32bit-3.79.4-150000.3.96.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * libsoftokn3-3.79.4-150000.3.96.1 * libfreebl3-hmac-3.79.4-150000.3.96.1 * mozilla-nss-3.79.4-150000.3.96.1 * mozilla-nss-debuginfo-3.79.4-150000.3.96.1 * mozilla-nss-certs-debuginfo-3.79.4-150000.3.96.1 * mozilla-nss-tools-3.79.4-150000.3.96.1 * mozilla-nss-certs-3.79.4-150000.3.96.1 * mozilla-nss-sysinit-3.79.4-150000.3.96.1 * mozilla-nss-sysinit-debuginfo-3.79.4-150000.3.96.1 * mozilla-nss-debugsource-3.79.4-150000.3.96.1 * mozilla-nss-devel-3.79.4-150000.3.96.1 * mozilla-nss-tools-debuginfo-3.79.4-150000.3.96.1 * libfreebl3-3.79.4-150000.3.96.1 * libfreebl3-debuginfo-3.79.4-150000.3.96.1 * libsoftokn3-hmac-3.79.4-150000.3.96.1 * libsoftokn3-debuginfo-3.79.4-150000.3.96.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (x86_64) * mozilla-nss-32bit-3.79.4-150000.3.96.1 * libfreebl3-32bit-3.79.4-150000.3.96.1 * mozilla-nss-certs-32bit-debuginfo-3.79.4-150000.3.96.1 * mozilla-nss-32bit-debuginfo-3.79.4-150000.3.96.1 * mozilla-nss-certs-32bit-3.79.4-150000.3.96.1 * libfreebl3-32bit-debuginfo-3.79.4-150000.3.96.1 * libsoftokn3-32bit-debuginfo-3.79.4-150000.3.96.1 * libsoftokn3-hmac-32bit-3.79.4-150000.3.96.1 * libsoftokn3-32bit-3.79.4-150000.3.96.1 * libfreebl3-hmac-32bit-3.79.4-150000.3.96.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * libsoftokn3-3.79.4-150000.3.96.1 * libfreebl3-hmac-3.79.4-150000.3.96.1 * mozilla-nss-3.79.4-150000.3.96.1 * mozilla-nss-debuginfo-3.79.4-150000.3.96.1 * mozilla-nss-certs-debuginfo-3.79.4-150000.3.96.1 * mozilla-nss-tools-3.79.4-150000.3.96.1 * mozilla-nss-certs-3.79.4-150000.3.96.1 * mozilla-nss-sysinit-3.79.4-150000.3.96.1 * mozilla-nss-sysinit-debuginfo-3.79.4-150000.3.96.1 * mozilla-nss-debugsource-3.79.4-150000.3.96.1 * mozilla-nss-devel-3.79.4-150000.3.96.1 * mozilla-nss-tools-debuginfo-3.79.4-150000.3.96.1 * libfreebl3-3.79.4-150000.3.96.1 * libfreebl3-debuginfo-3.79.4-150000.3.96.1 * libsoftokn3-hmac-3.79.4-150000.3.96.1 * libsoftokn3-debuginfo-3.79.4-150000.3.96.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (x86_64) * mozilla-nss-32bit-3.79.4-150000.3.96.1 * libfreebl3-32bit-3.79.4-150000.3.96.1 * mozilla-nss-certs-32bit-debuginfo-3.79.4-150000.3.96.1 * mozilla-nss-32bit-debuginfo-3.79.4-150000.3.96.1 * mozilla-nss-certs-32bit-3.79.4-150000.3.96.1 * libfreebl3-32bit-debuginfo-3.79.4-150000.3.96.1 * mozilla-nss-sysinit-32bit-3.79.4-150000.3.96.1 * libsoftokn3-32bit-debuginfo-3.79.4-150000.3.96.1 * mozilla-nss-sysinit-32bit-debuginfo-3.79.4-150000.3.96.1 * libsoftokn3-hmac-32bit-3.79.4-150000.3.96.1 * libsoftokn3-32bit-3.79.4-150000.3.96.1 * libfreebl3-hmac-32bit-3.79.4-150000.3.96.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * libsoftokn3-3.79.4-150000.3.96.1 * libfreebl3-hmac-3.79.4-150000.3.96.1 * mozilla-nss-3.79.4-150000.3.96.1 * mozilla-nss-debuginfo-3.79.4-150000.3.96.1 * mozilla-nss-certs-debuginfo-3.79.4-150000.3.96.1 * mozilla-nss-tools-3.79.4-150000.3.96.1 * mozilla-nss-certs-3.79.4-150000.3.96.1 * mozilla-nss-sysinit-3.79.4-150000.3.96.1 * mozilla-nss-sysinit-debuginfo-3.79.4-150000.3.96.1 * mozilla-nss-debugsource-3.79.4-150000.3.96.1 * mozilla-nss-devel-3.79.4-150000.3.96.1 * mozilla-nss-tools-debuginfo-3.79.4-150000.3.96.1 * libfreebl3-3.79.4-150000.3.96.1 * libfreebl3-debuginfo-3.79.4-150000.3.96.1 * libsoftokn3-hmac-3.79.4-150000.3.96.1 * libsoftokn3-debuginfo-3.79.4-150000.3.96.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (x86_64) * mozilla-nss-32bit-3.79.4-150000.3.96.1 * libfreebl3-32bit-3.79.4-150000.3.96.1 * mozilla-nss-certs-32bit-debuginfo-3.79.4-150000.3.96.1 * mozilla-nss-32bit-debuginfo-3.79.4-150000.3.96.1 * mozilla-nss-certs-32bit-3.79.4-150000.3.96.1 * libfreebl3-32bit-debuginfo-3.79.4-150000.3.96.1 * libsoftokn3-32bit-debuginfo-3.79.4-150000.3.96.1 * libsoftokn3-hmac-32bit-3.79.4-150000.3.96.1 * libsoftokn3-32bit-3.79.4-150000.3.96.1 * libfreebl3-hmac-32bit-3.79.4-150000.3.96.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * libsoftokn3-3.79.4-150000.3.96.1 * libfreebl3-hmac-3.79.4-150000.3.96.1 * mozilla-nss-3.79.4-150000.3.96.1 * mozilla-nss-debuginfo-3.79.4-150000.3.96.1 * mozilla-nss-certs-debuginfo-3.79.4-150000.3.96.1 * mozilla-nss-tools-3.79.4-150000.3.96.1 * mozilla-nss-certs-3.79.4-150000.3.96.1 * mozilla-nss-sysinit-3.79.4-150000.3.96.1 * mozilla-nss-sysinit-debuginfo-3.79.4-150000.3.96.1 * mozilla-nss-debugsource-3.79.4-150000.3.96.1 * mozilla-nss-devel-3.79.4-150000.3.96.1 * mozilla-nss-tools-debuginfo-3.79.4-150000.3.96.1 * libfreebl3-3.79.4-150000.3.96.1 * libfreebl3-debuginfo-3.79.4-150000.3.96.1 * libsoftokn3-hmac-3.79.4-150000.3.96.1 * libsoftokn3-debuginfo-3.79.4-150000.3.96.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (x86_64) * mozilla-nss-32bit-3.79.4-150000.3.96.1 * libfreebl3-32bit-3.79.4-150000.3.96.1 * mozilla-nss-certs-32bit-debuginfo-3.79.4-150000.3.96.1 * mozilla-nss-32bit-debuginfo-3.79.4-150000.3.96.1 * mozilla-nss-certs-32bit-3.79.4-150000.3.96.1 * libfreebl3-32bit-debuginfo-3.79.4-150000.3.96.1 * libsoftokn3-32bit-debuginfo-3.79.4-150000.3.96.1 * libsoftokn3-hmac-32bit-3.79.4-150000.3.96.1 * libsoftokn3-32bit-3.79.4-150000.3.96.1 * libfreebl3-hmac-32bit-3.79.4-150000.3.96.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * libsoftokn3-3.79.4-150000.3.96.1 * libfreebl3-hmac-3.79.4-150000.3.96.1 * mozilla-nss-3.79.4-150000.3.96.1 * mozilla-nss-debuginfo-3.79.4-150000.3.96.1 * mozilla-nss-certs-debuginfo-3.79.4-150000.3.96.1 * mozilla-nss-tools-3.79.4-150000.3.96.1 * mozilla-nss-certs-3.79.4-150000.3.96.1 * mozilla-nss-sysinit-3.79.4-150000.3.96.1 * mozilla-nss-sysinit-debuginfo-3.79.4-150000.3.96.1 * mozilla-nss-debugsource-3.79.4-150000.3.96.1 * mozilla-nss-devel-3.79.4-150000.3.96.1 * mozilla-nss-tools-debuginfo-3.79.4-150000.3.96.1 * libfreebl3-3.79.4-150000.3.96.1 * libfreebl3-debuginfo-3.79.4-150000.3.96.1 * libsoftokn3-hmac-3.79.4-150000.3.96.1 * libsoftokn3-debuginfo-3.79.4-150000.3.96.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (x86_64) * mozilla-nss-32bit-3.79.4-150000.3.96.1 * libfreebl3-32bit-3.79.4-150000.3.96.1 * mozilla-nss-certs-32bit-debuginfo-3.79.4-150000.3.96.1 * mozilla-nss-32bit-debuginfo-3.79.4-150000.3.96.1 * mozilla-nss-certs-32bit-3.79.4-150000.3.96.1 * libfreebl3-32bit-debuginfo-3.79.4-150000.3.96.1 * mozilla-nss-sysinit-32bit-3.79.4-150000.3.96.1 * libsoftokn3-32bit-debuginfo-3.79.4-150000.3.96.1 * mozilla-nss-sysinit-32bit-debuginfo-3.79.4-150000.3.96.1 * libsoftokn3-hmac-32bit-3.79.4-150000.3.96.1 * libsoftokn3-32bit-3.79.4-150000.3.96.1 * libfreebl3-hmac-32bit-3.79.4-150000.3.96.1 * SUSE Manager Proxy 4.2 (x86_64) * mozilla-nss-certs-32bit-debuginfo-3.79.4-150000.3.96.1 * mozilla-nss-sysinit-debuginfo-3.79.4-150000.3.96.1 * mozilla-nss-debugsource-3.79.4-150000.3.96.1 * mozilla-nss-tools-debuginfo-3.79.4-150000.3.96.1 * libsoftokn3-hmac-3.79.4-150000.3.96.1 * libsoftokn3-hmac-32bit-3.79.4-150000.3.96.1 * libsoftokn3-3.79.4-150000.3.96.1 * mozilla-nss-32bit-3.79.4-150000.3.96.1 * mozilla-nss-certs-debuginfo-3.79.4-150000.3.96.1 * libfreebl3-32bit-3.79.4-150000.3.96.1 * mozilla-nss-32bit-debuginfo-3.79.4-150000.3.96.1 * libsoftokn3-32bit-3.79.4-150000.3.96.1 * libfreebl3-hmac-3.79.4-150000.3.96.1 * mozilla-nss-3.79.4-150000.3.96.1 * mozilla-nss-tools-3.79.4-150000.3.96.1 * mozilla-nss-sysinit-3.79.4-150000.3.96.1 * mozilla-nss-certs-32bit-3.79.4-150000.3.96.1 * libfreebl3-32bit-debuginfo-3.79.4-150000.3.96.1 * libsoftokn3-debuginfo-3.79.4-150000.3.96.1 * mozilla-nss-debuginfo-3.79.4-150000.3.96.1 * mozilla-nss-certs-3.79.4-150000.3.96.1 * mozilla-nss-devel-3.79.4-150000.3.96.1 * libfreebl3-3.79.4-150000.3.96.1 * libfreebl3-debuginfo-3.79.4-150000.3.96.1 * libsoftokn3-32bit-debuginfo-3.79.4-150000.3.96.1 * libfreebl3-hmac-32bit-3.79.4-150000.3.96.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * mozilla-nss-certs-32bit-debuginfo-3.79.4-150000.3.96.1 * mozilla-nss-sysinit-debuginfo-3.79.4-150000.3.96.1 * mozilla-nss-debugsource-3.79.4-150000.3.96.1 * mozilla-nss-tools-debuginfo-3.79.4-150000.3.96.1 * libsoftokn3-hmac-3.79.4-150000.3.96.1 * libsoftokn3-hmac-32bit-3.79.4-150000.3.96.1 * libsoftokn3-3.79.4-150000.3.96.1 * mozilla-nss-32bit-3.79.4-150000.3.96.1 * mozilla-nss-certs-debuginfo-3.79.4-150000.3.96.1 * libfreebl3-32bit-3.79.4-150000.3.96.1 * mozilla-nss-32bit-debuginfo-3.79.4-150000.3.96.1 * libsoftokn3-32bit-3.79.4-150000.3.96.1 * libfreebl3-hmac-3.79.4-150000.3.96.1 * mozilla-nss-3.79.4-150000.3.96.1 * mozilla-nss-tools-3.79.4-150000.3.96.1 * mozilla-nss-sysinit-3.79.4-150000.3.96.1 * mozilla-nss-certs-32bit-3.79.4-150000.3.96.1 * libfreebl3-32bit-debuginfo-3.79.4-150000.3.96.1 * libsoftokn3-debuginfo-3.79.4-150000.3.96.1 * mozilla-nss-debuginfo-3.79.4-150000.3.96.1 * mozilla-nss-certs-3.79.4-150000.3.96.1 * mozilla-nss-devel-3.79.4-150000.3.96.1 * libfreebl3-3.79.4-150000.3.96.1 * libfreebl3-debuginfo-3.79.4-150000.3.96.1 * libsoftokn3-32bit-debuginfo-3.79.4-150000.3.96.1 * libfreebl3-hmac-32bit-3.79.4-150000.3.96.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * libsoftokn3-3.79.4-150000.3.96.1 * libfreebl3-hmac-3.79.4-150000.3.96.1 * mozilla-nss-3.79.4-150000.3.96.1 * mozilla-nss-debuginfo-3.79.4-150000.3.96.1 * mozilla-nss-certs-debuginfo-3.79.4-150000.3.96.1 * mozilla-nss-tools-3.79.4-150000.3.96.1 * mozilla-nss-certs-3.79.4-150000.3.96.1 * mozilla-nss-sysinit-3.79.4-150000.3.96.1 * mozilla-nss-sysinit-debuginfo-3.79.4-150000.3.96.1 * mozilla-nss-debugsource-3.79.4-150000.3.96.1 * mozilla-nss-devel-3.79.4-150000.3.96.1 * mozilla-nss-tools-debuginfo-3.79.4-150000.3.96.1 * libfreebl3-3.79.4-150000.3.96.1 * libfreebl3-debuginfo-3.79.4-150000.3.96.1 * libsoftokn3-hmac-3.79.4-150000.3.96.1 * libsoftokn3-debuginfo-3.79.4-150000.3.96.1 * SUSE Manager Server 4.2 (x86_64) * mozilla-nss-32bit-3.79.4-150000.3.96.1 * libfreebl3-32bit-3.79.4-150000.3.96.1 * mozilla-nss-certs-32bit-debuginfo-3.79.4-150000.3.96.1 * mozilla-nss-32bit-debuginfo-3.79.4-150000.3.96.1 * mozilla-nss-certs-32bit-3.79.4-150000.3.96.1 * libfreebl3-32bit-debuginfo-3.79.4-150000.3.96.1 * libsoftokn3-32bit-debuginfo-3.79.4-150000.3.96.1 * libsoftokn3-hmac-32bit-3.79.4-150000.3.96.1 * libsoftokn3-32bit-3.79.4-150000.3.96.1 * libfreebl3-hmac-32bit-3.79.4-150000.3.96.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * libsoftokn3-3.79.4-150000.3.96.1 * libfreebl3-hmac-3.79.4-150000.3.96.1 * mozilla-nss-3.79.4-150000.3.96.1 * mozilla-nss-debuginfo-3.79.4-150000.3.96.1 * mozilla-nss-certs-debuginfo-3.79.4-150000.3.96.1 * mozilla-nss-tools-3.79.4-150000.3.96.1 * mozilla-nss-certs-3.79.4-150000.3.96.1 * mozilla-nss-sysinit-3.79.4-150000.3.96.1 * mozilla-nss-sysinit-debuginfo-3.79.4-150000.3.96.1 * mozilla-nss-debugsource-3.79.4-150000.3.96.1 * mozilla-nss-devel-3.79.4-150000.3.96.1 * mozilla-nss-tools-debuginfo-3.79.4-150000.3.96.1 * libfreebl3-3.79.4-150000.3.96.1 * libfreebl3-debuginfo-3.79.4-150000.3.96.1 * libsoftokn3-hmac-3.79.4-150000.3.96.1 * libsoftokn3-debuginfo-3.79.4-150000.3.96.1 * SUSE Enterprise Storage 7.1 (x86_64) * mozilla-nss-32bit-3.79.4-150000.3.96.1 * libfreebl3-32bit-3.79.4-150000.3.96.1 * mozilla-nss-certs-32bit-debuginfo-3.79.4-150000.3.96.1 * mozilla-nss-32bit-debuginfo-3.79.4-150000.3.96.1 * mozilla-nss-certs-32bit-3.79.4-150000.3.96.1 * libfreebl3-32bit-debuginfo-3.79.4-150000.3.96.1 * mozilla-nss-sysinit-32bit-3.79.4-150000.3.96.1 * libsoftokn3-32bit-debuginfo-3.79.4-150000.3.96.1 * mozilla-nss-sysinit-32bit-debuginfo-3.79.4-150000.3.96.1 * libsoftokn3-hmac-32bit-3.79.4-150000.3.96.1 * libsoftokn3-32bit-3.79.4-150000.3.96.1 * libfreebl3-hmac-32bit-3.79.4-150000.3.96.1 * SUSE Enterprise Storage 7 (aarch64 x86_64) * libsoftokn3-3.79.4-150000.3.96.1 * libfreebl3-hmac-3.79.4-150000.3.96.1 * mozilla-nss-3.79.4-150000.3.96.1 * mozilla-nss-debuginfo-3.79.4-150000.3.96.1 * mozilla-nss-certs-debuginfo-3.79.4-150000.3.96.1 * mozilla-nss-tools-3.79.4-150000.3.96.1 * mozilla-nss-certs-3.79.4-150000.3.96.1 * mozilla-nss-sysinit-3.79.4-150000.3.96.1 * mozilla-nss-sysinit-debuginfo-3.79.4-150000.3.96.1 * mozilla-nss-debugsource-3.79.4-150000.3.96.1 * mozilla-nss-devel-3.79.4-150000.3.96.1 * mozilla-nss-tools-debuginfo-3.79.4-150000.3.96.1 * libfreebl3-3.79.4-150000.3.96.1 * libfreebl3-debuginfo-3.79.4-150000.3.96.1 * libsoftokn3-hmac-3.79.4-150000.3.96.1 * libsoftokn3-debuginfo-3.79.4-150000.3.96.1 * SUSE Enterprise Storage 7 (x86_64) * mozilla-nss-32bit-3.79.4-150000.3.96.1 * libfreebl3-32bit-3.79.4-150000.3.96.1 * mozilla-nss-certs-32bit-debuginfo-3.79.4-150000.3.96.1 * mozilla-nss-32bit-debuginfo-3.79.4-150000.3.96.1 * mozilla-nss-certs-32bit-3.79.4-150000.3.96.1 * libfreebl3-32bit-debuginfo-3.79.4-150000.3.96.1 * libsoftokn3-32bit-debuginfo-3.79.4-150000.3.96.1 * libsoftokn3-hmac-32bit-3.79.4-150000.3.96.1 * libsoftokn3-32bit-3.79.4-150000.3.96.1 * libfreebl3-hmac-32bit-3.79.4-150000.3.96.1 * SUSE CaaS Platform 4.0 (x86_64) * mozilla-nss-certs-32bit-debuginfo-3.79.4-150000.3.96.1 * mozilla-nss-sysinit-debuginfo-3.79.4-150000.3.96.1 * mozilla-nss-debugsource-3.79.4-150000.3.96.1 * mozilla-nss-tools-debuginfo-3.79.4-150000.3.96.1 * libsoftokn3-hmac-3.79.4-150000.3.96.1 * libsoftokn3-hmac-32bit-3.79.4-150000.3.96.1 * libsoftokn3-3.79.4-150000.3.96.1 * mozilla-nss-32bit-3.79.4-150000.3.96.1 * mozilla-nss-certs-debuginfo-3.79.4-150000.3.96.1 * libfreebl3-32bit-3.79.4-150000.3.96.1 * mozilla-nss-32bit-debuginfo-3.79.4-150000.3.96.1 * libsoftokn3-32bit-3.79.4-150000.3.96.1 * libfreebl3-hmac-3.79.4-150000.3.96.1 * mozilla-nss-3.79.4-150000.3.96.1 * mozilla-nss-tools-3.79.4-150000.3.96.1 * mozilla-nss-sysinit-3.79.4-150000.3.96.1 * mozilla-nss-certs-32bit-3.79.4-150000.3.96.1 * libfreebl3-32bit-debuginfo-3.79.4-150000.3.96.1 * libsoftokn3-debuginfo-3.79.4-150000.3.96.1 * mozilla-nss-debuginfo-3.79.4-150000.3.96.1 * mozilla-nss-certs-3.79.4-150000.3.96.1 * mozilla-nss-devel-3.79.4-150000.3.96.1 * libfreebl3-3.79.4-150000.3.96.1 * libfreebl3-debuginfo-3.79.4-150000.3.96.1 * libsoftokn3-32bit-debuginfo-3.79.4-150000.3.96.1 * libfreebl3-hmac-32bit-3.79.4-150000.3.96.1 * SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64) * libsoftokn3-3.79.4-150000.3.96.1 * libfreebl3-hmac-3.79.4-150000.3.96.1 * mozilla-nss-3.79.4-150000.3.96.1 * mozilla-nss-debuginfo-3.79.4-150000.3.96.1 * mozilla-nss-certs-debuginfo-3.79.4-150000.3.96.1 * mozilla-nss-tools-3.79.4-150000.3.96.1 * mozilla-nss-certs-3.79.4-150000.3.96.1 * mozilla-nss-debugsource-3.79.4-150000.3.96.1 * mozilla-nss-tools-debuginfo-3.79.4-150000.3.96.1 * libfreebl3-3.79.4-150000.3.96.1 * libfreebl3-debuginfo-3.79.4-150000.3.96.1 * libsoftokn3-hmac-3.79.4-150000.3.96.1 * libsoftokn3-debuginfo-3.79.4-150000.3.96.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * libsoftokn3-3.79.4-150000.3.96.1 * libfreebl3-hmac-3.79.4-150000.3.96.1 * mozilla-nss-3.79.4-150000.3.96.1 * mozilla-nss-debuginfo-3.79.4-150000.3.96.1 * mozilla-nss-certs-debuginfo-3.79.4-150000.3.96.1 * mozilla-nss-tools-3.79.4-150000.3.96.1 * mozilla-nss-certs-3.79.4-150000.3.96.1 * mozilla-nss-debugsource-3.79.4-150000.3.96.1 * mozilla-nss-tools-debuginfo-3.79.4-150000.3.96.1 * libfreebl3-3.79.4-150000.3.96.1 * libfreebl3-debuginfo-3.79.4-150000.3.96.1 * libsoftokn3-hmac-3.79.4-150000.3.96.1 * libsoftokn3-debuginfo-3.79.4-150000.3.96.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * libsoftokn3-3.79.4-150000.3.96.1 * libfreebl3-hmac-3.79.4-150000.3.96.1 * mozilla-nss-3.79.4-150000.3.96.1 * mozilla-nss-debuginfo-3.79.4-150000.3.96.1 * mozilla-nss-certs-debuginfo-3.79.4-150000.3.96.1 * mozilla-nss-tools-3.79.4-150000.3.96.1 * mozilla-nss-certs-3.79.4-150000.3.96.1 * mozilla-nss-debugsource-3.79.4-150000.3.96.1 * mozilla-nss-tools-debuginfo-3.79.4-150000.3.96.1 * libfreebl3-3.79.4-150000.3.96.1 * libfreebl3-debuginfo-3.79.4-150000.3.96.1 * libsoftokn3-hmac-3.79.4-150000.3.96.1 * libsoftokn3-debuginfo-3.79.4-150000.3.96.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1191546 * https://bugzilla.suse.com/show_bug.cgi?id=1207209 * https://bugzilla.suse.com/show_bug.cgi?id=1208242 * https://bugzilla.suse.com/show_bug.cgi?id=1208999 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Apr 24 16:30:06 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 24 Apr 2023 16:30:06 -0000 Subject: SUSE-SU-2023:1968-1: important: Security update for ovmf Message-ID: <168235380668.19355.5637362444485310371@smelt2.suse.de> # Security update for ovmf Announcement ID: SUSE-SU-2023:1968-1 Rating: important References: * #1174246 * #1196741 Cross-References: * CVE-2019-14560 * CVE-2021-38578 CVSS scores: * CVE-2019-14560 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:L * CVE-2021-38578 ( SUSE ): 7.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:L * CVE-2021-38578 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP2 * SUSE Linux Enterprise Server 12 SP2 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 An update that solves two vulnerabilities can now be installed. ## Description: This update for ovmf fixes the following issues: * CVE-2019-14560: Fixed potential secure boot bypass via an improper check of GetEfiGlobalVariable2 (bsc#1174246). * CVE-2021-38578: Fixed underflow in MdeModulePkg/PiSmmCore SmmEntryPointAdd (bsc#1196741). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2023-1968=1 ## Package List: * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 (x86_64) * ovmf-2015+git1462940744.321151f-19.26.1 * ovmf-tools-2015+git1462940744.321151f-19.26.1 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 (noarch) * qemu-ovmf-x86_64-2015+git1462940744.321151f-19.26.1 ## References: * https://www.suse.com/security/cve/CVE-2019-14560.html * https://www.suse.com/security/cve/CVE-2021-38578.html * https://bugzilla.suse.com/show_bug.cgi?id=1174246 * https://bugzilla.suse.com/show_bug.cgi?id=1196741 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Apr 24 16:30:08 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 24 Apr 2023 16:30:08 -0000 Subject: SUSE-SU-2023:1967-1: important: Security update for kubevirt, virt-api-container, virt-controller-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools-container, virt-operator-container Message-ID: <168235380857.19355.6458660867391476010@smelt2.suse.de> # Security update for kubevirt, virt-api-container, virt-controller-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools- container, virt-operator-container Announcement ID: SUSE-SU-2023:1967-1 Rating: important References: * #1208916 * #1209359 Cross-References: * CVE-2023-26484 CVSS scores: * CVE-2023-26484 ( SUSE ): 8.0 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H * CVE-2023-26484 ( NVD ): 8.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N Affected Products: * Containers Module 15-SP4 * openSUSE Leap 15.4 * openSUSE Leap Micro 5.3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves one vulnerability and has one fix can now be installed. ## Description: This update for kubevirt, virt-api-container, virt-controller-container, virt- handler-container, virt-launcher-container, virt-libguestfs-tools-container, virt-operator-container fixes the following issues: * CVE-2023-26484: Limit operator secrets permission. (bsc#1209359) kubevirt is also rebuilt with a supported GO compiler (bsc#1208916) ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-1967=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-1967=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-1967=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-1967=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-1967=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-1967=1 * Containers Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Containers-15-SP4-2023-1967=1 ## Package List: * openSUSE Leap Micro 5.3 (x86_64) * kubevirt-virtctl-0.54.0-150400.3.13.1 * kubevirt-manifests-0.54.0-150400.3.13.1 * kubevirt-virtctl-debuginfo-0.54.0-150400.3.13.1 * openSUSE Leap 15.4 (x86_64) * kubevirt-virtctl-debuginfo-0.54.0-150400.3.13.1 * kubevirt-virt-api-0.54.0-150400.3.13.1 * kubevirt-virt-api-debuginfo-0.54.0-150400.3.13.1 * kubevirt-virt-controller-0.54.0-150400.3.13.1 * obs-service-kubevirt_containers_meta-0.54.0-150400.3.13.1 * kubevirt-virt-operator-0.54.0-150400.3.13.1 * kubevirt-virtctl-0.54.0-150400.3.13.1 * kubevirt-tests-debuginfo-0.54.0-150400.3.13.1 * kubevirt-container-disk-debuginfo-0.54.0-150400.3.13.1 * kubevirt-virt-handler-0.54.0-150400.3.13.1 * kubevirt-virt-launcher-0.54.0-150400.3.13.1 * kubevirt-virt-controller-debuginfo-0.54.0-150400.3.13.1 * kubevirt-virt-launcher-debuginfo-0.54.0-150400.3.13.1 * kubevirt-manifests-0.54.0-150400.3.13.1 * kubevirt-virt-handler-debuginfo-0.54.0-150400.3.13.1 * kubevirt-container-disk-0.54.0-150400.3.13.1 * kubevirt-virt-operator-debuginfo-0.54.0-150400.3.13.1 * kubevirt-tests-0.54.0-150400.3.13.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (x86_64) * kubevirt-virtctl-0.54.0-150400.3.13.1 * kubevirt-manifests-0.54.0-150400.3.13.1 * kubevirt-virtctl-debuginfo-0.54.0-150400.3.13.1 * SUSE Linux Enterprise Micro 5.3 (x86_64) * kubevirt-virtctl-0.54.0-150400.3.13.1 * kubevirt-manifests-0.54.0-150400.3.13.1 * kubevirt-virtctl-debuginfo-0.54.0-150400.3.13.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (x86_64) * kubevirt-virtctl-0.54.0-150400.3.13.1 * kubevirt-manifests-0.54.0-150400.3.13.1 * kubevirt-virtctl-debuginfo-0.54.0-150400.3.13.1 * SUSE Linux Enterprise Micro 5.4 (x86_64) * kubevirt-virtctl-0.54.0-150400.3.13.1 * kubevirt-manifests-0.54.0-150400.3.13.1 * kubevirt-virtctl-debuginfo-0.54.0-150400.3.13.1 * Containers Module 15-SP4 (x86_64) * kubevirt-virtctl-0.54.0-150400.3.13.1 * kubevirt-manifests-0.54.0-150400.3.13.1 * kubevirt-virtctl-debuginfo-0.54.0-150400.3.13.1 ## References: * https://www.suse.com/security/cve/CVE-2023-26484.html * https://bugzilla.suse.com/show_bug.cgi?id=1208916 * https://bugzilla.suse.com/show_bug.cgi?id=1209359 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Apr 24 16:30:10 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 24 Apr 2023 16:30:10 -0000 Subject: SUSE-SU-2023:1966-1: moderate: Security update for cdi-apiserver-container, cdi-cloner-container, cdi-controller-container, cdi-importer-container, cdi-operator-container, cdi-uploadproxy-container, cdi-uploadserver-container, cont Message-ID: <168235381021.19355.16737215166655527804@smelt2.suse.de> # Security update for cdi-apiserver-container, cdi-cloner-container, cdi- controller-container, cdi-importer-container, cdi-operator-container, cdi- uploadproxy-container, cdi-uploadserver-container, cont Announcement ID: SUSE-SU-2023:1966-1 Rating: moderate References: * #1208916 Affected Products: * Containers Module 15-SP4 * openSUSE Leap 15.4 * openSUSE Leap Micro 5.3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has one fix can now be installed. ## Description: This update for cdi-apiserver-container, cdi-cloner-container, cdi-controller- container, cdi-importer-container, cdi-operator-container, cdi-uploadproxy- container, cdi-uploadserver-container, containerized-data-importer fixes the following issues: * build the containerized-data-importer with a supported golang compiler (bsc#1208916) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-1966=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-1966=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-1966=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-1966=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-1966=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-1966=1 * Containers Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Containers-15-SP4-2023-1966=1 ## Package List: * openSUSE Leap Micro 5.3 (x86_64) * containerized-data-importer-manifests-1.51.0-150400.4.13.1 * openSUSE Leap 15.4 (x86_64) * containerized-data-importer-operator-1.51.0-150400.4.13.1 * containerized-data-importer-uploadserver-1.51.0-150400.4.13.1 * containerized-data-importer-uploadserver-debuginfo-1.51.0-150400.4.13.1 * containerized-data-importer-uploadproxy-1.51.0-150400.4.13.1 * obs-service-cdi_containers_meta-1.51.0-150400.4.13.1 * containerized-data-importer-api-1.51.0-150400.4.13.1 * containerized-data-importer-importer-debuginfo-1.51.0-150400.4.13.1 * containerized-data-importer-cloner-debuginfo-1.51.0-150400.4.13.1 * containerized-data-importer-operator-debuginfo-1.51.0-150400.4.13.1 * containerized-data-importer-importer-1.51.0-150400.4.13.1 * containerized-data-importer-manifests-1.51.0-150400.4.13.1 * containerized-data-importer-controller-1.51.0-150400.4.13.1 * containerized-data-importer-uploadproxy-debuginfo-1.51.0-150400.4.13.1 * containerized-data-importer-controller-debuginfo-1.51.0-150400.4.13.1 * containerized-data-importer-api-debuginfo-1.51.0-150400.4.13.1 * containerized-data-importer-cloner-1.51.0-150400.4.13.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (x86_64) * containerized-data-importer-manifests-1.51.0-150400.4.13.1 * SUSE Linux Enterprise Micro 5.3 (x86_64) * containerized-data-importer-manifests-1.51.0-150400.4.13.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (x86_64) * containerized-data-importer-manifests-1.51.0-150400.4.13.1 * SUSE Linux Enterprise Micro 5.4 (x86_64) * containerized-data-importer-manifests-1.51.0-150400.4.13.1 * Containers Module 15-SP4 (x86_64) * containerized-data-importer-manifests-1.51.0-150400.4.13.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1208916 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Apr 24 20:30:03 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 24 Apr 2023 20:30:03 -0000 Subject: SUSE-SU-2023:1971-1: important: Security update for the Linux Kernel (Live Patch 28 for SLE 12 SP4) Message-ID: <168236820375.18566.5752554569322782305@smelt2.suse.de> # Security update for the Linux Kernel (Live Patch 28 for SLE 12 SP4) Announcement ID: SUSE-SU-2023:1971-1 Rating: important References: * #1203993 * #1207822 * #1208910 Cross-References: * CVE-2022-2991 * CVE-2023-0590 * CVE-2023-1118 CVSS scores: * CVE-2022-2991 ( SUSE ): 8.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H * CVE-2022-2991 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-0590 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-0590 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-1118 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1118 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise Live Patching 12-SP4 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 An update that solves three vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 4.12.14-95_102 fixes several issues. The following security issues were fixed: * CVE-2023-0590: Fixed race condition in qdisc_graft() (bsc#1207795). * CVE-2023-1118: Fixed a use-after-free bugs caused by ene_tx_irqsim() in media/rc (bsc#1208837). * CVE-2022-2991: Fixed an heap-based overflow in the lightnvm implemenation (bsc#1201420). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 12-SP4 zypper in -t patch SUSE-SLE-Live-Patching-12-SP4-2023-1971=1 ## Package List: * SUSE Linux Enterprise Live Patching 12-SP4 (ppc64le s390x x86_64) * kgraft-patch-4_12_14-95_102-default-9-2.2 ## References: * https://www.suse.com/security/cve/CVE-2022-2991.html * https://www.suse.com/security/cve/CVE-2023-0590.html * https://www.suse.com/security/cve/CVE-2023-1118.html * https://bugzilla.suse.com/show_bug.cgi?id=1203993 * https://bugzilla.suse.com/show_bug.cgi?id=1207822 * https://bugzilla.suse.com/show_bug.cgi?id=1208910 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Apr 24 20:30:06 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 24 Apr 2023 20:30:06 -0000 Subject: SUSE-SU-2023:1970-2: important: Security update for giflib Message-ID: <168236820614.18566.15899924398866279676@smelt2.suse.de> # Security update for giflib Announcement ID: SUSE-SU-2023:1970-2 Rating: important References: * #1094832 * #1146299 * #1184123 * #974847 Cross-References: * CVE-2016-3977 * CVE-2018-11490 * CVE-2019-15133 CVSS scores: * CVE-2016-3977 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2018-11490 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2018-11490 ( SUSE ): 4.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2018-11490 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2018-11490 ( NVD ): 8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2019-15133 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2019-15133 ( SUSE ): 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2019-15133 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2019-15133 ( NVD ): 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: * SUSE CaaS Platform 4.0 * SUSE Enterprise Storage 7 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 An update that solves three vulnerabilities and has one fix can now be installed. ## Description: This update for giflib fixes the following issues: * CVE-2019-15133: Fixed a divide-by-zero exception in the decoder function DGifSlurp in dgif_lib.c if the height field of the ImageSize data structure is equal to zero (bsc#1146299). * CVE-2018-11490: Fixed a heap-based buffer overflow in DGifDecompressLine function in dgif_lib.c (bsc#1094832). * CVE-2016-3977: Fixed a heap buffer overflow in gif2rgb (bsc#974847). Update to version 5.2.1 * In gifbuild.c, avoid a core dump on no color map. * Restore inadvertently removed library version numbers in Makefile. Changes in version 5.2.0 * The undocumented and deprecated GifQuantizeBuffer() entry point has been moved to the util library to reduce libgif size and attack surface. Applications needing this function are couraged to link the util library or make their own copy. * The following obsolete utility programs are no longer installed: gifecho, giffilter, gifinto, gifsponge. These were either installed in error or have been obsolesced by modern image-transformmation tools like ImageMagick convert. They may be removed entirely in a future release. * Address SourceForge issue #136: Stack-buffer-overflow in gifcolor.c:84 * Address SF bug #134: Giflib fails to slurp significant number of gifs * Apply SPDX convention for license tagging. Changes in version 5.1.9 * The documentation directory now includes an HTMlified version of the GIF89 standard, and a more detailed description of how LZW compression is applied to GIFs. * Address SF bug #129: The latest version of giflib cannot be build on windows. * Address SF bug #126: Cannot compile giflib using c89 Changes in version 5.1.8 * Address SF bug #119: MemorySanitizer: FPE on unknown address (CVE-2019-15133 bsc#1146299) * Address SF bug #125: 5.1.7: xmlto is still required for tarball * Address SF bug #124: 5.1.7: ar invocation is not crosscompile compatible * Address SF bug #122: 5.1.7 installs manpages to wrong directory * Address SF bug #121: make: getversion: Command not found * Address SF bug #120: 5.1.7 does not build a proper library - no Changes in version 5.1.7 * Correct a minor packaging error (superfluous symlinks) in the 5.1.6 tarballs. Changes in version 5.1.6 * Fix library installation in the Makefile. Changes in version 5.1.5 * Fix SF bug #114: Null dereferences in main() of gifclrmp * Fix SF bug #113: Heap Buffer Overflow-2 in function DGifDecompressLine() in cgif.c. This had been assigned (CVE-2018-11490 bsc#1094832). * Fix SF bug #111: segmentation fault in PrintCodeBlock * Fix SF bug #109: Segmentation fault of giftool reading a crafted file * Fix SF bug #107: Floating point exception in giftext utility * Fix SF bug #105: heap buffer overflow in DumpScreen2RGB in gif2rgb.c:317 * Fix SF bug #104: Ineffective bounds check in DGifSlurp * Fix SF bug #103: GIFLIB 5.1.4: DGifSlurp fails on empty comment * Fix SF bug #87: Heap buffer overflow in 5.1.2 (gif2rgb). (CVE-2016-3977 bsc#974847) * The horrible old autoconf build system has been removed with extreme prejudice. You now build this simply by running "make" from the top-level directory. The following non-security bugs were fixed: * build path independent objects and inherit CFLAGS from the build system (bsc#1184123) ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-1970=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-1970=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-1970=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-1970=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-1970=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-1970=1 * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-1970=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. ## Package List: * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * libgif7-debuginfo-5.2.1-150000.4.8.1 * giflib-debugsource-5.2.1-150000.4.8.1 * giflib-devel-5.2.1-150000.4.8.1 * libgif7-5.2.1-150000.4.8.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * libgif7-debuginfo-5.2.1-150000.4.8.1 * giflib-debugsource-5.2.1-150000.4.8.1 * giflib-devel-5.2.1-150000.4.8.1 * libgif7-5.2.1-150000.4.8.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * libgif7-debuginfo-5.2.1-150000.4.8.1 * giflib-debugsource-5.2.1-150000.4.8.1 * giflib-devel-5.2.1-150000.4.8.1 * libgif7-5.2.1-150000.4.8.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * libgif7-debuginfo-5.2.1-150000.4.8.1 * giflib-debugsource-5.2.1-150000.4.8.1 * giflib-devel-5.2.1-150000.4.8.1 * libgif7-5.2.1-150000.4.8.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * libgif7-debuginfo-5.2.1-150000.4.8.1 * giflib-debugsource-5.2.1-150000.4.8.1 * giflib-devel-5.2.1-150000.4.8.1 * libgif7-5.2.1-150000.4.8.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * libgif7-debuginfo-5.2.1-150000.4.8.1 * giflib-debugsource-5.2.1-150000.4.8.1 * giflib-devel-5.2.1-150000.4.8.1 * libgif7-5.2.1-150000.4.8.1 * SUSE Enterprise Storage 7 (aarch64 x86_64) * libgif7-debuginfo-5.2.1-150000.4.8.1 * giflib-debugsource-5.2.1-150000.4.8.1 * giflib-devel-5.2.1-150000.4.8.1 * libgif7-5.2.1-150000.4.8.1 * SUSE CaaS Platform 4.0 (x86_64) * libgif7-debuginfo-5.2.1-150000.4.8.1 * giflib-debugsource-5.2.1-150000.4.8.1 * giflib-devel-5.2.1-150000.4.8.1 * libgif7-5.2.1-150000.4.8.1 ## References: * https://www.suse.com/security/cve/CVE-2016-3977.html * https://www.suse.com/security/cve/CVE-2018-11490.html * https://www.suse.com/security/cve/CVE-2019-15133.html * https://bugzilla.suse.com/show_bug.cgi?id=1094832 * https://bugzilla.suse.com/show_bug.cgi?id=1146299 * https://bugzilla.suse.com/show_bug.cgi?id=1184123 * https://bugzilla.suse.com/show_bug.cgi?id=974847 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Apr 25 08:30:01 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 25 Apr 2023 08:30:01 -0000 Subject: SUSE-SU-2023:1978-1: important: Security update for the Linux Kernel RT (Live Patch 5 for SLE 15 SP4) Message-ID: <168241140175.23790.3000827508975920414@smelt2.suse.de> # Security update for the Linux Kernel RT (Live Patch 5 for SLE 15 SP4) Announcement ID: SUSE-SU-2023:1978-1 Rating: important References: * #1209797 Cross-References: * CVE-2023-1652 CVSS scores: * CVE-2023-1652 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1652 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Live Patching 15-SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 An update that solves one vulnerability can now be installed. ## Description: This update for the Linux Kernel 5.14.21-150400_15_18 fixes one issue. The following security issue was fixed: * CVE-2023-1652: Fixed use-after-free that could lead to DoS and information leak in nfsd4_ssc_setup_dul in fs/nfsd/nfs4proc.c (bsc#1209788). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP4 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2023-1978=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP4 (x86_64) * kernel-livepatch-5_14_21-150400_15_18-rt-debuginfo-2-150400.2.2 * kernel-livepatch-5_14_21-150400_15_18-rt-2-150400.2.2 * kernel-livepatch-SLE15-SP4-RT_Update_5-debugsource-2-150400.2.2 ## References: * https://www.suse.com/security/cve/CVE-2023-1652.html * https://bugzilla.suse.com/show_bug.cgi?id=1209797 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Apr 25 08:30:03 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 25 Apr 2023 08:30:03 -0000 Subject: SUSE-SU-2023:1977-1: important: Security update for the Linux Kernel RT (Live Patch 3 for SLE 15 SP4) Message-ID: <168241140344.23790.8310489451923401845@smelt2.suse.de> # Security update for the Linux Kernel RT (Live Patch 3 for SLE 15 SP4) Announcement ID: SUSE-SU-2023:1977-1 Rating: important References: * #1208910 * #1209797 Cross-References: * CVE-2023-1118 * CVE-2023-1652 CVSS scores: * CVE-2023-1118 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1118 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1652 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1652 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Live Patching 15-SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 An update that solves two vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.14.21-150400_15_11 fixes several issues. The following security issues were fixed: * CVE-2023-1652: Fixed use-after-free that could lead to DoS and information leak in nfsd4_ssc_setup_dul in fs/nfsd/nfs4proc.c (bsc#1209788). * CVE-2023-1118: Fixed a use-after-free bugs caused by ene_tx_irqsim() in media/rc (bsc#1208837). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP4 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2023-1977=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP4 (x86_64) * kernel-livepatch-5_14_21-150400_15_11-rt-debuginfo-3-150400.2.2 * kernel-livepatch-5_14_21-150400_15_11-rt-3-150400.2.2 * kernel-livepatch-SLE15-SP4-RT_Update_3-debugsource-3-150400.2.2 ## References: * https://www.suse.com/security/cve/CVE-2023-1118.html * https://www.suse.com/security/cve/CVE-2023-1652.html * https://bugzilla.suse.com/show_bug.cgi?id=1208910 * https://bugzilla.suse.com/show_bug.cgi?id=1209797 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Apr 25 08:30:05 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 25 Apr 2023 08:30:05 -0000 Subject: SUSE-SU-2023:1975-1: important: Security update for the Linux Kernel RT (Live Patch 1 for SLE 15 SP4) Message-ID: <168241140536.23790.13344345208260946644@smelt2.suse.de> # Security update for the Linux Kernel RT (Live Patch 1 for SLE 15 SP4) Announcement ID: SUSE-SU-2023:1975-1 Rating: important References: * #1207822 * #1208910 * #1209797 Cross-References: * CVE-2023-0590 * CVE-2023-1118 * CVE-2023-1652 CVSS scores: * CVE-2023-0590 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-0590 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-1118 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1118 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1652 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1652 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Live Patching 15-SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 An update that solves three vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.14.21-150400_15_5 fixes several issues. The following security issues were fixed: * CVE-2023-0590: Fixed race condition in qdisc_graft() (bsc#1207795). * CVE-2023-1652: Fixed use-after-free that could lead to DoS and information leak in nfsd4_ssc_setup_dul in fs/nfsd/nfs4proc.c (bsc#1209788). * CVE-2023-1118: Fixed a use-after-free bugs caused by ene_tx_irqsim() in media/rc (bsc#1208837). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP4 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2023-1975=1 SUSE-SLE- Module-Live-Patching-15-SP4-2023-1976=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP4 (x86_64) * kernel-livepatch-5_14_21-150400_15_8-rt-debuginfo-4-150400.2.2 * kernel-livepatch-SLE15-SP4-RT_Update_1-debugsource-5-150400.2.2 * kernel-livepatch-5_14_21-150400_15_8-rt-4-150400.2.2 * kernel-livepatch-5_14_21-150400_15_5-rt-debuginfo-5-150400.2.2 * kernel-livepatch-5_14_21-150400_15_5-rt-5-150400.2.2 * kernel-livepatch-SLE15-SP4-RT_Update_2-debugsource-4-150400.2.2 ## References: * https://www.suse.com/security/cve/CVE-2023-0590.html * https://www.suse.com/security/cve/CVE-2023-1118.html * https://www.suse.com/security/cve/CVE-2023-1652.html * https://bugzilla.suse.com/show_bug.cgi?id=1207822 * https://bugzilla.suse.com/show_bug.cgi?id=1208910 * https://bugzilla.suse.com/show_bug.cgi?id=1209797 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Apr 25 08:30:07 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 25 Apr 2023 08:30:07 -0000 Subject: SUSE-SU-2023:1973-1: important: Security update for the Linux Kernel (Live Patch 31 for SLE 12 SP5) Message-ID: <168241140726.23790.4073493169918062133@smelt2.suse.de> # Security update for the Linux Kernel (Live Patch 31 for SLE 12 SP5) Announcement ID: SUSE-SU-2023:1973-1 Rating: important References: * #1203993 * #1207822 * #1208910 Cross-References: * CVE-2022-2991 * CVE-2023-0590 * CVE-2023-1118 CVSS scores: * CVE-2022-2991 ( SUSE ): 8.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H * CVE-2022-2991 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-0590 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-0590 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-1118 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1118 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Live Patching 12-SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves three vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 4.12.14-122_121 fixes several issues. The following security issues were fixed: * CVE-2023-0590: Fixed race condition in qdisc_graft() (bsc#1207795). * CVE-2023-1118: Fixed a use-after-free bugs caused by ene_tx_irqsim() in media/rc (bsc#1208837). * CVE-2022-2991: Fixed an heap-based overflow in the lightnvm implemenation (bsc#1201420). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 12-SP5 zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2023-1973=1 SUSE-SLE-Live- Patching-12-SP5-2023-1974=1 ## Package List: * SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64) * kgraft-patch-4_12_14-122_130-default-9-2.2 * kgraft-patch-4_12_14-122_121-default-12-2.2 ## References: * https://www.suse.com/security/cve/CVE-2022-2991.html * https://www.suse.com/security/cve/CVE-2023-0590.html * https://www.suse.com/security/cve/CVE-2023-1118.html * https://bugzilla.suse.com/show_bug.cgi?id=1203993 * https://bugzilla.suse.com/show_bug.cgi?id=1207822 * https://bugzilla.suse.com/show_bug.cgi?id=1208910 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Apr 25 08:30:08 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 25 Apr 2023 08:30:08 -0000 Subject: SUSE-SU-2023:1972-1: important: Security update for the Linux Kernel (Live Patch 34 for SLE 12 SP4) Message-ID: <168241140892.23790.15832709514550503476@smelt2.suse.de> # Security update for the Linux Kernel (Live Patch 34 for SLE 12 SP4) Announcement ID: SUSE-SU-2023:1972-1 Rating: important References: * #1208910 Cross-References: * CVE-2023-1118 CVSS scores: * CVE-2023-1118 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1118 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise Live Patching 12-SP4 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 An update that solves one vulnerability can now be installed. ## Description: This update for the Linux Kernel 4.12.14-95_120 fixes one issue. The following security issue was fixed: * CVE-2023-1118: Fixed a use-after-free bugs caused by ene_tx_irqsim() in media/rc (bsc#1208837). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 12-SP4 zypper in -t patch SUSE-SLE-Live-Patching-12-SP4-2023-1972=1 ## Package List: * SUSE Linux Enterprise Live Patching 12-SP4 (ppc64le s390x x86_64) * kgraft-patch-4_12_14-95_120-default-2-2.2 ## References: * https://www.suse.com/security/cve/CVE-2023-1118.html * https://bugzilla.suse.com/show_bug.cgi?id=1208910 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Apr 25 08:30:10 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 25 Apr 2023 08:30:10 -0000 Subject: SUSE-SU-2023:1979-1: important: Security update for protobuf-c Message-ID: <168241141043.23790.11395155905330651839@smelt2.suse.de> # Security update for protobuf-c Announcement ID: SUSE-SU-2023:1979-1 Rating: important References: * #1210323 Cross-References: * CVE-2022-48468 CVSS scores: * CVE-2022-48468 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48468 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE CaaS Platform 4.0 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 An update that solves one vulnerability can now be installed. ## Description: This update for protobuf-c fixes the following issues: * CVE-2022-48468: Fixed an unsigned integer overflow. (bsc#1210323) ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-1979=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-1979=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-1979=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. ## Package List: * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * protobuf-c-debuginfo-1.3.0-150000.3.3.1 * libprotobuf-c1-1.3.0-150000.3.3.1 * protobuf-c-debugsource-1.3.0-150000.3.3.1 * libprotobuf-c-devel-1.3.0-150000.3.3.1 * libprotobuf-c1-debuginfo-1.3.0-150000.3.3.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * protobuf-c-debuginfo-1.3.0-150000.3.3.1 * libprotobuf-c1-1.3.0-150000.3.3.1 * protobuf-c-debugsource-1.3.0-150000.3.3.1 * libprotobuf-c-devel-1.3.0-150000.3.3.1 * libprotobuf-c1-debuginfo-1.3.0-150000.3.3.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * protobuf-c-debuginfo-1.3.0-150000.3.3.1 * libprotobuf-c1-1.3.0-150000.3.3.1 * protobuf-c-debugsource-1.3.0-150000.3.3.1 * libprotobuf-c-devel-1.3.0-150000.3.3.1 * libprotobuf-c1-debuginfo-1.3.0-150000.3.3.1 * SUSE CaaS Platform 4.0 (x86_64) * protobuf-c-debuginfo-1.3.0-150000.3.3.1 * libprotobuf-c1-1.3.0-150000.3.3.1 * protobuf-c-debugsource-1.3.0-150000.3.3.1 * libprotobuf-c-devel-1.3.0-150000.3.3.1 * libprotobuf-c1-debuginfo-1.3.0-150000.3.3.1 ## References: * https://www.suse.com/security/cve/CVE-2022-48468.html * https://bugzilla.suse.com/show_bug.cgi?id=1210323 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Apr 25 12:30:19 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 25 Apr 2023 12:30:19 -0000 Subject: SUSE-SU-2023:1992-1: important: Security update for the Linux Kernel Message-ID: <168242581978.30005.14136995644584371561@smelt2.suse.de> # Security update for the Linux Kernel Announcement ID: SUSE-SU-2023:1992-1 Rating: important References: * #1065729 * #1109158 * #1189998 * #1193629 * #1194869 * #1198400 * #1203200 * #1206552 * #1207168 * #1207185 * #1207574 * #1208602 * #1208815 * #1208829 * #1208902 * #1209052 * #1209118 * #1209256 * #1209290 * #1209292 * #1209366 * #1209532 * #1209547 * #1209556 * #1209572 * #1209600 * #1209634 * #1209635 * #1209636 * #1209681 * #1209684 * #1209687 * #1209779 * #1209788 * #1209798 * #1209799 * #1209804 * #1209805 * #1210050 * #1210203 Cross-References: * CVE-2017-5753 * CVE-2022-4744 * CVE-2023-0394 * CVE-2023-1281 * CVE-2023-1513 * CVE-2023-1582 * CVE-2023-1611 * CVE-2023-1637 * CVE-2023-1652 * CVE-2023-1838 * CVE-2023-23001 * CVE-2023-28327 * CVE-2023-28464 * CVE-2023-28466 CVSS scores: * CVE-2017-5753 ( SUSE ): 7.1 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N * CVE-2017-5753 ( NVD ): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N * CVE-2017-5753 ( NVD ): 5.6 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N * CVE-2022-4744 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-4744 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-0394 ( SUSE ): 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-0394 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-1281 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1281 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1513 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2023-1513 ( NVD ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2023-1582 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-1582 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-1611 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-1611 ( NVD ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2023-1637 ( SUSE ): 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L * CVE-2023-1637 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2023-1652 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1652 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2023-1838 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-1838 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2023-23001 ( SUSE ): 2.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2023-23001 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-28327 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-28464 ( SUSE ): 4.8 CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-28464 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-28466 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-28466 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.4 * openSUSE Leap Micro 5.3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Live Patching 15-SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Real Time Module 15-SP4 An update that solves 14 vulnerabilities and has 26 fixes can now be installed. ## Description: The SUSE Linux Enterprise 15 SP4 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed: * CVE-2017-5753: Fixed spectre V1 vulnerability on netlink (bsc#1209547). * CVE-2017-5753: Fixed spectre vulnerability in prlimit (bsc#1209256). * CVE-2022-4744: Fixed double-free that could lead to DoS or privilege escalation in TUN/TAP device driver functionality (bsc#1209635). * CVE-2023-0394: Fixed a null pointer dereference flaw in the network subcomponent in the Linux kernel which could lead to system crash (bsc#1207168). * CVE-2023-1281: Fixed use after free that could lead to privilege escalation in tcindex (bsc#1209634). * CVE-2023-1513: Fixed an uninitialized portions of the kvm_debugregs structure that could be copied to userspace, causing an information leak (bsc#1209532). * CVE-2023-1582: Fixed soft lockup in __page_mapcount (bsc#1209636). * CVE-2023-1611: Fixed an use-after-free flaw in btrfs_search_slot (bsc#1209687). * CVE-2023-1637: Fixed vulnerability that could lead to unauthorized access to CPU memory after resuming CPU from suspend-to-RAM (bsc#1209779, bsc#1198400). * CVE-2023-1652: Fixed use-after-free that could lead to DoS and information leak in nfsd4_ssc_setup_dul in fs/nfsd/nfs4proc.c (bsc#1209788). * CVE-2023-1838: Fixed an use-after-free flaw in virtio network subcomponent. This flaw could allow a local attacker to crash the system and lead to a kernel information leak problem. (bsc#1210203). * CVE-2023-23001: Fixed misinterpretation of regulator_get return value in drivers/scsi/ufs/ufs-mediatek.c (bsc#1208829). * CVE-2023-28327: Fixed DoS in in_skb in unix_diag_get_exact() (bsc#1209290). * CVE-2023-28464: Fixed user-after-free that could lead to privilege escalation in hci_conn_cleanup in net/bluetooth/hci_conn.c (bsc#1209052). * CVE-2023-28466: Fixed race condition that could lead to use-after-free or NULL pointer dereference in do_tls_getsockopt in net/tls/tls_main.c (bsc#1209366). The following non-security bugs were fixed: * ACPI: x86: utils: Add Cezanne to the list for forcing StorageD3Enable (git- fixes). * ALSA: asihpi: check pao in control_message() (git-fixes). * ALSA: hda/ca0132: fixup buffer overrun at tuning_ctl_set() (git-fixes). * ALSA: hda/conexant: Partial revert of a quirk for Lenovo (git-fixes). * ALSA: hda/realtek: Add quirk for Clevo X370SNW (git-fixes). * ALSA: hda/realtek: Add quirk for Lenovo ZhaoYang CF4620Z (git-fixes). * ALSA: hda/realtek: Add quirks for some Clevo laptops (git-fixes). * ALSA: hda/realtek: Fix support for Dell Precision 3260 (git-fixes). * ALSA: hda/realtek: Fix the speaker output on Samsung Galaxy Book2 Pro (git- fixes). * ALSA: hda/realtek: fix mute/micmute LEDs do not work for a HP platform (git- fixes). * ALSA: hda/realtek: fix mute/micmute LEDs for a HP ProBook (git-fixes). * ALSA: hda: intel-dsp-config: add MTL PCI id (git-fixes). * ALSA: usb-audio: Fix recursive locking at XRUN during syncing (git-fixes). * ALSA: usb-audio: Fix regression on detection of Roland VS-100 (git-fixes). * ALSA: ymfpci: Fix BUG_ON in probe function (git-fixes). * ARM: dts: imx6sl: tolino-shine2hd: fix usbotg1 pinctrl (git-fixes). * ARM: dts: imx6sll: e60k02: fix usbotg1 pinctrl (git-fixes). * ASoC: codecs: tx-macro: Fix for KASAN: slab-out-of-bounds (git-fixes). * Bluetooth: L2CAP: Fix responding with wrong PDU type (git-fixes). * Bluetooth: btqcomsmd: Fix command timeout after setting BD address (git- fixes). * Bluetooth: btsdio: fix use after free bug in btsdio_remove due to unfinished work (git-fixes). * Fix error path in pci-hyperv to unlock the mutex state_lock * HID: cp2112: Fix driver not registering GPIO IRQ chip as threaded (git- fixes). * HID: intel-ish-hid: ipc: Fix potential use-after-free in work function (git- fixes). * Input: alps - fix compatibility with -funsigned-char (bsc#1209805). * Input: focaltech - use explicitly signed char type (git-fixes). * Input: goodix - add Lenovo Yoga Book X90F to nine_bytes_report DMI table (git-fixes). * KABI FIX FOR: NFSv4: keep state manager thread active if swap is enabled (Never, kabi). * KVM: x86: fix sending PV IPI (git-fixes). * NFS: Fix an Oops in nfs_d_automount() (git-fixes). * NFS: fix disabling of swap (git-fixes). * NFSD: Protect against filesystem freezing (git-fixes). * NFSD: fix leaked reference count of nfsd4_ssc_umount_item (git-fixes). * NFSD: fix problems with cleanup on errors in nfsd4_copy (git-fixes). * NFSD: fix use-after-free in nfsd4_ssc_setup_dul() (git-fixes). * NFSd: fix handling of readdir in v4root vs. mount upcall timeout (git- fixes). * NFSd: fix race to check ls_layouts (git-fixes). * NFSd: shut down the NFSv4 state objects before the filecache (git-fixes). * NFSd: under NFSv4.1, fix double svc_xprt_put on rpc_create failure (git- fixes). * NFSd: zero out pointers after putting nfsd_files on COPY setup error (git- fixes). * NFSv4.1 provide mount option to toggle trunking discovery (git-fixes). * NFSv4.2: Fix initialisation of struct nfs4_label (git-fixes). * NFSv4.x: Fail client initialisation if state manager thread can't run (git- fixes). * NFSv4: Fix a credential leak in _nfs4_discover_trunking() (git-fixes). * NFSv4: Fix a deadlock between nfs4_open_recover_helper() and delegreturn (git-fixes). * NFSv4: Fix hangs when recovering open state after a server reboot (git- fixes). * NFSv4: fix state manager flag printing (git-fixes). * NFSv4: keep state manager thread active if swap is enabled (git-fixes). * PCI/DPC: Await readiness of secondary bus after reset (git-fixes). * PCI: hv: Add a per-bus mutex state_lock (bsc#1207185). * PCI: hv: Fix a race condition in hv_irq_unmask() that can cause panic (bsc#1207185). * PCI: hv: Remove the useless hv_pcichild_state from struct hv_pci_dev (bsc#1207185). * PCI: hv: Use async probing to reduce boot time (bsc#1207185). * PCI: hv: fix a race condition bug in hv_pci_query_relations() (bsc#1207185). * SUNRPC: Fix a server shutdown leak (git-fixes). * SUNRPC: Fix missing release socket in rpc_sockname() (git-fixes). * SUNRPC: ensure the matching upcall is in-flight upon downcall (git-fixes). * USB: cdns3: Fix issue with using incorrect PCI device function (git-fixes). * USB: cdnsp: Fixes error: uninitialized symbol 'len' (git-fixes). * USB: cdnsp: Fixes issue with redundant Status Stage (git-fixes). * USB: cdnsp: changes PCI Device ID to fix conflict with CNDS3 driver (git- fixes). * USB: chipdea: core: fix return -EINVAL if request role is the same with current role (git-fixes). * USB: chipidea: fix memory leak with using debugfs_lookup() (git-fixes). * USB: dwc2: fix a devres leak in hw_enable upon suspend resume (git-fixes). * USB: dwc3: Fix a typo in field name (git-fixes). * USB: dwc3: fix memory leak with using debugfs_lookup() (git-fixes). * USB: dwc3: gadget: Add 1ms delay after end transfer command without IOC (git-fixes). * USB: fix memory leak with using debugfs_lookup() (git-fixes). * USB: fotg210: fix memory leak with using debugfs_lookup() (git-fixes). * USB: gadget: bcm63xx_udc: fix memory leak with using debugfs_lookup() (git- fixes). * USB: gadget: gr_udc: fix memory leak with using debugfs_lookup() (git- fixes). * USB: gadget: lpc32xx_udc: fix memory leak with using debugfs_lookup() (git- fixes). * USB: gadget: pxa25x_udc: fix memory leak with using debugfs_lookup() (git- fixes). * USB: gadget: pxa27x_udc: fix memory leak with using debugfs_lookup() (git- fixes). * USB: gadget: u_audio: do not let userspace block driver unbind (git-fixes). * USB: isp116x: fix memory leak with using debugfs_lookup() (git-fixes). * USB: isp1362: fix memory leak with using debugfs_lookup() (git-fixes). * USB: sl811: fix memory leak with using debugfs_lookup() (git-fixes). * USB: typec: altmodes/displayport: Fix configure initial pin assignment (git- fixes). * USB: typec: tcpm: fix warning when handle discover_identity message (git- fixes). * USB: ucsi: Fix NULL pointer deref in ucsi_connector_change() (git-fixes). * USB: ucsi: Fix ucsi->connector race (git-fixes). * USB: uhci: fix memory leak with using debugfs_lookup() (git-fixes). * USB: xhci: tegra: fix sleep in atomic call (git-fixes). * alarmtimer: Prevent starvation by small intervals and SIG_IGN (git-fixes) * arch: fix broken BuildID for arm64 and riscv (bsc#1209798). * arm64/cpufeature: Fix field sign for DIT hwcap detection (git-fixes) * arm64: dts: freescale: Fix pca954x i2c-mux node names (git-fixes) * arm64: dts: imx8mm-nitrogen-r2: fix WM8960 clock name (git-fixes). * arm64: dts: imx8mn: specify #sound-dai-cells for SAI nodes (git-fixes). * arm64: dts: imx8mp-phycore-som: Remove invalid PMIC property (git-fixes) * arm64: dts: imx8mp: correct usb clocks (git-fixes) * arm64: dts: imx8mq: add mipi csi phy and csi bridge descriptions (git-fixes) * arm64: dts: imx8mq: fix mipi_csi bidirectional port numbers (git-fixes) * arm64: dts: qcom: sm8350: Mark UFS controller as cache coherent (git-fixes). * atm: idt77252: fix kmemleak when rmmod idt77252 (git-fixes). * ca8210: Fix unsigned mac_len comparison with zero in ca8210_skb_tx() (git- fixes). * ca8210: fix mac_len negative array access (git-fixes). * can: bcm: bcm_tx_setup(): fix KMSAN uninit-value in vfs_write (git-fixes). * can: isotp: isotp_ops: fix poll() to not report false EPOLLOUT events (git- fixes). * can: j1939: j1939_tp_tx_dat_new(): fix out-of-bounds memory access (git- fixes). * cifs: Fix smb2_set_path_size() (git-fixes). * cifs: Move the in_send statistic to __smb_send_rqst() (git-fixes). * cifs: append path to open_enter trace event (bsc#1193629). * cifs: avoid race conditions with parallel reconnects (bsc#1193629). * cifs: avoid races in parallel reconnects in smb1 (bsc#1193629). * cifs: check only tcon status on tcon related functions (bsc#1193629). * cifs: do not poll server interfaces too regularly (bsc#1193629). * cifs: double lock in cifs_reconnect_tcon() (git-fixes). * cifs: dump pending mids for all channels in DebugData (bsc#1193629). * cifs: empty interface list when server does not support query interfaces (bsc#1193629). * cifs: fix DFS traversal oops without CONFIG_CIFS_DFS_UPCALL (bsc#1193629). * cifs: fix dentry lookups in directory handle cache (bsc#1193629). * cifs: fix missing unload_nls() in smb2_reconnect() (bsc#1193629). * cifs: fix use-after-free bug in refresh_cache_worker() (bsc#1193629). * cifs: generate signkey for the channel that's reconnecting (bsc#1193629). * cifs: get rid of dead check in smb2_reconnect() (bsc#1193629). * cifs: lock chan_lock outside match_session (bsc#1193629). * cifs: prevent infinite recursion in CIFSGetDFSRefer() (bsc#1193629). * cifs: print session id while listing open files (bsc#1193629). * cifs: return DFS root session id in DebugData (bsc#1193629). * cifs: set DFS root session in cifs_get_smb_ses() (bsc#1193629). * cifs: use DFS root session instead of tcon ses (bsc#1193629). * clocksource/drivers/mediatek: Optimize systimer irq clear flow on shutdown (git-fixes). * debugfs: add debugfs_lookup_and_remove() (git-fixes). * drivers/base: Fix unsigned comparison to -1 in CPUMAP_FILE_MAX_BYTES (bsc#1208815). * drivers/base: fix userspace break from using bin_attributes for cpumap and cpulist (bsc#1208815). * drm/amd/display: Add DSC Support for Synaptics Cascaded MST Hub (git-fixes). * drm/amd/display: fix shift-out-of-bounds in CalculateVMAndRowBytes (git- fixes). * drm/amdkfd: Fix an illegal memory access (git-fixes). * drm/bridge: lt8912b: return EPROBE_DEFER if bridge is not found (git-fixes). * drm/etnaviv: fix reference leak when mmaping imported buffer (git-fixes). * drm/i915/active: Fix missing debug object activation (git-fixes). * drm/i915/active: Fix misuse of non-idle barriers as fence trackers (git- fixes). * drm/i915/display/psr: Handle plane and pipe restrictions at every page flip (git-fixes). * drm/i915/display/psr: Use drm damage helpers to calculate plane damaged area (git-fixes). * drm/i915/display: Workaround cursor left overs with PSR2 selective fetch enabled (git-fixes). * drm/i915/display: clean up comments (git-fixes). * drm/i915/gt: perform uc late init after probe error injection (git-fixes). * drm/i915/psr: Use calculated io and fast wake lines (git-fixes). * drm/i915/tc: Fix the ICL PHY ownership check in TC-cold state (git-fixes). * drm/i915: Do not use BAR mappings for ring buffers with LLC (git-fixes). * drm/i915: Do not use stolen memory for ring buffers with LLC (git-fixes). * drm/i915: Preserve crtc_state->inherited during state clearing (git-fixes). * drm/i915: Remove unused bits of i915_vma/active api (git-fixes). * drm/panfrost: Fix the panfrost_mmu_map_fault_addr() error path (git-fixes). * dt-bindings: serial: renesas,scif: Fix 4th IRQ for 4-IRQ SCIFs (git-fixes). * efi: sysfb_efi: Fix DMI quirks not working for simpledrm (git-fixes). * fbdev: au1200fb: Fix potential divide by zero (git-fixes). * fbdev: intelfb: Fix potential divide by zero (git-fixes). * fbdev: lxfb: Fix potential divide by zero (git-fixes). * fbdev: nvidia: Fix potential divide by zero (git-fixes). * fbdev: stifb: Provide valid pixelclock and add fb_check_var() checks (git- fixes). * fbdev: tgafb: Fix potential divide by zero (git-fixes). * firmware: arm_scmi: Fix device node validation for mailbox transport (git- fixes). * fotg210-udc: Add missing completion handler (git-fixes). * ftrace: Fix invalid address access in lookup_rec() when index is 0 (git- fixes). * ftrace: Fix issue that 'direct->addr' not restored in modify_ftrace_direct() (git-fixes). * ftrace: Mark get_lock_parent_ip() __always_inline (git-fixes). * gpio: GPIO_REGMAP: select REGMAP instead of depending on it (git-fixes). * gpio: davinci: Add irq chip flag to skip set wake (git-fixes). * hwmon: fix potential sensor registration fail if of_node is missing (git- fixes). * i2c: hisi: Only use the completion interrupt to finish the transfer (git- fixes). * i2c: imx-lpi2c: check only for enabled interrupt flags (git-fixes). * i2c: xgene-slimpro: Fix out-of-bounds bug in xgene_slimpro_i2c_xfer() (git- fixes). * iio: adc: ad7791: fix IRQ flags (git-fixes). * iio: adc: ti-ads7950: Set `can_sleep` flag for GPIO chip (git-fixes). * iio: adis16480: select CONFIG_CRC32 (git-fixes). * iio: dac: cio-dac: Fix max DAC write value check for 12-bit (git-fixes). * iio: light: cm32181: Unregister second I2C client if present (git-fixes). * kABI workaround for xhci (git-fixes). * kABI: x86/msr: Remove .fixup usage (kabi). * kconfig: Update config changed flag before calling callback (git-fixes). * keys: Do not cache key in task struct if key is requested from kernel thread (git-fixes). * lan78xx: Add missing return code checks (git-fixes). * lan78xx: Fix exception on link speed change (git-fixes). * lan78xx: Fix memory allocation bug (git-fixes). * lan78xx: Fix partial packet errors on suspend/resume (git-fixes). * lan78xx: Fix race condition in disconnect handling (git-fixes). * lan78xx: Fix race conditions in suspend/resume handling (git-fixes). * lan78xx: Fix white space and style issues (git-fixes). * lan78xx: Remove unused pause frame queue (git-fixes). * lan78xx: Remove unused timer (git-fixes). * lan78xx: Set flow control threshold to prevent packet loss (git-fixes). * lockd: set file_lock start and end when decoding nlm4 testargs (git-fixes). * locking/rwbase: Mitigate indefinite writer starvation (bsc#1189998 (PREEMPT_RT prerequisite backports), bsc#1206552). * mm: memcg: fix swapcached stat accounting (bsc#1209804). * mm: mmap: remove newline at the end of the trace (git-fixes). * mmc: atmel-mci: fix race between stop command and start of next command (git-fixes). * mtd: rawnand: meson: fix bitmask for length in command word (git-fixes). * mtd: rawnand: meson: invalidate cache on polling ECC bit (git-fixes). * mtd: rawnand: stm32_fmc2: remove unsupported EDO mode (git-fixes). * mtd: rawnand: stm32_fmc2: use timings.mode instead of checking tRC_min (git- fixes). * mtdblock: tolerate corrected bit-flips (git-fixes). * net: asix: fix modprobe "sysfs: cannot create duplicate filename" (git- fixes). * net: mdio: thunder: Add missing fwnode_handle_put() (git-fixes). * net: phy: Ensure state transitions are processed from phy_stop() (git- fixes). * net: phy: dp83869: fix default value for tx-/rx-internal-delay (git-fixes). * net: phy: nxp-c45-tja11xx: fix MII_BASIC_CONFIG_REV bit (git-fixes). * net: phy: smsc: bail out in lan87xx_read_status if genphy_read_status fails (git-fixes). * net: qcom/emac: Fix use after free bug in emac_remove due to race condition (git-fixes). * net: usb: asix: remove redundant assignment to variable reg (git-fixes). * net: usb: cdc_mbim: avoid altsetting toggling for Telit FE990 (git-fixes). * net: usb: lan78xx: Limit packet length to skb->len (git-fixes). * net: usb: qmi_wwan: add Telit 0x1080 composition (git-fixes). * net: usb: smsc75xx: Limit packet length to skb->len (git-fixes). * net: usb: smsc75xx: Move packet length check to prevent kernel panic in skb_pull (git-fixes). * net: usb: smsc95xx: Limit packet length to skb->len (git-fixes). * net: usb: use eth_hw_addr_set() (git-fixes). * nilfs2: fix kernel-infoleak in nilfs_ioctl_wrap_copy() (git-fixes). * nilfs2: fix sysfs interface lifetime (git-fixes). * nvme-tcp: always fail a request when sending it failed (bsc#1208902). * pNFS/filelayout: Fix coalescing test for single DS (git-fixes). * pinctrl: amd: Disable and mask interrupts on resume (git-fixes). * pinctrl: at91-pio4: fix domain name assignment (git-fixes). * pinctrl: ocelot: Fix alt mode for ocelot (git-fixes). * platform/chrome: cros_ec_chardev: fix kernel data leak from ioctl (git- fixes). * platform/x86/intel/pmc: Alder Lake PCH slp_s0_residency fix (git-fixes). * platform/x86: think-lmi: Add possible_values for ThinkStation (git-fixes). * platform/x86: think-lmi: Certificate authentication support (bsc#1210050). * platform/x86: think-lmi: Clean up display of current_value on Thinkstation (git-fixes). * platform/x86: think-lmi: Fix memory leak when showing current settings (git- fixes). * platform/x86: think-lmi: Fix memory leaks when parsing ThinkStation WMI strings (git-fixes). * platform/x86: think-lmi: Move kobject_init() call into tlmi_create_auth() (bsc#1210050). * platform/x86: think-lmi: Opcode support (bsc#1210050). * platform/x86: think-lmi: Prevent underflow in index_store() (bsc#1210050). * platform/x86: think-lmi: Simplify tlmi_analyze() error handling a bit (bsc#1210050). * platform/x86: think-lmi: Use min_t() for comparison and assignment (bsc#1210050). * platform/x86: think-lmi: add debug_cmd (bsc#1210050). * platform/x86: think-lmi: add missing type attribute (git-fixes). * platform/x86: think-lmi: certificate support clean ups (bsc#1210050). * platform/x86: think-lmi: only display possible_values if available (git- fixes). * platform/x86: think-lmi: use correct possible_values delimiters (git-fixes). * platform/x86: thinkpad-acpi: Add support for automatic mode transitions (bsc#1210050). * platform/x86: thinkpad-acpi: Enable AMT by default on supported systems (bsc#1210050). * platform/x86: thinkpad-acpi: profile capabilities as integer (bsc#1210050). * platform/x86: thinkpad_acpi: Accept ibm_init_struct.init() returning -ENODEV (bsc#1210050). * platform/x86: thinkpad_acpi: Add LED_RETAIN_AT_SHUTDOWN to led_class_devs (bsc#1210050). * platform/x86: thinkpad_acpi: Add PSC mode support (bsc#1210050). * platform/x86: thinkpad_acpi: Add a s2idle resume quirk for a number of laptops (bsc#1210050). * platform/x86: thinkpad_acpi: Add dual fan probe (bsc#1210050). * platform/x86: thinkpad_acpi: Add dual-fan quirk for T15g (2nd gen) (bsc#1210050). * platform/x86: thinkpad_acpi: Add hotkey_notify_extended_hotkey() helper (bsc#1210050). * platform/x86: thinkpad_acpi: Add lid_logo_dot to the list of safe LEDs (bsc#1210050). * platform/x86: thinkpad_acpi: Add quirk for ThinkPads without a fan (bsc#1210050). * platform/x86: thinkpad_acpi: Cleanup dytc_profile_available (bsc#1210050). * platform/x86: thinkpad_acpi: Convert btusb DMI list to quirks (bsc#1210050). * platform/x86: thinkpad_acpi: Convert platform driver to use dev_groups (bsc#1210050). * platform/x86: thinkpad_acpi: Correct dual fan probe (bsc#1210050). * platform/x86: thinkpad_acpi: Do not use test_bit on an integer (bsc#1210050). * platform/x86: thinkpad_acpi: Enable s2idle quirk for 21A1 machine type (bsc#1210050). * platform/x86: thinkpad_acpi: Explicitly set to balanced mode on startup (bsc#1210050). * platform/x86: thinkpad_acpi: Fix a memory leak of EFCH MMIO resource (bsc#1210050). * platform/x86: thinkpad_acpi: Fix coccinelle warnings (bsc#1210050). * platform/x86: thinkpad_acpi: Fix compiler warning about uninitialized err variable (bsc#1210050). * platform/x86: thinkpad_acpi: Fix incorrect use of platform profile on AMD platforms (bsc#1210050). * platform/x86: thinkpad_acpi: Fix max_brightness of thinklight (bsc#1210050). * platform/x86: thinkpad_acpi: Fix profile mode display in AMT mode (bsc#1210050). * platform/x86: thinkpad_acpi: Fix profile modes on Intel platforms (bsc#1210050). * platform/x86: thinkpad_acpi: Fix reporting a non present second fan on some models (bsc#1210050). * platform/x86: thinkpad_acpi: Fix the hwmon sysfs-attr showing up in the wrong place (bsc#1210050). * platform/x86: thinkpad_acpi: Fix thermal_temp_input_attr sorting (bsc#1210050). * platform/x86: thinkpad_acpi: Fix thinklight LED brightness returning 255 (bsc#1210050). * platform/x86: thinkpad_acpi: Get privacy-screen / lcdshadow ACPI handles only once (bsc#1210050). * platform/x86: thinkpad_acpi: Make *_init() functions return -ENODEV instead of 1 (bsc#1210050). * platform/x86: thinkpad_acpi: Properly indent code in tpacpi_dytc_profile_init() (bsc#1210050). * platform/x86: thinkpad_acpi: Register tpacpi_pdriver after subdriver init (bsc#1210050). * platform/x86: thinkpad_acpi: Remove "goto err_exit" from hotkey_init() (bsc#1210050). * platform/x86: thinkpad_acpi: Remove unused sensors_pdev_attrs_registered flag (bsc#1210050). * platform/x86: thinkpad_acpi: Restore missing hotkey_tablet_mode and hotkey_radio_sw sysfs-attr (bsc#1210050). * platform/x86: thinkpad_acpi: Simplify dytc_version handling (bsc#1210050). * platform/x86: thinkpad_acpi: Switch to common use of attributes (bsc#1210050). * platform/x86: thinkpad_acpi: Use backlight helper (bsc#1210050). * platform/x86: thinkpad_acpi: clean up dytc profile convert (bsc#1210050). * platform/x86: thinkpad_acpi: consistently check fan_get_status return (bsc#1210050). * platform/x86: thinkpad_acpi: do not use PSC mode on Intel platforms (bsc#1210050). * platform/x86: thinkpad_acpi: tpacpi_attr_group contains driver attributes not device attrs (bsc#1210050). * platform/x86: thinkpad_acpi: use strstarts() (bsc#1210050). * power: supply: da9150: Fix use after free bug in da9150_charger_remove due to race condition (git-fixes). * powerpc/64s/interrupt: Fix interrupt exit race with security mitigation switch (bsc#1194869). * powerpc/btext: add missing of_node_put (bsc#1065729). * powerpc/ioda/iommu/debugfs: Generate unique debugfs entries (bsc#1194869). * powerpc/iommu: Add missing of_node_put in iommu_init_early_dart (bsc#1194869). * powerpc/iommu: fix memory leak with using debugfs_lookup() (bsc#1194869). * powerpc/kcsan: Exclude udelay to prevent recursive instrumentation (bsc#1194869). * powerpc/kexec_file: fix implicit decl error (bsc#1194869). * powerpc/powernv/ioda: Skip unallocated resources when mapping to PE (bsc#1065729). * powerpc/powernv: fix missing of_node_put in uv_init() (bsc#1194869). * powerpc/pseries/lpar: add missing RTAS retry status handling (bsc#1109158 ltc#169177 git-fixes). * powerpc/pseries/lparcfg: add missing RTAS retry status handling (bsc#1065729). * powerpc/rtas: ensure 4KB alignment for rtas_data_buf (bsc#1065729). * powerpc/vmlinux.lds: Define RUNTIME_DISCARD_EXIT (bsc#1194869). * powerpc/vmlinux.lds: Do not discard .comment (bsc#1194869). * powerpc/vmlinux.lds: Do not discard .rela* for relocatable builds (bsc#1194869). * powerpc/xmon: Fix -Wswitch-unreachable warning in bpt_cmds (bsc#1194869). * powerpc: Remove linker flag from KBUILD_AFLAGS (bsc#1194869). * ppc64le: HWPOISON_INJECT=m (bsc#1209572). * pwm: cros-ec: Explicitly set .polarity in .get_state() (git-fixes). * pwm: sprd: Explicitly set .polarity in .get_state() (git-fixes). * r8169: fix RTL8168H and RTL8107E rx crc error (git-fixes). * rcu: Fix rcu_torture_read ftrace event (git-fixes). * ring-buffer: Fix race while reader and writer are on the same page (git- fixes). * ring-buffer: Handle race between rb_move_tail and rb_check_pages (git- fixes). * ring-buffer: remove obsolete comment for free_buffer_page() (git-fixes). * s390/boot: simplify and fix kernel memory layout setup (bsc#1209600). * s390/dasd: fix no record found for raw_track_access (bsc#1207574). * s390/vfio-ap: fix memory leak in vfio_ap device driver (git-fixes). * sbitmap: Avoid lockups when waker gets preempted (bsc#1209118). * sched/psi: Fix use-after-free in ep_remove_wait_queue() (bsc#1209799). * scsi: qla2xxx: Synchronize the IOCB count to be in order (bsc#1209292 bsc#1209684 bsc#1209556). * sctp: sctp_sock_filter(): avoid list_entry() on possibly empty list (bsc#1208602, git-fixes). * serial: 8250: ASPEED_VUART: select REGMAP instead of depending on it (git- fixes). * serial: 8250: SERIAL_8250_ASPEED_VUART should depend on ARCH_ASPEED (git- fixes). * serial: fsl_lpuart: Fix comment typo (git-fixes). * smb3: fix unusable share after force unmount failure (bsc#1193629). * smb3: lower default deferred close timeout to address perf regression (bsc#1193629). * struct dwc3: mask new member (git-fixes). * thunderbolt: Add missing UNSET_INBOUND_SBTX for retimer access (git-fixes). * thunderbolt: Call tb_check_quirks() after initializing adapters (git-fixes). * thunderbolt: Disable interrupt auto clear for rings (git-fixes). * thunderbolt: Rename shadowed variables bit to interrupt_bit and auto_clear_bit (git-fixes). * thunderbolt: Use const qualifier for `ring_interrupt_index` (git-fixes). * thunderbolt: Use scale field when allocating USB3 bandwidth (git-fixes). * timers: Prevent union confusion from unexpected (git-fixes) * trace/hwlat: Do not start per-cpu thread if it is already running (git- fixes). * trace/hwlat: Do not wipe the contents of per-cpu thread data (git-fixes). * trace/hwlat: make use of the helper function kthread_run_on_cpu() (git- fixes). * tracing: Add trace_array_puts() to write into instance (git-fixes). * tracing: Fix wrong return in kprobe_event_gen_test.c (git-fixes). * tracing: Free error logs of tracing instances (git-fixes). * tracing: Have tracing_snapshot_instance_cond() write errors to the appropriate instance (git-fixes). * tty: serial: fsl_lpuart: avoid checking for transfer complete when UARTCTRL_SBK is asserted in lpuart32_tx_empty (git-fixes). * tty: serial: fsl_lpuart: skip waiting for transmission complete when UARTCTRL_SBK is asserted (git-fixes). * tty: serial: sh-sci: Fix Rx on RZ/G2L SCI (git-fixes). * tty: serial: sh-sci: Fix transmit end interrupt handler (git-fixes). * uas: Add US_FL_NO_REPORT_OPCODES for JMicron JMS583Gen 2 (git-fixes). * vdpa_sim: set last_used_idx as last_avail_idx in vdpasim_queue_ready (git- fixes). * wifi: mac80211: fix invalid drv_sta_pre_rcu_remove calls for non-uploaded sta (git-fixes). * wifi: mac80211: fix qos on mesh interfaces (git-fixes). * wireguard: ratelimiter: use hrtimer in selftest (git-fixes) * x86/bug: Merge annotate_reachable() into _BUG_FLAGS() asm (git-fixes). * x86/fpu/xsave: Handle compacted offsets correctly with supervisor states (git-fixes). * x86/fpu/xstate: Fix the ARCH_REQ_XCOMP_PERM implementation (git-fixes). * x86/fpu: Cache xfeature flags from CPUID (git-fixes). * x86/fpu: Remove unused supervisor only offsets (git-fixes). * x86/kvm: Do not use pv tlb/ipi/sched_yield if on 1 vCPU (git-fixes). * x86/mce/inject: Avoid out-of-bounds write when setting flags (git-fixes). * x86/mce: Allow instrumentation during task work queueing (git-fixes). * x86/mce: Mark mce_end() noinstr (git-fixes). * x86/mce: Mark mce_panic() noinstr (git-fixes). * x86/mce: Mark mce_read_aux() noinstr (git-fixes). * x86/mm: Flush global TLB when switching to trampoline page-table (git- fixes). * x86/msr: Remove .fixup usage (git-fixes). * x86/sgx: Free backing memory after faulting the enclave page (git-fixes). * x86/sgx: Silence softlockup detection when releasing large enclaves (git- fixes). * x86/uaccess: Move variable into switch case statement (git-fixes). * x86: Annotate call_on_stack() (git-fixes). * x86: link vdso and boot with -z noexecstack --no-warn-rwx-segments (bsc#1203200). * xfs: convert ptag flags to unsigned (git-fixes). * xfs: do not assert fail on perag references on teardown (git-fixes). * xfs: do not leak btree cursor when insrec fails after a split (git-fixes). * xfs: pass the correct cursor to xfs_iomap_prealloc_size (git-fixes). * xfs: remove xfs_setattr_time() declaration (git-fixes). * xfs: zero inode fork buffer at allocation (git-fixes). * xhci: Free the command allocated for setting LPM if we return early (git- fixes). * xhci: also avoid the XHCI_ZERO_64B_REGS quirk with a passthrough iommu (git- fixes). * xirc2ps_cs: Fix use after free bug in xirc2ps_detach (git-fixes). * xprtrdma: Fix regbuf data not freed in rpcrdma_req_create() (git-fixes). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-1992=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-1992=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-1992=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-1992=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-1992=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-1992=1 * SUSE Linux Enterprise Live Patching 15-SP4 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2023-1992=1 * SUSE Real Time Module 15-SP4 zypper in -t patch SUSE-SLE-Module-RT-15-SP4-2023-1992=1 ## Package List: * openSUSE Leap Micro 5.3 (nosrc x86_64) * kernel-rt-5.14.21-150400.15.23.1 * openSUSE Leap Micro 5.3 (x86_64) * kernel-rt-debugsource-5.14.21-150400.15.23.1 * kernel-rt-debuginfo-5.14.21-150400.15.23.1 * openSUSE Leap 15.4 (x86_64) * kernel-rt_debug-debuginfo-5.14.21-150400.15.23.1 * cluster-md-kmp-rt-debuginfo-5.14.21-150400.15.23.1 * dlm-kmp-rt-debuginfo-5.14.21-150400.15.23.1 * kernel-rt-devel-5.14.21-150400.15.23.1 * cluster-md-kmp-rt-5.14.21-150400.15.23.1 * ocfs2-kmp-rt-5.14.21-150400.15.23.1 * ocfs2-kmp-rt-debuginfo-5.14.21-150400.15.23.1 * dlm-kmp-rt-5.14.21-150400.15.23.1 * kernel-rt-debugsource-5.14.21-150400.15.23.1 * kernel-syms-rt-5.14.21-150400.15.23.1 * gfs2-kmp-rt-debuginfo-5.14.21-150400.15.23.1 * kernel-rt_debug-debugsource-5.14.21-150400.15.23.1 * kernel-rt-debuginfo-5.14.21-150400.15.23.1 * kernel-rt_debug-devel-debuginfo-5.14.21-150400.15.23.1 * gfs2-kmp-rt-5.14.21-150400.15.23.1 * kernel-rt-devel-debuginfo-5.14.21-150400.15.23.1 * kernel-rt_debug-devel-5.14.21-150400.15.23.1 * openSUSE Leap 15.4 (noarch) * kernel-devel-rt-5.14.21-150400.15.23.1 * kernel-source-rt-5.14.21-150400.15.23.1 * openSUSE Leap 15.4 (nosrc x86_64) * kernel-rt_debug-5.14.21-150400.15.23.1 * kernel-rt-5.14.21-150400.15.23.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (nosrc x86_64) * kernel-rt-5.14.21-150400.15.23.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (x86_64) * kernel-rt-debugsource-5.14.21-150400.15.23.1 * kernel-rt-debuginfo-5.14.21-150400.15.23.1 * SUSE Linux Enterprise Micro 5.3 (nosrc x86_64) * kernel-rt-5.14.21-150400.15.23.1 * SUSE Linux Enterprise Micro 5.3 (x86_64) * kernel-rt-debugsource-5.14.21-150400.15.23.1 * kernel-rt-debuginfo-5.14.21-150400.15.23.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (nosrc x86_64) * kernel-rt-5.14.21-150400.15.23.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (x86_64) * kernel-rt-debugsource-5.14.21-150400.15.23.1 * kernel-rt-debuginfo-5.14.21-150400.15.23.1 * SUSE Linux Enterprise Micro 5.4 (nosrc x86_64) * kernel-rt-5.14.21-150400.15.23.1 * SUSE Linux Enterprise Micro 5.4 (x86_64) * kernel-rt-debugsource-5.14.21-150400.15.23.1 * kernel-rt-debuginfo-5.14.21-150400.15.23.1 * SUSE Linux Enterprise Live Patching 15-SP4 (x86_64) * kernel-livepatch-5_14_21-150400_15_23-rt-1-150400.1.3.3 * kernel-livepatch-5_14_21-150400_15_23-rt-debuginfo-1-150400.1.3.3 * kernel-livepatch-SLE15-SP4-RT_Update_6-debugsource-1-150400.1.3.3 * SUSE Real Time Module 15-SP4 (x86_64) * kernel-rt_debug-debuginfo-5.14.21-150400.15.23.1 * cluster-md-kmp-rt-debuginfo-5.14.21-150400.15.23.1 * dlm-kmp-rt-debuginfo-5.14.21-150400.15.23.1 * kernel-rt-devel-5.14.21-150400.15.23.1 * cluster-md-kmp-rt-5.14.21-150400.15.23.1 * ocfs2-kmp-rt-5.14.21-150400.15.23.1 * ocfs2-kmp-rt-debuginfo-5.14.21-150400.15.23.1 * dlm-kmp-rt-5.14.21-150400.15.23.1 * kernel-rt-debugsource-5.14.21-150400.15.23.1 * kernel-syms-rt-5.14.21-150400.15.23.1 * gfs2-kmp-rt-debuginfo-5.14.21-150400.15.23.1 * kernel-rt_debug-debugsource-5.14.21-150400.15.23.1 * kernel-rt-debuginfo-5.14.21-150400.15.23.1 * kernel-rt_debug-devel-debuginfo-5.14.21-150400.15.23.1 * gfs2-kmp-rt-5.14.21-150400.15.23.1 * kernel-rt-devel-debuginfo-5.14.21-150400.15.23.1 * kernel-rt_debug-devel-5.14.21-150400.15.23.1 * SUSE Real Time Module 15-SP4 (noarch) * kernel-devel-rt-5.14.21-150400.15.23.1 * kernel-source-rt-5.14.21-150400.15.23.1 * SUSE Real Time Module 15-SP4 (nosrc x86_64) * kernel-rt_debug-5.14.21-150400.15.23.1 * kernel-rt-5.14.21-150400.15.23.1 ## References: * https://www.suse.com/security/cve/CVE-2017-5753.html * https://www.suse.com/security/cve/CVE-2022-4744.html * https://www.suse.com/security/cve/CVE-2023-0394.html * https://www.suse.com/security/cve/CVE-2023-1281.html * https://www.suse.com/security/cve/CVE-2023-1513.html * https://www.suse.com/security/cve/CVE-2023-1582.html * https://www.suse.com/security/cve/CVE-2023-1611.html * https://www.suse.com/security/cve/CVE-2023-1637.html * https://www.suse.com/security/cve/CVE-2023-1652.html * https://www.suse.com/security/cve/CVE-2023-1838.html * https://www.suse.com/security/cve/CVE-2023-23001.html * https://www.suse.com/security/cve/CVE-2023-28327.html * https://www.suse.com/security/cve/CVE-2023-28464.html * https://www.suse.com/security/cve/CVE-2023-28466.html * https://bugzilla.suse.com/show_bug.cgi?id=1065729 * https://bugzilla.suse.com/show_bug.cgi?id=1109158 * https://bugzilla.suse.com/show_bug.cgi?id=1189998 * https://bugzilla.suse.com/show_bug.cgi?id=1193629 * https://bugzilla.suse.com/show_bug.cgi?id=1194869 * https://bugzilla.suse.com/show_bug.cgi?id=1198400 * https://bugzilla.suse.com/show_bug.cgi?id=1203200 * https://bugzilla.suse.com/show_bug.cgi?id=1206552 * https://bugzilla.suse.com/show_bug.cgi?id=1207168 * https://bugzilla.suse.com/show_bug.cgi?id=1207185 * https://bugzilla.suse.com/show_bug.cgi?id=1207574 * https://bugzilla.suse.com/show_bug.cgi?id=1208602 * https://bugzilla.suse.com/show_bug.cgi?id=1208815 * https://bugzilla.suse.com/show_bug.cgi?id=1208829 * https://bugzilla.suse.com/show_bug.cgi?id=1208902 * https://bugzilla.suse.com/show_bug.cgi?id=1209052 * https://bugzilla.suse.com/show_bug.cgi?id=1209118 * https://bugzilla.suse.com/show_bug.cgi?id=1209256 * https://bugzilla.suse.com/show_bug.cgi?id=1209290 * https://bugzilla.suse.com/show_bug.cgi?id=1209292 * https://bugzilla.suse.com/show_bug.cgi?id=1209366 * https://bugzilla.suse.com/show_bug.cgi?id=1209532 * https://bugzilla.suse.com/show_bug.cgi?id=1209547 * https://bugzilla.suse.com/show_bug.cgi?id=1209556 * https://bugzilla.suse.com/show_bug.cgi?id=1209572 * https://bugzilla.suse.com/show_bug.cgi?id=1209600 * https://bugzilla.suse.com/show_bug.cgi?id=1209634 * https://bugzilla.suse.com/show_bug.cgi?id=1209635 * https://bugzilla.suse.com/show_bug.cgi?id=1209636 * https://bugzilla.suse.com/show_bug.cgi?id=1209681 * https://bugzilla.suse.com/show_bug.cgi?id=1209684 * https://bugzilla.suse.com/show_bug.cgi?id=1209687 * https://bugzilla.suse.com/show_bug.cgi?id=1209779 * https://bugzilla.suse.com/show_bug.cgi?id=1209788 * https://bugzilla.suse.com/show_bug.cgi?id=1209798 * https://bugzilla.suse.com/show_bug.cgi?id=1209799 * https://bugzilla.suse.com/show_bug.cgi?id=1209804 * https://bugzilla.suse.com/show_bug.cgi?id=1209805 * https://bugzilla.suse.com/show_bug.cgi?id=1210050 * https://bugzilla.suse.com/show_bug.cgi?id=1210203 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Apr 25 12:30:22 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 25 Apr 2023 12:30:22 -0000 Subject: SUSE-SU-2023:1983-1: important: Security update for the Linux Kernel (Live Patch 32 for SLE 12 SP5) Message-ID: <168242582209.30005.1174811373505989770@smelt2.suse.de> # Security update for the Linux Kernel (Live Patch 32 for SLE 12 SP5) Announcement ID: SUSE-SU-2023:1983-1 Rating: important References: * #1203993 * #1207822 * #1208910 Cross-References: * CVE-2022-2991 * CVE-2023-0590 * CVE-2023-1118 CVSS scores: * CVE-2022-2991 ( SUSE ): 8.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H * CVE-2022-2991 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-0590 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-0590 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-1118 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1118 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise Live Patching 15-SP2 * SUSE Linux Enterprise Live Patching 15-SP1 * SUSE Linux Enterprise Live Patching 12-SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 An update that solves three vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 4.12.14-122_124 fixes several issues. The following security issues were fixed: * CVE-2023-0590: Fixed race condition in qdisc_graft() (bsc#1207795). * CVE-2023-1118: Fixed a use-after-free bugs caused by ene_tx_irqsim() in media/rc (bsc#1208837). * CVE-2022-2991: Fixed an heap-based overflow in the lightnvm implemenation (bsc#1201420). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 12-SP5 zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2023-1983=1 * SUSE Linux Enterprise Live Patching 15-SP1 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2023-1985=1 SUSE-SLE- Module-Live-Patching-15-SP1-2023-1987=1 * SUSE Linux Enterprise Live Patching 15-SP2 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2023-1990=1 ## Package List: * SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64) * kgraft-patch-4_12_14-122_124-default-11-2.2 * SUSE Linux Enterprise Live Patching 15-SP1 (ppc64le x86_64) * kernel-livepatch-4_12_14-150100_197_114-default-11-150100.2.2 * kernel-livepatch-4_12_14-150100_197_117-default-9-150100.2.2 * SUSE Linux Enterprise Live Patching 15-SP2 (ppc64le s390x x86_64) * kernel-livepatch-5_3_18-150200_24_126-default-10-150200.2.2 * kernel-livepatch-5_3_18-150200_24_126-default-debuginfo-10-150200.2.2 * kernel-livepatch-SLE15-SP2_Update_29-debugsource-10-150200.2.2 ## References: * https://www.suse.com/security/cve/CVE-2022-2991.html * https://www.suse.com/security/cve/CVE-2023-0590.html * https://www.suse.com/security/cve/CVE-2023-1118.html * https://bugzilla.suse.com/show_bug.cgi?id=1203993 * https://bugzilla.suse.com/show_bug.cgi?id=1207822 * https://bugzilla.suse.com/show_bug.cgi?id=1208910 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Apr 25 12:30:23 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 25 Apr 2023 12:30:23 -0000 Subject: SUSE-SU-2023:1981-1: important: Security update for the Linux Kernel (Live Patch 40 for SLE 12 SP5) Message-ID: <168242582395.30005.2400214514060098081@smelt2.suse.de> # Security update for the Linux Kernel (Live Patch 40 for SLE 12 SP5) Announcement ID: SUSE-SU-2023:1981-1 Rating: important References: * #1208910 Cross-References: * CVE-2023-1118 CVSS scores: * CVE-2023-1118 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1118 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Live Patching 12-SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for the Linux Kernel 4.12.14-122_150 fixes one issue. The following security issue was fixed: * CVE-2023-1118: Fixed a use-after-free bugs caused by ene_tx_irqsim() in media/rc (bsc#1208837). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 12-SP5 zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2023-1981=1 ## Package List: * SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64) * kgraft-patch-4_12_14-122_150-default-3-2.2 ## References: * https://www.suse.com/security/cve/CVE-2023-1118.html * https://bugzilla.suse.com/show_bug.cgi?id=1208910 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Apr 25 12:30:25 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 25 Apr 2023 12:30:25 -0000 Subject: SUSE-SU-2023:1982-1: important: Security update for the Linux Kernel (Live Patch 32 for SLE 12 SP4) Message-ID: <168242582567.30005.1392027594392078729@smelt2.suse.de> # Security update for the Linux Kernel (Live Patch 32 for SLE 12 SP4) Announcement ID: SUSE-SU-2023:1982-1 Rating: important References: * #1207822 * #1208910 Cross-References: * CVE-2023-0590 * CVE-2023-1118 CVSS scores: * CVE-2023-0590 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-0590 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-1118 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1118 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise Live Patching 15-SP1 * SUSE Linux Enterprise Live Patching 12-SP5 * SUSE Linux Enterprise Live Patching 12-SP4 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 An update that solves two vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 4.12.14-95_114 fixes several issues. The following security issues were fixed: * CVE-2023-0590: Fixed race condition in qdisc_graft() (bsc#1207795). * CVE-2023-1118: Fixed a use-after-free bugs caused by ene_tx_irqsim() in media/rc (bsc#1208837). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 12-SP4 zypper in -t patch SUSE-SLE-Live-Patching-12-SP4-2023-1982=1 * SUSE Linux Enterprise Live Patching 12-SP5 zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2023-1984=1 SUSE-SLE-Live- Patching-12-SP5-2023-1980=1 * SUSE Linux Enterprise Live Patching 15-SP1 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2023-1988=1 SUSE-SLE- Module-Live-Patching-15-SP1-2023-1989=1 ## Package List: * SUSE Linux Enterprise Live Patching 12-SP4 (ppc64le s390x x86_64) * kgraft-patch-4_12_14-95_114-default-4-2.2 * SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64) * kgraft-patch-4_12_14-122_139-default-5-2.2 * kgraft-patch-4_12_14-122_133-default-7-2.2 * SUSE Linux Enterprise Live Patching 15-SP1 (ppc64le x86_64) * kernel-livepatch-4_12_14-150100_197_134-default-3-150100.2.2 * kernel-livepatch-4_12_14-150100_197_126-default-6-150100.2.2 ## References: * https://www.suse.com/security/cve/CVE-2023-0590.html * https://www.suse.com/security/cve/CVE-2023-1118.html * https://bugzilla.suse.com/show_bug.cgi?id=1207822 * https://bugzilla.suse.com/show_bug.cgi?id=1208910 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Apr 25 12:30:27 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 25 Apr 2023 12:30:27 -0000 Subject: SUSE-SU-2023:1994-1: moderate: Security update for avahi Message-ID: <168242582753.30005.8205388855441696604@smelt2.suse.de> # Security update for avahi Announcement ID: SUSE-SU-2023:1994-1 Rating: moderate References: * #1210328 Cross-References: * CVE-2023-1981 CVSS scores: * CVE-2023-1981 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: * Basesystem Module 15-SP4 * Desktop Applications Module 15-SP4 * openSUSE Leap 15.4 * openSUSE Leap Micro 5.3 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 * SUSE Package Hub 15 15-SP4 An update that solves one vulnerability can now be installed. ## Description: This update for avahi fixes the following issues: * CVE-2023-1981: Fixed crash in avahi-daemon (bsc#1210328). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-1994=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-1994=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-1994=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-1994=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-1994=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-1994=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-1994=1 * Desktop Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2023-1994=1 * SUSE Package Hub 15 15-SP4 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2023-1994=1 ## Package List: * openSUSE Leap Micro 5.3 (aarch64 x86_64) * avahi-debuginfo-0.8-150400.7.3.1 * avahi-0.8-150400.7.3.1 * libavahi-client3-debuginfo-0.8-150400.7.3.1 * libavahi-core7-debuginfo-0.8-150400.7.3.1 * libavahi-client3-0.8-150400.7.3.1 * libavahi-core7-0.8-150400.7.3.1 * avahi-debugsource-0.8-150400.7.3.1 * libavahi-common3-0.8-150400.7.3.1 * libavahi-common3-debuginfo-0.8-150400.7.3.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * avahi-compat-howl-devel-0.8-150400.7.3.1 * typelib-1_0-Avahi-0_6-0.8-150400.7.3.1 * avahi-utils-gtk-debuginfo-0.8-150400.7.3.1 * libavahi-gobject0-0.8-150400.7.3.1 * libavahi-client3-0.8-150400.7.3.1 * libavahi-common3-0.8-150400.7.3.1 * libavahi-core7-0.8-150400.7.3.1 * libhowl0-0.8-150400.7.3.1 * avahi-debugsource-0.8-150400.7.3.1 * libavahi-common3-debuginfo-0.8-150400.7.3.1 * libavahi-ui-gtk3-0-debuginfo-0.8-150400.7.3.1 * avahi-glib2-debugsource-0.8-150400.7.3.1 * avahi-autoipd-debuginfo-0.8-150400.7.3.1 * libdns_sd-0.8-150400.7.3.1 * avahi-qt5-debugsource-0.8-150400.7.3.1 * libavahi-gobject0-debuginfo-0.8-150400.7.3.1 * libdns_sd-debuginfo-0.8-150400.7.3.1 * python3-avahi-gtk-0.8-150400.7.3.1 * avahi-utils-gtk-0.8-150400.7.3.1 * libavahi-glib1-0.8-150400.7.3.1 * libavahi-glib-devel-0.8-150400.7.3.1 * avahi-0.8-150400.7.3.1 * avahi-utils-0.8-150400.7.3.1 * libavahi-gobject-devel-0.8-150400.7.3.1 * libavahi-ui-gtk3-0-0.8-150400.7.3.1 * libavahi-libevent1-0.8-150400.7.3.1 * libavahi-qt5-1-0.8-150400.7.3.1 * libavahi-qt5-1-debuginfo-0.8-150400.7.3.1 * libhowl0-debuginfo-0.8-150400.7.3.1 * libavahi-libevent1-debuginfo-0.8-150400.7.3.1 * avahi-autoipd-0.8-150400.7.3.1 * avahi-utils-debuginfo-0.8-150400.7.3.1 * python3-avahi-0.8-150400.7.3.1 * avahi-debuginfo-0.8-150400.7.3.1 * libavahi-qt5-devel-0.8-150400.7.3.1 * libavahi-client3-debuginfo-0.8-150400.7.3.1 * avahi-compat-mDNSResponder-devel-0.8-150400.7.3.1 * libavahi-core7-debuginfo-0.8-150400.7.3.1 * libavahi-devel-0.8-150400.7.3.1 * libavahi-glib1-debuginfo-0.8-150400.7.3.1 * openSUSE Leap 15.4 (x86_64) * libdns_sd-32bit-debuginfo-0.8-150400.7.3.1 * avahi-32bit-debuginfo-0.8-150400.7.3.1 * libavahi-client3-32bit-debuginfo-0.8-150400.7.3.1 * libavahi-common3-32bit-debuginfo-0.8-150400.7.3.1 * libavahi-glib1-32bit-0.8-150400.7.3.1 * libavahi-common3-32bit-0.8-150400.7.3.1 * libavahi-client3-32bit-0.8-150400.7.3.1 * libavahi-glib1-32bit-debuginfo-0.8-150400.7.3.1 * libdns_sd-32bit-0.8-150400.7.3.1 * openSUSE Leap 15.4 (noarch) * avahi-lang-0.8-150400.7.3.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * avahi-debuginfo-0.8-150400.7.3.1 * avahi-0.8-150400.7.3.1 * libavahi-client3-debuginfo-0.8-150400.7.3.1 * libavahi-core7-debuginfo-0.8-150400.7.3.1 * libavahi-client3-0.8-150400.7.3.1 * libavahi-core7-0.8-150400.7.3.1 * avahi-debugsource-0.8-150400.7.3.1 * libavahi-common3-0.8-150400.7.3.1 * libavahi-common3-debuginfo-0.8-150400.7.3.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * avahi-debuginfo-0.8-150400.7.3.1 * avahi-0.8-150400.7.3.1 * libavahi-client3-debuginfo-0.8-150400.7.3.1 * libavahi-core7-debuginfo-0.8-150400.7.3.1 * libavahi-client3-0.8-150400.7.3.1 * libavahi-core7-0.8-150400.7.3.1 * avahi-debugsource-0.8-150400.7.3.1 * libavahi-common3-0.8-150400.7.3.1 * libavahi-common3-debuginfo-0.8-150400.7.3.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * avahi-debuginfo-0.8-150400.7.3.1 * avahi-0.8-150400.7.3.1 * libavahi-client3-debuginfo-0.8-150400.7.3.1 * libavahi-core7-debuginfo-0.8-150400.7.3.1 * libavahi-client3-0.8-150400.7.3.1 * libavahi-core7-0.8-150400.7.3.1 * avahi-debugsource-0.8-150400.7.3.1 * libavahi-common3-0.8-150400.7.3.1 * libavahi-common3-debuginfo-0.8-150400.7.3.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * avahi-debuginfo-0.8-150400.7.3.1 * avahi-0.8-150400.7.3.1 * libavahi-client3-debuginfo-0.8-150400.7.3.1 * libavahi-core7-debuginfo-0.8-150400.7.3.1 * libavahi-client3-0.8-150400.7.3.1 * libavahi-core7-0.8-150400.7.3.1 * avahi-debugsource-0.8-150400.7.3.1 * libavahi-common3-0.8-150400.7.3.1 * libavahi-common3-debuginfo-0.8-150400.7.3.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * avahi-compat-howl-devel-0.8-150400.7.3.1 * typelib-1_0-Avahi-0_6-0.8-150400.7.3.1 * libavahi-gobject0-0.8-150400.7.3.1 * libavahi-client3-0.8-150400.7.3.1 * libavahi-common3-0.8-150400.7.3.1 * libavahi-core7-0.8-150400.7.3.1 * libhowl0-0.8-150400.7.3.1 * avahi-debugsource-0.8-150400.7.3.1 * libavahi-common3-debuginfo-0.8-150400.7.3.1 * libavahi-ui-gtk3-0-debuginfo-0.8-150400.7.3.1 * avahi-glib2-debugsource-0.8-150400.7.3.1 * libdns_sd-0.8-150400.7.3.1 * libavahi-gobject0-debuginfo-0.8-150400.7.3.1 * libdns_sd-debuginfo-0.8-150400.7.3.1 * libavahi-glib1-0.8-150400.7.3.1 * libavahi-glib-devel-0.8-150400.7.3.1 * avahi-0.8-150400.7.3.1 * avahi-utils-0.8-150400.7.3.1 * libavahi-ui-gtk3-0-0.8-150400.7.3.1 * libavahi-libevent1-0.8-150400.7.3.1 * libhowl0-debuginfo-0.8-150400.7.3.1 * libavahi-libevent1-debuginfo-0.8-150400.7.3.1 * avahi-utils-debuginfo-0.8-150400.7.3.1 * avahi-debuginfo-0.8-150400.7.3.1 * libavahi-client3-debuginfo-0.8-150400.7.3.1 * avahi-compat-mDNSResponder-devel-0.8-150400.7.3.1 * libavahi-core7-debuginfo-0.8-150400.7.3.1 * libavahi-devel-0.8-150400.7.3.1 * libavahi-glib1-debuginfo-0.8-150400.7.3.1 * Basesystem Module 15-SP4 (noarch) * avahi-lang-0.8-150400.7.3.1 * Basesystem Module 15-SP4 (x86_64) * avahi-32bit-debuginfo-0.8-150400.7.3.1 * libavahi-client3-32bit-debuginfo-0.8-150400.7.3.1 * libavahi-common3-32bit-debuginfo-0.8-150400.7.3.1 * libavahi-common3-32bit-0.8-150400.7.3.1 * libavahi-client3-32bit-0.8-150400.7.3.1 * Desktop Applications Module 15-SP4 (aarch64 ppc64le s390x x86_64) * avahi-autoipd-0.8-150400.7.3.1 * avahi-glib2-debugsource-0.8-150400.7.3.1 * avahi-debuginfo-0.8-150400.7.3.1 * libavahi-gobject-devel-0.8-150400.7.3.1 * avahi-autoipd-debuginfo-0.8-150400.7.3.1 * avahi-utils-gtk-debuginfo-0.8-150400.7.3.1 * avahi-utils-gtk-0.8-150400.7.3.1 * avahi-debugsource-0.8-150400.7.3.1 * SUSE Package Hub 15 15-SP4 (aarch64 ppc64le s390x x86_64) * python3-avahi-0.8-150400.7.3.1 * avahi-debugsource-0.8-150400.7.3.1 * avahi-debuginfo-0.8-150400.7.3.1 ## References: * https://www.suse.com/security/cve/CVE-2023-1981.html * https://bugzilla.suse.com/show_bug.cgi?id=1210328 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Apr 25 12:30:29 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 25 Apr 2023 12:30:29 -0000 Subject: SUSE-SU-2023:1993-1: moderate: Security update for avahi Message-ID: <168242582924.30005.2455270635583293000@smelt2.suse.de> # Security update for avahi Announcement ID: SUSE-SU-2023:1993-1 Rating: moderate References: * #1210328 Cross-References: * CVE-2023-1981 CVSS scores: * CVE-2023-1981 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Real Time 15 SP3 An update that solves one vulnerability can now be installed. ## Description: This update for avahi fixes the following issues: * CVE-2023-1981: Fixed crash in avahi-daemon (bsc#1210328). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-1993=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-1993=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-1993=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-1993=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * libavahi-ui0-debuginfo-0.7-150100.3.24.1 * libavahi-ui0-0.7-150100.3.24.1 * SUSE Linux Enterprise Real Time 15 SP3 (x86_64) * avahi-glib2-debugsource-0.7-150100.3.24.1 * libavahi-core7-0.7-150100.3.24.1 * avahi-utils-gtk-debuginfo-0.7-150100.3.24.1 * libhowl0-0.7-150100.3.24.1 * libavahi-client3-debuginfo-0.7-150100.3.24.1 * libavahi-devel-0.7-150100.3.24.1 * libavahi-ui0-debuginfo-0.7-150100.3.24.1 * avahi-0.7-150100.3.24.1 * avahi-compat-mDNSResponder-devel-0.7-150100.3.24.1 * avahi-autoipd-debuginfo-0.7-150100.3.24.1 * libavahi-glib-devel-0.7-150100.3.24.1 * avahi-utils-gtk-0.7-150100.3.24.1 * libavahi-common3-32bit-debuginfo-0.7-150100.3.24.1 * libavahi-ui-gtk3-0-debuginfo-0.7-150100.3.24.1 * libdns_sd-debuginfo-0.7-150100.3.24.1 * libavahi-client3-32bit-debuginfo-0.7-150100.3.24.1 * libavahi-gobject-devel-0.7-150100.3.24.1 * libdns_sd-0.7-150100.3.24.1 * avahi-debuginfo-0.7-150100.3.24.1 * avahi-32bit-debuginfo-0.7-150100.3.24.1 * libavahi-common3-32bit-0.7-150100.3.24.1 * libavahi-glib1-debuginfo-0.7-150100.3.24.1 * libavahi-gobject0-0.7-150100.3.24.1 * libavahi-core7-debuginfo-0.7-150100.3.24.1 * avahi-autoipd-0.7-150100.3.24.1 * libavahi-ui-gtk3-0-0.7-150100.3.24.1 * libavahi-ui0-0.7-150100.3.24.1 * libavahi-common3-0.7-150100.3.24.1 * avahi-utils-debuginfo-0.7-150100.3.24.1 * libavahi-gobject0-debuginfo-0.7-150100.3.24.1 * typelib-1_0-Avahi-0_6-0.7-150100.3.24.1 * libavahi-common3-debuginfo-0.7-150100.3.24.1 * avahi-compat-howl-devel-0.7-150100.3.24.1 * libavahi-client3-32bit-0.7-150100.3.24.1 * avahi-debugsource-0.7-150100.3.24.1 * libavahi-glib1-0.7-150100.3.24.1 * libhowl0-debuginfo-0.7-150100.3.24.1 * libavahi-client3-0.7-150100.3.24.1 * avahi-utils-0.7-150100.3.24.1 * SUSE Linux Enterprise Real Time 15 SP3 (noarch) * avahi-lang-0.7-150100.3.24.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * libavahi-core7-0.7-150100.3.24.1 * libavahi-common3-debuginfo-0.7-150100.3.24.1 * libavahi-core7-debuginfo-0.7-150100.3.24.1 * avahi-debuginfo-0.7-150100.3.24.1 * avahi-debugsource-0.7-150100.3.24.1 * libavahi-client3-debuginfo-0.7-150100.3.24.1 * libavahi-common3-0.7-150100.3.24.1 * libavahi-client3-0.7-150100.3.24.1 * avahi-0.7-150100.3.24.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * libavahi-core7-0.7-150100.3.24.1 * libavahi-common3-debuginfo-0.7-150100.3.24.1 * libavahi-core7-debuginfo-0.7-150100.3.24.1 * avahi-debuginfo-0.7-150100.3.24.1 * avahi-debugsource-0.7-150100.3.24.1 * libavahi-client3-debuginfo-0.7-150100.3.24.1 * libavahi-common3-0.7-150100.3.24.1 * libavahi-client3-0.7-150100.3.24.1 * avahi-0.7-150100.3.24.1 ## References: * https://www.suse.com/security/cve/CVE-2023-1981.html * https://bugzilla.suse.com/show_bug.cgi?id=1210328 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Apr 25 12:30:31 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 25 Apr 2023 12:30:31 -0000 Subject: SUSE-RU-2023:1991-1: moderate: Recommended update for permissions Message-ID: <168242583114.30005.16065782033254195718@smelt2.suse.de> # Recommended update for permissions Announcement ID: SUSE-RU-2023:1991-1 Rating: moderate References: * #1160285 * #1210096 Affected Products: * SUSE CaaS Platform 4.0 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 An update that has two recommended fixes can now be installed. ## Description: This update for permissions fixes the following issues: * mariadb: settings for new auth_pam_tool (bsc#1160285, bsc#1210096) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-1991=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-1991=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-1991=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. ## Package List: * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * permissions-debugsource-20181116-150100.9.41.1 * permissions-20181116-150100.9.41.1 * permissions-debuginfo-20181116-150100.9.41.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (noarch) * permissions-zypp-plugin-20181116-150100.9.41.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * permissions-debugsource-20181116-150100.9.41.1 * permissions-20181116-150100.9.41.1 * permissions-debuginfo-20181116-150100.9.41.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (noarch) * permissions-zypp-plugin-20181116-150100.9.41.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * permissions-debugsource-20181116-150100.9.41.1 * permissions-20181116-150100.9.41.1 * permissions-debuginfo-20181116-150100.9.41.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (noarch) * permissions-zypp-plugin-20181116-150100.9.41.1 * SUSE CaaS Platform 4.0 (x86_64) * permissions-debugsource-20181116-150100.9.41.1 * permissions-20181116-150100.9.41.1 * permissions-debuginfo-20181116-150100.9.41.1 * SUSE CaaS Platform 4.0 (noarch) * permissions-zypp-plugin-20181116-150100.9.41.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1160285 * https://bugzilla.suse.com/show_bug.cgi?id=1210096 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Apr 25 12:30:32 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 25 Apr 2023 12:30:32 -0000 Subject: SUSE-RU-2023:1986-1: moderate: Recommended update for permissions Message-ID: <168242583255.30005.7244737335488846476@smelt2.suse.de> # Recommended update for permissions Announcement ID: SUSE-RU-2023:1986-1 Rating: moderate References: * #1160285 Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that has one recommended fix can now be installed. ## Description: This update for permissions fixes the following issues: * mariadb: settings for new auth_pam_tool (bsc#1160285) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-1986=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-1986=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-1986=1 ## Package List: * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * permissions-20170707-6.16.1 * permissions-debugsource-20170707-6.16.1 * permissions-debuginfo-20170707-6.16.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * permissions-20170707-6.16.1 * permissions-debugsource-20170707-6.16.1 * permissions-debuginfo-20170707-6.16.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * permissions-20170707-6.16.1 * permissions-debugsource-20170707-6.16.1 * permissions-debuginfo-20170707-6.16.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1160285 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Apr 25 16:30:01 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 25 Apr 2023 16:30:01 -0000 Subject: SUSE-SU-2023:1995-1: important: Security update for the Linux Kernel (Live Patch 32 for SLE 15 SP2) Message-ID: <168244020194.25035.9040350453517211311@smelt2.suse.de> # Security update for the Linux Kernel (Live Patch 32 for SLE 15 SP2) Announcement ID: SUSE-SU-2023:1995-1 Rating: important References: * #1207822 * #1208910 Cross-References: * CVE-2023-0590 * CVE-2023-1118 CVSS scores: * CVE-2023-0590 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-0590 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-1118 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1118 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise Live Patching 15-SP2 * SUSE Linux Enterprise Live Patching 15-SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 An update that solves two vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.3.18-150200_24_139 fixes several issues. The following security issues were fixed: * CVE-2023-0590: Fixed race condition in qdisc_graft() (bsc#1207795). * CVE-2023-1118: Fixed a use-after-free bugs caused by ene_tx_irqsim() in media/rc (bsc#1208837). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP2 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2023-1995=1 SUSE-SLE- Module-Live-Patching-15-SP2-2023-1996=1 * SUSE Linux Enterprise Live Patching 15-SP3 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2023-2001=1 SUSE-SLE- Module-Live-Patching-15-SP3-2023-1997=1 SUSE-SLE-Module-Live- Patching-15-SP3-2023-1998=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP2 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP2_Update_32-debugsource-4-150200.2.2 * kernel-livepatch-5_3_18-150200_24_142-default-3-150200.2.2 * kernel-livepatch-5_3_18-150200_24_139-default-4-150200.2.2 * kernel-livepatch-5_3_18-150200_24_139-default-debuginfo-4-150200.2.2 * kernel-livepatch-SLE15-SP2_Update_33-debugsource-3-150200.2.2 * kernel-livepatch-5_3_18-150200_24_142-default-debuginfo-3-150200.2.2 * SUSE Linux Enterprise Live Patching 15-SP3 (ppc64le s390x x86_64) * kernel-livepatch-5_3_18-150300_59_76-default-12-150300.2.2 * kernel-livepatch-5_3_18-150300_59_87-default-11-150300.2.2 * kernel-livepatch-5_3_18-150300_59_71-default-13-150300.2.2 ## References: * https://www.suse.com/security/cve/CVE-2023-0590.html * https://www.suse.com/security/cve/CVE-2023-1118.html * https://bugzilla.suse.com/show_bug.cgi?id=1207822 * https://bugzilla.suse.com/show_bug.cgi?id=1208910 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Apr 25 16:30:03 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 25 Apr 2023 16:30:03 -0000 Subject: SUSE-SU-2023:2000-1: moderate: Security update for fwupd Message-ID: <168244020362.25035.9990920034545737440@smelt2.suse.de> # Security update for fwupd Announcement ID: SUSE-SU-2023:2000-1 Rating: moderate References: * #1209188 Affected Products: * SUSE Enterprise Storage 7 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 An update that has one fix can now be installed. ## Description: This update of fwupd fixes the following issues: * rebuild the package with the new secure boot key (bsc#1209188). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-2000=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-2000=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-2000=1 * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-2000=1 ## Package List: * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * fwupd-devel-1.2.14-150200.5.12.1 * fwupd-1.2.14-150200.5.12.1 * libfwupd2-debuginfo-1.2.14-150200.5.12.1 * fwupd-debuginfo-1.2.14-150200.5.12.1 * libfwupd2-1.2.14-150200.5.12.1 * fwupd-debugsource-1.2.14-150200.5.12.1 * typelib-1_0-Fwupd-2_0-1.2.14-150200.5.12.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * fwupd-lang-1.2.14-150200.5.12.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * fwupd-devel-1.2.14-150200.5.12.1 * fwupd-1.2.14-150200.5.12.1 * libfwupd2-debuginfo-1.2.14-150200.5.12.1 * fwupd-debuginfo-1.2.14-150200.5.12.1 * libfwupd2-1.2.14-150200.5.12.1 * fwupd-debugsource-1.2.14-150200.5.12.1 * typelib-1_0-Fwupd-2_0-1.2.14-150200.5.12.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch) * fwupd-lang-1.2.14-150200.5.12.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * fwupd-devel-1.2.14-150200.5.12.1 * fwupd-1.2.14-150200.5.12.1 * libfwupd2-debuginfo-1.2.14-150200.5.12.1 * fwupd-debuginfo-1.2.14-150200.5.12.1 * libfwupd2-1.2.14-150200.5.12.1 * fwupd-debugsource-1.2.14-150200.5.12.1 * typelib-1_0-Fwupd-2_0-1.2.14-150200.5.12.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch) * fwupd-lang-1.2.14-150200.5.12.1 * SUSE Enterprise Storage 7 (aarch64 x86_64) * fwupd-devel-1.2.14-150200.5.12.1 * fwupd-1.2.14-150200.5.12.1 * libfwupd2-debuginfo-1.2.14-150200.5.12.1 * fwupd-debuginfo-1.2.14-150200.5.12.1 * libfwupd2-1.2.14-150200.5.12.1 * fwupd-debugsource-1.2.14-150200.5.12.1 * typelib-1_0-Fwupd-2_0-1.2.14-150200.5.12.1 * SUSE Enterprise Storage 7 (noarch) * fwupd-lang-1.2.14-150200.5.12.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1209188 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Apr 25 16:30:05 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 25 Apr 2023 16:30:05 -0000 Subject: SUSE-SU-2023:1999-1: moderate: Security update for fwupd Message-ID: <168244020545.25035.1908336979565217255@smelt2.suse.de> # Security update for fwupd Announcement ID: SUSE-SU-2023:1999-1 Rating: moderate References: * #1209188 Affected Products: * Desktop Applications Module 15-SP4 * openSUSE Leap 15.4 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has one fix can now be installed. ## Description: This update of fwupd fixes the following issues: * rebuild the package with the new secure boot key (bsc#1209188). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-1999=1 * Desktop Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2023-1999=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-1999=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-1999=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-1999=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-1999=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-1999=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-1999=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * fwupdtpmevlog-1.5.8-150300.3.7.1 * libfwupdplugin1-debuginfo-1.5.8-150300.3.7.1 * libfwupdplugin1-1.5.8-150300.3.7.1 * fwupdtpmevlog-debuginfo-1.5.8-150300.3.7.1 * Desktop Applications Module 15-SP4 (aarch64 ppc64le s390x x86_64) * fwupd-debuginfo-1.5.8-150300.3.7.1 * libfwupdplugin1-1.5.8-150300.3.7.1 * fwupdtpmevlog-debuginfo-1.5.8-150300.3.7.1 * fwupdtpmevlog-1.5.8-150300.3.7.1 * libfwupdplugin1-debuginfo-1.5.8-150300.3.7.1 * fwupd-debugsource-1.5.8-150300.3.7.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * fwupd-1.5.8-150300.3.7.1 * fwupd-debuginfo-1.5.8-150300.3.7.1 * fwupd-devel-1.5.8-150300.3.7.1 * typelib-1_0-Fwupd-2_0-1.5.8-150300.3.7.1 * libfwupd2-debuginfo-1.5.8-150300.3.7.1 * libfwupd2-1.5.8-150300.3.7.1 * libfwupdplugin1-1.5.8-150300.3.7.1 * fwupdtpmevlog-debuginfo-1.5.8-150300.3.7.1 * typelib-1_0-FwupdPlugin-1_0-1.5.8-150300.3.7.1 * fwupdtpmevlog-1.5.8-150300.3.7.1 * libfwupdplugin1-debuginfo-1.5.8-150300.3.7.1 * fwupd-debugsource-1.5.8-150300.3.7.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * fwupd-lang-1.5.8-150300.3.7.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * fwupd-1.5.8-150300.3.7.1 * fwupd-debuginfo-1.5.8-150300.3.7.1 * fwupd-devel-1.5.8-150300.3.7.1 * typelib-1_0-Fwupd-2_0-1.5.8-150300.3.7.1 * libfwupd2-debuginfo-1.5.8-150300.3.7.1 * libfwupd2-1.5.8-150300.3.7.1 * libfwupdplugin1-1.5.8-150300.3.7.1 * fwupdtpmevlog-debuginfo-1.5.8-150300.3.7.1 * typelib-1_0-FwupdPlugin-1_0-1.5.8-150300.3.7.1 * fwupdtpmevlog-1.5.8-150300.3.7.1 * libfwupdplugin1-debuginfo-1.5.8-150300.3.7.1 * fwupd-debugsource-1.5.8-150300.3.7.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * fwupd-lang-1.5.8-150300.3.7.1 * SUSE Linux Enterprise Real Time 15 SP3 (x86_64) * fwupd-1.5.8-150300.3.7.1 * fwupd-debuginfo-1.5.8-150300.3.7.1 * fwupd-devel-1.5.8-150300.3.7.1 * typelib-1_0-Fwupd-2_0-1.5.8-150300.3.7.1 * libfwupd2-debuginfo-1.5.8-150300.3.7.1 * libfwupd2-1.5.8-150300.3.7.1 * libfwupdplugin1-1.5.8-150300.3.7.1 * fwupdtpmevlog-debuginfo-1.5.8-150300.3.7.1 * typelib-1_0-FwupdPlugin-1_0-1.5.8-150300.3.7.1 * fwupdtpmevlog-1.5.8-150300.3.7.1 * libfwupdplugin1-debuginfo-1.5.8-150300.3.7.1 * fwupd-debugsource-1.5.8-150300.3.7.1 * SUSE Linux Enterprise Real Time 15 SP3 (noarch) * fwupd-lang-1.5.8-150300.3.7.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * fwupd-1.5.8-150300.3.7.1 * fwupd-debuginfo-1.5.8-150300.3.7.1 * fwupd-devel-1.5.8-150300.3.7.1 * typelib-1_0-Fwupd-2_0-1.5.8-150300.3.7.1 * libfwupd2-debuginfo-1.5.8-150300.3.7.1 * libfwupd2-1.5.8-150300.3.7.1 * libfwupdplugin1-1.5.8-150300.3.7.1 * fwupdtpmevlog-debuginfo-1.5.8-150300.3.7.1 * typelib-1_0-FwupdPlugin-1_0-1.5.8-150300.3.7.1 * fwupdtpmevlog-1.5.8-150300.3.7.1 * libfwupdplugin1-debuginfo-1.5.8-150300.3.7.1 * fwupd-debugsource-1.5.8-150300.3.7.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * fwupd-lang-1.5.8-150300.3.7.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * fwupd-1.5.8-150300.3.7.1 * fwupd-debuginfo-1.5.8-150300.3.7.1 * fwupd-devel-1.5.8-150300.3.7.1 * typelib-1_0-Fwupd-2_0-1.5.8-150300.3.7.1 * libfwupd2-debuginfo-1.5.8-150300.3.7.1 * libfwupd2-1.5.8-150300.3.7.1 * libfwupdplugin1-1.5.8-150300.3.7.1 * fwupdtpmevlog-debuginfo-1.5.8-150300.3.7.1 * typelib-1_0-FwupdPlugin-1_0-1.5.8-150300.3.7.1 * fwupdtpmevlog-1.5.8-150300.3.7.1 * libfwupdplugin1-debuginfo-1.5.8-150300.3.7.1 * fwupd-debugsource-1.5.8-150300.3.7.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * fwupd-lang-1.5.8-150300.3.7.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * fwupd-1.5.8-150300.3.7.1 * fwupd-debuginfo-1.5.8-150300.3.7.1 * fwupd-devel-1.5.8-150300.3.7.1 * typelib-1_0-Fwupd-2_0-1.5.8-150300.3.7.1 * libfwupd2-debuginfo-1.5.8-150300.3.7.1 * libfwupd2-1.5.8-150300.3.7.1 * libfwupdplugin1-1.5.8-150300.3.7.1 * fwupdtpmevlog-debuginfo-1.5.8-150300.3.7.1 * typelib-1_0-FwupdPlugin-1_0-1.5.8-150300.3.7.1 * fwupdtpmevlog-1.5.8-150300.3.7.1 * libfwupdplugin1-debuginfo-1.5.8-150300.3.7.1 * fwupd-debugsource-1.5.8-150300.3.7.1 * SUSE Enterprise Storage 7.1 (noarch) * fwupd-lang-1.5.8-150300.3.7.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1209188 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Apr 25 20:30:04 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 25 Apr 2023 20:30:04 -0000 Subject: SUSE-SU-2023:2007-1: important: Security update for the Linux Kernel (Live Patch 29 for SLE 12 SP4) Message-ID: <168245460416.22320.5199461136387409997@smelt2.suse.de> # Security update for the Linux Kernel (Live Patch 29 for SLE 12 SP4) Announcement ID: SUSE-SU-2023:2007-1 Rating: important References: * #1203993 * #1207822 * #1208910 Cross-References: * CVE-2022-2991 * CVE-2023-0590 * CVE-2023-1118 CVSS scores: * CVE-2022-2991 ( SUSE ): 8.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H * CVE-2022-2991 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-0590 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-0590 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-1118 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1118 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise Live Patching 15-SP2 * SUSE Linux Enterprise Live Patching 12-SP4 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 An update that solves three vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 4.12.14-95_105 fixes several issues. The following security issues were fixed: * CVE-2023-0590: Fixed race condition in qdisc_graft() (bsc#1207795). * CVE-2023-1118: Fixed a use-after-free bugs caused by ene_tx_irqsim() in media/rc (bsc#1208837). * CVE-2022-2991: Fixed an heap-based overflow in the lightnvm implemenation (bsc#1201420). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 12-SP4 zypper in -t patch SUSE-SLE-Live-Patching-12-SP4-2023-2007=1 * SUSE Linux Enterprise Live Patching 15-SP2 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2023-2005=1 ## Package List: * SUSE Linux Enterprise Live Patching 12-SP4 (ppc64le s390x x86_64) * kgraft-patch-4_12_14-95_105-default-9-2.2 * SUSE Linux Enterprise Live Patching 15-SP2 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP2_Update_27-debugsource-13-150200.2.2 * kernel-livepatch-5_3_18-150200_24_115-default-13-150200.2.2 * kernel-livepatch-5_3_18-150200_24_115-default-debuginfo-13-150200.2.2 ## References: * https://www.suse.com/security/cve/CVE-2022-2991.html * https://www.suse.com/security/cve/CVE-2023-0590.html * https://www.suse.com/security/cve/CVE-2023-1118.html * https://bugzilla.suse.com/show_bug.cgi?id=1203993 * https://bugzilla.suse.com/show_bug.cgi?id=1207822 * https://bugzilla.suse.com/show_bug.cgi?id=1208910 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Apr 25 20:30:05 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 25 Apr 2023 20:30:05 -0000 Subject: SUSE-SU-2023:2009-1: important: Security update for the Linux Kernel (Live Patch 36 for SLE 12 SP5) Message-ID: <168245460595.22320.15513279280124349181@smelt2.suse.de> # Security update for the Linux Kernel (Live Patch 36 for SLE 12 SP5) Announcement ID: SUSE-SU-2023:2009-1 Rating: important References: * #1207822 * #1208910 Cross-References: * CVE-2023-0590 * CVE-2023-1118 CVSS scores: * CVE-2023-0590 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-0590 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-1118 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1118 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise Live Patching 15-SP2 * SUSE Linux Enterprise Live Patching 12-SP5 * SUSE Linux Enterprise Live Patching 15-SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 An update that solves two vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 4.12.14-122_136 fixes several issues. The following security issues were fixed: * CVE-2023-0590: Fixed race condition in qdisc_graft() (bsc#1207795). * CVE-2023-1118: Fixed a use-after-free bugs caused by ene_tx_irqsim() in media/rc (bsc#1208837). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 12-SP5 zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2023-2009=1 SUSE-SLE-Live- Patching-12-SP5-2023-2011=1 SUSE-SLE-Live-Patching-12-SP5-2023-2014=1 * SUSE Linux Enterprise Live Patching 15-SP2 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2023-2016=1 SUSE-SLE- Module-Live-Patching-15-SP2-2023-2012=1 * SUSE Linux Enterprise Live Patching 15-SP3 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2023-2015=1 SUSE-SLE- Module-Live-Patching-15-SP3-2023-2004=1 SUSE-SLE-Module-Live- Patching-15-SP3-2023-2006=1 SUSE-SLE-Module-Live-Patching-15-SP3-2023-2008=1 SUSE-SLE-Module-Live-Patching-15-SP3-2023-2010=1 SUSE-SLE-Module-Live- Patching-15-SP3-2023-2013=1 ## Package List: * SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64) * kgraft-patch-4_12_14-122_147-default-3-2.2 * kgraft-patch-4_12_14-122_144-default-4-2.2 * kgraft-patch-4_12_14-122_136-default-6-2.2 * SUSE Linux Enterprise Live Patching 15-SP2 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP2_Update_31-debugsource-7-150200.2.2 * kernel-livepatch-5_3_18-150200_24_134-default-debuginfo-7-150200.2.2 * kernel-livepatch-5_3_18-150200_24_134-default-7-150200.2.2 * kernel-livepatch-5_3_18-150200_24_129-default-debuginfo-7-150200.2.2 * kernel-livepatch-SLE15-SP2_Update_30-debugsource-7-150200.2.2 * kernel-livepatch-5_3_18-150200_24_129-default-7-150200.2.2 * SUSE Linux Enterprise Live Patching 15-SP3 (ppc64le s390x x86_64) * kernel-livepatch-5_3_18-150300_59_93-default-9-150300.2.2 * kernel-livepatch-5_3_18-150300_59_106-default-4-150300.2.2 * kernel-livepatch-5_3_18-150300_59_90-default-10-150300.2.2 * kernel-livepatch-5_3_18-150300_59_98-default-7-150300.2.2 * kernel-livepatch-5_3_18-150300_59_68-default-14-150300.2.2 * kernel-livepatch-5_3_18-150300_59_101-default-6-150300.2.2 ## References: * https://www.suse.com/security/cve/CVE-2023-0590.html * https://www.suse.com/security/cve/CVE-2023-1118.html * https://bugzilla.suse.com/show_bug.cgi?id=1207822 * https://bugzilla.suse.com/show_bug.cgi?id=1208910 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Apr 25 20:30:08 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 25 Apr 2023 20:30:08 -0000 Subject: SUSE-SU-2023:2003-1: important: Security update for runc Message-ID: <168245460842.22320.1979678389955521748@smelt2.suse.de> # Security update for runc Announcement ID: SUSE-SU-2023:2003-1 Rating: important References: * #1168481 * #1208962 * #1209884 * #1209888 Cross-References: * CVE-2023-25809 * CVE-2023-27561 * CVE-2023-28642 CVSS scores: * CVE-2023-25809 ( SUSE ): 2.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:L * CVE-2023-25809 ( NVD ): 5.0 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L * CVE-2023-27561 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-27561 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-28642 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L * CVE-2023-28642 ( NVD ): 6.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L Affected Products: * Containers Module 15-SP4 * openSUSE Leap 15.4 * openSUSE Leap Micro 5.3 * SUSE CaaS Platform 4.0 * SUSE Enterprise Storage 7 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves three vulnerabilities and has one fix can now be installed. ## Description: This update for runc fixes the following issues: Update to runc v1.1.5: Security fixes: * CVE-2023-25809: Fixed rootless `/sys/fs/cgroup` is writable when cgroupns isn't unshared (bnc#1209884). * CVE-2023-27561: Fixed regression that reintroduced CVE-2019-19921 vulnerability (bnc#1208962). * CVE-2023-28642: Fixed AppArmor/SELinux bypass with symlinked /proc (bnc#1209888). Other fixes: * Fix the inability to use `/dev/null` when inside a container. * Fix changing the ownership of host's `/dev/null` caused by fd redirection (bsc#1168481). * Fix rare runc exec/enter unshare error on older kernels. * nsexec: Check for errors in `write_log()`. * Drop version-specific Go requirement. ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-2003=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2003=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-2003=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-2003=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-2003=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-2003=1 * Containers Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Containers-15-SP4-2023-2003=1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-2003=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-2003=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-2003=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-2003=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-2003=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-2003=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-2003=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-2003=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-2003=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-2003=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-2003=1 * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-2003=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-2003=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-2003=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-2003=1 ## Package List: * openSUSE Leap Micro 5.3 (aarch64 x86_64) * runc-debuginfo-1.1.5-150000.41.1 * runc-1.1.5-150000.41.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * runc-debuginfo-1.1.5-150000.41.1 * runc-1.1.5-150000.41.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * runc-debuginfo-1.1.5-150000.41.1 * runc-1.1.5-150000.41.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * runc-debuginfo-1.1.5-150000.41.1 * runc-1.1.5-150000.41.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * runc-debuginfo-1.1.5-150000.41.1 * runc-1.1.5-150000.41.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * runc-debuginfo-1.1.5-150000.41.1 * runc-1.1.5-150000.41.1 * Containers Module 15-SP4 (aarch64 ppc64le s390x x86_64) * runc-debuginfo-1.1.5-150000.41.1 * runc-1.1.5-150000.41.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * runc-debuginfo-1.1.5-150000.41.1 * runc-1.1.5-150000.41.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * runc-debuginfo-1.1.5-150000.41.1 * runc-1.1.5-150000.41.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * runc-debuginfo-1.1.5-150000.41.1 * runc-1.1.5-150000.41.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * runc-debuginfo-1.1.5-150000.41.1 * runc-1.1.5-150000.41.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * runc-debuginfo-1.1.5-150000.41.1 * runc-1.1.5-150000.41.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * runc-debuginfo-1.1.5-150000.41.1 * runc-1.1.5-150000.41.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * runc-debuginfo-1.1.5-150000.41.1 * runc-1.1.5-150000.41.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * runc-debuginfo-1.1.5-150000.41.1 * runc-1.1.5-150000.41.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * runc-debuginfo-1.1.5-150000.41.1 * runc-1.1.5-150000.41.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * runc-debuginfo-1.1.5-150000.41.1 * runc-1.1.5-150000.41.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * runc-debuginfo-1.1.5-150000.41.1 * runc-1.1.5-150000.41.1 * SUSE Enterprise Storage 7 (aarch64 x86_64) * runc-debuginfo-1.1.5-150000.41.1 * runc-1.1.5-150000.41.1 * SUSE CaaS Platform 4.0 (x86_64) * runc-debuginfo-1.1.5-150000.41.1 * runc-1.1.5-150000.41.1 * SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64) * runc-debuginfo-1.1.5-150000.41.1 * runc-1.1.5-150000.41.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * runc-debuginfo-1.1.5-150000.41.1 * runc-1.1.5-150000.41.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * runc-debuginfo-1.1.5-150000.41.1 * runc-1.1.5-150000.41.1 ## References: * https://www.suse.com/security/cve/CVE-2023-25809.html * https://www.suse.com/security/cve/CVE-2023-27561.html * https://www.suse.com/security/cve/CVE-2023-28642.html * https://bugzilla.suse.com/show_bug.cgi?id=1168481 * https://bugzilla.suse.com/show_bug.cgi?id=1208962 * https://bugzilla.suse.com/show_bug.cgi?id=1209884 * https://bugzilla.suse.com/show_bug.cgi?id=1209888 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Apr 25 20:30:11 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 25 Apr 2023 20:30:11 -0000 Subject: SUSE-SU-2023:2002-1: critical: Security update for helm Message-ID: <168245461127.22320.9380258238192460087@smelt2.suse.de> # Security update for helm Announcement ID: SUSE-SU-2023:2002-1 Rating: critical References: * #1200528 Cross-References: * CVE-2022-1996 CVSS scores: * CVE-2022-1996 ( SUSE ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2022-1996 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2022-1996 ( NVD ): 9.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N Affected Products: * SUSE CaaS Platform 4.0 * SUSE Linux Enterprise Server 15 SP1 An update that solves one vulnerability can now be installed. ## Description: This update for helm fixes the following issues: * CVE-2022-1996: Fixed a bug that could lead to CORS bypass in go-restful. (bsc#1200528) ## Patch Instructions: To install this SUSE Critical update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. ## Package List: * SUSE CaaS Platform 4.0 (x86_64) * helm-2.16.12-150100.3.17.1 ## References: * https://www.suse.com/security/cve/CVE-2022-1996.html * https://bugzilla.suse.com/show_bug.cgi?id=1200528 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Apr 26 07:06:20 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 Apr 2023 09:06:20 +0200 (CEST) Subject: SUSE-CU-2023:1273-1: Recommended update of suse/sles12sp5 Message-ID: <20230426070620.50CFFF457@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp5 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1273-1 Container Tags : suse/sles12sp5:6.5.461 , suse/sles12sp5:latest Container Release : 6.5.461 Severity : moderate Type : recommended References : 1160285 ----------------------------------------------------------------- The container suse/sles12sp5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1986-1 Released: Tue Apr 25 11:53:14 2023 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1160285 This update for permissions fixes the following issues: * mariadb: settings for new auth_pam_tool (bsc#1160285) The following package changes have been done: - permissions-20170707-6.16.1 updated From sle-updates at lists.suse.com Wed Apr 26 07:09:20 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 Apr 2023 09:09:20 +0200 (CEST) Subject: SUSE-CU-2023:1274-1: Recommended update of suse/sle15 Message-ID: <20230426070920.D5AFAF457@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1274-1 Container Tags : suse/sle15:15.1 , suse/sle15:15.1.6.2.759 Container Release : 6.2.759 Severity : moderate Type : recommended References : 1160285 1210096 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1991-1 Released: Tue Apr 25 13:22:19 2023 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1160285,1210096 This update for permissions fixes the following issues: * mariadb: settings for new auth_pam_tool (bsc#1160285, bsc#1210096) The following package changes have been done: - permissions-20181116-150100.9.41.1 updated From sle-updates at lists.suse.com Wed Apr 26 07:10:32 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 Apr 2023 09:10:32 +0200 (CEST) Subject: SUSE-CU-2023:1275-1: Security update of suse/pcp Message-ID: <20230426071032.4086DF457@maintenance.suse.de> SUSE Container Update Advisory: suse/pcp ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1275-1 Container Tags : suse/pcp:5 , suse/pcp:5-14.21 , suse/pcp:5.2 , suse/pcp:5.2-14.21 , suse/pcp:5.2.5 , suse/pcp:5.2.5-14.21 , suse/pcp:latest Container Release : 14.21 Severity : moderate Type : security References : 1210328 CVE-2023-1981 ----------------------------------------------------------------- The container suse/pcp was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1994-1 Released: Tue Apr 25 13:53:25 2023 Summary: Security update for avahi Type: security Severity: moderate References: 1210328,CVE-2023-1981 This update for avahi fixes the following issues: - CVE-2023-1981: Fixed crash in avahi-daemon (bsc#1210328). The following package changes have been done: - libavahi-common3-0.8-150400.7.3.1 updated - libavahi-client3-0.8-150400.7.3.1 updated From sle-updates at lists.suse.com Wed Apr 26 08:30:02 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 Apr 2023 08:30:02 -0000 Subject: SUSE-SU-2023:2032-1: important: Security update for the Linux Kernel (Live Patch 10 for SLE 15 SP4) Message-ID: <168249780276.21585.432614855850767287@smelt2.suse.de> # Security update for the Linux Kernel (Live Patch 10 for SLE 15 SP4) Announcement ID: SUSE-SU-2023:2032-1 Rating: important References: * #1209797 Cross-References: * CVE-2023-1652 CVSS scores: * CVE-2023-1652 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1652 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Live Patching 15-SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 An update that solves one vulnerability can now be installed. ## Description: This update for the Linux Kernel 5.14.21-150400_24_55 fixes one issue. The following security issue was fixed: * CVE-2023-1652: Fixed use-after-free that could lead to DoS and information leak in nfsd4_ssc_setup_dul in fs/nfsd/nfs4proc.c (bsc#1209788). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP4 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2023-2032=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150400_24_55-default-2-150400.2.2 * kernel-livepatch-5_14_21-150400_24_55-default-debuginfo-2-150400.2.2 * kernel-livepatch-SLE15-SP4_Update_10-debugsource-2-150400.2.2 ## References: * https://www.suse.com/security/cve/CVE-2023-1652.html * https://bugzilla.suse.com/show_bug.cgi?id=1209797 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Apr 26 08:30:05 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 Apr 2023 08:30:05 -0000 Subject: SUSE-SU-2023:2023-1: important: Security update for the Linux Kernel (Live Patch 27 for SLE 12 SP4) Message-ID: <168249780509.21585.16155538137650413542@smelt2.suse.de> # Security update for the Linux Kernel (Live Patch 27 for SLE 12 SP4) Announcement ID: SUSE-SU-2023:2023-1 Rating: important References: * #1203993 * #1207822 * #1208910 Cross-References: * CVE-2022-2991 * CVE-2023-0590 * CVE-2023-1118 CVSS scores: * CVE-2022-2991 ( SUSE ): 8.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H * CVE-2022-2991 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-0590 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-0590 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-1118 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1118 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise Live Patching 15-SP1 * SUSE Linux Enterprise Live Patching 12-SP5 * SUSE Linux Enterprise Live Patching 12-SP4 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 An update that solves three vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 4.12.14-95_99 fixes several issues. The following security issues were fixed: * CVE-2023-0590: Fixed race condition in qdisc_graft() (bsc#1207795). * CVE-2023-1118: Fixed a use-after-free bugs caused by ene_tx_irqsim() in media/rc (bsc#1208837). * CVE-2022-2991: Fixed an heap-based overflow in the lightnvm implemenation (bsc#1201420). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 12-SP4 zypper in -t patch SUSE-SLE-Live-Patching-12-SP4-2023-2023=1 * SUSE Linux Enterprise Live Patching 12-SP5 zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2023-2020=1 * SUSE Linux Enterprise Live Patching 15-SP1 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2023-2021=1 ## Package List: * SUSE Linux Enterprise Live Patching 12-SP4 (ppc64le s390x x86_64) * kgraft-patch-4_12_14-95_99-default-11-2.2 * SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64) * kgraft-patch-4_12_14-122_127-default-9-2.2 * SUSE Linux Enterprise Live Patching 15-SP1 (ppc64le x86_64) * kernel-livepatch-4_12_14-150100_197_120-default-9-150100.2.2 ## References: * https://www.suse.com/security/cve/CVE-2022-2991.html * https://www.suse.com/security/cve/CVE-2023-0590.html * https://www.suse.com/security/cve/CVE-2023-1118.html * https://bugzilla.suse.com/show_bug.cgi?id=1203993 * https://bugzilla.suse.com/show_bug.cgi?id=1207822 * https://bugzilla.suse.com/show_bug.cgi?id=1208910 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Apr 26 08:30:07 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 Apr 2023 08:30:07 -0000 Subject: SUSE-SU-2023:2024-1: important: Security update for the Linux Kernel (Live Patch 30 for SLE 12 SP4) Message-ID: <168249780714.21585.7264124982432905712@smelt2.suse.de> # Security update for the Linux Kernel (Live Patch 30 for SLE 12 SP4) Announcement ID: SUSE-SU-2023:2024-1 Rating: important References: * #1207822 * #1208910 Cross-References: * CVE-2023-0590 * CVE-2023-1118 CVSS scores: * CVE-2023-0590 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-0590 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-1118 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1118 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise Live Patching 15-SP1 * SUSE Linux Enterprise Live Patching 12-SP4 * SUSE Linux Enterprise Live Patching 15-SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 An update that solves two vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 4.12.14-95_108 fixes several issues. The following security issues were fixed: * CVE-2023-0590: Fixed race condition in qdisc_graft() (bsc#1207795). * CVE-2023-1118: Fixed a use-after-free bugs caused by ene_tx_irqsim() in media/rc (bsc#1208837). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 12-SP4 zypper in -t patch SUSE-SLE-Live-Patching-12-SP4-2023-2024=1 SUSE-SLE-Live- Patching-12-SP4-2023-2025=1 SUSE-SLE-Live-Patching-12-SP4-2023-2030=1 * SUSE Linux Enterprise Live Patching 15-SP1 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2023-2018=1 SUSE-SLE- Module-Live-Patching-15-SP1-2023-2019=1 * SUSE Linux Enterprise Live Patching 15-SP3 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2023-2026=1 SUSE-SLE- Module-Live-Patching-15-SP3-2023-2029=1 ## Package List: * SUSE Linux Enterprise Live Patching 12-SP4 (ppc64le s390x x86_64) * kgraft-patch-4_12_14-95_117-default-3-2.2 * kgraft-patch-4_12_14-95_111-default-6-2.2 * kgraft-patch-4_12_14-95_108-default-7-2.2 * SUSE Linux Enterprise Live Patching 15-SP1 (ppc64le x86_64) * kernel-livepatch-4_12_14-150100_197_131-default-4-150100.2.2 * kernel-livepatch-4_12_14-150100_197_123-default-6-150100.2.2 * SUSE Linux Enterprise Live Patching 15-SP3 (ppc64le s390x x86_64) * kernel-livepatch-5_3_18-150300_59_112-default-3-150300.2.2 * kernel-livepatch-5_3_18-150300_59_109-default-4-150300.2.2 ## References: * https://www.suse.com/security/cve/CVE-2023-0590.html * https://www.suse.com/security/cve/CVE-2023-1118.html * https://bugzilla.suse.com/show_bug.cgi?id=1207822 * https://bugzilla.suse.com/show_bug.cgi?id=1208910 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Apr 26 08:30:10 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 Apr 2023 08:30:10 -0000 Subject: SUSE-SU-2023:2031-1: important: Security update for the Linux Kernel (Live Patch 1 for SLE 15 SP4) Message-ID: <168249781015.21585.11681685687303545159@smelt2.suse.de> # Security update for the Linux Kernel (Live Patch 1 for SLE 15 SP4) Announcement ID: SUSE-SU-2023:2031-1 Rating: important References: * #1207822 * #1208910 * #1209797 Cross-References: * CVE-2023-0590 * CVE-2023-1118 * CVE-2023-1652 CVSS scores: * CVE-2023-0590 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-0590 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-1118 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1118 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1652 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1652 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Live Patching 15-SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 An update that solves three vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.14.21-150400_24_11 fixes several issues. The following security issues were fixed: * CVE-2023-0590: Fixed race condition in qdisc_graft() (bsc#1207795). * CVE-2023-1652: Fixed use-after-free that could lead to DoS and information leak in nfsd4_ssc_setup_dul in fs/nfsd/nfs4proc.c (bsc#1209788). * CVE-2023-1118: Fixed a use-after-free bugs caused by ene_tx_irqsim() in media/rc (bsc#1208837). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP4 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2023-2022=1 SUSE-SLE- Module-Live-Patching-15-SP4-2023-2031=1 SUSE-SLE-Module-Live- Patching-15-SP4-2023-2017=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150400_24_11-default-10-150400.2.2 * kernel-livepatch-SLE15-SP4_Update_3-debugsource-9-150400.2.2 * kernel-livepatch-SLE15-SP4_Update_6-debugsource-5-150400.2.2 * kernel-livepatch-SLE15-SP4_Update_1-debugsource-10-150400.2.2 * kernel-livepatch-5_14_21-150400_24_21-default-9-150400.2.2 * kernel-livepatch-5_14_21-150400_24_11-default-debuginfo-10-150400.2.2 * kernel-livepatch-5_14_21-150400_24_38-default-debuginfo-5-150400.2.2 * kernel-livepatch-5_14_21-150400_24_38-default-5-150400.2.2 * kernel-livepatch-5_14_21-150400_24_21-default-debuginfo-9-150400.2.2 ## References: * https://www.suse.com/security/cve/CVE-2023-0590.html * https://www.suse.com/security/cve/CVE-2023-1118.html * https://www.suse.com/security/cve/CVE-2023-1652.html * https://bugzilla.suse.com/show_bug.cgi?id=1207822 * https://bugzilla.suse.com/show_bug.cgi?id=1208910 * https://bugzilla.suse.com/show_bug.cgi?id=1209797 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Apr 26 08:30:12 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 Apr 2023 08:30:12 -0000 Subject: SUSE-RU-2023:2028-1: important: Recommended update for yast2-users Message-ID: <168249781239.21585.5287270270084583466@smelt2.suse.de> # Recommended update for yast2-users Announcement ID: SUSE-RU-2023:2028-1 Rating: important References: * #1209377 Affected Products: * Basesystem Module 15-SP4 * openSUSE Leap 15.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has one recommended fix can now be installed. ## Description: This update for yast2-users fixes the following issues: * Fix bug causing failures when creating new users (bsc#1209377) ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2028=1 * SUSE Linux Enterprise High Performance Computing 15 SP4 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2023-2028=1 * SUSE Linux Enterprise Server 15 SP4 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2023-2028=1 * SUSE Manager Server 4.3 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2023-2028=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2023-2028=1 * SUSE Linux Enterprise Desktop 15 SP4 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2023-2028=1 * SUSE Manager Retail Branch Server 4.3 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2023-2028=1 * SUSE Manager Proxy 4.3 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2023-2028=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-2028=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * yast2-users-debugsource-4.4.13-150400.3.9.1 * yast2-users-debuginfo-4.4.13-150400.3.9.1 * yast2-users-4.4.13-150400.3.9.1 * SUSE Linux Enterprise High Performance Computing 15 SP4 (aarch64 x86_64) * yast2-users-4.4.13-150400.3.9.1 * SUSE Linux Enterprise Server 15 SP4 (aarch64 ppc64le s390x x86_64) * yast2-users-4.4.13-150400.3.9.1 * SUSE Manager Server 4.3 (ppc64le s390x x86_64) * yast2-users-4.4.13-150400.3.9.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * yast2-users-4.4.13-150400.3.9.1 * SUSE Linux Enterprise Desktop 15 SP4 (x86_64) * yast2-users-4.4.13-150400.3.9.1 * SUSE Manager Retail Branch Server 4.3 (x86_64) * yast2-users-4.4.13-150400.3.9.1 * SUSE Manager Proxy 4.3 (x86_64) * yast2-users-4.4.13-150400.3.9.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * yast2-users-debugsource-4.4.13-150400.3.9.1 * yast2-users-debuginfo-4.4.13-150400.3.9.1 * yast2-users-4.4.13-150400.3.9.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1209377 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Apr 26 08:30:13 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 Apr 2023 08:30:13 -0000 Subject: SUSE-RU-2023:2027-1: important: Recommended update for hawk2 Message-ID: <168249781395.21585.16860977442785215389@smelt2.suse.de> # Recommended update for hawk2 Announcement ID: SUSE-RU-2023:2027-1 Rating: important References: * #1208533 Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise High Availability Extension 15 SP1 * SUSE Linux Enterprise High Availability Extension 15 SP2 * SUSE Linux Enterprise High Availability Extension 15 SP3 * SUSE Linux Enterprise High Availability Extension 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 Business Critical Linux 15-SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 Business Critical Linux 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 Business Critical Linux 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.0 * SUSE Manager Proxy 4.1 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.0 * SUSE Manager Retail Branch Server 4.1 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.0 * SUSE Manager Server 4.1 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 An update that has one recommended fix can now be installed. ## Description: This update for hawk2 fixes the following issues: * Fix execution issue caused by version conflicts with sass-rails (bsc#1208533) ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2027=1 * SUSE Linux Enterprise High Availability Extension 15 SP1 zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2023-2027=1 * SUSE Linux Enterprise High Availability Extension 15 SP2 zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2023-2027=1 * SUSE Linux Enterprise High Availability Extension 15 SP3 zypper in -t patch SUSE-SLE-Product-HA-15-SP3-2023-2027=1 * SUSE Linux Enterprise High Availability Extension 15 SP4 zypper in -t patch SUSE-SLE-Product-HA-15-SP4-2023-2027=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * hawk2-debugsource-2.6.4+git.1667244108.7a0cffe-150000.3.36.1 * hawk2-2.6.4+git.1667244108.7a0cffe-150000.3.36.1 * hawk2-debuginfo-2.6.4+git.1667244108.7a0cffe-150000.3.36.1 * SUSE Linux Enterprise High Availability Extension 15 SP1 (aarch64 ppc64le s390x x86_64) * hawk2-debugsource-2.6.4+git.1667244108.7a0cffe-150000.3.36.1 * hawk2-2.6.4+git.1667244108.7a0cffe-150000.3.36.1 * hawk2-debuginfo-2.6.4+git.1667244108.7a0cffe-150000.3.36.1 * SUSE Linux Enterprise High Availability Extension 15 SP2 (aarch64 ppc64le s390x x86_64) * hawk2-debugsource-2.6.4+git.1667244108.7a0cffe-150000.3.36.1 * hawk2-2.6.4+git.1667244108.7a0cffe-150000.3.36.1 * hawk2-debuginfo-2.6.4+git.1667244108.7a0cffe-150000.3.36.1 * SUSE Linux Enterprise High Availability Extension 15 SP3 (aarch64 ppc64le s390x x86_64) * hawk2-debugsource-2.6.4+git.1667244108.7a0cffe-150000.3.36.1 * hawk2-2.6.4+git.1667244108.7a0cffe-150000.3.36.1 * hawk2-debuginfo-2.6.4+git.1667244108.7a0cffe-150000.3.36.1 * SUSE Linux Enterprise High Availability Extension 15 SP4 (aarch64 ppc64le s390x x86_64) * hawk2-debugsource-2.6.4+git.1667244108.7a0cffe-150000.3.36.1 * hawk2-2.6.4+git.1667244108.7a0cffe-150000.3.36.1 * hawk2-debuginfo-2.6.4+git.1667244108.7a0cffe-150000.3.36.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1208533 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Apr 26 12:30:04 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 Apr 2023 12:30:04 -0000 Subject: SUSE-SU-2023:2035-1: important: Security update for the Linux Kernel (Live Patch 0 for SLE 15 SP4) Message-ID: <168251220424.13813.9775654465814004748@smelt2.suse.de> # Security update for the Linux Kernel (Live Patch 0 for SLE 15 SP4) Announcement ID: SUSE-SU-2023:2035-1 Rating: important References: * #1207822 * #1208910 * #1209797 Cross-References: * CVE-2023-0590 * CVE-2023-1118 * CVE-2023-1652 CVSS scores: * CVE-2023-0590 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-0590 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-1118 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1118 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1652 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1652 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Live Patching 15-SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 An update that solves three vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.14.21-150400_22 fixes several issues. The following security issues were fixed: * CVE-2023-0590: Fixed race condition in qdisc_graft() (bsc#1207795). * CVE-2023-1652: Fixed use-after-free that could lead to DoS and information leak in nfsd4_ssc_setup_dul in fs/nfsd/nfs4proc.c (bsc#1209788). * CVE-2023-1118: Fixed a use-after-free bugs caused by ene_tx_irqsim() in media/rc (bsc#1208837). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP4 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2023-2035=1 SUSE-SLE- Module-Live-Patching-15-SP4-2023-2036=1 SUSE-SLE-Module-Live- Patching-15-SP4-2023-2037=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP4_Update_4-debugsource-7-150400.2.2 * kernel-livepatch-5_14_21-150400_24_33-default-debuginfo-6-150400.2.2 * kernel-livepatch-5_14_21-150400_22-default-debuginfo-13-150400.13.2 * kernel-livepatch-5_14_21-150400_24_28-default-debuginfo-7-150400.2.2 * kernel-livepatch-5_14_21-150400_24_28-default-7-150400.2.2 * kernel-livepatch-SLE15-SP4_Update_5-debugsource-6-150400.2.2 * kernel-livepatch-5_14_21-150400_24_33-default-6-150400.2.2 * kernel-livepatch-5_14_21-150400_22-default-13-150400.13.2 * kernel-livepatch-SLE15-SP4_Update_0-debugsource-13-150400.13.2 ## References: * https://www.suse.com/security/cve/CVE-2023-0590.html * https://www.suse.com/security/cve/CVE-2023-1118.html * https://www.suse.com/security/cve/CVE-2023-1652.html * https://bugzilla.suse.com/show_bug.cgi?id=1207822 * https://bugzilla.suse.com/show_bug.cgi?id=1208910 * https://bugzilla.suse.com/show_bug.cgi?id=1209797 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Apr 26 12:30:05 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 Apr 2023 12:30:05 -0000 Subject: SUSE-RU-2023:2042-1: moderate: Recommended update for python-osc-tiny Message-ID: <168251220594.13813.4531119712176123528@smelt2.suse.de> # Recommended update for python-osc-tiny Announcement ID: SUSE-RU-2023:2042-1 Rating: moderate References: * #1206040 Affected Products: * Development Tools Module 15-SP4 * openSUSE Leap 15.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has one recommended fix can now be installed. ## Description: This update for python-osc-tiny fixes the following issues: * Added a comment parameter to project and package `set_meta` * Added a link to the documentation of `HttpSignatureAuth` * Added fix for a parameter inconsistency in the API * Added methods to get/set the project config * Added support for Python 3.11 * Allow `Package.exists` to raise exceptions * Do not send the `deleted` parameter, when the `view` parameter is present * Enhanced usability and reliability for `HttpSignatureAuth` * Fixed packaging problem with Python dependency (bsc#1206040) * Improved strong authentication method * Include the original error message, when an SSH key cannot be read * Make it possible to force setting meta * Prevent sharing of sessions across forked processes * Replaced `Request.cmd` with `Request.update` * Simplified handling of SSH keys * Support product list views honoring the `expand` parameter * Treat `deleted` and `expand` parameters of `/source/<project>/` as boolean (not documented as such) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2042=1 * Development Tools Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-2042=1 ## Package List: * openSUSE Leap 15.4 (noarch) * python3-osc-tiny-0.7.12-150400.10.3.2 * Development Tools Module 15-SP4 (noarch) * python3-osc-tiny-0.7.12-150400.10.3.2 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1206040 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Apr 26 12:30:07 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 Apr 2023 12:30:07 -0000 Subject: SUSE-RU-2023:2041-1: low: Recommended update for zlib Message-ID: <168251220723.13813.15977500958552226423@smelt2.suse.de> # Recommended update for zlib Announcement ID: SUSE-RU-2023:2041-1 Rating: low References: * #1206513 Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 An update that has one recommended fix can now be installed. ## Description: This update for zlib fixes the following issues: * Add support for small windows in IBM Z hardware-accelerated deflate (bsc#1206513) ## Patch Instructions: To install this SUSE Low update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-2041=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2041=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2041=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2041=1 ## Package List: * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * zlib-debugsource-1.2.11-11.31.1 * zlib-devel-1.2.11-11.31.1 * zlib-devel-static-1.2.11-11.31.1 * SUSE Linux Enterprise Software Development Kit 12 SP5 (s390x x86_64) * zlib-devel-32bit-1.2.11-11.31.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * zlib-debugsource-1.2.11-11.31.1 * libz1-1.2.11-11.31.1 * libz1-debuginfo-1.2.11-11.31.1 * zlib-devel-static-1.2.11-11.31.1 * zlib-devel-1.2.11-11.31.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (x86_64) * libz1-32bit-1.2.11-11.31.1 * libz1-debuginfo-32bit-1.2.11-11.31.1 * zlib-devel-32bit-1.2.11-11.31.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * zlib-debugsource-1.2.11-11.31.1 * libz1-1.2.11-11.31.1 * libz1-debuginfo-1.2.11-11.31.1 * zlib-devel-static-1.2.11-11.31.1 * zlib-devel-1.2.11-11.31.1 * SUSE Linux Enterprise Server 12 SP5 (s390x x86_64) * libz1-32bit-1.2.11-11.31.1 * libz1-debuginfo-32bit-1.2.11-11.31.1 * zlib-devel-32bit-1.2.11-11.31.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * zlib-debugsource-1.2.11-11.31.1 * libz1-1.2.11-11.31.1 * libz1-debuginfo-1.2.11-11.31.1 * zlib-devel-static-1.2.11-11.31.1 * zlib-devel-1.2.11-11.31.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (x86_64) * libz1-32bit-1.2.11-11.31.1 * libz1-debuginfo-32bit-1.2.11-11.31.1 * zlib-devel-32bit-1.2.11-11.31.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1206513 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Apr 26 12:30:09 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 Apr 2023 12:30:09 -0000 Subject: SUSE-RU-2023:2040-1: moderate: Recommended update for suseconnect-ng Message-ID: <168251220925.13813.17141188077254969865@smelt2.suse.de> # Recommended update for suseconnect-ng Announcement ID: SUSE-RU-2023:2040-1 Rating: moderate References: * #1202705 * #1207876 Affected Products: * Basesystem Module 15-SP4 * openSUSE Leap Micro 5.3 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has two recommended fixes can now be installed. ## Description: This update for suseconnect-ng fixes the following issues: * Update to version 1.1.0~git0.e3c41e60892e * Added MemTotal detection for HwInfo * Make keepalive on SUMA systems exit without error (bsc#1207876) * Add deactivate API to ruby bindings (bsc#1202705) * Allow non-root users to use --version * Update Dockerfile.yast * Use openssl go for SLE and Leap 15.5+ builds ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-2040=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-2040=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-2040=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-2040=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-2040=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-2040=1 ## Package List: * openSUSE Leap Micro 5.3 (aarch64 x86_64) * suseconnect-ng-1.1.0~git0.e3c41e60892e-150400.3.10.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * suseconnect-ng-1.1.0~git0.e3c41e60892e-150400.3.10.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * suseconnect-ng-1.1.0~git0.e3c41e60892e-150400.3.10.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * suseconnect-ng-debuginfo-1.1.0~git0.e3c41e60892e-150400.3.10.1 * suseconnect-ng-1.1.0~git0.e3c41e60892e-150400.3.10.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * suseconnect-ng-debuginfo-1.1.0~git0.e3c41e60892e-150400.3.10.1 * suseconnect-ng-1.1.0~git0.e3c41e60892e-150400.3.10.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * suseconnect-ng-1.1.0~git0.e3c41e60892e-150400.3.10.1 * suseconnect-ruby-bindings-1.1.0~git0.e3c41e60892e-150400.3.10.1 * libsuseconnect-1.1.0~git0.e3c41e60892e-150400.3.10.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1202705 * https://bugzilla.suse.com/show_bug.cgi?id=1207876 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Apr 26 12:30:11 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 Apr 2023 12:30:11 -0000 Subject: SUSE-RU-2023:2039-1: moderate: Recommended update for lshw Message-ID: <168251221180.13813.1165331026980337560@smelt2.suse.de> # Recommended update for lshw Announcement ID: SUSE-RU-2023:2039-1 Rating: moderate References: * #1209531 Affected Products: * Basesystem Module 15-SP4 * openSUSE Leap 15.4 * openSUSE Leap Micro 5.3 * SUSE Enterprise Storage 7 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 An update that has one recommended fix can now be installed. ## Description: This update for lshw fixes the following issues: * Update to version B.02.19.2+git.20230320 (bsc#1209531) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-2039=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2039=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-2039=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-2039=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-2039=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-2039=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-2039=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-2039=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-2039=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-2039=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-2039=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-2039=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-2039=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-2039=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-2039=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-2039=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-2039=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-2039=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-2039=1 * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-2039=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-2039=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-2039=1 ## Package List: * openSUSE Leap Micro 5.3 (aarch64 x86_64) * lshw-debuginfo-B.02.19.2+git.20230320-150200.3.15.4 * lshw-B.02.19.2+git.20230320-150200.3.15.4 * lshw-debugsource-B.02.19.2+git.20230320-150200.3.15.4 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * lshw-gui-debuginfo-B.02.19.2+git.20230320-150200.3.15.4 * lshw-debuginfo-B.02.19.2+git.20230320-150200.3.15.4 * lshw-debugsource-B.02.19.2+git.20230320-150200.3.15.4 * lshw-B.02.19.2+git.20230320-150200.3.15.4 * lshw-gui-B.02.19.2+git.20230320-150200.3.15.4 * openSUSE Leap 15.4 (noarch) * lshw-lang-B.02.19.2+git.20230320-150200.3.15.4 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * lshw-debuginfo-B.02.19.2+git.20230320-150200.3.15.4 * lshw-B.02.19.2+git.20230320-150200.3.15.4 * lshw-debugsource-B.02.19.2+git.20230320-150200.3.15.4 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * lshw-debuginfo-B.02.19.2+git.20230320-150200.3.15.4 * lshw-B.02.19.2+git.20230320-150200.3.15.4 * lshw-debugsource-B.02.19.2+git.20230320-150200.3.15.4 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * lshw-debuginfo-B.02.19.2+git.20230320-150200.3.15.4 * lshw-B.02.19.2+git.20230320-150200.3.15.4 * lshw-debugsource-B.02.19.2+git.20230320-150200.3.15.4 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * lshw-debuginfo-B.02.19.2+git.20230320-150200.3.15.4 * lshw-B.02.19.2+git.20230320-150200.3.15.4 * lshw-debugsource-B.02.19.2+git.20230320-150200.3.15.4 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * lshw-debuginfo-B.02.19.2+git.20230320-150200.3.15.4 * lshw-B.02.19.2+git.20230320-150200.3.15.4 * lshw-debugsource-B.02.19.2+git.20230320-150200.3.15.4 * Basesystem Module 15-SP4 (noarch) * lshw-lang-B.02.19.2+git.20230320-150200.3.15.4 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (x86_64) * lshw-debuginfo-B.02.19.2+git.20230320-150200.3.15.4 * lshw-B.02.19.2+git.20230320-150200.3.15.4 * lshw-debugsource-B.02.19.2+git.20230320-150200.3.15.4 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * lshw-lang-B.02.19.2+git.20230320-150200.3.15.4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (x86_64) * lshw-debuginfo-B.02.19.2+git.20230320-150200.3.15.4 * lshw-B.02.19.2+git.20230320-150200.3.15.4 * lshw-debugsource-B.02.19.2+git.20230320-150200.3.15.4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * lshw-lang-B.02.19.2+git.20230320-150200.3.15.4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (x86_64) * lshw-debuginfo-B.02.19.2+git.20230320-150200.3.15.4 * lshw-B.02.19.2+git.20230320-150200.3.15.4 * lshw-debugsource-B.02.19.2+git.20230320-150200.3.15.4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * lshw-lang-B.02.19.2+git.20230320-150200.3.15.4 * SUSE Linux Enterprise Real Time 15 SP3 (x86_64) * lshw-debuginfo-B.02.19.2+git.20230320-150200.3.15.4 * lshw-B.02.19.2+git.20230320-150200.3.15.4 * lshw-debugsource-B.02.19.2+git.20230320-150200.3.15.4 * SUSE Linux Enterprise Real Time 15 SP3 (noarch) * lshw-lang-B.02.19.2+git.20230320-150200.3.15.4 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (ppc64le x86_64) * lshw-debuginfo-B.02.19.2+git.20230320-150200.3.15.4 * lshw-B.02.19.2+git.20230320-150200.3.15.4 * lshw-debugsource-B.02.19.2+git.20230320-150200.3.15.4 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch) * lshw-lang-B.02.19.2+git.20230320-150200.3.15.4 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (ppc64le x86_64) * lshw-debuginfo-B.02.19.2+git.20230320-150200.3.15.4 * lshw-B.02.19.2+git.20230320-150200.3.15.4 * lshw-debugsource-B.02.19.2+git.20230320-150200.3.15.4 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * lshw-lang-B.02.19.2+git.20230320-150200.3.15.4 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * lshw-debuginfo-B.02.19.2+git.20230320-150200.3.15.4 * lshw-B.02.19.2+git.20230320-150200.3.15.4 * lshw-debugsource-B.02.19.2+git.20230320-150200.3.15.4 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch) * lshw-lang-B.02.19.2+git.20230320-150200.3.15.4 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * lshw-debuginfo-B.02.19.2+git.20230320-150200.3.15.4 * lshw-B.02.19.2+git.20230320-150200.3.15.4 * lshw-debugsource-B.02.19.2+git.20230320-150200.3.15.4 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * lshw-lang-B.02.19.2+git.20230320-150200.3.15.4 * SUSE Manager Proxy 4.2 (x86_64) * lshw-debuginfo-B.02.19.2+git.20230320-150200.3.15.4 * lshw-B.02.19.2+git.20230320-150200.3.15.4 * lshw-debugsource-B.02.19.2+git.20230320-150200.3.15.4 * SUSE Manager Proxy 4.2 (noarch) * lshw-lang-B.02.19.2+git.20230320-150200.3.15.4 * SUSE Manager Retail Branch Server 4.2 (x86_64) * lshw-debuginfo-B.02.19.2+git.20230320-150200.3.15.4 * lshw-B.02.19.2+git.20230320-150200.3.15.4 * lshw-debugsource-B.02.19.2+git.20230320-150200.3.15.4 * SUSE Manager Retail Branch Server 4.2 (noarch) * lshw-lang-B.02.19.2+git.20230320-150200.3.15.4 * SUSE Manager Server 4.2 (ppc64le x86_64) * lshw-debuginfo-B.02.19.2+git.20230320-150200.3.15.4 * lshw-B.02.19.2+git.20230320-150200.3.15.4 * lshw-debugsource-B.02.19.2+git.20230320-150200.3.15.4 * SUSE Manager Server 4.2 (noarch) * lshw-lang-B.02.19.2+git.20230320-150200.3.15.4 * SUSE Enterprise Storage 7.1 (x86_64) * lshw-debuginfo-B.02.19.2+git.20230320-150200.3.15.4 * lshw-B.02.19.2+git.20230320-150200.3.15.4 * lshw-debugsource-B.02.19.2+git.20230320-150200.3.15.4 * SUSE Enterprise Storage 7.1 (noarch) * lshw-lang-B.02.19.2+git.20230320-150200.3.15.4 * SUSE Enterprise Storage 7 (x86_64) * lshw-debuginfo-B.02.19.2+git.20230320-150200.3.15.4 * lshw-B.02.19.2+git.20230320-150200.3.15.4 * lshw-debugsource-B.02.19.2+git.20230320-150200.3.15.4 * SUSE Enterprise Storage 7 (noarch) * lshw-lang-B.02.19.2+git.20230320-150200.3.15.4 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * lshw-debuginfo-B.02.19.2+git.20230320-150200.3.15.4 * lshw-B.02.19.2+git.20230320-150200.3.15.4 * lshw-debugsource-B.02.19.2+git.20230320-150200.3.15.4 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * lshw-debuginfo-B.02.19.2+git.20230320-150200.3.15.4 * lshw-B.02.19.2+git.20230320-150200.3.15.4 * lshw-debugsource-B.02.19.2+git.20230320-150200.3.15.4 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1209531 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Apr 26 12:30:14 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 Apr 2023 12:30:14 -0000 Subject: SUSE-SU-2023:2038-1: moderate: Security update for git Message-ID: <168251221433.13813.2177975012310165430@smelt2.suse.de> # Security update for git Announcement ID: SUSE-SU-2023:2038-1 Rating: moderate References: * #1210686 Cross-References: * CVE-2023-25652 * CVE-2023-25815 * CVE-2023-29007 CVSS scores: * CVE-2023-25652 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N * CVE-2023-25652 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2023-25815 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N * CVE-2023-25815 ( NVD ): 3.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:L * CVE-2023-29007 ( SUSE ): 6.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:L * CVE-2023-29007 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * Basesystem Module 15-SP4 * Development Tools Module 15-SP4 * openSUSE Leap 15.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves three vulnerabilities can now be installed. ## Description: This update for git fixes the following issues: * CVE-2023-25652: Fixed partial overwrite of paths outside the working tree (bsc#1210686). * CVE-2023-25815: Fixed malicious placemtn of crafted message (bsc#1210686). * CVE-2023-29007: Fixed arbitrary configuration injection (bsc#1210686). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2038=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-2038=1 * Development Tools Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-2038=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-2038=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * git-2.35.3-150300.10.27.1 * git-email-2.35.3-150300.10.27.1 * git-cvs-2.35.3-150300.10.27.1 * git-arch-2.35.3-150300.10.27.1 * git-svn-2.35.3-150300.10.27.1 * git-credential-gnome-keyring-debuginfo-2.35.3-150300.10.27.1 * git-credential-libsecret-2.35.3-150300.10.27.1 * gitk-2.35.3-150300.10.27.1 * git-credential-libsecret-debuginfo-2.35.3-150300.10.27.1 * git-gui-2.35.3-150300.10.27.1 * git-p4-2.35.3-150300.10.27.1 * git-core-debuginfo-2.35.3-150300.10.27.1 * git-daemon-debuginfo-2.35.3-150300.10.27.1 * git-debuginfo-2.35.3-150300.10.27.1 * git-credential-gnome-keyring-2.35.3-150300.10.27.1 * git-core-2.35.3-150300.10.27.1 * git-web-2.35.3-150300.10.27.1 * perl-Git-2.35.3-150300.10.27.1 * git-debugsource-2.35.3-150300.10.27.1 * git-daemon-2.35.3-150300.10.27.1 * openSUSE Leap 15.4 (noarch) * git-doc-2.35.3-150300.10.27.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * git-core-2.35.3-150300.10.27.1 * git-core-debuginfo-2.35.3-150300.10.27.1 * git-debuginfo-2.35.3-150300.10.27.1 * git-debugsource-2.35.3-150300.10.27.1 * Development Tools Module 15-SP4 (aarch64 ppc64le s390x x86_64) * git-2.35.3-150300.10.27.1 * git-email-2.35.3-150300.10.27.1 * git-cvs-2.35.3-150300.10.27.1 * git-arch-2.35.3-150300.10.27.1 * git-svn-2.35.3-150300.10.27.1 * gitk-2.35.3-150300.10.27.1 * git-gui-2.35.3-150300.10.27.1 * git-daemon-debuginfo-2.35.3-150300.10.27.1 * git-debuginfo-2.35.3-150300.10.27.1 * git-web-2.35.3-150300.10.27.1 * perl-Git-2.35.3-150300.10.27.1 * git-debugsource-2.35.3-150300.10.27.1 * git-daemon-2.35.3-150300.10.27.1 * Development Tools Module 15-SP4 (noarch) * git-doc-2.35.3-150300.10.27.1 * SUSE Linux Enterprise Real Time 15 SP3 (x86_64) * git-2.35.3-150300.10.27.1 * git-email-2.35.3-150300.10.27.1 * git-cvs-2.35.3-150300.10.27.1 * git-arch-2.35.3-150300.10.27.1 * git-svn-2.35.3-150300.10.27.1 * gitk-2.35.3-150300.10.27.1 * git-gui-2.35.3-150300.10.27.1 * git-core-debuginfo-2.35.3-150300.10.27.1 * git-daemon-debuginfo-2.35.3-150300.10.27.1 * git-debuginfo-2.35.3-150300.10.27.1 * git-web-2.35.3-150300.10.27.1 * git-core-2.35.3-150300.10.27.1 * perl-Git-2.35.3-150300.10.27.1 * git-debugsource-2.35.3-150300.10.27.1 * git-daemon-2.35.3-150300.10.27.1 * SUSE Linux Enterprise Real Time 15 SP3 (noarch) * git-doc-2.35.3-150300.10.27.1 ## References: * https://www.suse.com/security/cve/CVE-2023-25652.html * https://www.suse.com/security/cve/CVE-2023-25815.html * https://www.suse.com/security/cve/CVE-2023-29007.html * https://bugzilla.suse.com/show_bug.cgi?id=1210686 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Apr 26 12:30:16 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 Apr 2023 12:30:16 -0000 Subject: SUSE-RU-2023:2034-1: moderate: Recommended update for mozilla-nss Message-ID: <168251221699.13813.8669873549503964339@smelt2.suse.de> # Recommended update for mozilla-nss Announcement ID: SUSE-RU-2023:2034-1 Rating: moderate References: * #1191546 * #1207209 * #1208242 * #1208999 Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 An update that has four recommended fixes can now be installed. ## Description: This update for mozilla-nss fixes the following issues: * Adjust SLI reporting for PBKDF2 parameter validation (bsc#1208999) * Update session->lastOpWasFIPS before destroying the key after derivation in the CKM_TLS12_KEY_AND_MAC_DERIVE, CKM_NSS_TLS_KEY_AND_MAC_DERIVE_SHA256, CKM_TLS_KEY_AND_MAC_DERIVE and CKM_SSL3_KEY_AND_MAC_DERIVE cases. (bsc#1191546) * FIPS: more changes for pairwise consistency checks. (bsc#1207209) * Add manpages to mozilla-nss-tools (bsc#1208242) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-2034=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2034=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2034=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2034=1 ## Package List: * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * mozilla-nss-devel-3.79.4-58.97.1 * mozilla-nss-debugsource-3.79.4-58.97.1 * mozilla-nss-debuginfo-3.79.4-58.97.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * libsoftokn3-hmac-3.79.4-58.97.1 * mozilla-nss-3.79.4-58.97.1 * mozilla-nss-certs-3.79.4-58.97.1 * libfreebl3-3.79.4-58.97.1 * libfreebl3-debuginfo-3.79.4-58.97.1 * mozilla-nss-sysinit-debuginfo-3.79.4-58.97.1 * libsoftokn3-3.79.4-58.97.1 * libfreebl3-hmac-3.79.4-58.97.1 * mozilla-nss-tools-3.79.4-58.97.1 * libsoftokn3-debuginfo-3.79.4-58.97.1 * mozilla-nss-tools-debuginfo-3.79.4-58.97.1 * mozilla-nss-sysinit-3.79.4-58.97.1 * mozilla-nss-certs-debuginfo-3.79.4-58.97.1 * mozilla-nss-debugsource-3.79.4-58.97.1 * mozilla-nss-debuginfo-3.79.4-58.97.1 * mozilla-nss-devel-3.79.4-58.97.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (x86_64) * libfreebl3-hmac-32bit-3.79.4-58.97.1 * libsoftokn3-hmac-32bit-3.79.4-58.97.1 * libfreebl3-32bit-3.79.4-58.97.1 * mozilla-nss-debuginfo-32bit-3.79.4-58.97.1 * libsoftokn3-32bit-3.79.4-58.97.1 * mozilla-nss-certs-debuginfo-32bit-3.79.4-58.97.1 * mozilla-nss-certs-32bit-3.79.4-58.97.1 * libsoftokn3-debuginfo-32bit-3.79.4-58.97.1 * libfreebl3-debuginfo-32bit-3.79.4-58.97.1 * mozilla-nss-32bit-3.79.4-58.97.1 * mozilla-nss-sysinit-debuginfo-32bit-3.79.4-58.97.1 * mozilla-nss-sysinit-32bit-3.79.4-58.97.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * libsoftokn3-hmac-3.79.4-58.97.1 * mozilla-nss-3.79.4-58.97.1 * mozilla-nss-certs-3.79.4-58.97.1 * libfreebl3-3.79.4-58.97.1 * libfreebl3-debuginfo-3.79.4-58.97.1 * mozilla-nss-sysinit-debuginfo-3.79.4-58.97.1 * libsoftokn3-3.79.4-58.97.1 * libfreebl3-hmac-3.79.4-58.97.1 * mozilla-nss-tools-3.79.4-58.97.1 * libsoftokn3-debuginfo-3.79.4-58.97.1 * mozilla-nss-tools-debuginfo-3.79.4-58.97.1 * mozilla-nss-sysinit-3.79.4-58.97.1 * mozilla-nss-certs-debuginfo-3.79.4-58.97.1 * mozilla-nss-debugsource-3.79.4-58.97.1 * mozilla-nss-debuginfo-3.79.4-58.97.1 * mozilla-nss-devel-3.79.4-58.97.1 * SUSE Linux Enterprise Server 12 SP5 (s390x x86_64) * libfreebl3-hmac-32bit-3.79.4-58.97.1 * libsoftokn3-hmac-32bit-3.79.4-58.97.1 * libfreebl3-32bit-3.79.4-58.97.1 * mozilla-nss-debuginfo-32bit-3.79.4-58.97.1 * libsoftokn3-32bit-3.79.4-58.97.1 * mozilla-nss-certs-debuginfo-32bit-3.79.4-58.97.1 * mozilla-nss-certs-32bit-3.79.4-58.97.1 * libsoftokn3-debuginfo-32bit-3.79.4-58.97.1 * libfreebl3-debuginfo-32bit-3.79.4-58.97.1 * mozilla-nss-32bit-3.79.4-58.97.1 * mozilla-nss-sysinit-debuginfo-32bit-3.79.4-58.97.1 * mozilla-nss-sysinit-32bit-3.79.4-58.97.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * libsoftokn3-hmac-3.79.4-58.97.1 * mozilla-nss-3.79.4-58.97.1 * mozilla-nss-certs-3.79.4-58.97.1 * libfreebl3-3.79.4-58.97.1 * libfreebl3-debuginfo-3.79.4-58.97.1 * mozilla-nss-sysinit-debuginfo-3.79.4-58.97.1 * libsoftokn3-3.79.4-58.97.1 * libfreebl3-hmac-3.79.4-58.97.1 * mozilla-nss-tools-3.79.4-58.97.1 * libsoftokn3-debuginfo-3.79.4-58.97.1 * mozilla-nss-tools-debuginfo-3.79.4-58.97.1 * mozilla-nss-sysinit-3.79.4-58.97.1 * mozilla-nss-certs-debuginfo-3.79.4-58.97.1 * mozilla-nss-debugsource-3.79.4-58.97.1 * mozilla-nss-debuginfo-3.79.4-58.97.1 * mozilla-nss-devel-3.79.4-58.97.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (x86_64) * libfreebl3-hmac-32bit-3.79.4-58.97.1 * libsoftokn3-hmac-32bit-3.79.4-58.97.1 * libfreebl3-32bit-3.79.4-58.97.1 * mozilla-nss-debuginfo-32bit-3.79.4-58.97.1 * libsoftokn3-32bit-3.79.4-58.97.1 * mozilla-nss-certs-debuginfo-32bit-3.79.4-58.97.1 * mozilla-nss-certs-32bit-3.79.4-58.97.1 * libsoftokn3-debuginfo-32bit-3.79.4-58.97.1 * libfreebl3-debuginfo-32bit-3.79.4-58.97.1 * mozilla-nss-32bit-3.79.4-58.97.1 * mozilla-nss-sysinit-debuginfo-32bit-3.79.4-58.97.1 * mozilla-nss-sysinit-32bit-3.79.4-58.97.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1191546 * https://bugzilla.suse.com/show_bug.cgi?id=1207209 * https://bugzilla.suse.com/show_bug.cgi?id=1208242 * https://bugzilla.suse.com/show_bug.cgi?id=1208999 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Apr 26 16:30:05 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 Apr 2023 16:30:05 -0000 Subject: SUSE-SU-2023:2043-1: important: Security update for the Linux Kernel (Live Patch 2 for SLE 15 SP4) Message-ID: <168252660534.25386.14356789550385934809@smelt2.suse.de> # Security update for the Linux Kernel (Live Patch 2 for SLE 15 SP4) Announcement ID: SUSE-SU-2023:2043-1 Rating: important References: * #1207822 * #1208910 * #1209797 Cross-References: * CVE-2023-0590 * CVE-2023-1118 * CVE-2023-1652 CVSS scores: * CVE-2023-0590 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-0590 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-1118 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1118 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1652 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1652 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Live Patching 15-SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 An update that solves three vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.14.21-150400_24_18 fixes several issues. The following security issues were fixed: * CVE-2023-0590: Fixed race condition in qdisc_graft() (bsc#1207795). * CVE-2023-1652: Fixed use-after-free that could lead to DoS and information leak in nfsd4_ssc_setup_dul in fs/nfsd/nfs4proc.c (bsc#1209788). * CVE-2023-1118: Fixed a use-after-free bugs caused by ene_tx_irqsim() in media/rc (bsc#1208837). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP4 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2023-2043=1 SUSE-SLE- Module-Live-Patching-15-SP4-2023-2045=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150400_24_41-default-debuginfo-4-150400.2.2 * kernel-livepatch-SLE15-SP4_Update_7-debugsource-4-150400.2.2 * kernel-livepatch-5_14_21-150400_24_18-default-debuginfo-10-150400.2.2 * kernel-livepatch-5_14_21-150400_24_18-default-10-150400.2.2 * kernel-livepatch-5_14_21-150400_24_41-default-4-150400.2.2 * kernel-livepatch-SLE15-SP4_Update_2-debugsource-10-150400.2.2 ## References: * https://www.suse.com/security/cve/CVE-2023-0590.html * https://www.suse.com/security/cve/CVE-2023-1118.html * https://www.suse.com/security/cve/CVE-2023-1652.html * https://bugzilla.suse.com/show_bug.cgi?id=1207822 * https://bugzilla.suse.com/show_bug.cgi?id=1208910 * https://bugzilla.suse.com/show_bug.cgi?id=1209797 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Apr 26 16:30:06 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 Apr 2023 16:30:06 -0000 Subject: SUSE-SU-2023:2047-1: moderate: Security update for openssl-ibmca Message-ID: <168252660698.25386.10029637000256261374@smelt2.suse.de> # Security update for openssl-ibmca Announcement ID: SUSE-SU-2023:2047-1 Rating: moderate References: * #1210057 Affected Products: * SUSE Linux Enterprise Server 12 SP5 An update that has one fix can now be installed. ## Description: This update for openssl-ibmca fixes the following issues: * Fixed a timing-based side channel attack in RSA in the IBMCA engine (openssl-ibmca) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2047=1 ## Package List: * SUSE Linux Enterprise Server 12 SP5 (s390x) * openssl-ibmca-2.0.3-4.3.1 * openssl-ibmca-debuginfo-32bit-2.0.3-4.3.1 * openssl-ibmca-debugsource-2.0.3-4.3.1 * openssl-ibmca-32bit-2.0.3-4.3.1 * openssl-ibmca-debuginfo-2.0.3-4.3.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1210057 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Apr 26 16:30:09 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 Apr 2023 16:30:09 -0000 Subject: SUSE-SU-2023:2046-1: moderate: Security update for openssl-ibmca Message-ID: <168252660900.25386.13627158748875109704@smelt2.suse.de> # Security update for openssl-ibmca Announcement ID: SUSE-SU-2023:2046-1 Rating: moderate References: * #1210058 * #1210359 Affected Products: * openSUSE Leap 15.4 * Server Applications Module 15-SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has two fixes can now be installed. ## Description: This update for openssl-ibmca fixes the following issues: Upgraded openssl-ibmca to version 2.4.0 (bsc#1210058) * Provider: Adjustments for OpenSSL versions 3.1 and 3.2 * Provider: Support RSA blinding * Provider: Constant-time fixes for RSA PKCS#1 v1.5 and OAEP padding * Provider: Support "implicit rejection" option for RSA PKCS#1 v1.5 padding * Provider: Adjustments in OpenSSL config generator and example configs * Engine: EC: Cache ICA key in EC_KEY object (performance improvement) * FIPS 140-3: Correct engine handling so only the ciphers selected in the config file are activated (bsc#1210359) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2046=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-2046=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-2046=1 * Server Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2023-2046=1 ## Package List: * openSUSE Leap 15.4 (s390x) * openssl-ibmca-debugsource-2.4.0-150400.4.8.1 * openssl-ibmca-2.4.0-150400.4.8.1 * openssl-ibmca-debuginfo-2.4.0-150400.4.8.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (s390x) * openssl-ibmca-debugsource-2.4.0-150400.4.8.1 * openssl-ibmca-2.4.0-150400.4.8.1 * openssl-ibmca-debuginfo-2.4.0-150400.4.8.1 * SUSE Linux Enterprise Micro 5.4 (s390x) * openssl-ibmca-debugsource-2.4.0-150400.4.8.1 * openssl-ibmca-2.4.0-150400.4.8.1 * openssl-ibmca-debuginfo-2.4.0-150400.4.8.1 * Server Applications Module 15-SP4 (s390x) * openssl-ibmca-debugsource-2.4.0-150400.4.8.1 * openssl-ibmca-2.4.0-150400.4.8.1 * openssl-ibmca-debuginfo-2.4.0-150400.4.8.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1210058 * https://bugzilla.suse.com/show_bug.cgi?id=1210359 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Apr 26 16:30:10 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 Apr 2023 16:30:10 -0000 Subject: SUSE-SU-2023:2044-1: moderate: Security update for dmidecode Message-ID: <168252661073.25386.9768724521687231989@smelt2.suse.de> # Security update for dmidecode Announcement ID: SUSE-SU-2023:2044-1 Rating: moderate References: * #1210418 Cross-References: * CVE-2023-30630 CVSS scores: * CVE-2023-30630 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2023-30630 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP2 * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP2 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE OpenStack Cloud 9 * SUSE OpenStack Cloud Crowbar 9 An update that solves one vulnerability can now be installed. ## Description: This update for dmidecode fixes the following issues: * CVE-2023-30630: Fixed potential privilege escalation vulnerability via file overwrite (bsc#1210418). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE OpenStack Cloud 9 zypper in -t patch SUSE-OpenStack-Cloud-9-2023-2044=1 * SUSE OpenStack Cloud Crowbar 9 zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2023-2044=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 zypper in -t patch SUSE-SLE-SAP-12-SP4-2023-2044=1 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2023-2044=1 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 zypper in -t patch SUSE-SLE-SERVER-12-SP4-ESPOS-2023-2044=1 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2023-2044=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2044=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2044=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2044=1 ## Package List: * SUSE OpenStack Cloud 9 (x86_64) * dmidecode-debugsource-3.0-10.6.1 * dmidecode-3.0-10.6.1 * dmidecode-debuginfo-3.0-10.6.1 * SUSE OpenStack Cloud Crowbar 9 (x86_64) * dmidecode-debugsource-3.0-10.6.1 * dmidecode-3.0-10.6.1 * dmidecode-debuginfo-3.0-10.6.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 (x86_64) * dmidecode-debugsource-3.0-10.6.1 * dmidecode-3.0-10.6.1 * dmidecode-debuginfo-3.0-10.6.1 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 (x86_64) * dmidecode-debugsource-3.0-10.6.1 * dmidecode-3.0-10.6.1 * dmidecode-debuginfo-3.0-10.6.1 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 (aarch64 x86_64) * dmidecode-debugsource-3.0-10.6.1 * dmidecode-3.0-10.6.1 * dmidecode-debuginfo-3.0-10.6.1 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 (aarch64 x86_64) * dmidecode-debugsource-3.0-10.6.1 * dmidecode-3.0-10.6.1 * dmidecode-debuginfo-3.0-10.6.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * dmidecode-debugsource-3.0-10.6.1 * dmidecode-3.0-10.6.1 * dmidecode-debuginfo-3.0-10.6.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 x86_64) * dmidecode-debugsource-3.0-10.6.1 * dmidecode-3.0-10.6.1 * dmidecode-debuginfo-3.0-10.6.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (x86_64) * dmidecode-debugsource-3.0-10.6.1 * dmidecode-3.0-10.6.1 * dmidecode-debuginfo-3.0-10.6.1 ## References: * https://www.suse.com/security/cve/CVE-2023-30630.html * https://bugzilla.suse.com/show_bug.cgi?id=1210418 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Apr 26 20:30:03 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 26 Apr 2023 20:30:03 -0000 Subject: SUSE-SU-2023:2048-1: important: Security update for libxml2 Message-ID: <168254100359.17715.6520025730271160617@smelt2.suse.de> # Security update for libxml2 Announcement ID: SUSE-SU-2023:2048-1 Rating: important References: * #1065270 * #1199132 * #1204585 * #1210411 * #1210412 Cross-References: * CVE-2021-3541 * CVE-2022-29824 * CVE-2023-28484 * CVE-2023-29469 CVSS scores: * CVE-2021-3541 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-3541 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-29824 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2022-29824 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-28484 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-29469 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.4 * SUSE CaaS Platform 4.0 * SUSE Enterprise Storage 7 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Manager Proxy 4.2 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Server 4.2 An update that solves four vulnerabilities and has one fix can now be installed. ## Description: This update for libxml2 fixes the following issues: * CVE-2023-29469: Fixed inconsistent result when hashing empty strings (bsc#1210412). * CVE-2023-28484: Fixed NULL pointer dereference in xmlSchemaFixupComplexType (bsc#1210411). * CVE-2022-29824: Fixed integer overflow leading to out-of-bounds write in buf.c (bsc#1199132). The following non-security bugs were fixed: * Added W3C conformance tests to the testsuite (bsc#1204585). * Fixed NULL pointer dereference when parsing invalid data (glgo#libxml2!15) (bsc#1065270) . ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2048=1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-2048=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-2048=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-2048=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-2048=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-2048=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-2048=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-2048=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-2048=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-2048=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-2048=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-2048=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-2048=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-2048=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-2048=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-2048=1 * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-2048=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-2048=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-2048=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-2048=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * python3-libxml2-python-2.9.7-150000.3.57.1 * python-libxml2-python-debugsource-2.9.7-150000.3.57.1 * python3-libxml2-python-debuginfo-2.9.7-150000.3.57.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * python3-libxml2-python-2.9.7-150000.3.57.1 * libxml2-devel-2.9.7-150000.3.57.1 * python-libxml2-python-debugsource-2.9.7-150000.3.57.1 * libxml2-2-debuginfo-2.9.7-150000.3.57.1 * python2-libxml2-python-2.9.7-150000.3.57.1 * python3-libxml2-python-debuginfo-2.9.7-150000.3.57.1 * libxml2-debugsource-2.9.7-150000.3.57.1 * libxml2-tools-2.9.7-150000.3.57.1 * libxml2-2-2.9.7-150000.3.57.1 * python2-libxml2-python-debuginfo-2.9.7-150000.3.57.1 * libxml2-tools-debuginfo-2.9.7-150000.3.57.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (x86_64) * libxml2-2-32bit-debuginfo-2.9.7-150000.3.57.1 * libxml2-2-32bit-2.9.7-150000.3.57.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * python3-libxml2-python-2.9.7-150000.3.57.1 * libxml2-devel-2.9.7-150000.3.57.1 * python-libxml2-python-debugsource-2.9.7-150000.3.57.1 * libxml2-2-debuginfo-2.9.7-150000.3.57.1 * python2-libxml2-python-2.9.7-150000.3.57.1 * python3-libxml2-python-debuginfo-2.9.7-150000.3.57.1 * libxml2-debugsource-2.9.7-150000.3.57.1 * libxml2-tools-2.9.7-150000.3.57.1 * libxml2-2-2.9.7-150000.3.57.1 * python2-libxml2-python-debuginfo-2.9.7-150000.3.57.1 * libxml2-tools-debuginfo-2.9.7-150000.3.57.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (x86_64) * libxml2-2-32bit-debuginfo-2.9.7-150000.3.57.1 * libxml2-2-32bit-2.9.7-150000.3.57.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * python3-libxml2-python-2.9.7-150000.3.57.1 * libxml2-devel-2.9.7-150000.3.57.1 * python-libxml2-python-debugsource-2.9.7-150000.3.57.1 * libxml2-2-debuginfo-2.9.7-150000.3.57.1 * python3-libxml2-python-debuginfo-2.9.7-150000.3.57.1 * libxml2-debugsource-2.9.7-150000.3.57.1 * libxml2-tools-2.9.7-150000.3.57.1 * libxml2-2-2.9.7-150000.3.57.1 * libxml2-tools-debuginfo-2.9.7-150000.3.57.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (x86_64) * libxml2-2-32bit-debuginfo-2.9.7-150000.3.57.1 * libxml2-2-32bit-2.9.7-150000.3.57.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * python3-libxml2-python-2.9.7-150000.3.57.1 * libxml2-devel-2.9.7-150000.3.57.1 * python-libxml2-python-debugsource-2.9.7-150000.3.57.1 * libxml2-2-debuginfo-2.9.7-150000.3.57.1 * python3-libxml2-python-debuginfo-2.9.7-150000.3.57.1 * libxml2-debugsource-2.9.7-150000.3.57.1 * libxml2-tools-2.9.7-150000.3.57.1 * libxml2-2-2.9.7-150000.3.57.1 * libxml2-tools-debuginfo-2.9.7-150000.3.57.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (x86_64) * libxml2-2-32bit-debuginfo-2.9.7-150000.3.57.1 * libxml2-2-32bit-2.9.7-150000.3.57.1 * SUSE Linux Enterprise Real Time 15 SP3 (x86_64) * libxml2-2-32bit-debuginfo-2.9.7-150000.3.57.1 * python3-libxml2-python-2.9.7-150000.3.57.1 * libxml2-2-32bit-2.9.7-150000.3.57.1 * libxml2-devel-2.9.7-150000.3.57.1 * python-libxml2-python-debugsource-2.9.7-150000.3.57.1 * libxml2-2-debuginfo-2.9.7-150000.3.57.1 * python3-libxml2-python-debuginfo-2.9.7-150000.3.57.1 * libxml2-debugsource-2.9.7-150000.3.57.1 * libxml2-tools-2.9.7-150000.3.57.1 * libxml2-2-2.9.7-150000.3.57.1 * libxml2-tools-debuginfo-2.9.7-150000.3.57.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * python3-libxml2-python-2.9.7-150000.3.57.1 * libxml2-devel-2.9.7-150000.3.57.1 * python-libxml2-python-debugsource-2.9.7-150000.3.57.1 * libxml2-2-debuginfo-2.9.7-150000.3.57.1 * python2-libxml2-python-2.9.7-150000.3.57.1 * python3-libxml2-python-debuginfo-2.9.7-150000.3.57.1 * libxml2-debugsource-2.9.7-150000.3.57.1 * libxml2-tools-2.9.7-150000.3.57.1 * libxml2-2-2.9.7-150000.3.57.1 * python2-libxml2-python-debuginfo-2.9.7-150000.3.57.1 * libxml2-tools-debuginfo-2.9.7-150000.3.57.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (x86_64) * libxml2-2-32bit-debuginfo-2.9.7-150000.3.57.1 * libxml2-2-32bit-2.9.7-150000.3.57.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * python3-libxml2-python-2.9.7-150000.3.57.1 * libxml2-devel-2.9.7-150000.3.57.1 * python-libxml2-python-debugsource-2.9.7-150000.3.57.1 * libxml2-2-debuginfo-2.9.7-150000.3.57.1 * python2-libxml2-python-2.9.7-150000.3.57.1 * python3-libxml2-python-debuginfo-2.9.7-150000.3.57.1 * libxml2-debugsource-2.9.7-150000.3.57.1 * libxml2-tools-2.9.7-150000.3.57.1 * libxml2-2-2.9.7-150000.3.57.1 * python2-libxml2-python-debuginfo-2.9.7-150000.3.57.1 * libxml2-tools-debuginfo-2.9.7-150000.3.57.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (x86_64) * libxml2-2-32bit-debuginfo-2.9.7-150000.3.57.1 * libxml2-2-32bit-2.9.7-150000.3.57.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * python3-libxml2-python-2.9.7-150000.3.57.1 * libxml2-devel-2.9.7-150000.3.57.1 * python-libxml2-python-debugsource-2.9.7-150000.3.57.1 * libxml2-2-debuginfo-2.9.7-150000.3.57.1 * python3-libxml2-python-debuginfo-2.9.7-150000.3.57.1 * libxml2-debugsource-2.9.7-150000.3.57.1 * libxml2-tools-2.9.7-150000.3.57.1 * libxml2-2-2.9.7-150000.3.57.1 * libxml2-tools-debuginfo-2.9.7-150000.3.57.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (x86_64) * libxml2-2-32bit-debuginfo-2.9.7-150000.3.57.1 * libxml2-2-32bit-2.9.7-150000.3.57.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * python3-libxml2-python-2.9.7-150000.3.57.1 * libxml2-devel-2.9.7-150000.3.57.1 * python-libxml2-python-debugsource-2.9.7-150000.3.57.1 * libxml2-2-debuginfo-2.9.7-150000.3.57.1 * python2-libxml2-python-2.9.7-150000.3.57.1 * python3-libxml2-python-debuginfo-2.9.7-150000.3.57.1 * libxml2-debugsource-2.9.7-150000.3.57.1 * libxml2-tools-2.9.7-150000.3.57.1 * libxml2-2-2.9.7-150000.3.57.1 * python2-libxml2-python-debuginfo-2.9.7-150000.3.57.1 * libxml2-tools-debuginfo-2.9.7-150000.3.57.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (x86_64) * libxml2-2-32bit-debuginfo-2.9.7-150000.3.57.1 * libxml2-2-32bit-2.9.7-150000.3.57.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * python3-libxml2-python-2.9.7-150000.3.57.1 * libxml2-devel-2.9.7-150000.3.57.1 * python-libxml2-python-debugsource-2.9.7-150000.3.57.1 * libxml2-2-debuginfo-2.9.7-150000.3.57.1 * python2-libxml2-python-2.9.7-150000.3.57.1 * python3-libxml2-python-debuginfo-2.9.7-150000.3.57.1 * libxml2-debugsource-2.9.7-150000.3.57.1 * libxml2-tools-2.9.7-150000.3.57.1 * libxml2-2-2.9.7-150000.3.57.1 * python2-libxml2-python-debuginfo-2.9.7-150000.3.57.1 * libxml2-tools-debuginfo-2.9.7-150000.3.57.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (x86_64) * libxml2-2-32bit-debuginfo-2.9.7-150000.3.57.1 * libxml2-2-32bit-2.9.7-150000.3.57.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * python3-libxml2-python-2.9.7-150000.3.57.1 * libxml2-devel-2.9.7-150000.3.57.1 * python-libxml2-python-debugsource-2.9.7-150000.3.57.1 * libxml2-2-debuginfo-2.9.7-150000.3.57.1 * python3-libxml2-python-debuginfo-2.9.7-150000.3.57.1 * libxml2-debugsource-2.9.7-150000.3.57.1 * libxml2-tools-2.9.7-150000.3.57.1 * libxml2-2-2.9.7-150000.3.57.1 * libxml2-tools-debuginfo-2.9.7-150000.3.57.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (x86_64) * libxml2-2-32bit-debuginfo-2.9.7-150000.3.57.1 * libxml2-2-32bit-2.9.7-150000.3.57.1 * SUSE Manager Proxy 4.2 (x86_64) * libxml2-2-32bit-debuginfo-2.9.7-150000.3.57.1 * python3-libxml2-python-2.9.7-150000.3.57.1 * libxml2-2-32bit-2.9.7-150000.3.57.1 * libxml2-devel-2.9.7-150000.3.57.1 * python-libxml2-python-debugsource-2.9.7-150000.3.57.1 * libxml2-2-debuginfo-2.9.7-150000.3.57.1 * python3-libxml2-python-debuginfo-2.9.7-150000.3.57.1 * libxml2-debugsource-2.9.7-150000.3.57.1 * libxml2-tools-2.9.7-150000.3.57.1 * libxml2-2-2.9.7-150000.3.57.1 * libxml2-tools-debuginfo-2.9.7-150000.3.57.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * libxml2-2-32bit-debuginfo-2.9.7-150000.3.57.1 * python3-libxml2-python-2.9.7-150000.3.57.1 * libxml2-2-32bit-2.9.7-150000.3.57.1 * libxml2-devel-2.9.7-150000.3.57.1 * python-libxml2-python-debugsource-2.9.7-150000.3.57.1 * libxml2-2-debuginfo-2.9.7-150000.3.57.1 * python3-libxml2-python-debuginfo-2.9.7-150000.3.57.1 * libxml2-debugsource-2.9.7-150000.3.57.1 * libxml2-tools-2.9.7-150000.3.57.1 * libxml2-2-2.9.7-150000.3.57.1 * libxml2-tools-debuginfo-2.9.7-150000.3.57.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * python3-libxml2-python-2.9.7-150000.3.57.1 * libxml2-devel-2.9.7-150000.3.57.1 * python-libxml2-python-debugsource-2.9.7-150000.3.57.1 * libxml2-2-debuginfo-2.9.7-150000.3.57.1 * python2-libxml2-python-2.9.7-150000.3.57.1 * python3-libxml2-python-debuginfo-2.9.7-150000.3.57.1 * libxml2-debugsource-2.9.7-150000.3.57.1 * libxml2-tools-2.9.7-150000.3.57.1 * libxml2-2-2.9.7-150000.3.57.1 * python2-libxml2-python-debuginfo-2.9.7-150000.3.57.1 * libxml2-tools-debuginfo-2.9.7-150000.3.57.1 * SUSE Manager Server 4.2 (x86_64) * libxml2-2-32bit-debuginfo-2.9.7-150000.3.57.1 * libxml2-2-32bit-2.9.7-150000.3.57.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * python3-libxml2-python-2.9.7-150000.3.57.1 * libxml2-devel-2.9.7-150000.3.57.1 * python-libxml2-python-debugsource-2.9.7-150000.3.57.1 * libxml2-2-debuginfo-2.9.7-150000.3.57.1 * python3-libxml2-python-debuginfo-2.9.7-150000.3.57.1 * libxml2-debugsource-2.9.7-150000.3.57.1 * libxml2-tools-2.9.7-150000.3.57.1 * libxml2-2-2.9.7-150000.3.57.1 * libxml2-tools-debuginfo-2.9.7-150000.3.57.1 * SUSE Enterprise Storage 7.1 (x86_64) * libxml2-2-32bit-debuginfo-2.9.7-150000.3.57.1 * libxml2-2-32bit-2.9.7-150000.3.57.1 * SUSE Enterprise Storage 7 (aarch64 x86_64) * python3-libxml2-python-2.9.7-150000.3.57.1 * libxml2-devel-2.9.7-150000.3.57.1 * python-libxml2-python-debugsource-2.9.7-150000.3.57.1 * libxml2-2-debuginfo-2.9.7-150000.3.57.1 * python2-libxml2-python-2.9.7-150000.3.57.1 * python3-libxml2-python-debuginfo-2.9.7-150000.3.57.1 * libxml2-debugsource-2.9.7-150000.3.57.1 * libxml2-tools-2.9.7-150000.3.57.1 * libxml2-2-2.9.7-150000.3.57.1 * python2-libxml2-python-debuginfo-2.9.7-150000.3.57.1 * libxml2-tools-debuginfo-2.9.7-150000.3.57.1 * SUSE Enterprise Storage 7 (x86_64) * libxml2-2-32bit-debuginfo-2.9.7-150000.3.57.1 * libxml2-2-32bit-2.9.7-150000.3.57.1 * SUSE CaaS Platform 4.0 (x86_64) * libxml2-2-32bit-debuginfo-2.9.7-150000.3.57.1 * libxml2-2-32bit-2.9.7-150000.3.57.1 * python3-libxml2-python-2.9.7-150000.3.57.1 * libxml2-devel-2.9.7-150000.3.57.1 * python-libxml2-python-debugsource-2.9.7-150000.3.57.1 * libxml2-2-debuginfo-2.9.7-150000.3.57.1 * python2-libxml2-python-2.9.7-150000.3.57.1 * python3-libxml2-python-debuginfo-2.9.7-150000.3.57.1 * libxml2-debugsource-2.9.7-150000.3.57.1 * libxml2-tools-2.9.7-150000.3.57.1 * libxml2-2-2.9.7-150000.3.57.1 * python2-libxml2-python-debuginfo-2.9.7-150000.3.57.1 * libxml2-tools-debuginfo-2.9.7-150000.3.57.1 * SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64) * libxml2-2-debuginfo-2.9.7-150000.3.57.1 * libxml2-debugsource-2.9.7-150000.3.57.1 * libxml2-tools-2.9.7-150000.3.57.1 * libxml2-2-2.9.7-150000.3.57.1 * libxml2-tools-debuginfo-2.9.7-150000.3.57.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * python3-libxml2-python-2.9.7-150000.3.57.1 * python-libxml2-python-debugsource-2.9.7-150000.3.57.1 * libxml2-2-debuginfo-2.9.7-150000.3.57.1 * python3-libxml2-python-debuginfo-2.9.7-150000.3.57.1 * libxml2-debugsource-2.9.7-150000.3.57.1 * libxml2-tools-2.9.7-150000.3.57.1 * libxml2-2-2.9.7-150000.3.57.1 * libxml2-tools-debuginfo-2.9.7-150000.3.57.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * python3-libxml2-python-2.9.7-150000.3.57.1 * python-libxml2-python-debugsource-2.9.7-150000.3.57.1 * libxml2-2-debuginfo-2.9.7-150000.3.57.1 * python3-libxml2-python-debuginfo-2.9.7-150000.3.57.1 * libxml2-debugsource-2.9.7-150000.3.57.1 * libxml2-tools-2.9.7-150000.3.57.1 * libxml2-2-2.9.7-150000.3.57.1 * libxml2-tools-debuginfo-2.9.7-150000.3.57.1 ## References: * https://www.suse.com/security/cve/CVE-2021-3541.html * https://www.suse.com/security/cve/CVE-2022-29824.html * https://www.suse.com/security/cve/CVE-2023-28484.html * https://www.suse.com/security/cve/CVE-2023-29469.html * https://bugzilla.suse.com/show_bug.cgi?id=1065270 * https://bugzilla.suse.com/show_bug.cgi?id=1199132 * https://bugzilla.suse.com/show_bug.cgi?id=1204585 * https://bugzilla.suse.com/show_bug.cgi?id=1210411 * https://bugzilla.suse.com/show_bug.cgi?id=1210412 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Apr 27 07:02:25 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 27 Apr 2023 09:02:25 +0200 (CEST) Subject: SUSE-CU-2023:1280-1: Security update of rancher/elemental-builder-image/5.3 Message-ID: <20230427070225.D0D90F457@maintenance.suse.de> SUSE Container Update Advisory: rancher/elemental-builder-image/5.3 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1280-1 Container Tags : rancher/elemental-builder-image/5.3:0.2.5 , rancher/elemental-builder-image/5.3:0.2.5-4.2.6 , rancher/elemental-builder-image/5.3:latest Container Release : 4.2.6 Severity : critical Type : security References : 1119687 1130325 1130326 1141883 1150137 1157818 1158812 1158958 1158959 1158960 1159491 1159715 1159847 1159850 1160309 1160438 1160439 1164719 1172091 1172115 1172234 1172236 1172240 1173641 1175622 1179584 1187810 1188882 1189036 1189802 1195773 1196125 1196205 1200581 1201225 1201590 1201783 1203274 1204357 1204867 1206337 1206579 1207064 1209165 1209234 1209372 1209667 928700 928701 944832 CVE-2015-3414 CVE-2015-3415 CVE-2018-20346 CVE-2019-16168 CVE-2019-19244 CVE-2019-19317 CVE-2019-19603 CVE-2019-19645 CVE-2019-19646 CVE-2019-19880 CVE-2019-19923 CVE-2019-19924 CVE-2019-19925 CVE-2019-19926 CVE-2019-19959 CVE-2019-20218 CVE-2019-9936 CVE-2019-9937 CVE-2020-13434 CVE-2020-13435 CVE-2020-13630 CVE-2020-13631 CVE-2020-13632 CVE-2020-15358 CVE-2020-9327 CVE-2021-36690 CVE-2022-34903 CVE-2022-3515 CVE-2022-35737 CVE-2022-46908 CVE-2022-47629 ----------------------------------------------------------------- The container rancher/elemental-builder-image/5.3 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:788-1 Released: Thu Mar 28 11:55:06 2019 Summary: Security update for sqlite3 Type: security Severity: moderate References: 1119687,CVE-2018-20346 This update for sqlite3 to version 3.27.2 fixes the following issue: Security issue fixed: - CVE-2018-20346: Fixed a remote code execution vulnerability in FTS3 (Magellan) (bsc#1119687). Release notes: https://www.sqlite.org/releaselog/3_27_2.html ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:1127-1 Released: Thu May 2 09:39:24 2019 Summary: Security update for sqlite3 Type: security Severity: moderate References: 1130325,1130326,CVE-2019-9936,CVE-2019-9937 This update for sqlite3 to version 3.28.0 fixes the following issues: Security issues fixed: - CVE-2019-9936: Fixed a heap-based buffer over-read, when running fts5 prefix queries inside transaction (bsc#1130326). - CVE-2019-9937: Fixed a denial of service related to interleaving reads and writes in a single transaction with an fts5 virtual table (bsc#1130325). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:2218-1 Released: Mon Aug 26 11:29:57 2019 Summary: Recommended update for pinentry Type: recommended Severity: moderate References: 1141883 This update for pinentry fixes the following issues: - Fix a dangling pointer in qt/main.cpp that caused crashes. (bsc#1141883) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:2533-1 Released: Thu Oct 3 15:02:50 2019 Summary: Security update for sqlite3 Type: security Severity: moderate References: 1150137,CVE-2019-16168 This update for sqlite3 fixes the following issues: Security issue fixed: - CVE-2019-16168: Fixed improper validation of sqlite_stat1 field that could lead to denial of service (bsc#1150137). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2320-1 Released: Wed Jul 14 17:01:06 2021 Summary: Security update for sqlite3 Type: security Severity: important References: 1157818,1158812,1158958,1158959,1158960,1159491,1159715,1159847,1159850,1160309,1160438,1160439,1164719,1172091,1172115,1172234,1172236,1172240,1173641,928700,928701,CVE-2015-3414,CVE-2015-3415,CVE-2019-19244,CVE-2019-19317,CVE-2019-19603,CVE-2019-19645,CVE-2019-19646,CVE-2019-19880,CVE-2019-19923,CVE-2019-19924,CVE-2019-19925,CVE-2019-19926,CVE-2019-19959,CVE-2019-20218,CVE-2020-13434,CVE-2020-13435,CVE-2020-13630,CVE-2020-13631,CVE-2020-13632,CVE-2020-15358,CVE-2020-9327 This update for sqlite3 fixes the following issues: - Update to version 3.36.0 - CVE-2020-15358: heap-based buffer overflow in multiSelectOrderBy due to mishandling of query-flattener optimization (bsc#1173641) - CVE-2020-9327: NULL pointer dereference and segmentation fault because of generated column optimizations in isAuxiliaryVtabOperator (bsc#1164719) - CVE-2019-20218: selectExpander in select.c proceeds with WITH stack unwinding even after a parsing error (bsc#1160439) - CVE-2019-19959: memory-management error via ext/misc/zipfile.c involving embedded '\0' input (bsc#1160438) - CVE-2019-19923: improper handling of certain uses of SELECT DISTINCT in flattenSubquery may lead to null pointer dereference (bsc#1160309) - CVE-2019-19924: improper error handling in sqlite3WindowRewrite() (bsc#1159850) - CVE-2019-19925: improper handling of NULL pathname during an update of a ZIP archive (bsc#1159847) - CVE-2019-19926: improper handling of certain errors during parsing multiSelect in select.c (bsc#1159715) - CVE-2019-19880: exprListAppendList in window.c allows attackers to trigger an invalid pointer dereference (bsc#1159491) - CVE-2019-19603: during handling of CREATE TABLE and CREATE VIEW statements, does not consider confusion with a shadow table name (bsc#1158960) - CVE-2019-19646: pragma.c mishandles NOT NULL in an integrity_check PRAGMA command in certain cases of generated columns (bsc#1158959) - CVE-2019-19645: alter.c allows attackers to trigger infinite recursion via certain types of self-referential views in conjunction with ALTER TABLE statements (bsc#1158958) - CVE-2019-19317: lookupName in resolve.c omits bits from the colUsed bitmask in the case of a generated column, which allows attackers to cause a denial of service (bsc#1158812) - CVE-2019-19244: sqlite3,sqlite2,sqlite: The function sqlite3Select in select.c allows a crash if a sub-select uses both DISTINCT and window functions, and also has certain ORDER BY usage (bsc#1157818) - CVE-2015-3415: sqlite3VdbeExec comparison operator vulnerability (bsc#928701) - CVE-2015-3414: sqlite3,sqlite2: dequoting of collation-sequence names (bsc#928700) - CVE-2020-13434: integer overflow in sqlite3_str_vappendf (bsc#1172115) - CVE-2020-13630: (bsc#1172234: use-after-free in fts3EvalNextRow - CVE-2020-13631: virtual table allowed to be renamed to one of its shadow tables (bsc#1172236) - CVE-2020-13632: NULL pointer dereference via crafted matchinfo() query (bsc#1172240) - CVE-2020-13435: Malicious SQL statements could have crashed the process that is running SQLite (bsc#1172091) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2546-1 Released: Mon Jul 25 14:43:22 2022 Summary: Security update for gpg2 Type: security Severity: important References: 1196125,1201225,CVE-2022-34903 This update for gpg2 fixes the following issues: - CVE-2022-34903: Fixed a status injection vulnerability (bsc#1201225). - Use AES as default cipher instead of 3DES when we are in FIPS mode. (bsc#1196125) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3304-1 Released: Mon Sep 19 11:43:25 2022 Summary: Recommended update for libassuan Type: recommended Severity: moderate References: This update for libassuan fixes the following issues: - Add a timeout for writing to a SOCKS5 proxy - Add workaround for a problem with LD_LIBRARY_PATH on newer systems - Fix issue in the logging code - Fix some build trivialities - Upgrade autoconf ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3307-1 Released: Mon Sep 19 13:26:51 2022 Summary: Security update for sqlite3 Type: security Severity: moderate References: 1189802,1195773,1201783,CVE-2021-36690,CVE-2022-35737 This update for sqlite3 fixes the following issues: - CVE-2022-35737: Fixed an array-bounds overflow if billions of bytes are used in a string argument to a C API (bnc#1201783). - CVE-2021-36690: Fixed an issue with the SQLite Expert extension when a column has no collating sequence (bsc#1189802). - Package the Tcl bindings here again so that we only ship one copy of SQLite (bsc#1195773). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3683-1 Released: Fri Oct 21 11:48:39 2022 Summary: Security update for libksba Type: security Severity: critical References: 1204357,CVE-2022-3515 This update for libksba fixes the following issues: - CVE-2022-3515: Fixed a possible overflow in the TLV parser (bsc#1204357). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4062-1 Released: Fri Nov 18 09:05:07 2022 Summary: Recommended update for libusb-1_0 Type: recommended Severity: moderate References: 1201590 This update for libusb-1_0 fixes the following issues: - Fix regression where some devices no longer work if they have a configuration value of 0 (bsc#1201590) ----------------------------------------------------------------- Advisory ID: SUSE-feature-2022:4601-1 Released: Wed Dec 21 12:23:59 2022 Summary: Feature update for GNOME 41 Type: feature Severity: moderate References: 1175622,1179584,1188882,1196205,1200581,1203274,1204867,944832 This update for GNOME 41 fixes the following issues: atkmm1_6: - Version update from 2.28.1 to 2.28.3 (jsc#PED-2235): * Meson build: Avoid unnecessary configuration warnings * Meson build: Perl is not required by new versions of mm-common * Meson build: Require meson >= 0.55.0 * Meson build: Specify 'check' option in run_command(). Will be necessary with future versions of Meson. * Require atk >= 2.12.0 Not a new requirement, but previously it was not specified in configure.ac and meson.build * Support building with Visual Studio 2022 eog: - Version update from 41.1 to 41.2 (jsc#PED-2235): * eog-window: use correct type for display_profile * Fix discovery of Evince for multi-page images evince: - Version update 41.3 to 41.4 (jsc#PED-2235): * shell: Fix failures when thumbnail extraction takes too long * Fix build with meson 0.60.0 and newer evolution: - Ensure evolution-devel is forward compatible with evolution-data-server-devel in a same major version (jsc#PED-2235) evolution-data-center: - Version update from 3.42.4 to 3.42.5 (jsc#PED-2235): * Google OAuth out-of-band (oob) flow will be deprecated folks: - Version update 0.15.3 to 0.15.5 (jsc#PED-2235): * vapi: Add missing generic type argument * Fix docs build against newer eds version * Fix build against newer eds version * Remove volatile keyword from tests gcr: - Version update 3.41.0 to 3.41.1 (jsc#PED-2235): * Add G_SPAWN_CLOEXEC_PIPES flag to all the g_spawn commands * Add gi-docgen dependency which is needed by the docs * Fix build with meson 0.60.0 and newer * Fix build without systemd * Several CI fixes geocode-glib: - Version update from 3.26.2 to 3.26.4 (jsc#PED-2235): * Fix to a test data file not being installed, and a bug fix for a bug in the libsoup3 port * Add support for libsoup 3.x gjs: - Version update from 1.70.1 to 1.70.2 (jsc#PED-2235): * Build and compatibility fixes backported from the development branch * Reverse order of running-from-source checks - Require xorg-x11-Xvfb for proper package build (bsc#1203274) glib2: - Version update from 2.70.4 to 2.70.5 (jsc#PED-2235): * Bugs fixed: glgo#GNOME/GLib#2620, glgo#GNOME/GLib!2537, glgo#GNOME/GLib!2555 * Split gtk-docs from -devel package, these are not needed during building projects using glib2 gnome-control-center: - Fix the size of logo icon in About system (bsc#1200581) - Version update from 41.4 to 41.7 (jsc#PED-2235): * Cellular: Remove duplicate line from .desktop * Info: Allow changing 'Device Name' by pressing 'Enter' * Info: Remove trailing space after CPU name * Keyboard: Fix crash resetting all keyboard shortcuts * Keyboard: Fix leaks * Network: Fix saving passwords for non-wifi connections * Network: Fix critical when opening VPN details page * Wacom: Fix leaks gnome-desktop: - Version update from 41.2 to 41.8 (jsc#PED-2235): * Version increase but no actual changes gnome-music: - Version update from 41.0 to 41.1 (jsc#PED-2235): * Ensure the correct album is played * Fix build with meson 0.61.0 and newer * Fix crash on empty selection * Fix incorrect playlist import * Fix time displayed in RTL languages * Improve async queue work * Make random shuffle actually random * Make shuffle random * Speed increase on first startup on larger collections * Time is reversed in RTL gnome-remote-desktop: - Version update from 41.2 to 41.3 (jsc#PED-2235): * Add Icelandic translation gnome-session: - Clear error messages that can be ignored because expected to happen for GDM sessions (bsc#1204867) - Add fix for gnome-session to exit immediately when lost name on bus (bsc#1175622, bsc#1188882) gnome-shell: - Disable offline update suggestion before shutdown/reboot in SLE and openSUSE Leap (bsc#944832) - Version update from 41.4 to 41.9 (jsc#PED-2235): * Allow extension updates with only Extension Manager installed * Allow more intermediate icon sizes in app grid * Disable workspace switching while in search. * Do not create systemd scope for D-Bus activated apps * Fix calendar to correctly align world clocks header in RTL * Fix drag placeholder position in dash in RTL locales * Fix edge case where windows stay dimmed after a modal is closed * Fix feedback when turning on a11y features by keyboard * Fix focus tracking in magnifier on wayland * Fix fractional timezone offsets in world clock * Fix glitches in overview transition * Fix logging in with realmd * Fix memory leak * Fix opening device settings for enterprise WPA networks * Fix programatically set scrollview fade * Fix regression in ibus support * Fix unresponsive top bar in overview when in fullscreen * Handle monitor changes during startup animation * Hide overview after 'Show Details' from app context menu * Improve Belgian on-screen keyboard layout * Improve CSS shadow appearance * Make sure startup animation completes * Misc. bug fixes and cleanups * Only close messages via delete key if they can be closed * Respect IM hint for candidates list in on-screen keyboard gnome-software: - Disable offline update feature in SUSE Linux Enterprise and openSUSE Leap (bsc#944832) - Version update from 41.4 to 41.5 (jsc#PED-2235): * Added several appstream-related fixed * Disable scroll-by-mouse-wheel on featured carousel * Ensure details page shows app provided on command line gnome-terminal: - Version update from 3.42.2 to 3.42.3 (jsc#PED-2235): * Fix build with meson 0.61.0 and newer * window: Use a normal menu for the popup menu gnome-user-docs: - Version update from 41.1 to 41.5 (jsc#PED-2235): * Added missing icon for network-wired-symbolic gspell: - Version update from 1.8.4 to 1.10.0 (jsc#PED-2235): * Build: distribute more files in tarballs * Documentation improvements gtkmm3: - Version update from 3.24.5 to 3.24.6 (jsc#PED-2235): * Build with Meson: MSVC build: Support Visual Studio 2022 * Check if Perl is required for building documentation * Don't use deprecated python3.path() and execute (..., gui_app...) * GTK: TreeValueProxy: Declare copy constructor = default, avoiding warnings from the claing++ compiler * Object::_release_c_instance(): Unref orphan managed widgets * SizeGroup demo: Set active items in the combo boxs, so something is shown * Specify 'check' option in run_command() gtk-vnc: - Version update from 1.3.0 to 1.3.1 (jsc#PED-2235): * Add 'check' arg to meson run_command() * Fix invalid use of subprojects with meson * Support ZRLE encoding for zero size alpha cursors gupnp-av: - Version update from 0.12.11 to 0.14.1 (jsc#PED-2235): * Add utility function to format GDateTime to the iso variant DIDL expects * Allow to be used as a subproject * Drop autotools * Fix stripping @refID * Fix unsetting subtitleFileType * Make Feature derivable again * Obsolete code removal. * Port to modern GObject * Remove hand-written ref-counting, use RcBox/AtomicRcBox instead. * Switch to meson build system, following upstream - Rename libgupnp-av-1_0-2 subpackage to libgupnp-av-1_0-3, correcting the package name to match the provided library - Conflict with the wrongly provided libgupnp-av-1_0-2 gvfs: - Version update from 1.48.1 to 1.48.2 (jsc#PED-2235): * sftp: Adapt on new OpenSSH password prompts * smb: Rework anonymous handling to avoid EINVAL * smb: Ignore EINVAL for kerberos/ccache login libgsf: - Version update from 1.14.48 to 1.14.50 (jsc#PED-2235): * Fix error handling problem when writing ole files * Fix problems with non-western text in OLE properties * Use g_date_time_new_from_iso8601 and g_date_time_format_iso8601 when available libmediaart: - Version update from 1.9.5 to 1.9.6 (jsc#PED-2235): * build: Add introspection/vapi/tests options * build: Use library() to optionally build a static library libnma: - Version update from 1.8.32 to 1.8.40 (jsc#PED-2235): * Ad-Hoc networks now default to using WPA2 instead of WEP * Add possibility of building libnma-gtk4 library with Gtk4 support * Do not allow setting empty 802.1x domain for EAP TLS * Fixed keyboard accelerator for certificate chooser * Fixed libnma-gtk4 version of mobile-wizard * Include OWE wireless security option * The GtkBuilder files for Gtk4 are now included in the release tarball * WEP is no longer provided as an option for connecting to hidden networks due to its deprecated status - New sub-packages libnma-gtk4-0, typelib-1_0-NMA4-1_0 and libnma-gtk4-devel - Split out documentation files in own docs sub-package libnotify: - Version update from 0.7.10 to 0.7.12 (jsc#PED-2235): * Delete unused notifynotification.xml * Fix potential build errors with old glib version we require * docs/notify-send: Add --transient option to manpage * notification: Bookend calling NotifyActionCallback with temporary reference * notification: Include sender-pid hint by default if not provided * notify-send: Add debug message about server not supporting persistence * notify-send: Add explicit option to create transient notifications * notify-send: Add support for boolean hints * notify-send: Move server capabilities check to a separate function * notify-send: Support passing any hint value, by parsing variant strings libpeas: - Version update from 1.30.0 to 1.32.0 (jsc#PED-2235): * Icon licenses have been corrected * Parallel build system operation fixes * Use gi-docgen for documentation * Various build warnings squashed * Various GIR data that should not have been exported was removed - Stop packaging the demo files/sub-package librsvg: - Version update from 2.52.6 to 2.52.9 (jsc#PED-2235): * Catch circular references when rendering patterns * Fix regressions when computing element geometries * Fix regression outputting all text as paths libsecret: - Version update from 0.20.4 to 0.20.5 (jsc#PED-2235): * Add bash-completion for secret-tool * Add locking capabilities to secret tool * Add support for TPM2 based secret storage * Create default collection after DBus.Error.UnknownObject * Detect local storage in snaps in the same way as flatpaks * Drop autotools-based build * GI annotation and documentation fixes * Port documentation to gi-docgen * Use G_GNUC_NULL_TERMINATED where appropriate collection, methods, prompt: Port to GTask * secret-file-backend: Avoid closing the same file descriptor twice mutter: - Version update from 41.5 to 41.9 (jsc#PED-2235): * Fix '--replace option' * Fix missing root window properties after XWayland start * Fix night light without GAMMA_LUT property * KMS: Survive missing GAMMA_LUT property * wayland: Fix rotation transform * Misc. bug fixes nautilus: - Version update from 41.2 to 41.5(jsc#PED-2235): * Drag-and-drop bugfixes * HighContrast style fixes orca: - Version update from 41.1 to 41.3 (jsc#PED-2235): * Add more event-flood detection and handling for improved performance * Fix bug causing accessing preferences to fail for Esperanto * Web: Fix bug causing widgets descending from off-screen label elements to be skipped over * Web: Fix presentation of the FluentUI react dialog (and any other dialog which has an ARIA document-role descendant) * WebKitGtk: Fail gracefully when structural navigation commands are used in WebKitGtk 2.36.x python-cairo: - Add python3-cairo to SUSE Linux Enterprise Micro 5.3 as it is now required by python3-gobject-cairo python-gobject: - Add dependency on python-cairo to python-gobject-cairo: The introspection wrapper needs pycairo (bsc#1179584) - Version update from 3.42.0 to 3.42.2 (jsc#PED-2235): * Add a workaround for a PyPy 3.9+ bug when threads are used * Do not error out for unknown scopes * Prompt an error instead of crashing when marshaling unsupported fundamental types in some cases * Fix a crash/refcounting error in case marshaling a hash table fails * Fix crashes when marshaling zero terminated arrays for certain item types * Implement DynamicImporter.find_spec() to silence deprecation warning * Make the test suite pass again with PyPy * Some test/CI fixes * gtk overrides: Do not override Treeview.enable_model_drag_xx for GTK4 * gtk overrides: restore Gtk.ListStore.insert_with_valuesv with newer GTK4 * interface: Fix leak when overriding GInterfaceInfo * setup.py: look up pycairo headers without importing the module trackers-python: - Allow system calls used by gstreamer (bsc#1196205) - Version update from 3.2.2 to 3.2.1 (jsc#PED-2235): * Backport seccomp rules for rseq and mbind syscalls vala: - Version update from 0.54.6 to 0.54.8 (jsc#PED-2235): * Add missing TraverseVisitor.visit_data_type() * Add support for 'copy_/free_function' metadata for compact classes * Catch and throw possible inner error of lock statements * Clear SemanticAnalyzer.current_{symbol,source_file} when not needed anymore * Don't count instance-parameter when checking for backwards closure reference * Fix a few binding errors * Free empty stack list for code contexts * Handle duplicated and unnamed symbols. * Improve UI parsing and handling of nested objects and properties * Make sure to drop our 'trap' jump target in case of an error * Move dynamic property errors to semantic analyzer pass * Require lvalue access of delegate target/destroy 'fields' * Show source location when reporting deprecations * Transform assignment of an array element as needed * manual: Update from wiki.gnome.org * parser: Improve handling of nullable VarType in with-statement * parser: Reduce the source reference of main block method to its beginning xdg-desktop-portal-gnome: - Version update from 0.54.6 to 0.54.8 (jsc#PED-2235): * Properly bind property in Lockdown portal ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4628-1 Released: Wed Dec 28 09:23:13 2022 Summary: Security update for sqlite3 Type: security Severity: moderate References: 1206337,CVE-2022-46908 This update for sqlite3 fixes the following issues: - CVE-2022-46908: Properly implement the azProhibitedFunctions protection mechanism, when relying on --safe for execution of an untrusted CLI script (bsc#1206337). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:56-1 Released: Mon Jan 9 11:13:43 2023 Summary: Security update for libksba Type: security Severity: moderate References: 1206579,CVE-2022-47629 This update for libksba fixes the following issues: - CVE-2022-47629: Fixed an integer overflow vulnerability in the CRL signature parser (bsc#1206579). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1963-1 Released: Mon Apr 24 15:03:10 2023 Summary: Recommended update for grub2 Type: recommended Severity: moderate References: 1187810,1189036,1207064,1209165,1209234,1209372,1209667 This update for grub2 fixes the following issues: - Fix aarch64 kiwi image's file not found due to '/@' prepended to path in btrfs filesystem. (bsc#1209165) - Make grub more robust against storage race condition causing system boot failures (bsc#1189036) - Fix unknown filesystem error on disks with 4096 sector size (bsc#1207064, bsc#1209234) - Fix installation over serial console ends up in infinite boot loop (bsc#1187810, bsc#1209667, bsc#1209372) The following package changes have been done: - libusb-1_0-0-1.0.24-150400.3.3.1 added - libsqlite3-0-3.39.3-150000.3.20.1 added - libksba8-1.3.5-150000.4.6.1 added - libassuan0-2.5.5-150000.4.3.1 added - libnpth0-1.5-2.11 added - libglib-2_0-0-2.70.5-150400.3.3.1 added - pinentry-1.1.0-4.3.1 added - gpg2-2.2.27-150300.3.5.1 added - libgpgme11-1.16.0-150400.1.80 added - grub2-2.06-150400.11.30.1 updated - grub2-i386-pc-2.06-150400.11.30.1 updated From sle-updates at lists.suse.com Thu Apr 27 07:02:28 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 27 Apr 2023 09:02:28 +0200 (CEST) Subject: SUSE-CU-2023:1282-1: Security update of rancher/elemental-teal/5.3 Message-ID: <20230427070228.95AF2F457@maintenance.suse.de> SUSE Container Update Advisory: rancher/elemental-teal/5.3 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1282-1 Container Tags : rancher/elemental-teal/5.3:1.1.4 , rancher/elemental-teal/5.3:1.1.4-3.2.13 , rancher/elemental-teal/5.3:latest Container Release : 3.2.13 Severity : critical Type : security References : 1141883 1187810 1189036 1191546 1196125 1201225 1201590 1204357 1206579 1207064 1207209 1208242 1208999 1209165 1209234 1209372 1209667 CVE-2022-34903 CVE-2022-3515 CVE-2022-47629 ----------------------------------------------------------------- The container rancher/elemental-teal/5.3 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:2218-1 Released: Mon Aug 26 11:29:57 2019 Summary: Recommended update for pinentry Type: recommended Severity: moderate References: 1141883 This update for pinentry fixes the following issues: - Fix a dangling pointer in qt/main.cpp that caused crashes. (bsc#1141883) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2546-1 Released: Mon Jul 25 14:43:22 2022 Summary: Security update for gpg2 Type: security Severity: important References: 1196125,1201225,CVE-2022-34903 This update for gpg2 fixes the following issues: - CVE-2022-34903: Fixed a status injection vulnerability (bsc#1201225). - Use AES as default cipher instead of 3DES when we are in FIPS mode. (bsc#1196125) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3304-1 Released: Mon Sep 19 11:43:25 2022 Summary: Recommended update for libassuan Type: recommended Severity: moderate References: This update for libassuan fixes the following issues: - Add a timeout for writing to a SOCKS5 proxy - Add workaround for a problem with LD_LIBRARY_PATH on newer systems - Fix issue in the logging code - Fix some build trivialities - Upgrade autoconf ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3683-1 Released: Fri Oct 21 11:48:39 2022 Summary: Security update for libksba Type: security Severity: critical References: 1204357,CVE-2022-3515 This update for libksba fixes the following issues: - CVE-2022-3515: Fixed a possible overflow in the TLV parser (bsc#1204357). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4062-1 Released: Fri Nov 18 09:05:07 2022 Summary: Recommended update for libusb-1_0 Type: recommended Severity: moderate References: 1201590 This update for libusb-1_0 fixes the following issues: - Fix regression where some devices no longer work if they have a configuration value of 0 (bsc#1201590) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:56-1 Released: Mon Jan 9 11:13:43 2023 Summary: Security update for libksba Type: security Severity: moderate References: 1206579,CVE-2022-47629 This update for libksba fixes the following issues: - CVE-2022-47629: Fixed an integer overflow vulnerability in the CRL signature parser (bsc#1206579). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1939-1 Released: Fri Apr 21 11:14:30 2023 Summary: Recommended update for mozilla-nss Type: recommended Severity: moderate References: 1191546,1207209,1208242,1208999 This update for mozilla-nss fixes the following issues: - FIPS 140-3: Adjust SLI reporting for PBKDF2 parameter validation (bsc#1208999) - FIPS 140-3: Update session->lastOpWasFIPS before destroying the key after derivation in the CKM_TLS12_KEY_AND_MAC_DERIVE, CKM_NSS_TLS_KEY_AND_MAC_DERIVE_SHA256, CKM_TLS_KEY_AND_MAC_DERIVE and CKM_SSL3_KEY_AND_MAC_DERIVE cases. (bsc#1191546) - FIPS 140-3: more changes for pairwise consistency checks. (bsc#1207209) - Add manpages to mozilla-nss-tools (bsc#1208242) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1963-1 Released: Mon Apr 24 15:03:10 2023 Summary: Recommended update for grub2 Type: recommended Severity: moderate References: 1187810,1189036,1207064,1209165,1209234,1209372,1209667 This update for grub2 fixes the following issues: - Fix aarch64 kiwi image's file not found due to '/@' prepended to path in btrfs filesystem. (bsc#1209165) - Make grub more robust against storage race condition causing system boot failures (bsc#1189036) - Fix unknown filesystem error on disks with 4096 sector size (bsc#1207064, bsc#1209234) - Fix installation over serial console ends up in infinite boot loop (bsc#1187810, bsc#1209667, bsc#1209372) The following package changes have been done: - libusb-1_0-0-1.0.24-150400.3.3.1 added - libksba8-1.3.5-150000.4.6.1 added - libassuan0-2.5.5-150000.4.3.1 added - libnpth0-1.5-2.11 added - mozilla-nss-certs-3.79.4-150400.3.29.1 updated - libfreebl3-3.79.4-150400.3.29.1 updated - libsoftokn3-3.79.4-150400.3.29.1 updated - mozilla-nss-3.79.4-150400.3.29.1 updated - pinentry-1.1.0-4.3.1 added - grub2-2.06-150400.11.30.1 updated - grub2-i386-pc-2.06-150400.11.30.1 updated - gpg2-2.2.27-150300.3.5.1 added - libgpgme11-1.16.0-150400.1.80 added - container:micro-for-rancher-image-5.3.0-7.2.137 updated From sle-updates at lists.suse.com Thu Apr 27 07:02:30 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 27 Apr 2023 09:02:30 +0200 (CEST) Subject: SUSE-CU-2023:1283-1: Security update of rancher/elemental-operator/5.3 Message-ID: <20230427070230.849B2F457@maintenance.suse.de> SUSE Container Update Advisory: rancher/elemental-operator/5.3 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1283-1 Container Tags : rancher/elemental-operator/5.3:1.2.2 , rancher/elemental-operator/5.3:1.2.2-3.2.5 , rancher/elemental-operator/5.3:latest Container Release : 3.2.5 Severity : critical Type : security References : 1119687 1130325 1130326 1141883 1150137 1157818 1158812 1158958 1158959 1158960 1159491 1159715 1159847 1159850 1160309 1160438 1160439 1164719 1172091 1172115 1172234 1172236 1172240 1173641 1175622 1179584 1188882 1189683 1189802 1195773 1196125 1196205 1200581 1201225 1201590 1201783 1203274 1204357 1204867 1206337 1206579 928700 928701 944832 CVE-2015-3414 CVE-2015-3415 CVE-2018-20346 CVE-2019-16168 CVE-2019-19244 CVE-2019-19317 CVE-2019-19603 CVE-2019-19645 CVE-2019-19646 CVE-2019-19880 CVE-2019-19923 CVE-2019-19924 CVE-2019-19925 CVE-2019-19926 CVE-2019-19959 CVE-2019-20218 CVE-2019-9936 CVE-2019-9937 CVE-2020-13434 CVE-2020-13435 CVE-2020-13630 CVE-2020-13631 CVE-2020-13632 CVE-2020-15358 CVE-2020-9327 CVE-2021-36690 CVE-2022-34903 CVE-2022-3515 CVE-2022-35737 CVE-2022-46908 CVE-2022-47629 ----------------------------------------------------------------- The container rancher/elemental-operator/5.3 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:788-1 Released: Thu Mar 28 11:55:06 2019 Summary: Security update for sqlite3 Type: security Severity: moderate References: 1119687,CVE-2018-20346 This update for sqlite3 to version 3.27.2 fixes the following issue: Security issue fixed: - CVE-2018-20346: Fixed a remote code execution vulnerability in FTS3 (Magellan) (bsc#1119687). Release notes: https://www.sqlite.org/releaselog/3_27_2.html ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:1127-1 Released: Thu May 2 09:39:24 2019 Summary: Security update for sqlite3 Type: security Severity: moderate References: 1130325,1130326,CVE-2019-9936,CVE-2019-9937 This update for sqlite3 to version 3.28.0 fixes the following issues: Security issues fixed: - CVE-2019-9936: Fixed a heap-based buffer over-read, when running fts5 prefix queries inside transaction (bsc#1130326). - CVE-2019-9937: Fixed a denial of service related to interleaving reads and writes in a single transaction with an fts5 virtual table (bsc#1130325). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:2218-1 Released: Mon Aug 26 11:29:57 2019 Summary: Recommended update for pinentry Type: recommended Severity: moderate References: 1141883 This update for pinentry fixes the following issues: - Fix a dangling pointer in qt/main.cpp that caused crashes. (bsc#1141883) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:2533-1 Released: Thu Oct 3 15:02:50 2019 Summary: Security update for sqlite3 Type: security Severity: moderate References: 1150137,CVE-2019-16168 This update for sqlite3 fixes the following issues: Security issue fixed: - CVE-2019-16168: Fixed improper validation of sqlite_stat1 field that could lead to denial of service (bsc#1150137). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2320-1 Released: Wed Jul 14 17:01:06 2021 Summary: Security update for sqlite3 Type: security Severity: important References: 1157818,1158812,1158958,1158959,1158960,1159491,1159715,1159847,1159850,1160309,1160438,1160439,1164719,1172091,1172115,1172234,1172236,1172240,1173641,928700,928701,CVE-2015-3414,CVE-2015-3415,CVE-2019-19244,CVE-2019-19317,CVE-2019-19603,CVE-2019-19645,CVE-2019-19646,CVE-2019-19880,CVE-2019-19923,CVE-2019-19924,CVE-2019-19925,CVE-2019-19926,CVE-2019-19959,CVE-2019-20218,CVE-2020-13434,CVE-2020-13435,CVE-2020-13630,CVE-2020-13631,CVE-2020-13632,CVE-2020-15358,CVE-2020-9327 This update for sqlite3 fixes the following issues: - Update to version 3.36.0 - CVE-2020-15358: heap-based buffer overflow in multiSelectOrderBy due to mishandling of query-flattener optimization (bsc#1173641) - CVE-2020-9327: NULL pointer dereference and segmentation fault because of generated column optimizations in isAuxiliaryVtabOperator (bsc#1164719) - CVE-2019-20218: selectExpander in select.c proceeds with WITH stack unwinding even after a parsing error (bsc#1160439) - CVE-2019-19959: memory-management error via ext/misc/zipfile.c involving embedded '\0' input (bsc#1160438) - CVE-2019-19923: improper handling of certain uses of SELECT DISTINCT in flattenSubquery may lead to null pointer dereference (bsc#1160309) - CVE-2019-19924: improper error handling in sqlite3WindowRewrite() (bsc#1159850) - CVE-2019-19925: improper handling of NULL pathname during an update of a ZIP archive (bsc#1159847) - CVE-2019-19926: improper handling of certain errors during parsing multiSelect in select.c (bsc#1159715) - CVE-2019-19880: exprListAppendList in window.c allows attackers to trigger an invalid pointer dereference (bsc#1159491) - CVE-2019-19603: during handling of CREATE TABLE and CREATE VIEW statements, does not consider confusion with a shadow table name (bsc#1158960) - CVE-2019-19646: pragma.c mishandles NOT NULL in an integrity_check PRAGMA command in certain cases of generated columns (bsc#1158959) - CVE-2019-19645: alter.c allows attackers to trigger infinite recursion via certain types of self-referential views in conjunction with ALTER TABLE statements (bsc#1158958) - CVE-2019-19317: lookupName in resolve.c omits bits from the colUsed bitmask in the case of a generated column, which allows attackers to cause a denial of service (bsc#1158812) - CVE-2019-19244: sqlite3,sqlite2,sqlite: The function sqlite3Select in select.c allows a crash if a sub-select uses both DISTINCT and window functions, and also has certain ORDER BY usage (bsc#1157818) - CVE-2015-3415: sqlite3VdbeExec comparison operator vulnerability (bsc#928701) - CVE-2015-3414: sqlite3,sqlite2: dequoting of collation-sequence names (bsc#928700) - CVE-2020-13434: integer overflow in sqlite3_str_vappendf (bsc#1172115) - CVE-2020-13630: (bsc#1172234: use-after-free in fts3EvalNextRow - CVE-2020-13631: virtual table allowed to be renamed to one of its shadow tables (bsc#1172236) - CVE-2020-13632: NULL pointer dereference via crafted matchinfo() query (bsc#1172240) - CVE-2020-13435: Malicious SQL statements could have crashed the process that is running SQLite (bsc#1172091) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3001-1 Released: Thu Sep 9 15:08:13 2021 Summary: Recommended update for netcfg Type: recommended Severity: moderate References: 1189683 This update for netcfg fixes the following issues: - add submissions port/protocol to services file for message submission over TLS protocol [bsc#1189683] ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2546-1 Released: Mon Jul 25 14:43:22 2022 Summary: Security update for gpg2 Type: security Severity: important References: 1196125,1201225,CVE-2022-34903 This update for gpg2 fixes the following issues: - CVE-2022-34903: Fixed a status injection vulnerability (bsc#1201225). - Use AES as default cipher instead of 3DES when we are in FIPS mode. (bsc#1196125) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3304-1 Released: Mon Sep 19 11:43:25 2022 Summary: Recommended update for libassuan Type: recommended Severity: moderate References: This update for libassuan fixes the following issues: - Add a timeout for writing to a SOCKS5 proxy - Add workaround for a problem with LD_LIBRARY_PATH on newer systems - Fix issue in the logging code - Fix some build trivialities - Upgrade autoconf ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3307-1 Released: Mon Sep 19 13:26:51 2022 Summary: Security update for sqlite3 Type: security Severity: moderate References: 1189802,1195773,1201783,CVE-2021-36690,CVE-2022-35737 This update for sqlite3 fixes the following issues: - CVE-2022-35737: Fixed an array-bounds overflow if billions of bytes are used in a string argument to a C API (bnc#1201783). - CVE-2021-36690: Fixed an issue with the SQLite Expert extension when a column has no collating sequence (bsc#1189802). - Package the Tcl bindings here again so that we only ship one copy of SQLite (bsc#1195773). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3683-1 Released: Fri Oct 21 11:48:39 2022 Summary: Security update for libksba Type: security Severity: critical References: 1204357,CVE-2022-3515 This update for libksba fixes the following issues: - CVE-2022-3515: Fixed a possible overflow in the TLV parser (bsc#1204357). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4062-1 Released: Fri Nov 18 09:05:07 2022 Summary: Recommended update for libusb-1_0 Type: recommended Severity: moderate References: 1201590 This update for libusb-1_0 fixes the following issues: - Fix regression where some devices no longer work if they have a configuration value of 0 (bsc#1201590) ----------------------------------------------------------------- Advisory ID: SUSE-feature-2022:4601-1 Released: Wed Dec 21 12:23:59 2022 Summary: Feature update for GNOME 41 Type: feature Severity: moderate References: 1175622,1179584,1188882,1196205,1200581,1203274,1204867,944832 This update for GNOME 41 fixes the following issues: atkmm1_6: - Version update from 2.28.1 to 2.28.3 (jsc#PED-2235): * Meson build: Avoid unnecessary configuration warnings * Meson build: Perl is not required by new versions of mm-common * Meson build: Require meson >= 0.55.0 * Meson build: Specify 'check' option in run_command(). Will be necessary with future versions of Meson. * Require atk >= 2.12.0 Not a new requirement, but previously it was not specified in configure.ac and meson.build * Support building with Visual Studio 2022 eog: - Version update from 41.1 to 41.2 (jsc#PED-2235): * eog-window: use correct type for display_profile * Fix discovery of Evince for multi-page images evince: - Version update 41.3 to 41.4 (jsc#PED-2235): * shell: Fix failures when thumbnail extraction takes too long * Fix build with meson 0.60.0 and newer evolution: - Ensure evolution-devel is forward compatible with evolution-data-server-devel in a same major version (jsc#PED-2235) evolution-data-center: - Version update from 3.42.4 to 3.42.5 (jsc#PED-2235): * Google OAuth out-of-band (oob) flow will be deprecated folks: - Version update 0.15.3 to 0.15.5 (jsc#PED-2235): * vapi: Add missing generic type argument * Fix docs build against newer eds version * Fix build against newer eds version * Remove volatile keyword from tests gcr: - Version update 3.41.0 to 3.41.1 (jsc#PED-2235): * Add G_SPAWN_CLOEXEC_PIPES flag to all the g_spawn commands * Add gi-docgen dependency which is needed by the docs * Fix build with meson 0.60.0 and newer * Fix build without systemd * Several CI fixes geocode-glib: - Version update from 3.26.2 to 3.26.4 (jsc#PED-2235): * Fix to a test data file not being installed, and a bug fix for a bug in the libsoup3 port * Add support for libsoup 3.x gjs: - Version update from 1.70.1 to 1.70.2 (jsc#PED-2235): * Build and compatibility fixes backported from the development branch * Reverse order of running-from-source checks - Require xorg-x11-Xvfb for proper package build (bsc#1203274) glib2: - Version update from 2.70.4 to 2.70.5 (jsc#PED-2235): * Bugs fixed: glgo#GNOME/GLib#2620, glgo#GNOME/GLib!2537, glgo#GNOME/GLib!2555 * Split gtk-docs from -devel package, these are not needed during building projects using glib2 gnome-control-center: - Fix the size of logo icon in About system (bsc#1200581) - Version update from 41.4 to 41.7 (jsc#PED-2235): * Cellular: Remove duplicate line from .desktop * Info: Allow changing 'Device Name' by pressing 'Enter' * Info: Remove trailing space after CPU name * Keyboard: Fix crash resetting all keyboard shortcuts * Keyboard: Fix leaks * Network: Fix saving passwords for non-wifi connections * Network: Fix critical when opening VPN details page * Wacom: Fix leaks gnome-desktop: - Version update from 41.2 to 41.8 (jsc#PED-2235): * Version increase but no actual changes gnome-music: - Version update from 41.0 to 41.1 (jsc#PED-2235): * Ensure the correct album is played * Fix build with meson 0.61.0 and newer * Fix crash on empty selection * Fix incorrect playlist import * Fix time displayed in RTL languages * Improve async queue work * Make random shuffle actually random * Make shuffle random * Speed increase on first startup on larger collections * Time is reversed in RTL gnome-remote-desktop: - Version update from 41.2 to 41.3 (jsc#PED-2235): * Add Icelandic translation gnome-session: - Clear error messages that can be ignored because expected to happen for GDM sessions (bsc#1204867) - Add fix for gnome-session to exit immediately when lost name on bus (bsc#1175622, bsc#1188882) gnome-shell: - Disable offline update suggestion before shutdown/reboot in SLE and openSUSE Leap (bsc#944832) - Version update from 41.4 to 41.9 (jsc#PED-2235): * Allow extension updates with only Extension Manager installed * Allow more intermediate icon sizes in app grid * Disable workspace switching while in search. * Do not create systemd scope for D-Bus activated apps * Fix calendar to correctly align world clocks header in RTL * Fix drag placeholder position in dash in RTL locales * Fix edge case where windows stay dimmed after a modal is closed * Fix feedback when turning on a11y features by keyboard * Fix focus tracking in magnifier on wayland * Fix fractional timezone offsets in world clock * Fix glitches in overview transition * Fix logging in with realmd * Fix memory leak * Fix opening device settings for enterprise WPA networks * Fix programatically set scrollview fade * Fix regression in ibus support * Fix unresponsive top bar in overview when in fullscreen * Handle monitor changes during startup animation * Hide overview after 'Show Details' from app context menu * Improve Belgian on-screen keyboard layout * Improve CSS shadow appearance * Make sure startup animation completes * Misc. bug fixes and cleanups * Only close messages via delete key if they can be closed * Respect IM hint for candidates list in on-screen keyboard gnome-software: - Disable offline update feature in SUSE Linux Enterprise and openSUSE Leap (bsc#944832) - Version update from 41.4 to 41.5 (jsc#PED-2235): * Added several appstream-related fixed * Disable scroll-by-mouse-wheel on featured carousel * Ensure details page shows app provided on command line gnome-terminal: - Version update from 3.42.2 to 3.42.3 (jsc#PED-2235): * Fix build with meson 0.61.0 and newer * window: Use a normal menu for the popup menu gnome-user-docs: - Version update from 41.1 to 41.5 (jsc#PED-2235): * Added missing icon for network-wired-symbolic gspell: - Version update from 1.8.4 to 1.10.0 (jsc#PED-2235): * Build: distribute more files in tarballs * Documentation improvements gtkmm3: - Version update from 3.24.5 to 3.24.6 (jsc#PED-2235): * Build with Meson: MSVC build: Support Visual Studio 2022 * Check if Perl is required for building documentation * Don't use deprecated python3.path() and execute (..., gui_app...) * GTK: TreeValueProxy: Declare copy constructor = default, avoiding warnings from the claing++ compiler * Object::_release_c_instance(): Unref orphan managed widgets * SizeGroup demo: Set active items in the combo boxs, so something is shown * Specify 'check' option in run_command() gtk-vnc: - Version update from 1.3.0 to 1.3.1 (jsc#PED-2235): * Add 'check' arg to meson run_command() * Fix invalid use of subprojects with meson * Support ZRLE encoding for zero size alpha cursors gupnp-av: - Version update from 0.12.11 to 0.14.1 (jsc#PED-2235): * Add utility function to format GDateTime to the iso variant DIDL expects * Allow to be used as a subproject * Drop autotools * Fix stripping @refID * Fix unsetting subtitleFileType * Make Feature derivable again * Obsolete code removal. * Port to modern GObject * Remove hand-written ref-counting, use RcBox/AtomicRcBox instead. * Switch to meson build system, following upstream - Rename libgupnp-av-1_0-2 subpackage to libgupnp-av-1_0-3, correcting the package name to match the provided library - Conflict with the wrongly provided libgupnp-av-1_0-2 gvfs: - Version update from 1.48.1 to 1.48.2 (jsc#PED-2235): * sftp: Adapt on new OpenSSH password prompts * smb: Rework anonymous handling to avoid EINVAL * smb: Ignore EINVAL for kerberos/ccache login libgsf: - Version update from 1.14.48 to 1.14.50 (jsc#PED-2235): * Fix error handling problem when writing ole files * Fix problems with non-western text in OLE properties * Use g_date_time_new_from_iso8601 and g_date_time_format_iso8601 when available libmediaart: - Version update from 1.9.5 to 1.9.6 (jsc#PED-2235): * build: Add introspection/vapi/tests options * build: Use library() to optionally build a static library libnma: - Version update from 1.8.32 to 1.8.40 (jsc#PED-2235): * Ad-Hoc networks now default to using WPA2 instead of WEP * Add possibility of building libnma-gtk4 library with Gtk4 support * Do not allow setting empty 802.1x domain for EAP TLS * Fixed keyboard accelerator for certificate chooser * Fixed libnma-gtk4 version of mobile-wizard * Include OWE wireless security option * The GtkBuilder files for Gtk4 are now included in the release tarball * WEP is no longer provided as an option for connecting to hidden networks due to its deprecated status - New sub-packages libnma-gtk4-0, typelib-1_0-NMA4-1_0 and libnma-gtk4-devel - Split out documentation files in own docs sub-package libnotify: - Version update from 0.7.10 to 0.7.12 (jsc#PED-2235): * Delete unused notifynotification.xml * Fix potential build errors with old glib version we require * docs/notify-send: Add --transient option to manpage * notification: Bookend calling NotifyActionCallback with temporary reference * notification: Include sender-pid hint by default if not provided * notify-send: Add debug message about server not supporting persistence * notify-send: Add explicit option to create transient notifications * notify-send: Add support for boolean hints * notify-send: Move server capabilities check to a separate function * notify-send: Support passing any hint value, by parsing variant strings libpeas: - Version update from 1.30.0 to 1.32.0 (jsc#PED-2235): * Icon licenses have been corrected * Parallel build system operation fixes * Use gi-docgen for documentation * Various build warnings squashed * Various GIR data that should not have been exported was removed - Stop packaging the demo files/sub-package librsvg: - Version update from 2.52.6 to 2.52.9 (jsc#PED-2235): * Catch circular references when rendering patterns * Fix regressions when computing element geometries * Fix regression outputting all text as paths libsecret: - Version update from 0.20.4 to 0.20.5 (jsc#PED-2235): * Add bash-completion for secret-tool * Add locking capabilities to secret tool * Add support for TPM2 based secret storage * Create default collection after DBus.Error.UnknownObject * Detect local storage in snaps in the same way as flatpaks * Drop autotools-based build * GI annotation and documentation fixes * Port documentation to gi-docgen * Use G_GNUC_NULL_TERMINATED where appropriate collection, methods, prompt: Port to GTask * secret-file-backend: Avoid closing the same file descriptor twice mutter: - Version update from 41.5 to 41.9 (jsc#PED-2235): * Fix '--replace option' * Fix missing root window properties after XWayland start * Fix night light without GAMMA_LUT property * KMS: Survive missing GAMMA_LUT property * wayland: Fix rotation transform * Misc. bug fixes nautilus: - Version update from 41.2 to 41.5(jsc#PED-2235): * Drag-and-drop bugfixes * HighContrast style fixes orca: - Version update from 41.1 to 41.3 (jsc#PED-2235): * Add more event-flood detection and handling for improved performance * Fix bug causing accessing preferences to fail for Esperanto * Web: Fix bug causing widgets descending from off-screen label elements to be skipped over * Web: Fix presentation of the FluentUI react dialog (and any other dialog which has an ARIA document-role descendant) * WebKitGtk: Fail gracefully when structural navigation commands are used in WebKitGtk 2.36.x python-cairo: - Add python3-cairo to SUSE Linux Enterprise Micro 5.3 as it is now required by python3-gobject-cairo python-gobject: - Add dependency on python-cairo to python-gobject-cairo: The introspection wrapper needs pycairo (bsc#1179584) - Version update from 3.42.0 to 3.42.2 (jsc#PED-2235): * Add a workaround for a PyPy 3.9+ bug when threads are used * Do not error out for unknown scopes * Prompt an error instead of crashing when marshaling unsupported fundamental types in some cases * Fix a crash/refcounting error in case marshaling a hash table fails * Fix crashes when marshaling zero terminated arrays for certain item types * Implement DynamicImporter.find_spec() to silence deprecation warning * Make the test suite pass again with PyPy * Some test/CI fixes * gtk overrides: Do not override Treeview.enable_model_drag_xx for GTK4 * gtk overrides: restore Gtk.ListStore.insert_with_valuesv with newer GTK4 * interface: Fix leak when overriding GInterfaceInfo * setup.py: look up pycairo headers without importing the module trackers-python: - Allow system calls used by gstreamer (bsc#1196205) - Version update from 3.2.2 to 3.2.1 (jsc#PED-2235): * Backport seccomp rules for rseq and mbind syscalls vala: - Version update from 0.54.6 to 0.54.8 (jsc#PED-2235): * Add missing TraverseVisitor.visit_data_type() * Add support for 'copy_/free_function' metadata for compact classes * Catch and throw possible inner error of lock statements * Clear SemanticAnalyzer.current_{symbol,source_file} when not needed anymore * Don't count instance-parameter when checking for backwards closure reference * Fix a few binding errors * Free empty stack list for code contexts * Handle duplicated and unnamed symbols. * Improve UI parsing and handling of nested objects and properties * Make sure to drop our 'trap' jump target in case of an error * Move dynamic property errors to semantic analyzer pass * Require lvalue access of delegate target/destroy 'fields' * Show source location when reporting deprecations * Transform assignment of an array element as needed * manual: Update from wiki.gnome.org * parser: Improve handling of nullable VarType in with-statement * parser: Reduce the source reference of main block method to its beginning xdg-desktop-portal-gnome: - Version update from 0.54.6 to 0.54.8 (jsc#PED-2235): * Properly bind property in Lockdown portal ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4628-1 Released: Wed Dec 28 09:23:13 2022 Summary: Security update for sqlite3 Type: security Severity: moderate References: 1206337,CVE-2022-46908 This update for sqlite3 fixes the following issues: - CVE-2022-46908: Properly implement the azProhibitedFunctions protection mechanism, when relying on --safe for execution of an untrusted CLI script (bsc#1206337). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:56-1 Released: Mon Jan 9 11:13:43 2023 Summary: Security update for libksba Type: security Severity: moderate References: 1206579,CVE-2022-47629 This update for libksba fixes the following issues: - CVE-2022-47629: Fixed an integer overflow vulnerability in the CRL signature parser (bsc#1206579). The following package changes have been done: - libudev1-249.16-150400.8.25.7 added - libusb-1_0-0-1.0.24-150400.3.3.1 added - libsqlite3-0-3.39.3-150000.3.20.1 added - libksba8-1.3.5-150000.4.6.1 added - libassuan0-2.5.5-150000.4.3.1 added - libnpth0-1.5-2.11 added - libglib-2_0-0-2.70.5-150400.3.3.1 added - pinentry-1.1.0-4.3.1 added - gpg2-2.2.27-150300.3.5.1 added - libgpgme11-1.16.0-150400.1.80 added - netcfg-11.6-3.3.1 added - libffi7-3.2.1.git259-10.8 added - libp11-kit0-0.23.22-150400.1.10 added From sle-updates at lists.suse.com Thu Apr 27 07:02:31 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 27 Apr 2023 09:02:31 +0200 (CEST) Subject: SUSE-CU-2023:1284-1: Security update of rancher/seedimage-builder/5.3 Message-ID: <20230427070232.00387F457@maintenance.suse.de> SUSE Container Update Advisory: rancher/seedimage-builder/5.3 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1284-1 Container Tags : rancher/seedimage-builder/5.3:1.2.2 , rancher/seedimage-builder/5.3:1.2.2-2.2.5 , rancher/seedimage-builder/5.3:latest Container Release : 2.2.5 Severity : critical Type : security References : 1119687 1130325 1130326 1141883 1150137 1157818 1158812 1158958 1158959 1158960 1159491 1159715 1159847 1159850 1160309 1160438 1160439 1164719 1172091 1172115 1172234 1172236 1172240 1173641 1175622 1179584 1188882 1189683 1189802 1195773 1196125 1196205 1200581 1201225 1201590 1201783 1203274 1204357 1204867 1206337 1206579 928700 928701 944832 CVE-2015-3414 CVE-2015-3415 CVE-2018-20346 CVE-2019-16168 CVE-2019-19244 CVE-2019-19317 CVE-2019-19603 CVE-2019-19645 CVE-2019-19646 CVE-2019-19880 CVE-2019-19923 CVE-2019-19924 CVE-2019-19925 CVE-2019-19926 CVE-2019-19959 CVE-2019-20218 CVE-2019-9936 CVE-2019-9937 CVE-2020-13434 CVE-2020-13435 CVE-2020-13630 CVE-2020-13631 CVE-2020-13632 CVE-2020-15358 CVE-2020-9327 CVE-2021-36690 CVE-2022-34903 CVE-2022-3515 CVE-2022-35737 CVE-2022-46908 CVE-2022-47629 ----------------------------------------------------------------- The container rancher/seedimage-builder/5.3 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:788-1 Released: Thu Mar 28 11:55:06 2019 Summary: Security update for sqlite3 Type: security Severity: moderate References: 1119687,CVE-2018-20346 This update for sqlite3 to version 3.27.2 fixes the following issue: Security issue fixed: - CVE-2018-20346: Fixed a remote code execution vulnerability in FTS3 (Magellan) (bsc#1119687). Release notes: https://www.sqlite.org/releaselog/3_27_2.html ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:1127-1 Released: Thu May 2 09:39:24 2019 Summary: Security update for sqlite3 Type: security Severity: moderate References: 1130325,1130326,CVE-2019-9936,CVE-2019-9937 This update for sqlite3 to version 3.28.0 fixes the following issues: Security issues fixed: - CVE-2019-9936: Fixed a heap-based buffer over-read, when running fts5 prefix queries inside transaction (bsc#1130326). - CVE-2019-9937: Fixed a denial of service related to interleaving reads and writes in a single transaction with an fts5 virtual table (bsc#1130325). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:2218-1 Released: Mon Aug 26 11:29:57 2019 Summary: Recommended update for pinentry Type: recommended Severity: moderate References: 1141883 This update for pinentry fixes the following issues: - Fix a dangling pointer in qt/main.cpp that caused crashes. (bsc#1141883) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:2533-1 Released: Thu Oct 3 15:02:50 2019 Summary: Security update for sqlite3 Type: security Severity: moderate References: 1150137,CVE-2019-16168 This update for sqlite3 fixes the following issues: Security issue fixed: - CVE-2019-16168: Fixed improper validation of sqlite_stat1 field that could lead to denial of service (bsc#1150137). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2320-1 Released: Wed Jul 14 17:01:06 2021 Summary: Security update for sqlite3 Type: security Severity: important References: 1157818,1158812,1158958,1158959,1158960,1159491,1159715,1159847,1159850,1160309,1160438,1160439,1164719,1172091,1172115,1172234,1172236,1172240,1173641,928700,928701,CVE-2015-3414,CVE-2015-3415,CVE-2019-19244,CVE-2019-19317,CVE-2019-19603,CVE-2019-19645,CVE-2019-19646,CVE-2019-19880,CVE-2019-19923,CVE-2019-19924,CVE-2019-19925,CVE-2019-19926,CVE-2019-19959,CVE-2019-20218,CVE-2020-13434,CVE-2020-13435,CVE-2020-13630,CVE-2020-13631,CVE-2020-13632,CVE-2020-15358,CVE-2020-9327 This update for sqlite3 fixes the following issues: - Update to version 3.36.0 - CVE-2020-15358: heap-based buffer overflow in multiSelectOrderBy due to mishandling of query-flattener optimization (bsc#1173641) - CVE-2020-9327: NULL pointer dereference and segmentation fault because of generated column optimizations in isAuxiliaryVtabOperator (bsc#1164719) - CVE-2019-20218: selectExpander in select.c proceeds with WITH stack unwinding even after a parsing error (bsc#1160439) - CVE-2019-19959: memory-management error via ext/misc/zipfile.c involving embedded '\0' input (bsc#1160438) - CVE-2019-19923: improper handling of certain uses of SELECT DISTINCT in flattenSubquery may lead to null pointer dereference (bsc#1160309) - CVE-2019-19924: improper error handling in sqlite3WindowRewrite() (bsc#1159850) - CVE-2019-19925: improper handling of NULL pathname during an update of a ZIP archive (bsc#1159847) - CVE-2019-19926: improper handling of certain errors during parsing multiSelect in select.c (bsc#1159715) - CVE-2019-19880: exprListAppendList in window.c allows attackers to trigger an invalid pointer dereference (bsc#1159491) - CVE-2019-19603: during handling of CREATE TABLE and CREATE VIEW statements, does not consider confusion with a shadow table name (bsc#1158960) - CVE-2019-19646: pragma.c mishandles NOT NULL in an integrity_check PRAGMA command in certain cases of generated columns (bsc#1158959) - CVE-2019-19645: alter.c allows attackers to trigger infinite recursion via certain types of self-referential views in conjunction with ALTER TABLE statements (bsc#1158958) - CVE-2019-19317: lookupName in resolve.c omits bits from the colUsed bitmask in the case of a generated column, which allows attackers to cause a denial of service (bsc#1158812) - CVE-2019-19244: sqlite3,sqlite2,sqlite: The function sqlite3Select in select.c allows a crash if a sub-select uses both DISTINCT and window functions, and also has certain ORDER BY usage (bsc#1157818) - CVE-2015-3415: sqlite3VdbeExec comparison operator vulnerability (bsc#928701) - CVE-2015-3414: sqlite3,sqlite2: dequoting of collation-sequence names (bsc#928700) - CVE-2020-13434: integer overflow in sqlite3_str_vappendf (bsc#1172115) - CVE-2020-13630: (bsc#1172234: use-after-free in fts3EvalNextRow - CVE-2020-13631: virtual table allowed to be renamed to one of its shadow tables (bsc#1172236) - CVE-2020-13632: NULL pointer dereference via crafted matchinfo() query (bsc#1172240) - CVE-2020-13435: Malicious SQL statements could have crashed the process that is running SQLite (bsc#1172091) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3001-1 Released: Thu Sep 9 15:08:13 2021 Summary: Recommended update for netcfg Type: recommended Severity: moderate References: 1189683 This update for netcfg fixes the following issues: - add submissions port/protocol to services file for message submission over TLS protocol [bsc#1189683] ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2546-1 Released: Mon Jul 25 14:43:22 2022 Summary: Security update for gpg2 Type: security Severity: important References: 1196125,1201225,CVE-2022-34903 This update for gpg2 fixes the following issues: - CVE-2022-34903: Fixed a status injection vulnerability (bsc#1201225). - Use AES as default cipher instead of 3DES when we are in FIPS mode. (bsc#1196125) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3304-1 Released: Mon Sep 19 11:43:25 2022 Summary: Recommended update for libassuan Type: recommended Severity: moderate References: This update for libassuan fixes the following issues: - Add a timeout for writing to a SOCKS5 proxy - Add workaround for a problem with LD_LIBRARY_PATH on newer systems - Fix issue in the logging code - Fix some build trivialities - Upgrade autoconf ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3307-1 Released: Mon Sep 19 13:26:51 2022 Summary: Security update for sqlite3 Type: security Severity: moderate References: 1189802,1195773,1201783,CVE-2021-36690,CVE-2022-35737 This update for sqlite3 fixes the following issues: - CVE-2022-35737: Fixed an array-bounds overflow if billions of bytes are used in a string argument to a C API (bnc#1201783). - CVE-2021-36690: Fixed an issue with the SQLite Expert extension when a column has no collating sequence (bsc#1189802). - Package the Tcl bindings here again so that we only ship one copy of SQLite (bsc#1195773). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3683-1 Released: Fri Oct 21 11:48:39 2022 Summary: Security update for libksba Type: security Severity: critical References: 1204357,CVE-2022-3515 This update for libksba fixes the following issues: - CVE-2022-3515: Fixed a possible overflow in the TLV parser (bsc#1204357). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4062-1 Released: Fri Nov 18 09:05:07 2022 Summary: Recommended update for libusb-1_0 Type: recommended Severity: moderate References: 1201590 This update for libusb-1_0 fixes the following issues: - Fix regression where some devices no longer work if they have a configuration value of 0 (bsc#1201590) ----------------------------------------------------------------- Advisory ID: SUSE-feature-2022:4601-1 Released: Wed Dec 21 12:23:59 2022 Summary: Feature update for GNOME 41 Type: feature Severity: moderate References: 1175622,1179584,1188882,1196205,1200581,1203274,1204867,944832 This update for GNOME 41 fixes the following issues: atkmm1_6: - Version update from 2.28.1 to 2.28.3 (jsc#PED-2235): * Meson build: Avoid unnecessary configuration warnings * Meson build: Perl is not required by new versions of mm-common * Meson build: Require meson >= 0.55.0 * Meson build: Specify 'check' option in run_command(). Will be necessary with future versions of Meson. * Require atk >= 2.12.0 Not a new requirement, but previously it was not specified in configure.ac and meson.build * Support building with Visual Studio 2022 eog: - Version update from 41.1 to 41.2 (jsc#PED-2235): * eog-window: use correct type for display_profile * Fix discovery of Evince for multi-page images evince: - Version update 41.3 to 41.4 (jsc#PED-2235): * shell: Fix failures when thumbnail extraction takes too long * Fix build with meson 0.60.0 and newer evolution: - Ensure evolution-devel is forward compatible with evolution-data-server-devel in a same major version (jsc#PED-2235) evolution-data-center: - Version update from 3.42.4 to 3.42.5 (jsc#PED-2235): * Google OAuth out-of-band (oob) flow will be deprecated folks: - Version update 0.15.3 to 0.15.5 (jsc#PED-2235): * vapi: Add missing generic type argument * Fix docs build against newer eds version * Fix build against newer eds version * Remove volatile keyword from tests gcr: - Version update 3.41.0 to 3.41.1 (jsc#PED-2235): * Add G_SPAWN_CLOEXEC_PIPES flag to all the g_spawn commands * Add gi-docgen dependency which is needed by the docs * Fix build with meson 0.60.0 and newer * Fix build without systemd * Several CI fixes geocode-glib: - Version update from 3.26.2 to 3.26.4 (jsc#PED-2235): * Fix to a test data file not being installed, and a bug fix for a bug in the libsoup3 port * Add support for libsoup 3.x gjs: - Version update from 1.70.1 to 1.70.2 (jsc#PED-2235): * Build and compatibility fixes backported from the development branch * Reverse order of running-from-source checks - Require xorg-x11-Xvfb for proper package build (bsc#1203274) glib2: - Version update from 2.70.4 to 2.70.5 (jsc#PED-2235): * Bugs fixed: glgo#GNOME/GLib#2620, glgo#GNOME/GLib!2537, glgo#GNOME/GLib!2555 * Split gtk-docs from -devel package, these are not needed during building projects using glib2 gnome-control-center: - Fix the size of logo icon in About system (bsc#1200581) - Version update from 41.4 to 41.7 (jsc#PED-2235): * Cellular: Remove duplicate line from .desktop * Info: Allow changing 'Device Name' by pressing 'Enter' * Info: Remove trailing space after CPU name * Keyboard: Fix crash resetting all keyboard shortcuts * Keyboard: Fix leaks * Network: Fix saving passwords for non-wifi connections * Network: Fix critical when opening VPN details page * Wacom: Fix leaks gnome-desktop: - Version update from 41.2 to 41.8 (jsc#PED-2235): * Version increase but no actual changes gnome-music: - Version update from 41.0 to 41.1 (jsc#PED-2235): * Ensure the correct album is played * Fix build with meson 0.61.0 and newer * Fix crash on empty selection * Fix incorrect playlist import * Fix time displayed in RTL languages * Improve async queue work * Make random shuffle actually random * Make shuffle random * Speed increase on first startup on larger collections * Time is reversed in RTL gnome-remote-desktop: - Version update from 41.2 to 41.3 (jsc#PED-2235): * Add Icelandic translation gnome-session: - Clear error messages that can be ignored because expected to happen for GDM sessions (bsc#1204867) - Add fix for gnome-session to exit immediately when lost name on bus (bsc#1175622, bsc#1188882) gnome-shell: - Disable offline update suggestion before shutdown/reboot in SLE and openSUSE Leap (bsc#944832) - Version update from 41.4 to 41.9 (jsc#PED-2235): * Allow extension updates with only Extension Manager installed * Allow more intermediate icon sizes in app grid * Disable workspace switching while in search. * Do not create systemd scope for D-Bus activated apps * Fix calendar to correctly align world clocks header in RTL * Fix drag placeholder position in dash in RTL locales * Fix edge case where windows stay dimmed after a modal is closed * Fix feedback when turning on a11y features by keyboard * Fix focus tracking in magnifier on wayland * Fix fractional timezone offsets in world clock * Fix glitches in overview transition * Fix logging in with realmd * Fix memory leak * Fix opening device settings for enterprise WPA networks * Fix programatically set scrollview fade * Fix regression in ibus support * Fix unresponsive top bar in overview when in fullscreen * Handle monitor changes during startup animation * Hide overview after 'Show Details' from app context menu * Improve Belgian on-screen keyboard layout * Improve CSS shadow appearance * Make sure startup animation completes * Misc. bug fixes and cleanups * Only close messages via delete key if they can be closed * Respect IM hint for candidates list in on-screen keyboard gnome-software: - Disable offline update feature in SUSE Linux Enterprise and openSUSE Leap (bsc#944832) - Version update from 41.4 to 41.5 (jsc#PED-2235): * Added several appstream-related fixed * Disable scroll-by-mouse-wheel on featured carousel * Ensure details page shows app provided on command line gnome-terminal: - Version update from 3.42.2 to 3.42.3 (jsc#PED-2235): * Fix build with meson 0.61.0 and newer * window: Use a normal menu for the popup menu gnome-user-docs: - Version update from 41.1 to 41.5 (jsc#PED-2235): * Added missing icon for network-wired-symbolic gspell: - Version update from 1.8.4 to 1.10.0 (jsc#PED-2235): * Build: distribute more files in tarballs * Documentation improvements gtkmm3: - Version update from 3.24.5 to 3.24.6 (jsc#PED-2235): * Build with Meson: MSVC build: Support Visual Studio 2022 * Check if Perl is required for building documentation * Don't use deprecated python3.path() and execute (..., gui_app...) * GTK: TreeValueProxy: Declare copy constructor = default, avoiding warnings from the claing++ compiler * Object::_release_c_instance(): Unref orphan managed widgets * SizeGroup demo: Set active items in the combo boxs, so something is shown * Specify 'check' option in run_command() gtk-vnc: - Version update from 1.3.0 to 1.3.1 (jsc#PED-2235): * Add 'check' arg to meson run_command() * Fix invalid use of subprojects with meson * Support ZRLE encoding for zero size alpha cursors gupnp-av: - Version update from 0.12.11 to 0.14.1 (jsc#PED-2235): * Add utility function to format GDateTime to the iso variant DIDL expects * Allow to be used as a subproject * Drop autotools * Fix stripping @refID * Fix unsetting subtitleFileType * Make Feature derivable again * Obsolete code removal. * Port to modern GObject * Remove hand-written ref-counting, use RcBox/AtomicRcBox instead. * Switch to meson build system, following upstream - Rename libgupnp-av-1_0-2 subpackage to libgupnp-av-1_0-3, correcting the package name to match the provided library - Conflict with the wrongly provided libgupnp-av-1_0-2 gvfs: - Version update from 1.48.1 to 1.48.2 (jsc#PED-2235): * sftp: Adapt on new OpenSSH password prompts * smb: Rework anonymous handling to avoid EINVAL * smb: Ignore EINVAL for kerberos/ccache login libgsf: - Version update from 1.14.48 to 1.14.50 (jsc#PED-2235): * Fix error handling problem when writing ole files * Fix problems with non-western text in OLE properties * Use g_date_time_new_from_iso8601 and g_date_time_format_iso8601 when available libmediaart: - Version update from 1.9.5 to 1.9.6 (jsc#PED-2235): * build: Add introspection/vapi/tests options * build: Use library() to optionally build a static library libnma: - Version update from 1.8.32 to 1.8.40 (jsc#PED-2235): * Ad-Hoc networks now default to using WPA2 instead of WEP * Add possibility of building libnma-gtk4 library with Gtk4 support * Do not allow setting empty 802.1x domain for EAP TLS * Fixed keyboard accelerator for certificate chooser * Fixed libnma-gtk4 version of mobile-wizard * Include OWE wireless security option * The GtkBuilder files for Gtk4 are now included in the release tarball * WEP is no longer provided as an option for connecting to hidden networks due to its deprecated status - New sub-packages libnma-gtk4-0, typelib-1_0-NMA4-1_0 and libnma-gtk4-devel - Split out documentation files in own docs sub-package libnotify: - Version update from 0.7.10 to 0.7.12 (jsc#PED-2235): * Delete unused notifynotification.xml * Fix potential build errors with old glib version we require * docs/notify-send: Add --transient option to manpage * notification: Bookend calling NotifyActionCallback with temporary reference * notification: Include sender-pid hint by default if not provided * notify-send: Add debug message about server not supporting persistence * notify-send: Add explicit option to create transient notifications * notify-send: Add support for boolean hints * notify-send: Move server capabilities check to a separate function * notify-send: Support passing any hint value, by parsing variant strings libpeas: - Version update from 1.30.0 to 1.32.0 (jsc#PED-2235): * Icon licenses have been corrected * Parallel build system operation fixes * Use gi-docgen for documentation * Various build warnings squashed * Various GIR data that should not have been exported was removed - Stop packaging the demo files/sub-package librsvg: - Version update from 2.52.6 to 2.52.9 (jsc#PED-2235): * Catch circular references when rendering patterns * Fix regressions when computing element geometries * Fix regression outputting all text as paths libsecret: - Version update from 0.20.4 to 0.20.5 (jsc#PED-2235): * Add bash-completion for secret-tool * Add locking capabilities to secret tool * Add support for TPM2 based secret storage * Create default collection after DBus.Error.UnknownObject * Detect local storage in snaps in the same way as flatpaks * Drop autotools-based build * GI annotation and documentation fixes * Port documentation to gi-docgen * Use G_GNUC_NULL_TERMINATED where appropriate collection, methods, prompt: Port to GTask * secret-file-backend: Avoid closing the same file descriptor twice mutter: - Version update from 41.5 to 41.9 (jsc#PED-2235): * Fix '--replace option' * Fix missing root window properties after XWayland start * Fix night light without GAMMA_LUT property * KMS: Survive missing GAMMA_LUT property * wayland: Fix rotation transform * Misc. bug fixes nautilus: - Version update from 41.2 to 41.5(jsc#PED-2235): * Drag-and-drop bugfixes * HighContrast style fixes orca: - Version update from 41.1 to 41.3 (jsc#PED-2235): * Add more event-flood detection and handling for improved performance * Fix bug causing accessing preferences to fail for Esperanto * Web: Fix bug causing widgets descending from off-screen label elements to be skipped over * Web: Fix presentation of the FluentUI react dialog (and any other dialog which has an ARIA document-role descendant) * WebKitGtk: Fail gracefully when structural navigation commands are used in WebKitGtk 2.36.x python-cairo: - Add python3-cairo to SUSE Linux Enterprise Micro 5.3 as it is now required by python3-gobject-cairo python-gobject: - Add dependency on python-cairo to python-gobject-cairo: The introspection wrapper needs pycairo (bsc#1179584) - Version update from 3.42.0 to 3.42.2 (jsc#PED-2235): * Add a workaround for a PyPy 3.9+ bug when threads are used * Do not error out for unknown scopes * Prompt an error instead of crashing when marshaling unsupported fundamental types in some cases * Fix a crash/refcounting error in case marshaling a hash table fails * Fix crashes when marshaling zero terminated arrays for certain item types * Implement DynamicImporter.find_spec() to silence deprecation warning * Make the test suite pass again with PyPy * Some test/CI fixes * gtk overrides: Do not override Treeview.enable_model_drag_xx for GTK4 * gtk overrides: restore Gtk.ListStore.insert_with_valuesv with newer GTK4 * interface: Fix leak when overriding GInterfaceInfo * setup.py: look up pycairo headers without importing the module trackers-python: - Allow system calls used by gstreamer (bsc#1196205) - Version update from 3.2.2 to 3.2.1 (jsc#PED-2235): * Backport seccomp rules for rseq and mbind syscalls vala: - Version update from 0.54.6 to 0.54.8 (jsc#PED-2235): * Add missing TraverseVisitor.visit_data_type() * Add support for 'copy_/free_function' metadata for compact classes * Catch and throw possible inner error of lock statements * Clear SemanticAnalyzer.current_{symbol,source_file} when not needed anymore * Don't count instance-parameter when checking for backwards closure reference * Fix a few binding errors * Free empty stack list for code contexts * Handle duplicated and unnamed symbols. * Improve UI parsing and handling of nested objects and properties * Make sure to drop our 'trap' jump target in case of an error * Move dynamic property errors to semantic analyzer pass * Require lvalue access of delegate target/destroy 'fields' * Show source location when reporting deprecations * Transform assignment of an array element as needed * manual: Update from wiki.gnome.org * parser: Improve handling of nullable VarType in with-statement * parser: Reduce the source reference of main block method to its beginning xdg-desktop-portal-gnome: - Version update from 0.54.6 to 0.54.8 (jsc#PED-2235): * Properly bind property in Lockdown portal ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4628-1 Released: Wed Dec 28 09:23:13 2022 Summary: Security update for sqlite3 Type: security Severity: moderate References: 1206337,CVE-2022-46908 This update for sqlite3 fixes the following issues: - CVE-2022-46908: Properly implement the azProhibitedFunctions protection mechanism, when relying on --safe for execution of an untrusted CLI script (bsc#1206337). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:56-1 Released: Mon Jan 9 11:13:43 2023 Summary: Security update for libksba Type: security Severity: moderate References: 1206579,CVE-2022-47629 This update for libksba fixes the following issues: - CVE-2022-47629: Fixed an integer overflow vulnerability in the CRL signature parser (bsc#1206579). The following package changes have been done: - libudev1-249.16-150400.8.25.7 added - libusb-1_0-0-1.0.24-150400.3.3.1 added - libsqlite3-0-3.39.3-150000.3.20.1 added - libksba8-1.3.5-150000.4.6.1 added - libassuan0-2.5.5-150000.4.3.1 added - libnpth0-1.5-2.11 added - libglib-2_0-0-2.70.5-150400.3.3.1 added - pinentry-1.1.0-4.3.1 added - gpg2-2.2.27-150300.3.5.1 added - libgpgme11-1.16.0-150400.1.80 added - netcfg-11.6-3.3.1 added From sle-updates at lists.suse.com Thu Apr 27 07:05:54 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 27 Apr 2023 09:05:54 +0200 (CEST) Subject: SUSE-CU-2023:1287-1: Recommended update of suse/sles12sp5 Message-ID: <20230427070554.2BF79F457@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp5 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1287-1 Container Tags : suse/sles12sp5:6.5.462 , suse/sles12sp5:latest Container Release : 6.5.462 Severity : low Type : recommended References : 1206513 ----------------------------------------------------------------- The container suse/sles12sp5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2041-1 Released: Wed Apr 26 11:44:27 2023 Summary: Recommended update for zlib Type: recommended Severity: low References: 1206513 This update for zlib fixes the following issues: - Add support for small windows in IBM Z hardware-accelerated deflate (bsc#1206513) The following package changes have been done: - libz1-1.2.11-11.31.1 updated From sle-updates at lists.suse.com Thu Apr 27 07:06:55 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 27 Apr 2023 09:06:55 +0200 (CEST) Subject: SUSE-CU-2023:1288-1: Security update of bci/golang Message-ID: <20230427070655.BDA02F457@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1288-1 Container Tags : bci/golang:1.19 , bci/golang:1.19-22.37 Container Release : 22.37 Severity : moderate Type : security References : 1210686 CVE-2023-25652 CVE-2023-25815 CVE-2023-29007 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2038-1 Released: Wed Apr 26 11:06:20 2023 Summary: Security update for git Type: security Severity: moderate References: 1210686,CVE-2023-25652,CVE-2023-25815,CVE-2023-29007 This update for git fixes the following issues: - CVE-2023-25652: Fixed partial overwrite of paths outside the working tree (bsc#1210686). - CVE-2023-25815: Fixed malicious placemtn of crafted message (bsc#1210686). - CVE-2023-29007: Fixed arbitrary configuration injection (bsc#1210686). The following package changes have been done: - git-core-2.35.3-150300.10.27.1 updated From sle-updates at lists.suse.com Thu Apr 27 07:07:03 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 27 Apr 2023 09:07:03 +0200 (CEST) Subject: SUSE-CU-2023:1289-1: Security update of bci/golang Message-ID: <20230427070703.0F54DF457@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1289-1 Container Tags : bci/golang:1.20 , bci/golang:1.20-2.36 , bci/golang:latest Container Release : 2.36 Severity : moderate Type : security References : 1210686 CVE-2023-25652 CVE-2023-25815 CVE-2023-29007 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2038-1 Released: Wed Apr 26 11:06:20 2023 Summary: Security update for git Type: security Severity: moderate References: 1210686,CVE-2023-25652,CVE-2023-25815,CVE-2023-29007 This update for git fixes the following issues: - CVE-2023-25652: Fixed partial overwrite of paths outside the working tree (bsc#1210686). - CVE-2023-25815: Fixed malicious placemtn of crafted message (bsc#1210686). - CVE-2023-29007: Fixed arbitrary configuration injection (bsc#1210686). The following package changes have been done: - git-core-2.35.3-150300.10.27.1 updated From sle-updates at lists.suse.com Thu Apr 27 07:07:40 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 27 Apr 2023 09:07:40 +0200 (CEST) Subject: SUSE-CU-2023:1290-1: Security update of bci/nodejs Message-ID: <20230427070740.60FEDF457@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1290-1 Container Tags : bci/node:16 , bci/node:16-15.38 , bci/nodejs:16 , bci/nodejs:16-15.38 Container Release : 15.38 Severity : moderate Type : security References : 1210686 CVE-2023-25652 CVE-2023-25815 CVE-2023-29007 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2038-1 Released: Wed Apr 26 11:06:20 2023 Summary: Security update for git Type: security Severity: moderate References: 1210686,CVE-2023-25652,CVE-2023-25815,CVE-2023-29007 This update for git fixes the following issues: - CVE-2023-25652: Fixed partial overwrite of paths outside the working tree (bsc#1210686). - CVE-2023-25815: Fixed malicious placemtn of crafted message (bsc#1210686). - CVE-2023-29007: Fixed arbitrary configuration injection (bsc#1210686). The following package changes have been done: - git-core-2.35.3-150300.10.27.1 updated From sle-updates at lists.suse.com Thu Apr 27 07:07:50 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 27 Apr 2023 09:07:50 +0200 (CEST) Subject: SUSE-CU-2023:1291-1: Security update of bci/nodejs Message-ID: <20230427070750.803B1F457@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1291-1 Container Tags : bci/node:18 , bci/node:18-3.37 , bci/node:latest , bci/nodejs:18 , bci/nodejs:18-3.37 , bci/nodejs:latest Container Release : 3.37 Severity : moderate Type : security References : 1210686 CVE-2023-25652 CVE-2023-25815 CVE-2023-29007 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2038-1 Released: Wed Apr 26 11:06:20 2023 Summary: Security update for git Type: security Severity: moderate References: 1210686,CVE-2023-25652,CVE-2023-25815,CVE-2023-29007 This update for git fixes the following issues: - CVE-2023-25652: Fixed partial overwrite of paths outside the working tree (bsc#1210686). - CVE-2023-25815: Fixed malicious placemtn of crafted message (bsc#1210686). - CVE-2023-29007: Fixed arbitrary configuration injection (bsc#1210686). The following package changes have been done: - git-core-2.35.3-150300.10.27.1 updated From sle-updates at lists.suse.com Thu Apr 27 07:08:46 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 27 Apr 2023 09:08:46 +0200 (CEST) Subject: SUSE-CU-2023:1292-1: Security update of bci/openjdk-devel Message-ID: <20230427070846.9E939F457@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1292-1 Container Tags : bci/openjdk-devel:11 , bci/openjdk-devel:11-39.74 Container Release : 39.74 Severity : moderate Type : security References : 1210686 CVE-2023-25652 CVE-2023-25815 CVE-2023-29007 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2038-1 Released: Wed Apr 26 11:06:20 2023 Summary: Security update for git Type: security Severity: moderate References: 1210686,CVE-2023-25652,CVE-2023-25815,CVE-2023-29007 This update for git fixes the following issues: - CVE-2023-25652: Fixed partial overwrite of paths outside the working tree (bsc#1210686). - CVE-2023-25815: Fixed malicious placemtn of crafted message (bsc#1210686). - CVE-2023-29007: Fixed arbitrary configuration injection (bsc#1210686). The following package changes have been done: - git-core-2.35.3-150300.10.27.1 updated From sle-updates at lists.suse.com Thu Apr 27 07:09:15 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 27 Apr 2023 09:09:15 +0200 (CEST) Subject: SUSE-CU-2023:1293-1: Security update of bci/openjdk-devel Message-ID: <20230427070915.1AA8FF457@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1293-1 Container Tags : bci/openjdk-devel:17 , bci/openjdk-devel:17-14.73 , bci/openjdk-devel:latest Container Release : 14.73 Severity : moderate Type : security References : 1210686 CVE-2023-25652 CVE-2023-25815 CVE-2023-29007 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2038-1 Released: Wed Apr 26 11:06:20 2023 Summary: Security update for git Type: security Severity: moderate References: 1210686,CVE-2023-25652,CVE-2023-25815,CVE-2023-29007 This update for git fixes the following issues: - CVE-2023-25652: Fixed partial overwrite of paths outside the working tree (bsc#1210686). - CVE-2023-25815: Fixed malicious placemtn of crafted message (bsc#1210686). - CVE-2023-29007: Fixed arbitrary configuration injection (bsc#1210686). The following package changes have been done: - git-core-2.35.3-150300.10.27.1 updated From sle-updates at lists.suse.com Thu Apr 27 07:09:55 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 27 Apr 2023 09:09:55 +0200 (CEST) Subject: SUSE-CU-2023:1294-1: Security update of bci/python Message-ID: <20230427070955.6F88CF457@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1294-1 Container Tags : bci/python:3 , bci/python:3-12.34 , bci/python:3.10 , bci/python:3.10-12.34 , bci/python:latest Container Release : 12.34 Severity : moderate Type : security References : 1210686 CVE-2023-25652 CVE-2023-25815 CVE-2023-29007 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2038-1 Released: Wed Apr 26 11:06:20 2023 Summary: Security update for git Type: security Severity: moderate References: 1210686,CVE-2023-25652,CVE-2023-25815,CVE-2023-29007 This update for git fixes the following issues: - CVE-2023-25652: Fixed partial overwrite of paths outside the working tree (bsc#1210686). - CVE-2023-25815: Fixed malicious placemtn of crafted message (bsc#1210686). - CVE-2023-29007: Fixed arbitrary configuration injection (bsc#1210686). The following package changes have been done: - git-core-2.35.3-150300.10.27.1 updated From sle-updates at lists.suse.com Thu Apr 27 07:10:38 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 27 Apr 2023 09:10:38 +0200 (CEST) Subject: SUSE-CU-2023:1295-1: Security update of bci/python Message-ID: <20230427071038.3DF93F457@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1295-1 Container Tags : bci/python:3 , bci/python:3-35.34 , bci/python:3.6 , bci/python:3.6-35.34 Container Release : 35.34 Severity : moderate Type : security References : 1210686 CVE-2023-25652 CVE-2023-25815 CVE-2023-29007 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2038-1 Released: Wed Apr 26 11:06:20 2023 Summary: Security update for git Type: security Severity: moderate References: 1210686,CVE-2023-25652,CVE-2023-25815,CVE-2023-29007 This update for git fixes the following issues: - CVE-2023-25652: Fixed partial overwrite of paths outside the working tree (bsc#1210686). - CVE-2023-25815: Fixed malicious placemtn of crafted message (bsc#1210686). - CVE-2023-29007: Fixed arbitrary configuration injection (bsc#1210686). The following package changes have been done: - git-core-2.35.3-150300.10.27.1 updated From sle-updates at lists.suse.com Thu Apr 27 07:11:18 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 27 Apr 2023 09:11:18 +0200 (CEST) Subject: SUSE-CU-2023:1296-1: Security update of bci/ruby Message-ID: <20230427071118.4365DF457@maintenance.suse.de> SUSE Container Update Advisory: bci/ruby ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1296-1 Container Tags : bci/ruby:2 , bci/ruby:2-34.33 , bci/ruby:2.5 , bci/ruby:2.5-34.33 , bci/ruby:latest Container Release : 34.33 Severity : moderate Type : security References : 1210686 CVE-2023-25652 CVE-2023-25815 CVE-2023-29007 ----------------------------------------------------------------- The container bci/ruby was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2038-1 Released: Wed Apr 26 11:06:20 2023 Summary: Security update for git Type: security Severity: moderate References: 1210686,CVE-2023-25652,CVE-2023-25815,CVE-2023-29007 This update for git fixes the following issues: - CVE-2023-25652: Fixed partial overwrite of paths outside the working tree (bsc#1210686). - CVE-2023-25815: Fixed malicious placemtn of crafted message (bsc#1210686). - CVE-2023-29007: Fixed arbitrary configuration injection (bsc#1210686). The following package changes have been done: - git-core-2.35.3-150300.10.27.1 updated From sle-updates at lists.suse.com Thu Apr 27 07:12:20 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 27 Apr 2023 09:12:20 +0200 (CEST) Subject: SUSE-CU-2023:1301-1: Security update of bci/python Message-ID: <20230427071220.BFF7BF457@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1301-1 Container Tags : bci/python:3 , bci/python:3-2.36 , bci/python:3.11 , bci/python:3.11-2.36 Container Release : 2.36 Severity : moderate Type : security References : 1210686 CVE-2023-25652 CVE-2023-25815 CVE-2023-29007 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2038-1 Released: Wed Apr 26 11:06:20 2023 Summary: Security update for git Type: security Severity: moderate References: 1210686,CVE-2023-25652,CVE-2023-25815,CVE-2023-29007 This update for git fixes the following issues: - CVE-2023-25652: Fixed partial overwrite of paths outside the working tree (bsc#1210686). - CVE-2023-25815: Fixed malicious placemtn of crafted message (bsc#1210686). - CVE-2023-29007: Fixed arbitrary configuration injection (bsc#1210686). The following package changes have been done: - libxml2-2-2.10.3-150500.3.1 updated - sles-release-15.5-150500.40.1 updated - git-core-2.35.3-150300.10.27.1 updated - container:sles15-image-15.0.0-35.2.30 updated From sle-updates at lists.suse.com Thu Apr 27 12:30:02 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 27 Apr 2023 12:30:02 -0000 Subject: SUSE-SU-2023:2055-1: important: Security update for the Linux Kernel (Live Patch 8 for SLE 15 SP4) Message-ID: <168259860214.22457.5902469011762156241@smelt2.suse.de> # Security update for the Linux Kernel (Live Patch 8 for SLE 15 SP4) Announcement ID: SUSE-SU-2023:2055-1 Rating: important References: * #1208910 * #1209797 Cross-References: * CVE-2023-1118 * CVE-2023-1652 CVSS scores: * CVE-2023-1118 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1118 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1652 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1652 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Live Patching 15-SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 An update that solves two vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.14.21-150400_24_46 fixes several issues. The following security issues were fixed: * CVE-2023-1652: Fixed use-after-free that could lead to DoS and information leak in nfsd4_ssc_setup_dul in fs/nfsd/nfs4proc.c (bsc#1209788). * CVE-2023-1118: Fixed a use-after-free bugs caused by ene_tx_irqsim() in media/rc (bsc#1208837). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP4 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2023-2055=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP4_Update_8-debugsource-3-150400.2.2 * kernel-livepatch-5_14_21-150400_24_46-default-debuginfo-3-150400.2.2 * kernel-livepatch-5_14_21-150400_24_46-default-3-150400.2.2 ## References: * https://www.suse.com/security/cve/CVE-2023-1118.html * https://www.suse.com/security/cve/CVE-2023-1652.html * https://bugzilla.suse.com/show_bug.cgi?id=1208910 * https://bugzilla.suse.com/show_bug.cgi?id=1209797 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Apr 27 12:30:07 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 27 Apr 2023 12:30:07 -0000 Subject: SUSE-RU-2023:2057-1: moderate: Recommended update for smt Message-ID: <168259860773.22457.15378711021942553542@smelt2.suse.de> # Recommended update for smt Announcement ID: SUSE-RU-2023:2057-1 Rating: moderate References: * #1184130 * #1205451 Affected Products: * Public Cloud Module 12 * SUSE Linux Enterprise High Performance Computing 12 SP2 * SUSE Linux Enterprise High Performance Computing 12 SP3 * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 * SUSE Linux Enterprise Server 12 SP1 * SUSE Linux Enterprise Server 12 SP2 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 * SUSE Linux Enterprise Server 12 SP3 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 * SUSE Linux Enterprise Server for SAP Applications 12 SP1 * SUSE Linux Enterprise Server for SAP Applications 12 SP2 * SUSE Linux Enterprise Server for SAP Applications 12 SP3 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE OpenStack Cloud 9 * SUSE OpenStack Cloud Crowbar 9 An update that has two recommended fixes can now be installed. ## Description: This update for smt fixes the following issues: * Update from version 3.0.45 to version 3.0.48 * Fixes SMT does not send version in API headers (bsc#1205451) * Added `smt version` subcommand to show version information and the reported user agent. * Fix wrong migration handling for SUSE Manager 4.0 (bsc#1184130) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE OpenStack Cloud 9 zypper in -t patch SUSE-OpenStack-Cloud-9-2023-2057=1 * SUSE OpenStack Cloud Crowbar 9 zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2023-2057=1 * Public Cloud Module 12 zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2023-2057=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 zypper in -t patch SUSE-SLE-SAP-12-SP4-2023-2057=1 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2023-2057=1 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 zypper in -t patch SUSE-SLE-SERVER-12-SP4-ESPOS-2023-2057=1 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2023-2057=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2057=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2057=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2057=1 ## Package List: * SUSE OpenStack Cloud 9 (x86_64) * smt-support-3.0.48-52.46.1 * smt-debugsource-3.0.48-52.46.1 * res-signingkeys-3.0.48-52.46.1 * smt-3.0.48-52.46.1 * smt-debuginfo-3.0.48-52.46.1 * SUSE OpenStack Cloud Crowbar 9 (x86_64) * smt-support-3.0.48-52.46.1 * smt-debugsource-3.0.48-52.46.1 * res-signingkeys-3.0.48-52.46.1 * smt-3.0.48-52.46.1 * smt-debuginfo-3.0.48-52.46.1 * Public Cloud Module 12 (aarch64 ppc64le s390x x86_64) * smt-ha-3.0.48-52.46.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 (ppc64le x86_64) * smt-support-3.0.48-52.46.1 * smt-debugsource-3.0.48-52.46.1 * res-signingkeys-3.0.48-52.46.1 * smt-3.0.48-52.46.1 * smt-debuginfo-3.0.48-52.46.1 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 (x86_64) * smt-support-3.0.48-52.46.1 * smt-debugsource-3.0.48-52.46.1 * res-signingkeys-3.0.48-52.46.1 * smt-3.0.48-52.46.1 * smt-debuginfo-3.0.48-52.46.1 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 (aarch64 x86_64) * smt-support-3.0.48-52.46.1 * smt-debugsource-3.0.48-52.46.1 * res-signingkeys-3.0.48-52.46.1 * smt-3.0.48-52.46.1 * smt-debuginfo-3.0.48-52.46.1 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 (aarch64 ppc64le s390x x86_64) * smt-support-3.0.48-52.46.1 * smt-debugsource-3.0.48-52.46.1 * res-signingkeys-3.0.48-52.46.1 * smt-3.0.48-52.46.1 * smt-debuginfo-3.0.48-52.46.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * smt-support-3.0.48-52.46.1 * smt-debugsource-3.0.48-52.46.1 * res-signingkeys-3.0.48-52.46.1 * smt-3.0.48-52.46.1 * smt-debuginfo-3.0.48-52.46.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * smt-support-3.0.48-52.46.1 * smt-debugsource-3.0.48-52.46.1 * res-signingkeys-3.0.48-52.46.1 * smt-3.0.48-52.46.1 * smt-debuginfo-3.0.48-52.46.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * smt-support-3.0.48-52.46.1 * smt-debugsource-3.0.48-52.46.1 * res-signingkeys-3.0.48-52.46.1 * smt-3.0.48-52.46.1 * smt-debuginfo-3.0.48-52.46.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1184130 * https://bugzilla.suse.com/show_bug.cgi?id=1205451 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Apr 27 12:30:09 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 27 Apr 2023 12:30:09 -0000 Subject: SUSE-SU-2023:2056-1: important: Security update for webkit2gtk3 Message-ID: <168259860974.22457.8870110849792255069@smelt2.suse.de> # Security update for webkit2gtk3 Announcement ID: SUSE-SU-2023:2056-1 Rating: important References: * #1210295 * #1210731 Cross-References: * CVE-2022-0108 * CVE-2022-32885 * CVE-2022-32886 * CVE-2022-32912 * CVE-2023-25358 * CVE-2023-25360 * CVE-2023-25361 * CVE-2023-25362 * CVE-2023-25363 * CVE-2023-27932 * CVE-2023-27954 * CVE-2023-28205 CVSS scores: * CVE-2022-0108 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N * CVE-2022-32886 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2022-32886 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2022-32912 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2022-32912 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-25358 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-25358 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-25360 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-25360 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-25361 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-25361 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-25362 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-25362 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-25363 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-25363 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-28205 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-28205 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP2 * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP2 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 * SUSE OpenStack Cloud 9 * SUSE OpenStack Cloud Crowbar 9 An update that solves 12 vulnerabilities can now be installed. ## Description: This update for webkit2gtk3 fixes the following issues: Update to version 2.38.6 (bsc#1210731): * CVE-2022-0108: Fixed information leak. * CVE-2022-32885: Fixed arbitrary code execution. * CVE-2023-25358: Fixed use-after-free vulnerability in WebCore::RenderLayer. * CVE-2023-27932: Fixed Same Origin Policy bypass. * CVE-2023-27954: Fixed sensitive user information tracking. * CVE-2023-28205: Fixed arbitrary code execution (bsc#1210295). Already fixed in version 2.38.5: * CVE-2022-32886, CVE-2022-32912, CVE-2023-25360, CVE-2023-25361, CVE-2023-25362, CVE-2023-25363. ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE OpenStack Cloud 9 zypper in -t patch SUSE-OpenStack-Cloud-9-2023-2056=1 * SUSE OpenStack Cloud Crowbar 9 zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2023-2056=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 zypper in -t patch SUSE-SLE-SAP-12-SP4-2023-2056=1 * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-2056=1 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2023-2056=1 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 zypper in -t patch SUSE-SLE-SERVER-12-SP4-ESPOS-2023-2056=1 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2023-2056=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2056=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2056=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2056=1 ## Package List: * SUSE OpenStack Cloud 9 (x86_64) * libwebkit2gtk-4_0-37-debuginfo-2.38.6-2.136.1 * webkit2gtk3-debugsource-2.38.6-2.136.1 * typelib-1_0-WebKit2-4_0-2.38.6-2.136.1 * typelib-1_0-WebKit2WebExtension-4_0-2.38.6-2.136.1 * webkit2gtk-4_0-injected-bundles-2.38.6-2.136.1 * libjavascriptcoregtk-4_0-18-2.38.6-2.136.1 * libjavascriptcoregtk-4_0-18-debuginfo-2.38.6-2.136.1 * libwebkit2gtk-4_0-37-2.38.6-2.136.1 * typelib-1_0-JavaScriptCore-4_0-2.38.6-2.136.1 * webkit2gtk-4_0-injected-bundles-debuginfo-2.38.6-2.136.1 * SUSE OpenStack Cloud 9 (noarch) * libwebkit2gtk3-lang-2.38.6-2.136.1 * SUSE OpenStack Cloud Crowbar 9 (x86_64) * libwebkit2gtk-4_0-37-debuginfo-2.38.6-2.136.1 * webkit2gtk3-debugsource-2.38.6-2.136.1 * typelib-1_0-WebKit2-4_0-2.38.6-2.136.1 * typelib-1_0-WebKit2WebExtension-4_0-2.38.6-2.136.1 * webkit2gtk-4_0-injected-bundles-2.38.6-2.136.1 * libjavascriptcoregtk-4_0-18-2.38.6-2.136.1 * libjavascriptcoregtk-4_0-18-debuginfo-2.38.6-2.136.1 * libwebkit2gtk-4_0-37-2.38.6-2.136.1 * typelib-1_0-JavaScriptCore-4_0-2.38.6-2.136.1 * webkit2gtk-4_0-injected-bundles-debuginfo-2.38.6-2.136.1 * SUSE OpenStack Cloud Crowbar 9 (noarch) * libwebkit2gtk3-lang-2.38.6-2.136.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 (ppc64le x86_64) * libwebkit2gtk-4_0-37-debuginfo-2.38.6-2.136.1 * webkit2gtk3-debugsource-2.38.6-2.136.1 * typelib-1_0-WebKit2-4_0-2.38.6-2.136.1 * typelib-1_0-WebKit2WebExtension-4_0-2.38.6-2.136.1 * webkit2gtk-4_0-injected-bundles-2.38.6-2.136.1 * libjavascriptcoregtk-4_0-18-2.38.6-2.136.1 * libjavascriptcoregtk-4_0-18-debuginfo-2.38.6-2.136.1 * libwebkit2gtk-4_0-37-2.38.6-2.136.1 * typelib-1_0-JavaScriptCore-4_0-2.38.6-2.136.1 * webkit2gtk-4_0-injected-bundles-debuginfo-2.38.6-2.136.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 (noarch) * libwebkit2gtk3-lang-2.38.6-2.136.1 * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * webkit2gtk3-devel-2.38.6-2.136.1 * webkit2gtk3-debugsource-2.38.6-2.136.1 * typelib-1_0-WebKit2WebExtension-4_0-2.38.6-2.136.1 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 (x86_64) * libwebkit2gtk-4_0-37-debuginfo-2.38.6-2.136.1 * webkit2gtk3-debugsource-2.38.6-2.136.1 * typelib-1_0-WebKit2-4_0-2.38.6-2.136.1 * typelib-1_0-WebKit2WebExtension-4_0-2.38.6-2.136.1 * webkit2gtk-4_0-injected-bundles-2.38.6-2.136.1 * libjavascriptcoregtk-4_0-18-2.38.6-2.136.1 * libjavascriptcoregtk-4_0-18-debuginfo-2.38.6-2.136.1 * libwebkit2gtk-4_0-37-2.38.6-2.136.1 * typelib-1_0-JavaScriptCore-4_0-2.38.6-2.136.1 * webkit2gtk-4_0-injected-bundles-debuginfo-2.38.6-2.136.1 * webkit2gtk3-devel-2.38.6-2.136.1 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 (noarch) * libwebkit2gtk3-lang-2.38.6-2.136.1 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 (aarch64 x86_64) * libwebkit2gtk-4_0-37-debuginfo-2.38.6-2.136.1 * webkit2gtk3-debugsource-2.38.6-2.136.1 * typelib-1_0-WebKit2-4_0-2.38.6-2.136.1 * typelib-1_0-WebKit2WebExtension-4_0-2.38.6-2.136.1 * webkit2gtk-4_0-injected-bundles-2.38.6-2.136.1 * libjavascriptcoregtk-4_0-18-2.38.6-2.136.1 * libjavascriptcoregtk-4_0-18-debuginfo-2.38.6-2.136.1 * libwebkit2gtk-4_0-37-2.38.6-2.136.1 * typelib-1_0-JavaScriptCore-4_0-2.38.6-2.136.1 * webkit2gtk-4_0-injected-bundles-debuginfo-2.38.6-2.136.1 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 (noarch) * libwebkit2gtk3-lang-2.38.6-2.136.1 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 (aarch64 ppc64le s390x x86_64) * libwebkit2gtk-4_0-37-debuginfo-2.38.6-2.136.1 * webkit2gtk3-debugsource-2.38.6-2.136.1 * typelib-1_0-WebKit2-4_0-2.38.6-2.136.1 * typelib-1_0-WebKit2WebExtension-4_0-2.38.6-2.136.1 * webkit2gtk-4_0-injected-bundles-2.38.6-2.136.1 * libjavascriptcoregtk-4_0-18-2.38.6-2.136.1 * libjavascriptcoregtk-4_0-18-debuginfo-2.38.6-2.136.1 * libwebkit2gtk-4_0-37-2.38.6-2.136.1 * typelib-1_0-JavaScriptCore-4_0-2.38.6-2.136.1 * webkit2gtk-4_0-injected-bundles-debuginfo-2.38.6-2.136.1 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 (noarch) * libwebkit2gtk3-lang-2.38.6-2.136.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * libwebkit2gtk-4_0-37-debuginfo-2.38.6-2.136.1 * webkit2gtk3-debugsource-2.38.6-2.136.1 * typelib-1_0-WebKit2-4_0-2.38.6-2.136.1 * typelib-1_0-WebKit2WebExtension-4_0-2.38.6-2.136.1 * webkit2gtk-4_0-injected-bundles-2.38.6-2.136.1 * libjavascriptcoregtk-4_0-18-2.38.6-2.136.1 * libjavascriptcoregtk-4_0-18-debuginfo-2.38.6-2.136.1 * libwebkit2gtk-4_0-37-2.38.6-2.136.1 * typelib-1_0-JavaScriptCore-4_0-2.38.6-2.136.1 * webkit2gtk-4_0-injected-bundles-debuginfo-2.38.6-2.136.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (noarch) * libwebkit2gtk3-lang-2.38.6-2.136.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * libwebkit2gtk-4_0-37-debuginfo-2.38.6-2.136.1 * webkit2gtk3-debugsource-2.38.6-2.136.1 * typelib-1_0-WebKit2-4_0-2.38.6-2.136.1 * typelib-1_0-WebKit2WebExtension-4_0-2.38.6-2.136.1 * webkit2gtk-4_0-injected-bundles-2.38.6-2.136.1 * libjavascriptcoregtk-4_0-18-2.38.6-2.136.1 * libjavascriptcoregtk-4_0-18-debuginfo-2.38.6-2.136.1 * libwebkit2gtk-4_0-37-2.38.6-2.136.1 * typelib-1_0-JavaScriptCore-4_0-2.38.6-2.136.1 * webkit2gtk-4_0-injected-bundles-debuginfo-2.38.6-2.136.1 * SUSE Linux Enterprise Server 12 SP5 (noarch) * libwebkit2gtk3-lang-2.38.6-2.136.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * libwebkit2gtk-4_0-37-debuginfo-2.38.6-2.136.1 * webkit2gtk3-debugsource-2.38.6-2.136.1 * typelib-1_0-WebKit2-4_0-2.38.6-2.136.1 * typelib-1_0-WebKit2WebExtension-4_0-2.38.6-2.136.1 * webkit2gtk-4_0-injected-bundles-2.38.6-2.136.1 * libjavascriptcoregtk-4_0-18-2.38.6-2.136.1 * libjavascriptcoregtk-4_0-18-debuginfo-2.38.6-2.136.1 * libwebkit2gtk-4_0-37-2.38.6-2.136.1 * typelib-1_0-JavaScriptCore-4_0-2.38.6-2.136.1 * webkit2gtk-4_0-injected-bundles-debuginfo-2.38.6-2.136.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (noarch) * libwebkit2gtk3-lang-2.38.6-2.136.1 ## References: * https://www.suse.com/security/cve/CVE-2022-0108.html * https://www.suse.com/security/cve/CVE-2022-32885.html * https://www.suse.com/security/cve/CVE-2022-32886.html * https://www.suse.com/security/cve/CVE-2022-32912.html * https://www.suse.com/security/cve/CVE-2023-25358.html * https://www.suse.com/security/cve/CVE-2023-25360.html * https://www.suse.com/security/cve/CVE-2023-25361.html * https://www.suse.com/security/cve/CVE-2023-25362.html * https://www.suse.com/security/cve/CVE-2023-25363.html * https://www.suse.com/security/cve/CVE-2023-27932.html * https://www.suse.com/security/cve/CVE-2023-27954.html * https://www.suse.com/security/cve/CVE-2023-28205.html * https://bugzilla.suse.com/show_bug.cgi?id=1210295 * https://bugzilla.suse.com/show_bug.cgi?id=1210731 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Apr 27 12:30:11 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 27 Apr 2023 12:30:11 -0000 Subject: SUSE-SU-2023:2054-1: moderate: Security update for libxml2 Message-ID: <168259861165.22457.4062985719385146374@smelt2.suse.de> # Security update for libxml2 Announcement ID: SUSE-SU-2023:2054-1 Rating: moderate References: * #1210411 * #1210412 Cross-References: * CVE-2023-28484 * CVE-2023-29469 CVSS scores: * CVE-2023-28484 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-29469 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 An update that solves two vulnerabilities can now be installed. ## Description: This update for libxml2 fixes the following issues: * CVE-2023-29469: Fixed inconsistent result when hashing empty strings (bsc#1210412). * CVE-2023-28484: Fixed NULL pointer dereference in xmlSchemaFixupComplexType (bsc#1210411). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-2054=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2054=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2054=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2054=1 ## Package List: * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * libxml2-debugsource-2.9.4-46.62.1 * libxml2-devel-2.9.4-46.62.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * python-libxml2-2.9.4-46.62.1 * libxml2-debugsource-2.9.4-46.62.1 * libxml2-2-debuginfo-2.9.4-46.62.1 * python-libxml2-debuginfo-2.9.4-46.62.1 * libxml2-tools-debuginfo-2.9.4-46.62.1 * libxml2-tools-2.9.4-46.62.1 * libxml2-2-2.9.4-46.62.1 * python-libxml2-debugsource-2.9.4-46.62.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (noarch) * libxml2-doc-2.9.4-46.62.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (x86_64) * libxml2-2-debuginfo-32bit-2.9.4-46.62.1 * libxml2-2-32bit-2.9.4-46.62.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * python-libxml2-2.9.4-46.62.1 * libxml2-debugsource-2.9.4-46.62.1 * libxml2-2-debuginfo-2.9.4-46.62.1 * python-libxml2-debuginfo-2.9.4-46.62.1 * libxml2-tools-debuginfo-2.9.4-46.62.1 * libxml2-tools-2.9.4-46.62.1 * libxml2-2-2.9.4-46.62.1 * python-libxml2-debugsource-2.9.4-46.62.1 * SUSE Linux Enterprise Server 12 SP5 (noarch) * libxml2-doc-2.9.4-46.62.1 * SUSE Linux Enterprise Server 12 SP5 (s390x x86_64) * libxml2-2-debuginfo-32bit-2.9.4-46.62.1 * libxml2-2-32bit-2.9.4-46.62.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * python-libxml2-2.9.4-46.62.1 * libxml2-debugsource-2.9.4-46.62.1 * libxml2-2-debuginfo-2.9.4-46.62.1 * python-libxml2-debuginfo-2.9.4-46.62.1 * libxml2-tools-debuginfo-2.9.4-46.62.1 * libxml2-tools-2.9.4-46.62.1 * libxml2-2-2.9.4-46.62.1 * python-libxml2-debugsource-2.9.4-46.62.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (noarch) * libxml2-doc-2.9.4-46.62.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (x86_64) * libxml2-2-debuginfo-32bit-2.9.4-46.62.1 * libxml2-2-32bit-2.9.4-46.62.1 ## References: * https://www.suse.com/security/cve/CVE-2023-28484.html * https://www.suse.com/security/cve/CVE-2023-29469.html * https://bugzilla.suse.com/show_bug.cgi?id=1210411 * https://bugzilla.suse.com/show_bug.cgi?id=1210412 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Apr 27 12:30:13 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 27 Apr 2023 12:30:13 -0000 Subject: SUSE-SU-2023:2053-1: moderate: Security update for libxml2 Message-ID: <168259861361.22457.13853955815566041503@smelt2.suse.de> # Security update for libxml2 Announcement ID: SUSE-SU-2023:2053-1 Rating: moderate References: * #1209918 * #1210411 * #1210412 Cross-References: * CVE-2023-28484 * CVE-2023-29469 CVSS scores: * CVE-2023-28484 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-29469 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * Basesystem Module 15-SP4 * openSUSE Leap 15.4 * openSUSE Leap Micro 5.3 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves two vulnerabilities and has one fix can now be installed. ## Description: This update for libxml2 fixes the following issues: * CVE-2023-29469: Fixed inconsistent result when hashing empty strings (bsc#1210412). * CVE-2023-28484: Fixed NULL pointer dereference in xmlSchemaFixupComplexType (bsc#1210411). The following non-security bug was fixed: * Remove unneeded dependency (bsc#1209918). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-2053=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2053=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-2053=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-2053=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-2053=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-2053=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-2053=1 ## Package List: * openSUSE Leap Micro 5.3 (aarch64 x86_64) * libxml2-tools-2.9.14-150400.5.16.1 * libxml2-tools-debuginfo-2.9.14-150400.5.16.1 * python3-libxml2-debuginfo-2.9.14-150400.5.16.1 * libxml2-debugsource-2.9.14-150400.5.16.1 * libxml2-python-debugsource-2.9.14-150400.5.16.1 * libxml2-2-2.9.14-150400.5.16.1 * libxml2-2-debuginfo-2.9.14-150400.5.16.1 * python3-libxml2-2.9.14-150400.5.16.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * libxml2-tools-2.9.14-150400.5.16.1 * libxml2-tools-debuginfo-2.9.14-150400.5.16.1 * libxml2-devel-2.9.14-150400.5.16.1 * python3-libxml2-debuginfo-2.9.14-150400.5.16.1 * libxml2-debugsource-2.9.14-150400.5.16.1 * libxml2-2-2.9.14-150400.5.16.1 * libxml2-2-debuginfo-2.9.14-150400.5.16.1 * python3-libxml2-2.9.14-150400.5.16.1 * openSUSE Leap 15.4 (x86_64) * libxml2-2-32bit-debuginfo-2.9.14-150400.5.16.1 * libxml2-devel-32bit-2.9.14-150400.5.16.1 * libxml2-2-32bit-2.9.14-150400.5.16.1 * openSUSE Leap 15.4 (noarch) * libxml2-doc-2.9.14-150400.5.16.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * libxml2-tools-2.9.14-150400.5.16.1 * libxml2-tools-debuginfo-2.9.14-150400.5.16.1 * python3-libxml2-debuginfo-2.9.14-150400.5.16.1 * libxml2-debugsource-2.9.14-150400.5.16.1 * libxml2-python-debugsource-2.9.14-150400.5.16.1 * libxml2-2-2.9.14-150400.5.16.1 * libxml2-2-debuginfo-2.9.14-150400.5.16.1 * python3-libxml2-2.9.14-150400.5.16.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * libxml2-tools-2.9.14-150400.5.16.1 * libxml2-tools-debuginfo-2.9.14-150400.5.16.1 * python3-libxml2-debuginfo-2.9.14-150400.5.16.1 * libxml2-debugsource-2.9.14-150400.5.16.1 * libxml2-python-debugsource-2.9.14-150400.5.16.1 * libxml2-2-2.9.14-150400.5.16.1 * libxml2-2-debuginfo-2.9.14-150400.5.16.1 * python3-libxml2-2.9.14-150400.5.16.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * libxml2-tools-2.9.14-150400.5.16.1 * libxml2-tools-debuginfo-2.9.14-150400.5.16.1 * python3-libxml2-debuginfo-2.9.14-150400.5.16.1 * libxml2-debugsource-2.9.14-150400.5.16.1 * libxml2-python-debugsource-2.9.14-150400.5.16.1 * libxml2-2-2.9.14-150400.5.16.1 * libxml2-2-debuginfo-2.9.14-150400.5.16.1 * python3-libxml2-2.9.14-150400.5.16.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * libxml2-tools-2.9.14-150400.5.16.1 * libxml2-tools-debuginfo-2.9.14-150400.5.16.1 * python3-libxml2-debuginfo-2.9.14-150400.5.16.1 * libxml2-debugsource-2.9.14-150400.5.16.1 * libxml2-python-debugsource-2.9.14-150400.5.16.1 * libxml2-2-2.9.14-150400.5.16.1 * libxml2-2-debuginfo-2.9.14-150400.5.16.1 * python3-libxml2-2.9.14-150400.5.16.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * libxml2-tools-2.9.14-150400.5.16.1 * libxml2-tools-debuginfo-2.9.14-150400.5.16.1 * libxml2-devel-2.9.14-150400.5.16.1 * python3-libxml2-debuginfo-2.9.14-150400.5.16.1 * libxml2-debugsource-2.9.14-150400.5.16.1 * libxml2-2-2.9.14-150400.5.16.1 * libxml2-2-debuginfo-2.9.14-150400.5.16.1 * python3-libxml2-2.9.14-150400.5.16.1 * Basesystem Module 15-SP4 (x86_64) * libxml2-2-32bit-2.9.14-150400.5.16.1 * libxml2-2-32bit-debuginfo-2.9.14-150400.5.16.1 ## References: * https://www.suse.com/security/cve/CVE-2023-28484.html * https://www.suse.com/security/cve/CVE-2023-29469.html * https://bugzilla.suse.com/show_bug.cgi?id=1209918 * https://bugzilla.suse.com/show_bug.cgi?id=1210411 * https://bugzilla.suse.com/show_bug.cgi?id=1210412 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Apr 27 12:30:15 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 27 Apr 2023 12:30:15 -0000 Subject: SUSE-SU-2023:2051-1: important: Security update for libtpms Message-ID: <168259861569.22457.11454507133873618249@smelt2.suse.de> # Security update for libtpms Announcement ID: SUSE-SU-2023:2051-1 Rating: important References: * #1206022 * #1206023 Cross-References: * CVE-2023-1017 * CVE-2023-1018 CVSS scores: * CVE-2023-1017 ( SUSE ): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1017 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1018 ( SUSE ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2023-1018 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Affected Products: * openSUSE Leap 15.4 * openSUSE Leap Micro 5.3 * Server Applications Module 15-SP4 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 An update that solves two vulnerabilities can now be installed. ## Description: This update for libtpms fixes the following issues: * CVE-2023-1017: Fixed out-of-bounds write in CryptParameterDecryption (bsc#1206022). * CVE-2023-1018: Fixed out-of-bounds read in CryptParameterDecryption (bsc#1206023). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-2051=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2051=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-2051=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-2051=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-2051=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-2051=1 * Server Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2023-2051=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-2051=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-2051=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-2051=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-2051=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-2051=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-2051=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-2051=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-2051=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-2051=1 * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-2051=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-2051=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-2051=1 ## Package List: * openSUSE Leap Micro 5.3 (aarch64 x86_64) * libtpms0-0.8.2-150300.3.9.1 * libtpms-debugsource-0.8.2-150300.3.9.1 * libtpms0-debuginfo-0.8.2-150300.3.9.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * libtpms0-0.8.2-150300.3.9.1 * libtpms-devel-0.8.2-150300.3.9.1 * libtpms-debugsource-0.8.2-150300.3.9.1 * libtpms0-debuginfo-0.8.2-150300.3.9.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * libtpms0-0.8.2-150300.3.9.1 * libtpms-debugsource-0.8.2-150300.3.9.1 * libtpms0-debuginfo-0.8.2-150300.3.9.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * libtpms0-0.8.2-150300.3.9.1 * libtpms-debugsource-0.8.2-150300.3.9.1 * libtpms0-debuginfo-0.8.2-150300.3.9.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * libtpms0-0.8.2-150300.3.9.1 * libtpms-debugsource-0.8.2-150300.3.9.1 * libtpms0-debuginfo-0.8.2-150300.3.9.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * libtpms0-0.8.2-150300.3.9.1 * libtpms-debugsource-0.8.2-150300.3.9.1 * libtpms0-debuginfo-0.8.2-150300.3.9.1 * Server Applications Module 15-SP4 (aarch64 ppc64le s390x x86_64) * libtpms0-0.8.2-150300.3.9.1 * libtpms-devel-0.8.2-150300.3.9.1 * libtpms-debugsource-0.8.2-150300.3.9.1 * libtpms0-debuginfo-0.8.2-150300.3.9.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * libtpms0-0.8.2-150300.3.9.1 * libtpms-devel-0.8.2-150300.3.9.1 * libtpms-debugsource-0.8.2-150300.3.9.1 * libtpms0-debuginfo-0.8.2-150300.3.9.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * libtpms0-0.8.2-150300.3.9.1 * libtpms-devel-0.8.2-150300.3.9.1 * libtpms-debugsource-0.8.2-150300.3.9.1 * libtpms0-debuginfo-0.8.2-150300.3.9.1 * SUSE Linux Enterprise Real Time 15 SP3 (x86_64) * libtpms0-0.8.2-150300.3.9.1 * libtpms-devel-0.8.2-150300.3.9.1 * libtpms-debugsource-0.8.2-150300.3.9.1 * libtpms0-debuginfo-0.8.2-150300.3.9.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * libtpms0-0.8.2-150300.3.9.1 * libtpms-devel-0.8.2-150300.3.9.1 * libtpms-debugsource-0.8.2-150300.3.9.1 * libtpms0-debuginfo-0.8.2-150300.3.9.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * libtpms0-0.8.2-150300.3.9.1 * libtpms-devel-0.8.2-150300.3.9.1 * libtpms-debugsource-0.8.2-150300.3.9.1 * libtpms0-debuginfo-0.8.2-150300.3.9.1 * SUSE Manager Proxy 4.2 (x86_64) * libtpms0-0.8.2-150300.3.9.1 * libtpms-devel-0.8.2-150300.3.9.1 * libtpms-debugsource-0.8.2-150300.3.9.1 * libtpms0-debuginfo-0.8.2-150300.3.9.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * libtpms0-0.8.2-150300.3.9.1 * libtpms-devel-0.8.2-150300.3.9.1 * libtpms-debugsource-0.8.2-150300.3.9.1 * libtpms0-debuginfo-0.8.2-150300.3.9.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * libtpms0-0.8.2-150300.3.9.1 * libtpms-devel-0.8.2-150300.3.9.1 * libtpms-debugsource-0.8.2-150300.3.9.1 * libtpms0-debuginfo-0.8.2-150300.3.9.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * libtpms0-0.8.2-150300.3.9.1 * libtpms-devel-0.8.2-150300.3.9.1 * libtpms-debugsource-0.8.2-150300.3.9.1 * libtpms0-debuginfo-0.8.2-150300.3.9.1 * SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64) * libtpms0-0.8.2-150300.3.9.1 * libtpms-debugsource-0.8.2-150300.3.9.1 * libtpms0-debuginfo-0.8.2-150300.3.9.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * libtpms0-0.8.2-150300.3.9.1 * libtpms-debugsource-0.8.2-150300.3.9.1 * libtpms0-debuginfo-0.8.2-150300.3.9.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * libtpms0-0.8.2-150300.3.9.1 * libtpms-debugsource-0.8.2-150300.3.9.1 * libtpms0-debuginfo-0.8.2-150300.3.9.1 ## References: * https://www.suse.com/security/cve/CVE-2023-1017.html * https://www.suse.com/security/cve/CVE-2023-1018.html * https://bugzilla.suse.com/show_bug.cgi?id=1206022 * https://bugzilla.suse.com/show_bug.cgi?id=1206023 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Apr 27 12:30:20 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 27 Apr 2023 12:30:20 -0000 Subject: SUSE-SU-2023:2050-1: moderate: Security update for fwupd Message-ID: <168259862042.22457.18336723680700048308@smelt2.suse.de> # Security update for fwupd Announcement ID: SUSE-SU-2023:2050-1 Rating: moderate References: * #1209188 Affected Products: * Desktop Applications Module 15-SP4 * openSUSE Leap 15.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has one fix can now be installed. ## Description: This update of fwupd fixes the following issues: * rebuild the package with the new secure boot key (bsc#1209188). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2050=1 * Desktop Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2023-2050=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * fwupd-debugsource-1.7.3-150400.3.5.1 * fwupd-devel-1.7.3-150400.3.5.1 * dfu-tool-debuginfo-1.7.3-150400.3.5.1 * libfwupdplugin5-1.7.3-150400.3.5.1 * typelib-1_0-Fwupd-2_0-1.7.3-150400.3.5.1 * libfwupdplugin5-debuginfo-1.7.3-150400.3.5.1 * fwupd-1.7.3-150400.3.5.1 * fwupd-debuginfo-1.7.3-150400.3.5.1 * libfwupd2-1.7.3-150400.3.5.1 * typelib-1_0-FwupdPlugin-1_0-1.7.3-150400.3.5.1 * libfwupd2-debuginfo-1.7.3-150400.3.5.1 * dfu-tool-1.7.3-150400.3.5.1 * openSUSE Leap 15.4 (noarch) * fwupd-lang-1.7.3-150400.3.5.1 * Desktop Applications Module 15-SP4 (aarch64 ppc64le s390x x86_64) * fwupd-devel-1.7.3-150400.3.5.1 * fwupd-debugsource-1.7.3-150400.3.5.1 * libfwupdplugin5-1.7.3-150400.3.5.1 * typelib-1_0-Fwupd-2_0-1.7.3-150400.3.5.1 * libfwupdplugin5-debuginfo-1.7.3-150400.3.5.1 * fwupd-1.7.3-150400.3.5.1 * fwupd-debuginfo-1.7.3-150400.3.5.1 * libfwupd2-1.7.3-150400.3.5.1 * typelib-1_0-FwupdPlugin-1_0-1.7.3-150400.3.5.1 * libfwupd2-debuginfo-1.7.3-150400.3.5.1 * Desktop Applications Module 15-SP4 (noarch) * fwupd-lang-1.7.3-150400.3.5.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1209188 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Apr 27 15:01:27 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 27 Apr 2023 15:01:27 -0000 Subject: SUSE-SU-2023:1961-1: moderate: Security update for s390-tools Message-ID: <168260768723.5298.15463127770419041599@smelt2.suse.de> # Security update for s390-tools Announcement ID: SUSE-SU-2023:1961-1 Rating: moderate References: * #1209188 Affected Products: * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Manager Server 4.2 An update that has one fix can now be installed. ## Description: This update of s390-tools fixes the following issues: * rebuild the package with the new secure boot key (bsc#1209188). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-1961=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-1961=1 * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-1961=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-1961=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-1961=1 ## Package List: * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (s390x) * s390-tools-zdsfs-debuginfo-2.15.1-150300.8.32.1 * s390-tools-2.15.1-150300.8.32.1 * s390-tools-debuginfo-2.15.1-150300.8.32.1 * libekmfweb1-devel-2.15.1-150300.8.32.1 * osasnmpd-2.15.1-150300.8.32.1 * s390-tools-hmcdrvfs-2.15.1-150300.8.32.1 * s390-tools-hmcdrvfs-debuginfo-2.15.1-150300.8.32.1 * s390-tools-zdsfs-2.15.1-150300.8.32.1 * osasnmpd-debuginfo-2.15.1-150300.8.32.1 * libekmfweb1-debuginfo-2.15.1-150300.8.32.1 * libekmfweb1-2.15.1-150300.8.32.1 * s390-tools-debugsource-2.15.1-150300.8.32.1 * SUSE Manager Server 4.2 (s390x) * s390-tools-zdsfs-debuginfo-2.15.1-150300.8.32.1 * s390-tools-2.15.1-150300.8.32.1 * s390-tools-debuginfo-2.15.1-150300.8.32.1 * libekmfweb1-devel-2.15.1-150300.8.32.1 * osasnmpd-2.15.1-150300.8.32.1 * s390-tools-hmcdrvfs-2.15.1-150300.8.32.1 * s390-tools-hmcdrvfs-debuginfo-2.15.1-150300.8.32.1 * s390-tools-zdsfs-2.15.1-150300.8.32.1 * osasnmpd-debuginfo-2.15.1-150300.8.32.1 * libekmfweb1-debuginfo-2.15.1-150300.8.32.1 * libekmfweb1-2.15.1-150300.8.32.1 * s390-tools-debugsource-2.15.1-150300.8.32.1 * SUSE Linux Enterprise Micro 5.1 (s390x) * s390-tools-2.15.1-150300.8.32.1 * s390-tools-debuginfo-2.15.1-150300.8.32.1 * libekmfweb1-debuginfo-2.15.1-150300.8.32.1 * libekmfweb1-2.15.1-150300.8.32.1 * s390-tools-debugsource-2.15.1-150300.8.32.1 * SUSE Linux Enterprise Micro 5.2 (s390x) * s390-tools-2.15.1-150300.8.32.1 * s390-tools-debuginfo-2.15.1-150300.8.32.1 * libekmfweb1-debuginfo-2.15.1-150300.8.32.1 * libekmfweb1-2.15.1-150300.8.32.1 * s390-tools-debugsource-2.15.1-150300.8.32.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (s390x) * s390-tools-2.15.1-150300.8.32.1 * s390-tools-debuginfo-2.15.1-150300.8.32.1 * libekmfweb1-debuginfo-2.15.1-150300.8.32.1 * libekmfweb1-2.15.1-150300.8.32.1 * s390-tools-debugsource-2.15.1-150300.8.32.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1209188 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Apr 27 16:30:05 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 27 Apr 2023 16:30:05 -0000 Subject: SUSE-SU-2023:2060-1: moderate: Security update for glib2 Message-ID: <168261300547.21205.7189160278211738509@smelt2.suse.de> # Security update for glib2 Announcement ID: SUSE-SU-2023:2060-1 Rating: moderate References: * #1209713 * #1209714 * #1210135 Cross-References: * CVE-2023-24593 * CVE-2023-25180 CVSS scores: * CVE-2023-24593 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-25180 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * Basesystem Module 15-SP4 * openSUSE Leap 15.4 * openSUSE Leap Micro 5.3 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves two vulnerabilities and has one fix can now be installed. ## Description: This update for glib2 fixes the following issues: * CVE-2023-24593: Fixed a denial of service caused by handling a malicious text-form variant (bsc#1209714). * CVE-2023-25180: Fixed a denial of service caused by malicious serialised variant (bsc#1209713). The following non-security bug was fixed: * Fixed regression on s390x (bsc#1210135, glgo#GNOME/glib!2978). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-2060=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2060=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-2060=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-2060=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-2060=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-2060=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-2060=1 ## Package List: * openSUSE Leap Micro 5.3 (aarch64 x86_64) * libglib-2_0-0-debuginfo-2.70.5-150400.3.8.1 * glib2-debugsource-2.70.5-150400.3.8.1 * glib2-tools-2.70.5-150400.3.8.1 * libgio-2_0-0-debuginfo-2.70.5-150400.3.8.1 * libgmodule-2_0-0-debuginfo-2.70.5-150400.3.8.1 * libgobject-2_0-0-2.70.5-150400.3.8.1 * libgio-2_0-0-2.70.5-150400.3.8.1 * libglib-2_0-0-2.70.5-150400.3.8.1 * libgobject-2_0-0-debuginfo-2.70.5-150400.3.8.1 * libgmodule-2_0-0-2.70.5-150400.3.8.1 * glib2-tools-debuginfo-2.70.5-150400.3.8.1 * openSUSE Leap 15.4 (noarch) * glib2-lang-2.70.5-150400.3.8.1 * gio-branding-upstream-2.70.5-150400.3.8.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * libglib-2_0-0-debuginfo-2.70.5-150400.3.8.1 * glib2-debugsource-2.70.5-150400.3.8.1 * glib2-tools-2.70.5-150400.3.8.1 * libgio-2_0-0-debuginfo-2.70.5-150400.3.8.1 * glib2-tests-devel-debuginfo-2.70.5-150400.3.8.1 * libgmodule-2_0-0-debuginfo-2.70.5-150400.3.8.1 * libgobject-2_0-0-2.70.5-150400.3.8.1 * libgthread-2_0-0-debuginfo-2.70.5-150400.3.8.1 * glib2-devel-debuginfo-2.70.5-150400.3.8.1 * glib2-tests-devel-2.70.5-150400.3.8.1 * libgio-2_0-0-2.70.5-150400.3.8.1 * libgthread-2_0-0-2.70.5-150400.3.8.1 * glib2-devel-static-2.70.5-150400.3.8.1 * libglib-2_0-0-2.70.5-150400.3.8.1 * libgobject-2_0-0-debuginfo-2.70.5-150400.3.8.1 * libgmodule-2_0-0-2.70.5-150400.3.8.1 * glib2-devel-2.70.5-150400.3.8.1 * glib2-tools-debuginfo-2.70.5-150400.3.8.1 * openSUSE Leap 15.4 (x86_64) * libgthread-2_0-0-32bit-debuginfo-2.70.5-150400.3.8.1 * libglib-2_0-0-32bit-2.70.5-150400.3.8.1 * libglib-2_0-0-32bit-debuginfo-2.70.5-150400.3.8.1 * libgobject-2_0-0-32bit-2.70.5-150400.3.8.1 * libgthread-2_0-0-32bit-2.70.5-150400.3.8.1 * glib2-devel-32bit-2.70.5-150400.3.8.1 * libgio-2_0-0-32bit-2.70.5-150400.3.8.1 * glib2-tools-32bit-2.70.5-150400.3.8.1 * glib2-tools-32bit-debuginfo-2.70.5-150400.3.8.1 * libgmodule-2_0-0-32bit-2.70.5-150400.3.8.1 * libgmodule-2_0-0-32bit-debuginfo-2.70.5-150400.3.8.1 * libgio-2_0-0-32bit-debuginfo-2.70.5-150400.3.8.1 * glib2-devel-32bit-debuginfo-2.70.5-150400.3.8.1 * libgobject-2_0-0-32bit-debuginfo-2.70.5-150400.3.8.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * libglib-2_0-0-debuginfo-2.70.5-150400.3.8.1 * glib2-debugsource-2.70.5-150400.3.8.1 * glib2-tools-2.70.5-150400.3.8.1 * libgio-2_0-0-debuginfo-2.70.5-150400.3.8.1 * libgmodule-2_0-0-debuginfo-2.70.5-150400.3.8.1 * libgobject-2_0-0-2.70.5-150400.3.8.1 * libgio-2_0-0-2.70.5-150400.3.8.1 * libglib-2_0-0-2.70.5-150400.3.8.1 * libgobject-2_0-0-debuginfo-2.70.5-150400.3.8.1 * libgmodule-2_0-0-2.70.5-150400.3.8.1 * glib2-tools-debuginfo-2.70.5-150400.3.8.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * libglib-2_0-0-debuginfo-2.70.5-150400.3.8.1 * glib2-debugsource-2.70.5-150400.3.8.1 * glib2-tools-2.70.5-150400.3.8.1 * libgio-2_0-0-debuginfo-2.70.5-150400.3.8.1 * libgmodule-2_0-0-debuginfo-2.70.5-150400.3.8.1 * libgobject-2_0-0-2.70.5-150400.3.8.1 * libgio-2_0-0-2.70.5-150400.3.8.1 * libglib-2_0-0-2.70.5-150400.3.8.1 * libgobject-2_0-0-debuginfo-2.70.5-150400.3.8.1 * libgmodule-2_0-0-2.70.5-150400.3.8.1 * glib2-tools-debuginfo-2.70.5-150400.3.8.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * libglib-2_0-0-debuginfo-2.70.5-150400.3.8.1 * glib2-debugsource-2.70.5-150400.3.8.1 * glib2-tools-2.70.5-150400.3.8.1 * libgio-2_0-0-debuginfo-2.70.5-150400.3.8.1 * libgmodule-2_0-0-debuginfo-2.70.5-150400.3.8.1 * libgobject-2_0-0-2.70.5-150400.3.8.1 * libgio-2_0-0-2.70.5-150400.3.8.1 * libglib-2_0-0-2.70.5-150400.3.8.1 * libgobject-2_0-0-debuginfo-2.70.5-150400.3.8.1 * libgmodule-2_0-0-2.70.5-150400.3.8.1 * glib2-tools-debuginfo-2.70.5-150400.3.8.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * libglib-2_0-0-debuginfo-2.70.5-150400.3.8.1 * glib2-debugsource-2.70.5-150400.3.8.1 * glib2-tools-2.70.5-150400.3.8.1 * libgio-2_0-0-debuginfo-2.70.5-150400.3.8.1 * libgmodule-2_0-0-debuginfo-2.70.5-150400.3.8.1 * libgobject-2_0-0-2.70.5-150400.3.8.1 * libgio-2_0-0-2.70.5-150400.3.8.1 * libglib-2_0-0-2.70.5-150400.3.8.1 * libgobject-2_0-0-debuginfo-2.70.5-150400.3.8.1 * libgmodule-2_0-0-2.70.5-150400.3.8.1 * glib2-tools-debuginfo-2.70.5-150400.3.8.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * libglib-2_0-0-debuginfo-2.70.5-150400.3.8.1 * glib2-debugsource-2.70.5-150400.3.8.1 * glib2-tools-2.70.5-150400.3.8.1 * libgio-2_0-0-debuginfo-2.70.5-150400.3.8.1 * libgmodule-2_0-0-debuginfo-2.70.5-150400.3.8.1 * libgobject-2_0-0-2.70.5-150400.3.8.1 * libgthread-2_0-0-debuginfo-2.70.5-150400.3.8.1 * glib2-devel-debuginfo-2.70.5-150400.3.8.1 * libgio-2_0-0-2.70.5-150400.3.8.1 * libgthread-2_0-0-2.70.5-150400.3.8.1 * libglib-2_0-0-2.70.5-150400.3.8.1 * libgobject-2_0-0-debuginfo-2.70.5-150400.3.8.1 * libgmodule-2_0-0-2.70.5-150400.3.8.1 * glib2-devel-2.70.5-150400.3.8.1 * glib2-tools-debuginfo-2.70.5-150400.3.8.1 * Basesystem Module 15-SP4 (noarch) * glib2-lang-2.70.5-150400.3.8.1 * Basesystem Module 15-SP4 (x86_64) * libglib-2_0-0-32bit-2.70.5-150400.3.8.1 * libglib-2_0-0-32bit-debuginfo-2.70.5-150400.3.8.1 * libgobject-2_0-0-32bit-2.70.5-150400.3.8.1 * libgio-2_0-0-32bit-2.70.5-150400.3.8.1 * libgmodule-2_0-0-32bit-debuginfo-2.70.5-150400.3.8.1 * libgmodule-2_0-0-32bit-2.70.5-150400.3.8.1 * libgio-2_0-0-32bit-debuginfo-2.70.5-150400.3.8.1 * libgobject-2_0-0-32bit-debuginfo-2.70.5-150400.3.8.1 ## References: * https://www.suse.com/security/cve/CVE-2023-24593.html * https://www.suse.com/security/cve/CVE-2023-25180.html * https://bugzilla.suse.com/show_bug.cgi?id=1209713 * https://bugzilla.suse.com/show_bug.cgi?id=1209714 * https://bugzilla.suse.com/show_bug.cgi?id=1210135 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Apr 27 16:30:07 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 27 Apr 2023 16:30:07 -0000 Subject: SUSE-SU-2023:2059-1: important: Security update for rubygem-actionview-5_1 Message-ID: <168261300799.21205.15310926494806550737@smelt2.suse.de> # Security update for rubygem-actionview-5_1 Announcement ID: SUSE-SU-2023:2059-1 Rating: important References: * #1172184 * #1176421 * #1199060 Cross-References: * CVE-2020-15169 * CVE-2020-8167 * CVE-2022-27777 CVSS scores: * CVE-2020-15169 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2020-15169 ( NVD ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2020-8167 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N * CVE-2020-8167 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N * CVE-2022-27777 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N * CVE-2022-27777 ( NVD ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise High Availability Extension 15 SP1 * SUSE Linux Enterprise High Availability Extension 15 SP2 * SUSE Linux Enterprise High Availability Extension 15 SP3 * SUSE Linux Enterprise High Availability Extension 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 Business Critical Linux 15-SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 Business Critical Linux 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 Business Critical Linux 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.0 * SUSE Manager Proxy 4.1 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.0 * SUSE Manager Retail Branch Server 4.1 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.0 * SUSE Manager Server 4.1 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 An update that solves three vulnerabilities can now be installed. ## Description: This update for rubygem-actionview-5_1 fixes the following issues: * CVE-2022-27777: Fixed possible cross-site scripting vulnerability in Action View tag helpers (bsc#1199060). * CVE-2020-15169: Fixed cross-site scripting in translation helpers (bsc#1176421). * CVE-2020-8167: Fixed CSRF vulnerability in rails-ujs (bsc#1172184). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2059=1 * SUSE Linux Enterprise High Availability Extension 15 SP1 zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2023-2059=1 * SUSE Linux Enterprise High Availability Extension 15 SP2 zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2023-2059=1 * SUSE Linux Enterprise High Availability Extension 15 SP3 zypper in -t patch SUSE-SLE-Product-HA-15-SP3-2023-2059=1 * SUSE Linux Enterprise High Availability Extension 15 SP4 zypper in -t patch SUSE-SLE-Product-HA-15-SP4-2023-2059=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * ruby2.5-rubygem-actionview-5_1-5.1.4-150000.3.6.1 * ruby2.5-rubygem-actionview-doc-5_1-5.1.4-150000.3.6.1 * SUSE Linux Enterprise High Availability Extension 15 SP1 (aarch64 ppc64le s390x x86_64) * ruby2.5-rubygem-actionview-5_1-5.1.4-150000.3.6.1 * SUSE Linux Enterprise High Availability Extension 15 SP2 (aarch64 ppc64le s390x x86_64) * ruby2.5-rubygem-actionview-5_1-5.1.4-150000.3.6.1 * SUSE Linux Enterprise High Availability Extension 15 SP3 (aarch64 ppc64le s390x x86_64) * ruby2.5-rubygem-actionview-5_1-5.1.4-150000.3.6.1 * SUSE Linux Enterprise High Availability Extension 15 SP4 (aarch64 ppc64le s390x x86_64) * ruby2.5-rubygem-actionview-5_1-5.1.4-150000.3.6.1 ## References: * https://www.suse.com/security/cve/CVE-2020-15169.html * https://www.suse.com/security/cve/CVE-2020-8167.html * https://www.suse.com/security/cve/CVE-2022-27777.html * https://bugzilla.suse.com/show_bug.cgi?id=1172184 * https://bugzilla.suse.com/show_bug.cgi?id=1176421 * https://bugzilla.suse.com/show_bug.cgi?id=1199060 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Apr 27 16:30:10 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 27 Apr 2023 16:30:10 -0000 Subject: SUSE-RU-2023:0782-2: moderate: Recommended update for libgcrypt Message-ID: <168261301077.21205.7751868023584750548@smelt2.suse.de> # Recommended update for libgcrypt Announcement ID: SUSE-RU-2023:0782-2 Rating: moderate References: * #1208924 * #1208925 * #1208926 Affected Products: * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.4 An update that has three recommended fixes can now be installed. ## Description: This update for libgcrypt fixes the following issues: * FIPS: ECC: Transition to error-state if PCT fail [bsc#1208925] * FIPS: ECDSA: Avoid no-keytest in ECDSA keygen [bsc#1208924] * FIPS: PBKDF2: Added additional checks for the minimum key length, salt length, iteration count and passphrase length to the kdf FIPS indicator in _gcry_fips_indicator_kdf() [bsc#1208926] ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-782=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-782=1 ## Package List: * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * libgcrypt-debugsource-1.9.4-150400.6.8.1 * libgcrypt20-debuginfo-1.9.4-150400.6.8.1 * libgcrypt20-1.9.4-150400.6.8.1 * libgcrypt20-hmac-1.9.4-150400.6.8.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * libgcrypt-debugsource-1.9.4-150400.6.8.1 * libgcrypt20-debuginfo-1.9.4-150400.6.8.1 * libgcrypt20-1.9.4-150400.6.8.1 * libgcrypt20-hmac-1.9.4-150400.6.8.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1208924 * https://bugzilla.suse.com/show_bug.cgi?id=1208925 * https://bugzilla.suse.com/show_bug.cgi?id=1208926 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Apr 27 16:30:19 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 27 Apr 2023 16:30:19 -0000 Subject: SUSE-SU-2023:1718-2: moderate: Security update for glibc Message-ID: <168261301981.21205.902249108236046746@smelt2.suse.de> # Security update for glibc Announcement ID: SUSE-SU-2023:1718-2 Rating: moderate References: * #1207571 * #1207957 * #1207975 * #1208358 Cross-References: * CVE-2023-0687 CVSS scores: * CVE-2023-0687 ( SUSE ): 0.0 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:N * CVE-2023-0687 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-0687 ( NVD ): 4.6 CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L Affected Products: * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.4 An update that solves one vulnerability and has three fixes can now be installed. ## Description: This update for glibc fixes the following issues: Security issue fixed: * CVE-2023-0687: Fix allocated buffer overflow in gmon (bsc#1207975) Other issues fixed: * Fix avx2 strncmp offset compare condition check (bsc#1208358) * elf: Allow dlopen of filter object to work (bsc#1207571) * powerpc: Fix unrecognized instruction errors with recent GCC * x86: Cache computation for AMD architecture (bsc#1207957) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-1718=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-1718=1 ## Package List: * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * glibc-2.31-150300.46.1 * glibc-locale-base-2.31-150300.46.1 * glibc-debugsource-2.31-150300.46.1 * glibc-locale-2.31-150300.46.1 * glibc-devel-debuginfo-2.31-150300.46.1 * glibc-debuginfo-2.31-150300.46.1 * glibc-locale-base-debuginfo-2.31-150300.46.1 * glibc-devel-2.31-150300.46.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * glibc-2.31-150300.46.1 * glibc-locale-base-2.31-150300.46.1 * glibc-debugsource-2.31-150300.46.1 * glibc-locale-2.31-150300.46.1 * glibc-devel-debuginfo-2.31-150300.46.1 * glibc-debuginfo-2.31-150300.46.1 * glibc-locale-base-debuginfo-2.31-150300.46.1 * glibc-devel-2.31-150300.46.1 ## References: * https://www.suse.com/security/cve/CVE-2023-0687.html * https://bugzilla.suse.com/show_bug.cgi?id=1207571 * https://bugzilla.suse.com/show_bug.cgi?id=1207957 * https://bugzilla.suse.com/show_bug.cgi?id=1207975 * https://bugzilla.suse.com/show_bug.cgi?id=1208358 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Apr 27 16:30:21 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 27 Apr 2023 16:30:21 -0000 Subject: SUSE-SU-2023:1686-2: moderate: Security update for libmicrohttpd Message-ID: <168261302143.21205.12749573841775929944@smelt2.suse.de> # Security update for libmicrohttpd Announcement ID: SUSE-SU-2023:1686-2 Rating: moderate References: * #1208745 Cross-References: * CVE-2023-27371 CVSS scores: * CVE-2023-27371 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-27371 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.4 An update that solves one vulnerability can now be installed. ## Description: This update for libmicrohttpd fixes the following issues: * CVE-2023-27371: Fixed a parser bug that could be used to crash servers using the MHD_PostProcessor (bsc#1208745). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-1686=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-1686=1 ## Package List: * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * libmicrohttpd12-0.9.57-150000.3.3.1 * libmicrohttpd-debugsource-0.9.57-150000.3.3.1 * libmicrohttpd12-debuginfo-0.9.57-150000.3.3.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * libmicrohttpd12-0.9.57-150000.3.3.1 * libmicrohttpd-debugsource-0.9.57-150000.3.3.1 * libmicrohttpd12-debuginfo-0.9.57-150000.3.3.1 ## References: * https://www.suse.com/security/cve/CVE-2023-27371.html * https://bugzilla.suse.com/show_bug.cgi?id=1208745 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Apr 27 16:30:24 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 27 Apr 2023 16:30:24 -0000 Subject: SUSE-SU-2023:0781-2: important: Security update for vim Message-ID: <168261302473.21205.16272643834236320742@smelt2.suse.de> # Security update for vim Announcement ID: SUSE-SU-2023:0781-2 Rating: important References: * #1207780 * #1208828 * #1208957 * #1208959 Cross-References: * CVE-2023-0512 * CVE-2023-1127 * CVE-2023-1170 * CVE-2023-1175 CVSS scores: * CVE-2023-0512 ( SUSE ): 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H * CVE-2023-0512 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-0512 ( NVD ): 7.3 CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H * CVE-2023-1127 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2023-1127 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-1127 ( NVD ): 7.3 CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H * CVE-2023-1170 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L * CVE-2023-1170 ( NVD ): 6.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H * CVE-2023-1170 ( NVD ): 7.3 CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H * CVE-2023-1175 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L * CVE-2023-1175 ( NVD ): 6.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H * CVE-2023-1175 ( NVD ): 7.3 CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.4 An update that solves four vulnerabilities can now be installed. ## Description: This update for vim fixes the following issues: * CVE-2023-0512: Fixed a divide By Zero (bsc#1207780). * CVE-2023-1175: vim: an incorrect calculation of buffer size (bsc#1208957). * CVE-2023-1170: Fixed a heap-based Buffer Overflow (bsc#1208959). * CVE-2023-1127: Fixed divide by zero in scrolldown() (bsc#1208828). Updated to version 9.0 with patch level 1386. * https://github.com/vim/vim/compare/v9.0.1234...v9.0.1386 ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-781=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-781=1 ## Package List: * SUSE Linux Enterprise Micro for Rancher 5.4 (noarch) * vim-data-common-9.0.1386-150000.5.37.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * vim-debugsource-9.0.1386-150000.5.37.1 * vim-small-debuginfo-9.0.1386-150000.5.37.1 * vim-small-9.0.1386-150000.5.37.1 * vim-debuginfo-9.0.1386-150000.5.37.1 * SUSE Linux Enterprise Micro 5.4 (noarch) * vim-data-common-9.0.1386-150000.5.37.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * vim-debugsource-9.0.1386-150000.5.37.1 * vim-small-debuginfo-9.0.1386-150000.5.37.1 * vim-small-9.0.1386-150000.5.37.1 * vim-debuginfo-9.0.1386-150000.5.37.1 ## References: * https://www.suse.com/security/cve/CVE-2023-0512.html * https://www.suse.com/security/cve/CVE-2023-1127.html * https://www.suse.com/security/cve/CVE-2023-1170.html * https://www.suse.com/security/cve/CVE-2023-1175.html * https://bugzilla.suse.com/show_bug.cgi?id=1207780 * https://bugzilla.suse.com/show_bug.cgi?id=1208828 * https://bugzilla.suse.com/show_bug.cgi?id=1208957 * https://bugzilla.suse.com/show_bug.cgi?id=1208959 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Apr 27 16:30:26 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 27 Apr 2023 16:30:26 -0000 Subject: SUSE-SU-2023:0868-2: important: Security update for python3 Message-ID: <168261302681.21205.741802873508172264@smelt2.suse.de> # Security update for python3 Announcement ID: SUSE-SU-2023:0868-2 Rating: important References: * #1203355 * #1208471 Cross-References: * CVE-2023-24329 CVSS scores: * CVE-2023-24329 ( SUSE ): 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L * CVE-2023-24329 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Affected Products: * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.4 An update that solves one vulnerability and has one fix can now be installed. ## Description: This update for python3 fixes the following issues: * CVE-2023-24329: Fixed a blocklist bypass via the urllib.parse component when supplying a URL that starts with blank characters (bsc#1208471). The following non-security bug was fixed: * Eliminate unnecessary and dangerous calls to PyThread_exit_thread() (bsc#1203355). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-868=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-868=1 ## Package List: * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * python3-debugsource-3.6.15-150300.10.45.1 * python3-base-debuginfo-3.6.15-150300.10.45.1 * python3-core-debugsource-3.6.15-150300.10.45.1 * python3-debuginfo-3.6.15-150300.10.45.1 * python3-base-3.6.15-150300.10.45.1 * python3-3.6.15-150300.10.45.1 * libpython3_6m1_0-3.6.15-150300.10.45.1 * libpython3_6m1_0-debuginfo-3.6.15-150300.10.45.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * python3-debugsource-3.6.15-150300.10.45.1 * python3-base-debuginfo-3.6.15-150300.10.45.1 * python3-core-debugsource-3.6.15-150300.10.45.1 * python3-debuginfo-3.6.15-150300.10.45.1 * python3-base-3.6.15-150300.10.45.1 * python3-3.6.15-150300.10.45.1 * libpython3_6m1_0-3.6.15-150300.10.45.1 * libpython3_6m1_0-debuginfo-3.6.15-150300.10.45.1 ## References: * https://www.suse.com/security/cve/CVE-2023-24329.html * https://bugzilla.suse.com/show_bug.cgi?id=1203355 * https://bugzilla.suse.com/show_bug.cgi?id=1208471 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Apr 27 16:30:31 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 27 Apr 2023 16:30:31 -0000 Subject: SUSE-SU-2023:0795-2: moderate: Security update for docker Message-ID: <168261303112.21205.13647134186129744454@smelt2.suse.de> # Security update for docker Announcement ID: SUSE-SU-2023:0795-2 Rating: moderate References: * #1205375 * #1206065 Cross-References: * CVE-2022-36109 CVSS scores: * CVE-2022-36109 ( SUSE ): 6.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L * CVE-2022-36109 ( NVD ): 6.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L Affected Products: * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.4 An update that solves one vulnerability and has one fix can now be installed. ## Description: This update for docker fixes the following issues: Docker was updated to 20.10.23-ce. See upstream changelog at https://docs.docker.com/engine/release-notes/#201023 Docker was updated to 20.10.21-ce (bsc#1206065) See upstream changelog at https://docs.docker.com/engine/release-notes/#201021 Security issues fixed: * CVE-2022-36109: Fixed supplementary group permissions bypass (bsc#1205375) * Fix wrong After: in docker.service, fixes bsc#1188447 * Add apparmor-parser as a Recommends to make sure that most users will end up with it installed even if they are primarily running SELinux. * Allow to install container-selinux instead of apparmor-parser. * Change to using systemd-sysusers ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-795=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-795=1 ## Package List: * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * docker-20.10.23_ce-150000.175.1 * docker-debuginfo-20.10.23_ce-150000.175.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * docker-20.10.23_ce-150000.175.1 * docker-debuginfo-20.10.23_ce-150000.175.1 ## References: * https://www.suse.com/security/cve/CVE-2022-36109.html * https://bugzilla.suse.com/show_bug.cgi?id=1205375 * https://bugzilla.suse.com/show_bug.cgi?id=1206065 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Apr 27 16:30:32 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 27 Apr 2023 16:30:32 -0000 Subject: SUSE-SU-2023:1796-2: moderate: Security update for conmon Message-ID: <168261303260.21205.9089287035232472461@smelt2.suse.de> # Security update for conmon Announcement ID: SUSE-SU-2023:1796-2 Rating: moderate References: * #1209307 Affected Products: * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.4 An update that has one fix can now be installed. ## Description: This update for conmon fixes the following issues: * rebuild against supported go 1.19 (bsc#1209307) * no functional changes. ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-1796=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-1796=1 ## Package List: * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * conmon-2.1.5-150400.3.6.1 * conmon-debuginfo-2.1.5-150400.3.6.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * conmon-2.1.5-150400.3.6.1 * conmon-debuginfo-2.1.5-150400.3.6.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1209307 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Apr 27 16:30:36 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 27 Apr 2023 16:30:36 -0000 Subject: SUSE-SU-2023:0848-2: important: Security update for xen Message-ID: <168261303656.21205.13578150884218857889@smelt2.suse.de> # Security update for xen Announcement ID: SUSE-SU-2023:0848-2 Rating: important References: * #1209017 * #1209018 * #1209019 * #1209188 Cross-References: * CVE-2022-42331 * CVE-2022-42332 * CVE-2022-42333 * CVE-2022-42334 CVSS scores: * CVE-2022-42331 ( SUSE ): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N * CVE-2022-42331 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2022-42332 ( SUSE ): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H * CVE-2022-42332 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-42333 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:H * CVE-2022-42333 ( NVD ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H * CVE-2022-42334 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:H * CVE-2022-42334 ( NVD ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.4 An update that solves four vulnerabilities can now be installed. ## Description: This update for xen fixes the following issues: * CVE-2022-42332: Fixed use-after-free in x86 shadow plus log-dirty mode (bsc#1209017). * CVE-2022-42333,CVE-2022-42334: Fixed x86/HVM pinned cache attributes mis- handling (bsc#1209018). * CVE-2022-42331: Fixed speculative vulnerability in 32bit SYSCALL path on x86 (bsc#1209019). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-848=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-848=1 ## Package List: * SUSE Linux Enterprise Micro for Rancher 5.4 (x86_64) * xen-libs-debuginfo-4.16.3_06-150400.4.25.1 * xen-libs-4.16.3_06-150400.4.25.1 * xen-debugsource-4.16.3_06-150400.4.25.1 * SUSE Linux Enterprise Micro 5.4 (x86_64) * xen-libs-debuginfo-4.16.3_06-150400.4.25.1 * xen-libs-4.16.3_06-150400.4.25.1 * xen-debugsource-4.16.3_06-150400.4.25.1 ## References: * https://www.suse.com/security/cve/CVE-2022-42331.html * https://www.suse.com/security/cve/CVE-2022-42332.html * https://www.suse.com/security/cve/CVE-2022-42333.html * https://www.suse.com/security/cve/CVE-2022-42334.html * https://bugzilla.suse.com/show_bug.cgi?id=1209017 * https://bugzilla.suse.com/show_bug.cgi?id=1209018 * https://bugzilla.suse.com/show_bug.cgi?id=1209019 * https://bugzilla.suse.com/show_bug.cgi?id=1209188 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Apr 27 16:30:40 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 27 Apr 2023 16:30:40 -0000 Subject: SUSE-SU-2023:0879-2: moderate: Security update for qemu Message-ID: <168261304012.21205.7402302458833795616@smelt2.suse.de> # Security update for qemu Announcement ID: SUSE-SU-2023:0879-2 Rating: moderate References: * #1180207 * #1185000 Cross-References: * CVE-2020-14394 * CVE-2021-3507 CVSS scores: * CVE-2020-14394 ( SUSE ): 3.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L * CVE-2020-14394 ( NVD ): 3.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L * CVE-2021-3507 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L * CVE-2021-3507 ( NVD ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L Affected Products: * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.4 An update that solves two vulnerabilities can now be installed. ## Description: This update for qemu fixes the following issues: * CVE-2021-3507: Fixed heap buffer overflow in DMA read data transfers in fdc (bsc#1185000). * CVE-2020-14394: Fixed infinite loop in xhci_ring_chain_length() (bsc#1180207). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-879=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-879=1 ## Package List: * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * qemu-debugsource-6.2.0-150400.37.14.2 * qemu-hw-display-qxl-debuginfo-6.2.0-150400.37.14.2 * qemu-ui-spice-core-debuginfo-6.2.0-150400.37.14.2 * qemu-audio-spice-6.2.0-150400.37.14.2 * qemu-ui-opengl-6.2.0-150400.37.14.2 * qemu-chardev-spice-debuginfo-6.2.0-150400.37.14.2 * qemu-guest-agent-debuginfo-6.2.0-150400.37.14.2 * qemu-hw-display-virtio-vga-debuginfo-6.2.0-150400.37.14.2 * qemu-chardev-spice-6.2.0-150400.37.14.2 * qemu-ui-opengl-debuginfo-6.2.0-150400.37.14.2 * qemu-hw-usb-redirect-6.2.0-150400.37.14.2 * qemu-guest-agent-6.2.0-150400.37.14.2 * qemu-tools-6.2.0-150400.37.14.2 * qemu-hw-usb-redirect-debuginfo-6.2.0-150400.37.14.2 * qemu-6.2.0-150400.37.14.2 * qemu-hw-display-qxl-6.2.0-150400.37.14.2 * qemu-tools-debuginfo-6.2.0-150400.37.14.2 * qemu-debuginfo-6.2.0-150400.37.14.2 * qemu-audio-spice-debuginfo-6.2.0-150400.37.14.2 * qemu-hw-display-virtio-vga-6.2.0-150400.37.14.2 * qemu-hw-display-virtio-gpu-debuginfo-6.2.0-150400.37.14.2 * qemu-hw-display-virtio-gpu-6.2.0-150400.37.14.2 * qemu-ui-spice-core-6.2.0-150400.37.14.2 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64) * qemu-arm-debuginfo-6.2.0-150400.37.14.2 * qemu-arm-6.2.0-150400.37.14.2 * SUSE Linux Enterprise Micro for Rancher 5.4 (noarch) * qemu-seabios-1.15.0_0_g2dd4b9b-150400.37.14.2 * qemu-sgabios-8-150400.37.14.2 * qemu-vgabios-1.15.0_0_g2dd4b9b-150400.37.14.2 * qemu-ipxe-1.0.0+-150400.37.14.2 * SUSE Linux Enterprise Micro for Rancher 5.4 (s390x) * qemu-s390x-6.2.0-150400.37.14.2 * qemu-s390x-debuginfo-6.2.0-150400.37.14.2 * SUSE Linux Enterprise Micro for Rancher 5.4 (x86_64) * qemu-x86-debuginfo-6.2.0-150400.37.14.2 * qemu-accel-tcg-x86-debuginfo-6.2.0-150400.37.14.2 * qemu-accel-tcg-x86-6.2.0-150400.37.14.2 * qemu-x86-6.2.0-150400.37.14.2 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * qemu-debugsource-6.2.0-150400.37.14.2 * qemu-hw-display-qxl-debuginfo-6.2.0-150400.37.14.2 * qemu-ui-spice-core-debuginfo-6.2.0-150400.37.14.2 * qemu-audio-spice-6.2.0-150400.37.14.2 * qemu-ui-opengl-6.2.0-150400.37.14.2 * qemu-chardev-spice-debuginfo-6.2.0-150400.37.14.2 * qemu-guest-agent-debuginfo-6.2.0-150400.37.14.2 * qemu-hw-display-virtio-vga-debuginfo-6.2.0-150400.37.14.2 * qemu-chardev-spice-6.2.0-150400.37.14.2 * qemu-ui-opengl-debuginfo-6.2.0-150400.37.14.2 * qemu-hw-usb-redirect-6.2.0-150400.37.14.2 * qemu-guest-agent-6.2.0-150400.37.14.2 * qemu-tools-6.2.0-150400.37.14.2 * qemu-hw-usb-redirect-debuginfo-6.2.0-150400.37.14.2 * qemu-6.2.0-150400.37.14.2 * qemu-hw-display-qxl-6.2.0-150400.37.14.2 * qemu-tools-debuginfo-6.2.0-150400.37.14.2 * qemu-debuginfo-6.2.0-150400.37.14.2 * qemu-audio-spice-debuginfo-6.2.0-150400.37.14.2 * qemu-hw-display-virtio-vga-6.2.0-150400.37.14.2 * qemu-hw-display-virtio-gpu-debuginfo-6.2.0-150400.37.14.2 * qemu-hw-display-virtio-gpu-6.2.0-150400.37.14.2 * qemu-ui-spice-core-6.2.0-150400.37.14.2 * SUSE Linux Enterprise Micro 5.4 (aarch64) * qemu-arm-debuginfo-6.2.0-150400.37.14.2 * qemu-arm-6.2.0-150400.37.14.2 * SUSE Linux Enterprise Micro 5.4 (noarch) * qemu-seabios-1.15.0_0_g2dd4b9b-150400.37.14.2 * qemu-sgabios-8-150400.37.14.2 * qemu-vgabios-1.15.0_0_g2dd4b9b-150400.37.14.2 * qemu-ipxe-1.0.0+-150400.37.14.2 * SUSE Linux Enterprise Micro 5.4 (s390x) * qemu-s390x-6.2.0-150400.37.14.2 * qemu-s390x-debuginfo-6.2.0-150400.37.14.2 * SUSE Linux Enterprise Micro 5.4 (x86_64) * qemu-x86-debuginfo-6.2.0-150400.37.14.2 * qemu-accel-tcg-x86-debuginfo-6.2.0-150400.37.14.2 * qemu-accel-tcg-x86-6.2.0-150400.37.14.2 * qemu-x86-6.2.0-150400.37.14.2 ## References: * https://www.suse.com/security/cve/CVE-2020-14394.html * https://www.suse.com/security/cve/CVE-2021-3507.html * https://bugzilla.suse.com/show_bug.cgi?id=1180207 * https://bugzilla.suse.com/show_bug.cgi?id=1185000 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Apr 27 16:30:42 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 27 Apr 2023 16:30:42 -0000 Subject: SUSE-RU-2023:0743-2: moderate: Recommended update for gnutls Message-ID: <168261304231.21205.2759244720086991019@smelt2.suse.de> # Recommended update for gnutls Announcement ID: SUSE-RU-2023:0743-2 Rating: moderate References: * #1209001 Affected Products: * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.4 An update that has one recommended fix can now be installed. ## Description: This update for gnutls fixes the following issues: FIPS: Establish PBKDF2 additional requirements [bsc#1209001] * Set the minimum output key length to 112 bits (FIPS 140-3 IG D.N) * Set the minimum salt length to 128 bits (SP 800-132 sec. 5.1) * Set the minimum iterations count to 1000 (SP 800-132 sec 5.2) * Set the minimum passlen of 20 characters (SP SP800-132 sec 5) * Add regression tests for the new PBKDF2 requirements. ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-743=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-743=1 ## Package List: * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * libgnutls30-debuginfo-3.7.3-150400.4.35.1 * gnutls-debugsource-3.7.3-150400.4.35.1 * libgnutls30-hmac-3.7.3-150400.4.35.1 * gnutls-3.7.3-150400.4.35.1 * gnutls-debuginfo-3.7.3-150400.4.35.1 * libgnutls30-3.7.3-150400.4.35.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * libgnutls30-debuginfo-3.7.3-150400.4.35.1 * gnutls-debugsource-3.7.3-150400.4.35.1 * libgnutls30-hmac-3.7.3-150400.4.35.1 * gnutls-3.7.3-150400.4.35.1 * gnutls-debuginfo-3.7.3-150400.4.35.1 * libgnutls30-3.7.3-150400.4.35.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1209001 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Apr 27 16:30:46 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 27 Apr 2023 16:30:46 -0000 Subject: SUSE-SU-2023:0668-2: moderate: Security update for libX11 Message-ID: <168261304600.21205.6072497968094378946@smelt2.suse.de> # Security update for libX11 Announcement ID: SUSE-SU-2023:0668-2 Rating: moderate References: * #1204425 * #1208881 Cross-References: * CVE-2022-3555 CVSS scores: * CVE-2022-3555 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-3555 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.4 An update that solves one vulnerability and has one fix can now be installed. ## Description: This update for libX11 fixes the following issues: * Fixed a regression introduced with security update for CVE-2022-3555 (bsc#1204425, bsc#1208881) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-668=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-668=1 ## Package List: * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * libX11-6-debuginfo-1.6.5-150000.3.27.1 * libX11-6-1.6.5-150000.3.27.1 * libX11-xcb1-1.6.5-150000.3.27.1 * libX11-xcb1-debuginfo-1.6.5-150000.3.27.1 * libX11-debugsource-1.6.5-150000.3.27.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (noarch) * libX11-data-1.6.5-150000.3.27.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * libX11-6-debuginfo-1.6.5-150000.3.27.1 * libX11-6-1.6.5-150000.3.27.1 * libX11-xcb1-1.6.5-150000.3.27.1 * libX11-xcb1-debuginfo-1.6.5-150000.3.27.1 * libX11-debugsource-1.6.5-150000.3.27.1 * SUSE Linux Enterprise Micro 5.4 (noarch) * libX11-data-1.6.5-150000.3.27.1 ## References: * https://www.suse.com/security/cve/CVE-2022-3555.html * https://bugzilla.suse.com/show_bug.cgi?id=1204425 * https://bugzilla.suse.com/show_bug.cgi?id=1208881 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Apr 27 16:30:48 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 27 Apr 2023 16:30:48 -0000 Subject: SUSE-RU-2023:0875-2: moderate: Recommended update for sg3_utils Message-ID: <168261304899.21205.7212739241669244443@smelt2.suse.de> # Recommended update for sg3_utils Announcement ID: SUSE-RU-2023:0875-2 Rating: moderate References: * #1207706 Affected Products: * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.4 An update that has one recommended fix can now be installed. ## Description: This update for sg3_utils fixes the following issues: * Speed large multipath scans (bsc#1207706) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-875=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-875=1 ## Package List: * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * libsgutils2-1_47-2-1.47+13.75d23ac-150400.3.6.1 * sg3_utils-1.47+13.75d23ac-150400.3.6.1 * sg3_utils-debuginfo-1.47+13.75d23ac-150400.3.6.1 * libsgutils2-1_47-2-debuginfo-1.47+13.75d23ac-150400.3.6.1 * sg3_utils-debugsource-1.47+13.75d23ac-150400.3.6.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * libsgutils2-1_47-2-1.47+13.75d23ac-150400.3.6.1 * sg3_utils-1.47+13.75d23ac-150400.3.6.1 * sg3_utils-debuginfo-1.47+13.75d23ac-150400.3.6.1 * libsgutils2-1_47-2-debuginfo-1.47+13.75d23ac-150400.3.6.1 * sg3_utils-debugsource-1.47+13.75d23ac-150400.3.6.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1207706 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Apr 27 16:30:54 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 27 Apr 2023 16:30:54 -0000 Subject: SUSE-RU-2023:1670-2: moderate: Recommended update for cpupower Message-ID: <168261305424.21205.18347332117520815926@smelt2.suse.de> # Recommended update for cpupower Announcement ID: SUSE-RU-2023:1670-2 Rating: moderate References: * #1202890 Affected Products: * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.4 An update that has one recommended fix can now be installed. ## Description: This update for cpupower fixes the following issues: * Replace error with a warning if perf is unavailable (bsc#1202890) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-1670=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-1670=1 ## Package List: * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * cpupower-5.14-150400.3.3.1 * libcpupower0-5.14-150400.3.3.1 * cpupower-debuginfo-5.14-150400.3.3.1 * libcpupower0-debuginfo-5.14-150400.3.3.1 * cpupower-debugsource-5.14-150400.3.3.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * cpupower-5.14-150400.3.3.1 * libcpupower0-5.14-150400.3.3.1 * cpupower-debuginfo-5.14-150400.3.3.1 * libcpupower0-debuginfo-5.14-150400.3.3.1 * cpupower-debugsource-5.14-150400.3.3.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1202890 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Apr 27 16:31:08 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 27 Apr 2023 16:31:08 -0000 Subject: SUSE-RU-2023:1586-2: moderate: Recommended update for nfs-utils Message-ID: <168261306813.21205.16367668310048060485@smelt2.suse.de> # Recommended update for nfs-utils Announcement ID: SUSE-RU-2023:1586-2 Rating: moderate References: * #1200710 * #1203746 * #1206781 * #1207022 * #1207843 Affected Products: * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.4 An update that has five recommended fixes can now be installed. ## Description: This update for nfs-utils fixes the following issues: * Rename all drop-in options.conf files as 10-options.conf This makes it easier for other packages to over-ride with a drop-in with a later sequence number (bsc#1207843) * Avoid modprobe errors when sysctl is not installed (bsc#1200710 bsc#1207022 bsc#1206781) * Add "-S scope" option to rpc.nfsd to simplify fail-over cluster configuration (bsc#1203746) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-1586=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-1586=1 ## Package List: * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * nfs-utils-debugsource-2.1.1-150100.10.32.1 * nfs-kernel-server-debuginfo-2.1.1-150100.10.32.1 * nfs-client-2.1.1-150100.10.32.1 * nfs-kernel-server-2.1.1-150100.10.32.1 * nfs-client-debuginfo-2.1.1-150100.10.32.1 * nfs-utils-debuginfo-2.1.1-150100.10.32.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * nfs-utils-debugsource-2.1.1-150100.10.32.1 * nfs-kernel-server-debuginfo-2.1.1-150100.10.32.1 * nfs-client-2.1.1-150100.10.32.1 * nfs-kernel-server-2.1.1-150100.10.32.1 * nfs-client-debuginfo-2.1.1-150100.10.32.1 * nfs-utils-debuginfo-2.1.1-150100.10.32.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1200710 * https://bugzilla.suse.com/show_bug.cgi?id=1203746 * https://bugzilla.suse.com/show_bug.cgi?id=1206781 * https://bugzilla.suse.com/show_bug.cgi?id=1207022 * https://bugzilla.suse.com/show_bug.cgi?id=1207843 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Apr 27 16:31:09 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 27 Apr 2023 16:31:09 -0000 Subject: SUSE-RU-2023:0756-2: moderate: Recommended update for libappindicator Message-ID: <168261306954.21205.2933552648547503462@smelt2.suse.de> # Recommended update for libappindicator Announcement ID: SUSE-RU-2023:0756-2 Rating: moderate References: * #1207112 Affected Products: * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.4 An update that has one recommended fix can now be installed. ## Description: This update for libappindicator fixes the following issues: * Provide compatibility symbol required by Slack RPM package (bsc#1207112) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-756=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-756=1 ## Package List: * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * libappindicator3-debugsource-12.10.1+bzr20170215-150200.3.3.1 * libappindicator3-1-12.10.1+bzr20170215-150200.3.3.1 * libappindicator3-1-debuginfo-12.10.1+bzr20170215-150200.3.3.1 * typelib-1_0-AppIndicator3-0_1-12.10.1+bzr20170215-150200.3.3.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * libappindicator3-debugsource-12.10.1+bzr20170215-150200.3.3.1 * libappindicator3-1-12.10.1+bzr20170215-150200.3.3.1 * libappindicator3-1-debuginfo-12.10.1+bzr20170215-150200.3.3.1 * typelib-1_0-AppIndicator3-0_1-12.10.1+bzr20170215-150200.3.3.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1207112 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Apr 27 16:31:10 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 27 Apr 2023 16:31:10 -0000 Subject: SUSE-RU-2023:0622-2: moderate: Recommended update for tcl Message-ID: <168261307091.21205.10891358862265068835@smelt2.suse.de> # Recommended update for tcl Announcement ID: SUSE-RU-2023:0622-2 Rating: moderate References: * #1206623 Affected Products: * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.4 An update that has one recommended fix can now be installed. ## Description: This update for tcl fixes the following issues: * Fix string compare -length on big endian and improve string equal on little endian. (bsc#1206623) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-622=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-622=1 ## Package List: * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * tcl-8.6.12-150300.14.9.1 * tcl-debuginfo-8.6.12-150300.14.9.1 * tcl-debugsource-8.6.12-150300.14.9.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * tcl-8.6.12-150300.14.9.1 * tcl-debuginfo-8.6.12-150300.14.9.1 * tcl-debugsource-8.6.12-150300.14.9.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1206623 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Apr 28 07:06:12 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 28 Apr 2023 09:06:12 +0200 (CEST) Subject: SUSE-CU-2023:1305-1: Security update of suse/sles12sp4 Message-ID: <20230428070612.8F171F457@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp4 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1305-1 Container Tags : suse/sles12sp4:26.594 , suse/sles12sp4:latest Container Release : 26.594 Severity : moderate Type : security References : 1210411 1210412 CVE-2023-28484 CVE-2023-29469 ----------------------------------------------------------------- The container suse/sles12sp4 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2054-1 Released: Thu Apr 27 11:31:36 2023 Summary: Security update for libxml2 Type: security Severity: moderate References: 1210411,1210412,CVE-2023-28484,CVE-2023-29469 This update for libxml2 fixes the following issues: - CVE-2023-29469: Fixed inconsistent result when hashing empty strings (bsc#1210412). - CVE-2023-28484: Fixed NULL pointer dereference in xmlSchemaFixupComplexType (bsc#1210411). The following package changes have been done: - base-container-licenses-3.0-1.344 updated - container-suseconnect-2.0.0-1.227 updated - libxml2-2-2.9.4-46.62.1 updated From sle-updates at lists.suse.com Fri Apr 28 07:08:02 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 28 Apr 2023 09:08:02 +0200 (CEST) Subject: SUSE-CU-2023:1306-1: Security update of suse/sles12sp5 Message-ID: <20230428070802.18870F457@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp5 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1306-1 Container Tags : suse/sles12sp5:6.5.463 , suse/sles12sp5:latest Container Release : 6.5.463 Severity : moderate Type : security References : 1210411 1210412 CVE-2023-28484 CVE-2023-29469 ----------------------------------------------------------------- The container suse/sles12sp5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2054-1 Released: Thu Apr 27 11:31:36 2023 Summary: Security update for libxml2 Type: security Severity: moderate References: 1210411,1210412,CVE-2023-28484,CVE-2023-29469 This update for libxml2 fixes the following issues: - CVE-2023-29469: Fixed inconsistent result when hashing empty strings (bsc#1210412). - CVE-2023-28484: Fixed NULL pointer dereference in xmlSchemaFixupComplexType (bsc#1210411). The following package changes have been done: - libxml2-2-2.9.4-46.62.1 updated From sle-updates at lists.suse.com Fri Apr 28 07:10:33 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 28 Apr 2023 09:10:33 +0200 (CEST) Subject: SUSE-CU-2023:1307-1: Security update of suse/sle15 Message-ID: <20230428071033.8941FF457@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1307-1 Container Tags : suse/sle15:15.1 , suse/sle15:15.1.6.2.760 Container Release : 6.2.760 Severity : important Type : security References : 1065270 1199132 1204585 1210411 1210412 CVE-2021-3541 CVE-2022-29824 CVE-2023-28484 CVE-2023-29469 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2048-1 Released: Wed Apr 26 21:05:45 2023 Summary: Security update for libxml2 Type: security Severity: important References: 1065270,1199132,1204585,1210411,1210412,CVE-2021-3541,CVE-2022-29824,CVE-2023-28484,CVE-2023-29469 This update for libxml2 fixes the following issues: - CVE-2023-29469: Fixed inconsistent result when hashing empty strings (bsc#1210412). - CVE-2023-28484: Fixed NULL pointer dereference in xmlSchemaFixupComplexType (bsc#1210411). - CVE-2022-29824: Fixed integer overflow leading to out-of-bounds write in buf.c (bsc#1199132). The following non-security bugs were fixed: - Added W3C conformance tests to the testsuite (bsc#1204585). - Fixed NULL pointer dereference when parsing invalid data (glgo#libxml2!15) (bsc#1065270) . The following package changes have been done: - libxml2-2-2.9.7-150000.3.57.1 updated From sle-updates at lists.suse.com Fri Apr 28 07:12:27 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 28 Apr 2023 09:12:27 +0200 (CEST) Subject: SUSE-CU-2023:1308-1: Security update of suse/sle15 Message-ID: <20230428071227.91497F457@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1308-1 Container Tags : suse/sle15:15.2 , suse/sle15:15.2.9.5.288 Container Release : 9.5.288 Severity : important Type : security References : 1065270 1199132 1204585 1210411 1210412 CVE-2021-3541 CVE-2022-29824 CVE-2023-28484 CVE-2023-29469 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2048-1 Released: Wed Apr 26 21:05:45 2023 Summary: Security update for libxml2 Type: security Severity: important References: 1065270,1199132,1204585,1210411,1210412,CVE-2021-3541,CVE-2022-29824,CVE-2023-28484,CVE-2023-29469 This update for libxml2 fixes the following issues: - CVE-2023-29469: Fixed inconsistent result when hashing empty strings (bsc#1210412). - CVE-2023-28484: Fixed NULL pointer dereference in xmlSchemaFixupComplexType (bsc#1210411). - CVE-2022-29824: Fixed integer overflow leading to out-of-bounds write in buf.c (bsc#1199132). The following non-security bugs were fixed: - Added W3C conformance tests to the testsuite (bsc#1204585). - Fixed NULL pointer dereference when parsing invalid data (glgo#libxml2!15) (bsc#1065270) . The following package changes have been done: - libxml2-2-2.9.7-150000.3.57.1 updated From sle-updates at lists.suse.com Fri Apr 28 07:13:58 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 28 Apr 2023 09:13:58 +0200 (CEST) Subject: SUSE-CU-2023:1309-1: Security update of suse/sle15 Message-ID: <20230428071358.C8246F457@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1309-1 Container Tags : bci/bci-base:15.3 , bci/bci-base:15.3.17.20.128 , suse/sle15:15.3 , suse/sle15:15.3.17.20.128 Container Release : 17.20.128 Severity : important Type : security References : 1065270 1199132 1204585 1210411 1210412 CVE-2021-3541 CVE-2022-29824 CVE-2023-28484 CVE-2023-29469 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2048-1 Released: Wed Apr 26 21:05:45 2023 Summary: Security update for libxml2 Type: security Severity: important References: 1065270,1199132,1204585,1210411,1210412,CVE-2021-3541,CVE-2022-29824,CVE-2023-28484,CVE-2023-29469 This update for libxml2 fixes the following issues: - CVE-2023-29469: Fixed inconsistent result when hashing empty strings (bsc#1210412). - CVE-2023-28484: Fixed NULL pointer dereference in xmlSchemaFixupComplexType (bsc#1210411). - CVE-2022-29824: Fixed integer overflow leading to out-of-bounds write in buf.c (bsc#1199132). The following non-security bugs were fixed: - Added W3C conformance tests to the testsuite (bsc#1204585). - Fixed NULL pointer dereference when parsing invalid data (glgo#libxml2!15) (bsc#1065270) . The following package changes have been done: - libxml2-2-2.9.7-150000.3.57.1 updated From sle-updates at lists.suse.com Fri Apr 28 07:14:43 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 28 Apr 2023 09:14:43 +0200 (CEST) Subject: SUSE-CU-2023:1310-1: Security update of suse/389-ds Message-ID: <20230428071443.C2AA3F457@maintenance.suse.de> SUSE Container Update Advisory: suse/389-ds ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1310-1 Container Tags : suse/389-ds:2.0 , suse/389-ds:2.0-21.18 , suse/389-ds:latest Container Release : 21.18 Severity : moderate Type : security References : 1209918 1210411 1210412 CVE-2023-28484 CVE-2023-29469 ----------------------------------------------------------------- The container suse/389-ds was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2053-1 Released: Thu Apr 27 11:31:08 2023 Summary: Security update for libxml2 Type: security Severity: moderate References: 1209918,1210411,1210412,CVE-2023-28484,CVE-2023-29469 This update for libxml2 fixes the following issues: - CVE-2023-29469: Fixed inconsistent result when hashing empty strings (bsc#1210412). - CVE-2023-28484: Fixed NULL pointer dereference in xmlSchemaFixupComplexType (bsc#1210411). The following non-security bug was fixed: - Remove unneeded dependency (bsc#1209918). The following package changes have been done: - libxml2-2-2.9.14-150400.5.16.1 updated - container:sles15-image-15.0.0-27.14.55 updated From sle-updates at lists.suse.com Fri Apr 28 07:15:30 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 28 Apr 2023 09:15:30 +0200 (CEST) Subject: SUSE-CU-2023:1311-1: Security update of bci/dotnet-aspnet Message-ID: <20230428071530.56FA6F457@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1311-1 Container Tags : bci/dotnet-aspnet:6.0 , bci/dotnet-aspnet:6.0-31.14 , bci/dotnet-aspnet:6.0.16 , bci/dotnet-aspnet:6.0.16-31.14 Container Release : 31.14 Severity : moderate Type : security References : 1209918 1210411 1210412 CVE-2023-28484 CVE-2023-29469 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2053-1 Released: Thu Apr 27 11:31:08 2023 Summary: Security update for libxml2 Type: security Severity: moderate References: 1209918,1210411,1210412,CVE-2023-28484,CVE-2023-29469 This update for libxml2 fixes the following issues: - CVE-2023-29469: Fixed inconsistent result when hashing empty strings (bsc#1210412). - CVE-2023-28484: Fixed NULL pointer dereference in xmlSchemaFixupComplexType (bsc#1210411). The following non-security bug was fixed: - Remove unneeded dependency (bsc#1209918). The following package changes have been done: - libxml2-2-2.9.14-150400.5.16.1 updated - container:sles15-image-15.0.0-27.14.55 updated From sle-updates at lists.suse.com Fri Apr 28 07:15:40 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 28 Apr 2023 09:15:40 +0200 (CEST) Subject: SUSE-CU-2023:1312-1: Security update of bci/dotnet-aspnet Message-ID: <20230428071540.80EEEF457@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1312-1 Container Tags : bci/dotnet-aspnet:7.0 , bci/dotnet-aspnet:7.0-11.14 , bci/dotnet-aspnet:7.0.5 , bci/dotnet-aspnet:7.0.5-11.14 , bci/dotnet-aspnet:latest Container Release : 11.14 Severity : moderate Type : security References : 1209918 1210411 1210412 CVE-2023-28484 CVE-2023-29469 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2053-1 Released: Thu Apr 27 11:31:08 2023 Summary: Security update for libxml2 Type: security Severity: moderate References: 1209918,1210411,1210412,CVE-2023-28484,CVE-2023-29469 This update for libxml2 fixes the following issues: - CVE-2023-29469: Fixed inconsistent result when hashing empty strings (bsc#1210412). - CVE-2023-28484: Fixed NULL pointer dereference in xmlSchemaFixupComplexType (bsc#1210411). The following non-security bug was fixed: - Remove unneeded dependency (bsc#1209918). The following package changes have been done: - libxml2-2-2.9.14-150400.5.16.1 updated - container:sles15-image-15.0.0-27.14.55 updated From sle-updates at lists.suse.com Fri Apr 28 07:16:39 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 28 Apr 2023 09:16:39 +0200 (CEST) Subject: SUSE-CU-2023:1313-1: Security update of bci/dotnet-sdk Message-ID: <20230428071639.8C48DF457@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1313-1 Container Tags : bci/dotnet-sdk:6.0 , bci/dotnet-sdk:6.0-33.14 , bci/dotnet-sdk:6.0.16 , bci/dotnet-sdk:6.0.16-33.14 Container Release : 33.14 Severity : moderate Type : security References : 1209918 1210411 1210412 CVE-2023-28484 CVE-2023-29469 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2053-1 Released: Thu Apr 27 11:31:08 2023 Summary: Security update for libxml2 Type: security Severity: moderate References: 1209918,1210411,1210412,CVE-2023-28484,CVE-2023-29469 This update for libxml2 fixes the following issues: - CVE-2023-29469: Fixed inconsistent result when hashing empty strings (bsc#1210412). - CVE-2023-28484: Fixed NULL pointer dereference in xmlSchemaFixupComplexType (bsc#1210411). The following non-security bug was fixed: - Remove unneeded dependency (bsc#1209918). The following package changes have been done: - libxml2-2-2.9.14-150400.5.16.1 updated - container:sles15-image-15.0.0-27.14.55 updated From sle-updates at lists.suse.com Fri Apr 28 07:16:53 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 28 Apr 2023 09:16:53 +0200 (CEST) Subject: SUSE-CU-2023:1314-1: Security update of bci/dotnet-sdk Message-ID: <20230428071653.25E4AF457@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1314-1 Container Tags : bci/dotnet-sdk:7.0 , bci/dotnet-sdk:7.0-11.14 , bci/dotnet-sdk:7.0.5 , bci/dotnet-sdk:7.0.5-11.14 , bci/dotnet-sdk:latest Container Release : 11.14 Severity : moderate Type : security References : 1209918 1210411 1210412 CVE-2023-28484 CVE-2023-29469 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2053-1 Released: Thu Apr 27 11:31:08 2023 Summary: Security update for libxml2 Type: security Severity: moderate References: 1209918,1210411,1210412,CVE-2023-28484,CVE-2023-29469 This update for libxml2 fixes the following issues: - CVE-2023-29469: Fixed inconsistent result when hashing empty strings (bsc#1210412). - CVE-2023-28484: Fixed NULL pointer dereference in xmlSchemaFixupComplexType (bsc#1210411). The following non-security bug was fixed: - Remove unneeded dependency (bsc#1209918). The following package changes have been done: - libxml2-2-2.9.14-150400.5.16.1 updated - container:sles15-image-15.0.0-27.14.55 updated From sle-updates at lists.suse.com Fri Apr 28 07:17:39 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 28 Apr 2023 09:17:39 +0200 (CEST) Subject: SUSE-CU-2023:1315-1: Security update of bci/dotnet-runtime Message-ID: <20230428071739.5C95EF457@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1315-1 Container Tags : bci/dotnet-runtime:6.0 , bci/dotnet-runtime:6.0-30.14 , bci/dotnet-runtime:6.0.16 , bci/dotnet-runtime:6.0.16-30.14 Container Release : 30.14 Severity : moderate Type : security References : 1209918 1210411 1210412 CVE-2023-28484 CVE-2023-29469 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2053-1 Released: Thu Apr 27 11:31:08 2023 Summary: Security update for libxml2 Type: security Severity: moderate References: 1209918,1210411,1210412,CVE-2023-28484,CVE-2023-29469 This update for libxml2 fixes the following issues: - CVE-2023-29469: Fixed inconsistent result when hashing empty strings (bsc#1210412). - CVE-2023-28484: Fixed NULL pointer dereference in xmlSchemaFixupComplexType (bsc#1210411). The following non-security bug was fixed: - Remove unneeded dependency (bsc#1209918). The following package changes have been done: - libxml2-2-2.9.14-150400.5.16.1 updated - container:sles15-image-15.0.0-27.14.55 updated From sle-updates at lists.suse.com Fri Apr 28 07:17:48 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 28 Apr 2023 09:17:48 +0200 (CEST) Subject: SUSE-CU-2023:1316-1: Security update of bci/dotnet-runtime Message-ID: <20230428071748.04D77F457@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1316-1 Container Tags : bci/dotnet-runtime:7.0 , bci/dotnet-runtime:7.0-11.14 , bci/dotnet-runtime:7.0.5 , bci/dotnet-runtime:7.0.5-11.14 , bci/dotnet-runtime:latest Container Release : 11.14 Severity : moderate Type : security References : 1209918 1210411 1210412 CVE-2023-28484 CVE-2023-29469 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2053-1 Released: Thu Apr 27 11:31:08 2023 Summary: Security update for libxml2 Type: security Severity: moderate References: 1209918,1210411,1210412,CVE-2023-28484,CVE-2023-29469 This update for libxml2 fixes the following issues: - CVE-2023-29469: Fixed inconsistent result when hashing empty strings (bsc#1210412). - CVE-2023-28484: Fixed NULL pointer dereference in xmlSchemaFixupComplexType (bsc#1210411). The following non-security bug was fixed: - Remove unneeded dependency (bsc#1209918). The following package changes have been done: - libxml2-2-2.9.14-150400.5.16.1 updated - container:sles15-image-15.0.0-27.14.55 updated From sle-updates at lists.suse.com Fri Apr 28 07:18:20 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 28 Apr 2023 09:18:20 +0200 (CEST) Subject: SUSE-CU-2023:1317-1: Security update of bci/golang Message-ID: <20230428071820.B5EFDF457@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1317-1 Container Tags : bci/golang:1.19 , bci/golang:1.19-22.41 Container Release : 22.41 Severity : moderate Type : security References : 1209918 1210411 1210412 CVE-2023-28484 CVE-2023-29469 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2053-1 Released: Thu Apr 27 11:31:08 2023 Summary: Security update for libxml2 Type: security Severity: moderate References: 1209918,1210411,1210412,CVE-2023-28484,CVE-2023-29469 This update for libxml2 fixes the following issues: - CVE-2023-29469: Fixed inconsistent result when hashing empty strings (bsc#1210412). - CVE-2023-28484: Fixed NULL pointer dereference in xmlSchemaFixupComplexType (bsc#1210411). The following non-security bug was fixed: - Remove unneeded dependency (bsc#1209918). The following package changes have been done: - libxml2-2-2.9.14-150400.5.16.1 updated - container:sles15-image-15.0.0-27.14.55 updated From sle-updates at lists.suse.com Fri Apr 28 07:18:28 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 28 Apr 2023 09:18:28 +0200 (CEST) Subject: SUSE-CU-2023:1318-1: Security update of bci/golang Message-ID: <20230428071828.2DA96F457@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1318-1 Container Tags : bci/golang:1.20 , bci/golang:1.20-2.40 , bci/golang:latest Container Release : 2.40 Severity : moderate Type : security References : 1209918 1210411 1210412 CVE-2023-28484 CVE-2023-29469 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2053-1 Released: Thu Apr 27 11:31:08 2023 Summary: Security update for libxml2 Type: security Severity: moderate References: 1209918,1210411,1210412,CVE-2023-28484,CVE-2023-29469 This update for libxml2 fixes the following issues: - CVE-2023-29469: Fixed inconsistent result when hashing empty strings (bsc#1210412). - CVE-2023-28484: Fixed NULL pointer dereference in xmlSchemaFixupComplexType (bsc#1210411). The following non-security bug was fixed: - Remove unneeded dependency (bsc#1209918). The following package changes have been done: - libxml2-2-2.9.14-150400.5.16.1 updated - container:sles15-image-15.0.0-27.14.55 updated From sle-updates at lists.suse.com Fri Apr 28 07:19:13 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 28 Apr 2023 09:19:13 +0200 (CEST) Subject: SUSE-CU-2023:1319-1: Security update of bci/bci-init Message-ID: <20230428071913.58018F457@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1319-1 Container Tags : bci/bci-init:15.4 , bci/bci-init:15.4.26.44 , bci/bci-init:latest Container Release : 26.44 Severity : moderate Type : security References : 1209918 1210411 1210412 CVE-2023-28484 CVE-2023-29469 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2053-1 Released: Thu Apr 27 11:31:08 2023 Summary: Security update for libxml2 Type: security Severity: moderate References: 1209918,1210411,1210412,CVE-2023-28484,CVE-2023-29469 This update for libxml2 fixes the following issues: - CVE-2023-29469: Fixed inconsistent result when hashing empty strings (bsc#1210412). - CVE-2023-28484: Fixed NULL pointer dereference in xmlSchemaFixupComplexType (bsc#1210411). The following non-security bug was fixed: - Remove unneeded dependency (bsc#1209918). The following package changes have been done: - libxml2-2-2.9.14-150400.5.16.1 updated - container:sles15-image-15.0.0-27.14.55 updated From sle-updates at lists.suse.com Fri Apr 28 07:19:50 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 28 Apr 2023 09:19:50 +0200 (CEST) Subject: SUSE-CU-2023:1320-1: Security update of bci/nodejs Message-ID: <20230428071950.76B5BF457@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1320-1 Container Tags : bci/node:16 , bci/node:16-15.42 , bci/nodejs:16 , bci/nodejs:16-15.42 Container Release : 15.42 Severity : moderate Type : security References : 1209918 1210411 1210412 CVE-2023-28484 CVE-2023-29469 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2053-1 Released: Thu Apr 27 11:31:08 2023 Summary: Security update for libxml2 Type: security Severity: moderate References: 1209918,1210411,1210412,CVE-2023-28484,CVE-2023-29469 This update for libxml2 fixes the following issues: - CVE-2023-29469: Fixed inconsistent result when hashing empty strings (bsc#1210412). - CVE-2023-28484: Fixed NULL pointer dereference in xmlSchemaFixupComplexType (bsc#1210411). The following non-security bug was fixed: - Remove unneeded dependency (bsc#1209918). The following package changes have been done: - libxml2-2-2.9.14-150400.5.16.1 updated - container:sles15-image-15.0.0-27.14.55 updated From sle-updates at lists.suse.com Fri Apr 28 07:20:01 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 28 Apr 2023 09:20:01 +0200 (CEST) Subject: SUSE-CU-2023:1321-1: Security update of bci/nodejs Message-ID: <20230428072001.1AEF4F457@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1321-1 Container Tags : bci/node:18 , bci/node:18-3.41 , bci/node:latest , bci/nodejs:18 , bci/nodejs:18-3.41 , bci/nodejs:latest Container Release : 3.41 Severity : moderate Type : security References : 1209918 1210411 1210412 CVE-2023-28484 CVE-2023-29469 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2053-1 Released: Thu Apr 27 11:31:08 2023 Summary: Security update for libxml2 Type: security Severity: moderate References: 1209918,1210411,1210412,CVE-2023-28484,CVE-2023-29469 This update for libxml2 fixes the following issues: - CVE-2023-29469: Fixed inconsistent result when hashing empty strings (bsc#1210412). - CVE-2023-28484: Fixed NULL pointer dereference in xmlSchemaFixupComplexType (bsc#1210411). The following non-security bug was fixed: - Remove unneeded dependency (bsc#1209918). The following package changes have been done: - libxml2-2-2.9.14-150400.5.16.1 updated - container:sles15-image-15.0.0-27.14.55 updated From sle-updates at lists.suse.com Fri Apr 28 07:21:03 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 28 Apr 2023 09:21:03 +0200 (CEST) Subject: SUSE-CU-2023:1322-1: Security update of bci/openjdk-devel Message-ID: <20230428072103.18A9DF457@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1322-1 Container Tags : bci/openjdk-devel:11 , bci/openjdk-devel:11-39.80 Container Release : 39.80 Severity : moderate Type : security References : 1209713 1209714 1209918 1210135 1210411 1210412 CVE-2023-24593 CVE-2023-25180 CVE-2023-28484 CVE-2023-29469 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2053-1 Released: Thu Apr 27 11:31:08 2023 Summary: Security update for libxml2 Type: security Severity: moderate References: 1209918,1210411,1210412,CVE-2023-28484,CVE-2023-29469 This update for libxml2 fixes the following issues: - CVE-2023-29469: Fixed inconsistent result when hashing empty strings (bsc#1210412). - CVE-2023-28484: Fixed NULL pointer dereference in xmlSchemaFixupComplexType (bsc#1210411). The following non-security bug was fixed: - Remove unneeded dependency (bsc#1209918). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2060-1 Released: Thu Apr 27 17:04:25 2023 Summary: Security update for glib2 Type: security Severity: moderate References: 1209713,1209714,1210135,CVE-2023-24593,CVE-2023-25180 This update for glib2 fixes the following issues: - CVE-2023-24593: Fixed a denial of service caused by handling a malicious text-form variant (bsc#1209714). - CVE-2023-25180: Fixed a denial of service caused by malicious serialised variant (bsc#1209713). The following non-security bug was fixed: - Fixed regression on s390x (bsc#1210135, glgo#GNOME/glib!2978). The following package changes have been done: - libglib-2_0-0-2.70.5-150400.3.8.1 updated - libxml2-2-2.9.14-150400.5.16.1 updated - container:bci-openjdk-11-15.4.11-35.40 updated From sle-updates at lists.suse.com Fri Apr 28 07:21:51 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 28 Apr 2023 09:21:51 +0200 (CEST) Subject: SUSE-CU-2023:1323-1: Security update of bci/openjdk Message-ID: <20230428072151.D6866F457@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1323-1 Container Tags : bci/openjdk:11 , bci/openjdk:11-35.41 Container Release : 35.41 Severity : moderate Type : security References : 1209713 1209714 1209918 1210135 1210411 1210412 CVE-2023-24593 CVE-2023-25180 CVE-2023-28484 CVE-2023-29469 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2053-1 Released: Thu Apr 27 11:31:08 2023 Summary: Security update for libxml2 Type: security Severity: moderate References: 1209918,1210411,1210412,CVE-2023-28484,CVE-2023-29469 This update for libxml2 fixes the following issues: - CVE-2023-29469: Fixed inconsistent result when hashing empty strings (bsc#1210412). - CVE-2023-28484: Fixed NULL pointer dereference in xmlSchemaFixupComplexType (bsc#1210411). The following non-security bug was fixed: - Remove unneeded dependency (bsc#1209918). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2060-1 Released: Thu Apr 27 17:04:25 2023 Summary: Security update for glib2 Type: security Severity: moderate References: 1209713,1209714,1210135,CVE-2023-24593,CVE-2023-25180 This update for glib2 fixes the following issues: - CVE-2023-24593: Fixed a denial of service caused by handling a malicious text-form variant (bsc#1209714). - CVE-2023-25180: Fixed a denial of service caused by malicious serialised variant (bsc#1209713). The following non-security bug was fixed: - Fixed regression on s390x (bsc#1210135, glgo#GNOME/glib!2978). The following package changes have been done: - libglib-2_0-0-2.70.5-150400.3.8.1 updated - libxml2-2-2.9.14-150400.5.16.1 updated - container:sles15-image-15.0.0-27.14.55 updated From sle-updates at lists.suse.com Fri Apr 28 07:22:23 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 28 Apr 2023 09:22:23 +0200 (CEST) Subject: SUSE-CU-2023:1324-1: Security update of bci/openjdk-devel Message-ID: <20230428072223.0A1A6F457@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1324-1 Container Tags : bci/openjdk-devel:17 , bci/openjdk-devel:17-14.78 , bci/openjdk-devel:latest Container Release : 14.78 Severity : moderate Type : security References : 1209918 1210411 1210412 CVE-2023-28484 CVE-2023-29469 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2053-1 Released: Thu Apr 27 11:31:08 2023 Summary: Security update for libxml2 Type: security Severity: moderate References: 1209918,1210411,1210412,CVE-2023-28484,CVE-2023-29469 This update for libxml2 fixes the following issues: - CVE-2023-29469: Fixed inconsistent result when hashing empty strings (bsc#1210412). - CVE-2023-28484: Fixed NULL pointer dereference in xmlSchemaFixupComplexType (bsc#1210411). The following non-security bug was fixed: - Remove unneeded dependency (bsc#1209918). The following package changes have been done: - libxml2-2-2.9.14-150400.5.16.1 updated - container:bci-openjdk-17-15.4.17-13.41 updated From sle-updates at lists.suse.com Fri Apr 28 07:22:43 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 28 Apr 2023 09:22:43 +0200 (CEST) Subject: SUSE-CU-2023:1325-1: Security update of bci/openjdk Message-ID: <20230428072243.47AEFF457@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1325-1 Container Tags : bci/openjdk:17 , bci/openjdk:17-13.42 , bci/openjdk:latest Container Release : 13.42 Severity : moderate Type : security References : 1209918 1210411 1210412 CVE-2023-28484 CVE-2023-29469 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2053-1 Released: Thu Apr 27 11:31:08 2023 Summary: Security update for libxml2 Type: security Severity: moderate References: 1209918,1210411,1210412,CVE-2023-28484,CVE-2023-29469 This update for libxml2 fixes the following issues: - CVE-2023-29469: Fixed inconsistent result when hashing empty strings (bsc#1210412). - CVE-2023-28484: Fixed NULL pointer dereference in xmlSchemaFixupComplexType (bsc#1210411). The following non-security bug was fixed: - Remove unneeded dependency (bsc#1209918). The following package changes have been done: - libxml2-2-2.9.14-150400.5.16.1 updated - container:sles15-image-15.0.0-27.14.55 updated From sle-updates at lists.suse.com Fri Apr 28 07:28:50 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 28 Apr 2023 09:28:50 +0200 (CEST) Subject: SUSE-CU-2023:1325-1: Security update of bci/openjdk Message-ID: <20230428072850.0AF7EF457@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1325-1 Container Tags : bci/openjdk:17 , bci/openjdk:17-13.42 , bci/openjdk:latest Container Release : 13.42 Severity : moderate Type : security References : 1209918 1210411 1210412 CVE-2023-28484 CVE-2023-29469 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2053-1 Released: Thu Apr 27 11:31:08 2023 Summary: Security update for libxml2 Type: security Severity: moderate References: 1209918,1210411,1210412,CVE-2023-28484,CVE-2023-29469 This update for libxml2 fixes the following issues: - CVE-2023-29469: Fixed inconsistent result when hashing empty strings (bsc#1210412). - CVE-2023-28484: Fixed NULL pointer dereference in xmlSchemaFixupComplexType (bsc#1210411). The following non-security bug was fixed: - Remove unneeded dependency (bsc#1209918). The following package changes have been done: - libxml2-2-2.9.14-150400.5.16.1 updated - container:sles15-image-15.0.0-27.14.55 updated From sle-updates at lists.suse.com Fri Apr 28 07:29:45 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 28 Apr 2023 09:29:45 +0200 (CEST) Subject: SUSE-CU-2023:1326-1: Security update of suse/pcp Message-ID: <20230428072945.8E79AF457@maintenance.suse.de> SUSE Container Update Advisory: suse/pcp ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1326-1 Container Tags : suse/pcp:5 , suse/pcp:5-14.27 , suse/pcp:5.2 , suse/pcp:5.2-14.27 , suse/pcp:5.2.5 , suse/pcp:5.2.5-14.27 , suse/pcp:latest Container Release : 14.27 Severity : moderate Type : security References : 1209918 1210411 1210412 CVE-2023-28484 CVE-2023-29469 ----------------------------------------------------------------- The container suse/pcp was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2053-1 Released: Thu Apr 27 11:31:08 2023 Summary: Security update for libxml2 Type: security Severity: moderate References: 1209918,1210411,1210412,CVE-2023-28484,CVE-2023-29469 This update for libxml2 fixes the following issues: - CVE-2023-29469: Fixed inconsistent result when hashing empty strings (bsc#1210412). - CVE-2023-28484: Fixed NULL pointer dereference in xmlSchemaFixupComplexType (bsc#1210411). The following non-security bug was fixed: - Remove unneeded dependency (bsc#1209918). The following package changes have been done: - libxml2-2-2.9.14-150400.5.16.1 updated - container:bci-bci-init-15.4-15.4-26.44 updated From sle-updates at lists.suse.com Fri Apr 28 07:29:52 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 28 Apr 2023 09:29:52 +0200 (CEST) Subject: SUSE-CU-2023:1327-1: Security update of bci/php-apache Message-ID: <20230428072952.2510EF457@maintenance.suse.de> SUSE Container Update Advisory: bci/php-apache ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1327-1 Container Tags : bci/php-apache:8 , bci/php-apache:8-2.39 Container Release : 2.39 Severity : moderate Type : security References : 1209918 1210411 1210412 CVE-2023-28484 CVE-2023-29469 ----------------------------------------------------------------- The container bci/php-apache was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2053-1 Released: Thu Apr 27 11:31:08 2023 Summary: Security update for libxml2 Type: security Severity: moderate References: 1209918,1210411,1210412,CVE-2023-28484,CVE-2023-29469 This update for libxml2 fixes the following issues: - CVE-2023-29469: Fixed inconsistent result when hashing empty strings (bsc#1210412). - CVE-2023-28484: Fixed NULL pointer dereference in xmlSchemaFixupComplexType (bsc#1210411). The following non-security bug was fixed: - Remove unneeded dependency (bsc#1209918). The following package changes have been done: - libxml2-2-2.9.14-150400.5.16.1 updated - container:sles15-image-15.0.0-27.14.55 updated From sle-updates at lists.suse.com Fri Apr 28 07:29:58 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 28 Apr 2023 09:29:58 +0200 (CEST) Subject: SUSE-CU-2023:1328-1: Security update of bci/php-fpm Message-ID: <20230428072958.80E14F457@maintenance.suse.de> SUSE Container Update Advisory: bci/php-fpm ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1328-1 Container Tags : bci/php-fpm:8 , bci/php-fpm:8-2.38 Container Release : 2.38 Severity : moderate Type : security References : 1209918 1210411 1210412 CVE-2023-28484 CVE-2023-29469 ----------------------------------------------------------------- The container bci/php-fpm was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2053-1 Released: Thu Apr 27 11:31:08 2023 Summary: Security update for libxml2 Type: security Severity: moderate References: 1209918,1210411,1210412,CVE-2023-28484,CVE-2023-29469 This update for libxml2 fixes the following issues: - CVE-2023-29469: Fixed inconsistent result when hashing empty strings (bsc#1210412). - CVE-2023-28484: Fixed NULL pointer dereference in xmlSchemaFixupComplexType (bsc#1210411). The following non-security bug was fixed: - Remove unneeded dependency (bsc#1209918). The following package changes have been done: - libxml2-2-2.9.14-150400.5.16.1 updated - container:sles15-image-15.0.0-27.14.55 updated From sle-updates at lists.suse.com Fri Apr 28 07:30:05 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 28 Apr 2023 09:30:05 +0200 (CEST) Subject: SUSE-CU-2023:1329-1: Security update of bci/php Message-ID: <20230428073005.E45C0F457@maintenance.suse.de> SUSE Container Update Advisory: bci/php ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1329-1 Container Tags : bci/php:8 , bci/php:8-2.38 Container Release : 2.38 Severity : moderate Type : security References : 1209918 1210411 1210412 CVE-2023-28484 CVE-2023-29469 ----------------------------------------------------------------- The container bci/php was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2053-1 Released: Thu Apr 27 11:31:08 2023 Summary: Security update for libxml2 Type: security Severity: moderate References: 1209918,1210411,1210412,CVE-2023-28484,CVE-2023-29469 This update for libxml2 fixes the following issues: - CVE-2023-29469: Fixed inconsistent result when hashing empty strings (bsc#1210412). - CVE-2023-28484: Fixed NULL pointer dereference in xmlSchemaFixupComplexType (bsc#1210411). The following non-security bug was fixed: - Remove unneeded dependency (bsc#1209918). The following package changes have been done: - libxml2-2-2.9.14-150400.5.16.1 updated - container:sles15-image-15.0.0-27.14.55 updated From sle-updates at lists.suse.com Fri Apr 28 07:30:09 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 28 Apr 2023 09:30:09 +0200 (CEST) Subject: SUSE-CU-2023:1330-1: Security update of suse/postgres Message-ID: <20230428073009.0F5C8F457@maintenance.suse.de> SUSE Container Update Advisory: suse/postgres ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1330-1 Container Tags : suse/postgres:14 , suse/postgres:14-20.15 , suse/postgres:14.7 , suse/postgres:14.7-20.15 Container Release : 20.15 Severity : moderate Type : security References : 1209918 1210411 1210412 CVE-2023-28484 CVE-2023-29469 ----------------------------------------------------------------- The container suse/postgres was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2053-1 Released: Thu Apr 27 11:31:08 2023 Summary: Security update for libxml2 Type: security Severity: moderate References: 1209918,1210411,1210412,CVE-2023-28484,CVE-2023-29469 This update for libxml2 fixes the following issues: - CVE-2023-29469: Fixed inconsistent result when hashing empty strings (bsc#1210412). - CVE-2023-28484: Fixed NULL pointer dereference in xmlSchemaFixupComplexType (bsc#1210411). The following non-security bug was fixed: - Remove unneeded dependency (bsc#1209918). The following package changes have been done: - libxml2-2-2.9.14-150400.5.16.1 updated - container:sles15-image-15.0.0-27.14.55 updated From sle-updates at lists.suse.com Fri Apr 28 07:30:10 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 28 Apr 2023 09:30:10 +0200 (CEST) Subject: SUSE-CU-2023:1331-1: Security update of suse/postgres Message-ID: <20230428073010.D1C53F457@maintenance.suse.de> SUSE Container Update Advisory: suse/postgres ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1331-1 Container Tags : suse/postgres:15 , suse/postgres:15-4.16 , suse/postgres:15.2 , suse/postgres:15.2-4.16 , suse/postgres:latest Container Release : 4.16 Severity : moderate Type : security References : 1209918 1210411 1210412 CVE-2023-28484 CVE-2023-29469 ----------------------------------------------------------------- The container suse/postgres was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2053-1 Released: Thu Apr 27 11:31:08 2023 Summary: Security update for libxml2 Type: security Severity: moderate References: 1209918,1210411,1210412,CVE-2023-28484,CVE-2023-29469 This update for libxml2 fixes the following issues: - CVE-2023-29469: Fixed inconsistent result when hashing empty strings (bsc#1210412). - CVE-2023-28484: Fixed NULL pointer dereference in xmlSchemaFixupComplexType (bsc#1210411). The following non-security bug was fixed: - Remove unneeded dependency (bsc#1209918). The following package changes have been done: - libxml2-2-2.9.14-150400.5.16.1 updated - container:sles15-image-15.0.0-27.14.55 updated From sle-updates at lists.suse.com Fri Apr 28 07:30:53 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 28 Apr 2023 09:30:53 +0200 (CEST) Subject: SUSE-CU-2023:1332-1: Security update of bci/python Message-ID: <20230428073053.74052F457@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1332-1 Container Tags : bci/python:3 , bci/python:3-12.38 , bci/python:3.10 , bci/python:3.10-12.38 , bci/python:latest Container Release : 12.38 Severity : moderate Type : security References : 1209918 1210411 1210412 CVE-2023-28484 CVE-2023-29469 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2053-1 Released: Thu Apr 27 11:31:08 2023 Summary: Security update for libxml2 Type: security Severity: moderate References: 1209918,1210411,1210412,CVE-2023-28484,CVE-2023-29469 This update for libxml2 fixes the following issues: - CVE-2023-29469: Fixed inconsistent result when hashing empty strings (bsc#1210412). - CVE-2023-28484: Fixed NULL pointer dereference in xmlSchemaFixupComplexType (bsc#1210411). The following non-security bug was fixed: - Remove unneeded dependency (bsc#1209918). The following package changes have been done: - libxml2-2-2.9.14-150400.5.16.1 updated - container:sles15-image-15.0.0-27.14.55 updated From sle-updates at lists.suse.com Fri Apr 28 07:31:38 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 28 Apr 2023 09:31:38 +0200 (CEST) Subject: SUSE-CU-2023:1333-1: Security update of bci/python Message-ID: <20230428073138.ACC31F457@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1333-1 Container Tags : bci/python:3 , bci/python:3-35.38 , bci/python:3.6 , bci/python:3.6-35.38 Container Release : 35.38 Severity : moderate Type : security References : 1209918 1210411 1210412 CVE-2023-28484 CVE-2023-29469 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2053-1 Released: Thu Apr 27 11:31:08 2023 Summary: Security update for libxml2 Type: security Severity: moderate References: 1209918,1210411,1210412,CVE-2023-28484,CVE-2023-29469 This update for libxml2 fixes the following issues: - CVE-2023-29469: Fixed inconsistent result when hashing empty strings (bsc#1210412). - CVE-2023-28484: Fixed NULL pointer dereference in xmlSchemaFixupComplexType (bsc#1210411). The following non-security bug was fixed: - Remove unneeded dependency (bsc#1209918). The following package changes have been done: - libxml2-2-2.9.14-150400.5.16.1 updated - container:sles15-image-15.0.0-27.14.55 updated From sle-updates at lists.suse.com Fri Apr 28 07:32:19 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 28 Apr 2023 09:32:19 +0200 (CEST) Subject: SUSE-CU-2023:1334-1: Security update of bci/ruby Message-ID: <20230428073219.94925F457@maintenance.suse.de> SUSE Container Update Advisory: bci/ruby ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1334-1 Container Tags : bci/ruby:2 , bci/ruby:2-34.37 , bci/ruby:2.5 , bci/ruby:2.5-34.37 , bci/ruby:latest Container Release : 34.37 Severity : moderate Type : security References : 1209918 1210411 1210412 CVE-2023-28484 CVE-2023-29469 ----------------------------------------------------------------- The container bci/ruby was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2053-1 Released: Thu Apr 27 11:31:08 2023 Summary: Security update for libxml2 Type: security Severity: moderate References: 1209918,1210411,1210412,CVE-2023-28484,CVE-2023-29469 This update for libxml2 fixes the following issues: - CVE-2023-29469: Fixed inconsistent result when hashing empty strings (bsc#1210412). - CVE-2023-28484: Fixed NULL pointer dereference in xmlSchemaFixupComplexType (bsc#1210411). The following non-security bug was fixed: - Remove unneeded dependency (bsc#1209918). The following package changes have been done: - libxml2-2-2.9.14-150400.5.16.1 updated - container:sles15-image-15.0.0-27.14.55 updated From sle-updates at lists.suse.com Fri Apr 28 07:32:29 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 28 Apr 2023 09:32:29 +0200 (CEST) Subject: SUSE-CU-2023:1335-1: Security update of bci/rust Message-ID: <20230428073229.3DE27F457@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1335-1 Container Tags : bci/rust:1.67 , bci/rust:1.67-4.13 Container Release : 4.13 Severity : moderate Type : security References : 1209918 1210411 1210412 CVE-2023-28484 CVE-2023-29469 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2053-1 Released: Thu Apr 27 11:31:08 2023 Summary: Security update for libxml2 Type: security Severity: moderate References: 1209918,1210411,1210412,CVE-2023-28484,CVE-2023-29469 This update for libxml2 fixes the following issues: - CVE-2023-29469: Fixed inconsistent result when hashing empty strings (bsc#1210412). - CVE-2023-28484: Fixed NULL pointer dereference in xmlSchemaFixupComplexType (bsc#1210411). The following non-security bug was fixed: - Remove unneeded dependency (bsc#1209918). The following package changes have been done: - libxml2-2-2.9.14-150400.5.16.1 updated - container:sles15-image-15.0.0-27.14.55 updated From sle-updates at lists.suse.com Fri Apr 28 07:32:31 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 28 Apr 2023 09:32:31 +0200 (CEST) Subject: SUSE-CU-2023:1336-1: Security update of bci/rust Message-ID: <20230428073231.84C16F457@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1336-1 Container Tags : bci/rust:1.68 , bci/rust:1.68-2.13 , bci/rust:latest Container Release : 2.13 Severity : moderate Type : security References : 1209918 1210411 1210412 CVE-2023-28484 CVE-2023-29469 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2053-1 Released: Thu Apr 27 11:31:08 2023 Summary: Security update for libxml2 Type: security Severity: moderate References: 1209918,1210411,1210412,CVE-2023-28484,CVE-2023-29469 This update for libxml2 fixes the following issues: - CVE-2023-29469: Fixed inconsistent result when hashing empty strings (bsc#1210412). - CVE-2023-28484: Fixed NULL pointer dereference in xmlSchemaFixupComplexType (bsc#1210411). The following non-security bug was fixed: - Remove unneeded dependency (bsc#1209918). The following package changes have been done: - libxml2-2-2.9.14-150400.5.16.1 updated - container:sles15-image-15.0.0-27.14.55 updated From sle-updates at lists.suse.com Fri Apr 28 07:33:05 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 28 Apr 2023 09:33:05 +0200 (CEST) Subject: SUSE-CU-2023:1337-1: Security update of suse/sle15 Message-ID: <20230428073305.ACCE8F457@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1337-1 Container Tags : bci/bci-base:15.4 , bci/bci-base:15.4.27.14.55 , suse/sle15:15.4 , suse/sle15:15.4.27.14.55 Container Release : 27.14.55 Severity : moderate Type : security References : 1209713 1209714 1209918 1210135 1210411 1210412 CVE-2023-24593 CVE-2023-25180 CVE-2023-28484 CVE-2023-29469 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2053-1 Released: Thu Apr 27 11:31:08 2023 Summary: Security update for libxml2 Type: security Severity: moderate References: 1209918,1210411,1210412,CVE-2023-28484,CVE-2023-29469 This update for libxml2 fixes the following issues: - CVE-2023-29469: Fixed inconsistent result when hashing empty strings (bsc#1210412). - CVE-2023-28484: Fixed NULL pointer dereference in xmlSchemaFixupComplexType (bsc#1210411). The following non-security bug was fixed: - Remove unneeded dependency (bsc#1209918). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2060-1 Released: Thu Apr 27 17:04:25 2023 Summary: Security update for glib2 Type: security Severity: moderate References: 1209713,1209714,1210135,CVE-2023-24593,CVE-2023-25180 This update for glib2 fixes the following issues: - CVE-2023-24593: Fixed a denial of service caused by handling a malicious text-form variant (bsc#1209714). - CVE-2023-25180: Fixed a denial of service caused by malicious serialised variant (bsc#1209713). The following non-security bug was fixed: - Fixed regression on s390x (bsc#1210135, glgo#GNOME/glib!2978). The following package changes have been done: - libglib-2_0-0-2.70.5-150400.3.8.1 updated - libxml2-2-2.9.14-150400.5.16.1 updated From sle-updates at lists.suse.com Fri Apr 28 07:33:35 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 28 Apr 2023 09:33:35 +0200 (CEST) Subject: SUSE-CU-2023:1338-1: Security update of caasp/v4/helm-tiller Message-ID: <20230428073335.144FFF457@maintenance.suse.de> SUSE Container Update Advisory: caasp/v4/helm-tiller ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1338-1 Container Tags : caasp/v4/helm-tiller:2.16.12 , caasp/v4/helm-tiller:2.16.12-rev3 , caasp/v4/helm-tiller:2.16.12-rev3-build3.12.472 Container Release : 3.12.472 Severity : critical Type : security References : 1040589 1065270 1082318 1099272 1115529 1121227 1121230 1122004 1122021 1128846 1148309 1159635 1160285 1162964 1172113 1172427 1173277 1174075 1174911 1178233 1180065 1180689 1180995 1181475 1181826 1182959 1184501 1185637 1187512 1187906 1189152 1189282 1189802 1190447 1190926 1191157 1191502 1192951 1193007 1193489 1193625 1193659 1193759 1193805 1193841 1194038 1194229 1194550 1194597 1194640 1194642 1194768 1194770 1194848 1194883 1194898 1195149 1195258 1195283 1195326 1195468 1195529 1195560 1195628 1195654 1195773 1195792 1195856 1195899 1195999 1196036 1196061 1196093 1196107 1196167 1196275 1196317 1196368 1196406 1196490 1196514 1196840 1196861 1196877 1196925 1196939 1197004 1197004 1197024 1197065 1197134 1197178 1197443 1197459 1197684 1197771 1197794 1198062 1198341 1198446 1198627 1198731 1198752 1198925 1199042 1199132 1199132 1199140 1199166 1199223 1199224 1199232 1199240 1199492 1199895 1199918 1199926 1199927 1199944 1200170 1200528 1200550 1200735 1200737 1200800 1200842 1200993 1201092 1201099 1201225 1201576 1201638 1201680 1201783 1201959 1201972 1201978 1202020 1202175 1202593 1203248 1203249 1203649 1203652 1203652 1203715 1204357 1204366 1204367 1204383 1204548 1204585 1204585 1204690 1204956 1205126 1205570 1205636 1205646 1206337 1206412 1206469 1206579 1206949 1207533 1207534 1207536 1209624 1209873 1209878 1210096 1210411 1210412 CVE-2015-8985 CVE-2016-3709 CVE-2018-20573 CVE-2018-20574 CVE-2018-25032 CVE-2019-19906 CVE-2019-6285 CVE-2019-6292 CVE-2020-14367 CVE-2020-29362 CVE-2021-22570 CVE-2021-3541 CVE-2021-36690 CVE-2021-3999 CVE-2021-4209 CVE-2021-46828 CVE-2021-46848 CVE-2022-0778 CVE-2022-1271 CVE-2022-1292 CVE-2022-1304 CVE-2022-1586 CVE-2022-1664 CVE-2022-1996 CVE-2022-2068 CVE-2022-2097 CVE-2022-23218 CVE-2022-23219 CVE-2022-23308 CVE-2022-23525 CVE-2022-24407 CVE-2022-2509 CVE-2022-27781 CVE-2022-27782 CVE-2022-29155 CVE-2022-29458 CVE-2022-29824 CVE-2022-29824 CVE-2022-32206 CVE-2022-32208 CVE-2022-32221 CVE-2022-34903 CVE-2022-3515 CVE-2022-35252 CVE-2022-35737 CVE-2022-37434 CVE-2022-40303 CVE-2022-40304 CVE-2022-42898 CVE-2022-4304 CVE-2022-46908 CVE-2022-47629 CVE-2023-0215 CVE-2023-0286 CVE-2023-0464 CVE-2023-0465 CVE-2023-0466 CVE-2023-28484 CVE-2023-29469 ----------------------------------------------------------------- The container caasp/v4/helm-tiller was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:337-1 Released: Fri Feb 4 10:24:28 2022 Summary: Recommended update for libzypp Type: recommended Severity: important References: 1193007,1194597,1194898 This update for libzypp fixes the following issues: - RepoManager: remember execution errors in exception history (bsc#1193007) - Fix exception handling when reading or writing credentials (bsc#1194898) - Fix install path for parser (bsc#1194597) - Fix Legacy include (bsc#1194597) - Public header files on older distros must use c++11 (bsc#1194597) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:473-1 Released: Thu Feb 17 10:29:42 2022 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1195326 This update for libzypp, zypper fixes the following issues: - Fix handling of redirected command in-/output (bsc#1195326) This fixes delays at the end of zypper operations, where zypper unintentionally waits for appdata plugin scripts to complete. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:511-1 Released: Fri Feb 18 12:41:53 2022 Summary: Recommended update for coreutils Type: recommended Severity: moderate References: 1082318,1189152 This update for coreutils fixes the following issues: - Add 'fuse.portal' as a dummy file system (used in flatpak implementations) (bsc#1189152). - Properly sort docs and license files (bsc#1082318). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:523-1 Released: Fri Feb 18 12:49:09 2022 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1193759,1193841 This update for systemd fixes the following issues: - systemctl: exit with 1 if no unit files found (bsc#1193841). - add rules for virtual devices (bsc#1193759). - enforce 'none' for loop devices (bsc#1193759). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:674-1 Released: Wed Mar 2 13:24:38 2022 Summary: Recommended update for yast2-network Type: recommended Severity: moderate References: 1187512 This update for yast2-network fixes the following issues: - Don't crash at the end of installation when storing wifi configuration for NetworkManager. (bsc#1187512) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:692-1 Released: Thu Mar 3 15:46:47 2022 Summary: Recommended update for filesystem Type: recommended Severity: moderate References: 1190447 This update for filesystem fixes the following issues: - Release ported filesystem to LTSS channels (bsc#1190447). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:702-1 Released: Thu Mar 3 18:22:59 2022 Summary: Security update for cyrus-sasl Type: security Severity: important References: 1196036,CVE-2022-24407 This update for cyrus-sasl fixes the following issues: - CVE-2022-24407: Fixed SQL injection in sql_auxprop_store in plugins/sql.c (bsc#1196036). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:787-1 Released: Thu Mar 10 11:20:13 2022 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: This update for openldap2 fixes the following issue: - restore CLDAP functionality in CLI tools (jsc#PM-3288) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:789-1 Released: Thu Mar 10 11:22:05 2022 Summary: Recommended update for update-alternatives Type: recommended Severity: moderate References: 1195654 This update for update-alternatives fixes the following issues: - Break bash - update-alternatives cycle rewrite of '%post' in 'lua'. (bsc#1195654) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:808-1 Released: Fri Mar 11 06:07:58 2022 Summary: Recommended update for procps Type: recommended Severity: moderate References: 1195468 This update for procps fixes the following issues: - Stop registering signal handler for SIGURG, to avoid `ps` failure if someone sends such signal. Without the signal handler, SIGURG will just be ignored. (bsc#1195468) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:823-1 Released: Mon Mar 14 15:16:37 2022 Summary: Security update for protobuf Type: security Severity: moderate References: 1195258,CVE-2021-22570 This update for protobuf fixes the following issues: - CVE-2021-22570: Fix incorrect parsing of nullchar in the proto symbol (bsc#1195258). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:832-1 Released: Mon Mar 14 17:27:03 2022 Summary: Security update for glibc Type: security Severity: important References: 1193625,1194640,1194768,1194770,1195560,CVE-2015-8985,CVE-2021-3999,CVE-2022-23218,CVE-2022-23219 glibc was updated to fix the following issues: Security issues fixed: - CVE-2022-23219: Fixed Buffer overflow in sunrpc clnt_create for 'unix' (bsc#1194768) - CVE-2022-23218: Buffer overflow in sunrpc svcunix_create (bsc#1194770) - CVE-2021-3999: Fixed getcwd to set errno to ERANGE for size == 1 (bsc#1194640) - CVE-2015-8985: Fixed Assertion failure in pop_fail_stack when executing a malformed regexp (bsc#1193625) Also the following bug was fixed: - Fix pthread_rwlock_try*lock stalls (bsc#1195560) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:845-1 Released: Tue Mar 15 11:40:52 2022 Summary: Security update for chrony Type: security Severity: moderate References: 1099272,1115529,1128846,1162964,1172113,1173277,1174075,1174911,1180689,1181826,1187906,1190926,1194229,CVE-2020-14367 This update for chrony fixes the following issues: Chrony was updated to 4.1, bringing features and bugfixes. Update to 4.1 * Add support for NTS servers specified by IP address (matching Subject Alternative Name in server certificate) * Add source-specific configuration of trusted certificates * Allow multiple files and directories with trusted certificates * Allow multiple pairs of server keys and certificates * Add copy option to server/pool directive * Increase PPS lock limit to 40% of pulse interval * Perform source selection immediately after loading dump files * Reload dump files for addresses negotiated by NTS-KE server * Update seccomp filter and add less restrictive level * Restart ongoing name resolution on online command * Fix dump files to not include uncorrected offset * Fix initstepslew to accept time from own NTP clients * Reset NTP address and port when no longer negotiated by NTS-KE server - Ensure the correct pool packages are installed for openSUSE and SLE (bsc#1180689). - Fix pool package dependencies, so that SLE prefers chrony-pool-suse over chrony-pool-empty. (bsc#1194229) - Enable syscallfilter unconditionally [bsc#1181826]. Update to 4.0 - Enhancements - Add support for Network Time Security (NTS) authentication - Add support for AES-CMAC keys (AES128, AES256) with Nettle - Add authselectmode directive to control selection of unauthenticated sources - Add binddevice, bindacqdevice, bindcmddevice directives - Add confdir directive to better support fragmented configuration - Add sourcedir directive and 'reload sources' command to support dynamic NTP sources specified in files - Add clockprecision directive - Add dscp directive to set Differentiated Services Code Point (DSCP) - Add -L option to limit log messages by severity - Add -p option to print whole configuration with included files - Add -U option to allow start under non-root user - Allow maxsamples to be set to 1 for faster update with -q/-Q option - Avoid replacing NTP sources with sources that have unreachable address - Improve pools to repeat name resolution to get 'maxsources' sources - Improve source selection with trusted sources - Improve NTP loop test to prevent synchronisation to itself - Repeat iburst when NTP source is switched from offline state to online - Update clock synchronisation status and leap status more frequently - Update seccomp filter - Add 'add pool' command - Add 'reset sources' command to drop all measurements - Add authdata command to print details about NTP authentication - Add selectdata command to print details about source selection - Add -N option and sourcename command to print original names of sources - Add -a option to some commands to print also unresolved sources - Add -k, -p, -r options to clients command to select, limit, reset data - Bug fixes - Don???t set interface for NTP responses to allow asymmetric routing - Handle RTCs that don???t support interrupts - Respond to command requests with correct address on multihomed hosts - Removed features - Drop support for RIPEMD keys (RMD128, RMD160, RMD256, RMD320) - Drop support for long (non-standard) MACs in NTPv4 packets (chrony 2.x clients using non-MD5/SHA1 keys need to use option 'version 3') - Drop support for line editing with GNU Readline - By default we don't write log files but log to journald, so only recommend logrotate. - Adjust and rename the sysconfig file, so that it matches the expectations of chronyd.service (bsc#1173277). Update to 3.5.1: * Create new file when writing pidfile (CVE-2020-14367, bsc#1174911) - Fixes for %_libexecdir changing to /usr/libexec (bsc#1174075) - Use iburst in the default pool statements to speed up initial synchronisation (bsc#1172113). Update to 3.5: + Add support for more accurate reading of PHC on Linux 5.0 + Add support for hardware timestamping on interfaces with read-only timestamping configuration + Add support for memory locking and real-time priority on FreeBSD, NetBSD, Solaris + Update seccomp filter to work on more architectures + Validate refclock driver options + Fix bindaddress directive on FreeBSD + Fix transposition of hardware RX timestamp on Linux 4.13 and later + Fix building on non-glibc systems - Fix location of helper script in chrony-dnssrv at .service (bsc#1128846). - Read runtime servers from /var/run/netconfig/chrony.servers to fix bsc#1099272. - Move chrony-helper to /usr/lib/chrony/helper, because there should be no executables in /usr/share. Update to version 3.4 * Enhancements + Add filter option to server/pool/peer directive + Add minsamples and maxsamples options to hwtimestamp directive + Add support for faster frequency adjustments in Linux 4.19 + Change default pidfile to /var/run/chrony/chronyd.pid to allow chronyd without root privileges to remove it on exit + Disable sub-second polling intervals for distant NTP sources + Extend range of supported sub-second polling intervals + Get/set IPv4 destination/source address of NTP packets on FreeBSD + Make burst options and command useful with short polling intervals + Modify auto_offline option to activate when sending request failed + Respond from interface that received NTP request if possible + Add onoffline command to switch between online and offline state according to current system network configuration + Improve example NetworkManager dispatcher script * Bug fixes + Avoid waiting in Linux getrandom system call + Fix PPS support on FreeBSD and NetBSD Update to version 3.3 * Enhancements: + Add burst option to server/pool directive + Add stratum and tai options to refclock directive + Add support for Nettle crypto library + Add workaround for missing kernel receive timestamps on Linux + Wait for late hardware transmit timestamps + Improve source selection with unreachable sources + Improve protection against replay attacks on symmetric mode + Allow PHC refclock to use socket in /var/run/chrony + Add shutdown command to stop chronyd + Simplify format of response to manual list command + Improve handling of unknown responses in chronyc * Bug fixes: + Respond to NTPv1 client requests with zero mode + Fix -x option to not require CAP_SYS_TIME under non-root user + Fix acquisitionport directive to work with privilege separation + Fix handling of socket errors on Linux to avoid high CPU usage + Fix chronyc to not get stuck in infinite loop after clock step ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:853-1 Released: Tue Mar 15 19:27:30 2022 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1196877,CVE-2022-0778 This update for openssl-1_1 fixes the following issues: - CVE-2022-0778: Infinite loop in BN_mod_sqrt() reachable when parsing certificates (bsc#1196877). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:861-1 Released: Tue Mar 15 23:30:48 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1182959,1195149,1195792,1195856 This update for openssl-1_1 fixes the following issues: openssl-1_1: - Fix PAC pointer authentication in ARM (bsc#1195856) - Pull libopenssl-1_1 when updating openssl-1_1 with the same version (bsc#1195792) - FIPS: Fix function and reason error codes (bsc#1182959) - Enable zlib compression support (bsc#1195149) glibc: - Resolve installation issue of `glibc-devel` in SUSE Linux Enterprise Micro 5.1 linux-glibc-devel: - Resolve installation issue of `linux-kernel-headers` in SUSE Linux Enterprise Micro 5.1 libxcrypt: - Resolve installation issue of `libxcrypt-devel` in SUSE Linux Enterprise Micro 5.1 zlib: - Resolve installation issue of `zlib-devel` in SUSE Linux Enterprise Micro 5.1 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:867-1 Released: Wed Mar 16 07:14:44 2022 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1193805 This update for libtirpc fixes the following issues: - Fix memory leak in client protocol version 2 code (bsc#1193805) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:874-1 Released: Wed Mar 16 10:40:52 2022 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1197004 This update for openldap2 fixes the following issue: - Revert jsc#PM-3288 - CLDAP ( -DLDAP_CONNECTIONLESS ) due to regression (bsc#1197004) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:936-1 Released: Tue Mar 22 18:10:17 2022 Summary: Recommended update for filesystem and systemd-rpm-macros Type: recommended Severity: moderate References: 1196275,1196406 This update for filesystem and systemd-rpm-macros fixes the following issues: filesystem: - Add path /lib/modprobe.d (bsc#1196275, jsc#SLE-20639) systemd-rpm-macros: - Make %_modprobedir point to /lib/modprobe.d (bsc#1196275, bsc#1196406) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1021-1 Released: Tue Mar 29 13:24:21 2022 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1195899 This update for systemd fixes the following issues: - allow setting external core size to infinity (bsc#1195899 jsc#SLE-23868 jsc#SLE-23870) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1047-1 Released: Wed Mar 30 16:20:56 2022 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1196093,1197024 This update for pam fixes the following issues: - Define _pam_vendordir as the variable is needed by systemd and others. (bsc#1196093) - Between allocating the variable 'ai' and free'ing them, there are two 'return NO' were we don't free this variable. This patch inserts freaddrinfo() calls before the 'return NO;'s. (bsc#1197024) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1061-1 Released: Wed Mar 30 18:27:06 2022 Summary: Security update for zlib Type: security Severity: important References: 1197459,CVE-2018-25032 This update for zlib fixes the following issues: - CVE-2018-25032: Fixed memory corruption on deflate (bsc#1197459). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1073-1 Released: Fri Apr 1 11:45:01 2022 Summary: Security update for yaml-cpp Type: security Severity: moderate References: 1121227,1121230,1122004,1122021,CVE-2018-20573,CVE-2018-20574,CVE-2019-6285,CVE-2019-6292 This update for yaml-cpp fixes the following issues: - CVE-2018-20573: Fixed remote DOS via a crafted YAML file in function Scanner:EnsureTokensInQueue (bsc#1121227). - CVE-2018-20574: Fixed remote DOS via a crafted YAML file in function SingleDocParser:HandleFlowMap (bsc#1121230). - CVE-2019-6285: Fixed remote DOS via a crafted YAML file in function SingleDocParser::HandleFlowSequence (bsc#1122004). - CVE-2019-6292: Fixed DOS by stack consumption in singledocparser.cpp (bsc#1122021). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1099-1 Released: Mon Apr 4 12:53:05 2022 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1194883 This update for aaa_base fixes the following issues: - Set net.ipv4.ping_group_range to allow ICMP ping (bsc#1194883) - Include all fixes and changes for systemwide inputrc to remove the 8 bit escape sequence which interfere with UTF-8 multi byte characters as well as support the vi mode of readline library ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1109-1 Released: Mon Apr 4 17:50:01 2022 Summary: Recommended update for util-linux Type: recommended Severity: important References: 1172427,1194642 This update for util-linux fixes the following issues: - Improve throughput and reduce clock sequence increments for high load situation with time based version 1 uuids. (bsc#1194642) - Prevent root owning of `/var/lib/libuuid/clock.txt`. (bsc#1194642) - Warn if uuidd lock state is not usable. (bsc#1194642) - Fix 'su -s' bash completion. (bsc#1172427) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1131-1 Released: Fri Apr 8 09:43:53 2022 Summary: Security update for libsolv, libzypp, zypper Type: security Severity: important References: 1184501,1194848,1195999,1196061,1196317,1196368,1196514,1196925,1197134 This update for libsolv, libzypp, zypper fixes the following issues: Security relevant fix: - Harden package signature checks (bsc#1184501). libsolv to 0.7.22: - reworked choice rule generation to cover more usecases - support SOLVABLE_PREREQ_IGNOREINST in the ordering code (bsc#1196514) - support parsing of Debian's Multi-Arch indicator - fix segfault on conflict resolution when using bindings - fix split provides not working if the update includes a forbidden vendor change - support strict repository priorities new solver flag: SOLVER_FLAG_STRICT_REPO_PRIORITY - support zstd compressed control files in debian packages - add an ifdef allowing to rename Solvable dependency members ('requires' is a keyword in C++20) - support setting/reading userdata in solv files new functions: repowriter_set_userdata, solv_read_userdata - support queying of the custom vendor check function new function: pool_get_custom_vendorcheck - support solv files with an idarray block - allow accessing the toolversion at runtime libzypp to 17.30.0: - ZConfig: Update solver settings if target changes (bsc#1196368) - Fix possible hang in singletrans mode (bsc#1197134) - Do 2 retries if mount is still busy. - Fix package signature check (bsc#1184501) Pay attention that header and payload are secured by a valid signature and report more detailed which signature is missing. - Retry umount if device is busy (bsc#1196061, closes #381) A previously released ISO image may need a bit more time to release it's loop device. So we wait a bit and retry. - Fix serializing/deserializing type mismatch in zypp-rpm protocol (bsc#1196925) - Fix handling of ISO media in releaseAll (bsc#1196061) - Hint on common ptf resolver conflicts (bsc#1194848) - Hint on ptf<>patch resolver conflicts (bsc#1194848) zypper to 1.14.52: - info: print the packages upstream URL if available (fixes #426) - info: Fix SEGV with not installed PTFs (bsc#1196317) - Don't prevent less restrictive umasks (bsc#1195999) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1158-1 Released: Tue Apr 12 14:44:43 2022 Summary: Security update for xz Type: security Severity: important References: 1198062,CVE-2022-1271 This update for xz fixes the following issues: - CVE-2022-1271: Fixed an incorrect escaping of malicious filenames (ZDI-CAN-16587). (bsc#1198062) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1302-1 Released: Fri Apr 22 10:04:46 2022 Summary: Recommended update for e2fsprogs Type: recommended Severity: moderate References: 1196939 This update for e2fsprogs fixes the following issues: - Add support for 'libreadline7' for Leap. (bsc#1196939) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1409-1 Released: Tue Apr 26 12:54:57 2022 Summary: Recommended update for gcc11 Type: recommended Severity: moderate References: 1195628,1196107 This update for gcc11 fixes the following issues: - Add a list of Obsoletes to libstdc++6-pp-gcc11 so updates from packages provided by older GCC work. Add a requires from that package to the corresponding libstc++6 package to keep those at the same version. [bsc#1196107] - Fixed memory corruption when creating dependences with the D language frontend. - Add gcc11-PIE, similar to gcc-PIE but affecting gcc11 [bsc#1195628] - Put libstdc++6-pp Requires on the shared library and drop to Recommends. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1452-1 Released: Thu Apr 28 10:48:06 2022 Summary: Recommended update for perl Type: recommended Severity: moderate References: 1193489 This update for perl fixes the following issues: - Fix Socket::VERSION evaluation and stabilize Socket:VERSION comparisons (bsc#1193489) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1655-1 Released: Fri May 13 15:36:10 2022 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1197794 This update for pam fixes the following issue: - Do not include obsolete header files (bsc#1197794) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1658-1 Released: Fri May 13 15:40:20 2022 Summary: Recommended update for libpsl Type: recommended Severity: important References: 1197771 This update for libpsl fixes the following issues: - Fix libpsl compilation issues (bsc#1197771) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1688-1 Released: Mon May 16 14:02:49 2022 Summary: Security update for e2fsprogs Type: security Severity: important References: 1198446,CVE-2022-1304 This update for e2fsprogs fixes the following issues: - CVE-2022-1304: Fixed out-of-bounds read/write leading to segmentation fault and possibly arbitrary code execution. (bsc#1198446) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1691-1 Released: Mon May 16 15:13:39 2022 Summary: Recommended update for augeas Type: recommended Severity: moderate References: 1197443 This update for augeas fixes the following issue: - Sysctl keys can contain some more non-alphanumeric characters. (bsc#1197443) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1750-1 Released: Thu May 19 15:28:20 2022 Summary: Security update for libxml2 Type: security Severity: important References: 1196490,1199132,CVE-2022-23308,CVE-2022-29824 This update for libxml2 fixes the following issues: - CVE-2022-23308: Fixed a use-after-free of ID and IDREF attributes (bsc#1196490). - CVE-2022-29824: Fixed integer overflow that could have led to an out-of-bounds write in buf.c (xmlBuf*) and tree.c (xmlBuffer*) (bsc#1199132). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1832-1 Released: Tue May 24 11:52:33 2022 Summary: Security update for openldap2 Type: security Severity: important References: 1191157,1197004,1199240,CVE-2022-29155 This update for openldap2 fixes the following issues: Security: - CVE-2022-29155: Fixed SQL injection in back-sql (bsc#1199240). Bugfixes: - allow specification of max/min TLS version with TLS1.3 (bsc#1191157) - libldap was able to be out of step with openldap in some cases which could cause incorrect installations and symbol resolution failures. openldap2 and libldap now are locked to their related release versions. (bsc#1197004) - restore CLDAP functionality in CLI tools (jsc#PM-3288) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1887-1 Released: Tue May 31 09:24:18 2022 Summary: Recommended update for grep Type: recommended Severity: moderate References: 1040589 This update for grep fixes the following issues: - Make profiling deterministic. (bsc#1040589, SLE-24115) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2019-1 Released: Wed Jun 8 16:50:07 2022 Summary: Recommended update for gcc11 Type: recommended Severity: moderate References: 1192951,1193659,1195283,1196861,1197065 This update for gcc11 fixes the following issues: Update to the GCC 11.3.0 release. * includes SLS hardening backport on x86_64. [bsc#1195283] * includes change to adjust gnats idea of the target, fixing the build of gprbuild. [bsc#1196861] * fixed miscompile of embedded premake in 0ad on i586. [bsc#1197065] * use --with-cpu rather than specifying --with-arch/--with-tune * Fix D memory corruption in -M output. * Fix ICE in is_this_parameter with coroutines. [bsc#1193659] * fixes issue with debug dumping together with -o /dev/null * fixes libgccjit issue showing up in emacs build [bsc#1192951] * Package mwaitintrin.h ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2068-1 Released: Tue Jun 14 10:14:47 2022 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1185637,1199166,CVE-2022-1292 This update for openssl-1_1 fixes the following issues: - CVE-2022-1292: Fixed command injection in c_rehash (bsc#1199166). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2179-1 Released: Fri Jun 24 14:05:25 2022 Summary: Security update for openssl Type: security Severity: moderate References: 1200550,CVE-2022-2068 This update for openssl fixes the following issues: - CVE-2022-2068: Fixed more shell code injection issues in c_rehash. (bsc#1200550) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2311-1 Released: Wed Jul 6 15:16:17 2022 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1201099,CVE-2022-2097 This update for openssl-1_1 fixes the following issues: - CVE-2022-2097: Fixed partial missing encryption in AES OCB mode (bsc#1201099). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2361-1 Released: Tue Jul 12 12:05:01 2022 Summary: Security update for pcre Type: security Severity: important References: 1199232,CVE-2022-1586 This update for pcre fixes the following issues: - CVE-2022-1586: Fixed unicode property matching issue. (bsc#1199232) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2405-1 Released: Fri Jul 15 11:47:57 2022 Summary: Security update for p11-kit Type: security Severity: moderate References: 1180065,CVE-2020-29362 This update for p11-kit fixes the following issues: - CVE-2020-29362: Fixed a 4 byte overread in p11_rpc_buffer_get_byte_array which could lead to crashes (bsc#1180065) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2471-1 Released: Thu Jul 21 04:42:58 2022 Summary: Recommended update for systemd Type: recommended Severity: important References: 1148309,1191502,1195529,1200170 This update for systemd fixes the following issues: - Allow control characters in environment variable values (bsc#1200170) - basic/env-util: Allow newlines in values of environment variables - man: tweak description of auto/noauto (bsc#1191502) - shared/install: avoid overwriting 'r' counter with a partial result (bsc#1148309) - shared/install: fix error codes returned by install_context_apply() - shared/install: ignore failures for auxiliary files - systemctl: suppress enable/disable messages when `-q` is given - test-env-util: Verify that \r is disallowed in env var values - test-env-util: print function headers - udev: 60-persistent-storage-tape.rules: handle duplicate device ID (bsc#1195529) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2571-1 Released: Thu Jul 28 04:20:52 2022 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1194550,1197684,1199042 This update for libzypp, zypper fixes the following issues: libzypp: - appdata plugin: Pass path to the repodata/ directory inside the cache (bsc#1197684) - zypp-rpm: flush rpm script output buffer before sending endOfScriptTag - PluginRepoverification: initial version hooked into repo::Downloader and repo refresh - Immediately start monitoring the download.transfer_timeout. Do not wait until the first data arrived (bsc#1199042) - singletrans: no dry-run commit if doing just download-only - Work around cases where sat repo.start points to an invalid solvable. May happen if (wrong arch) solvables were removed at the beginning of the repo. - Fix misplaced #endif SINGLE_RPMTRANS_AS_DEFAULT_FOR_ZYPPER zypper: - Basic JobReport for 'cmdout/monitor' - versioncmp: if verbose, also print the edition 'parts' which are compared - Make sure MediaAccess is closed on exception (bsc#1194550) - Display plus-content hint conditionally - Honor the NO_COLOR environment variable when auto-detecting whether to use color - Define table columns which should be sorted natural [case insensitive] - lr/ls: Use highlight color on name and alias as well ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2717-1 Released: Tue Aug 9 12:54:16 2022 Summary: Security update for ncurses Type: security Severity: moderate References: 1198627,CVE-2022-29458 This update for ncurses fixes the following issues: - CVE-2022-29458: Fixed segfaulting out-of-bounds read in convert_strings in tinfo/read_entry.c (bsc#1198627). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2829-1 Released: Wed Aug 17 13:33:11 2022 Summary: Security update for curl Type: security Severity: important References: 1199223,1199224,1200735,1200737,CVE-2022-27781,CVE-2022-27782,CVE-2022-32206,CVE-2022-32208 This update for curl fixes the following issues: - CVE-2022-27781: Fixed an issue where curl will get stuck in an infinite loop when trying to retrieve details about a TLS server's certificate chain (bnc#1199223). - CVE-2022-27782: Fixed an issue where TLS and SSH connections would be reused even when a related option had been changed (bsc#1199224). - CVE-2022-32206: Fixed an uncontrolled memory consumption issue caused by an unbounded number of compression layers (bsc#1200735). - CVE-2022-32208: Fixed an incorrect message verification issue when performing FTP transfers using krb5 (bsc#1200737). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2830-1 Released: Wed Aug 17 14:36:26 2022 Summary: Security update for gnutls Type: security Severity: important References: 1196167,1202020,CVE-2021-4209,CVE-2022-2509 This update for gnutls fixes the following issues: - CVE-2022-2509: Fixed a double free issue during PKCS7 verification (bsc#1202020). - CVE-2021-4209: Fixed null pointer dereference in MD_UPDATE (bsc#1196167). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2905-1 Released: Fri Aug 26 05:30:33 2022 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1198341 This update for openldap2 fixes the following issues: - Prevent memory reuse which may lead to instability (bsc#1198341) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2944-1 Released: Wed Aug 31 05:39:14 2022 Summary: Recommended update for procps Type: recommended Severity: important References: 1181475 This update for procps fixes the following issues: - Fix 'free' command reporting misleading 'used' value (bsc#1181475) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2947-1 Released: Wed Aug 31 09:16:21 2022 Summary: Security update for zlib Type: security Severity: important References: 1202175,CVE-2022-37434 This update for zlib fixes the following issues: - CVE-2022-37434: Fixed heap-based buffer over-read or buffer overflow via large gzip header extra field (bsc#1202175). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2991-1 Released: Thu Sep 1 16:04:30 2022 Summary: Security update for libtirpc Type: security Severity: important References: 1198752,1200800,1201680,CVE-2021-46828 This update for libtirpc fixes the following issues: - CVE-2021-46828: Fixed an uncontrolled file descriptor consumption, which could be exploited by remote attackers to prevent applications using the library from accepting new connections (bsc#1201680). Non-security fixes: - Exclude ipv6 addresses in client protocol version 2 code (bsc#1200800) - Fix memory leak in params.r_addr assignement (bsc#1198752) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2994-1 Released: Fri Sep 2 10:44:54 2022 Summary: Recommended update for lame, libass, libcdio-paranoia, libdc1394, libgsm, libva, libvdpau, libvorbis, libvpx, libwebp, openjpeg, opus, speex, twolame Type: recommended Severity: moderate References: 1198925 This update for lame, libass, libcdio-paranoia, libdc1394, libgsm, libva, libvdpau, libvorbis, libvpx, libwebp, openjpeg, opus, speex, twolame adds some missing 32bit libraries to some products. (bsc#1198925) No codechanges were done in this update. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3129-1 Released: Wed Sep 7 04:42:53 2022 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1197178,1198731,1200842 This update for util-linux fixes the following issues: - su: Change owner and mode for pty (bsc#1200842) - agetty: Resolve tty name even if stdin is specified (bsc#1197178) - libmount: When moving a mount point, update all sub mount entries in utab (bsc#1198731) - mesg: use only stat() to get the current terminal status (bsc#1200842) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3144-1 Released: Wed Sep 7 11:04:23 2022 Summary: Security update for gpg2 Type: security Severity: important References: 1201225,CVE-2022-34903 This update for gpg2 fixes the following issues: - CVE-2022-34903: Fixed a potential signature forgery via injection into the status line when certain unusual conditions are met (bsc#1201225). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3221-1 Released: Fri Sep 9 04:31:28 2022 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1199895,1200993,1201092,1201576,1201638 This update for libzypp, zypper fixes the following issues: libzypp: - Improve handling of package locks, allowing to reset the status of its initial state (bsc#1199895) - Fix issues when receiving exceptions from curl_easy_cleanup (bsc#1201092) - Don't auto-flag kernel-firmware as 'reboot-needed' (bsc#1200993) - Remove Medianetwork and its dependent code. First reason for this is that MediaNetwork was just meant as a way to test the new CURL based downloaded. Second the Provide API is going to completely replace the current media backend. zypper: - Truncate the 'Name' column when using `zypper lr`, if the table is wider than the terminal (bsc#1201638) - Reject install/remove modifier without argument (bsc#1201576) - zypper-download: Handle unresolvable arguments as errors - Put signing key supplying repository name in quotes ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3262-1 Released: Tue Sep 13 15:34:29 2022 Summary: Recommended update for gcc11 Type: recommended Severity: moderate References: 1199140 This update for gcc11 ships some missing 32bit libraries for s390x. (bsc#1199140) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3304-1 Released: Mon Sep 19 11:43:25 2022 Summary: Recommended update for libassuan Type: recommended Severity: moderate References: This update for libassuan fixes the following issues: - Add a timeout for writing to a SOCKS5 proxy - Add workaround for a problem with LD_LIBRARY_PATH on newer systems - Fix issue in the logging code - Fix some build trivialities - Upgrade autoconf ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3307-1 Released: Mon Sep 19 13:26:51 2022 Summary: Security update for sqlite3 Type: security Severity: moderate References: 1189802,1195773,1201783,CVE-2021-36690,CVE-2022-35737 This update for sqlite3 fixes the following issues: - CVE-2022-35737: Fixed an array-bounds overflow if billions of bytes are used in a string argument to a C API (bnc#1201783). - CVE-2021-36690: Fixed an issue with the SQLite Expert extension when a column has no collating sequence (bsc#1189802). - Package the Tcl bindings here again so that we only ship one copy of SQLite (bsc#1195773). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3549-1 Released: Fri Oct 7 14:39:40 2022 Summary: Security update for cyrus-sasl Type: security Severity: important References: 1159635,CVE-2019-19906 This update for cyrus-sasl fixes the following issues: - CVE-2019-19906: Fixed an out-of-bounds write that could lead to unauthenticated remote denial of service in OpenLDAP via a malformed LDAP packet (bsc#1159635). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3566-1 Released: Tue Oct 11 16:19:09 2022 Summary: Recommended update for libzypp, zypper Type: recommended Severity: critical References: 1189282,1201972,1203649 This update for libzypp, zypper fixes the following issues: libzypp: - Enable 'zck' support for SUSE Linux Enterprise 15 Service Pack 4 and newer (bsc#1189282) - Fix regression leading to `-allow-vendor-change` and `no-allow-vendor-change` options being ignored (bsc#1201972) - Remove migration code that is no longer needed (bsc#1203649) - Store logrotate files in vendor specif directory '/usr/etc/logrotate.d' if so defined zypper: - Fix contradiction in the man page: `--download-in-advance` option is the default behavior - Fix regression leading to `-allow-vendor-change` and `no-allow-vendor-change` options being ignored (bsc#1201972) - Fix tests to use locale 'C.UTF-8' rather than 'en_US' - Make sure 'up' respects solver related CLI options (bsc#1201972) - Remove unneeded code to compute the PPP status because it is now auto established - Store logrotate files in vendor specif directory '/usr/etc/logrotate.d' if so defined ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3683-1 Released: Fri Oct 21 11:48:39 2022 Summary: Security update for libksba Type: security Severity: critical References: 1204357,CVE-2022-3515 This update for libksba fixes the following issues: - CVE-2022-3515: Fixed a possible overflow in the TLV parser (bsc#1204357). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3774-1 Released: Wed Oct 26 12:21:09 2022 Summary: Security update for curl Type: security Severity: important References: 1202593,1204383,CVE-2022-32221,CVE-2022-35252 This update for curl fixes the following issues: - CVE-2022-32221: Fixed POST following PUT confusion (bsc#1204383). - CVE-2022-35252: Fixed a potential injection of control characters into cookies (bsc#1202593). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3784-1 Released: Wed Oct 26 18:03:28 2022 Summary: Security update for libtasn1 Type: security Severity: critical References: 1204690,CVE-2021-46848 This update for libtasn1 fixes the following issues: - CVE-2021-46848: Fixed off-by-one array size check that affects asn1_encode_simple_der (bsc#1204690) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3871-1 Released: Fri Nov 4 13:26:29 2022 Summary: Security update for libxml2 Type: security Severity: important References: 1201978,1204366,1204367,CVE-2016-3709,CVE-2022-40303,CVE-2022-40304 This update for libxml2 fixes the following issues: - CVE-2016-3709: Fixed possible XSS vulnerability (bsc#1201978). - CVE-2022-40303: Fixed integer overflows with XML_PARSE_HUGE (bsc#1204366). - CVE-2022-40304: Fixed dict corruption caused by entity reference cycles (bsc#1204367). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3882-1 Released: Mon Nov 7 09:06:03 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1180995 This update for openssl-1_1 fixes the following issues: - FIPS: Default to RFC7919 groups when generating ECDH parameters using 'genpkey' or 'dhparam' in FIPS mode. (bsc#1180995) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3905-1 Released: Tue Nov 8 12:23:17 2022 Summary: Recommended update for aaa_base Type: recommended Severity: important References: 1196840,1199492,1199918,1199926,1199927 This update for aaa_base and iputils fixes the following issues: aaa_base: - Failures in ping for SUSE Linux Enterprise 15 and 15 SP1 due to sysctl setting for ping_group_range (bsc#1199926, bsc#1199927) - The wrapper rootsh is not a restricted shell (bsc#1199492) iputils: - Fix device binding on ping6 for ICMP datagram socket. (bsc#1196840, bsc#1199918, bsc#1199926, bsc#1199927) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3910-1 Released: Tue Nov 8 13:05:04 2022 Summary: Recommended update for pam Type: recommended Severity: moderate References: This update for pam fixes the following issue: - Update pam_motd to the most current version. (PED-1712) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3961-1 Released: Mon Nov 14 07:33:50 2022 Summary: Recommended update for zlib Type: recommended Severity: important References: 1203652 This update for zlib fixes the following issues: - Fix updating strm.adler with inflate() if DFLTCC is used (bsc#1203652) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3975-1 Released: Mon Nov 14 15:41:13 2022 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1201959 This update for util-linux fixes the following issues: - libuuid improvements (bsc#1201959, PED-1150): libuuid: Fix range when parsing UUIDs. Improve cache handling for short running applications-increment the cache size over runtime. Implement continuous clock handling for time based UUIDs. Check clock value from clock file to provide seamless libuuid. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4081-1 Released: Fri Nov 18 15:40:46 2022 Summary: Security update for dpkg Type: security Severity: low References: 1199944,CVE-2022-1664 This update for dpkg fixes the following issues: - CVE-2022-1664: Fixed a directory traversal vulnerability in Dpkg::Source::Archive (bsc#1199944). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4155-1 Released: Mon Nov 21 14:36:17 2022 Summary: Security update for krb5 Type: security Severity: important References: 1205126,CVE-2022-42898 This update for krb5 fixes the following issues: - CVE-2022-42898: Fixed integer overflow in PAC parsing (bsc#1205126). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4256-1 Released: Mon Nov 28 12:36:32 2022 Summary: Recommended update for gcc12 Type: recommended Severity: moderate References: This update for gcc12 fixes the following issues: This update ship the GCC 12 compiler suite and its base libraries. The compiler baselibraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 11 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP3 and SP4, and provided in the 'Development Tools' module. The Go, D and Ada language compiler parts are available unsupported via the PackageHub repositories. To use gcc12 compilers use: - install 'gcc12' or 'gcc12-c++' or one of the other 'gcc12-COMPILER' frontend packages. - override your Makefile to use CC=gcc12, CXX=g++12 and similar overrides for the other languages. For a full changelog with all new GCC12 features, check out https://gcc.gnu.org/gcc-12/changes.html ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4628-1 Released: Wed Dec 28 09:23:13 2022 Summary: Security update for sqlite3 Type: security Severity: moderate References: 1206337,CVE-2022-46908 This update for sqlite3 fixes the following issues: - CVE-2022-46908: Properly implement the azProhibitedFunctions protection mechanism, when relying on --safe for execution of an untrusted CLI script (bsc#1206337). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:56-1 Released: Mon Jan 9 11:13:43 2023 Summary: Security update for libksba Type: security Severity: moderate References: 1206579,CVE-2022-47629 This update for libksba fixes the following issues: - CVE-2022-47629: Fixed an integer overflow vulnerability in the CRL signature parser (bsc#1206579). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:181-1 Released: Thu Jan 26 21:55:43 2023 Summary: Recommended update for procps Type: recommended Severity: low References: 1206412 This update for procps fixes the following issues: - Improve memory handling/usage (bsc#1206412) - Make sure that correct library version is installed (bsc#1206412) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:188-1 Released: Fri Jan 27 12:07:19 2023 Summary: Recommended update for zlib Type: recommended Severity: important References: 1203652 This update for zlib fixes the following issues: - Follow up fix for bug bsc#1203652 due to libxml2 issues ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:308-1 Released: Tue Feb 7 17:33:37 2023 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1207533,1207534,1207536,CVE-2022-4304,CVE-2023-0215,CVE-2023-0286 This update for openssl-1_1 fixes the following issues: - CVE-2023-0286: Fixed X.400 address type confusion in X.509 GENERAL_NAME_cmp for x400Address (bsc#1207533). - CVE-2023-0215: Fixed use-after-free following BIO_new_NDEF() (bsc#1207536). - CVE-2022-4304: Fixed timing Oracle in RSA Decryption (bsc#1207534). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:446-1 Released: Fri Feb 17 09:52:43 2023 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1194038,1205646 This update for util-linux fixes the following issues: - Fix tests not passing when '@' character is in build path: Fixes rpmbuild %checks fail when @ in the directory path (bsc#1194038). - libuuid continuous clock handling for time based UUIDs: Prevent use of the new libuuid ABI by uuidd %post before update of libuuid1 (bsc#1205646). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:676-1 Released: Wed Mar 8 14:33:23 2023 Summary: Recommended update for libxml2 Type: recommended Severity: moderate References: 1204585 This update for libxml2 fixes the following issues: - Add W3C conformance tests to the testsuite (bsc#1204585): * Added file xmlts20080827.tar.gz ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:776-1 Released: Thu Mar 16 17:29:23 2023 Summary: Recommended update for gcc12 Type: recommended Severity: moderate References: This update for gcc12 fixes the following issues: This update ships gcc12 also to the SUSE Linux Enterprise 15 SP1 LTSS and 15 SP2 LTSS products. SUSE Linux Enterprise 15 SP3 and SP4 get only refreshed builds without changes This update ship the GCC 12 compiler suite and its base libraries. The compiler baselibraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 11 ones. The new compilers for C, C++, and Fortran are provided in the SUSE Linux Enterprise Module for Development Tools. To use gcc12 compilers use: - install 'gcc12' or 'gcc12-c++' or one of the other 'gcc12-COMPILER' frontend packages. - override your makefile to use CC=gcc12, CXX=g++12 and similar overrides for the other languages. For a full changelog with all new GCC12 features, check out https://gcc.gnu.org/gcc-12/changes.html ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:787-1 Released: Thu Mar 16 19:37:18 2023 Summary: Recommended update for libsolv, libzypp, zypper Type: recommended Severity: important References: 1178233,1203248,1203249,1203715,1204548,1204956,1205570,1205636,1206949 This update for libsolv, libzypp, zypper fixes the following issues: libsolv: - Do not autouninstall SUSE PTF packages - Ensure 'duplinvolvedmap_all' is reset when a solver is reused - Fix 'keep installed' jobs not disabling 'best update' rules - New '-P' and '-W' options for `testsolv` - New introspection interface for weak dependencies similar to ruleinfos - Ensure special case file dependencies are written correctly in the testcase writer - Support better info about alternatives - Support decision reason queries - Support merging of related decisions - Support stringification of multiple solvables - Support stringification of ruleinfo, decisioninfo and decision reasons libzypp: - Avoid calling getsockopt when we know the info already. This patch should fix logging on WSL, getsockopt seems to not be fully supported but the code required it when accepting new socket connections (bsc#1178233) - Avoid redirecting 'history.logfile=/dev/null' into the target - Create '.no_auto_prune' in the package cache dir to prevent auto cleanup of orphaned repositories (bsc#1204956) - Enhance yaml-cpp detection - Improve download of optional files - MultiCurl: Make sure to reset the progress function when falling back. - Properly reset range requests (bsc#1204548) - Removing a PTF without enabled repos should always fail (bsc#1203248) Without enabled repos, the dependent PTF-packages would be removed (not replaced!) as well. To remove a PTF `zypper install -- -PTF` or a dedicated `zypper removeptf PTF` should be used. This will update the installed PTF packages to theit latest version. - Skip media.1/media download for http repo status calc. This patch allows zypp to skip a extra media.1/media download to calculate if a repository needs to be refreshed. This optimisation only takes place if the repo does specify only downloading base urls. - Use a dynamic fallback for BLKSIZE in downloads. When not receiving a blocklist via metalink file from the server MediaMultiCurl used to fallback to a fixed, relatively small BLKSIZE. This patch changes the fallback into a dynamic value based on the filesize using a similar metric as the MirrorCache implementation on the server side. - ProgressData: enforce reporting the INIT||END state (bsc#1206949) - ps: fix service detection on newer Tumbleweed systems (bsc#1205636) zypper: - Allow to (re)add a service with the same URL (bsc#1203715) - Bump dependency requirement to libzypp-devel 17.31.7 or greater - Explain outdatedness of repositories - patterns: Avoid dispylaing superfluous @System entries (bsc#1205570) - Provide `removeptf` command (bsc#1203249) A remove command which prefers replacing dependant packages to removing them as well. A PTF is typically removed as soon as the fix it provides is applied to the latest official update of the dependant packages. However it is not desired for the dependant packages to be removed together with the PTF, which is what the remove command would do. The `removeptf` command however will aim to replace the dependant packages by their official update versions. - Update man page and explain '.no_auto_prune' (bsc#1204956) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1748-1 Released: Tue Apr 4 09:06:59 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1209624,CVE-2023-0464 This update for openssl-1_1 fixes the following issues: - CVE-2023-0464: Fixed excessive Resource Usage Verifying X.509 Policy Constraints (bsc#1209624). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1825-1 Released: Wed Apr 12 15:39:59 2023 Summary: Security update for helm Type: security Severity: low References: 1206469,CVE-2022-23525 This update for helm fixes the following issues: - CVE-2022-23525: Fixed denial of service through repository index file (bsc#1206469). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1908-1 Released: Wed Apr 19 08:38:53 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1209873,1209878,CVE-2023-0465,CVE-2023-0466 This update for openssl-1_1 fixes the following issues: - CVE-2023-0465: Fixed ignored invalid certificate policies in leaf certificates (bsc#1209878). - CVE-2023-0466: Fixed disabled certificate policy check (bsc#1209873). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1991-1 Released: Tue Apr 25 13:22:19 2023 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1160285,1210096 This update for permissions fixes the following issues: * mariadb: settings for new auth_pam_tool (bsc#1160285, bsc#1210096) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2002-1 Released: Tue Apr 25 18:03:34 2023 Summary: Security update for helm Type: security Severity: critical References: 1200528,CVE-2022-1996 This update for helm fixes the following issues: - CVE-2022-1996: Fixed a bug that could lead to CORS bypass in go-restful. (bsc#1200528) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2048-1 Released: Wed Apr 26 21:05:45 2023 Summary: Security update for libxml2 Type: security Severity: important References: 1065270,1199132,1204585,1210411,1210412,CVE-2021-3541,CVE-2022-29824,CVE-2023-28484,CVE-2023-29469 This update for libxml2 fixes the following issues: - CVE-2023-29469: Fixed inconsistent result when hashing empty strings (bsc#1210412). - CVE-2023-28484: Fixed NULL pointer dereference in xmlSchemaFixupComplexType (bsc#1210411). - CVE-2022-29824: Fixed integer overflow leading to out-of-bounds write in buf.c (bsc#1199132). The following non-security bugs were fixed: - Added W3C conformance tests to the testsuite (bsc#1204585). - Fixed NULL pointer dereference when parsing invalid data (glgo#libxml2!15) (bsc#1065270) . The following package changes have been done: - aaa_base-84.87+git20180409.04c9dae-150000.3.60.1 updated - coreutils-8.29-4.3.1 updated - filesystem-15.0-11.8.1 updated - glibc-2.26-13.65.1 updated - gpg2-2.2.5-150000.4.22.1 updated - grep-3.1-150000.4.6.1 updated - helm-2.16.12-150100.3.17.1 updated - krb5-1.16.3-150100.3.27.1 updated - libassuan0-2.5.5-150000.4.3.1 updated - libaugeas0-1.10.1-150000.3.12.1 updated - libblkid1-2.33.2-150100.4.32.1 updated - libcom_err2-1.43.8-150000.4.33.1 updated - libcurl4-7.60.0-150000.38.1 updated - libfdisk1-2.33.2-150100.4.32.1 updated - libgcc_s1-12.2.1+git416-150000.1.7.1 updated - libgnutls30-3.6.7-150000.6.45.2 updated - libksba8-1.3.5-150000.4.6.1 updated - libldap-2_4-2-2.4.46-150000.9.74.3 updated - libldap-data-2.4.46-150000.9.74.3 updated - liblzma5-5.2.3-150000.4.7.1 updated - libmount1-2.33.2-150100.4.32.1 updated - libncurses6-6.1-150000.5.12.1 updated - libopenssl1_1-1.1.0i-150100.14.48.1 updated - libp11-kit0-0.23.2-150000.4.16.1 updated - libpcre1-8.45-150000.20.13.1 updated - libprocps7-3.3.15-150000.7.28.1 updated - libprotobuf-lite15-3.5.0-5.5.1 updated - libpsl5-0.20.1-150000.3.3.1 updated - libsasl2-3-2.1.26-150000.5.13.1 updated - libsmartcols1-2.33.2-150100.4.32.1 updated - libsolv-tools-0.7.23-150100.4.9.1 updated - libsqlite3-0-3.39.3-150000.3.20.1 updated - libstdc++6-12.2.1+git416-150000.1.7.1 updated - libsystemd0-234-150000.24.111.1 updated - libtasn1-6-4.13-150000.4.8.1 updated - libtasn1-4.13-150000.4.8.1 updated - libtirpc-netconfig-1.0.2-150000.3.18.1 updated - libtirpc3-1.0.2-150000.3.18.1 updated - libudev1-234-150000.24.111.1 updated - libusb-1_0-0-1.0.21-150000.3.5.1 updated - libuuid1-2.33.2-150100.4.32.1 updated - libxml2-2-2.9.7-150000.3.57.1 updated - libyaml-cpp0_6-0.6.1-4.5.1 updated - libz1-1.2.11-150000.3.39.1 updated - libzypp-17.31.8-150100.3.92.1 updated - ncurses-utils-6.1-150000.5.12.1 updated - openssl-1_1-1.1.0i-150100.14.48.1 added - openssl-1.1.0i-3.3.1 added - pam-1.3.0-150000.6.61.1 updated - perl-base-5.26.1-150000.7.15.1 updated - permissions-20181116-150100.9.41.1 updated - procps-3.3.15-150000.7.28.1 updated - terminfo-base-6.1-150000.5.12.1 updated - update-alternatives-1.19.0.4-150000.4.4.1 updated - util-linux-2.33.2-150100.4.32.1 updated - zypper-1.14.59-150100.3.67.2 updated - container:sles15-image-15.0.0-6.2.760 updated From sle-updates at lists.suse.com Fri Apr 28 07:34:03 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 28 Apr 2023 09:34:03 +0200 (CEST) Subject: SUSE-CU-2023:1339-1: Security update of suse/sle-micro/5.1/toolbox Message-ID: <20230428073403.3D01EF457@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.1/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1339-1 Container Tags : suse/sle-micro/5.1/toolbox:12.1 , suse/sle-micro/5.1/toolbox:12.1-2.2.380 , suse/sle-micro/5.1/toolbox:latest Container Release : 2.2.380 Severity : important Type : security References : 1065270 1199132 1204585 1210411 1210412 CVE-2021-3541 CVE-2022-29824 CVE-2023-28484 CVE-2023-29469 ----------------------------------------------------------------- The container suse/sle-micro/5.1/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2048-1 Released: Wed Apr 26 21:05:45 2023 Summary: Security update for libxml2 Type: security Severity: important References: 1065270,1199132,1204585,1210411,1210412,CVE-2021-3541,CVE-2022-29824,CVE-2023-28484,CVE-2023-29469 This update for libxml2 fixes the following issues: - CVE-2023-29469: Fixed inconsistent result when hashing empty strings (bsc#1210412). - CVE-2023-28484: Fixed NULL pointer dereference in xmlSchemaFixupComplexType (bsc#1210411). - CVE-2022-29824: Fixed integer overflow leading to out-of-bounds write in buf.c (bsc#1199132). The following non-security bugs were fixed: - Added W3C conformance tests to the testsuite (bsc#1204585). - Fixed NULL pointer dereference when parsing invalid data (glgo#libxml2!15) (bsc#1065270) . The following package changes have been done: - libxml2-2-2.9.7-150000.3.57.1 updated - container:sles15-image-15.0.0-17.20.128 updated From sle-updates at lists.suse.com Fri Apr 28 07:35:32 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 28 Apr 2023 09:35:32 +0200 (CEST) Subject: SUSE-CU-2023:1341-1: Security update of suse/sle-micro/5.2/toolbox Message-ID: <20230428073532.CFCB0F457@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.2/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1341-1 Container Tags : suse/sle-micro/5.2/toolbox:12.1 , suse/sle-micro/5.2/toolbox:12.1-6.2.202 , suse/sle-micro/5.2/toolbox:latest Container Release : 6.2.202 Severity : important Type : security References : 1065270 1199132 1204585 1210411 1210412 CVE-2021-3541 CVE-2022-29824 CVE-2023-28484 CVE-2023-29469 ----------------------------------------------------------------- The container suse/sle-micro/5.2/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2048-1 Released: Wed Apr 26 21:05:45 2023 Summary: Security update for libxml2 Type: security Severity: important References: 1065270,1199132,1204585,1210411,1210412,CVE-2021-3541,CVE-2022-29824,CVE-2023-28484,CVE-2023-29469 This update for libxml2 fixes the following issues: - CVE-2023-29469: Fixed inconsistent result when hashing empty strings (bsc#1210412). - CVE-2023-28484: Fixed NULL pointer dereference in xmlSchemaFixupComplexType (bsc#1210411). - CVE-2022-29824: Fixed integer overflow leading to out-of-bounds write in buf.c (bsc#1199132). The following non-security bugs were fixed: - Added W3C conformance tests to the testsuite (bsc#1204585). - Fixed NULL pointer dereference when parsing invalid data (glgo#libxml2!15) (bsc#1065270) . The following package changes have been done: - libxml2-2-2.9.7-150000.3.57.1 updated - container:sles15-image-15.0.0-17.20.128 updated From sle-updates at lists.suse.com Fri Apr 28 08:30:02 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 28 Apr 2023 08:30:02 -0000 Subject: SUSE-RU-2023:1298-2: important: Recommended update for ndctl Message-ID: <168267060212.27380.9176643650171598755@smelt2.suse.de> # Recommended update for ndctl Announcement ID: SUSE-RU-2023:1298-2 Rating: important References: * #1208548 Affected Products: * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.4 An update that has one recommended fix can now be installed. ## Description: This update for ndctl fixes the following issues: * Fix parsing of environment variable NDCTL_TIMEOUT (bsc#1208548) ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-1298=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-1298=1 ## Package List: * SUSE Linux Enterprise Micro for Rancher 5.4 (x86_64) * ndctl-debugsource-71.1-150400.10.3.1 * ndctl-debuginfo-71.1-150400.10.3.1 * libndctl6-71.1-150400.10.3.1 * libndctl6-debuginfo-71.1-150400.10.3.1 * SUSE Linux Enterprise Micro 5.4 (x86_64) * ndctl-debugsource-71.1-150400.10.3.1 * ndctl-debuginfo-71.1-150400.10.3.1 * libndctl6-71.1-150400.10.3.1 * libndctl6-debuginfo-71.1-150400.10.3.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1208548 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Apr 28 08:30:06 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 28 Apr 2023 08:30:06 -0000 Subject: SUSE-RU-2023:1668-2: moderate: Recommended update for firewalld Message-ID: <168267060612.27380.4533488503973082214@smelt2.suse.de> # Recommended update for firewalld Announcement ID: SUSE-RU-2023:1668-2 Rating: moderate References: * #1206928 Affected Products: * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.4 An update that has one recommended fix can now be installed. ## Description: This update for firewalld fixes the following issues: * Fix `firewall-offline-cmd` command failing with error (bsc#1206928) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-1668=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-1668=1 ## Package List: * SUSE Linux Enterprise Micro for Rancher 5.4 (noarch) * python3-firewall-0.9.3-150400.8.9.1 * firewalld-0.9.3-150400.8.9.1 * SUSE Linux Enterprise Micro 5.4 (noarch) * python3-firewall-0.9.3-150400.8.9.1 * firewalld-0.9.3-150400.8.9.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1206928 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Apr 28 08:30:07 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 28 Apr 2023 08:30:07 -0000 Subject: SUSE-RU-2023:0714-2: important: Recommended update for rpm Message-ID: <168267060747.27380.8656838529049110670@smelt2.suse.de> # Recommended update for rpm Announcement ID: SUSE-RU-2023:0714-2 Rating: important References: * #1207294 Affected Products: * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.4 An update that has one recommended fix can now be installed. ## Description: This update for rpm fixes the following issues: * Fix missing python(abi) for 3.XX versions (bsc#1207294) ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-714=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-714=1 ## Package List: * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * python-rpm-debugsource-4.14.3-150300.55.1 * rpm-4.14.3-150300.55.1 * rpm-ndb-4.14.3-150300.55.1 * rpm-ndb-debugsource-4.14.3-150300.55.1 * python3-rpm-4.14.3-150300.55.1 * python3-rpm-debuginfo-4.14.3-150300.55.1 * rpm-debugsource-4.14.3-150300.55.1 * rpm-ndb-debuginfo-4.14.3-150300.55.1 * rpm-debuginfo-4.14.3-150300.55.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * python-rpm-debugsource-4.14.3-150300.55.1 * rpm-4.14.3-150300.55.1 * rpm-ndb-4.14.3-150300.55.1 * rpm-ndb-debugsource-4.14.3-150300.55.1 * python3-rpm-4.14.3-150300.55.1 * python3-rpm-debuginfo-4.14.3-150300.55.1 * rpm-debugsource-4.14.3-150300.55.1 * rpm-ndb-debuginfo-4.14.3-150300.55.1 * rpm-debuginfo-4.14.3-150300.55.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1207294 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Apr 28 14:01:03 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 28 Apr 2023 14:01:03 -0000 Subject: SUSE-SU-2023:2070-1: moderate: Security update for shadow Message-ID: <168269046384.9446.4500142865893962535@smelt2.suse.de> # Security update for shadow Announcement ID: SUSE-SU-2023:2070-1 Rating: moderate References: * #1210507 Cross-References: * CVE-2023-29383 CVSS scores: * CVE-2023-29383 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-29383 ( NVD ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N Affected Products: * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Manager Proxy 4.2 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Server 4.2 An update that solves one vulnerability can now be installed. ## Description: This update for shadow fixes the following issues: * CVE-2023-29383: Fixed apparent /etc/shadow manipulation via chfn (bsc#1210507). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-2070=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-2070=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-2070=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-2070=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-2070=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-2070=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-2070=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-2070=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-2070=1 * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-2070=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-2070=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-2070=1 ## Package List: * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * login_defs-4.8.1-150300.4.6.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * shadow-4.8.1-150300.4.6.1 * shadow-debuginfo-4.8.1-150300.4.6.1 * shadow-debugsource-4.8.1-150300.4.6.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * login_defs-4.8.1-150300.4.6.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * shadow-4.8.1-150300.4.6.1 * shadow-debuginfo-4.8.1-150300.4.6.1 * shadow-debugsource-4.8.1-150300.4.6.1 * SUSE Linux Enterprise Real Time 15 SP3 (noarch) * login_defs-4.8.1-150300.4.6.1 * SUSE Linux Enterprise Real Time 15 SP3 (x86_64) * shadow-4.8.1-150300.4.6.1 * shadow-debuginfo-4.8.1-150300.4.6.1 * shadow-debugsource-4.8.1-150300.4.6.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * login_defs-4.8.1-150300.4.6.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * shadow-4.8.1-150300.4.6.1 * shadow-debuginfo-4.8.1-150300.4.6.1 * shadow-debugsource-4.8.1-150300.4.6.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * login_defs-4.8.1-150300.4.6.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * shadow-4.8.1-150300.4.6.1 * shadow-debuginfo-4.8.1-150300.4.6.1 * shadow-debugsource-4.8.1-150300.4.6.1 * SUSE Manager Proxy 4.2 (noarch) * login_defs-4.8.1-150300.4.6.1 * SUSE Manager Proxy 4.2 (x86_64) * shadow-4.8.1-150300.4.6.1 * shadow-debuginfo-4.8.1-150300.4.6.1 * shadow-debugsource-4.8.1-150300.4.6.1 * SUSE Manager Retail Branch Server 4.2 (noarch) * login_defs-4.8.1-150300.4.6.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * shadow-4.8.1-150300.4.6.1 * shadow-debuginfo-4.8.1-150300.4.6.1 * shadow-debugsource-4.8.1-150300.4.6.1 * SUSE Manager Server 4.2 (noarch) * login_defs-4.8.1-150300.4.6.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * shadow-4.8.1-150300.4.6.1 * shadow-debuginfo-4.8.1-150300.4.6.1 * shadow-debugsource-4.8.1-150300.4.6.1 * SUSE Enterprise Storage 7.1 (noarch) * login_defs-4.8.1-150300.4.6.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * shadow-4.8.1-150300.4.6.1 * shadow-debuginfo-4.8.1-150300.4.6.1 * shadow-debugsource-4.8.1-150300.4.6.1 * SUSE Linux Enterprise Micro 5.1 (noarch) * login_defs-4.8.1-150300.4.6.1 * SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64) * shadow-4.8.1-150300.4.6.1 * shadow-debuginfo-4.8.1-150300.4.6.1 * shadow-debugsource-4.8.1-150300.4.6.1 * SUSE Linux Enterprise Micro 5.2 (noarch) * login_defs-4.8.1-150300.4.6.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * shadow-4.8.1-150300.4.6.1 * shadow-debuginfo-4.8.1-150300.4.6.1 * shadow-debugsource-4.8.1-150300.4.6.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (noarch) * login_defs-4.8.1-150300.4.6.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * shadow-4.8.1-150300.4.6.1 * shadow-debuginfo-4.8.1-150300.4.6.1 * shadow-debugsource-4.8.1-150300.4.6.1 ## References: * https://www.suse.com/security/cve/CVE-2023-29383.html * https://bugzilla.suse.com/show_bug.cgi?id=1210507 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Apr 28 14:01:05 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 28 Apr 2023 14:01:05 -0000 Subject: SUSE-SU-2023:2069-1: moderate: Security update for shadow Message-ID: <168269046589.9446.16984927242837317015@smelt2.suse.de> # Security update for shadow Announcement ID: SUSE-SU-2023:2069-1 Rating: moderate References: * #1210507 Cross-References: * CVE-2023-29383 CVSS scores: * CVE-2023-29383 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-29383 ( NVD ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP2 * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise Server 12 SP2 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE OpenStack Cloud 9 * SUSE OpenStack Cloud Crowbar 9 An update that solves one vulnerability can now be installed. ## Description: This update for shadow fixes the following issues: * CVE-2023-29383: Fixed apparent /etc/shadow manipulation via chfn (bsc#1210507). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE OpenStack Cloud 9 zypper in -t patch SUSE-OpenStack-Cloud-9-2023-2069=1 * SUSE OpenStack Cloud Crowbar 9 zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2023-2069=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 zypper in -t patch SUSE-SLE-SAP-12-SP4-2023-2069=1 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2023-2069=1 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 zypper in -t patch SUSE-SLE-SERVER-12-SP4-ESPOS-2023-2069=1 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2023-2069=1 ## Package List: * SUSE OpenStack Cloud 9 (x86_64) * shadow-4.2.1-27.22.1 * shadow-debugsource-4.2.1-27.22.1 * shadow-debuginfo-4.2.1-27.22.1 * SUSE OpenStack Cloud Crowbar 9 (x86_64) * shadow-4.2.1-27.22.1 * shadow-debugsource-4.2.1-27.22.1 * shadow-debuginfo-4.2.1-27.22.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 (ppc64le x86_64) * shadow-4.2.1-27.22.1 * shadow-debugsource-4.2.1-27.22.1 * shadow-debuginfo-4.2.1-27.22.1 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 (x86_64) * shadow-4.2.1-27.22.1 * shadow-debugsource-4.2.1-27.22.1 * shadow-debuginfo-4.2.1-27.22.1 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 (aarch64 x86_64) * shadow-4.2.1-27.22.1 * shadow-debugsource-4.2.1-27.22.1 * shadow-debuginfo-4.2.1-27.22.1 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 (aarch64 ppc64le s390x x86_64) * shadow-4.2.1-27.22.1 * shadow-debugsource-4.2.1-27.22.1 * shadow-debuginfo-4.2.1-27.22.1 ## References: * https://www.suse.com/security/cve/CVE-2023-29383.html * https://bugzilla.suse.com/show_bug.cgi?id=1210507 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Apr 28 14:01:07 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 28 Apr 2023 14:01:07 -0000 Subject: SUSE-SU-2023:2068-1: moderate: Security update for shadow Message-ID: <168269046786.9446.5087439962503839527@smelt2.suse.de> # Security update for shadow Announcement ID: SUSE-SU-2023:2068-1 Rating: moderate References: * #1210507 Cross-References: * CVE-2023-29383 CVSS scores: * CVE-2023-29383 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-29383 ( NVD ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N Affected Products: * SUSE CaaS Platform 4.0 * SUSE Enterprise Storage 7 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 An update that solves one vulnerability can now be installed. ## Description: This update for shadow fixes the following issues: * CVE-2023-29383: Fixed apparent /etc/shadow manipulation via chfn (bsc#1210507). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-2068=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-2068=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-2068=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-2068=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-2068=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-2068=1 * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-2068=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. ## Package List: * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * shadow-debugsource-4.6-150100.3.8.1 * shadow-debuginfo-4.6-150100.3.8.1 * shadow-4.6-150100.3.8.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * shadow-debugsource-4.6-150100.3.8.1 * shadow-debuginfo-4.6-150100.3.8.1 * shadow-4.6-150100.3.8.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * shadow-debugsource-4.6-150100.3.8.1 * shadow-debuginfo-4.6-150100.3.8.1 * shadow-4.6-150100.3.8.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * shadow-debugsource-4.6-150100.3.8.1 * shadow-debuginfo-4.6-150100.3.8.1 * shadow-4.6-150100.3.8.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * shadow-debugsource-4.6-150100.3.8.1 * shadow-debuginfo-4.6-150100.3.8.1 * shadow-4.6-150100.3.8.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * shadow-debugsource-4.6-150100.3.8.1 * shadow-debuginfo-4.6-150100.3.8.1 * shadow-4.6-150100.3.8.1 * SUSE Enterprise Storage 7 (aarch64 x86_64) * shadow-debugsource-4.6-150100.3.8.1 * shadow-debuginfo-4.6-150100.3.8.1 * shadow-4.6-150100.3.8.1 * SUSE CaaS Platform 4.0 (x86_64) * shadow-debugsource-4.6-150100.3.8.1 * shadow-debuginfo-4.6-150100.3.8.1 * shadow-4.6-150100.3.8.1 ## References: * https://www.suse.com/security/cve/CVE-2023-29383.html * https://bugzilla.suse.com/show_bug.cgi?id=1210507 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Apr 28 14:01:10 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 28 Apr 2023 14:01:10 -0000 Subject: SUSE-SU-2023:2067-1: moderate: Security update for shadow Message-ID: <168269047077.9446.3316059726366516307@smelt2.suse.de> # Security update for shadow Announcement ID: SUSE-SU-2023:2067-1 Rating: moderate References: * #1210507 Cross-References: * CVE-2023-29383 CVSS scores: * CVE-2023-29383 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-29383 ( NVD ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for shadow fixes the following issues: * CVE-2023-29383: Fixed apparent /etc/shadow manipulation via chfn (bsc#1210507). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2067=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2067=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2067=1 ## Package List: * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * shadow-debuginfo-4.2.1-36.3.1 * shadow-debugsource-4.2.1-36.3.1 * shadow-4.2.1-36.3.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * shadow-debuginfo-4.2.1-36.3.1 * shadow-debugsource-4.2.1-36.3.1 * shadow-4.2.1-36.3.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * shadow-debuginfo-4.2.1-36.3.1 * shadow-debugsource-4.2.1-36.3.1 * shadow-4.2.1-36.3.1 ## References: * https://www.suse.com/security/cve/CVE-2023-29383.html * https://bugzilla.suse.com/show_bug.cgi?id=1210507 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Apr 28 14:01:12 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 28 Apr 2023 14:01:12 -0000 Subject: SUSE-SU-2023:2066-1: moderate: Security update for shadow Message-ID: <168269047299.9446.4250088532708334644@smelt2.suse.de> # Security update for shadow Announcement ID: SUSE-SU-2023:2066-1 Rating: moderate References: * #1210507 Cross-References: * CVE-2023-29383 CVSS scores: * CVE-2023-29383 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-29383 ( NVD ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N Affected Products: * Basesystem Module 15-SP4 * openSUSE Leap 15.4 * openSUSE Leap Micro 5.3 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves one vulnerability can now be installed. ## Description: This update for shadow fixes the following issues: * CVE-2023-29383: Fixed apparent /etc/shadow manipulation via chfn (bsc#1210507). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-2066=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2066=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-2066=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-2066=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-2066=1 ## Package List: * openSUSE Leap Micro 5.3 (noarch) * login_defs-4.8.1-150400.10.6.1 * openSUSE Leap Micro 5.3 (aarch64 x86_64) * shadow-debugsource-4.8.1-150400.10.6.1 * shadow-debuginfo-4.8.1-150400.10.6.1 * shadow-4.8.1-150400.10.6.1 * openSUSE Leap 15.4 (noarch) * login_defs-4.8.1-150400.10.6.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * shadow-debugsource-4.8.1-150400.10.6.1 * shadow-debuginfo-4.8.1-150400.10.6.1 * shadow-4.8.1-150400.10.6.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (noarch) * login_defs-4.8.1-150400.10.6.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * shadow-debugsource-4.8.1-150400.10.6.1 * shadow-debuginfo-4.8.1-150400.10.6.1 * shadow-4.8.1-150400.10.6.1 * SUSE Linux Enterprise Micro 5.3 (noarch) * login_defs-4.8.1-150400.10.6.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * shadow-debugsource-4.8.1-150400.10.6.1 * shadow-debuginfo-4.8.1-150400.10.6.1 * shadow-4.8.1-150400.10.6.1 * Basesystem Module 15-SP4 (noarch) * login_defs-4.8.1-150400.10.6.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * shadow-debugsource-4.8.1-150400.10.6.1 * shadow-debuginfo-4.8.1-150400.10.6.1 * shadow-4.8.1-150400.10.6.1 ## References: * https://www.suse.com/security/cve/CVE-2023-29383.html * https://bugzilla.suse.com/show_bug.cgi?id=1210507 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Apr 28 14:01:15 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 28 Apr 2023 14:01:15 -0000 Subject: SUSE-SU-2023:2065-1: important: Security update for webkit2gtk3 Message-ID: <168269047521.9446.9899129973667203400@smelt2.suse.de> # Security update for webkit2gtk3 Announcement ID: SUSE-SU-2023:2065-1 Rating: important References: * #1210295 * #1210731 Cross-References: * CVE-2022-0108 * CVE-2022-32885 * CVE-2022-32886 * CVE-2022-32912 * CVE-2023-25358 * CVE-2023-25360 * CVE-2023-25361 * CVE-2023-25362 * CVE-2023-25363 * CVE-2023-27932 * CVE-2023-27954 * CVE-2023-28205 CVSS scores: * CVE-2022-0108 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N * CVE-2022-32886 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2022-32886 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2022-32912 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2022-32912 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-25358 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-25358 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-25360 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-25360 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-25361 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-25361 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-25362 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-25362 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-25363 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-25363 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-28205 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-28205 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * Basesystem Module 15-SP4 * Desktop Applications Module 15-SP4 * Development Tools Module 15-SP4 * openSUSE Leap 15.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves 12 vulnerabilities can now be installed. ## Description: This update for webkit2gtk3 fixes the following issues: Update to version 2.38.6 (bsc#1210731): * CVE-2022-0108: Fixed information leak. * CVE-2022-32885: Fixed arbitrary code execution. * CVE-2023-25358: Fixed use-after-free vulnerability in WebCore::RenderLayer. * CVE-2023-27932: Fixed Same Origin Policy bypass. * CVE-2023-27954: Fixed sensitive user information tracking. * CVE-2023-28205: Fixed arbitrary code execution (bsc#1210295). Already fixed in version 2.38.5: * CVE-2022-32886, CVE-2022-32912, CVE-2023-25360, CVE-2023-25361, CVE-2023-25362, CVE-2023-25363. ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2065=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-2065=1 * Desktop Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2023-2065=1 * Development Tools Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-2065=1 ## Package List: * openSUSE Leap 15.4 (noarch) * WebKit2GTK-5.0-lang-2.38.6-150400.4.39.1 * WebKit2GTK-4.1-lang-2.38.6-150400.4.39.1 * WebKit2GTK-4.0-lang-2.38.6-150400.4.39.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * webkit2gtk3-soup2-minibrowser-debuginfo-2.38.6-150400.4.39.1 * libjavascriptcoregtk-5_0-0-debuginfo-2.38.6-150400.4.39.1 * libwebkit2gtk-4_1-0-2.38.6-150400.4.39.1 * webkit2gtk-4_1-injected-bundles-debuginfo-2.38.6-150400.4.39.1 * webkit2gtk4-minibrowser-debuginfo-2.38.6-150400.4.39.1 * libjavascriptcoregtk-4_0-18-debuginfo-2.38.6-150400.4.39.1 * webkit2gtk3-debugsource-2.38.6-150400.4.39.1 * libjavascriptcoregtk-4_0-18-2.38.6-150400.4.39.1 * typelib-1_0-WebKit2WebExtension-4_0-2.38.6-150400.4.39.1 * typelib-1_0-WebKit2WebExtension-4_1-2.38.6-150400.4.39.1 * webkit-jsc-5.0-2.38.6-150400.4.39.1 * webkit2gtk-4_1-injected-bundles-2.38.6-150400.4.39.1 * webkit2gtk4-debugsource-2.38.6-150400.4.39.1 * webkit-jsc-4-debuginfo-2.38.6-150400.4.39.1 * webkit-jsc-4-2.38.6-150400.4.39.1 * libwebkit2gtk-5_0-0-debuginfo-2.38.6-150400.4.39.1 * typelib-1_0-WebKit2-5_0-2.38.6-150400.4.39.1 * webkit2gtk-5_0-injected-bundles-2.38.6-150400.4.39.1 * webkit2gtk3-soup2-debugsource-2.38.6-150400.4.39.1 * libjavascriptcoregtk-5_0-0-2.38.6-150400.4.39.1 * webkit-jsc-4.1-2.38.6-150400.4.39.1 * typelib-1_0-JavaScriptCore-4_0-2.38.6-150400.4.39.1 * typelib-1_0-WebKit2-4_1-2.38.6-150400.4.39.1 * webkit-jsc-4.1-debuginfo-2.38.6-150400.4.39.1 * webkit2gtk4-devel-2.38.6-150400.4.39.1 * libwebkit2gtk-4_0-37-debuginfo-2.38.6-150400.4.39.1 * libjavascriptcoregtk-4_1-0-debuginfo-2.38.6-150400.4.39.1 * webkit2gtk-4_0-injected-bundles-2.38.6-150400.4.39.1 * webkit2gtk3-devel-2.38.6-150400.4.39.1 * typelib-1_0-WebKit2-4_0-2.38.6-150400.4.39.1 * webkit-jsc-5.0-debuginfo-2.38.6-150400.4.39.1 * libjavascriptcoregtk-4_1-0-2.38.6-150400.4.39.1 * libwebkit2gtk-5_0-0-2.38.6-150400.4.39.1 * webkit2gtk3-minibrowser-debuginfo-2.38.6-150400.4.39.1 * webkit2gtk-5_0-injected-bundles-debuginfo-2.38.6-150400.4.39.1 * webkit2gtk3-soup2-minibrowser-2.38.6-150400.4.39.1 * libwebkit2gtk-4_1-0-debuginfo-2.38.6-150400.4.39.1 * typelib-1_0-JavaScriptCore-4_1-2.38.6-150400.4.39.1 * webkit2gtk4-minibrowser-2.38.6-150400.4.39.1 * typelib-1_0-JavaScriptCore-5_0-2.38.6-150400.4.39.1 * webkit2gtk3-soup2-devel-2.38.6-150400.4.39.1 * typelib-1_0-WebKit2WebExtension-5_0-2.38.6-150400.4.39.1 * libwebkit2gtk-4_0-37-2.38.6-150400.4.39.1 * webkit2gtk-4_0-injected-bundles-debuginfo-2.38.6-150400.4.39.1 * webkit2gtk3-minibrowser-2.38.6-150400.4.39.1 * openSUSE Leap 15.4 (x86_64) * libjavascriptcoregtk-4_1-0-32bit-2.38.6-150400.4.39.1 * libwebkit2gtk-4_0-37-32bit-2.38.6-150400.4.39.1 * libjavascriptcoregtk-4_0-18-32bit-debuginfo-2.38.6-150400.4.39.1 * libwebkit2gtk-4_0-37-32bit-debuginfo-2.38.6-150400.4.39.1 * libjavascriptcoregtk-4_0-18-32bit-2.38.6-150400.4.39.1 * libjavascriptcoregtk-4_1-0-32bit-debuginfo-2.38.6-150400.4.39.1 * libwebkit2gtk-4_1-0-32bit-2.38.6-150400.4.39.1 * libwebkit2gtk-4_1-0-32bit-debuginfo-2.38.6-150400.4.39.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * webkit2gtk-4_0-injected-bundles-2.38.6-150400.4.39.1 * typelib-1_0-WebKit2-4_0-2.38.6-150400.4.39.1 * libjavascriptcoregtk-4_0-18-debuginfo-2.38.6-150400.4.39.1 * webkit2gtk3-soup2-debugsource-2.38.6-150400.4.39.1 * libjavascriptcoregtk-4_0-18-2.38.6-150400.4.39.1 * webkit2gtk3-soup2-devel-2.38.6-150400.4.39.1 * typelib-1_0-JavaScriptCore-4_0-2.38.6-150400.4.39.1 * webkit2gtk-4_0-injected-bundles-debuginfo-2.38.6-150400.4.39.1 * libwebkit2gtk-4_0-37-2.38.6-150400.4.39.1 * typelib-1_0-WebKit2WebExtension-4_0-2.38.6-150400.4.39.1 * libwebkit2gtk-4_0-37-debuginfo-2.38.6-150400.4.39.1 * Desktop Applications Module 15-SP4 (aarch64 ppc64le s390x x86_64) * libwebkit2gtk-4_1-0-2.38.6-150400.4.39.1 * libwebkit2gtk-4_1-0-debuginfo-2.38.6-150400.4.39.1 * webkit2gtk-4_1-injected-bundles-debuginfo-2.38.6-150400.4.39.1 * webkit2gtk3-devel-2.38.6-150400.4.39.1 * typelib-1_0-JavaScriptCore-4_1-2.38.6-150400.4.39.1 * webkit2gtk3-debugsource-2.38.6-150400.4.39.1 * libjavascriptcoregtk-4_1-0-2.38.6-150400.4.39.1 * typelib-1_0-WebKit2-4_1-2.38.6-150400.4.39.1 * typelib-1_0-WebKit2WebExtension-4_1-2.38.6-150400.4.39.1 * webkit2gtk-4_1-injected-bundles-2.38.6-150400.4.39.1 * libjavascriptcoregtk-4_1-0-debuginfo-2.38.6-150400.4.39.1 * Development Tools Module 15-SP4 (aarch64 ppc64le s390x x86_64) * libjavascriptcoregtk-5_0-0-debuginfo-2.38.6-150400.4.39.1 * libwebkit2gtk-5_0-0-debuginfo-2.38.6-150400.4.39.1 * typelib-1_0-WebKit2-5_0-2.38.6-150400.4.39.1 * webkit2gtk-5_0-injected-bundles-2.38.6-150400.4.39.1 * typelib-1_0-JavaScriptCore-5_0-2.38.6-150400.4.39.1 * libjavascriptcoregtk-5_0-0-2.38.6-150400.4.39.1 * libwebkit2gtk-5_0-0-2.38.6-150400.4.39.1 * webkit2gtk4-debugsource-2.38.6-150400.4.39.1 * webkit2gtk-5_0-injected-bundles-debuginfo-2.38.6-150400.4.39.1 ## References: * https://www.suse.com/security/cve/CVE-2022-0108.html * https://www.suse.com/security/cve/CVE-2022-32885.html * https://www.suse.com/security/cve/CVE-2022-32886.html * https://www.suse.com/security/cve/CVE-2022-32912.html * https://www.suse.com/security/cve/CVE-2023-25358.html * https://www.suse.com/security/cve/CVE-2023-25360.html * https://www.suse.com/security/cve/CVE-2023-25361.html * https://www.suse.com/security/cve/CVE-2023-25362.html * https://www.suse.com/security/cve/CVE-2023-25363.html * https://www.suse.com/security/cve/CVE-2023-27932.html * https://www.suse.com/security/cve/CVE-2023-27954.html * https://www.suse.com/security/cve/CVE-2023-28205.html * https://bugzilla.suse.com/show_bug.cgi?id=1210295 * https://bugzilla.suse.com/show_bug.cgi?id=1210731 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Apr 28 14:01:18 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 28 Apr 2023 14:01:18 -0000 Subject: SUSE-SU-2023:2064-1: important: Security update for MozillaThunderbird Message-ID: <168269047870.9446.6193619954676152439@smelt2.suse.de> # Security update for MozillaThunderbird Announcement ID: SUSE-SU-2023:2064-1 Rating: important References: * #1210212 Cross-References: * CVE-2023-0547 * CVE-2023-1945 * CVE-2023-1999 * CVE-2023-29479 * CVE-2023-29531 * CVE-2023-29532 * CVE-2023-29533 * CVE-2023-29535 * CVE-2023-29536 * CVE-2023-29539 * CVE-2023-29541 * CVE-2023-29542 * CVE-2023-29545 * CVE-2023-29548 * CVE-2023-29550 CVSS scores: Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Workstation Extension 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 * SUSE Package Hub 15 15-SP4 An update that solves 15 vulnerabilities can now be installed. ## Description: This update for MozillaThunderbird fixes the following issues: Update to Mozilla Thunderbird 102.10.1 (MFSA 2023-15) (bsc#1210212): Security fixes: * CVE-2023-29531: Out-of-bound memory access in WebGL on macOS (bmo#1794292) * CVE-2023-29532: Mozilla Maintenance Service Write-lock bypass (bmo#1806394) * CVE-2023-29533: Fullscreen notification obscured (bmo#1798219, bmo#1814597) * CVE-2023-1999: Double-free in libwebp (bmo#1819244) * CVE-2023-29535: Potential Memory Corruption following Garbage Collector compaction (bmo#1820543) * CVE-2023-29536: Invalid free from JavaScript code (bmo#1821959) * CVE-2023-0547: Revocation status of S/Mime recipient certificates was not checked (bmo#1811298) * CVE-2023-29479: Hang when processing certain OpenPGP messages (bmo#1824978) * CVE-2023-29539: Content- Disposition filename truncation leads to Reflected File Download (bmo#1784348) * CVE-2023-29541: Files with malicious extensions could have been downloaded unsafely on Linux (bmo#1810191) * CVE-2023-29542: Bypass of file download extension restrictions (bmo#1810793, bmo#1815062) * CVE-2023-29545: Windows Save As dialog resolved environment variables (bmo#1823077) * CVE-2023-1945: Memory Corruption in Safe Browsing Code (bmo#1777588) * CVE-2023-29548: Incorrect optimization result on ARM64 (bmo#1822754) * CVE-2023-29550: Memory safety bugs fixed in Thunderbird 102.10 (bmo#1720594, bmo#1751945, bmo#1812498, bmo#1814217, bmo#1818357, bmo#1818762, bmo#1819493, bmo#1820389, bmo#1820602, bmo#1821448, bmo#1822413, bmo#1824828) Other fixes: * fixed: Messages with missing or corrupt "From:" header did not display message header buttons (bmo#1793918) * fixed: Composer repeatedly prompted for S/MIME smartcard signing/encryption password (bmo#1828366) * fixed: Address Book integration did not work with macOS 11.4 Bug Sur (bmo#1720257) * fixed: Mexico City DST fix in Thunderbird 102.10.0 (bug 1826146) was incomplete (bmo#1827503) * changed: New messages will automatically select S/MIME if configured and OpenPGP is not (bmo#1793278) * fixed: Calendar events with timezone America/Mexico_City incorrectly applied Daylight Savings Time (bmo#1826146) * fixed: Security fixes ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2064=1 * SUSE Package Hub 15 15-SP4 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2023-2064=1 * SUSE Linux Enterprise Workstation Extension 15 SP4 zypper in -t patch SUSE-SLE-Product-WE-15-SP4-2023-2064=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * MozillaThunderbird-debugsource-102.10.1-150200.8.113.2 * MozillaThunderbird-translations-other-102.10.1-150200.8.113.2 * MozillaThunderbird-debuginfo-102.10.1-150200.8.113.2 * MozillaThunderbird-102.10.1-150200.8.113.2 * MozillaThunderbird-translations-common-102.10.1-150200.8.113.2 * SUSE Package Hub 15 15-SP4 (aarch64 ppc64le s390x) * MozillaThunderbird-debugsource-102.10.1-150200.8.113.2 * MozillaThunderbird-translations-other-102.10.1-150200.8.113.2 * MozillaThunderbird-debuginfo-102.10.1-150200.8.113.2 * MozillaThunderbird-102.10.1-150200.8.113.2 * MozillaThunderbird-translations-common-102.10.1-150200.8.113.2 * SUSE Linux Enterprise Workstation Extension 15 SP4 (x86_64) * MozillaThunderbird-debugsource-102.10.1-150200.8.113.2 * MozillaThunderbird-translations-other-102.10.1-150200.8.113.2 * MozillaThunderbird-debuginfo-102.10.1-150200.8.113.2 * MozillaThunderbird-102.10.1-150200.8.113.2 * MozillaThunderbird-translations-common-102.10.1-150200.8.113.2 ## References: * https://www.suse.com/security/cve/CVE-2023-0547.html * https://www.suse.com/security/cve/CVE-2023-1945.html * https://www.suse.com/security/cve/CVE-2023-1999.html * https://www.suse.com/security/cve/CVE-2023-29479.html * https://www.suse.com/security/cve/CVE-2023-29531.html * https://www.suse.com/security/cve/CVE-2023-29532.html * https://www.suse.com/security/cve/CVE-2023-29533.html * https://www.suse.com/security/cve/CVE-2023-29535.html * https://www.suse.com/security/cve/CVE-2023-29536.html * https://www.suse.com/security/cve/CVE-2023-29539.html * https://www.suse.com/security/cve/CVE-2023-29541.html * https://www.suse.com/security/cve/CVE-2023-29542.html * https://www.suse.com/security/cve/CVE-2023-29545.html * https://www.suse.com/security/cve/CVE-2023-29548.html * https://www.suse.com/security/cve/CVE-2023-29550.html * https://bugzilla.suse.com/show_bug.cgi?id=1210212 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Apr 28 14:01:24 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 28 Apr 2023 14:01:24 -0000 Subject: SUSE-RU-2023:2063-1: moderate: Recommended update for davfs2 Message-ID: <168269048434.9446.2180108677180702624@smelt2.suse.de> # Recommended update for davfs2 Announcement ID: SUSE-RU-2023:2063-1 Rating: moderate References: * #1188967 * #1198576 Affected Products: * openSUSE Leap 15.4 * Server Applications Module 15-SP4 * SUSE CaaS Platform 4.0 * SUSE Enterprise Storage 7 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 An update that has two recommended fixes can now be installed. ## Description: This update for davfs2 fixes the following issues: * Do not download the update_cache_file on each lookup. It is enough to get the latest file size when a file is not open or not dirty to detect if it has been changed on the server, so next FUSE read will have the correct size. (bsc#1198576, bsc#1188967). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2063=1 * Server Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2023-2063=1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-2063=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-2063=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-2063=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-2063=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-2063=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-2063=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-2063=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-2063=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-2063=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-2063=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-2063=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-2063=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-2063=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-2063=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-2063=1 * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-2063=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * davfs2-debugsource-1.5.4-150000.3.11.1 * davfs2-1.5.4-150000.3.11.1 * davfs2-debuginfo-1.5.4-150000.3.11.1 * Server Applications Module 15-SP4 (aarch64 ppc64le s390x x86_64) * davfs2-debugsource-1.5.4-150000.3.11.1 * davfs2-1.5.4-150000.3.11.1 * davfs2-debuginfo-1.5.4-150000.3.11.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * davfs2-debugsource-1.5.4-150000.3.11.1 * davfs2-1.5.4-150000.3.11.1 * davfs2-debuginfo-1.5.4-150000.3.11.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * davfs2-debugsource-1.5.4-150000.3.11.1 * davfs2-1.5.4-150000.3.11.1 * davfs2-debuginfo-1.5.4-150000.3.11.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * davfs2-debugsource-1.5.4-150000.3.11.1 * davfs2-1.5.4-150000.3.11.1 * davfs2-debuginfo-1.5.4-150000.3.11.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * davfs2-debugsource-1.5.4-150000.3.11.1 * davfs2-1.5.4-150000.3.11.1 * davfs2-debuginfo-1.5.4-150000.3.11.1 * SUSE Linux Enterprise Real Time 15 SP3 (x86_64) * davfs2-debugsource-1.5.4-150000.3.11.1 * davfs2-1.5.4-150000.3.11.1 * davfs2-debuginfo-1.5.4-150000.3.11.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * davfs2-debugsource-1.5.4-150000.3.11.1 * davfs2-1.5.4-150000.3.11.1 * davfs2-debuginfo-1.5.4-150000.3.11.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * davfs2-debugsource-1.5.4-150000.3.11.1 * davfs2-1.5.4-150000.3.11.1 * davfs2-debuginfo-1.5.4-150000.3.11.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * davfs2-debugsource-1.5.4-150000.3.11.1 * davfs2-1.5.4-150000.3.11.1 * davfs2-debuginfo-1.5.4-150000.3.11.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * davfs2-debugsource-1.5.4-150000.3.11.1 * davfs2-1.5.4-150000.3.11.1 * davfs2-debuginfo-1.5.4-150000.3.11.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * davfs2-debugsource-1.5.4-150000.3.11.1 * davfs2-1.5.4-150000.3.11.1 * davfs2-debuginfo-1.5.4-150000.3.11.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * davfs2-debugsource-1.5.4-150000.3.11.1 * davfs2-1.5.4-150000.3.11.1 * davfs2-debuginfo-1.5.4-150000.3.11.1 * SUSE Manager Proxy 4.2 (x86_64) * davfs2-debugsource-1.5.4-150000.3.11.1 * davfs2-1.5.4-150000.3.11.1 * davfs2-debuginfo-1.5.4-150000.3.11.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * davfs2-debugsource-1.5.4-150000.3.11.1 * davfs2-1.5.4-150000.3.11.1 * davfs2-debuginfo-1.5.4-150000.3.11.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * davfs2-debugsource-1.5.4-150000.3.11.1 * davfs2-1.5.4-150000.3.11.1 * davfs2-debuginfo-1.5.4-150000.3.11.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * davfs2-debugsource-1.5.4-150000.3.11.1 * davfs2-1.5.4-150000.3.11.1 * davfs2-debuginfo-1.5.4-150000.3.11.1 * SUSE Enterprise Storage 7 (aarch64 x86_64) * davfs2-debugsource-1.5.4-150000.3.11.1 * davfs2-1.5.4-150000.3.11.1 * davfs2-debuginfo-1.5.4-150000.3.11.1 * SUSE CaaS Platform 4.0 (x86_64) * davfs2-debugsource-1.5.4-150000.3.11.1 * davfs2-1.5.4-150000.3.11.1 * davfs2-debuginfo-1.5.4-150000.3.11.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1188967 * https://bugzilla.suse.com/show_bug.cgi?id=1198576 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Apr 28 14:01:26 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 28 Apr 2023 14:01:26 -0000 Subject: SUSE-SU-2023:2062-1: moderate: Security update for git Message-ID: <168269048617.9446.15482318160310158993@smelt2.suse.de> # Security update for git Announcement ID: SUSE-SU-2023:2062-1 Rating: moderate References: * #1210686 Cross-References: * CVE-2023-25652 * CVE-2023-25815 * CVE-2023-29007 CVSS scores: * CVE-2023-25652 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-25652 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2023-25815 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N * CVE-2023-25815 ( NVD ): 3.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:L * CVE-2023-29007 ( SUSE ): 6.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:L * CVE-2023-29007 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * HPE Helion OpenStack 8 * SUSE Linux Enterprise High Performance Computing 12 SP2 * SUSE Linux Enterprise High Performance Computing 12 SP3 * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP2 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 * SUSE Linux Enterprise Server 12 SP3 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 * SUSE OpenStack Cloud 8 * SUSE OpenStack Cloud 9 * SUSE OpenStack Cloud Crowbar 9 An update that solves three vulnerabilities can now be installed. ## Description: This update for git fixes the following issues: * CVE-2023-25652: Fixed partial overwrite of paths outside the working tree (bsc#1210686). * CVE-2023-25815: Fixed malicious placemtn of crafted message (bsc#1210686). * CVE-2023-29007: Fixed arbitrary configuration injection (bsc#1210686). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * HPE Helion OpenStack 8 zypper in -t patch HPE-Helion-OpenStack-8-2023-2062=1 * SUSE OpenStack Cloud 8 zypper in -t patch SUSE-OpenStack-Cloud-8-2023-2062=1 * SUSE OpenStack Cloud 9 zypper in -t patch SUSE-OpenStack-Cloud-9-2023-2062=1 * SUSE OpenStack Cloud Crowbar 9 zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2023-2062=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 zypper in -t patch SUSE-SLE-SAP-12-SP4-2023-2062=1 * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-2062=1 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2023-2062=1 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 zypper in -t patch SUSE-SLE-SERVER-12-SP4-ESPOS-2023-2062=1 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2023-2062=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2062=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2062=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2062=1 ## Package List: * HPE Helion OpenStack 8 (x86_64) * git-2.26.2-27.69.1 * git-debugsource-2.26.2-27.69.1 * SUSE OpenStack Cloud 8 (x86_64) * git-2.26.2-27.69.1 * git-debugsource-2.26.2-27.69.1 * SUSE OpenStack Cloud 9 (x86_64) * git-cvs-2.26.2-27.69.1 * git-daemon-2.26.2-27.69.1 * git-debugsource-2.26.2-27.69.1 * gitk-2.26.2-27.69.1 * git-core-2.26.2-27.69.1 * git-email-2.26.2-27.69.1 * git-gui-2.26.2-27.69.1 * git-daemon-debuginfo-2.26.2-27.69.1 * git-2.26.2-27.69.1 * git-web-2.26.2-27.69.1 * git-core-debuginfo-2.26.2-27.69.1 * git-svn-2.26.2-27.69.1 * SUSE OpenStack Cloud Crowbar 9 (x86_64) * git-cvs-2.26.2-27.69.1 * git-daemon-2.26.2-27.69.1 * git-debugsource-2.26.2-27.69.1 * gitk-2.26.2-27.69.1 * git-core-2.26.2-27.69.1 * git-email-2.26.2-27.69.1 * git-gui-2.26.2-27.69.1 * git-daemon-debuginfo-2.26.2-27.69.1 * git-2.26.2-27.69.1 * git-web-2.26.2-27.69.1 * git-core-debuginfo-2.26.2-27.69.1 * git-svn-2.26.2-27.69.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 (ppc64le x86_64) * git-cvs-2.26.2-27.69.1 * git-daemon-2.26.2-27.69.1 * git-debugsource-2.26.2-27.69.1 * gitk-2.26.2-27.69.1 * git-core-2.26.2-27.69.1 * git-email-2.26.2-27.69.1 * git-gui-2.26.2-27.69.1 * git-daemon-debuginfo-2.26.2-27.69.1 * git-2.26.2-27.69.1 * git-web-2.26.2-27.69.1 * git-core-debuginfo-2.26.2-27.69.1 * git-svn-2.26.2-27.69.1 * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * git-cvs-2.26.2-27.69.1 * git-daemon-2.26.2-27.69.1 * git-debugsource-2.26.2-27.69.1 * gitk-2.26.2-27.69.1 * git-core-2.26.2-27.69.1 * git-svn-debuginfo-2.26.2-27.69.1 * git-email-2.26.2-27.69.1 * git-arch-2.26.2-27.69.1 * git-gui-2.26.2-27.69.1 * git-daemon-debuginfo-2.26.2-27.69.1 * git-2.26.2-27.69.1 * git-web-2.26.2-27.69.1 * git-core-debuginfo-2.26.2-27.69.1 * git-svn-2.26.2-27.69.1 * SUSE Linux Enterprise Software Development Kit 12 SP5 (noarch) * git-doc-2.26.2-27.69.1 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 (x86_64) * git-cvs-2.26.2-27.69.1 * git-daemon-2.26.2-27.69.1 * git-debugsource-2.26.2-27.69.1 * gitk-2.26.2-27.69.1 * git-core-2.26.2-27.69.1 * git-email-2.26.2-27.69.1 * git-gui-2.26.2-27.69.1 * git-daemon-debuginfo-2.26.2-27.69.1 * git-2.26.2-27.69.1 * git-web-2.26.2-27.69.1 * git-core-debuginfo-2.26.2-27.69.1 * git-svn-2.26.2-27.69.1 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 (noarch) * git-doc-2.26.2-27.69.1 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 (aarch64 x86_64) * git-cvs-2.26.2-27.69.1 * git-daemon-2.26.2-27.69.1 * git-debugsource-2.26.2-27.69.1 * gitk-2.26.2-27.69.1 * git-core-2.26.2-27.69.1 * git-email-2.26.2-27.69.1 * git-gui-2.26.2-27.69.1 * git-daemon-debuginfo-2.26.2-27.69.1 * git-2.26.2-27.69.1 * git-web-2.26.2-27.69.1 * git-core-debuginfo-2.26.2-27.69.1 * git-svn-2.26.2-27.69.1 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 (aarch64 ppc64le s390x x86_64) * git-cvs-2.26.2-27.69.1 * git-daemon-2.26.2-27.69.1 * git-debugsource-2.26.2-27.69.1 * gitk-2.26.2-27.69.1 * git-core-2.26.2-27.69.1 * git-email-2.26.2-27.69.1 * git-gui-2.26.2-27.69.1 * git-daemon-debuginfo-2.26.2-27.69.1 * git-2.26.2-27.69.1 * git-web-2.26.2-27.69.1 * git-core-debuginfo-2.26.2-27.69.1 * git-svn-2.26.2-27.69.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * git-cvs-2.26.2-27.69.1 * git-daemon-2.26.2-27.69.1 * git-debugsource-2.26.2-27.69.1 * gitk-2.26.2-27.69.1 * git-core-2.26.2-27.69.1 * git-email-2.26.2-27.69.1 * git-gui-2.26.2-27.69.1 * git-daemon-debuginfo-2.26.2-27.69.1 * git-2.26.2-27.69.1 * git-web-2.26.2-27.69.1 * git-core-debuginfo-2.26.2-27.69.1 * git-svn-2.26.2-27.69.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * git-cvs-2.26.2-27.69.1 * git-daemon-2.26.2-27.69.1 * git-debugsource-2.26.2-27.69.1 * gitk-2.26.2-27.69.1 * git-core-2.26.2-27.69.1 * git-email-2.26.2-27.69.1 * git-gui-2.26.2-27.69.1 * git-daemon-debuginfo-2.26.2-27.69.1 * git-2.26.2-27.69.1 * git-web-2.26.2-27.69.1 * git-core-debuginfo-2.26.2-27.69.1 * git-svn-2.26.2-27.69.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * git-cvs-2.26.2-27.69.1 * git-daemon-2.26.2-27.69.1 * git-debugsource-2.26.2-27.69.1 * gitk-2.26.2-27.69.1 * git-core-2.26.2-27.69.1 * git-email-2.26.2-27.69.1 * git-gui-2.26.2-27.69.1 * git-daemon-debuginfo-2.26.2-27.69.1 * git-2.26.2-27.69.1 * git-web-2.26.2-27.69.1 * git-core-debuginfo-2.26.2-27.69.1 * git-svn-2.26.2-27.69.1 ## References: * https://www.suse.com/security/cve/CVE-2023-25652.html * https://www.suse.com/security/cve/CVE-2023-25815.html * https://www.suse.com/security/cve/CVE-2023-29007.html * https://bugzilla.suse.com/show_bug.cgi?id=1210686 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Apr 28 16:30:04 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 28 Apr 2023 16:30:04 -0000 Subject: SUSE-SU-2023:2076-1: moderate: Security update for glib2 Message-ID: <168269940401.25368.5834203393098714738@smelt2.suse.de> # Security update for glib2 Announcement ID: SUSE-SU-2023:2076-1 Rating: moderate References: * #1209713 * #1209714 * #1210135 Cross-References: * CVE-2023-24593 * CVE-2023-25180 CVSS scores: * CVE-2023-24593 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-25180 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Real Time 15 SP3 An update that solves two vulnerabilities and has one fix can now be installed. ## Description: This update for glib2 fixes the following issues: * CVE-2023-24593: Fixed a denial of service caused by handling a malicious text-form variant (bsc#1209714). * CVE-2023-25180: Fixed a denial of service caused by malicious serialised variant (bsc#1209713). The following non-security bug was fixed: * Fixed regression on s390x (bsc#1210135, glgo#GNOME/glib!2978). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2076=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-2076=1 * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-2076=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-2076=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-2076=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * libgio-fam-2.62.6-150200.3.15.1 * glib2-tests-debuginfo-2.62.6-150200.3.15.1 * libgio-fam-debuginfo-2.62.6-150200.3.15.1 * glib2-tests-2.62.6-150200.3.15.1 * openSUSE Leap 15.4 (x86_64) * libgio-fam-32bit-debuginfo-2.62.6-150200.3.15.1 * libgio-fam-32bit-2.62.6-150200.3.15.1 * SUSE Linux Enterprise Real Time 15 SP3 (x86_64) * libgio-2_0-0-32bit-debuginfo-2.62.6-150200.3.15.1 * libgthread-2_0-0-2.62.6-150200.3.15.1 * libgobject-2_0-0-32bit-2.62.6-150200.3.15.1 * glib2-devel-2.62.6-150200.3.15.1 * libglib-2_0-0-32bit-2.62.6-150200.3.15.1 * libgio-2_0-0-debuginfo-2.62.6-150200.3.15.1 * glib2-tools-debuginfo-2.62.6-150200.3.15.1 * libgmodule-2_0-0-32bit-debuginfo-2.62.6-150200.3.15.1 * libgio-2_0-0-2.62.6-150200.3.15.1 * libgobject-2_0-0-32bit-debuginfo-2.62.6-150200.3.15.1 * libgmodule-2_0-0-32bit-2.62.6-150200.3.15.1 * libgmodule-2_0-0-2.62.6-150200.3.15.1 * libgio-2_0-0-32bit-2.62.6-150200.3.15.1 * glib2-devel-debuginfo-2.62.6-150200.3.15.1 * libglib-2_0-0-32bit-debuginfo-2.62.6-150200.3.15.1 * libgthread-2_0-0-debuginfo-2.62.6-150200.3.15.1 * glib2-debugsource-2.62.6-150200.3.15.1 * libgobject-2_0-0-debuginfo-2.62.6-150200.3.15.1 * libglib-2_0-0-debuginfo-2.62.6-150200.3.15.1 * libgobject-2_0-0-2.62.6-150200.3.15.1 * glib2-tools-2.62.6-150200.3.15.1 * libglib-2_0-0-2.62.6-150200.3.15.1 * libgmodule-2_0-0-debuginfo-2.62.6-150200.3.15.1 * SUSE Linux Enterprise Real Time 15 SP3 (noarch) * glib2-lang-2.62.6-150200.3.15.1 * SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64) * libgio-2_0-0-debuginfo-2.62.6-150200.3.15.1 * glib2-tools-debuginfo-2.62.6-150200.3.15.1 * glib2-tools-2.62.6-150200.3.15.1 * libglib-2_0-0-2.62.6-150200.3.15.1 * glib2-debugsource-2.62.6-150200.3.15.1 * libgio-2_0-0-2.62.6-150200.3.15.1 * libgmodule-2_0-0-debuginfo-2.62.6-150200.3.15.1 * libgobject-2_0-0-2.62.6-150200.3.15.1 * libgobject-2_0-0-debuginfo-2.62.6-150200.3.15.1 * libglib-2_0-0-debuginfo-2.62.6-150200.3.15.1 * libgmodule-2_0-0-2.62.6-150200.3.15.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * libgio-2_0-0-debuginfo-2.62.6-150200.3.15.1 * glib2-tools-debuginfo-2.62.6-150200.3.15.1 * glib2-tools-2.62.6-150200.3.15.1 * libglib-2_0-0-2.62.6-150200.3.15.1 * glib2-debugsource-2.62.6-150200.3.15.1 * libgio-2_0-0-2.62.6-150200.3.15.1 * libgmodule-2_0-0-debuginfo-2.62.6-150200.3.15.1 * libgobject-2_0-0-2.62.6-150200.3.15.1 * libgobject-2_0-0-debuginfo-2.62.6-150200.3.15.1 * libglib-2_0-0-debuginfo-2.62.6-150200.3.15.1 * libgmodule-2_0-0-2.62.6-150200.3.15.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * libgio-2_0-0-debuginfo-2.62.6-150200.3.15.1 * glib2-tools-debuginfo-2.62.6-150200.3.15.1 * glib2-tools-2.62.6-150200.3.15.1 * libglib-2_0-0-2.62.6-150200.3.15.1 * glib2-debugsource-2.62.6-150200.3.15.1 * libgio-2_0-0-2.62.6-150200.3.15.1 * libgmodule-2_0-0-debuginfo-2.62.6-150200.3.15.1 * libgobject-2_0-0-2.62.6-150200.3.15.1 * libgobject-2_0-0-debuginfo-2.62.6-150200.3.15.1 * libglib-2_0-0-debuginfo-2.62.6-150200.3.15.1 * libgmodule-2_0-0-2.62.6-150200.3.15.1 ## References: * https://www.suse.com/security/cve/CVE-2023-24593.html * https://www.suse.com/security/cve/CVE-2023-25180.html * https://bugzilla.suse.com/show_bug.cgi?id=1209713 * https://bugzilla.suse.com/show_bug.cgi?id=1209714 * https://bugzilla.suse.com/show_bug.cgi?id=1210135 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Sat Apr 29 07:02:44 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 29 Apr 2023 09:02:44 +0200 (CEST) Subject: SUSE-CU-2023:1342-1: Security update of suse/sle-micro/5.4/toolbox Message-ID: <20230429070244.13043F457@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.4/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1342-1 Container Tags : suse/sle-micro/5.4/toolbox:12.1 , suse/sle-micro/5.4/toolbox:12.1-4.2.13 , suse/sle-micro/5.4/toolbox:latest Container Release : 4.2.13 Severity : moderate Type : security References : 1209713 1209714 1209918 1210135 1210411 1210412 CVE-2023-24593 CVE-2023-25180 CVE-2023-28484 CVE-2023-29469 ----------------------------------------------------------------- The container suse/sle-micro/5.4/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2053-1 Released: Thu Apr 27 11:31:08 2023 Summary: Security update for libxml2 Type: security Severity: moderate References: 1209918,1210411,1210412,CVE-2023-28484,CVE-2023-29469 This update for libxml2 fixes the following issues: - CVE-2023-29469: Fixed inconsistent result when hashing empty strings (bsc#1210412). - CVE-2023-28484: Fixed NULL pointer dereference in xmlSchemaFixupComplexType (bsc#1210411). The following non-security bug was fixed: - Remove unneeded dependency (bsc#1209918). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2060-1 Released: Thu Apr 27 17:04:25 2023 Summary: Security update for glib2 Type: security Severity: moderate References: 1209713,1209714,1210135,CVE-2023-24593,CVE-2023-25180 This update for glib2 fixes the following issues: - CVE-2023-24593: Fixed a denial of service caused by handling a malicious text-form variant (bsc#1209714). - CVE-2023-25180: Fixed a denial of service caused by malicious serialised variant (bsc#1209713). The following non-security bug was fixed: - Fixed regression on s390x (bsc#1210135, glgo#GNOME/glib!2978). The following package changes have been done: - libglib-2_0-0-2.70.5-150400.3.8.1 updated - libgmodule-2_0-0-2.70.5-150400.3.8.1 updated - libxml2-2-2.9.14-150400.5.16.1 updated - container:sles15-image-15.0.0-27.14.55 updated From sle-updates at lists.suse.com Sat Apr 29 07:03:59 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 29 Apr 2023 09:03:59 +0200 (CEST) Subject: SUSE-CU-2023:1343-1: Security update of bci/dotnet-aspnet Message-ID: <20230429070359.902F3F457@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1343-1 Container Tags : bci/dotnet-aspnet:6.0 , bci/dotnet-aspnet:6.0-31.15 , bci/dotnet-aspnet:6.0.16 , bci/dotnet-aspnet:6.0.16-31.15 Container Release : 31.15 Severity : moderate Type : security References : 1210507 CVE-2023-29383 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2066-1 Released: Fri Apr 28 13:54:17 2023 Summary: Security update for shadow Type: security Severity: moderate References: 1210507,CVE-2023-29383 This update for shadow fixes the following issues: - CVE-2023-29383: Fixed apparent /etc/shadow manipulation via chfn (bsc#1210507). The following package changes have been done: - login_defs-4.8.1-150400.10.6.1 updated - shadow-4.8.1-150400.10.6.1 updated From sle-updates at lists.suse.com Sat Apr 29 07:04:10 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 29 Apr 2023 09:04:10 +0200 (CEST) Subject: SUSE-CU-2023:1344-1: Security update of bci/dotnet-aspnet Message-ID: <20230429070410.296E0F457@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1344-1 Container Tags : bci/dotnet-aspnet:7.0 , bci/dotnet-aspnet:7.0-11.15 , bci/dotnet-aspnet:7.0.5 , bci/dotnet-aspnet:7.0.5-11.15 , bci/dotnet-aspnet:latest Container Release : 11.15 Severity : moderate Type : security References : 1210507 CVE-2023-29383 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2066-1 Released: Fri Apr 28 13:54:17 2023 Summary: Security update for shadow Type: security Severity: moderate References: 1210507,CVE-2023-29383 This update for shadow fixes the following issues: - CVE-2023-29383: Fixed apparent /etc/shadow manipulation via chfn (bsc#1210507). The following package changes have been done: - login_defs-4.8.1-150400.10.6.1 updated - shadow-4.8.1-150400.10.6.1 updated From sle-updates at lists.suse.com Sat Apr 29 07:05:11 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 29 Apr 2023 09:05:11 +0200 (CEST) Subject: SUSE-CU-2023:1345-1: Security update of bci/dotnet-sdk Message-ID: <20230429070511.CD935F457@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1345-1 Container Tags : bci/dotnet-sdk:6.0 , bci/dotnet-sdk:6.0-33.15 , bci/dotnet-sdk:6.0.16 , bci/dotnet-sdk:6.0.16-33.15 Container Release : 33.15 Severity : moderate Type : security References : 1210507 CVE-2023-29383 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2066-1 Released: Fri Apr 28 13:54:17 2023 Summary: Security update for shadow Type: security Severity: moderate References: 1210507,CVE-2023-29383 This update for shadow fixes the following issues: - CVE-2023-29383: Fixed apparent /etc/shadow manipulation via chfn (bsc#1210507). The following package changes have been done: - login_defs-4.8.1-150400.10.6.1 updated - shadow-4.8.1-150400.10.6.1 updated From sle-updates at lists.suse.com Sat Apr 29 07:05:27 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 29 Apr 2023 09:05:27 +0200 (CEST) Subject: SUSE-CU-2023:1346-1: Security update of bci/dotnet-sdk Message-ID: <20230429070527.491B3F457@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1346-1 Container Tags : bci/dotnet-sdk:7.0 , bci/dotnet-sdk:7.0-11.15 , bci/dotnet-sdk:7.0.5 , bci/dotnet-sdk:7.0.5-11.15 , bci/dotnet-sdk:latest Container Release : 11.15 Severity : moderate Type : security References : 1210507 CVE-2023-29383 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2066-1 Released: Fri Apr 28 13:54:17 2023 Summary: Security update for shadow Type: security Severity: moderate References: 1210507,CVE-2023-29383 This update for shadow fixes the following issues: - CVE-2023-29383: Fixed apparent /etc/shadow manipulation via chfn (bsc#1210507). The following package changes have been done: - login_defs-4.8.1-150400.10.6.1 updated - shadow-4.8.1-150400.10.6.1 updated From sle-updates at lists.suse.com Sat Apr 29 07:06:19 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 29 Apr 2023 09:06:19 +0200 (CEST) Subject: SUSE-CU-2023:1347-1: Security update of bci/dotnet-runtime Message-ID: <20230429070619.46DF5F457@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1347-1 Container Tags : bci/dotnet-runtime:6.0 , bci/dotnet-runtime:6.0-30.15 , bci/dotnet-runtime:6.0.16 , bci/dotnet-runtime:6.0.16-30.15 Container Release : 30.15 Severity : moderate Type : security References : 1210507 CVE-2023-29383 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2066-1 Released: Fri Apr 28 13:54:17 2023 Summary: Security update for shadow Type: security Severity: moderate References: 1210507,CVE-2023-29383 This update for shadow fixes the following issues: - CVE-2023-29383: Fixed apparent /etc/shadow manipulation via chfn (bsc#1210507). The following package changes have been done: - login_defs-4.8.1-150400.10.6.1 updated - shadow-4.8.1-150400.10.6.1 updated From sle-updates at lists.suse.com Sat Apr 29 07:06:29 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 29 Apr 2023 09:06:29 +0200 (CEST) Subject: SUSE-CU-2023:1348-1: Security update of bci/dotnet-runtime Message-ID: <20230429070629.06BB2F457@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1348-1 Container Tags : bci/dotnet-runtime:7.0 , bci/dotnet-runtime:7.0-11.15 , bci/dotnet-runtime:7.0.5 , bci/dotnet-runtime:7.0.5-11.15 , bci/dotnet-runtime:latest Container Release : 11.15 Severity : moderate Type : security References : 1210507 CVE-2023-29383 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2066-1 Released: Fri Apr 28 13:54:17 2023 Summary: Security update for shadow Type: security Severity: moderate References: 1210507,CVE-2023-29383 This update for shadow fixes the following issues: - CVE-2023-29383: Fixed apparent /etc/shadow manipulation via chfn (bsc#1210507). The following package changes have been done: - login_defs-4.8.1-150400.10.6.1 updated - shadow-4.8.1-150400.10.6.1 updated From sle-updates at lists.suse.com Sat Apr 29 07:07:03 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 29 Apr 2023 09:07:03 +0200 (CEST) Subject: SUSE-CU-2023:1349-1: Security update of bci/golang Message-ID: <20230429070703.E7E94F457@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1349-1 Container Tags : bci/golang:1.19 , bci/golang:1.19-22.42 Container Release : 22.42 Severity : moderate Type : security References : 1210507 CVE-2023-29383 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2066-1 Released: Fri Apr 28 13:54:17 2023 Summary: Security update for shadow Type: security Severity: moderate References: 1210507,CVE-2023-29383 This update for shadow fixes the following issues: - CVE-2023-29383: Fixed apparent /etc/shadow manipulation via chfn (bsc#1210507). The following package changes have been done: - login_defs-4.8.1-150400.10.6.1 updated - shadow-4.8.1-150400.10.6.1 updated From sle-updates at lists.suse.com Sat Apr 29 07:07:12 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 29 Apr 2023 09:07:12 +0200 (CEST) Subject: SUSE-CU-2023:1350-1: Security update of bci/golang Message-ID: <20230429070712.0347CF457@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1350-1 Container Tags : bci/golang:1.20 , bci/golang:1.20-2.41 , bci/golang:latest Container Release : 2.41 Severity : moderate Type : security References : 1210507 CVE-2023-29383 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2066-1 Released: Fri Apr 28 13:54:17 2023 Summary: Security update for shadow Type: security Severity: moderate References: 1210507,CVE-2023-29383 This update for shadow fixes the following issues: - CVE-2023-29383: Fixed apparent /etc/shadow manipulation via chfn (bsc#1210507). The following package changes have been done: - login_defs-4.8.1-150400.10.6.1 updated - shadow-4.8.1-150400.10.6.1 updated From sle-updates at lists.suse.com Sat Apr 29 07:07:56 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 29 Apr 2023 09:07:56 +0200 (CEST) Subject: SUSE-CU-2023:1351-1: Security update of bci/bci-init Message-ID: <20230429070756.7F58CF457@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1351-1 Container Tags : bci/bci-init:15.4 , bci/bci-init:15.4.26.45 , bci/bci-init:latest Container Release : 26.45 Severity : moderate Type : security References : 1210507 CVE-2023-29383 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2066-1 Released: Fri Apr 28 13:54:17 2023 Summary: Security update for shadow Type: security Severity: moderate References: 1210507,CVE-2023-29383 This update for shadow fixes the following issues: - CVE-2023-29383: Fixed apparent /etc/shadow manipulation via chfn (bsc#1210507). The following package changes have been done: - login_defs-4.8.1-150400.10.6.1 updated - shadow-4.8.1-150400.10.6.1 updated From sle-updates at lists.suse.com Sat Apr 29 07:08:35 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 29 Apr 2023 09:08:35 +0200 (CEST) Subject: SUSE-CU-2023:1352-1: Security update of bci/nodejs Message-ID: <20230429070835.7E215F457@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1352-1 Container Tags : bci/node:16 , bci/node:16-15.43 , bci/nodejs:16 , bci/nodejs:16-15.43 Container Release : 15.43 Severity : moderate Type : security References : 1210507 CVE-2023-29383 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2066-1 Released: Fri Apr 28 13:54:17 2023 Summary: Security update for shadow Type: security Severity: moderate References: 1210507,CVE-2023-29383 This update for shadow fixes the following issues: - CVE-2023-29383: Fixed apparent /etc/shadow manipulation via chfn (bsc#1210507). The following package changes have been done: - login_defs-4.8.1-150400.10.6.1 updated - shadow-4.8.1-150400.10.6.1 updated From sle-updates at lists.suse.com Sat Apr 29 07:08:47 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 29 Apr 2023 09:08:47 +0200 (CEST) Subject: SUSE-CU-2023:1353-1: Security update of bci/nodejs Message-ID: <20230429070847.47467F457@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1353-1 Container Tags : bci/node:18 , bci/node:18-3.42 , bci/node:latest , bci/nodejs:18 , bci/nodejs:18-3.42 , bci/nodejs:latest Container Release : 3.42 Severity : moderate Type : security References : 1210507 CVE-2023-29383 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2066-1 Released: Fri Apr 28 13:54:17 2023 Summary: Security update for shadow Type: security Severity: moderate References: 1210507,CVE-2023-29383 This update for shadow fixes the following issues: - CVE-2023-29383: Fixed apparent /etc/shadow manipulation via chfn (bsc#1210507). The following package changes have been done: - login_defs-4.8.1-150400.10.6.1 updated - shadow-4.8.1-150400.10.6.1 updated From sle-updates at lists.suse.com Sat Apr 29 07:09:32 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 29 Apr 2023 09:09:32 +0200 (CEST) Subject: SUSE-CU-2023:1354-1: Security update of bci/openjdk Message-ID: <20230429070932.74D88F457@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1354-1 Container Tags : bci/openjdk:11 , bci/openjdk:11-35.42 Container Release : 35.42 Severity : moderate Type : security References : 1210507 CVE-2023-29383 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2066-1 Released: Fri Apr 28 13:54:17 2023 Summary: Security update for shadow Type: security Severity: moderate References: 1210507,CVE-2023-29383 This update for shadow fixes the following issues: - CVE-2023-29383: Fixed apparent /etc/shadow manipulation via chfn (bsc#1210507). The following package changes have been done: - login_defs-4.8.1-150400.10.6.1 updated - shadow-4.8.1-150400.10.6.1 updated From sle-updates at lists.suse.com Sat Apr 29 07:09:39 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 29 Apr 2023 09:09:39 +0200 (CEST) Subject: SUSE-CU-2023:1355-1: Security update of bci/php-apache Message-ID: <20230429070939.391B0F457@maintenance.suse.de> SUSE Container Update Advisory: bci/php-apache ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1355-1 Container Tags : bci/php-apache:8 , bci/php-apache:8-2.40 Container Release : 2.40 Severity : moderate Type : security References : 1210507 CVE-2023-29383 ----------------------------------------------------------------- The container bci/php-apache was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2066-1 Released: Fri Apr 28 13:54:17 2023 Summary: Security update for shadow Type: security Severity: moderate References: 1210507,CVE-2023-29383 This update for shadow fixes the following issues: - CVE-2023-29383: Fixed apparent /etc/shadow manipulation via chfn (bsc#1210507). The following package changes have been done: - login_defs-4.8.1-150400.10.6.1 updated - shadow-4.8.1-150400.10.6.1 updated From sle-updates at lists.suse.com Sat Apr 29 07:09:45 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 29 Apr 2023 09:09:45 +0200 (CEST) Subject: SUSE-CU-2023:1356-1: Security update of bci/php-fpm Message-ID: <20230429070945.823DBF457@maintenance.suse.de> SUSE Container Update Advisory: bci/php-fpm ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1356-1 Container Tags : bci/php-fpm:8 , bci/php-fpm:8-2.39 Container Release : 2.39 Severity : moderate Type : security References : 1210507 CVE-2023-29383 ----------------------------------------------------------------- The container bci/php-fpm was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2066-1 Released: Fri Apr 28 13:54:17 2023 Summary: Security update for shadow Type: security Severity: moderate References: 1210507,CVE-2023-29383 This update for shadow fixes the following issues: - CVE-2023-29383: Fixed apparent /etc/shadow manipulation via chfn (bsc#1210507). The following package changes have been done: - login_defs-4.8.1-150400.10.6.1 updated - shadow-4.8.1-150400.10.6.1 updated From sle-updates at lists.suse.com Sat Apr 29 07:09:48 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 29 Apr 2023 09:09:48 +0200 (CEST) Subject: SUSE-CU-2023:1357-1: Security update of suse/postgres Message-ID: <20230429070948.DF177F457@maintenance.suse.de> SUSE Container Update Advisory: suse/postgres ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1357-1 Container Tags : suse/postgres:14 , suse/postgres:14-20.16 , suse/postgres:14.7 , suse/postgres:14.7-20.16 Container Release : 20.16 Severity : moderate Type : security References : 1210507 CVE-2023-29383 ----------------------------------------------------------------- The container suse/postgres was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2066-1 Released: Fri Apr 28 13:54:17 2023 Summary: Security update for shadow Type: security Severity: moderate References: 1210507,CVE-2023-29383 This update for shadow fixes the following issues: - CVE-2023-29383: Fixed apparent /etc/shadow manipulation via chfn (bsc#1210507). The following package changes have been done: - login_defs-4.8.1-150400.10.6.1 updated - shadow-4.8.1-150400.10.6.1 updated From sle-updates at lists.suse.com Sat Apr 29 07:10:27 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 29 Apr 2023 09:10:27 +0200 (CEST) Subject: SUSE-CU-2023:1358-1: Security update of bci/python Message-ID: <20230429071027.3D5D1F457@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1358-1 Container Tags : bci/python:3 , bci/python:3-12.39 , bci/python:3.10 , bci/python:3.10-12.39 , bci/python:latest Container Release : 12.39 Severity : moderate Type : security References : 1210507 CVE-2023-29383 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2066-1 Released: Fri Apr 28 13:54:17 2023 Summary: Security update for shadow Type: security Severity: moderate References: 1210507,CVE-2023-29383 This update for shadow fixes the following issues: - CVE-2023-29383: Fixed apparent /etc/shadow manipulation via chfn (bsc#1210507). The following package changes have been done: - login_defs-4.8.1-150400.10.6.1 updated - shadow-4.8.1-150400.10.6.1 updated From sle-updates at lists.suse.com Sat Apr 29 07:11:11 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 29 Apr 2023 09:11:11 +0200 (CEST) Subject: SUSE-CU-2023:1359-1: Security update of bci/python Message-ID: <20230429071111.A382AF457@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1359-1 Container Tags : bci/python:3 , bci/python:3-35.39 , bci/python:3.6 , bci/python:3.6-35.39 Container Release : 35.39 Severity : moderate Type : security References : 1210507 CVE-2023-29383 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2066-1 Released: Fri Apr 28 13:54:17 2023 Summary: Security update for shadow Type: security Severity: moderate References: 1210507,CVE-2023-29383 This update for shadow fixes the following issues: - CVE-2023-29383: Fixed apparent /etc/shadow manipulation via chfn (bsc#1210507). The following package changes have been done: - login_defs-4.8.1-150400.10.6.1 updated - shadow-4.8.1-150400.10.6.1 updated From sle-updates at lists.suse.com Sat Apr 29 07:11:44 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 29 Apr 2023 09:11:44 +0200 (CEST) Subject: SUSE-CU-2023:1360-1: Security update of suse/sle15 Message-ID: <20230429071144.C57AFF457@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1360-1 Container Tags : bci/bci-base:15.4 , bci/bci-base:15.4.27.14.56 , suse/sle15:15.4 , suse/sle15:15.4.27.14.56 Container Release : 27.14.56 Severity : moderate Type : security References : 1210507 CVE-2023-29383 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2066-1 Released: Fri Apr 28 13:54:17 2023 Summary: Security update for shadow Type: security Severity: moderate References: 1210507,CVE-2023-29383 This update for shadow fixes the following issues: - CVE-2023-29383: Fixed apparent /etc/shadow manipulation via chfn (bsc#1210507). The following package changes have been done: - login_defs-4.8.1-150400.10.6.1 updated - shadow-4.8.1-150400.10.6.1 updated From sle-updates at lists.suse.com Sat Apr 29 07:12:20 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 29 Apr 2023 09:12:20 +0200 (CEST) Subject: SUSE-CU-2023:1363-1: Security update of bci/bci-init Message-ID: <20230429071220.9A847F457@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1363-1 Container Tags : bci/bci-init:15.5 , bci/bci-init:15.5.4.88 Container Release : 4.88 Severity : moderate Type : security References : 1210507 CVE-2023-29383 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2066-1 Released: Fri Apr 28 13:54:17 2023 Summary: Security update for shadow Type: security Severity: moderate References: 1210507,CVE-2023-29383 This update for shadow fixes the following issues: - CVE-2023-29383: Fixed apparent /etc/shadow manipulation via chfn (bsc#1210507). The following package changes have been done: - login_defs-4.8.1-150400.10.6.1 updated - shadow-4.8.1-150400.10.6.1 updated - container:sles15-image-15.0.0-35.2.33 updated From sle-updates at lists.suse.com Sun Apr 30 07:04:27 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 30 Apr 2023 09:04:27 +0200 (CEST) Subject: SUSE-CU-2023:1369-1: Security update of suse/sle-micro/5.3/toolbox Message-ID: <20230430070427.2DFB8F79F@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.3/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1369-1 Container Tags : suse/sle-micro/5.3/toolbox:12.1 , suse/sle-micro/5.3/toolbox:12.1-5.2.118 , suse/sle-micro/5.3/toolbox:latest Container Release : 5.2.118 Severity : moderate Type : security References : 1209713 1209714 1209918 1210135 1210411 1210412 1210507 CVE-2023-24593 CVE-2023-25180 CVE-2023-28484 CVE-2023-29383 CVE-2023-29469 ----------------------------------------------------------------- The container suse/sle-micro/5.3/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2053-1 Released: Thu Apr 27 11:31:08 2023 Summary: Security update for libxml2 Type: security Severity: moderate References: 1209918,1210411,1210412,CVE-2023-28484,CVE-2023-29469 This update for libxml2 fixes the following issues: - CVE-2023-29469: Fixed inconsistent result when hashing empty strings (bsc#1210412). - CVE-2023-28484: Fixed NULL pointer dereference in xmlSchemaFixupComplexType (bsc#1210411). The following non-security bug was fixed: - Remove unneeded dependency (bsc#1209918). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2060-1 Released: Thu Apr 27 17:04:25 2023 Summary: Security update for glib2 Type: security Severity: moderate References: 1209713,1209714,1210135,CVE-2023-24593,CVE-2023-25180 This update for glib2 fixes the following issues: - CVE-2023-24593: Fixed a denial of service caused by handling a malicious text-form variant (bsc#1209714). - CVE-2023-25180: Fixed a denial of service caused by malicious serialised variant (bsc#1209713). The following non-security bug was fixed: - Fixed regression on s390x (bsc#1210135, glgo#GNOME/glib!2978). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2066-1 Released: Fri Apr 28 13:54:17 2023 Summary: Security update for shadow Type: security Severity: moderate References: 1210507,CVE-2023-29383 This update for shadow fixes the following issues: - CVE-2023-29383: Fixed apparent /etc/shadow manipulation via chfn (bsc#1210507). The following package changes have been done: - libglib-2_0-0-2.70.5-150400.3.8.1 updated - libgmodule-2_0-0-2.70.5-150400.3.8.1 updated - libxml2-2-2.9.14-150400.5.16.1 updated - login_defs-4.8.1-150400.10.6.1 updated - shadow-4.8.1-150400.10.6.1 updated - container:sles15-image-15.0.0-27.14.56 updated From sle-updates at lists.suse.com Sun Apr 30 07:08:16 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 30 Apr 2023 09:08:16 +0200 (CEST) Subject: SUSE-CU-2023:1371-1: Security update of suse/sles12sp4 Message-ID: <20230430070816.D306BF79F@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp4 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1371-1 Container Tags : suse/sles12sp4:26.595 , suse/sles12sp4:latest Container Release : 26.595 Severity : moderate Type : security References : 1210507 CVE-2023-29383 ----------------------------------------------------------------- The container suse/sles12sp4 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2069-1 Released: Fri Apr 28 13:55:42 2023 Summary: Security update for shadow Type: security Severity: moderate References: 1210507,CVE-2023-29383 This update for shadow fixes the following issues: - CVE-2023-29383: Fixed apparent /etc/shadow manipulation via chfn (bsc#1210507). The following package changes have been done: - base-container-licenses-3.0-1.345 updated - shadow-4.2.1-27.22.1 updated From sle-updates at lists.suse.com Sun Apr 30 07:10:54 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 30 Apr 2023 09:10:54 +0200 (CEST) Subject: SUSE-CU-2023:1372-1: Security update of suse/sles12sp5 Message-ID: <20230430071054.2CE57F79F@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp5 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1372-1 Container Tags : suse/sles12sp5:6.5.464 , suse/sles12sp5:latest Container Release : 6.5.464 Severity : moderate Type : security References : 1210507 CVE-2023-29383 ----------------------------------------------------------------- The container suse/sles12sp5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2067-1 Released: Fri Apr 28 13:54:34 2023 Summary: Security update for shadow Type: security Severity: moderate References: 1210507,CVE-2023-29383 This update for shadow fixes the following issues: - CVE-2023-29383: Fixed apparent /etc/shadow manipulation via chfn (bsc#1210507). The following package changes have been done: - shadow-4.2.1-36.3.1 updated From sle-updates at lists.suse.com Sun Apr 30 07:14:41 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 30 Apr 2023 09:14:41 +0200 (CEST) Subject: SUSE-CU-2023:1373-1: Security update of suse/sle15 Message-ID: <20230430071441.59F44F79F@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1373-1 Container Tags : suse/sle15:15.1 , suse/sle15:15.1.6.2.761 Container Release : 6.2.761 Severity : moderate Type : security References : 1209533 1210507 CVE-2022-4899 CVE-2023-29383 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2068-1 Released: Fri Apr 28 13:55:00 2023 Summary: Security update for shadow Type: security Severity: moderate References: 1210507,CVE-2023-29383 This update for shadow fixes the following issues: - CVE-2023-29383: Fixed apparent /etc/shadow manipulation via chfn (bsc#1210507). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2074-1 Released: Fri Apr 28 17:02:25 2023 Summary: Security update for zstd Type: security Severity: moderate References: 1209533,CVE-2022-4899 This update for zstd fixes the following issues: - CVE-2022-4899: Fixed buffer overrun in util.c (bsc#1209533). The following package changes have been done: - libzstd1-1.4.4-150000.1.9.1 updated - shadow-4.6-150100.3.8.1 updated From sle-updates at lists.suse.com Sun Apr 30 07:17:27 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 30 Apr 2023 09:17:27 +0200 (CEST) Subject: SUSE-CU-2023:1374-1: Security update of suse/sle15 Message-ID: <20230430071727.0F679F79F@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1374-1 Container Tags : suse/sle15:15.2 , suse/sle15:15.2.9.5.289 Container Release : 9.5.289 Severity : moderate Type : security References : 1209533 1209713 1209714 1210135 1210507 CVE-2022-4899 CVE-2023-24593 CVE-2023-25180 CVE-2023-29383 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2068-1 Released: Fri Apr 28 13:55:00 2023 Summary: Security update for shadow Type: security Severity: moderate References: 1210507,CVE-2023-29383 This update for shadow fixes the following issues: - CVE-2023-29383: Fixed apparent /etc/shadow manipulation via chfn (bsc#1210507). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2074-1 Released: Fri Apr 28 17:02:25 2023 Summary: Security update for zstd Type: security Severity: moderate References: 1209533,CVE-2022-4899 This update for zstd fixes the following issues: - CVE-2022-4899: Fixed buffer overrun in util.c (bsc#1209533). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2076-1 Released: Fri Apr 28 17:35:05 2023 Summary: Security update for glib2 Type: security Severity: moderate References: 1209713,1209714,1210135,CVE-2023-24593,CVE-2023-25180 This update for glib2 fixes the following issues: - CVE-2023-24593: Fixed a denial of service caused by handling a malicious text-form variant (bsc#1209714). - CVE-2023-25180: Fixed a denial of service caused by malicious serialised variant (bsc#1209713). The following non-security bug was fixed: - Fixed regression on s390x (bsc#1210135, glgo#GNOME/glib!2978). The following package changes have been done: - libglib-2_0-0-2.62.6-150200.3.15.1 updated - libzstd1-1.4.4-150000.1.9.1 updated - shadow-4.6-150100.3.8.1 updated From sle-updates at lists.suse.com Sun Apr 30 07:19:43 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 30 Apr 2023 09:19:43 +0200 (CEST) Subject: SUSE-CU-2023:1375-1: Security update of suse/sle15 Message-ID: <20230430071943.A7E31F79F@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1375-1 Container Tags : bci/bci-base:15.3 , bci/bci-base:15.3.17.20.130 , suse/sle15:15.3 , suse/sle15:15.3.17.20.130 Container Release : 17.20.130 Severity : moderate Type : security References : 1209533 1209713 1209714 1210135 1210507 CVE-2022-4899 CVE-2023-24593 CVE-2023-25180 CVE-2023-29383 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2070-1 Released: Fri Apr 28 13:56:33 2023 Summary: Security update for shadow Type: security Severity: moderate References: 1210507,CVE-2023-29383 This update for shadow fixes the following issues: - CVE-2023-29383: Fixed apparent /etc/shadow manipulation via chfn (bsc#1210507). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2074-1 Released: Fri Apr 28 17:02:25 2023 Summary: Security update for zstd Type: security Severity: moderate References: 1209533,CVE-2022-4899 This update for zstd fixes the following issues: - CVE-2022-4899: Fixed buffer overrun in util.c (bsc#1209533). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2076-1 Released: Fri Apr 28 17:35:05 2023 Summary: Security update for glib2 Type: security Severity: moderate References: 1209713,1209714,1210135,CVE-2023-24593,CVE-2023-25180 This update for glib2 fixes the following issues: - CVE-2023-24593: Fixed a denial of service caused by handling a malicious text-form variant (bsc#1209714). - CVE-2023-25180: Fixed a denial of service caused by malicious serialised variant (bsc#1209713). The following non-security bug was fixed: - Fixed regression on s390x (bsc#1210135, glgo#GNOME/glib!2978). The following package changes have been done: - libglib-2_0-0-2.62.6-150200.3.15.1 updated - libzstd1-1.4.4-150000.1.9.1 updated - login_defs-4.8.1-150300.4.6.1 updated - shadow-4.8.1-150300.4.6.1 updated From sle-updates at lists.suse.com Sun Apr 30 07:20:50 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 30 Apr 2023 09:20:50 +0200 (CEST) Subject: SUSE-CU-2023:1376-1: Security update of suse/389-ds Message-ID: <20230430072050.8E4C2F79F@maintenance.suse.de> SUSE Container Update Advisory: suse/389-ds ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1376-1 Container Tags : suse/389-ds:2.0 , suse/389-ds:2.0-21.20 , suse/389-ds:latest Container Release : 21.20 Severity : moderate Type : security References : 1210507 CVE-2023-29383 ----------------------------------------------------------------- The container suse/389-ds was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2066-1 Released: Fri Apr 28 13:54:17 2023 Summary: Security update for shadow Type: security Severity: moderate References: 1210507,CVE-2023-29383 This update for shadow fixes the following issues: - CVE-2023-29383: Fixed apparent /etc/shadow manipulation via chfn (bsc#1210507). The following package changes have been done: - login_defs-4.8.1-150400.10.6.1 updated - shadow-4.8.1-150400.10.6.1 updated - container:sles15-image-15.0.0-27.14.56 updated From sle-updates at lists.suse.com Sun Apr 30 07:22:16 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 30 Apr 2023 09:22:16 +0200 (CEST) Subject: SUSE-CU-2023:1377-1: Security update of bci/openjdk-devel Message-ID: <20230430072216.2D6D2F79F@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1377-1 Container Tags : bci/openjdk-devel:11 , bci/openjdk-devel:11-39.82 Container Release : 39.82 Severity : moderate Type : security References : 1210507 CVE-2023-29383 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2066-1 Released: Fri Apr 28 13:54:17 2023 Summary: Security update for shadow Type: security Severity: moderate References: 1210507,CVE-2023-29383 This update for shadow fixes the following issues: - CVE-2023-29383: Fixed apparent /etc/shadow manipulation via chfn (bsc#1210507). The following package changes have been done: - login_defs-4.8.1-150400.10.6.1 updated - shadow-4.8.1-150400.10.6.1 updated - container:bci-openjdk-11-15.4.11-35.42 updated From sle-updates at lists.suse.com Sun Apr 30 07:23:00 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 30 Apr 2023 09:23:00 +0200 (CEST) Subject: SUSE-CU-2023:1378-1: Security update of bci/openjdk-devel Message-ID: <20230430072300.3A320F79F@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1378-1 Container Tags : bci/openjdk-devel:17 , bci/openjdk-devel:17-14.80 , bci/openjdk-devel:latest Container Release : 14.80 Severity : moderate Type : security References : 1210507 CVE-2023-29383 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2066-1 Released: Fri Apr 28 13:54:17 2023 Summary: Security update for shadow Type: security Severity: moderate References: 1210507,CVE-2023-29383 This update for shadow fixes the following issues: - CVE-2023-29383: Fixed apparent /etc/shadow manipulation via chfn (bsc#1210507). The following package changes have been done: - login_defs-4.8.1-150400.10.6.1 updated - shadow-4.8.1-150400.10.6.1 updated - container:bci-openjdk-17-15.4.17-13.43 updated From sle-updates at lists.suse.com Sun Apr 30 07:23:32 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 30 Apr 2023 09:23:32 +0200 (CEST) Subject: SUSE-CU-2023:1379-1: Security update of bci/openjdk Message-ID: <20230430072332.342DFF79F@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1379-1 Container Tags : bci/openjdk:17 , bci/openjdk:17-13.43 , bci/openjdk:latest Container Release : 13.43 Severity : moderate Type : security References : 1210507 CVE-2023-29383 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2066-1 Released: Fri Apr 28 13:54:17 2023 Summary: Security update for shadow Type: security Severity: moderate References: 1210507,CVE-2023-29383 This update for shadow fixes the following issues: - CVE-2023-29383: Fixed apparent /etc/shadow manipulation via chfn (bsc#1210507). The following package changes have been done: - login_defs-4.8.1-150400.10.6.1 updated - shadow-4.8.1-150400.10.6.1 updated From sle-updates at lists.suse.com Sun Apr 30 07:25:00 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 30 Apr 2023 09:25:00 +0200 (CEST) Subject: SUSE-CU-2023:1380-1: Security update of suse/pcp Message-ID: <20230430072500.D5B8BF79F@maintenance.suse.de> SUSE Container Update Advisory: suse/pcp ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1380-1 Container Tags : suse/pcp:5 , suse/pcp:5-14.28 , suse/pcp:5.2 , suse/pcp:5.2-14.28 , suse/pcp:5.2.5 , suse/pcp:5.2.5-14.28 , suse/pcp:latest Container Release : 14.28 Severity : moderate Type : security References : 1210507 CVE-2023-29383 ----------------------------------------------------------------- The container suse/pcp was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2066-1 Released: Fri Apr 28 13:54:17 2023 Summary: Security update for shadow Type: security Severity: moderate References: 1210507,CVE-2023-29383 This update for shadow fixes the following issues: - CVE-2023-29383: Fixed apparent /etc/shadow manipulation via chfn (bsc#1210507). The following package changes have been done: - login_defs-4.8.1-150400.10.6.1 updated - shadow-4.8.1-150400.10.6.1 updated From sle-updates at lists.suse.com Sun Apr 30 07:25:12 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 30 Apr 2023 09:25:12 +0200 (CEST) Subject: SUSE-CU-2023:1381-1: Security update of bci/php Message-ID: <20230430072512.1F7F9F79F@maintenance.suse.de> SUSE Container Update Advisory: bci/php ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1381-1 Container Tags : bci/php:8 , bci/php:8-2.39 Container Release : 2.39 Severity : moderate Type : security References : 1210507 CVE-2023-29383 ----------------------------------------------------------------- The container bci/php was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2066-1 Released: Fri Apr 28 13:54:17 2023 Summary: Security update for shadow Type: security Severity: moderate References: 1210507,CVE-2023-29383 This update for shadow fixes the following issues: - CVE-2023-29383: Fixed apparent /etc/shadow manipulation via chfn (bsc#1210507). The following package changes have been done: - login_defs-4.8.1-150400.10.6.1 updated - shadow-4.8.1-150400.10.6.1 updated From sle-updates at lists.suse.com Sun Apr 30 07:25:15 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 30 Apr 2023 09:25:15 +0200 (CEST) Subject: SUSE-CU-2023:1382-1: Security update of suse/postgres Message-ID: <20230430072515.56650F79F@maintenance.suse.de> SUSE Container Update Advisory: suse/postgres ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1382-1 Container Tags : suse/postgres:15 , suse/postgres:15-4.17 , suse/postgres:15.2 , suse/postgres:15.2-4.17 , suse/postgres:latest Container Release : 4.17 Severity : moderate Type : security References : 1210507 CVE-2023-29383 ----------------------------------------------------------------- The container suse/postgres was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2066-1 Released: Fri Apr 28 13:54:17 2023 Summary: Security update for shadow Type: security Severity: moderate References: 1210507,CVE-2023-29383 This update for shadow fixes the following issues: - CVE-2023-29383: Fixed apparent /etc/shadow manipulation via chfn (bsc#1210507). The following package changes have been done: - login_defs-4.8.1-150400.10.6.1 updated - shadow-4.8.1-150400.10.6.1 updated From sle-updates at lists.suse.com Sun Apr 30 07:26:18 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 30 Apr 2023 09:26:18 +0200 (CEST) Subject: SUSE-CU-2023:1383-1: Security update of bci/ruby Message-ID: <20230430072618.A8AA3F79F@maintenance.suse.de> SUSE Container Update Advisory: bci/ruby ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1383-1 Container Tags : bci/ruby:2 , bci/ruby:2-34.38 , bci/ruby:2.5 , bci/ruby:2.5-34.38 , bci/ruby:latest Container Release : 34.38 Severity : moderate Type : security References : 1210507 CVE-2023-29383 ----------------------------------------------------------------- The container bci/ruby was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2066-1 Released: Fri Apr 28 13:54:17 2023 Summary: Security update for shadow Type: security Severity: moderate References: 1210507,CVE-2023-29383 This update for shadow fixes the following issues: - CVE-2023-29383: Fixed apparent /etc/shadow manipulation via chfn (bsc#1210507). The following package changes have been done: - login_defs-4.8.1-150400.10.6.1 updated - shadow-4.8.1-150400.10.6.1 updated From sle-updates at lists.suse.com Sun Apr 30 07:26:34 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 30 Apr 2023 09:26:34 +0200 (CEST) Subject: SUSE-CU-2023:1384-1: Security update of bci/rust Message-ID: <20230430072634.79427F79F@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1384-1 Container Tags : bci/rust:1.67 , bci/rust:1.67-4.14 Container Release : 4.14 Severity : moderate Type : security References : 1210507 CVE-2023-29383 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2066-1 Released: Fri Apr 28 13:54:17 2023 Summary: Security update for shadow Type: security Severity: moderate References: 1210507,CVE-2023-29383 This update for shadow fixes the following issues: - CVE-2023-29383: Fixed apparent /etc/shadow manipulation via chfn (bsc#1210507). The following package changes have been done: - login_defs-4.8.1-150400.10.6.1 updated - shadow-4.8.1-150400.10.6.1 updated From sle-updates at lists.suse.com Sun Apr 30 07:26:38 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 30 Apr 2023 09:26:38 +0200 (CEST) Subject: SUSE-CU-2023:1385-1: Security update of bci/rust Message-ID: <20230430072638.83EEFF79F@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1385-1 Container Tags : bci/rust:1.68 , bci/rust:1.68-2.14 , bci/rust:latest Container Release : 2.14 Severity : moderate Type : security References : 1210507 CVE-2023-29383 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2066-1 Released: Fri Apr 28 13:54:17 2023 Summary: Security update for shadow Type: security Severity: moderate References: 1210507,CVE-2023-29383 This update for shadow fixes the following issues: - CVE-2023-29383: Fixed apparent /etc/shadow manipulation via chfn (bsc#1210507). The following package changes have been done: - login_defs-4.8.1-150400.10.6.1 updated - shadow-4.8.1-150400.10.6.1 updated From sle-updates at lists.suse.com Sun Apr 30 07:26:46 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 30 Apr 2023 09:26:46 +0200 (CEST) Subject: SUSE-CU-2023:1386-1: Security update of bci/python Message-ID: <20230430072646.D9639F79F@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1386-1 Container Tags : bci/python:3 , bci/python:3-2.41 , bci/python:3.11 , bci/python:3.11-2.41 Container Release : 2.41 Severity : moderate Type : security References : 1210507 CVE-2023-29383 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2066-1 Released: Fri Apr 28 13:54:17 2023 Summary: Security update for shadow Type: security Severity: moderate References: 1210507,CVE-2023-29383 This update for shadow fixes the following issues: - CVE-2023-29383: Fixed apparent /etc/shadow manipulation via chfn (bsc#1210507). The following package changes have been done: - login_defs-4.8.1-150400.10.6.1 updated - shadow-4.8.1-150400.10.6.1 updated - container:sles15-image-15.0.0-35.2.33 updated From sle-updates at lists.suse.com Sun Apr 30 07:27:26 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 30 Apr 2023 09:27:26 +0200 (CEST) Subject: SUSE-CU-2023:1387-1: Security update of suse/sle-micro/5.1/toolbox Message-ID: <20230430072726.5951CF79F@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.1/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1387-1 Container Tags : suse/sle-micro/5.1/toolbox:12.1 , suse/sle-micro/5.1/toolbox:12.1-2.2.382 , suse/sle-micro/5.1/toolbox:latest Container Release : 2.2.382 Severity : moderate Type : security References : 1209533 1209713 1209714 1210135 1210507 CVE-2022-4899 CVE-2023-24593 CVE-2023-25180 CVE-2023-29383 ----------------------------------------------------------------- The container suse/sle-micro/5.1/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2070-1 Released: Fri Apr 28 13:56:33 2023 Summary: Security update for shadow Type: security Severity: moderate References: 1210507,CVE-2023-29383 This update for shadow fixes the following issues: - CVE-2023-29383: Fixed apparent /etc/shadow manipulation via chfn (bsc#1210507). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2074-1 Released: Fri Apr 28 17:02:25 2023 Summary: Security update for zstd Type: security Severity: moderate References: 1209533,CVE-2022-4899 This update for zstd fixes the following issues: - CVE-2022-4899: Fixed buffer overrun in util.c (bsc#1209533). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2076-1 Released: Fri Apr 28 17:35:05 2023 Summary: Security update for glib2 Type: security Severity: moderate References: 1209713,1209714,1210135,CVE-2023-24593,CVE-2023-25180 This update for glib2 fixes the following issues: - CVE-2023-24593: Fixed a denial of service caused by handling a malicious text-form variant (bsc#1209714). - CVE-2023-25180: Fixed a denial of service caused by malicious serialised variant (bsc#1209713). The following non-security bug was fixed: - Fixed regression on s390x (bsc#1210135, glgo#GNOME/glib!2978). The following package changes have been done: - libglib-2_0-0-2.62.6-150200.3.15.1 updated - libgmodule-2_0-0-2.62.6-150200.3.15.1 updated - libzstd1-1.4.4-150000.1.9.1 updated - login_defs-4.8.1-150300.4.6.1 updated - shadow-4.8.1-150300.4.6.1 updated - container:sles15-image-15.0.0-17.20.130 updated From sle-updates at lists.suse.com Sun Apr 30 07:28:03 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 30 Apr 2023 09:28:03 +0200 (CEST) Subject: SUSE-CU-2023:1388-1: Security update of suse/sle-micro/5.2/toolbox Message-ID: <20230430072803.5FA76F79F@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.2/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1388-1 Container Tags : suse/sle-micro/5.2/toolbox:12.1 , suse/sle-micro/5.2/toolbox:12.1-6.2.204 , suse/sle-micro/5.2/toolbox:latest Container Release : 6.2.204 Severity : moderate Type : security References : 1209533 1209713 1209714 1210135 1210507 CVE-2022-4899 CVE-2023-24593 CVE-2023-25180 CVE-2023-29383 ----------------------------------------------------------------- The container suse/sle-micro/5.2/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2070-1 Released: Fri Apr 28 13:56:33 2023 Summary: Security update for shadow Type: security Severity: moderate References: 1210507,CVE-2023-29383 This update for shadow fixes the following issues: - CVE-2023-29383: Fixed apparent /etc/shadow manipulation via chfn (bsc#1210507). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2074-1 Released: Fri Apr 28 17:02:25 2023 Summary: Security update for zstd Type: security Severity: moderate References: 1209533,CVE-2022-4899 This update for zstd fixes the following issues: - CVE-2022-4899: Fixed buffer overrun in util.c (bsc#1209533). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2076-1 Released: Fri Apr 28 17:35:05 2023 Summary: Security update for glib2 Type: security Severity: moderate References: 1209713,1209714,1210135,CVE-2023-24593,CVE-2023-25180 This update for glib2 fixes the following issues: - CVE-2023-24593: Fixed a denial of service caused by handling a malicious text-form variant (bsc#1209714). - CVE-2023-25180: Fixed a denial of service caused by malicious serialised variant (bsc#1209713). The following non-security bug was fixed: - Fixed regression on s390x (bsc#1210135, glgo#GNOME/glib!2978). The following package changes have been done: - libglib-2_0-0-2.62.6-150200.3.15.1 updated - libgmodule-2_0-0-2.62.6-150200.3.15.1 updated - libzstd1-1.4.4-150000.1.9.1 updated - login_defs-4.8.1-150300.4.6.1 updated - shadow-4.8.1-150300.4.6.1 updated - container:sles15-image-15.0.0-17.20.130 updated